Release v1.55.3 (2024-07-25) (#5321)
Release v1.55.3 (2024-07-25)
===
### Service Client Updates
* `service/application-autoscaling`: Updates service API
* `service/application-signals`: Updates service API and documentation
* `service/bedrock-runtime`: Updates service API and documentation
* `service/codecommit`: Updates service API and documentation
* CreateRepository API now throws OperationNotAllowedException when the account has been restricted from creating a repository.
* `service/datazone`: Updates service API and documentation
* `service/ec2`: Updates service API and documentation
* EC2 Fleet now supports using custom identifiers to reference Amazon Machine Images (AMI) in launch requests that are configured to choose from a diversified list of instance types.
* `service/ecr`: Updates service API, documentation, paginators, and examples
* API and documentation updates for Amazon ECR, adding support for creating, updating, describing and deleting ECR Repository Creation Template.
* `service/eks`: Updates service API and documentation
* `service/elasticloadbalancingv2`: Updates service API, documentation, and examples
* `service/network-firewall`: Updates service API and documentation
* `service/outposts`: Updates service API and documentation
* `service/states`: Updates service API and documentation
* This release adds support to customer managed KMS key encryption in AWS Step Functions.
### SDK Bugs
* Remove broken integration test.
* Remove integration test broken by cloudsearch service.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 96fbce6..1a3c9df 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,28 @@
+Release v1.55.3 (2024-07-25)
+===
+
+### Service Client Updates
+* `service/application-autoscaling`: Updates service API
+* `service/application-signals`: Updates service API and documentation
+* `service/bedrock-runtime`: Updates service API and documentation
+* `service/codecommit`: Updates service API and documentation
+ * CreateRepository API now throws OperationNotAllowedException when the account has been restricted from creating a repository.
+* `service/datazone`: Updates service API and documentation
+* `service/ec2`: Updates service API and documentation
+ * EC2 Fleet now supports using custom identifiers to reference Amazon Machine Images (AMI) in launch requests that are configured to choose from a diversified list of instance types.
+* `service/ecr`: Updates service API, documentation, paginators, and examples
+ * API and documentation updates for Amazon ECR, adding support for creating, updating, describing and deleting ECR Repository Creation Template.
+* `service/eks`: Updates service API and documentation
+* `service/elasticloadbalancingv2`: Updates service API, documentation, and examples
+* `service/network-firewall`: Updates service API and documentation
+* `service/outposts`: Updates service API and documentation
+* `service/states`: Updates service API and documentation
+ * This release adds support to customer managed KMS key encryption in AWS Step Functions.
+
+### SDK Bugs
+* Remove broken integration test.
+ * Remove integration test broken by cloudsearch service.
+
Release v1.55.2 (2024-07-24)
===
diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index 928ae66..8a1927a 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -3,5 +3,3 @@
### SDK Enhancements
### SDK Bugs
-* Remove broken integration test.
- * Remove integration test broken by cloudsearch service.
diff --git a/aws/version.go b/aws/version.go
index e09a67a..514bf3a 100644
--- a/aws/version.go
+++ b/aws/version.go
@@ -5,4 +5,4 @@
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.55.2"
+const SDKVersion = "1.55.3"
diff --git a/models/apis/application-autoscaling/2016-02-06/api-2.json b/models/apis/application-autoscaling/2016-02-06/api-2.json
index d565813..169f48b 100644
--- a/models/apis/application-autoscaling/2016-02-06/api-2.json
+++ b/models/apis/application-autoscaling/2016-02-06/api-2.json
@@ -514,7 +514,9 @@
"SageMakerVariantProvisionedConcurrencyUtilization",
"ElastiCacheDatabaseCapacityUsageCountedForEvictPercentage",
"SageMakerInferenceComponentInvocationsPerCopy",
- "WorkSpacesAverageUserSessionsCapacityUtilization"
+ "WorkSpacesAverageUserSessionsCapacityUtilization",
+ "SageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution",
+ "SageMakerVariantConcurrentRequestsPerModelHighResolution"
]
},
"MetricUnit":{"type":"string"},
diff --git a/models/apis/application-signals/2024-04-15/api-2.json b/models/apis/application-signals/2024-04-15/api-2.json
index e51736b..25aed07 100644
--- a/models/apis/application-signals/2024-04-15/api-2.json
+++ b/models/apis/application-signals/2024-04-15/api-2.json
@@ -2,6 +2,7 @@
"version":"2.0",
"metadata":{
"apiVersion":"2024-04-15",
+ "auth":["aws.auth#sigv4"],
"endpointPrefix":"application-signals",
"protocol":"rest-json",
"protocols":["rest-json"],
@@ -457,7 +458,8 @@
"members":{
"Service":{"shape":"Service"},
"StartTime":{"shape":"Timestamp"},
- "EndTime":{"shape":"Timestamp"}
+ "EndTime":{"shape":"Timestamp"},
+ "LogGroupReferences":{"shape":"LogGroupReferences"}
}
},
"Goal":{
@@ -739,6 +741,10 @@
"Tags":{"shape":"TagList"}
}
},
+ "LogGroupReferences":{
+ "type":"list",
+ "member":{"shape":"Attributes"}
+ },
"Metric":{
"type":"structure",
"members":{
@@ -888,7 +894,8 @@
"members":{
"KeyAttributes":{"shape":"Attributes"},
"AttributeMaps":{"shape":"AttributeMaps"},
- "MetricReferences":{"shape":"MetricReferences"}
+ "MetricReferences":{"shape":"MetricReferences"},
+ "LogGroupReferences":{"shape":"LogGroupReferences"}
}
},
"ServiceDependencies":{
diff --git a/models/apis/application-signals/2024-04-15/docs-2.json b/models/apis/application-signals/2024-04-15/docs-2.json
index 40de546..28ebe0a 100644
--- a/models/apis/application-signals/2024-04-15/docs-2.json
+++ b/models/apis/application-signals/2024-04-15/docs-2.json
@@ -1,6 +1,6 @@
{
"version": "2.0",
- "service": "<important> <p>This is a Preview release of the Application Signals API Reference. Operations and parameters are subject to change before the general availability release.</p> </important> <p>Use CloudWatch Application Signals for comprehensive observability of your cloud-based applications. It enables real-time service health dashboards and helps you track long-term performance trends against your business goals. The application-centric view provides you with unified visibility across your applications, services, and dependencies, so you can proactively monitor and efficiently triage any issues that may arise, ensuring optimal customer experience.</p> <p>Application Signals provides the following benefits:</p> <ul> <li> <p>Automatically collect metrics and traces from your applications, and display key metrics such as call volume, availability, latency, faults, and errors. </p> </li> <li> <p>Create and monitor service level objectives (SLOs). </p> </li> <li> <p>See a map of your application topology that Application Signals automatically discovers, that gives you a visual representation of your applications, dependencies, and their connectivity.</p> </li> </ul>",
+ "service": "<p>Use CloudWatch Application Signals for comprehensive observability of your cloud-based applications. It enables real-time service health dashboards and helps you track long-term performance trends against your business goals. The application-centric view provides you with unified visibility across your applications, services, and dependencies, so you can proactively monitor and efficiently triage any issues that may arise, ensuring optimal customer experience.</p> <p>Application Signals provides the following benefits:</p> <ul> <li> <p>Automatically collect metrics and traces from your applications, and display key metrics such as call volume, availability, latency, faults, and errors. </p> </li> <li> <p>Create and monitor service level objectives (SLOs). </p> </li> <li> <p>See a map of your application topology that Application Signals automatically discovers, that gives you a visual representation of your applications, dependencies, and their connectivity.</p> </li> </ul> <p>Application Signals works with CloudWatch RUM, CloudWatch Synthetics canaries, and Amazon Web Services Service Catalog AppRegistry, to display your client pages, Synthetics canaries, and application names within dashboards and maps.</p>",
"operations": {
"BatchGetServiceLevelObjectiveBudgetReport": "<p>Use this operation to retrieve one or more <i>service level objective (SLO) budget reports</i>.</p> <p>An <i>error budget</i> is the amount of time in unhealthy periods that your service can accumulate during an interval before your overall SLO budget health is breached and the SLO is considered to be unmet. For example, an SLO with a threshold of 99.95% and a monthly interval translates to an error budget of 21.9 minutes of downtime in a 30-day month.</p> <p>Budget reports include a health indicator, the attainment value, and remaining budget.</p> <p>For more information about SLO error budgets, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html#CloudWatch-ServiceLevelObjectives-concepts\"> SLO concepts</a>.</p>",
"CreateServiceLevelObjective": "<p>Creates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want.</p> <p>Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached. </p> <p>When you create an SLO, you set an <i>attainment goal</i> for it. An <i>attainment goal</i> is the ratio of good periods that meet the threshold requirements to the total periods within the interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state.</p> <p>After you have created an SLO, you can retrieve error budget reports for it. An <i>error budget</i> is the number of periods or amount of time that your service can accumulate during an interval before your overall SLO budget health is breached and the SLO is considered to be unmet. for example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month.</p> <p>When you call this operation, Application Signals creates the <i>AWSServiceRoleForCloudWatchApplicationSignals</i> service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions:</p> <ul> <li> <p> <code>xray:GetServiceGraph</code> </p> </li> <li> <p> <code>logs:StartQuery</code> </p> </li> <li> <p> <code>logs:GetQueryResults</code> </p> </li> <li> <p> <code>cloudwatch:GetMetricData</code> </p> </li> <li> <p> <code>cloudwatch:ListMetrics</code> </p> </li> <li> <p> <code>tag:GetResources</code> </p> </li> <li> <p> <code>autoscaling:DescribeAutoScalingGroups</code> </p> </li> </ul> <p>You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series.</p> <p>For more information about SLOs, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html\"> Service level objectives (SLOs)</a>. </p>",
@@ -71,6 +71,7 @@
"ListServiceDependentsInput$KeyAttributes": "<p>Use this field to specify which service you want to retrieve information for. You must specify at least the <code>Type</code>, <code>Name</code>, and <code>Environment</code> attributes.</p> <p>This is a string-to-string map. It can include the following fields.</p> <ul> <li> <p> <code>Type</code> designates the type of object this is.</p> </li> <li> <p> <code>ResourceType</code> specifies the type of the resource. This field is used only when the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Name</code> specifies the name of the object. This is used only if the value of the <code>Type</code> field is <code>Service</code>, <code>RemoteService</code>, or <code>AWS::Service</code>.</p> </li> <li> <p> <code>Identifier</code> identifies the resource objects of this resource. This is used only if the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Environment</code> specifies the location where this object is hosted, or what it belongs to.</p> </li> </ul>",
"ListServiceLevelObjectivesInput$KeyAttributes": "<p>You can use this optional field to specify which services you want to retrieve SLO information for.</p> <p>This is a string-to-string map. It can include the following fields.</p> <ul> <li> <p> <code>Type</code> designates the type of object this is.</p> </li> <li> <p> <code>ResourceType</code> specifies the type of the resource. This field is used only when the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Name</code> specifies the name of the object. This is used only if the value of the <code>Type</code> field is <code>Service</code>, <code>RemoteService</code>, or <code>AWS::Service</code>.</p> </li> <li> <p> <code>Identifier</code> identifies the resource objects of this resource. This is used only if the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Environment</code> specifies the location where this object is hosted, or what it belongs to.</p> </li> </ul>",
"ListServiceOperationsInput$KeyAttributes": "<p>Use this field to specify which service you want to retrieve information for. You must specify at least the <code>Type</code>, <code>Name</code>, and <code>Environment</code> attributes.</p> <p>This is a string-to-string map. It can include the following fields.</p> <ul> <li> <p> <code>Type</code> designates the type of object this is.</p> </li> <li> <p> <code>ResourceType</code> specifies the type of the resource. This field is used only when the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Name</code> specifies the name of the object. This is used only if the value of the <code>Type</code> field is <code>Service</code>, <code>RemoteService</code>, or <code>AWS::Service</code>.</p> </li> <li> <p> <code>Identifier</code> identifies the resource objects of this resource. This is used only if the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Environment</code> specifies the location where this object is hosted, or what it belongs to.</p> </li> </ul>",
+ "LogGroupReferences$member": null,
"Service$KeyAttributes": "<p>This is a string-to-string map. It can include the following fields.</p> <ul> <li> <p> <code>Type</code> designates the type of object this is.</p> </li> <li> <p> <code>ResourceType</code> specifies the type of the resource. This field is used only when the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Name</code> specifies the name of the object. This is used only if the value of the <code>Type</code> field is <code>Service</code>, <code>RemoteService</code>, or <code>AWS::Service</code>.</p> </li> <li> <p> <code>Identifier</code> identifies the resource objects of this resource. This is used only if the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Environment</code> specifies the location where this object is hosted, or what it belongs to.</p> </li> </ul>",
"ServiceDependency$DependencyKeyAttributes": "<p>This is a string-to-string map. It can include the following fields.</p> <ul> <li> <p> <code>Type</code> designates the type of object this is.</p> </li> <li> <p> <code>ResourceType</code> specifies the type of the resource. This field is used only when the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Name</code> specifies the name of the object. This is used only if the value of the <code>Type</code> field is <code>Service</code>, <code>RemoteService</code>, or <code>AWS::Service</code>.</p> </li> <li> <p> <code>Identifier</code> identifies the resource objects of this resource. This is used only if the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Environment</code> specifies the location where this object is hosted, or what it belongs to.</p> </li> </ul>",
"ServiceDependent$DependentKeyAttributes": "<p>This is a string-to-string map. It can include the following fields.</p> <ul> <li> <p> <code>Type</code> designates the type of object this is.</p> </li> <li> <p> <code>ResourceType</code> specifies the type of the resource. This field is used only when the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Name</code> specifies the name of the object. This is used only if the value of the <code>Type</code> field is <code>Service</code>, <code>RemoteService</code>, or <code>AWS::Service</code>.</p> </li> <li> <p> <code>Identifier</code> identifies the resource objects of this resource. This is used only if the value of the <code>Type</code> field is <code>Resource</code> or <code>AWS::Resource</code>.</p> </li> <li> <p> <code>Environment</code> specifies the location where this object is hosted, or what it belongs to.</p> </li> </ul>",
@@ -308,6 +309,13 @@
"refs": {
}
},
+ "LogGroupReferences": {
+ "base": null,
+ "refs": {
+ "GetServiceOutput$LogGroupReferences": "<p>An array of string-to-string maps that each contain information about one log group associated with this service. Each string-to-string map includes the following fields:</p> <ul> <li> <p> <code>\"Type\": \"AWS::Resource\"</code> </p> </li> <li> <p> <code>\"ResourceType\": \"AWS::Logs::LogGroup\"</code> </p> </li> <li> <p> <code>\"Identifier\": \"<i>name-of-log-group</i>\"</code> </p> </li> </ul>",
+ "Service$LogGroupReferences": "<p>An array of string-to-string maps that each contain information about one log group associated with this service. Each string-to-string map includes the following fields:</p> <ul> <li> <p> <code>\"Type\": \"AWS::Resource\"</code> </p> </li> <li> <p> <code>\"ResourceType\": \"AWS::Logs::LogGroup\"</code> </p> </li> <li> <p> <code>\"Identifier\": \"<i>name-of-log-group</i>\"</code> </p> </li> </ul>"
+ }
+ },
"Metric": {
"base": "<p>This structure defines the metric used for a service level indicator, including the metric name, namespace, and dimensions</p>",
"refs": {
@@ -426,7 +434,7 @@
"ResourceId": {
"base": null,
"refs": {
- "ResourceNotFoundException$ResourceId": "<p>Cannot find the resource id.</p>"
+ "ResourceNotFoundException$ResourceId": "<p>Can't find the resource id.</p>"
}
},
"ResourceNotFoundException": {
@@ -772,26 +780,26 @@
"BatchGetServiceLevelObjectiveBudgetReportInput$Timestamp": "<p>The date and time that you want the report to be for. It is expressed as the number of milliseconds since Jan 1, 1970 00:00:00 UTC.</p>",
"BatchGetServiceLevelObjectiveBudgetReportOutput$Timestamp": "<p>The date and time that the report is for. It is expressed as the number of milliseconds since Jan 1, 1970 00:00:00 UTC.</p>",
"CalendarInterval$StartTime": "<p>The date and time when you want the first interval to start. Be sure to choose a time that configures the intervals the way that you want. For example, if you want weekly intervals starting on Mondays at 6 a.m., be sure to specify a start time that is a Monday at 6 a.m.</p> <p>When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>As soon as one calendar interval ends, another automatically begins.</p>",
- "GetServiceInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "GetServiceInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "GetServiceOutput$StartTime": "<p>The start time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code>.</p>",
- "GetServiceOutput$EndTime": "<p>The end time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code>.</p>",
- "ListServiceDependenciesInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceDependenciesInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceDependenciesOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceDependenciesOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceDependentsInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceDependentsInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceDependentsOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceDependentsOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceOperationsInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceOperationsInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceOperationsOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServiceOperationsOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServicesInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServicesInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServicesOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
- "ListServicesOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p>",
+ "GetServiceInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "GetServiceInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "GetServiceOutput$StartTime": "<p>The start time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code>.</p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "GetServiceOutput$EndTime": "<p>The end time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code>.</p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServiceDependenciesInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "ListServiceDependenciesInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested end time will be rounded to the nearest hour.</p>",
+ "ListServiceDependenciesOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServiceDependenciesOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServiceDependentsInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "ListServiceDependentsInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "ListServiceDependentsOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServiceDependentsOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServiceOperationsInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "ListServiceOperationsInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested end time will be rounded to the nearest hour.</p>",
+ "ListServiceOperationsOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServiceOperationsOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServicesInput$StartTime": "<p>The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "ListServicesInput$EndTime": "<p>The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>Your requested start time will be rounded to the nearest hour.</p>",
+ "ListServicesOutput$StartTime": "<p>The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
+ "ListServicesOutput$EndTime": "<p>The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: <code>1698778057</code> </p> <p>This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.</p>",
"ServiceLevelObjective$CreatedTime": "<p>The date and time that this SLO was created. When used in a raw HTTP Query API, it is formatted as <code>yyyy-MM-dd'T'HH:mm:ss</code>. For example, <code>2019-07-01T23:59:59</code>.</p>",
"ServiceLevelObjective$LastUpdatedTime": "<p>The time that this SLO was most recently updated. When used in a raw HTTP Query API, it is formatted as <code>yyyy-MM-dd'T'HH:mm:ss</code>. For example, <code>2019-07-01T23:59:59</code>.</p>",
"ServiceLevelObjectiveSummary$CreatedTime": "<p>The date and time that this service level objective was created. It is expressed as the number of milliseconds since Jan 1, 1970 00:00:00 UTC.</p>"
diff --git a/models/apis/bedrock-runtime/2023-09-30/api-2.json b/models/apis/bedrock-runtime/2023-09-30/api-2.json
index e1ccc1d..5629225 100644
--- a/models/apis/bedrock-runtime/2023-09-30/api-2.json
+++ b/models/apis/bedrock-runtime/2023-09-30/api-2.json
@@ -1,9 +1,14 @@
{
"metadata": {
"apiVersion": "2023-09-30",
+ "auth": [
+ "aws.auth#sigv4"
+ ],
"endpointPrefix": "bedrock-runtime",
- "jsonVersion": "1.1",
"protocol": "rest-json",
+ "protocols": [
+ "rest-json"
+ ],
"serviceFullName": "Amazon Bedrock Runtime",
"serviceId": "Bedrock Runtime",
"signatureVersion": "v4",
@@ -63,6 +68,9 @@
"shape": "InternalServerException"
},
{
+ "shape": "ServiceUnavailableException"
+ },
+ {
"shape": "ValidationException"
},
{
@@ -103,6 +111,9 @@
"shape": "InternalServerException"
},
{
+ "shape": "ServiceUnavailableException"
+ },
+ {
"shape": "ValidationException"
},
{
@@ -143,6 +154,9 @@
"shape": "InternalServerException"
},
{
+ "shape": "ServiceUnavailableException"
+ },
+ {
"shape": "ValidationException"
},
{
@@ -186,6 +200,9 @@
"shape": "InternalServerException"
},
{
+ "shape": "ServiceUnavailableException"
+ },
+ {
"shape": "ModelStreamErrorException"
},
{
@@ -546,6 +563,9 @@
"modelStreamErrorException": {
"shape": "ModelStreamErrorException"
},
+ "serviceUnavailableException": {
+ "shape": "ServiceUnavailableException"
+ },
"throttlingException": {
"shape": "ThrottlingException"
},
@@ -1717,6 +1737,9 @@
"modelTimeoutException": {
"shape": "ModelTimeoutException"
},
+ "serviceUnavailableException": {
+ "shape": "ServiceUnavailableException"
+ },
"throttlingException": {
"shape": "ThrottlingException"
},
@@ -1739,6 +1762,19 @@
},
"type": "structure"
},
+ "ServiceUnavailableException": {
+ "error": {
+ "httpStatusCode": 503
+ },
+ "exception": true,
+ "fault": true,
+ "members": {
+ "message": {
+ "shape": "NonBlankString"
+ }
+ },
+ "type": "structure"
+ },
"SpecificToolChoice": {
"members": {
"name": {
diff --git a/models/apis/bedrock-runtime/2023-09-30/docs-2.json b/models/apis/bedrock-runtime/2023-09-30/docs-2.json
index e4b0439..902d547 100644
--- a/models/apis/bedrock-runtime/2023-09-30/docs-2.json
+++ b/models/apis/bedrock-runtime/2023-09-30/docs-2.json
@@ -3,10 +3,10 @@
"service": "<p>Describes the API operations for running inference using Amazon Bedrock models.</p>",
"operations": {
"ApplyGuardrail": "<p>The action to apply a guardrail.</p>",
- "Converse": "<p>Sends messages to the specified Amazon Bedrock model. <code>Converse</code> provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model.</p> <p>For information about the Converse API, see <i>Use the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a guardrail, see <i>Use a guardrail with the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a tool with a model, see <i>Tool use (Function calling)</i> in the <i>Amazon Bedrock User Guide</i> </p> <p>For example code, see <i>Converse API examples</i> in the <i>Amazon Bedrock User Guide</i>. </p> <p>This operation requires permission for the <code>bedrock:InvokeModel</code> action. </p>",
- "ConverseStream": "<p>Sends messages to the specified Amazon Bedrock model and returns the response in a stream. <code>ConverseStream</code> provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. </p> <p>To find out if a model supports streaming, call <a href=\"https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html\">GetFoundationModel</a> and check the <code>responseStreamingSupported</code> field in the response.</p> <p>For information about the Converse API, see <i>Use the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a guardrail, see <i>Use a guardrail with the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a tool with a model, see <i>Tool use (Function calling)</i> in the <i>Amazon Bedrock User Guide</i> </p> <p>For example code, see <i>Conversation streaming example</i> in the <i>Amazon Bedrock User Guide</i>. </p> <p>This operation requires permission for the <code>bedrock:InvokeModelWithResponseStream</code> action.</p>",
+ "Converse": "<p>Sends messages to the specified Amazon Bedrock model. <code>Converse</code> provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. If a model has unique inference parameters, you can also pass those unique parameters to the model.</p> <p>Amazon Bedrock doesn't store any text, images, or documents that you provide as content. The data is only used to generate the response.</p> <p>For information about the Converse API, see <i>Use the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a guardrail, see <i>Use a guardrail with the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a tool with a model, see <i>Tool use (Function calling)</i> in the <i>Amazon Bedrock User Guide</i> </p> <p>For example code, see <i>Converse API examples</i> in the <i>Amazon Bedrock User Guide</i>. </p> <p>This operation requires permission for the <code>bedrock:InvokeModel</code> action. </p>",
+ "ConverseStream": "<p>Sends messages to the specified Amazon Bedrock model and returns the response in a stream. <code>ConverseStream</code> provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. </p> <p>To find out if a model supports streaming, call <a href=\"https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html\">GetFoundationModel</a> and check the <code>responseStreamingSupported</code> field in the response.</p> <note> <p>The CLI doesn't support streaming operations in Amazon Bedrock, including <code>ConverseStream</code>.</p> </note> <p>Amazon Bedrock doesn't store any text, images, or documents that you provide as content. The data is only used to generate the response.</p> <p>For information about the Converse API, see <i>Use the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a guardrail, see <i>Use a guardrail with the Converse API</i> in the <i>Amazon Bedrock User Guide</i>. To use a tool with a model, see <i>Tool use (Function calling)</i> in the <i>Amazon Bedrock User Guide</i> </p> <p>For example code, see <i>Conversation streaming example</i> in the <i>Amazon Bedrock User Guide</i>. </p> <p>This operation requires permission for the <code>bedrock:InvokeModelWithResponseStream</code> action.</p>",
"InvokeModel": "<p>Invokes the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. You use model inference to generate text, images, and embeddings.</p> <p>For example code, see <i>Invoke model code examples</i> in the <i>Amazon Bedrock User Guide</i>. </p> <p>This operation requires permission for the <code>bedrock:InvokeModel</code> action.</p>",
- "InvokeModelWithResponseStream": "<p>Invoke the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. The response is returned in a stream.</p> <p>To see if a model supports streaming, call <a href=\"https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html\">GetFoundationModel</a> and check the <code>responseStreamingSupported</code> field in the response.</p> <note> <p>The CLI doesn't support <code>InvokeModelWithResponseStream</code>.</p> </note> <p>For example code, see <i>Invoke model with streaming code example</i> in the <i>Amazon Bedrock User Guide</i>. </p> <p>This operation requires permissions to perform the <code>bedrock:InvokeModelWithResponseStream</code> action. </p>"
+ "InvokeModelWithResponseStream": "<p>Invoke the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. The response is returned in a stream.</p> <p>To see if a model supports streaming, call <a href=\"https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html\">GetFoundationModel</a> and check the <code>responseStreamingSupported</code> field in the response.</p> <note> <p>The CLI doesn't support streaming operations in Amazon Bedrock, including <code>InvokeModelWithResponseStream</code>.</p> </note> <p>For example code, see <i>Invoke model with streaming code example</i> in the <i>Amazon Bedrock User Guide</i>. </p> <p>This operation requires permissions to perform the <code>bedrock:InvokeModelWithResponseStream</code> action. </p>"
},
"shapes": {
"AccessDeniedException": {
@@ -805,6 +805,7 @@
"ModelTimeoutException$message": null,
"ResourceNotFoundException$message": null,
"ServiceQuotaExceededException$message": null,
+ "ServiceUnavailableException$message": null,
"ThrottlingException$message": null,
"ValidationException$message": null
}
@@ -849,10 +850,17 @@
}
},
"ServiceQuotaExceededException": {
- "base": "<p>The number of requests exceeds the service quota. Resubmit your request later.</p>",
+ "base": "<p>Your request exceeds the service quota for your account. You can view your quotas at <a href=\"https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html\">Viewing service quotas</a>. You can resubmit your request later.</p>",
"refs": {
}
},
+ "ServiceUnavailableException": {
+ "base": "<p>The service isn't currently available. Try again later.</p>",
+ "refs": {
+ "ConverseStreamOutput$serviceUnavailableException": "<p>The service isn't currently available. Try again later.</p>",
+ "ResponseStream$serviceUnavailableException": null
+ }
+ },
"SpecificToolChoice": {
"base": "<p>The model must request a specific tool. For example, <code>{\"tool\" : {\"name\" : \"Your tool name\"}}</code>.</p> <note> <p>This field is only supported by Anthropic Claude 3 models.</p> </note>",
"refs": {
@@ -907,10 +915,10 @@
}
},
"ThrottlingException": {
- "base": "<p>The number of requests exceeds the limit. Resubmit your request later.</p>",
+ "base": "<p>Your request was throttled because of service-wide limitations. Resubmit your request later or in a different region. You can also purchase <a href=\"https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html\">Provisioned Throughput</a> to increase the rate or number of tokens you can process.</p>",
"refs": {
"ConverseStreamOutput$throttlingException": "<p>The number of requests exceeds the limit. Resubmit your request later.</p>",
- "ResponseStream$throttlingException": "<p>The number or frequency of requests exceeds the limit. Resubmit your request later.</p>"
+ "ResponseStream$throttlingException": "<p>Your request was throttled because of service-wide limitations. Resubmit your request later or in a different region. You can also purchase <a href=\"https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html\">Provisioned Throughput</a> to increase the rate or number of tokens you can process.</p>"
}
},
"TokenUsage": {
diff --git a/models/apis/codecommit/2015-04-13/api-2.json b/models/apis/codecommit/2015-04-13/api-2.json
index 8d74930..022a529 100644
--- a/models/apis/codecommit/2015-04-13/api-2.json
+++ b/models/apis/codecommit/2015-04-13/api-2.json
@@ -5,12 +5,14 @@
"endpointPrefix":"codecommit",
"jsonVersion":"1.1",
"protocol":"json",
+ "protocols":["json"],
"serviceAbbreviation":"CodeCommit",
"serviceFullName":"AWS CodeCommit",
"serviceId":"CodeCommit",
"signatureVersion":"v4",
"targetPrefix":"CodeCommit_20150413",
- "uid":"codecommit-2015-04-13"
+ "uid":"codecommit-2015-04-13",
+ "auth":["aws.auth#sigv4"]
},
"operations":{
"AssociateApprovalRuleTemplateWithRepository":{
@@ -316,6 +318,7 @@
{"shape":"InvalidRepositoryNameException"},
{"shape":"InvalidRepositoryDescriptionException"},
{"shape":"RepositoryLimitExceededException"},
+ {"shape":"OperationNotAllowedException"},
{"shape":"EncryptionIntegrityChecksFailedException"},
{"shape":"EncryptionKeyAccessDeniedException"},
{"shape":"EncryptionKeyDisabledException"},
@@ -4531,6 +4534,12 @@
"base":{"shape":"ObjectTypeEnum"}
}
},
+ "OperationNotAllowedException":{
+ "type":"structure",
+ "members":{
+ },
+ "exception":true
+ },
"OrderEnum":{
"type":"string",
"enum":[
diff --git a/models/apis/codecommit/2015-04-13/docs-2.json b/models/apis/codecommit/2015-04-13/docs-2.json
index 90fa660..10b9ebe 100644
--- a/models/apis/codecommit/2015-04-13/docs-2.json
+++ b/models/apis/codecommit/2015-04-13/docs-2.json
@@ -1925,9 +1925,9 @@
"KmsKeyId": {
"base": null,
"refs": {
- "CreateRepositoryInput$kmsKeyId": "<p>The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for kmsKeyID, see <a href=\"https://docs.aws.amazon.com/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId\">KeyId</a> in the Decrypt API description in the <i>Key Management Service API Reference</i>.</p> <p>If no key is specified, the default <code>aws/codecommit</code> Amazon Web Services managed key is used.</p>",
+ "CreateRepositoryInput$kmsKeyId": "<p>The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for kmsKeyID, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId\">KeyId</a> in the Decrypt API description in the <i>Key Management Service API Reference</i>.</p> <p>If no key is specified, the default <code>aws/codecommit</code> Amazon Web Services managed key is used.</p>",
"RepositoryMetadata$kmsKeyId": "<p>The ID of the Key Management Service encryption key used to encrypt and decrypt the repository.</p>",
- "UpdateRepositoryEncryptionKeyInput$kmsKeyId": "<p>The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for keyID, see <a href=\"https://docs.aws.amazon.com/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId\">KeyId</a> in the Decrypt API description in the <i>Key Management Service API Reference</i>.</p>",
+ "UpdateRepositoryEncryptionKeyInput$kmsKeyId": "<p>The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for keyID, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId\">KeyId</a> in the Decrypt API description in the <i>Key Management Service API Reference</i>.</p>",
"UpdateRepositoryEncryptionKeyOutput$kmsKeyId": "<p>The ID of the encryption key.</p>",
"UpdateRepositoryEncryptionKeyOutput$originalKmsKeyId": "<p>The ID of the encryption key formerly used to encrypt and decrypt the repository.</p>"
}
@@ -2429,6 +2429,11 @@
"ConflictMetadata$objectTypes": "<p>Information about any object type conflicts in a merge operation.</p>"
}
},
+ "OperationNotAllowedException": {
+ "base": "<p>The requested action is not allowed.</p>",
+ "refs": {
+ }
+ },
"OrderEnum": {
"base": null,
"refs": {
diff --git a/models/apis/datazone/2018-05-10/api-2.json b/models/apis/datazone/2018-05-10/api-2.json
index f1f5f74..51116ab 100644
--- a/models/apis/datazone/2018-05-10/api-2.json
+++ b/models/apis/datazone/2018-05-10/api-2.json
@@ -1071,6 +1071,24 @@
{"shape":"UnauthorizedException"}
]
},
+ "GetEnvironmentCredentials":{
+ "name":"GetEnvironmentCredentials",
+ "http":{
+ "method":"GET",
+ "requestUri":"/v2/domains/{domainIdentifier}/environments/{environmentIdentifier}/credentials",
+ "responseCode":200
+ },
+ "input":{"shape":"GetEnvironmentCredentialsInput"},
+ "output":{"shape":"GetEnvironmentCredentialsOutput"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"ValidationException"},
+ {"shape":"UnauthorizedException"}
+ ]
+ },
"GetEnvironmentProfile":{
"name":"GetEnvironmentProfile",
"http":{
@@ -5608,6 +5626,35 @@
"userParameters":{"shape":"CustomParameterList"}
}
},
+ "GetEnvironmentCredentialsInput":{
+ "type":"structure",
+ "required":[
+ "domainIdentifier",
+ "environmentIdentifier"
+ ],
+ "members":{
+ "domainIdentifier":{
+ "shape":"DomainId",
+ "location":"uri",
+ "locationName":"domainIdentifier"
+ },
+ "environmentIdentifier":{
+ "shape":"EnvironmentId",
+ "location":"uri",
+ "locationName":"environmentIdentifier"
+ }
+ }
+ },
+ "GetEnvironmentCredentialsOutput":{
+ "type":"structure",
+ "members":{
+ "accessKeyId":{"shape":"String"},
+ "expiration":{"shape":"SyntheticTimestamp_date_time"},
+ "secretAccessKey":{"shape":"String"},
+ "sessionToken":{"shape":"String"}
+ },
+ "sensitive":true
+ },
"GetEnvironmentInput":{
"type":"structure",
"required":[
diff --git a/models/apis/datazone/2018-05-10/docs-2.json b/models/apis/datazone/2018-05-10/docs-2.json
index 68b0194..496f003 100644
--- a/models/apis/datazone/2018-05-10/docs-2.json
+++ b/models/apis/datazone/2018-05-10/docs-2.json
@@ -57,6 +57,7 @@
"GetEnvironmentAction": "<p>Gets the specified environment action.</p>",
"GetEnvironmentBlueprint": "<p>Gets an Amazon DataZone blueprint.</p>",
"GetEnvironmentBlueprintConfiguration": "<p>Gets the blueprint configuration in Amazon DataZone.</p>",
+ "GetEnvironmentCredentials": "<p>Gets the credentials of an environment in Amazon DataZone.</p>",
"GetEnvironmentProfile": "<p>Gets an evinronment profile in Amazon DataZone.</p>",
"GetFormType": "<p>Gets a metadata form type in Amazon DataZone.</p>",
"GetGlossary": "<p>Gets a business glossary in Amazon DataZone.</p>",
@@ -1544,6 +1545,7 @@
"GetEnvironmentBlueprintConfigurationInput$domainIdentifier": "<p>The ID of the Amazon DataZone domain where this blueprint exists.</p>",
"GetEnvironmentBlueprintConfigurationOutput$domainId": "<p>The ID of the Amazon DataZone domain where this blueprint exists.</p>",
"GetEnvironmentBlueprintInput$domainIdentifier": "<p>The identifier of the domain in which this blueprint exists.</p>",
+ "GetEnvironmentCredentialsInput$domainIdentifier": "<p>The ID of the Amazon DataZone domain in which this environment and its credentials exist.</p>",
"GetEnvironmentInput$domainIdentifier": "<p>The ID of the Amazon DataZone domain where the environment exists.</p>",
"GetEnvironmentOutput$domainId": "<p>The ID of the Amazon DataZone domain where the environment exists.</p>",
"GetEnvironmentProfileInput$domainIdentifier": "<p>The ID of the Amazon DataZone domain in which this environment profile exists.</p>",
@@ -1852,6 +1854,7 @@
"GetDataSourceOutput$environmentId": "<p>The ID of the environment where this data source creates and publishes assets,</p>",
"GetEnvironmentActionInput$environmentIdentifier": "<p>The environment ID of the environment action.</p>",
"GetEnvironmentActionOutput$environmentId": "<p>The environment ID of the environment action.</p>",
+ "GetEnvironmentCredentialsInput$environmentIdentifier": "<p>The ID of the environment whose credentials this operation gets.</p>",
"GetEnvironmentInput$identifier": "<p>The ID of the Amazon DataZone environment.</p>",
"GetEnvironmentOutput$id": "<p>The ID of the environment.</p>",
"GetSubscriptionTargetInput$environmentIdentifier": "<p>The ID of the environment associated with the subscription target.</p>",
@@ -2316,6 +2319,16 @@
"refs": {
}
},
+ "GetEnvironmentCredentialsInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetEnvironmentCredentialsOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
"GetEnvironmentInput": {
"base": null,
"refs": {
@@ -4371,6 +4384,9 @@
"GetEnvironmentActionOutput$description": "<p>The description of the environment action.</p>",
"GetEnvironmentActionOutput$name": "<p>The name of the environment action.</p>",
"GetEnvironmentBlueprintOutput$provider": "<p>The provider of this Amazon DataZone blueprint.</p>",
+ "GetEnvironmentCredentialsOutput$accessKeyId": "<p>The access key ID of the environment.</p>",
+ "GetEnvironmentCredentialsOutput$secretAccessKey": "<p>The secret access key of the environment credentials.</p>",
+ "GetEnvironmentCredentialsOutput$sessionToken": "<p>The session token of the environment credentials.</p>",
"GetEnvironmentOutput$createdBy": "<p>The Amazon DataZone user who created the environment.</p>",
"GetEnvironmentOutput$provider": "<p>The provider of this Amazon DataZone environment.</p>",
"GetEnvironmentProfileOutput$createdBy": "<p>The Amazon DataZone user who created this environment profile.</p>",
@@ -4799,6 +4815,7 @@
"GetEnvironmentBlueprintConfigurationOutput$updatedAt": "<p>The timestamp of when this blueprint was upated.</p>",
"GetEnvironmentBlueprintOutput$createdAt": "<p>A timestamp of when this blueprint was created.</p>",
"GetEnvironmentBlueprintOutput$updatedAt": "<p>The timestamp of when this blueprint was updated.</p>",
+ "GetEnvironmentCredentialsOutput$expiration": "<p>The expiration timestamp of the environment credentials.</p>",
"GetEnvironmentOutput$createdAt": "<p>The timestamp of when the environment was created.</p>",
"GetEnvironmentOutput$updatedAt": "<p>The timestamp of when this environment was updated.</p>",
"GetEnvironmentProfileOutput$createdAt": "<p>The timestamp of when this environment profile was created.</p>",
diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json
index 2b89c1c..3c7b64a 100755
--- a/models/apis/ec2/2016-11-15/api-2.json
+++ b/models/apis/ec2/2016-11-15/api-2.json
@@ -39384,7 +39384,6 @@
"verified-access-trust-provider",
"vpn-connection-device-type",
"vpc-block-public-access-exclusion",
- "vpc-encryption-control",
"ipam-resource-discovery",
"ipam-resource-discovery-association",
"instance-connect-endpoint",
diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json
index 14ac36f..dc1a538 100755
--- a/models/apis/ec2/2016-11-15/docs-2.json
+++ b/models/apis/ec2/2016-11-15/docs-2.json
@@ -11036,13 +11036,13 @@
"EnableImageRequest$ImageId": "<p>The ID of the AMI.</p>",
"ExportImageRequest$ImageId": "<p>The ID of the image.</p>",
"FastLaunchImageIdList$member": null,
- "FleetLaunchTemplateOverrides$ImageId": "<p>The ID of the AMI. An AMI is required to launch an instance. This parameter is only available for fleets of type <code>instant</code>. For fleets of type <code>maintain</code> and <code>request</code>, you must specify the AMI ID in the launch template.</p>",
- "FleetLaunchTemplateOverridesRequest$ImageId": "<p>The ID of the AMI. An AMI is required to launch an instance. This parameter is only available for fleets of type <code>instant</code>. For fleets of type <code>maintain</code> and <code>request</code>, you must specify the AMI ID in the launch template.</p>",
+ "FleetLaunchTemplateOverrides$ImageId": "<p>The ID of the AMI in the format <code>ami-17characters00000</code>.</p> <p>Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.</p> <p>To reference a public parameter:</p> <ul> <li> <p> <code>resolve:ssm:<i>public-parameter</i> </code> </p> </li> </ul> <p>To reference a parameter stored in the same account:</p> <ul> <li> <p> <code>resolve:ssm:<i>parameter-name</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-name:version-number</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-name:label</i> </code> </p> </li> </ul> <p>To reference a parameter shared from another Amazon Web Services account:</p> <ul> <li> <p> <code>resolve:ssm:<i>parameter-ARN</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-ARN:version-number</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-ARN:label</i> </code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id\">Use a Systems Manager parameter instead of an AMI ID</a> in the <i>Amazon EC2 User Guide</i>.</p> <note> <p>This parameter is only available for fleets of type <code>instant</code>. For fleets of type <code>maintain</code> and <code>request</code>, you must specify the AMI ID in the launch template.</p> </note>",
+ "FleetLaunchTemplateOverridesRequest$ImageId": "<p>The ID of the AMI in the format <code>ami-17characters00000</code>.</p> <p>Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.</p> <p>To reference a public parameter:</p> <ul> <li> <p> <code>resolve:ssm:<i>public-parameter</i> </code> </p> </li> </ul> <p>To reference a parameter stored in the same account:</p> <ul> <li> <p> <code>resolve:ssm:<i>parameter-name</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-name:version-number</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-name:label</i> </code> </p> </li> </ul> <p>To reference a parameter shared from another Amazon Web Services account:</p> <ul> <li> <p> <code>resolve:ssm:<i>parameter-ARN</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-ARN:version-number</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-ARN:label</i> </code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id\">Use a Systems Manager parameter instead of an AMI ID</a> in the <i>Amazon EC2 User Guide</i>.</p> <note> <p>This parameter is only available for fleets of type <code>instant</code>. For fleets of type <code>maintain</code> and <code>request</code>, you must specify the AMI ID in the launch template.</p> </note>",
"ImageIdList$member": null,
"ImageIdStringList$member": null,
"ModifyImageAttributeRequest$ImageId": "<p>The ID of the AMI.</p>",
"ReplaceRootVolumeTask$ImageId": "<p>The ID of the AMI used to create the replacement root volume.</p>",
- "RequestLaunchTemplateData$ImageId": "<p>The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch.</p> <p>Valid formats:</p> <ul> <li> <p> <code>ami-17characters00000</code> </p> </li> <li> <p> <code>resolve:ssm:parameter-name</code> </p> </li> <li> <p> <code>resolve:ssm:parameter-name:version-number</code> </p> </li> <li> <p> <code>resolve:ssm:parameter-name:label</code> </p> </li> <li> <p> <code>resolve:ssm:public-parameter</code> </p> </li> </ul> <note> <p>Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet, you must specify the AMI ID.</p> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id\">Use a Systems Manager parameter instead of an AMI ID</a> in the <i>Amazon EC2 User Guide</i>.</p>",
+ "RequestLaunchTemplateData$ImageId": "<p>The ID of the AMI in the format <code>ami-17characters00000</code>.</p> <p>Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.</p> <p>To reference a public parameter:</p> <ul> <li> <p> <code>resolve:ssm:<i>public-parameter</i> </code> </p> </li> </ul> <p>To reference a parameter stored in the same account:</p> <ul> <li> <p> <code>resolve:ssm:<i>parameter-name</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-name:version-number</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-name:label</i> </code> </p> </li> </ul> <p>To reference a parameter shared from another Amazon Web Services account:</p> <ul> <li> <p> <code>resolve:ssm:<i>parameter-ARN</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-ARN:version-number</i> </code> </p> </li> <li> <p> <code>resolve:ssm:<i>parameter-ARN:label</i> </code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id\">Use a Systems Manager parameter instead of an AMI ID</a> in the <i>Amazon EC2 User Guide</i>.</p> <note> <p>If the launch template will be used for an EC2 Fleet or Spot Fleet, note the following:</p> <ul> <li> <p>Only EC2 Fleets of type <code>instant</code> support specifying a Systems Manager parameter.</p> </li> <li> <p>For EC2 Fleets of type <code>maintain</code> or <code>request</code>, or for Spot Fleets, you must specify the AMI ID.</p> </li> </ul> </note>",
"RequestSpotLaunchSpecification$ImageId": "<p>The ID of the AMI.</p>",
"ResetImageAttributeRequest$ImageId": "<p>The ID of the AMI.</p>",
"RestoreImageFromRecycleBinRequest$ImageId": "<p>The ID of the AMI to restore.</p>",
diff --git a/models/apis/ecr/2015-09-21/api-2.json b/models/apis/ecr/2015-09-21/api-2.json
index 036799e..8d1be9d 100644
--- a/models/apis/ecr/2015-09-21/api-2.json
+++ b/models/apis/ecr/2015-09-21/api-2.json
@@ -133,6 +133,22 @@
{"shape":"KmsException"}
]
},
+ "CreateRepositoryCreationTemplate":{
+ "name":"CreateRepositoryCreationTemplate",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"CreateRepositoryCreationTemplateRequest"},
+ "output":{"shape":"CreateRepositoryCreationTemplateResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"LimitExceededException"},
+ {"shape":"TemplateAlreadyExistsException"}
+ ]
+ },
"DeleteLifecyclePolicy":{
"name":"DeleteLifecyclePolicy",
"http":{
@@ -195,6 +211,21 @@
{"shape":"KmsException"}
]
},
+ "DeleteRepositoryCreationTemplate":{
+ "name":"DeleteRepositoryCreationTemplate",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DeleteRepositoryCreationTemplateRequest"},
+ "output":{"shape":"DeleteRepositoryCreationTemplateResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"TemplateNotFoundException"}
+ ]
+ },
"DeleteRepositoryPolicy":{
"name":"DeleteRepositoryPolicy",
"http":{
@@ -301,6 +332,20 @@
{"shape":"RepositoryNotFoundException"}
]
},
+ "DescribeRepositoryCreationTemplates":{
+ "name":"DescribeRepositoryCreationTemplates",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DescribeRepositoryCreationTemplatesRequest"},
+ "output":{"shape":"DescribeRepositoryCreationTemplatesResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"InvalidParameterException"}
+ ]
+ },
"GetAuthorizationToken":{
"name":"GetAuthorizationToken",
"http":{
@@ -656,6 +701,21 @@
{"shape":"UnableToDecryptSecretValueException"}
]
},
+ "UpdateRepositoryCreationTemplate":{
+ "name":"UpdateRepositoryCreationTemplate",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"UpdateRepositoryCreationTemplateRequest"},
+ "output":{"shape":"UpdateRepositoryCreationTemplateResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"TemplateNotFoundException"}
+ ]
+ },
"UploadLayerPart":{
"name":"UploadLayerPart",
"http":{
@@ -879,6 +939,31 @@
"credentialArn":{"shape":"CredentialArn"}
}
},
+ "CreateRepositoryCreationTemplateRequest":{
+ "type":"structure",
+ "required":[
+ "prefix",
+ "appliedFor"
+ ],
+ "members":{
+ "prefix":{"shape":"Prefix"},
+ "description":{"shape":"RepositoryTemplateDescription"},
+ "encryptionConfiguration":{"shape":"EncryptionConfigurationForRepositoryCreationTemplate"},
+ "resourceTags":{"shape":"TagList"},
+ "imageTagMutability":{"shape":"ImageTagMutability"},
+ "repositoryPolicy":{"shape":"RepositoryPolicyText"},
+ "lifecyclePolicy":{"shape":"LifecyclePolicyTextForRepositoryCreationTemplate"},
+ "appliedFor":{"shape":"RCTAppliedForList"},
+ "customRoleArn":{"shape":"CustomRoleArn"}
+ }
+ },
+ "CreateRepositoryCreationTemplateResponse":{
+ "type":"structure",
+ "members":{
+ "registryId":{"shape":"RegistryId"},
+ "repositoryCreationTemplate":{"shape":"RepositoryCreationTemplate"}
+ }
+ },
"CreateRepositoryRequest":{
"type":"structure",
"required":["repositoryName"],
@@ -904,6 +989,10 @@
"min":50,
"pattern":"^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\\-pullthroughcache\\/[a-zA-Z0-9\\/_+=.@-]+$"
},
+ "CustomRoleArn":{
+ "type":"string",
+ "max":2048
+ },
"CvssScore":{
"type":"structure",
"members":{
@@ -986,6 +1075,20 @@
"policyText":{"shape":"RegistryPolicyText"}
}
},
+ "DeleteRepositoryCreationTemplateRequest":{
+ "type":"structure",
+ "required":["prefix"],
+ "members":{
+ "prefix":{"shape":"Prefix"}
+ }
+ },
+ "DeleteRepositoryCreationTemplateResponse":{
+ "type":"structure",
+ "members":{
+ "registryId":{"shape":"RegistryId"},
+ "repositoryCreationTemplate":{"shape":"RepositoryCreationTemplate"}
+ }
+ },
"DeleteRepositoryPolicyRequest":{
"type":"structure",
"required":["repositoryName"],
@@ -1131,6 +1234,22 @@
"nextToken":{"shape":"NextToken"}
}
},
+ "DescribeRepositoryCreationTemplatesRequest":{
+ "type":"structure",
+ "members":{
+ "prefixes":{"shape":"PrefixList"},
+ "nextToken":{"shape":"NextToken"},
+ "maxResults":{"shape":"MaxResults"}
+ }
+ },
+ "DescribeRepositoryCreationTemplatesResponse":{
+ "type":"structure",
+ "members":{
+ "registryId":{"shape":"RegistryId"},
+ "repositoryCreationTemplates":{"shape":"RepositoryCreationTemplateList"},
+ "nextToken":{"shape":"NextToken"}
+ }
+ },
"EmptyUploadException":{
"type":"structure",
"members":{
@@ -1146,6 +1265,14 @@
"kmsKey":{"shape":"KmsKey"}
}
},
+ "EncryptionConfigurationForRepositoryCreationTemplate":{
+ "type":"structure",
+ "required":["encryptionType"],
+ "members":{
+ "encryptionType":{"shape":"EncryptionType"},
+ "kmsKey":{"shape":"KmsKeyForRepositoryCreationTemplate"}
+ }
+ },
"EncryptionType":{
"type":"string",
"enum":[
@@ -1582,6 +1709,12 @@
"max":2048,
"min":1
},
+ "KmsKeyForRepositoryCreationTemplate":{
+ "type":"string",
+ "max":2048,
+ "min":0,
+ "pattern":"^$|arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-z0-9-]+"
+ },
"Layer":{
"type":"structure",
"members":{
@@ -1737,6 +1870,11 @@
"max":30720,
"min":100
},
+ "LifecyclePolicyTextForRepositoryCreationTemplate":{
+ "type":"string",
+ "max":30720,
+ "min":0
+ },
"LifecyclePreviewMaxResults":{
"type":"integer",
"max":100,
@@ -1822,6 +1960,16 @@
"min":0
},
"Platform":{"type":"string"},
+ "Prefix":{
+ "type":"string",
+ "max":256,
+ "min":1,
+ "pattern":"^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$"
+ },
+ "PrefixList":{
+ "type":"list",
+ "member":{"shape":"Prefix"}
+ },
"ProxyEndpoint":{"type":"string"},
"PullThroughCacheRule":{
"type":"structure",
@@ -1987,6 +2135,17 @@
"replicationConfiguration":{"shape":"ReplicationConfiguration"}
}
},
+ "RCTAppliedFor":{
+ "type":"string",
+ "enum":[
+ "REPLICATION",
+ "PULL_THROUGH_CACHE"
+ ]
+ },
+ "RCTAppliedForList":{
+ "type":"list",
+ "member":{"shape":"RCTAppliedFor"}
+ },
"Reason":{"type":"string"},
"Recommendation":{
"type":"structure",
@@ -2133,6 +2292,26 @@
},
"exception":true
},
+ "RepositoryCreationTemplate":{
+ "type":"structure",
+ "members":{
+ "prefix":{"shape":"Prefix"},
+ "description":{"shape":"RepositoryTemplateDescription"},
+ "encryptionConfiguration":{"shape":"EncryptionConfigurationForRepositoryCreationTemplate"},
+ "resourceTags":{"shape":"TagList"},
+ "imageTagMutability":{"shape":"ImageTagMutability"},
+ "repositoryPolicy":{"shape":"RepositoryPolicyText"},
+ "lifecyclePolicy":{"shape":"LifecyclePolicyTextForRepositoryCreationTemplate"},
+ "appliedFor":{"shape":"RCTAppliedForList"},
+ "customRoleArn":{"shape":"CustomRoleArn"},
+ "createdAt":{"shape":"Date"},
+ "updatedAt":{"shape":"Date"}
+ }
+ },
+ "RepositoryCreationTemplateList":{
+ "type":"list",
+ "member":{"shape":"RepositoryCreationTemplate"}
+ },
"RepositoryFilter":{
"type":"structure",
"required":[
@@ -2228,6 +2407,10 @@
"type":"list",
"member":{"shape":"RepositoryScanningConfiguration"}
},
+ "RepositoryTemplateDescription":{
+ "type":"string",
+ "max":256
+ },
"Resource":{
"type":"structure",
"members":{
@@ -2465,6 +2648,20 @@
"key":{"shape":"TagKey"},
"value":{"shape":"TagValue"}
},
+ "TemplateAlreadyExistsException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ExceptionMessage"}
+ },
+ "exception":true
+ },
+ "TemplateNotFoundException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ExceptionMessage"}
+ },
+ "exception":true
+ },
"Title":{"type":"string"},
"TooManyTagsException":{
"type":"structure",
@@ -2553,6 +2750,28 @@
"credentialArn":{"shape":"CredentialArn"}
}
},
+ "UpdateRepositoryCreationTemplateRequest":{
+ "type":"structure",
+ "required":["prefix"],
+ "members":{
+ "prefix":{"shape":"Prefix"},
+ "description":{"shape":"RepositoryTemplateDescription"},
+ "encryptionConfiguration":{"shape":"EncryptionConfigurationForRepositoryCreationTemplate"},
+ "resourceTags":{"shape":"TagList"},
+ "imageTagMutability":{"shape":"ImageTagMutability"},
+ "repositoryPolicy":{"shape":"RepositoryPolicyText"},
+ "lifecyclePolicy":{"shape":"LifecyclePolicyTextForRepositoryCreationTemplate"},
+ "appliedFor":{"shape":"RCTAppliedForList"},
+ "customRoleArn":{"shape":"CustomRoleArn"}
+ }
+ },
+ "UpdateRepositoryCreationTemplateResponse":{
+ "type":"structure",
+ "members":{
+ "registryId":{"shape":"RegistryId"},
+ "repositoryCreationTemplate":{"shape":"RepositoryCreationTemplate"}
+ }
+ },
"UpdatedTimestamp":{"type":"timestamp"},
"UploadId":{
"type":"string",
diff --git a/models/apis/ecr/2015-09-21/docs-2.json b/models/apis/ecr/2015-09-21/docs-2.json
index ed097ad..1184eb2 100644
--- a/models/apis/ecr/2015-09-21/docs-2.json
+++ b/models/apis/ecr/2015-09-21/docs-2.json
@@ -9,10 +9,12 @@
"CompleteLayerUpload": "<p>Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a <code>sha256</code> digest of the image layer for data validation purposes.</p> <p>When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>",
"CreatePullThroughCacheRule": "<p>Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html\">Using pull through cache rules</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
"CreateRepository": "<p>Creates a repository. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html\">Amazon ECR repositories</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
+ "CreateRepositoryCreationTemplate": "<p>Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-creation-templates.html\">Private repository creation templates</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
"DeleteLifecyclePolicy": "<p>Deletes the lifecycle policy associated with the specified repository.</p>",
"DeletePullThroughCacheRule": "<p>Deletes a pull through cache rule.</p>",
"DeleteRegistryPolicy": "<p>Deletes the registry permissions policy.</p>",
"DeleteRepository": "<p>Deletes a repository. If the repository isn't empty, you must either delete the contents of the repository or use the <code>force</code> option to delete the repository and have Amazon ECR delete all of its contents on your behalf.</p>",
+ "DeleteRepositoryCreationTemplate": "<p>Deletes a repository creation template.</p>",
"DeleteRepositoryPolicy": "<p>Deletes the repository policy associated with the specified repository.</p>",
"DescribeImageReplicationStatus": "<p>Returns the replication status for a specified image.</p>",
"DescribeImageScanFindings": "<p>Returns the scan findings for the specified image.</p>",
@@ -20,6 +22,7 @@
"DescribePullThroughCacheRules": "<p>Returns the pull through cache rules for a registry.</p>",
"DescribeRegistry": "<p>Describes the settings for a registry. The replication configuration for a repository can be created or updated with the <a>PutReplicationConfiguration</a> API action.</p>",
"DescribeRepositories": "<p>Describes image repositories in a registry.</p>",
+ "DescribeRepositoryCreationTemplates": "<p>Returns details about the repository creation templates in a registry. The <code>prefixes</code> request parameter can be used to return the details for a specific repository creation template.</p>",
"GetAuthorizationToken": "<p>Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.</p> <p>The <code>authorizationToken</code> returned is a base64 encoded string that can be decoded and used in a <code>docker login</code> command to authenticate to a registry. The CLI offers an <code>get-login-password</code> command that simplifies the login process. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth\">Registry authentication</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
"GetDownloadUrlForLayer": "<p>Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.</p> <p>When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>",
"GetLifecyclePolicy": "<p>Retrieves the lifecycle policy for the specified repository.</p>",
@@ -36,13 +39,14 @@
"PutLifecyclePolicy": "<p>Creates or updates the lifecycle policy for the specified repository. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html\">Lifecycle policy template</a>.</p>",
"PutRegistryPolicy": "<p>Creates or updates the permissions policy for your registry.</p> <p>A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html\">Registry permissions</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
"PutRegistryScanningConfiguration": "<p>Creates or updates the scanning configuration for your private registry.</p>",
- "PutReplicationConfiguration": "<p>Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the <a>DescribeRegistry</a> API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html\">Using service-linked roles for Amazon ECR</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p> <note> <p>When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see <a>PutRegistryPolicy</a>.</p> </note>",
+ "PutReplicationConfiguration": "<p>Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the <a>DescribeRegistry</a> API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html\">Using service-linked roles for Amazon ECR</a> in the <i>Amazon Elastic Container Registry User Guide</i>. For more information on the custom role for replication, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication-creation-templates.html#roles-creatingrole-user-console\">Creating an IAM role for replication</a>.</p> <note> <p>When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see <a>PutRegistryPolicy</a>.</p> </note>",
"SetRepositoryPolicy": "<p>Applies a repository policy to the specified repository to control access permissions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html\">Amazon ECR Repository policies</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
"StartImageScan": "<p>Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html\">Image scanning</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
"StartLifecyclePolicyPreview": "<p>Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.</p>",
"TagResource": "<p>Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.</p>",
"UntagResource": "<p>Deletes specified tags from a resource.</p>",
"UpdatePullThroughCacheRule": "<p>Updates an existing pull through cache rule.</p>",
+ "UpdateRepositoryCreationTemplate": "<p>Updates an existing repository creation template.</p>",
"UploadLayerPart": "<p>Uploads an image layer part to Amazon ECR.</p> <p>When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>",
"ValidatePullThroughCacheRule": "<p>Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.</p>"
},
@@ -197,6 +201,16 @@
"refs": {
}
},
+ "CreateRepositoryCreationTemplateRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateRepositoryCreationTemplateResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"CreateRepositoryRequest": {
"base": null,
"refs": {
@@ -228,6 +242,14 @@
"ValidatePullThroughCacheRuleResponse$credentialArn": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.</p>"
}
},
+ "CustomRoleArn": {
+ "base": null,
+ "refs": {
+ "CreateRepositoryCreationTemplateRequest$customRoleArn": "<p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring.</p>",
+ "RepositoryCreationTemplate$customRoleArn": "<p>The ARN of the role to be assumed by Amazon ECR.</p>",
+ "UpdateRepositoryCreationTemplateRequest$customRoleArn": "<p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring.</p>"
+ }
+ },
"CvssScore": {
"base": "<p>The CVSS score for a finding.</p>",
"refs": {
@@ -266,7 +288,9 @@
"EnhancedImageScanFinding$lastObservedAt": "<p>The date and time that the finding was last observed.</p>",
"EnhancedImageScanFinding$updatedAt": "<p>The date and time the finding was last updated at.</p>",
"PackageVulnerabilityDetails$vendorCreatedAt": "<p>The date and time that this vulnerability was first added to the vendor's database.</p>",
- "PackageVulnerabilityDetails$vendorUpdatedAt": "<p>The date and time the vendor last updated this vulnerability in their database.</p>"
+ "PackageVulnerabilityDetails$vendorUpdatedAt": "<p>The date and time the vendor last updated this vulnerability in their database.</p>",
+ "RepositoryCreationTemplate$createdAt": "<p>The date and time, in JavaScript date format, when the repository creation template was created.</p>",
+ "RepositoryCreationTemplate$updatedAt": "<p>The date and time, in JavaScript date format, when the repository creation template was last updated.</p>"
}
},
"DeleteLifecyclePolicyRequest": {
@@ -299,6 +323,16 @@
"refs": {
}
},
+ "DeleteRepositoryCreationTemplateRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteRepositoryCreationTemplateResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"DeleteRepositoryPolicyRequest": {
"base": null,
"refs": {
@@ -385,22 +419,41 @@
"refs": {
}
},
+ "DescribeRepositoryCreationTemplatesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeRepositoryCreationTemplatesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"EmptyUploadException": {
"base": "<p>The specified layer upload does not contain any layer parts.</p>",
"refs": {
}
},
"EncryptionConfiguration": {
- "base": "<p>The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.</p> <p>By default, when no encryption configuration is set or the <code>AES256</code> encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.</p> <p>For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html\">Amazon ECR encryption at rest</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
+ "base": "<p>The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.</p> <p>By default, when no encryption configuration is set or the <code>AES256</code> encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.</p> <p>For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html\">Amazon ECR encryption at rest</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
"refs": {
"CreateRepositoryRequest$encryptionConfiguration": "<p>The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.</p>",
"Repository$encryptionConfiguration": "<p>The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.</p>"
}
},
+ "EncryptionConfigurationForRepositoryCreationTemplate": {
+ "base": "<p>The encryption configuration to associate with the repository creation template.</p>",
+ "refs": {
+ "CreateRepositoryCreationTemplateRequest$encryptionConfiguration": "<p>The encryption configuration to use for repositories created using the template.</p>",
+ "RepositoryCreationTemplate$encryptionConfiguration": "<p>The encryption configuration associated with the repository creation template.</p>",
+ "UpdateRepositoryCreationTemplateRequest$encryptionConfiguration": null
+ }
+ },
"EncryptionType": {
"base": null,
"refs": {
- "EncryptionConfiguration$encryptionType": "<p>The encryption type to use.</p> <p>If you use the <code>KMS</code> encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html\">Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p> <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>"
+ "EncryptionConfiguration$encryptionType": "<p>The encryption type to use.</p> <p>If you use the <code>KMS</code> encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html\">Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p> <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>",
+ "EncryptionConfigurationForRepositoryCreationTemplate$encryptionType": "<p>The encryption type to use.</p> <p>If you use the <code>KMS</code> encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html\">Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p> <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>"
}
},
"EnhancedImageScanFinding": {
@@ -460,6 +513,8 @@
"ScanNotFoundException$message": null,
"SecretNotFoundException$message": null,
"ServerException$message": "<p>The error message associated with the exception.</p>",
+ "TemplateAlreadyExistsException$message": null,
+ "TemplateNotFoundException$message": null,
"TooManyTagsException$message": null,
"UnableToAccessSecretException$message": null,
"UnableToDecryptSecretValueException$message": null,
@@ -801,10 +856,13 @@
"ImageTagMutability": {
"base": null,
"refs": {
+ "CreateRepositoryCreationTemplateRequest$imageTagMutability": "<p>The tag mutability setting for the repository. If this parameter is omitted, the default setting of <code>MUTABLE</code> will be used which will allow image tags to be overwritten. If <code>IMMUTABLE</code> is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.</p>",
"CreateRepositoryRequest$imageTagMutability": "<p>The tag mutability setting for the repository. If this parameter is omitted, the default setting of <code>MUTABLE</code> will be used which will allow image tags to be overwritten. If <code>IMMUTABLE</code> is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.</p>",
"PutImageTagMutabilityRequest$imageTagMutability": "<p>The tag mutability setting for the repository. If <code>MUTABLE</code> is specified, image tags can be overwritten. If <code>IMMUTABLE</code> is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.</p>",
"PutImageTagMutabilityResponse$imageTagMutability": "<p>The image tag mutability setting for the repository.</p>",
- "Repository$imageTagMutability": "<p>The tag mutability setting for the repository.</p>"
+ "Repository$imageTagMutability": "<p>The tag mutability setting for the repository.</p>",
+ "RepositoryCreationTemplate$imageTagMutability": "<p>The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.</p>",
+ "UpdateRepositoryCreationTemplateRequest$imageTagMutability": "<p>Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of <code>MUTABLE</code> will be used which will allow image tags to be overwritten. If <code>IMMUTABLE</code> is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.</p>"
}
},
"ImageTagsList": {
@@ -866,6 +924,12 @@
"EncryptionConfiguration$kmsKey": "<p>If you use the <code>KMS</code> encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.</p>"
}
},
+ "KmsKeyForRepositoryCreationTemplate": {
+ "base": null,
+ "refs": {
+ "EncryptionConfigurationForRepositoryCreationTemplate$kmsKey": "<p>If you use the <code>KMS</code> encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.</p>"
+ }
+ },
"Layer": {
"base": "<p>An object representing an Amazon ECR image layer.</p>",
"refs": {
@@ -1026,6 +1090,14 @@
"StartLifecyclePolicyPreviewResponse$lifecyclePolicyText": "<p>The JSON repository policy text.</p>"
}
},
+ "LifecyclePolicyTextForRepositoryCreationTemplate": {
+ "base": null,
+ "refs": {
+ "CreateRepositoryCreationTemplateRequest$lifecyclePolicy": "<p>The lifecycle policy to use for repositories created using the template.</p>",
+ "RepositoryCreationTemplate$lifecyclePolicy": "<p>The lifecycle policy to use for repositories created using the template.</p>",
+ "UpdateRepositoryCreationTemplateRequest$lifecyclePolicy": "<p>Updates the lifecycle policy associated with the specified repository creation template.</p>"
+ }
+ },
"LifecyclePreviewMaxResults": {
"base": null,
"refs": {
@@ -1070,6 +1142,7 @@
"DescribeImagesRequest$maxResults": "<p>The maximum number of repository results returned by <code>DescribeImages</code> in paginated output. When this parameter is used, <code>DescribeImages</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribeImages</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribeImages</code> returns up to 100 results and a <code>nextToken</code> value, if applicable. This option cannot be used when you specify images with <code>imageIds</code>.</p>",
"DescribePullThroughCacheRulesRequest$maxResults": "<p>The maximum number of pull through cache rules returned by <code>DescribePullThroughCacheRulesRequest</code> in paginated output. When this parameter is used, <code>DescribePullThroughCacheRulesRequest</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribePullThroughCacheRulesRequest</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribePullThroughCacheRulesRequest</code> returns up to 100 results and a <code>nextToken</code> value, if applicable.</p>",
"DescribeRepositoriesRequest$maxResults": "<p>The maximum number of repository results returned by <code>DescribeRepositories</code> in paginated output. When this parameter is used, <code>DescribeRepositories</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribeRepositories</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribeRepositories</code> returns up to 100 results and a <code>nextToken</code> value, if applicable. This option cannot be used when you specify repositories with <code>repositoryNames</code>.</p>",
+ "DescribeRepositoryCreationTemplatesRequest$maxResults": "<p>The maximum number of repository results returned by <code>DescribeRepositoryCreationTemplatesRequest</code> in paginated output. When this parameter is used, <code>DescribeRepositoryCreationTemplatesRequest</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribeRepositoryCreationTemplatesRequest</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribeRepositoryCreationTemplatesRequest</code> returns up to 100 results and a <code>nextToken</code> value, if applicable.</p>",
"ListImagesRequest$maxResults": "<p>The maximum number of image results returned by <code>ListImages</code> in paginated output. When this parameter is used, <code>ListImages</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListImages</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>ListImages</code> returns up to 100 results and a <code>nextToken</code> value, if applicable.</p>"
}
},
@@ -1107,6 +1180,8 @@
"DescribePullThroughCacheRulesResponse$nextToken": "<p>The <code>nextToken</code> value to include in a future <code>DescribePullThroughCacheRulesRequest</code> request. When the results of a <code>DescribePullThroughCacheRulesRequest</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.</p>",
"DescribeRepositoriesRequest$nextToken": "<p>The <code>nextToken</code> value returned from a previous paginated <code>DescribeRepositories</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is <code>null</code> when there are no more results to return. This option cannot be used when you specify repositories with <code>repositoryNames</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>",
"DescribeRepositoriesResponse$nextToken": "<p>The <code>nextToken</code> value to include in a future <code>DescribeRepositories</code> request. When the results of a <code>DescribeRepositories</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+ "DescribeRepositoryCreationTemplatesRequest$nextToken": "<p>The <code>nextToken</code> value returned from a previous paginated <code>DescribeRepositoryCreationTemplates</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is <code>null</code> when there are no more results to return.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>",
+ "DescribeRepositoryCreationTemplatesResponse$nextToken": "<p>The <code>nextToken</code> value to include in a future <code>DescribeRepositoryCreationTemplates</code> request. When the results of a <code>DescribeRepositoryCreationTemplates</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
"GetLifecyclePolicyPreviewRequest$nextToken": "<p>The <code>nextToken</code> value returned from a previous paginated
 <code>GetLifecyclePolicyPreviewRequest</code> request where <code>maxResults</code> was used and the
 results exceeded the value of that parameter. Pagination continues from the end of the
 previous results that returned the <code>nextToken</code> value. This value is
 <code>null</code> when there are no more results to return. This option cannot be used when you specify images with <code>imageIds</code>.</p>",
"GetLifecyclePolicyPreviewResponse$nextToken": "<p>The <code>nextToken</code> value to include in a future <code>GetLifecyclePolicyPreview</code> request. When the results of a <code>GetLifecyclePolicyPreview</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
"ListImagesRequest$nextToken": "<p>The <code>nextToken</code> value returned from a previous paginated <code>ListImages</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is <code>null</code> when there are no more results to return.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>",
@@ -1147,6 +1222,22 @@
"AwsEcrContainerImageDetails$platform": "<p>The platform of the Amazon ECR container image.</p>"
}
},
+ "Prefix": {
+ "base": null,
+ "refs": {
+ "CreateRepositoryCreationTemplateRequest$prefix": "<p>The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of <code>prod</code> would apply to all repositories beginning with <code>prod/</code>. Similarly, a prefix of <code>prod/team</code> would apply to all repositories beginning with <code>prod/team/</code>.</p> <p>To apply a template to all repositories in your registry that don't have an associated creation template, you can use <code>ROOT</code> as the prefix.</p> <important> <p>There is always an assumed <code>/</code> applied to the end of the prefix. If you specify <code>ecr-public</code> as the prefix, Amazon ECR treats that as <code>ecr-public/</code>. When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.</p> </important>",
+ "DeleteRepositoryCreationTemplateRequest$prefix": "<p>The repository namespace prefix associated with the repository creation template.</p>",
+ "PrefixList$member": null,
+ "RepositoryCreationTemplate$prefix": "<p>The repository namespace prefix associated with the repository creation template.</p>",
+ "UpdateRepositoryCreationTemplateRequest$prefix": "<p>The repository namespace prefix that matches an existing repository creation template in the registry. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of <code>prod</code> would apply to all repositories beginning with <code>prod/</code>. This includes a repository named <code>prod/team1</code> as well as a repository named <code>prod/repository1</code>.</p> <p>To apply a template to all repositories in your registry that don't have an associated creation template, you can use <code>ROOT</code> as the prefix.</p>"
+ }
+ },
+ "PrefixList": {
+ "base": null,
+ "refs": {
+ "DescribeRepositoryCreationTemplatesRequest$prefixes": "<p>The repository namespace prefixes associated with the repository creation templates to describe. If this value is not specified, all repository creation templates are returned.</p>"
+ }
+ },
"ProxyEndpoint": {
"base": null,
"refs": {
@@ -1273,6 +1364,20 @@
"refs": {
}
},
+ "RCTAppliedFor": {
+ "base": null,
+ "refs": {
+ "RCTAppliedForList$member": null
+ }
+ },
+ "RCTAppliedForList": {
+ "base": null,
+ "refs": {
+ "CreateRepositoryCreationTemplateRequest$appliedFor": "<p>A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are <code>PULL_THROUGH_CACHE</code> and <code>REPLICATION</code> </p>",
+ "RepositoryCreationTemplate$appliedFor": "<p>A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION</p>",
+ "UpdateRepositoryCreationTemplateRequest$appliedFor": "<p>Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are <code>PULL_THROUGH_CACHE</code> and <code>REPLICATION</code> </p>"
+ }
+ },
"Reason": {
"base": null,
"refs": {
@@ -1326,12 +1431,14 @@
"CompleteLayerUploadResponse$registryId": "<p>The registry ID associated with the request.</p>",
"CreatePullThroughCacheRuleRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.</p>",
"CreatePullThroughCacheRuleResponse$registryId": "<p>The registry ID associated with the request.</p>",
+ "CreateRepositoryCreationTemplateResponse$registryId": "<p>The registry ID associated with the request.</p>",
"CreateRepositoryRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.</p>",
"DeleteLifecyclePolicyRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>",
"DeleteLifecyclePolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
"DeletePullThroughCacheRuleRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.</p>",
"DeletePullThroughCacheRuleResponse$registryId": "<p>The registry ID associated with the request.</p>",
"DeleteRegistryPolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
+ "DeleteRepositoryCreationTemplateResponse$registryId": "<p>The registry ID associated with the request.</p>",
"DeleteRepositoryPolicyRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository policy to delete. If you do not specify a registry, the default registry is assumed.</p>",
"DeleteRepositoryPolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
"DeleteRepositoryRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository to delete. If you do not specify a registry, the default registry is assumed.</p>",
@@ -1340,8 +1447,9 @@
"DescribeImageScanFindingsResponse$registryId": "<p>The registry ID associated with the request.</p>",
"DescribeImagesRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository in which to describe images. If you do not specify a registry, the default registry is assumed.</p>",
"DescribePullThroughCacheRulesRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.</p>",
- "DescribeRegistryResponse$registryId": "<p>The ID of the registry.</p>",
+ "DescribeRegistryResponse$registryId": "<p>The registry ID associated with the request.</p>",
"DescribeRepositoriesRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repositories to be described. If you do not specify a registry, the default registry is assumed.</p>",
+ "DescribeRepositoryCreationTemplatesResponse$registryId": "<p>The registry ID associated with the request.</p>",
"EnhancedImageScanFinding$awsAccountId": "<p>The Amazon Web Services account ID associated with the image.</p>",
"GetAuthorizationTokenRegistryIdList$member": null,
"GetDownloadUrlForLayerRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the image layer to download. If you do not specify a registry, the default registry is assumed.</p>",
@@ -1349,8 +1457,8 @@
"GetLifecyclePolicyPreviewResponse$registryId": "<p>The registry ID associated with the request.</p>",
"GetLifecyclePolicyRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>",
"GetLifecyclePolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
- "GetRegistryPolicyResponse$registryId": "<p>The ID of the registry.</p>",
- "GetRegistryScanningConfigurationResponse$registryId": "<p>The ID of the registry.</p>",
+ "GetRegistryPolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
+ "GetRegistryScanningConfigurationResponse$registryId": "<p>The registry ID associated with the request.</p>",
"GetRepositoryPolicyRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>",
"GetRepositoryPolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
"Image$registryId": "<p>The Amazon Web Services account ID associated with the registry containing the image.</p>",
@@ -1367,7 +1475,7 @@
"PutImageTagMutabilityResponse$registryId": "<p>The registry ID associated with the request.</p>",
"PutLifecyclePolicyRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do
 not specify a registry, the default registry is assumed.</p>",
"PutLifecyclePolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
- "PutRegistryPolicyResponse$registryId": "<p>The registry ID.</p>",
+ "PutRegistryPolicyResponse$registryId": "<p>The registry ID associated with the request.</p>",
"ReplicationDestination$registryId": "<p>The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.</p>",
"Repository$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository.</p>",
"SetRepositoryPolicyRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.</p>",
@@ -1378,6 +1486,7 @@
"StartLifecyclePolicyPreviewResponse$registryId": "<p>The registry ID associated with the request.</p>",
"UpdatePullThroughCacheRuleRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.</p>",
"UpdatePullThroughCacheRuleResponse$registryId": "<p>The registry ID associated with the request.</p>",
+ "UpdateRepositoryCreationTemplateResponse$registryId": "<p>The registry ID associated with the request.</p>",
"UploadLayerPartRequest$registryId": "<p>The Amazon Web Services account ID associated with the registry to which you are uploading layer parts. If you do not specify a registry, the default registry is assumed.</p>",
"UploadLayerPartResponse$registryId": "<p>The registry ID associated with the request.</p>",
"ValidatePullThroughCacheRuleRequest$registryId": "<p>The registry ID associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.</p>",
@@ -1499,6 +1608,21 @@
"refs": {
}
},
+ "RepositoryCreationTemplate": {
+ "base": "<p>The details of the repository creation template associated with the request.</p>",
+ "refs": {
+ "CreateRepositoryCreationTemplateResponse$repositoryCreationTemplate": "<p>The details of the repository creation template associated with the request.</p>",
+ "DeleteRepositoryCreationTemplateResponse$repositoryCreationTemplate": "<p>The details of the repository creation template that was deleted.</p>",
+ "RepositoryCreationTemplateList$member": null,
+ "UpdateRepositoryCreationTemplateResponse$repositoryCreationTemplate": "<p>The details of the repository creation template associated with the request.</p>"
+ }
+ },
+ "RepositoryCreationTemplateList": {
+ "base": null,
+ "refs": {
+ "DescribeRepositoryCreationTemplatesResponse$repositoryCreationTemplates": "<p>The details of the repository creation templates.</p>"
+ }
+ },
"RepositoryFilter": {
"base": "<p>The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated.</p>",
"refs": {
@@ -1607,10 +1731,13 @@
"RepositoryPolicyText": {
"base": null,
"refs": {
+ "CreateRepositoryCreationTemplateRequest$repositoryPolicy": "<p>The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions. </p>",
"DeleteRepositoryPolicyResponse$policyText": "<p>The JSON repository policy that was deleted from the repository.</p>",
"GetRepositoryPolicyResponse$policyText": "<p>The JSON repository policy text associated with the repository.</p>",
+ "RepositoryCreationTemplate$repositoryPolicy": "<p>he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions. </p>",
"SetRepositoryPolicyRequest$policyText": "<p>The JSON repository policy text to apply to the repository. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html\">Amazon ECR repository policies</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>",
- "SetRepositoryPolicyResponse$policyText": "<p>The JSON repository policy text applied to the repository.</p>"
+ "SetRepositoryPolicyResponse$policyText": "<p>The JSON repository policy text applied to the repository.</p>",
+ "UpdateRepositoryCreationTemplateRequest$repositoryPolicy": "<p>Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions. </p>"
}
},
"RepositoryScanningConfiguration": {
@@ -1637,6 +1764,14 @@
"BatchGetRepositoryScanningConfigurationResponse$scanningConfigurations": "<p>The scanning configuration for the requested repositories.</p>"
}
},
+ "RepositoryTemplateDescription": {
+ "base": null,
+ "refs": {
+ "CreateRepositoryCreationTemplateRequest$description": "<p>A description for the repository creation template.</p>",
+ "RepositoryCreationTemplate$description": "<p>The description associated with the repository creation template.</p>",
+ "UpdateRepositoryCreationTemplateRequest$description": "<p>A description for the repository creation template.</p>"
+ }
+ },
"Resource": {
"base": "<p>Details about the resource involved in a finding.</p>",
"refs": {
@@ -1865,9 +2000,12 @@
"TagList": {
"base": null,
"refs": {
+ "CreateRepositoryCreationTemplateRequest$resourceTags": "<p>The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>",
"CreateRepositoryRequest$tags": "<p>The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>",
"ListTagsForResourceResponse$tags": "<p>The tags for the resource.</p>",
- "TagResourceRequest$tags": "<p>The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
+ "RepositoryCreationTemplate$resourceTags": "<p>The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>",
+ "TagResourceRequest$tags": "<p>The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>",
+ "UpdateRepositoryCreationTemplateRequest$resourceTags": "<p>The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
}
},
"TagResourceRequest": {
@@ -1901,6 +2039,16 @@
"Resource$tags": "<p>The tags attached to the resource.</p>"
}
},
+ "TemplateAlreadyExistsException": {
+ "base": "<p>The repository creation template already exists. Specify a unique prefix and try again.</p>",
+ "refs": {
+ }
+ },
+ "TemplateNotFoundException": {
+ "base": "<p>The specified repository creation template can't be found. Verify the registry ID and prefix and try again.</p>",
+ "refs": {
+ }
+ },
"Title": {
"base": null,
"refs": {
@@ -1969,6 +2117,16 @@
"refs": {
}
},
+ "UpdateRepositoryCreationTemplateRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateRepositoryCreationTemplateResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"UpdatedTimestamp": {
"base": null,
"refs": {
@@ -2013,7 +2171,7 @@
"Url": {
"base": null,
"refs": {
- "CreatePullThroughCacheRuleRequest$upstreamRegistryUrl": "<p>The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.</p> <ul> <li> <p>Amazon ECR Public (<code>ecr-public</code>) - <code>public.ecr.aws</code> </p> </li> <li> <p>Docker Hub (<code>docker-hub</code>) - <code>registry-1.docker.io</code> </p> </li> <li> <p>Quay (<code>quay</code>) - <code>quay.io</code> </p> </li> <li> <p>Kubernetes (<code>k8s</code>) - <code>registry.k8s.io</code> </p> </li> <li> <p>GitHub Container Registry (<code>github-container-registry</code>) - <code>ghcr.io</code> </p> </li> <li> <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) - <code><custom>.azurecr.io</code> </p> </li> <li> <p>GitLab Container Registry (<code>gitlab-container-registry</code>) - <code>registry.gitlab.com</code> </p> </li> </ul>",
+ "CreatePullThroughCacheRuleRequest$upstreamRegistryUrl": "<p>The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.</p> <ul> <li> <p>Amazon ECR Public (<code>ecr-public</code>) - <code>public.ecr.aws</code> </p> </li> <li> <p>Docker Hub (<code>docker-hub</code>) - <code>registry-1.docker.io</code> </p> </li> <li> <p>Quay (<code>quay</code>) - <code>quay.io</code> </p> </li> <li> <p>Kubernetes (<code>k8s</code>) - <code>registry.k8s.io</code> </p> </li> <li> <p>GitHub Container Registry (<code>github-container-registry</code>) - <code>ghcr.io</code> </p> </li> <li> <p>Microsoft Azure Container Registry (<code>azure-container-registry</code>) - <code><custom>.azurecr.io</code> </p> </li> </ul>",
"CreatePullThroughCacheRuleResponse$upstreamRegistryUrl": "<p>The upstream registry URL associated with the pull through cache rule.</p>",
"DeletePullThroughCacheRuleResponse$upstreamRegistryUrl": "<p>The upstream registry URL associated with the pull through cache rule.</p>",
"GetDownloadUrlForLayerResponse$downloadUrl": "<p>The pre-signed Amazon S3 download URL for the requested layer.</p>",
diff --git a/models/apis/ecr/2015-09-21/examples-1.json b/models/apis/ecr/2015-09-21/examples-1.json
index fa1a309..67b40f0 100644
--- a/models/apis/ecr/2015-09-21/examples-1.json
+++ b/models/apis/ecr/2015-09-21/examples-1.json
@@ -87,6 +87,64 @@
"title": "To create a new repository"
}
],
+ "CreateRepositoryCreationTemplate": [
+ {
+ "input": {
+ "appliedFor": [
+ "REPLICATION",
+ "PULL_THROUGH_CACHE"
+ ],
+ "description": "Repos for testing images",
+ "encryptionConfiguration": {
+ "encryptionType": "AES256"
+ },
+ "imageTagMutability": "MUTABLE",
+ "lifecyclePolicy": "{\r\n \"rules\": [\r\n {\r\n \"rulePriority\": 1,\r\n \"description\": \"Expire images older than 14 days\",\r\n \"selection\": {\r\n \"tagStatus\": \"untagged\",\r\n \"countType\": \"sinceImagePushed\",\r\n \"countUnit\": \"days\",\r\n \"countNumber\": 14\r\n },\r\n \"action\": {\r\n \"type\": \"expire\"\r\n }\r\n }\r\n ]\r\n}",
+ "prefix": "eng/test",
+ "repositoryPolicy": "{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n {\r\n \"Sid\": \"LambdaECRPullPolicy\",\r\n \"Effect\": \"Allow\",\r\n \"Principal\": {\r\n \"Service\": \"lambda.amazonaws.com\"\r\n },\r\n \"Action\": \"ecr:BatchGetImage\"\r\n }\r\n ]\r\n}",
+ "resourceTags": [
+ {
+ "Key": "environment",
+ "Value": "test"
+ }
+ ]
+ },
+ "output": {
+ "registryId": "012345678901",
+ "repositoryCreationTemplate": {
+ "appliedFor": [
+ "REPLICATION",
+ "PULL_THROUGH_CACHE"
+ ],
+ "createdAt": "2023-12-16T17:29:02-07:00",
+ "description": "Repos for testing images",
+ "encryptionConfiguration": {
+ "encryptionType": "AES256"
+ },
+ "imageTagMutability": "MUTABLE",
+ "lifecyclePolicy": "{\r\n \"rules\": [\r\n {\r\n \"rulePriority\": 1,\r\n \"description\": \"Expire images older than 14 days\",\r\n \"selection\": {\r\n \"tagStatus\": \"untagged\",\r\n \"countType\": \"sinceImagePushed\",\r\n \"countUnit\": \"days\",\r\n \"countNumber\": 14\r\n },\r\n \"action\": {\r\n \"type\": \"expire\"\r\n }\r\n }\r\n ]\r\n}",
+ "prefix": "eng/test",
+ "repositoryPolicy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"LambdaECRPullPolicy\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"Service\" : \"lambda.amazonaws.com\"\n },\n \"Action\" : \"ecr:BatchGetImage\"\n } ]\n}",
+ "resourceTags": [
+ {
+ "Key": "environment",
+ "Value": "test"
+ }
+ ],
+ "updatedAt": "2023-12-16T17:29:02-07:00"
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "This example creates a repository creation template.",
+ "id": "create-a-new-repository-creation-template-1713296923053",
+ "title": "Create a new repository creation template"
+ }
+ ],
"DeleteRepository": [
{
"input": {
@@ -110,6 +168,34 @@
"title": "To force delete a repository"
}
],
+ "DeleteRepositoryCreationTemplate": [
+ {
+ "input": {
+ "prefix": "eng"
+ },
+ "output": {
+ "registryId": "012345678901",
+ "repositoryCreationTemplate": {
+ "createdAt": "2023-12-03T16:27:57.933000-08:00",
+ "encryptionConfiguration": {
+ "encryptionType": "AES256"
+ },
+ "imageTagMutability": "MUTABLE",
+ "prefix": "eng",
+ "updatedAt": "2023-12-03T16:27:57.933000-08:00"
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "This example deletes a repository creation template.",
+ "id": "delete-a-repository-creation-template-1713298142230",
+ "title": "Delete a repository creation template"
+ }
+ ],
"DeleteRepositoryPolicy": [
{
"input": {
@@ -154,6 +240,57 @@
"title": "To describe all repositories in the current account"
}
],
+ "DescribeRepositoryCreationTemplates": [
+ {
+ "input": {
+ "maxResults": 123,
+ "nextToken": "",
+ "prefixes": [
+ "eng"
+ ]
+ },
+ "output": {
+ "nextToken": "",
+ "registryId": "012345678901",
+ "repositoryCreationTemplates": [
+ {
+ "appliedFor": [
+ "PULL_THROUGH_CACHE",
+ "REPLICATION"
+ ],
+ "createdAt": "2023-12-16T17:29:02-07:00",
+ "encryptionConfiguration": {
+ "encryptionType": "AES256"
+ },
+ "imageTagMutability": "MUTABLE",
+ "prefix": "eng/test",
+ "updatedAt": "2023-12-16T19:55:02-07:00"
+ },
+ {
+ "appliedFor": [
+ "REPLICATION"
+ ],
+ "createdAt": "2023-12-14T17:29:02-07:00",
+ "encryptionConfiguration": {
+ "encryptionType": "AES256"
+ },
+ "imageTagMutability": "IMMUTABLE",
+ "prefix": "eng/replication-test",
+ "updatedAt": "2023-12-14T19:55:02-07:00"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "This example describes the contents of a repository creation template.",
+ "id": "describe-a-repository-creation-template-1713298784302",
+ "title": "Describe a repository creation template"
+ }
+ ],
"GetAuthorizationToken": [
{
"input": {
@@ -210,6 +347,55 @@
"id": "listimages-example-1470868161594",
"title": "To list all images in a repository"
}
+ ],
+ "UpdateRepositoryCreationTemplate": [
+ {
+ "input": {
+ "appliedFor": [
+ "REPLICATION"
+ ],
+ "prefix": "eng/test",
+ "resourceTags": [
+ {
+ "Key": "environment",
+ "Value": "test"
+ }
+ ]
+ },
+ "output": {
+ "registryId": "012345678901",
+ "repositoryCreationTemplate": {
+ "appliedFor": [
+ "REPLICATION"
+ ],
+ "createdAt": "2023-12-16T17:29:02-07:00",
+ "description": "Repos for testing images",
+ "encryptionConfiguration": {
+ "encryptionType": "AES256"
+ },
+ "imageTagMutability": "MUTABLE",
+ "lifecyclePolicy": "{\r\n \"rules\": [\r\n {\r\n \"rulePriority\": 1,\r\n \"description\": \"Expire images older than 14 days\",\r\n \"selection\": {\r\n \"tagStatus\": \"untagged\",\r\n \"countType\": \"sinceImagePushed\",\r\n \"countUnit\": \"days\",\r\n \"countNumber\": 14\r\n },\r\n \"action\": {\r\n \"type\": \"expire\"\r\n }\r\n }\r\n ]\r\n}",
+ "prefix": "eng/test",
+ "repositoryPolicy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"LambdaECRPullPolicy\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"Service\" : \"lambda.amazonaws.com\"\n },\n \"Action\" : \"ecr:BatchGetImage\"\n } ]\n}",
+ "resourceTags": [
+ {
+ "Key": "environment",
+ "Value": "test"
+ }
+ ],
+ "updatedAt": "2023-12-16T19:55:02-07:00"
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "This example updates a repository creation template.",
+ "id": "update-a-repository-creation-template-1713299261276",
+ "title": "Update a repository creation template"
+ }
]
}
}
diff --git a/models/apis/ecr/2015-09-21/paginators-1.json b/models/apis/ecr/2015-09-21/paginators-1.json
index e382b79..ff50018 100644
--- a/models/apis/ecr/2015-09-21/paginators-1.json
+++ b/models/apis/ecr/2015-09-21/paginators-1.json
@@ -34,6 +34,15 @@
"output_token": "nextToken",
"result_key": "repositories"
},
+ "DescribeRepositoryCreationTemplates": {
+ "input_token": "nextToken",
+ "limit_key": "maxResults",
+ "non_aggregate_keys": [
+ "registryId"
+ ],
+ "output_token": "nextToken",
+ "result_key": "repositoryCreationTemplates"
+ },
"GetLifecyclePolicyPreview": {
"input_token": "nextToken",
"limit_key": "maxResults",
diff --git a/models/apis/eks/2017-11-01/api-2.json b/models/apis/eks/2017-11-01/api-2.json
index bc9658f..84800e5 100644
--- a/models/apis/eks/2017-11-01/api-2.json
+++ b/models/apis/eks/2017-11-01/api-2.json
@@ -1294,7 +1294,8 @@
"id":{"shape":"String"},
"health":{"shape":"ClusterHealth"},
"outpostConfig":{"shape":"OutpostConfigResponse"},
- "accessConfig":{"shape":"AccessConfigResponse"}
+ "accessConfig":{"shape":"AccessConfigResponse"},
+ "upgradePolicy":{"shape":"UpgradePolicyResponse"}
}
},
"ClusterHealth":{
@@ -1504,7 +1505,8 @@
"encryptionConfig":{"shape":"EncryptionConfigList"},
"outpostConfig":{"shape":"OutpostConfigRequest"},
"accessConfig":{"shape":"CreateAccessConfigRequest"},
- "bootstrapSelfManagedAddons":{"shape":"BoxedBoolean"}
+ "bootstrapSelfManagedAddons":{"shape":"BoxedBoolean"},
+ "upgradePolicy":{"shape":"UpgradePolicyRequest"}
}
},
"CreateClusterResponse":{
@@ -3383,6 +3385,13 @@
"type":"list",
"member":{"shape":"String"}
},
+ "SupportType":{
+ "type":"string",
+ "enum":[
+ "STANDARD",
+ "EXTENDED"
+ ]
+ },
"TagKey":{
"type":"string",
"max":128,
@@ -3574,7 +3583,8 @@
"shape":"String",
"idempotencyToken":true
},
- "accessConfig":{"shape":"UpdateAccessConfigRequest"}
+ "accessConfig":{"shape":"UpdateAccessConfigRequest"},
+ "upgradePolicy":{"shape":"UpgradePolicyRequest"}
}
},
"UpdateClusterConfigResponse":{
@@ -3743,7 +3753,8 @@
"SecurityGroups",
"Subnets",
"AuthenticationMode",
- "PodIdentityAssociations"
+ "PodIdentityAssociations",
+ "UpgradePolicy"
]
},
"UpdateParams":{
@@ -3808,9 +3819,22 @@
"AssociateEncryptionConfig",
"AddonUpdate",
"VpcConfigUpdate",
- "AccessConfigUpdate"
+ "AccessConfigUpdate",
+ "UpgradePolicyUpdate"
]
},
+ "UpgradePolicyRequest":{
+ "type":"structure",
+ "members":{
+ "supportType":{"shape":"SupportType"}
+ }
+ },
+ "UpgradePolicyResponse":{
+ "type":"structure",
+ "members":{
+ "supportType":{"shape":"SupportType"}
+ }
+ },
"VpcConfigRequest":{
"type":"structure",
"members":{
diff --git a/models/apis/eks/2017-11-01/docs-2.json b/models/apis/eks/2017-11-01/docs-2.json
index 1225df5..3847809 100644
--- a/models/apis/eks/2017-11-01/docs-2.json
+++ b/models/apis/eks/2017-11-01/docs-2.json
@@ -1863,6 +1863,13 @@
"VpcConfigResponse$publicAccessCidrs": "<p>The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.</p>"
}
},
+ "SupportType": {
+ "base": null,
+ "refs": {
+ "UpgradePolicyRequest$supportType": "<p>If the cluster is set to <code>EXTENDED</code>, it will enter extended support at the end of standard support. If the cluster is set to <code>STANDARD</code>, it will be automatically upgraded at the end of standard support.</p> <p> <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html\">Learn more about EKS Extended Support in the EKS User Guide.</a> </p>",
+ "UpgradePolicyResponse$supportType": "<p>If the cluster is set to <code>EXTENDED</code>, it will enter extended support at the end of standard support. If the cluster is set to <code>STANDARD</code>, it will be automatically upgraded at the end of standard support.</p> <p> <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html\">Learn more about EKS Extended Support in the EKS User Guide.</a> </p>"
+ }
+ },
"TagKey": {
"base": "<p>One part of a key-value pair that make up a tag. A <code>key</code> is a general label that acts like a category for more specific tag values.</p>",
"refs": {
@@ -2113,6 +2120,19 @@
"Update$type": "<p>The type of the update.</p>"
}
},
+ "UpgradePolicyRequest": {
+ "base": "<p>The support policy to use for the cluster. Extended support allows you to remain on specific Kubernetes versions for longer. Clusters in extended support have higher costs. The default value is <code>EXTENDED</code>. Use <code>STANDARD</code> to disable extended support.</p> <p> <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html\">Learn more about EKS Extended Support in the EKS User Guide.</a> </p>",
+ "refs": {
+ "CreateClusterRequest$upgradePolicy": "<p>New clusters, by default, have extended support enabled. You can disable extended support when creating a cluster by setting this value to <code>STANDARD</code>.</p>",
+ "UpdateClusterConfigRequest$upgradePolicy": "<p>You can enable or disable extended support for clusters currently on standard support. You cannot disable extended support once it starts. You must enable extended support before your cluster exits standard support.</p>"
+ }
+ },
+ "UpgradePolicyResponse": {
+ "base": "<p>This value indicates if extended support is enabled or disabled for the cluster.</p> <p> <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html\">Learn more about EKS Extended Support in the EKS User Guide.</a> </p>",
+ "refs": {
+ "Cluster$upgradePolicy": "<p>This value indicates if extended support is enabled or disabled for the cluster.</p> <p> <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html\">Learn more about EKS Extended Support in the EKS User Guide.</a> </p>"
+ }
+ },
"VpcConfigRequest": {
"base": "<p>An object representing the VPC configuration to use for an Amazon EKS cluster.</p>",
"refs": {
diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json b/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json
index 0a8390e..ddfac12 100644
--- a/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json
+++ b/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json
@@ -10,7 +10,8 @@
"serviceId":"Elastic Load Balancing v2",
"signatureVersion":"v4",
"uid":"elasticloadbalancingv2-2015-12-01",
- "xmlNamespace":"http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/"
+ "xmlNamespace":"http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/",
+ "auth":["aws.auth#sigv4"]
},
"operations":{
"AddListenerCertificates":{
@@ -246,6 +247,23 @@
{"shape":"OperationNotPermittedException"}
]
},
+ "DeleteSharedTrustStoreAssociation":{
+ "name":"DeleteSharedTrustStoreAssociation",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DeleteSharedTrustStoreAssociationInput"},
+ "output":{
+ "shape":"DeleteSharedTrustStoreAssociationOutput",
+ "resultWrapper":"DeleteSharedTrustStoreAssociationResult"
+ },
+ "errors":[
+ {"shape":"TrustStoreNotFoundException"},
+ {"shape":"DeleteAssociationSameAccountException"},
+ {"shape":"TrustStoreAssociationNotFoundException"}
+ ]
+ },
"DeleteTargetGroup":{
"name":"DeleteTargetGroup",
"http":{
@@ -512,6 +530,21 @@
{"shape":"TrustStoreNotFoundException"}
]
},
+ "GetResourcePolicy":{
+ "name":"GetResourcePolicy",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"GetResourcePolicyInput"},
+ "output":{
+ "shape":"GetResourcePolicyOutput",
+ "resultWrapper":"GetResourcePolicyResult"
+ },
+ "errors":[
+ {"shape":"ResourceNotFoundException"}
+ ]
+ },
"GetTrustStoreCaCertificatesBundle":{
"name":"GetTrustStoreCaCertificatesBundle",
"http":{
@@ -1220,6 +1253,17 @@
},
"DNSName":{"type":"string"},
"Default":{"type":"boolean"},
+ "DeleteAssociationSameAccountException":{
+ "type":"structure",
+ "members":{
+ },
+ "error":{
+ "code":"DeleteAssociationSameAccount",
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
"DeleteListenerInput":{
"type":"structure",
"required":["ListenerArn"],
@@ -1256,6 +1300,22 @@
"members":{
}
},
+ "DeleteSharedTrustStoreAssociationInput":{
+ "type":"structure",
+ "required":[
+ "TrustStoreArn",
+ "ResourceArn"
+ ],
+ "members":{
+ "TrustStoreArn":{"shape":"TrustStoreArn"},
+ "ResourceArn":{"shape":"ResourceArn"}
+ }
+ },
+ "DeleteSharedTrustStoreAssociationOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
"DeleteTargetGroupInput":{
"type":"structure",
"required":["TargetGroupArn"],
@@ -1624,6 +1684,19 @@
"TargetGroupStickinessConfig":{"shape":"TargetGroupStickinessConfig"}
}
},
+ "GetResourcePolicyInput":{
+ "type":"structure",
+ "required":["ResourceArn"],
+ "members":{
+ "ResourceArn":{"shape":"ResourceArn"}
+ }
+ },
+ "GetResourcePolicyOutput":{
+ "type":"structure",
+ "members":{
+ "Policy":{"shape":"Policy"}
+ }
+ },
"GetTrustStoreCaCertificatesBundleInput":{
"type":"structure",
"required":["TrustStoreArn"],
@@ -2110,7 +2183,8 @@
"members":{
"Mode":{"shape":"Mode"},
"TrustStoreArn":{"shape":"TrustStoreArn"},
- "IgnoreClientCertificateExpiry":{"shape":"IgnoreClientCertificateExpiry"}
+ "IgnoreClientCertificateExpiry":{"shape":"IgnoreClientCertificateExpiry"},
+ "TrustStoreAssociationStatus":{"shape":"TrustStoreAssociationStatusEnum"}
}
},
"Name":{"type":"string"},
@@ -2144,6 +2218,10 @@
"Values":{"shape":"ListOfString"}
}
},
+ "Policy":{
+ "type":"string",
+ "min":1
+ },
"Port":{
"type":"integer",
"max":65535,
@@ -2310,6 +2388,17 @@
},
"exception":true
},
+ "ResourceNotFoundException":{
+ "type":"structure",
+ "members":{
+ },
+ "error":{
+ "code":"ResourceNotFound",
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
"RevocationContent":{
"type":"structure",
"members":{
@@ -2934,7 +3023,25 @@
"ResourceArn":{"shape":"TrustStoreAssociationResourceArn"}
}
},
+ "TrustStoreAssociationNotFoundException":{
+ "type":"structure",
+ "members":{
+ },
+ "error":{
+ "code":"AssociationNotFound",
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
"TrustStoreAssociationResourceArn":{"type":"string"},
+ "TrustStoreAssociationStatusEnum":{
+ "type":"string",
+ "enum":[
+ "active",
+ "removed"
+ ]
+ },
"TrustStoreAssociations":{
"type":"list",
"member":{"shape":"TrustStoreAssociation"}
diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json b/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json
index fbeaf82..55bcedc 100644
--- a/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json
+++ b/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json
@@ -13,6 +13,7 @@
"DeleteListener": "<p>Deletes the specified listener.</p> <p>Alternatively, your listener is deleted when you delete the load balancer to which it is attached.</p>",
"DeleteLoadBalancer": "<p>Deletes the specified Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. Deleting a load balancer also deletes its listeners.</p> <p>You can't delete a load balancer if deletion protection is enabled. If the load balancer does not exist or has already been deleted, the call succeeds.</p> <p>Deleting a load balancer does not affect its registered targets. For example, your EC2 instances continue to run and are still registered to their target groups. If you no longer need these EC2 instances, you can stop or terminate them.</p>",
"DeleteRule": "<p>Deletes the specified rule.</p> <p>You can't delete the default rule.</p>",
+ "DeleteSharedTrustStoreAssociation": "<p>Deletes a shared trust store association.</p>",
"DeleteTargetGroup": "<p>Deletes the specified target group.</p> <p>You can delete a target group if it is not referenced by any actions. Deleting a target group also deletes any associated health checks. Deleting a target group does not affect its registered targets. For example, any EC2 instances continue to run until you stop or terminate them.</p>",
"DeleteTrustStore": "<p>Deletes a trust store.</p>",
"DeregisterTargets": "<p>Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.</p> <p>The load balancer stops sending requests to targets that are deregistering, but uses connection draining to ensure that in-flight traffic completes on the existing connections. This deregistration delay is configured by default but can be updated for each target group.</p> <p>For more information, see the following:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#deregistration-delay\"> Deregistration delay</a> in the <i>Application Load Balancers User Guide</i> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#deregistration-delay\"> Deregistration delay</a> in the <i>Network Load Balancers User Guide</i> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#deregistration-delay\"> Deregistration delay</a> in the <i>Gateway Load Balancers User Guide</i> </p> </li> </ul> <p>Note: If the specified target does not exist, the action returns successfully.</p>",
@@ -28,8 +29,9 @@
"DescribeTargetGroups": "<p>Describes the specified target groups or all of your target groups. By default, all target groups are described. Alternatively, you can specify one of the following to filter the results: the ARN of the load balancer, the names of one or more target groups, or the ARNs of one or more target groups.</p>",
"DescribeTargetHealth": "<p>Describes the health of the specified targets or all of your targets.</p>",
"DescribeTrustStoreAssociations": "<p>Describes all resources associated with the specified trust store.</p>",
- "DescribeTrustStoreRevocations": "<p>Describes the revocation files in use by the specified trust store arn, or revocation ID.</p>",
- "DescribeTrustStores": "<p>Describes all trust stores for a given account by trust store arn’s or name.</p>",
+ "DescribeTrustStoreRevocations": "<p>Describes the revocation files in use by the specified trust store or revocation files.</p>",
+ "DescribeTrustStores": "<p>Describes all trust stores for the specified account.</p>",
+ "GetResourcePolicy": "<p>Retrieves the resource policy for a specified resource.</p>",
"GetTrustStoreCaCertificatesBundle": "<p>Retrieves the ca certificate bundle.</p> <p>This action returns a pre-signed S3 URI which is active for ten minutes.</p>",
"GetTrustStoreRevocationContent": "<p>Retrieves the specified revocation file.</p> <p>This action returns a pre-signed S3 URI which is active for ten minutes.</p>",
"ModifyListener": "<p>Replaces the specified properties of the specified listener. Any properties that you do not specify remain unchanged.</p> <p>Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the security policy and default certificate properties. If you change the protocol from HTTP to HTTPS, or from TCP to TLS, you must add the security policy and default certificate properties.</p> <p>To add an item to a list, remove an item from a list, or update an item in a list, you must provide the entire list. For example, to add an action, specify a list with the current actions plus the new action.</p>",
@@ -37,7 +39,7 @@
"ModifyRule": "<p>Replaces the specified properties of the specified rule. Any properties that you do not specify are unchanged.</p> <p>To add an item to a list, remove an item from a list, or update an item in a list, you must provide the entire list. For example, to add an action, specify a list with the current actions plus the new action.</p>",
"ModifyTargetGroup": "<p>Modifies the health checks used when evaluating the health state of the targets in the specified target group.</p>",
"ModifyTargetGroupAttributes": "<p>Modifies the specified attributes of the specified target group.</p>",
- "ModifyTrustStore": "<p>Update the ca certificate bundle for a given trust store.</p>",
+ "ModifyTrustStore": "<p>Update the ca certificate bundle for the specified trust store.</p>",
"RegisterTargets": "<p>Registers the specified targets with the specified target group.</p> <p>If the target is an EC2 instance, it must be in the <code>running</code> state when you register it.</p> <p>By default, the load balancer routes requests to registered targets using the protocol and port for the target group. Alternatively, you can override the port for a target when you register it. You can register each EC2 instance or IP address with the same target group multiple times using different ports.</p> <p>With a Network Load Balancer, you cannot register instances by instance ID if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by IP address.</p>",
"RemoveListenerCertificates": "<p>Removes the specified certificate from the certificate list for the specified HTTPS or TLS listener.</p>",
"RemoveTags": "<p>Removes the specified tags from the specified Elastic Load Balancing resources. You can remove the tags for one or more Application Load Balancers, Network Load Balancers, Gateway Load Balancers, target groups, listeners, or rules.</p>",
@@ -469,6 +471,11 @@
"Certificate$IsDefault": "<p>Indicates whether the certificate is the default certificate. Do not set this value when specifying a certificate as an input. This value is not included in the output when describing a listener, but is included when describing listener certificates.</p>"
}
},
+ "DeleteAssociationSameAccountException": {
+ "base": "<p>The specified association cannot be within the same account.</p>",
+ "refs": {
+ }
+ },
"DeleteListenerInput": {
"base": null,
"refs": {
@@ -499,6 +506,16 @@
"refs": {
}
},
+ "DeleteSharedTrustStoreAssociationInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSharedTrustStoreAssociationOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
"DeleteTargetGroupInput": {
"base": null,
"refs": {
@@ -761,6 +778,16 @@
"Action$ForwardConfig": "<p>Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when <code>Type</code> is <code>forward</code>. If you specify both <code>ForwardConfig</code> and <code>TargetGroupArn</code>, you can specify only one target group using <code>ForwardConfig</code> and it must be the same target group specified in <code>TargetGroupArn</code>.</p>"
}
},
+ "GetResourcePolicyInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetResourcePolicyOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
"GetTrustStoreCaCertificatesBundleInput": {
"base": null,
"refs": {
@@ -935,7 +962,7 @@
"refs": {
"CreateLoadBalancerInput$IpAddressType": "<p>Note: Internal load balancers must use the <code>ipv4</code> IP address type.</p> <p>[Application Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses), <code>dualstack</code> (for IPv4 and IPv6 addresses), and <code>dualstack-without-public-ipv4</code> (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).</p> <p>[Network Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p> <p>[Gateway Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses).</p>",
"LoadBalancer$IpAddressType": "<p>[Application Load Balancers] The type of IP addresses used for public or private connections by the subnets attached to your load balancer. The possible values are <code>ipv4</code> (for only IPv4 addresses), <code>dualstack</code> (for IPv4 and IPv6 addresses), and <code>dualstack-without-public-ipv4</code> (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).</p> <p>[Network Load Balancers and Gateway Load Balancers] The type of IP addresses used for public or private connections by the subnets attached to your load balancer. The possible values are <code>ipv4</code> (for only IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses).</p>",
- "SetIpAddressTypeInput$IpAddressType": "<p>Note: Internal load balancers must use the <code>ipv4</code> IP address type.</p> <p>[Application Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses), <code>dualstack</code> (for IPv4 and IPv6 addresses), and <code>dualstack-without-public-ipv4</code> (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).</p> <p>[Network Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p> <p>[Gateway Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses).</p>",
+ "SetIpAddressTypeInput$IpAddressType": "<p>Note: Internal load balancers must use the <code>ipv4</code> IP address type.</p> <p>[Application Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses), <code>dualstack</code> (for IPv4 and IPv6 addresses), and <code>dualstack-without-public-ipv4</code> (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).</p> <p>Note: Application Load Balancer authentication only supports IPv4 addresses when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer cannot complete the authentication process, resulting in HTTP 500 errors.</p> <p>[Network Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p> <p>[Gateway Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses).</p>",
"SetIpAddressTypeOutput$IpAddressType": "<p>The IP address type.</p>",
"SetSubnetsInput$IpAddressType": "<p>[Application Load Balancers] The IP address type. The possible values are <code>ipv4</code> (for only IPv4 addresses), <code>dualstack</code> (for IPv4 and IPv6 addresses), and <code>dualstack-without-public-ipv4</code> (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).</p> <p>[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p> <p>[Gateway Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses).</p>",
"SetSubnetsOutput$IpAddressType": "<p>[Application Load Balancers] The IP address type.</p> <p>[Network Load Balancers] The IP address type.</p> <p>[Gateway Load Balancers] The IP address type.</p>"
@@ -962,7 +989,7 @@
"ListOfDescribeTargetHealthIncludeOptions": {
"base": null,
"refs": {
- "DescribeTargetHealthInput$Include": "<p>Used to inclue anomaly detection information.</p>"
+ "DescribeTargetHealthInput$Include": "<p>Used to include anomaly detection information.</p>"
}
},
"ListOfString": {
@@ -1322,6 +1349,12 @@
"RuleCondition$PathPatternConfig": "<p>Information for a path pattern condition. Specify only when <code>Field</code> is <code>path-pattern</code>.</p>"
}
},
+ "Policy": {
+ "base": null,
+ "refs": {
+ "GetResourcePolicyOutput$Policy": "<p>The content of the resource policy.</p>"
+ }
+ },
"Port": {
"base": null,
"refs": {
@@ -1468,6 +1501,8 @@
"ResourceArn": {
"base": null,
"refs": {
+ "DeleteSharedTrustStoreAssociationInput$ResourceArn": "<p>The Amazon Resource Name (ARN) of the resource.</p>",
+ "GetResourcePolicyInput$ResourceArn": "<p>The Amazon Resource Name (ARN) of the resource.</p>",
"ResourceArns$member": null,
"TagDescription$ResourceArn": "<p>The Amazon Resource Name (ARN) of the resource.</p>"
}
@@ -1485,6 +1520,11 @@
"refs": {
}
},
+ "ResourceNotFoundException": {
+ "base": "<p>The specified resource does not exist.</p>",
+ "refs": {
+ }
+ },
"RevocationContent": {
"base": "<p>Information about a revocation file.</p>",
"refs": {
@@ -2095,6 +2135,7 @@
"base": null,
"refs": {
"AddTrustStoreRevocationsInput$TrustStoreArn": "<p>The Amazon Resource Name (ARN) of the trust store.</p>",
+ "DeleteSharedTrustStoreAssociationInput$TrustStoreArn": "<p>The Amazon Resource Name (ARN) of the trust store.</p>",
"DeleteTrustStoreInput$TrustStoreArn": "<p>The Amazon Resource Name (ARN) of the trust store.</p>",
"DescribeTrustStoreAssociationsInput$TrustStoreArn": "<p>The Amazon Resource Name (ARN) of the trust store.</p>",
"DescribeTrustStoreRevocation$TrustStoreArn": "<p>The Amazon Resource Name (ARN) of the trust store.</p>",
@@ -2121,12 +2162,23 @@
"TrustStoreAssociations$member": null
}
},
+ "TrustStoreAssociationNotFoundException": {
+ "base": "<p>The specified association does not exist.</p>",
+ "refs": {
+ }
+ },
"TrustStoreAssociationResourceArn": {
"base": null,
"refs": {
"TrustStoreAssociation$ResourceArn": "<p>The Amazon Resource Name (ARN) of the resource.</p>"
}
},
+ "TrustStoreAssociationStatusEnum": {
+ "base": null,
+ "refs": {
+ "MutualAuthenticationAttributes$TrustStoreAssociationStatus": "<p>Indicates a shared trust stores association status.</p>"
+ }
+ },
"TrustStoreAssociations": {
"base": null,
"refs": {
diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json b/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json
index 508b099..0d0eaaf 100644
--- a/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json
+++ b/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json
@@ -363,6 +363,23 @@
"title": "To delete a rule"
}
],
+ "DeleteSharedTrustStoreAssociation": [
+ {
+ "input": {
+ "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/80233fa81d678c2c",
+ "TrustStoreArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:truststore/my-trust-store/73e2d6bc24d8a063"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "This example deletes the association between the specified trust store and the specified load balancer.",
+ "id": "delete-a-shared-trust-store-association-1721684063527",
+ "title": "Delete a shared trust store association"
+ }
+ ],
"DeleteTargetGroup": [
{
"input": {
@@ -859,6 +876,22 @@
"title": "To describe the health of a target"
}
],
+ "GetResourcePolicy": [
+ {
+ "input": {
+ "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:truststore/my-trust-store/73e2d6bc24d8a067"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "This example retrieves the resource policy for the specified trust store.",
+ "id": "retrieve-a-resource-policy-1721684356628",
+ "title": "Retrieve a resource policy"
+ }
+ ],
"ModifyListener": [
{
"input": {
diff --git a/models/apis/network-firewall/2020-11-12/api-2.json b/models/apis/network-firewall/2020-11-12/api-2.json
index 5f61b3c..40fcbf2 100644
--- a/models/apis/network-firewall/2020-11-12/api-2.json
+++ b/models/apis/network-firewall/2020-11-12/api-2.json
@@ -5,13 +5,15 @@
"endpointPrefix":"network-firewall",
"jsonVersion":"1.0",
"protocol":"json",
+ "protocols":["json"],
"serviceAbbreviation":"Network Firewall",
"serviceFullName":"AWS Network Firewall",
"serviceId":"Network Firewall",
"signatureVersion":"v4",
"signingName":"network-firewall",
"targetPrefix":"NetworkFirewall_20201112",
- "uid":"network-firewall-2020-11-12"
+ "uid":"network-firewall-2020-11-12",
+ "auth":["aws.auth#sigv4"]
},
"operations":{
"AssociateFirewallPolicy":{
@@ -1510,7 +1512,8 @@
"type":"string",
"enum":[
"ALERT",
- "FLOW"
+ "FLOW",
+ "TLS"
]
},
"LoggingConfiguration":{
diff --git a/models/apis/network-firewall/2020-11-12/docs-2.json b/models/apis/network-firewall/2020-11-12/docs-2.json
index 7d32563..7e3a2c9 100644
--- a/models/apis/network-firewall/2020-11-12/docs-2.json
+++ b/models/apis/network-firewall/2020-11-12/docs-2.json
@@ -7,7 +7,7 @@
"CreateFirewall": "<p>Creates an Network Firewall <a>Firewall</a> and accompanying <a>FirewallStatus</a> for a VPC. </p> <p>The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource. </p> <p>After you create a firewall, you can provide additional settings, like the logging configuration. </p> <p>To update the settings for a firewall, you use the operations that apply to the settings themselves, for example <a>UpdateLoggingConfiguration</a>, <a>AssociateSubnets</a>, and <a>UpdateFirewallDeleteProtection</a>. </p> <p>To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p> <p>To retrieve information about firewalls, use <a>ListFirewalls</a> and <a>DescribeFirewall</a>.</p>",
"CreateFirewallPolicy": "<p>Creates the firewall policy for the firewall according to the specifications. </p> <p>An Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls. </p>",
"CreateRuleGroup": "<p>Creates the specified stateless or stateful rule group, which includes the rules for network traffic inspection, a capacity setting, and tags. </p> <p>You provide your rule group specification in your request using either <code>RuleGroup</code> or <code>Rules</code>.</p>",
- "CreateTLSInspectionConfiguration": "<p>Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains Certificate Manager certificate associations between and the scope configurations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall.</p> <p>After you create a TLS inspection configuration, you can associate it with a new firewall policy.</p> <p>To update the settings for a TLS inspection configuration, use <a>UpdateTLSInspectionConfiguration</a>.</p> <p>To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p> <p>To retrieve information about TLS inspection configurations, use <a>ListTLSInspectionConfigurations</a> and <a>DescribeTLSInspectionConfiguration</a>.</p> <p> For more information about TLS inspection configurations, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html\">Inspecting SSL/TLS traffic with TLS inspection configurations</a> in the <i>Network Firewall Developer Guide</i>. </p>",
+ "CreateTLSInspectionConfiguration": "<p>Creates an Network Firewall TLS inspection configuration. Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using ACM, create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall.</p> <p>To update the settings for a TLS inspection configuration, use <a>UpdateTLSInspectionConfiguration</a>.</p> <p>To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p> <p>To retrieve information about TLS inspection configurations, use <a>ListTLSInspectionConfigurations</a> and <a>DescribeTLSInspectionConfiguration</a>.</p> <p> For more information about TLS inspection configurations, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html\">Inspecting SSL/TLS traffic with TLS inspection configurations</a> in the <i>Network Firewall Developer Guide</i>. </p>",
"DeleteFirewall": "<p>Deletes the specified <a>Firewall</a> and its <a>FirewallStatus</a>. This operation requires the firewall's <code>DeleteProtection</code> flag to be <code>FALSE</code>. You can't revert this operation. </p> <p>You can check whether a firewall is in use by reviewing the route tables for the Availability Zones where you have firewall subnet mappings. Retrieve the subnet mappings by calling <a>DescribeFirewall</a>. You define and update the route tables through Amazon VPC. As needed, update the route tables for the zones to remove the firewall endpoints. When the route tables no longer use the firewall endpoints, you can remove the firewall safely.</p> <p>To delete a firewall, remove the delete protection if you need to using <a>UpdateFirewallDeleteProtection</a>, then delete the firewall by calling <a>DeleteFirewall</a>. </p>",
"DeleteFirewallPolicy": "<p>Deletes the specified <a>FirewallPolicy</a>. </p>",
"DeleteResourcePolicy": "<p>Deletes a resource policy that you created in a <a>PutResourcePolicy</a> request. </p>",
@@ -746,7 +746,7 @@
}
},
"LogDestinationConfig": {
- "base": "<p>Defines where Network Firewall sends logs for the firewall for one log type. This is used in <a>LoggingConfiguration</a>. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.</p> <p>Network Firewall generates logs for stateful rule groups. You can save alert and flow log types. The stateful rules engine records flow logs for all network traffic that it receives. It records alert logs for traffic that matches stateful rules that have the rule action set to <code>DROP</code> or <code>ALERT</code>. </p>",
+ "base": "<p>Defines where Network Firewall sends logs for the firewall for one log type. This is used in <a>LoggingConfiguration</a>. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.</p> <p>Network Firewall generates logs for stateful rule groups. You can save alert, flow, and TLS log types. </p>",
"refs": {
"LogDestinationConfigs$member": null
}
@@ -760,7 +760,7 @@
"LogDestinationMap": {
"base": null,
"refs": {
- "LogDestinationConfig$LogDestination": "<p>The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type. </p> <ul> <li> <p>For an Amazon S3 bucket, provide the name of the bucket, with key <code>bucketName</code>, and optionally provide a prefix, with key <code>prefix</code>. The following example specifies an Amazon S3 bucket named <code>DOC-EXAMPLE-BUCKET</code> and the prefix <code>alerts</code>: </p> <p> <code>\"LogDestination\": { \"bucketName\": \"DOC-EXAMPLE-BUCKET\", \"prefix\": \"alerts\" }</code> </p> </li> <li> <p>For a CloudWatch log group, provide the name of the CloudWatch log group, with key <code>logGroup</code>. The following example specifies a log group named <code>alert-log-group</code>: </p> <p> <code>\"LogDestination\": { \"logGroup\": \"alert-log-group\" }</code> </p> </li> <li> <p>For a Kinesis Data Firehose delivery stream, provide the name of the delivery stream, with key <code>deliveryStream</code>. The following example specifies a delivery stream named <code>alert-delivery-stream</code>: </p> <p> <code>\"LogDestination\": { \"deliveryStream\": \"alert-delivery-stream\" }</code> </p> </li> </ul>"
+ "LogDestinationConfig$LogDestination": "<p>The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type. </p> <ul> <li> <p>For an Amazon S3 bucket, provide the name of the bucket, with key <code>bucketName</code>, and optionally provide a prefix, with key <code>prefix</code>. </p> <p>The following example specifies an Amazon S3 bucket named <code>DOC-EXAMPLE-BUCKET</code> and the prefix <code>alerts</code>: </p> <p> <code>\"LogDestination\": { \"bucketName\": \"DOC-EXAMPLE-BUCKET\", \"prefix\": \"alerts\" }</code> </p> </li> <li> <p>For a CloudWatch log group, provide the name of the CloudWatch log group, with key <code>logGroup</code>. The following example specifies a log group named <code>alert-log-group</code>: </p> <p> <code>\"LogDestination\": { \"logGroup\": \"alert-log-group\" }</code> </p> </li> <li> <p>For a Firehose delivery stream, provide the name of the delivery stream, with key <code>deliveryStream</code>. The following example specifies a delivery stream named <code>alert-delivery-stream</code>: </p> <p> <code>\"LogDestination\": { \"deliveryStream\": \"alert-delivery-stream\" }</code> </p> </li> </ul>"
}
},
"LogDestinationPermissionException": {
@@ -771,13 +771,13 @@
"LogDestinationType": {
"base": null,
"refs": {
- "LogDestinationConfig$LogDestinationType": "<p>The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.</p>"
+ "LogDestinationConfig$LogDestinationType": "<p>The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.</p>"
}
},
"LogType": {
"base": null,
"refs": {
- "LogDestinationConfig$LogType": "<p>The type of log to send. Alert logs report traffic that matches a <a>StatefulRule</a> with an action setting that sends an alert log message. Flow logs are standard network traffic flow logs. </p>"
+ "LogDestinationConfig$LogType": "<p>The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.</p> <ul> <li> <p> <code>ALERT</code> - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see <a>StatefulRule</a>.</p> </li> <li> <p> <code>FLOW</code> - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.</p> </li> <li> <p> <code>TLS</code> - Logs for events that are related to TLS inspection. For more information, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html\">Inspecting SSL/TLS traffic with TLS inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p> </li> </ul>"
}
},
"LoggingConfiguration": {
@@ -1290,7 +1290,7 @@
"StatefulAction": {
"base": null,
"refs": {
- "StatefulRule$Action": "<p>Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow. </p> <p>The actions for a stateful rule are defined as follows: </p> <ul> <li> <p> <b>PASS</b> - Permits the packets to go to the intended destination.</p> </li> <li> <p> <b>DROP</b> - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the <a>Firewall</a> <a>LoggingConfiguration</a>. </p> </li> <li> <p> <b>ALERT</b> - Sends an alert log message, if alert logging is configured in the <a>Firewall</a> <a>LoggingConfiguration</a>. </p> <p>You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with <code>ALERT</code> action, verify in the logs that the rule is filtering as you want, then change the action to <code>DROP</code>.</p> </li> </ul>"
+ "StatefulRule$Action": "<p>Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow. </p> <p>The actions for a stateful rule are defined as follows: </p> <ul> <li> <p> <b>PASS</b> - Permits the packets to go to the intended destination.</p> </li> <li> <p> <b>DROP</b> - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the <a>Firewall</a> <a>LoggingConfiguration</a>. </p> </li> <li> <p> <b>ALERT</b> - Sends an alert log message, if alert logging is configured in the <a>Firewall</a> <a>LoggingConfiguration</a>. </p> <p>You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with <code>ALERT</code> action, verify in the logs that the rule is filtering as you want, then change the action to <code>DROP</code>.</p> </li> <li> <p> <b>REJECT</b> - Drops traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and an RST bit contained in the TCP header flags. REJECT is available only for TCP traffic. This option doesn't support FTP or IMAP protocols.</p> </li> </ul>"
}
},
"StatefulActions": {
diff --git a/models/apis/outposts/2019-12-03/api-2.json b/models/apis/outposts/2019-12-03/api-2.json
index 64512ca..da5817b 100644
--- a/models/apis/outposts/2019-12-03/api-2.json
+++ b/models/apis/outposts/2019-12-03/api-2.json
@@ -5,12 +5,14 @@
"endpointPrefix":"outposts",
"jsonVersion":"1.1",
"protocol":"rest-json",
+ "protocols":["rest-json"],
"serviceAbbreviation":"Outposts",
"serviceFullName":"AWS Outposts",
"serviceId":"Outposts",
"signatureVersion":"v4",
"signingName":"outposts",
- "uid":"outposts-2019-12-03"
+ "uid":"outposts-2019-12-03",
+ "auth":["aws.auth#sigv4"]
},
"operations":{
"CancelCapacityTask":{
@@ -1229,7 +1231,8 @@
"InstanceTypeItem":{
"type":"structure",
"members":{
- "InstanceType":{"shape":"InstanceType"}
+ "InstanceType":{"shape":"InstanceType"},
+ "VCPUs":{"shape":"VCPUCount"}
}
},
"InstanceTypeListDefinition":{
@@ -2209,6 +2212,10 @@
"UPLINK_100G"
]
},
+ "VCPUCount":{
+ "type":"integer",
+ "box":true
+ },
"ValidationException":{
"type":"structure",
"members":{
diff --git a/models/apis/outposts/2019-12-03/docs-2.json b/models/apis/outposts/2019-12-03/docs-2.json
index dfd3792..fe2e6b5 100644
--- a/models/apis/outposts/2019-12-03/docs-2.json
+++ b/models/apis/outposts/2019-12-03/docs-2.json
@@ -1369,6 +1369,12 @@
"UpdateSiteRackPhysicalPropertiesInput$UplinkGbps": "<p>The uplink speed the rack should support for the connection to the Region. </p>"
}
},
+ "VCPUCount": {
+ "base": null,
+ "refs": {
+ "InstanceTypeItem$VCPUs": "<p>The number of default VCPUs in an instance type.</p>"
+ }
+ },
"ValidationException": {
"base": "<p>A parameter is not valid.</p>",
"refs": {
diff --git a/models/apis/states/2016-11-23/api-2.json b/models/apis/states/2016-11-23/api-2.json
index 95e8a62..f96536d 100644
--- a/models/apis/states/2016-11-23/api-2.json
+++ b/models/apis/states/2016-11-23/api-2.json
@@ -25,8 +25,12 @@
"output":{"shape":"CreateActivityOutput"},
"errors":[
{"shape":"ActivityLimitExceeded"},
+ {"shape":"ActivityAlreadyExists"},
{"shape":"InvalidName"},
- {"shape":"TooManyTags"}
+ {"shape":"TooManyTags"},
+ {"shape":"InvalidEncryptionConfiguration"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsThrottlingException"}
],
"idempotent":true
},
@@ -50,7 +54,10 @@
{"shape":"StateMachineTypeNotSupported"},
{"shape":"TooManyTags"},
{"shape":"ValidationException"},
- {"shape":"ConflictException"}
+ {"shape":"ConflictException"},
+ {"shape":"InvalidEncryptionConfiguration"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsThrottlingException"}
],
"idempotent":true
},
@@ -149,7 +156,10 @@
"output":{"shape":"DescribeExecutionOutput"},
"errors":[
{"shape":"ExecutionDoesNotExist"},
- {"shape":"InvalidArn"}
+ {"shape":"InvalidArn"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"DescribeMapRun":{
@@ -175,7 +185,10 @@
"output":{"shape":"DescribeStateMachineOutput"},
"errors":[
{"shape":"InvalidArn"},
- {"shape":"StateMachineDoesNotExist"}
+ {"shape":"StateMachineDoesNotExist"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"DescribeStateMachineAlias":{
@@ -202,7 +215,10 @@
"output":{"shape":"DescribeStateMachineForExecutionOutput"},
"errors":[
{"shape":"ExecutionDoesNotExist"},
- {"shape":"InvalidArn"}
+ {"shape":"InvalidArn"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"GetActivityTask":{
@@ -216,7 +232,10 @@
"errors":[
{"shape":"ActivityDoesNotExist"},
{"shape":"ActivityWorkerLimitExceeded"},
- {"shape":"InvalidArn"}
+ {"shape":"InvalidArn"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"GetExecutionHistory":{
@@ -230,7 +249,10 @@
"errors":[
{"shape":"ExecutionDoesNotExist"},
{"shape":"InvalidArn"},
- {"shape":"InvalidToken"}
+ {"shape":"InvalidToken"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"ListActivities":{
@@ -377,7 +399,10 @@
"errors":[
{"shape":"TaskDoesNotExist"},
{"shape":"InvalidToken"},
- {"shape":"TaskTimedOut"}
+ {"shape":"TaskTimedOut"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"SendTaskHeartbeat":{
@@ -406,7 +431,10 @@
{"shape":"TaskDoesNotExist"},
{"shape":"InvalidOutput"},
{"shape":"InvalidToken"},
- {"shape":"TaskTimedOut"}
+ {"shape":"TaskTimedOut"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"StartExecution":{
@@ -425,7 +453,10 @@
{"shape":"InvalidName"},
{"shape":"StateMachineDoesNotExist"},
{"shape":"StateMachineDeleting"},
- {"shape":"ValidationException"}
+ {"shape":"ValidationException"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
],
"idempotent":true
},
@@ -443,7 +474,10 @@
{"shape":"InvalidName"},
{"shape":"StateMachineDoesNotExist"},
{"shape":"StateMachineDeleting"},
- {"shape":"StateMachineTypeNotSupported"}
+ {"shape":"StateMachineTypeNotSupported"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
],
"endpoint":{"hostPrefix":"sync-"}
},
@@ -458,7 +492,10 @@
"errors":[
{"shape":"ExecutionDoesNotExist"},
{"shape":"InvalidArn"},
- {"shape":"ValidationException"}
+ {"shape":"ValidationException"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsInvalidStateException"},
+ {"shape":"KmsThrottlingException"}
]
},
"TagResource":{
@@ -536,7 +573,10 @@
{"shape":"StateMachineDoesNotExist"},
{"shape":"ServiceQuotaExceededException"},
{"shape":"ConflictException"},
- {"shape":"ValidationException"}
+ {"shape":"ValidationException"},
+ {"shape":"InvalidEncryptionConfiguration"},
+ {"shape":"KmsAccessDeniedException"},
+ {"shape":"KmsThrottlingException"}
],
"idempotent":true
},
@@ -570,6 +610,13 @@
}
},
"shapes":{
+ "ActivityAlreadyExists":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessage"}
+ },
+ "exception":true
+ },
"ActivityDoesNotExist":{
"type":"structure",
"members":{
@@ -726,7 +773,8 @@
"required":["name"],
"members":{
"name":{"shape":"Name"},
- "tags":{"shape":"TagList"}
+ "tags":{"shape":"TagList"},
+ "encryptionConfiguration":{"shape":"EncryptionConfiguration"}
}
},
"CreateActivityOutput":{
@@ -779,7 +827,8 @@
"tags":{"shape":"TagList"},
"tracingConfiguration":{"shape":"TracingConfiguration"},
"publish":{"shape":"Publish"},
- "versionDescription":{"shape":"VersionDescription"}
+ "versionDescription":{"shape":"VersionDescription"},
+ "encryptionConfiguration":{"shape":"EncryptionConfiguration"}
}
},
"CreateStateMachineOutput":{
@@ -865,14 +914,16 @@
"members":{
"activityArn":{"shape":"Arn"},
"name":{"shape":"Name"},
- "creationDate":{"shape":"Timestamp"}
+ "creationDate":{"shape":"Timestamp"},
+ "encryptionConfiguration":{"shape":"EncryptionConfiguration"}
}
},
"DescribeExecutionInput":{
"type":"structure",
"required":["executionArn"],
"members":{
- "executionArn":{"shape":"Arn"}
+ "executionArn":{"shape":"Arn"},
+ "includedData":{"shape":"IncludedData"}
}
},
"DescribeExecutionOutput":{
@@ -963,7 +1014,8 @@
"type":"structure",
"required":["executionArn"],
"members":{
- "executionArn":{"shape":"Arn"}
+ "executionArn":{"shape":"Arn"},
+ "includedData":{"shape":"IncludedData"}
}
},
"DescribeStateMachineForExecutionOutput":{
@@ -985,14 +1037,16 @@
"tracingConfiguration":{"shape":"TracingConfiguration"},
"mapRunArn":{"shape":"LongArn"},
"label":{"shape":"MapRunLabel"},
- "revisionId":{"shape":"RevisionId"}
+ "revisionId":{"shape":"RevisionId"},
+ "encryptionConfiguration":{"shape":"EncryptionConfiguration"}
}
},
"DescribeStateMachineInput":{
"type":"structure",
"required":["stateMachineArn"],
"members":{
- "stateMachineArn":{"shape":"Arn"}
+ "stateMachineArn":{"shape":"Arn"},
+ "includedData":{"shape":"IncludedData"}
}
},
"DescribeStateMachineOutput":{
@@ -1017,10 +1071,30 @@
"tracingConfiguration":{"shape":"TracingConfiguration"},
"label":{"shape":"MapRunLabel"},
"revisionId":{"shape":"RevisionId"},
- "description":{"shape":"VersionDescription"}
+ "description":{"shape":"VersionDescription"},
+ "encryptionConfiguration":{"shape":"EncryptionConfiguration"}
}
},
"Enabled":{"type":"boolean"},
+ "EncryptionConfiguration":{
+ "type":"structure",
+ "required":["type"],
+ "members":{
+ "kmsKeyId":{"shape":"KmsKeyId"},
+ "kmsDataKeyReusePeriodSeconds":{
+ "shape":"KmsDataKeyReusePeriodSeconds",
+ "box":true
+ },
+ "type":{"shape":"EncryptionType"}
+ }
+ },
+ "EncryptionType":{
+ "type":"string",
+ "enum":[
+ "AWS_OWNED_KEY",
+ "CUSTOMER_MANAGED_KMS_KEY"
+ ]
+ },
"ErrorMessage":{"type":"string"},
"EventId":{"type":"long"},
"ExecutionAbortedEventDetails":{
@@ -1330,6 +1404,13 @@
"type":"boolean",
"box":true
},
+ "IncludedData":{
+ "type":"string",
+ "enum":[
+ "ALL_DATA",
+ "METADATA_ONLY"
+ ]
+ },
"InspectionData":{
"type":"structure",
"members":{
@@ -1386,6 +1467,13 @@
},
"exception":true
},
+ "InvalidEncryptionConfiguration":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessage"}
+ },
+ "exception":true
+ },
"InvalidExecutionInput":{
"type":"structure",
"members":{
@@ -1428,6 +1516,49 @@
},
"exception":true
},
+ "KmsAccessDeniedException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessage"}
+ },
+ "exception":true
+ },
+ "KmsDataKeyReusePeriodSeconds":{
+ "type":"integer",
+ "box":true,
+ "max":900,
+ "min":60
+ },
+ "KmsInvalidStateException":{
+ "type":"structure",
+ "members":{
+ "kmsKeyState":{"shape":"KmsKeyState"},
+ "message":{"shape":"ErrorMessage"}
+ },
+ "exception":true
+ },
+ "KmsKeyId":{
+ "type":"string",
+ "max":2048,
+ "min":1
+ },
+ "KmsKeyState":{
+ "type":"string",
+ "enum":[
+ "DISABLED",
+ "PENDING_DELETION",
+ "PENDING_IMPORT",
+ "UNAVAILABLE",
+ "CREATING"
+ ]
+ },
+ "KmsThrottlingException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessage"}
+ },
+ "exception":true
+ },
"LambdaFunctionFailedEventDetails":{
"type":"structure",
"members":{
@@ -1937,7 +2068,8 @@
"stateMachineArn":{"shape":"Arn"},
"name":{"shape":"Name"},
"input":{"shape":"SensitiveData"},
- "traceHeader":{"shape":"TraceHeader"}
+ "traceHeader":{"shape":"TraceHeader"},
+ "includedData":{"shape":"IncludedData"}
}
},
"StartSyncExecutionOutput":{
@@ -2286,7 +2418,7 @@
},
"TaskToken":{
"type":"string",
- "max":1024,
+ "max":2048,
"min":1
},
"TestExecutionStatus":{
@@ -2429,7 +2561,8 @@
"loggingConfiguration":{"shape":"LoggingConfiguration"},
"tracingConfiguration":{"shape":"TracingConfiguration"},
"publish":{"shape":"Publish"},
- "versionDescription":{"shape":"VersionDescription"}
+ "versionDescription":{"shape":"VersionDescription"},
+ "encryptionConfiguration":{"shape":"EncryptionConfiguration"}
}
},
"UpdateStateMachineOutput":{
diff --git a/models/apis/states/2016-11-23/docs-2.json b/models/apis/states/2016-11-23/docs-2.json
index 9c4a495..05123f8 100644
--- a/models/apis/states/2016-11-23/docs-2.json
+++ b/models/apis/states/2016-11-23/docs-2.json
@@ -1,9 +1,9 @@
{
"version": "2.0",
- "service": "<fullname>Step Functions</fullname> <p>Step Functions is a service that lets you coordinate the components of distributed applications and microservices using visual workflows.</p> <p>You can use Step Functions to build applications from individual components, each of which performs a discrete function, or <i>task</i>, allowing you to scale and change applications quickly. Step Functions provides a console that helps visualize the components of your application as a series of steps. Step Functions automatically triggers and tracks each step, and retries steps when there are errors, so your application executes predictably and in the right order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any issues.</p> <p>Step Functions manages operations and underlying infrastructure to ensure your application is available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API. For more information about Step Functions, see the <i> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html\">Step Functions Developer Guide</a> </i>.</p> <important> <p>If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action <code>startSyncExecution</code> and specify its parameter as <code>StateMachineArn</code>.</p> </important>",
+ "service": "<fullname>Step Functions</fullname> <p>Step Functions coordinates the components of distributed applications and microservices using visual workflows.</p> <p>You can use Step Functions to build applications from individual components, each of which performs a discrete function, or <i>task</i>, allowing you to scale and change applications quickly. Step Functions provides a console that helps visualize the components of your application as a series of steps. Step Functions automatically triggers and tracks each step, and retries steps when there are errors, so your application executes predictably and in the right order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any issues.</p> <p>Step Functions manages operations and underlying infrastructure to ensure your application is available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API. For more information about Step Functions, see the <i> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html\">Step Functions Developer Guide</a> </i>.</p> <important> <p>If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action <code>startSyncExecution</code> and specify its parameter as <code>StateMachineArn</code>.</p> </important>",
"operations": {
"CreateActivity": "<p>Creates an activity. An activity is a task that you write in any programming language and host on any machine that has access to Step Functions. Activities must poll Step Functions using the <code>GetActivityTask</code> API action and respond using <code>SendTask*</code> API actions. This function lets Step Functions know the existence of your activity and returns an identifier for use in a state machine and when polling from the activity.</p> <note> <p>This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.</p> </note> <note> <p> <code>CreateActivity</code> is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. <code>CreateActivity</code>'s idempotency check is based on the activity <code>name</code>. If a following request has different <code>tags</code> values, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, <code>tags</code> will not be updated, even if they are different.</p> </note>",
- "CreateStateMachine": "<p>Creates a state machine. A state machine consists of a collection of states that can do work (<code>Task</code> states), determine to which states to transition next (<code>Choice</code> states), stop an execution with an error (<code>Fail</code> states), and so on. State machines are specified using a JSON-based, structured language. For more information, see <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a> in the Step Functions User Guide.</p> <p>If you set the <code>publish</code> parameter of this API action to <code>true</code>, it publishes version <code>1</code> as the first revision of the state machine.</p> <note> <p>This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.</p> </note> <note> <p> <code>CreateStateMachine</code> is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. <code>CreateStateMachine</code>'s idempotency check is based on the state machine <code>name</code>, <code>definition</code>, <code>type</code>, <code>LoggingConfiguration</code>, and <code>TracingConfiguration</code>. The check is also based on the <code>publish</code> and <code>versionDescription</code> parameters. If a following request has a different <code>roleArn</code> or <code>tags</code>, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, <code>roleArn</code> and <code>tags</code> will not be updated, even if they are different.</p> </note>",
+ "CreateStateMachine": "<p>Creates a state machine. A state machine consists of a collection of states that can do work (<code>Task</code> states), determine to which states to transition next (<code>Choice</code> states), stop an execution with an error (<code>Fail</code> states), and so on. State machines are specified using a JSON-based, structured language. For more information, see <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a> in the Step Functions User Guide.</p> <p>If you set the <code>publish</code> parameter of this API action to <code>true</code>, it publishes version <code>1</code> as the first revision of the state machine.</p> <p> For additional control over security, you can encrypt your data using a <b>customer-managed key</b> for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a <b>State Machine</b>. The execution history and state machine definition will be encrypted with the key applied to the State Machine. </p> <note> <p>This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.</p> </note> <note> <p> <code>CreateStateMachine</code> is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. <code>CreateStateMachine</code>'s idempotency check is based on the state machine <code>name</code>, <code>definition</code>, <code>type</code>, <code>LoggingConfiguration</code>, <code>TracingConfiguration</code>, and <code>EncryptionConfiguration</code> The check is also based on the <code>publish</code> and <code>versionDescription</code> parameters. If a following request has a different <code>roleArn</code> or <code>tags</code>, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, <code>roleArn</code> and <code>tags</code> will not be updated, even if they are different.</p> </note>",
"CreateStateMachineAlias": "<p>Creates an <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-alias.html\">alias</a> for a state machine that points to one or two <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-version.html\">versions</a> of the same state machine. You can set your application to call <a>StartExecution</a> with an alias and update the version the alias uses without changing the client's code.</p> <p>You can also map an alias to split <a>StartExecution</a> requests between two versions of a state machine. To do this, add a second <code>RoutingConfig</code> object in the <code>routingConfiguration</code> parameter. You must also specify the percentage of execution run requests each version should receive in both <code>RoutingConfig</code> objects. Step Functions randomly chooses which version runs a given execution based on the percentage you specify.</p> <p>To create an alias that points to a single version, specify a single <code>RoutingConfig</code> object with a <code>weight</code> set to 100.</p> <p>You can create up to 100 aliases for each state machine. You must delete unused aliases using the <a>DeleteStateMachineAlias</a> API action.</p> <p> <code>CreateStateMachineAlias</code> is an idempotent API. Step Functions bases the idempotency check on the <code>stateMachineArn</code>, <code>description</code>, <code>name</code>, and <code>routingConfiguration</code> parameters. Requests that contain the same values for these parameters return a successful idempotent response without creating a duplicate resource.</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a>DescribeStateMachineAlias</a> </p> </li> <li> <p> <a>ListStateMachineAliases</a> </p> </li> <li> <p> <a>UpdateStateMachineAlias</a> </p> </li> <li> <p> <a>DeleteStateMachineAlias</a> </p> </li> </ul>",
"DeleteActivity": "<p>Deletes an activity.</p>",
"DeleteStateMachine": "<p>Deletes a state machine. This is an asynchronous operation. It sets the state machine's status to <code>DELETING</code> and begins the deletion process. A state machine is deleted only when all its executions are completed. On the next state transition, the state machine's executions are terminated.</p> <p>A qualified state machine ARN can either refer to a <i>Distributed Map state</i> defined within a state machine, a version ARN, or an alias ARN.</p> <p>The following are some examples of qualified and unqualified state machine ARNs:</p> <ul> <li> <p>The following qualified state machine ARN refers to a <i>Distributed Map state</i> with a label <code>mapStateLabel</code> in a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel</code> </p> <note> <p>If you provide a qualified state machine ARN that refers to a <i>Distributed Map state</i>, the request fails with <code>ValidationException</code>.</p> </note> </li> <li> <p>The following unqualified state machine ARN refers to a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:partition:states:region:account-id:stateMachine:myStateMachine</code> </p> </li> </ul> <p>This API action also deletes all <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-version.html\">versions</a> and <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-alias.html\">aliases</a> associated with a state machine.</p> <note> <p>For <code>EXPRESS</code> state machines, the deletion happens eventually (usually in less than a minute). Running executions may emit logs after <code>DeleteStateMachine</code> API is called.</p> </note>",
@@ -26,21 +26,26 @@
"ListTagsForResource": "<p>List tags for a given resource.</p> <p>Tags may only contain Unicode letters, digits, white space, or these symbols: <code>_ . : / = + - @</code>.</p>",
"PublishStateMachineVersion": "<p>Creates a <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-version.html\">version</a> from the current revision of a state machine. Use versions to create immutable snapshots of your state machine. You can start executions from versions either directly or with an alias. To create an alias, use <a>CreateStateMachineAlias</a>.</p> <p>You can publish up to 1000 versions for each state machine. You must manually delete unused versions using the <a>DeleteStateMachineVersion</a> API action.</p> <p> <code>PublishStateMachineVersion</code> is an idempotent API. It doesn't create a duplicate state machine version if it already exists for the current revision. Step Functions bases <code>PublishStateMachineVersion</code>'s idempotency check on the <code>stateMachineArn</code>, <code>name</code>, and <code>revisionId</code> parameters. Requests with the same parameters return a successful idempotent response. If you don't specify a <code>revisionId</code>, Step Functions checks for a previously published version of the state machine's current revision.</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a>DeleteStateMachineVersion</a> </p> </li> <li> <p> <a>ListStateMachineVersions</a> </p> </li> </ul>",
"RedriveExecution": "<p>Restarts unsuccessful executions of Standard workflows that didn't complete successfully in the last 14 days. These include failed, aborted, or timed out executions. When you <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/redrive-executions.html\">redrive</a> an execution, it continues the failed execution from the unsuccessful step and uses the same input. Step Functions preserves the results and execution history of the successful steps, and doesn't rerun these steps when you redrive an execution. Redriven executions use the same state machine definition and execution ARN as the original execution attempt.</p> <p>For workflows that include an <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-map-state.html\">Inline Map</a> or <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-parallel-state.html\">Parallel</a> state, <code>RedriveExecution</code> API action reschedules and redrives only the iterations and branches that failed or aborted.</p> <p>To redrive a workflow that includes a Distributed Map state whose Map Run failed, you must redrive the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/use-dist-map-orchestrate-large-scale-parallel-workloads.html#dist-map-orchestrate-parallel-workloads-key-terms\">parent workflow</a>. The parent workflow redrives all the unsuccessful states, including a failed Map Run. If a Map Run was not started in the original execution attempt, the redriven parent workflow starts the Map Run.</p> <note> <p>This API action is not supported by <code>EXPRESS</code> state machines.</p> <p>However, you can restart the unsuccessful executions of Express child workflows in a Distributed Map by redriving its Map Run. When you redrive a Map Run, the Express child workflows are rerun using the <a>StartExecution</a> API action. For more information, see <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/redrive-map-run.html\">Redriving Map Runs</a>.</p> </note> <p>You can redrive executions if your original execution meets the following conditions:</p> <ul> <li> <p>The execution status isn't <code>SUCCEEDED</code>.</p> </li> <li> <p>Your workflow execution has not exceeded the redrivable period of 14 days. Redrivable period refers to the time during which you can redrive a given execution. This period starts from the day a state machine completes its execution.</p> </li> <li> <p>The workflow execution has not exceeded the maximum open time of one year. For more information about state machine quotas, see <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/limits-overview.html#service-limits-state-machine-executions\">Quotas related to state machine executions</a>.</p> </li> <li> <p>The execution event history count is less than 24,999. Redriven executions append their event history to the existing event history. Make sure your workflow execution contains less than 24,999 events to accommodate the <code>ExecutionRedriven</code> history event and at least one other history event.</p> </li> </ul>",
- "SendTaskFailure": "<p>Used by activity workers, Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-wait-token\">callback</a> pattern, and optionally Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-sync\">job run</a> pattern to report that the task identified by the <code>taskToken</code> failed.</p>",
+ "SendTaskFailure": "<p>Used by activity workers, Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-wait-token\">callback</a> pattern, and optionally Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-sync\">job run</a> pattern to report that the task identified by the <code>taskToken</code> failed.</p> <p>For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.</p> <p>A caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both <code>error</code> and <code>cause</code> fields because no data needs to be encrypted.</p>",
"SendTaskHeartbeat": "<p>Used by activity workers and Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-wait-token\">callback</a> pattern, and optionally Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-sync\">job run</a> pattern to report to Step Functions that the task represented by the specified <code>taskToken</code> is still making progress. This action resets the <code>Heartbeat</code> clock. The <code>Heartbeat</code> threshold is specified in the state machine's Amazon States Language definition (<code>HeartbeatSeconds</code>). This action does not in itself create an event in the execution history. However, if the task times out, the execution history contains an <code>ActivityTimedOut</code> entry for activities, or a <code>TaskTimedOut</code> entry for tasks using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-sync\">job run</a> or <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-wait-token\">callback</a> pattern.</p> <note> <p>The <code>Timeout</code> of a task, defined in the state machine's Amazon States Language definition, is its maximum allowed duration, regardless of the number of <a>SendTaskHeartbeat</a> requests received. Use <code>HeartbeatSeconds</code> to configure the timeout interval for heartbeats.</p> </note>",
"SendTaskSuccess": "<p>Used by activity workers, Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-wait-token\">callback</a> pattern, and optionally Task states using the <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-sync\">job run</a> pattern to report that the task identified by the <code>taskToken</code> completed successfully.</p>",
"StartExecution": "<p>Starts a state machine execution.</p> <p>A qualified state machine ARN can either refer to a <i>Distributed Map state</i> defined within a state machine, a version ARN, or an alias ARN.</p> <p>The following are some examples of qualified and unqualified state machine ARNs:</p> <ul> <li> <p>The following qualified state machine ARN refers to a <i>Distributed Map state</i> with a label <code>mapStateLabel</code> in a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel</code> </p> <note> <p>If you provide a qualified state machine ARN that refers to a <i>Distributed Map state</i>, the request fails with <code>ValidationException</code>.</p> </note> </li> <li> <p>The following qualified state machine ARN refers to an alias named <code>PROD</code>.</p> <p> <code>arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine:PROD></code> </p> <note> <p>If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.</p> </note> </li> <li> <p>The following unqualified state machine ARN refers to a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine></code> </p> </li> </ul> <p>If you start an execution with an unqualified state machine ARN, Step Functions uses the latest revision of the state machine for the execution.</p> <p>To start executions of a state machine <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-version.html\">version</a>, call <code>StartExecution</code> and provide the version ARN or the ARN of an <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-alias.html\">alias</a> that points to the version.</p> <note> <p> <code>StartExecution</code> is idempotent for <code>STANDARD</code> workflows. For a <code>STANDARD</code> workflow, if you call <code>StartExecution</code> with the same name and input as a running execution, the call succeeds and return the same response as the original request. If the execution is closed or if the input is different, it returns a <code>400 ExecutionAlreadyExists</code> error. You can reuse names after 90 days. </p> <p> <code>StartExecution</code> isn't idempotent for <code>EXPRESS</code> workflows. </p> </note>",
"StartSyncExecution": "<p>Starts a Synchronous Express state machine execution. <code>StartSyncExecution</code> is not available for <code>STANDARD</code> workflows.</p> <note> <p> <code>StartSyncExecution</code> will return a <code>200 OK</code> response, even if your execution fails, because the status code in the API response doesn't reflect function errors. Error codes are reserved for errors that prevent your execution from running, such as permissions errors, limit errors, or issues with your state machine code and configuration. </p> </note> <note> <p>This API action isn't logged in CloudTrail.</p> </note>",
- "StopExecution": "<p>Stops an execution.</p> <p>This API action is not supported by <code>EXPRESS</code> state machines.</p>",
+ "StopExecution": "<p>Stops an execution.</p> <p>This API action is not supported by <code>EXPRESS</code> state machines.</p> <p>For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.</p> <p>A caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both <code>error</code> and <code>cause</code> fields because no data needs to be encrypted.</p>",
"TagResource": "<p>Add a tag to a Step Functions resource.</p> <p>An array of key-value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html\">Using Cost Allocation Tags</a> in the <i>Amazon Web Services Billing and Cost Management User Guide</i>, and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html\">Controlling Access Using IAM Tags</a>.</p> <p>Tags may only contain Unicode letters, digits, white space, or these symbols: <code>_ . : / = + - @</code>.</p>",
"TestState": "<p>Accepts the definition of a single state and executes it. You can test a state without creating a state machine or updating an existing state machine. Using this API, you can test the following:</p> <ul> <li> <p>A state's <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/test-state-isolation.html#test-state-input-output-dataflow\">input and output processing</a> data flow</p> </li> <li> <p>An <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-services.html\">Amazon Web Services service integration</a> request and response</p> </li> <li> <p>An <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-third-party-apis.html\">HTTP Task</a> request and response</p> </li> </ul> <p>You can call this API on only one state at a time. The states that you can test include the following:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-task-state.html#task-types\">All Task types</a> except <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-activities.html\">Activity</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-pass-state.html\">Pass</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-wait-state.html\">Wait</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-choice-state.html\">Choice</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-succeed-state.html\">Succeed</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-fail-state.html\">Fail</a> </p> </li> </ul> <p>The <code>TestState</code> API assumes an IAM role which must contain the required IAM permissions for the resources your state is accessing. For information about the permissions a state might need, see <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/test-state-isolation.html#test-state-permissions\">IAM permissions to test a state</a>.</p> <p>The <code>TestState</code> API can run for up to five minutes. If the execution of a state exceeds this duration, it fails with the <code>States.Timeout</code> error.</p> <p> <code>TestState</code> doesn't support <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-activities.html\">Activity tasks</a>, <code>.sync</code> or <code>.waitForTaskToken</code> <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html\">service integration patterns</a>, <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-parallel-state.html\">Parallel</a>, or <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-map-state.html\">Map</a> states.</p>",
"UntagResource": "<p>Remove a tag from a Step Functions resource</p>",
"UpdateMapRun": "<p>Updates an in-progress Map Run's configuration to include changes to the settings that control maximum concurrency and Map Run failure.</p>",
- "UpdateStateMachine": "<p>Updates an existing state machine by modifying its <code>definition</code>, <code>roleArn</code>, or <code>loggingConfiguration</code>. Running executions will continue to use the previous <code>definition</code> and <code>roleArn</code>. You must include at least one of <code>definition</code> or <code>roleArn</code> or you will receive a <code>MissingRequiredParameter</code> error.</p> <p>A qualified state machine ARN refers to a <i>Distributed Map state</i> defined within a state machine. For example, the qualified state machine ARN <code>arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel</code> refers to a <i>Distributed Map state</i> with a label <code>mapStateLabel</code> in the state machine named <code>stateMachineName</code>.</p> <p>A qualified state machine ARN can either refer to a <i>Distributed Map state</i> defined within a state machine, a version ARN, or an alias ARN.</p> <p>The following are some examples of qualified and unqualified state machine ARNs:</p> <ul> <li> <p>The following qualified state machine ARN refers to a <i>Distributed Map state</i> with a label <code>mapStateLabel</code> in a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel</code> </p> <note> <p>If you provide a qualified state machine ARN that refers to a <i>Distributed Map state</i>, the request fails with <code>ValidationException</code>.</p> </note> </li> <li> <p>The following qualified state machine ARN refers to an alias named <code>PROD</code>.</p> <p> <code>arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine:PROD></code> </p> <note> <p>If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.</p> </note> </li> <li> <p>The following unqualified state machine ARN refers to a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine></code> </p> </li> </ul> <p>After you update your state machine, you can set the <code>publish</code> parameter to <code>true</code> in the same action to publish a new <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-version.html\">version</a>. This way, you can opt-in to strict versioning of your state machine.</p> <note> <p>Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.</p> </note> <note> <p>All <code>StartExecution</code> calls within a few seconds use the updated <code>definition</code> and <code>roleArn</code>. Executions started immediately after you call <code>UpdateStateMachine</code> may use the previous state machine <code>definition</code> and <code>roleArn</code>. </p> </note>",
+ "UpdateStateMachine": "<p>Updates an existing state machine by modifying its <code>definition</code>, <code>roleArn</code>, <code>loggingConfiguration</code>, or <code>EncryptionConfiguration</code>. Running executions will continue to use the previous <code>definition</code> and <code>roleArn</code>. You must include at least one of <code>definition</code> or <code>roleArn</code> or you will receive a <code>MissingRequiredParameter</code> error.</p> <p>A qualified state machine ARN refers to a <i>Distributed Map state</i> defined within a state machine. For example, the qualified state machine ARN <code>arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel</code> refers to a <i>Distributed Map state</i> with a label <code>mapStateLabel</code> in the state machine named <code>stateMachineName</code>.</p> <p>A qualified state machine ARN can either refer to a <i>Distributed Map state</i> defined within a state machine, a version ARN, or an alias ARN.</p> <p>The following are some examples of qualified and unqualified state machine ARNs:</p> <ul> <li> <p>The following qualified state machine ARN refers to a <i>Distributed Map state</i> with a label <code>mapStateLabel</code> in a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel</code> </p> <note> <p>If you provide a qualified state machine ARN that refers to a <i>Distributed Map state</i>, the request fails with <code>ValidationException</code>.</p> </note> </li> <li> <p>The following qualified state machine ARN refers to an alias named <code>PROD</code>.</p> <p> <code>arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine:PROD></code> </p> <note> <p>If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.</p> </note> </li> <li> <p>The following unqualified state machine ARN refers to a state machine named <code>myStateMachine</code>.</p> <p> <code>arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine></code> </p> </li> </ul> <p>After you update your state machine, you can set the <code>publish</code> parameter to <code>true</code> in the same action to publish a new <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-version.html\">version</a>. This way, you can opt-in to strict versioning of your state machine.</p> <note> <p>Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.</p> </note> <note> <p>All <code>StartExecution</code> calls within a few seconds use the updated <code>definition</code> and <code>roleArn</code>. Executions started immediately after you call <code>UpdateStateMachine</code> may use the previous state machine <code>definition</code> and <code>roleArn</code>. </p> </note>",
"UpdateStateMachineAlias": "<p>Updates the configuration of an existing state machine <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-state-machine-alias.html\">alias</a> by modifying its <code>description</code> or <code>routingConfiguration</code>.</p> <p>You must specify at least one of the <code>description</code> or <code>routingConfiguration</code> parameters to update a state machine alias.</p> <note> <p> <code>UpdateStateMachineAlias</code> is an idempotent API. Step Functions bases the idempotency check on the <code>stateMachineAliasArn</code>, <code>description</code>, and <code>routingConfiguration</code> parameters. Requests with the same parameters return an idempotent response.</p> </note> <note> <p>This operation is eventually consistent. All <a>StartExecution</a> requests made within a few seconds use the latest alias configuration. Executions started immediately after calling <code>UpdateStateMachineAlias</code> may use the previous routing configuration.</p> </note> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a>CreateStateMachineAlias</a> </p> </li> <li> <p> <a>DescribeStateMachineAlias</a> </p> </li> <li> <p> <a>ListStateMachineAliases</a> </p> </li> <li> <p> <a>DeleteStateMachineAlias</a> </p> </li> </ul>",
"ValidateStateMachineDefinition": "<p>Validates the syntax of a state machine definition.</p> <p>You can validate that a state machine definition is correct without creating a state machine resource. Step Functions will implicitly perform the same syntax check when you invoke <code>CreateStateMachine</code> and <code>UpdateStateMachine</code>. State machine definitions are specified using a JSON-based, structured language. For more information on Amazon States Language see <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a> (ASL). </p> <p>Suggested uses for <code>ValidateStateMachineDefinition</code>:</p> <ul> <li> <p>Integrate automated checks into your code review or Continuous Integration (CI) process to validate state machine definitions before starting deployments.</p> </li> <li> <p>Run the validation from a Git pre-commit hook to check your state machine definitions before committing them to your source repository.</p> </li> </ul> <note> <p>Errors found in the state machine definition will be returned in the response as a list of <b>diagnostic elements</b>, rather than raise an exception.</p> </note>"
},
"shapes": {
+ "ActivityAlreadyExists": {
+ "base": "<p>Activity already exists. <code>EncryptionConfiguration</code> may not be updated.</p>",
+ "refs": {
+ }
+ },
"ActivityDoesNotExist": {
"base": "<p>The specified activity does not exist.</p>",
"refs": {
@@ -272,7 +277,7 @@
"refs": {
"CreateStateMachineInput$definition": "<p>The Amazon States Language definition of the state machine. See <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a>.</p>",
"DescribeStateMachineForExecutionOutput$definition": "<p>The Amazon States Language definition of the state machine. See <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a>.</p>",
- "DescribeStateMachineOutput$definition": "<p>The Amazon States Language definition of the state machine. See <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a>.</p>",
+ "DescribeStateMachineOutput$definition": "<p>The Amazon States Language definition of the state machine. See <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a>.</p> <p>If called with <code>includedData = METADATA_ONLY</code>, the returned definition will be <code>{}</code>.</p>",
"TestStateInput$definition": "<p>The <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a> (ASL) definition of the state.</p>",
"UpdateStateMachineInput$definition": "<p>The Amazon States Language definition of the state machine. See <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a>.</p>",
"ValidateStateMachineDefinitionInput$definition": "<p>The Amazon States Language definition of the state machine. For more information, see <a href=\"https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html\">Amazon States Language</a> (ASL).</p>"
@@ -384,9 +389,27 @@
"TracingConfiguration$enabled": "<p>When set to <code>true</code>, X-Ray tracing is enabled.</p>"
}
},
+ "EncryptionConfiguration": {
+ "base": "<p>Settings to configure server-side encryption. </p> <p> For additional control over security, you can encrypt your data using a <b>customer-managed key</b> for Step Functions state machines and activities. You can configure a symmetric KMS key and data key reuse period when creating or updating a <b>State Machine</b>, and when creating an <b>Activity</b>. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity. </p> <note> <p> Step Functions automatically enables encryption at rest using Amazon Web Services owned keys at no charge. However, KMS charges apply when using a customer managed key. For more information about pricing, see <a href=\"https://aws.amazon.com/kms/pricing/\">Key Management Service pricing</a>.</p> </note> <p>For more information on KMS, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/overview.html\">What is Key Management Service?</a> </p>",
+ "refs": {
+ "CreateActivityInput$encryptionConfiguration": "<p>Settings to configure server-side encryption.</p>",
+ "CreateStateMachineInput$encryptionConfiguration": "<p>Settings to configure server-side encryption.</p>",
+ "DescribeActivityOutput$encryptionConfiguration": "<p>Settings for configured server-side encryption.</p>",
+ "DescribeStateMachineForExecutionOutput$encryptionConfiguration": "<p>Settings to configure server-side encryption. </p>",
+ "DescribeStateMachineOutput$encryptionConfiguration": "<p>Settings to configure server-side encryption. </p>",
+ "UpdateStateMachineInput$encryptionConfiguration": "<p>Settings to configure server-side encryption. </p>"
+ }
+ },
+ "EncryptionType": {
+ "base": null,
+ "refs": {
+ "EncryptionConfiguration$type": "<p>Encryption type</p>"
+ }
+ },
"ErrorMessage": {
"base": null,
"refs": {
+ "ActivityAlreadyExists$message": null,
"ActivityDoesNotExist$message": null,
"ActivityLimitExceeded$message": null,
"ActivityWorkerLimitExceeded$message": null,
@@ -397,12 +420,16 @@
"ExecutionNotRedrivable$message": null,
"InvalidArn$message": null,
"InvalidDefinition$message": null,
+ "InvalidEncryptionConfiguration$message": null,
"InvalidExecutionInput$message": null,
"InvalidLoggingConfiguration$message": null,
"InvalidName$message": null,
"InvalidOutput$message": null,
"InvalidToken$message": null,
"InvalidTracingConfiguration$message": null,
+ "KmsAccessDeniedException$message": null,
+ "KmsInvalidStateException$message": null,
+ "KmsThrottlingException$message": null,
"MissingRequiredParameter$message": null,
"ResourceNotFound$message": null,
"ServiceQuotaExceededException$message": null,
@@ -622,6 +649,15 @@
"GetExecutionHistoryInput$includeExecutionData": "<p>You can select whether execution data (input or output of a history event) is returned. The default is <code>true</code>.</p>"
}
},
+ "IncludedData": {
+ "base": null,
+ "refs": {
+ "DescribeExecutionInput$includedData": "<p>If your state machine definition is encrypted with a KMS key, callers must have <code>kms:Decrypt</code> permission to decrypt the definition. Alternatively, you can call DescribeStateMachine API with <code>includedData = METADATA_ONLY</code> to get a successful response without the encrypted definition.</p>",
+ "DescribeStateMachineForExecutionInput$includedData": "<p>If your state machine definition is encrypted with a KMS key, callers must have <code>kms:Decrypt</code> permission to decrypt the definition. Alternatively, you can call the API with <code>includedData = METADATA_ONLY</code> to get a successful response without the encrypted definition.</p>",
+ "DescribeStateMachineInput$includedData": "<p>If your state machine definition is encrypted with a KMS key, callers must have <code>kms:Decrypt</code> permission to decrypt the definition. Alternatively, you can call the API with <code>includedData = METADATA_ONLY</code> to get a successful response without the encrypted definition.</p> <note> <p> When calling a labelled ARN for an encrypted state machine, the <code>includedData = METADATA_ONLY</code> parameter will not apply because Step Functions needs to decrypt the entire state machine definition to get the Distributed Map state’s definition. In this case, the API caller needs to have <code>kms:Decrypt</code> permission. </p> </note>",
+ "StartSyncExecutionInput$includedData": "<p>If your state machine definition is encrypted with a KMS key, callers must have <code>kms:Decrypt</code> permission to decrypt the definition. Alternatively, you can call the API with <code>includedData = METADATA_ONLY</code> to get a successful response without the encrypted definition.</p>"
+ }
+ },
"InspectionData": {
"base": "<p>Contains additional details about the state's execution, including its input and output data processing flow, and HTTP request and response information.</p>",
"refs": {
@@ -656,13 +692,18 @@
"refs": {
}
},
+ "InvalidEncryptionConfiguration": {
+ "base": "<p>Received when <code>encryptionConfiguration</code> is specified but various conditions exist which make the configuration invalid. For example, if <code>type</code> is set to <code>CUSTOMER_MANAGED_KMS_KEY</code>, but <code>kmsKeyId</code> is null, or <code>kmsDataKeyReusePeriodSeconds</code> is not between 60 and 900, or the KMS key is not symmetric or inactive.</p>",
+ "refs": {
+ }
+ },
"InvalidExecutionInput": {
"base": "<p>The provided JSON input data is not valid.</p>",
"refs": {
}
},
"InvalidLoggingConfiguration": {
- "base": "<p/>",
+ "base": "<p>Configuration is not valid.</p>",
"refs": {
}
},
@@ -686,6 +727,39 @@
"refs": {
}
},
+ "KmsAccessDeniedException": {
+ "base": "<p>Either your KMS key policy or API caller does not have the required permissions.</p>",
+ "refs": {
+ }
+ },
+ "KmsDataKeyReusePeriodSeconds": {
+ "base": null,
+ "refs": {
+ "EncryptionConfiguration$kmsDataKeyReusePeriodSeconds": "<p>Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call <code>GenerateDataKey</code>. Only applies to customer managed keys.</p>"
+ }
+ },
+ "KmsInvalidStateException": {
+ "base": "<p>The KMS key is not in valid state, for example: Disabled or Deleted.</p>",
+ "refs": {
+ }
+ },
+ "KmsKeyId": {
+ "base": null,
+ "refs": {
+ "EncryptionConfiguration$kmsKeyId": "<p>An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>"
+ }
+ },
+ "KmsKeyState": {
+ "base": null,
+ "refs": {
+ "KmsInvalidStateException$kmsKeyState": "<p>Current status of the KMS; key. For example: <code>DISABLED</code>, <code>PENDING_DELETION</code>, <code>PENDING_IMPORT</code>, <code>UNAVAILABLE</code>, <code>CREATING</code>.</p>"
+ }
+ },
+ "KmsThrottlingException": {
+ "base": "<p>Received when KMS returns <code>ThrottlingException</code> for a KMS call that Step Functions makes on behalf of the caller.</p>",
+ "refs": {
+ }
+ },
"LambdaFunctionFailedEventDetails": {
"base": "<p>Contains details about a Lambda function that failed during an execution.</p>",
"refs": {
@@ -1295,7 +1369,7 @@
}
},
"StateMachineTypeNotSupported": {
- "base": "<p/>",
+ "base": "<p>State machine type is not supported.</p>",
"refs": {
}
},
diff --git a/service/applicationautoscaling/api.go b/service/applicationautoscaling/api.go
index 8067729..8baa0b5 100644
--- a/service/applicationautoscaling/api.go
+++ b/service/applicationautoscaling/api.go
@@ -7804,6 +7804,12 @@
// MetricTypeWorkSpacesAverageUserSessionsCapacityUtilization is a MetricType enum value
MetricTypeWorkSpacesAverageUserSessionsCapacityUtilization = "WorkSpacesAverageUserSessionsCapacityUtilization"
+
+ // MetricTypeSageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution is a MetricType enum value
+ MetricTypeSageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution = "SageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution"
+
+ // MetricTypeSageMakerVariantConcurrentRequestsPerModelHighResolution is a MetricType enum value
+ MetricTypeSageMakerVariantConcurrentRequestsPerModelHighResolution = "SageMakerVariantConcurrentRequestsPerModelHighResolution"
)
// MetricType_Values returns all elements of the MetricType enum
@@ -7834,6 +7840,8 @@
MetricTypeElastiCacheDatabaseCapacityUsageCountedForEvictPercentage,
MetricTypeSageMakerInferenceComponentInvocationsPerCopy,
MetricTypeWorkSpacesAverageUserSessionsCapacityUtilization,
+ MetricTypeSageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution,
+ MetricTypeSageMakerVariantConcurrentRequestsPerModelHighResolution,
}
}
diff --git a/service/applicationsignals/api.go b/service/applicationsignals/api.go
index d4af844..d140673 100644
--- a/service/applicationsignals/api.go
+++ b/service/applicationsignals/api.go
@@ -2311,6 +2311,8 @@
// raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// EndTime is a required field
EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"`
@@ -2340,6 +2342,8 @@
// a raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// StartTime is a required field
StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"`
}
@@ -2492,9 +2496,24 @@
// The end time of the data included in the response. In a raw HTTP Query API,
// it is formatted as be epoch time in seconds. For example: 1698778057.
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// EndTime is a required field
EndTime *time.Time `type:"timestamp" required:"true"`
+ // An array of string-to-string maps that each contain information about one
+ // log group associated with this service. Each string-to-string map includes
+ // the following fields:
+ //
+ // * "Type": "AWS::Resource"
+ //
+ // * "ResourceType": "AWS::Logs::LogGroup"
+ //
+ // * "Identifier": "name-of-log-group"
+ LogGroupReferences []map[string]*string `type:"list"`
+
// A structure containing information about the service.
//
// Service is a required field
@@ -2503,6 +2522,10 @@
// The start time of the data included in the response. In a raw HTTP Query
// API, it is formatted as be epoch time in seconds. For example: 1698778057.
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// StartTime is a required field
StartTime *time.Time `type:"timestamp" required:"true"`
}
@@ -2531,6 +2554,12 @@
return s
}
+// SetLogGroupReferences sets the LogGroupReferences field's value.
+func (s *GetServiceOutput) SetLogGroupReferences(v []map[string]*string) *GetServiceOutput {
+ s.LogGroupReferences = v
+ return s
+}
+
// SetService sets the Service field's value.
func (s *GetServiceOutput) SetService(v *Service) *GetServiceOutput {
s.Service = v
@@ -2691,6 +2720,8 @@
// raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested end time will be rounded to the nearest hour.
+ //
// EndTime is a required field
EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"`
@@ -2728,6 +2759,8 @@
// a raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// StartTime is a required field
StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"`
}
@@ -2812,6 +2845,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// EndTime is a required field
EndTime *time.Time `type:"timestamp" required:"true"`
@@ -2829,6 +2866,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// StartTime is a required field
StartTime *time.Time `type:"timestamp" required:"true"`
}
@@ -2882,6 +2923,8 @@
// raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// EndTime is a required field
EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"`
@@ -2919,6 +2962,8 @@
// a raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// StartTime is a required field
StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"`
}
@@ -3003,6 +3048,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// EndTime is a required field
EndTime *time.Time `type:"timestamp" required:"true"`
@@ -3020,6 +3069,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// StartTime is a required field
StartTime *time.Time `type:"timestamp" required:"true"`
}
@@ -3211,6 +3264,8 @@
// raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested end time will be rounded to the nearest hour.
+ //
// EndTime is a required field
EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"`
@@ -3248,6 +3303,8 @@
// a raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// StartTime is a required field
StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"`
}
@@ -3332,6 +3389,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// EndTime is a required field
EndTime *time.Time `type:"timestamp" required:"true"`
@@ -3349,6 +3410,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// StartTime is a required field
StartTime *time.Time `type:"timestamp" required:"true"`
}
@@ -3402,6 +3467,8 @@
// raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// EndTime is a required field
EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"`
@@ -3417,6 +3484,8 @@
// a raw HTTP Query API, it is formatted as be epoch time in seconds. For example:
// 1698778057
//
+ // Your requested start time will be rounded to the nearest hour.
+ //
// StartTime is a required field
StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"`
}
@@ -3489,6 +3558,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// EndTime is a required field
EndTime *time.Time `type:"timestamp" required:"true"`
@@ -3505,6 +3578,10 @@
// used in a raw HTTP Query API, it is formatted as be epoch time in seconds.
// For example: 1698778057
//
+ // This displays the time that Application Signals used for the request. It
+ // might not match your request exactly, because it was rounded to the nearest
+ // hour.
+ //
// StartTime is a required field
StartTime *time.Time `type:"timestamp" required:"true"`
}
@@ -4079,7 +4156,7 @@
Message_ *string `locationName:"Message" type:"string"`
- // Cannot find the resource id.
+ // Can't find the resource id.
//
// ResourceId is a required field
ResourceId *string `type:"string" required:"true"`
@@ -4286,6 +4363,17 @@
// KeyAttributes is a required field
KeyAttributes map[string]*string `min:"1" type:"map" required:"true"`
+ // An array of string-to-string maps that each contain information about one
+ // log group associated with this service. Each string-to-string map includes
+ // the following fields:
+ //
+ // * "Type": "AWS::Resource"
+ //
+ // * "ResourceType": "AWS::Logs::LogGroup"
+ //
+ // * "Identifier": "name-of-log-group"
+ LogGroupReferences []map[string]*string `type:"list"`
+
// An array of structures that each contain information about one metric associated
// with this service.
//
@@ -4323,6 +4411,12 @@
return s
}
+// SetLogGroupReferences sets the LogGroupReferences field's value.
+func (s *Service) SetLogGroupReferences(v []map[string]*string) *Service {
+ s.LogGroupReferences = v
+ return s
+}
+
// SetMetricReferences sets the MetricReferences field's value.
func (s *Service) SetMetricReferences(v []*MetricReference) *Service {
s.MetricReferences = v
diff --git a/service/applicationsignals/doc.go b/service/applicationsignals/doc.go
index 8758c44..d039a0b 100644
--- a/service/applicationsignals/doc.go
+++ b/service/applicationsignals/doc.go
@@ -3,9 +3,6 @@
// Package applicationsignals provides the client and types for making API
// requests to Amazon CloudWatch Application Signals.
//
-// This is a Preview release of the Application Signals API Reference. Operations
-// and parameters are subject to change before the general availability release.
-//
// Use CloudWatch Application Signals for comprehensive observability of your
// cloud-based applications. It enables real-time service health dashboards
// and helps you track long-term performance trends against your business goals.
@@ -26,6 +23,10 @@
// discovers, that gives you a visual representation of your applications,
// dependencies, and their connectivity.
//
+// Application Signals works with CloudWatch RUM, CloudWatch Synthetics canaries,
+// and Amazon Web Services Service Catalog AppRegistry, to display your client
+// pages, Synthetics canaries, and application names within dashboards and maps.
+//
// See https://docs.aws.amazon.com/goto/WebAPI/application-signals-2024-04-15 for more information on this service.
//
// See applicationsignals package documentation for more information.
diff --git a/service/bedrockruntime/api.go b/service/bedrockruntime/api.go
index c408d45..5aa7646 100644
--- a/service/bedrockruntime/api.go
+++ b/service/bedrockruntime/api.go
@@ -83,7 +83,10 @@
// again.
//
// - ThrottlingException
-// The number of requests exceeds the limit. Resubmit your request later.
+// Your request was throttled because of service-wide limitations. Resubmit
+// your request later or in a different region. You can also purchase Provisioned
+// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html)
+// to increase the rate or number of tokens you can process.
//
// - InternalServerException
// An internal server error occurred. Retry your request.
@@ -92,7 +95,9 @@
// Input validation failed. Check your request parameters and retry the request.
//
// - ServiceQuotaExceededException
-// The number of requests exceeds the service quota. Resubmit your request later.
+// Your request exceeds the service quota for your account. You can view your
+// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html).
+// You can resubmit your request later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/bedrock-runtime-2023-09-30/ApplyGuardrail
func (c *BedrockRuntime) ApplyGuardrail(input *ApplyGuardrailInput) (*ApplyGuardrailOutput, error) {
@@ -161,10 +166,13 @@
//
// Sends messages to the specified Amazon Bedrock model. Converse provides a
// consistent interface that works with all models that support messages. This
-// allows you to write code once and use it with different models. Should a
-// model have unique inference parameters, you can also pass those unique parameters
+// allows you to write code once and use it with different models. If a model
+// has unique inference parameters, you can also pass those unique parameters
// to the model.
//
+// Amazon Bedrock doesn't store any text, images, or documents that you provide
+// as content. The data is only used to generate the response.
+//
// For information about the Converse API, see Use the Converse API in the Amazon
// Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse
// API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool
@@ -191,7 +199,10 @@
// again.
//
// - ThrottlingException
-// The number of requests exceeds the limit. Resubmit your request later.
+// Your request was throttled because of service-wide limitations. Resubmit
+// your request later or in a different region. You can also purchase Provisioned
+// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html)
+// to increase the rate or number of tokens you can process.
//
// - ModelTimeoutException
// The request took too long to process. Processing time exceeded the model
@@ -200,6 +211,9 @@
// - InternalServerException
// An internal server error occurred. Retry your request.
//
+// - ServiceUnavailableException
+// The service isn't currently available. Try again later.
+//
// - ValidationException
// Input validation failed. Check your request parameters and retry the request.
//
@@ -291,6 +305,12 @@
// To find out if a model supports streaming, call GetFoundationModel (https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html)
// and check the responseStreamingSupported field in the response.
//
+// The CLI doesn't support streaming operations in Amazon Bedrock, including
+// ConverseStream.
+//
+// Amazon Bedrock doesn't store any text, images, or documents that you provide
+// as content. The data is only used to generate the response.
+//
// For information about the Converse API, see Use the Converse API in the Amazon
// Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse
// API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool
@@ -319,7 +339,10 @@
// again.
//
// - ThrottlingException
-// The number of requests exceeds the limit. Resubmit your request later.
+// Your request was throttled because of service-wide limitations. Resubmit
+// your request later or in a different region. You can also purchase Provisioned
+// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html)
+// to increase the rate or number of tokens you can process.
//
// - ModelTimeoutException
// The request took too long to process. Processing time exceeded the model
@@ -328,6 +351,9 @@
// - InternalServerException
// An internal server error occurred. Retry your request.
//
+// - ServiceUnavailableException
+// The service isn't currently available. Try again later.
+//
// - ValidationException
// Input validation failed. Check your request parameters and retry the request.
//
@@ -581,7 +607,10 @@
// again.
//
// - ThrottlingException
-// The number of requests exceeds the limit. Resubmit your request later.
+// Your request was throttled because of service-wide limitations. Resubmit
+// your request later or in a different region. You can also purchase Provisioned
+// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html)
+// to increase the rate or number of tokens you can process.
//
// - ModelTimeoutException
// The request took too long to process. Processing time exceeded the model
@@ -590,6 +619,9 @@
// - InternalServerException
// An internal server error occurred. Retry your request.
//
+// - ServiceUnavailableException
+// The service isn't currently available. Try again later.
+//
// - ValidationException
// Input validation failed. Check your request parameters and retry the request.
//
@@ -597,7 +629,9 @@
// The model specified in the request is not ready to serve inference requests.
//
// - ServiceQuotaExceededException
-// The number of requests exceeds the service quota. Resubmit your request later.
+// Your request exceeds the service quota for your account. You can view your
+// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html).
+// You can resubmit your request later.
//
// - ModelErrorException
// The request failed due to an error while processing the model.
@@ -682,7 +716,8 @@
// To see if a model supports streaming, call GetFoundationModel (https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html)
// and check the responseStreamingSupported field in the response.
//
-// The CLI doesn't support InvokeModelWithResponseStream.
+// The CLI doesn't support streaming operations in Amazon Bedrock, including
+// InvokeModelWithResponseStream.
//
// For example code, see Invoke model with streaming code example in the Amazon
// Bedrock User Guide.
@@ -707,7 +742,10 @@
// again.
//
// - ThrottlingException
-// The number of requests exceeds the limit. Resubmit your request later.
+// Your request was throttled because of service-wide limitations. Resubmit
+// your request later or in a different region. You can also purchase Provisioned
+// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html)
+// to increase the rate or number of tokens you can process.
//
// - ModelTimeoutException
// The request took too long to process. Processing time exceeded the model
@@ -716,6 +754,9 @@
// - InternalServerException
// An internal server error occurred. Retry your request.
//
+// - ServiceUnavailableException
+// The service isn't currently available. Try again later.
+//
// - ModelStreamErrorException
// An error occurred while streaming the response. Retry your request.
//
@@ -726,7 +767,9 @@
// The model specified in the request is not ready to serve inference requests.
//
// - ServiceQuotaExceededException
-// The number of requests exceeds the service quota. Resubmit your request later.
+// Your request exceeds the service quota for your account. You can view your
+// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html).
+// You can resubmit your request later.
//
// - ModelErrorException
// The request failed due to an error while processing the model.
@@ -2356,6 +2399,8 @@
return newErrorInternalServerException(u.metadata).(eventstreamapi.Unmarshaler), nil
case "modelStreamErrorException":
return newErrorModelStreamErrorException(u.metadata).(eventstreamapi.Unmarshaler), nil
+ case "serviceUnavailableException":
+ return newErrorServiceUnavailableException(u.metadata).(eventstreamapi.Unmarshaler), nil
case "throttlingException":
return newErrorThrottlingException(u.metadata).(eventstreamapi.Unmarshaler), nil
case "validationException":
@@ -5276,6 +5321,8 @@
return newErrorModelStreamErrorException(u.metadata).(eventstreamapi.Unmarshaler), nil
case "modelTimeoutException":
return newErrorModelTimeoutException(u.metadata).(eventstreamapi.Unmarshaler), nil
+ case "serviceUnavailableException":
+ return newErrorServiceUnavailableException(u.metadata).(eventstreamapi.Unmarshaler), nil
case "throttlingException":
return newErrorThrottlingException(u.metadata).(eventstreamapi.Unmarshaler), nil
case "validationException":
@@ -5314,7 +5361,9 @@
return nil
}
-// The number of requests exceeds the service quota. Resubmit your request later.
+// Your request exceeds the service quota for your account. You can view your
+// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html).
+// You can resubmit your request later.
type ServiceQuotaExceededException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -5378,6 +5427,102 @@
return s.RespMetadata.RequestID
}
+// The service isn't currently available. Try again later.
+type ServiceUnavailableException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceUnavailableException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceUnavailableException) GoString() string {
+ return s.String()
+}
+
+// The ServiceUnavailableException is and event in the ConverseStreamOutput_ group of events.
+func (s *ServiceUnavailableException) eventConverseStreamOutput_() {}
+
+// The ServiceUnavailableException is and event in the ResponseStream group of events.
+func (s *ServiceUnavailableException) eventResponseStream() {}
+
+// UnmarshalEvent unmarshals the EventStream Message into the ServiceUnavailableException value.
+// This method is only used internally within the SDK's EventStream handling.
+func (s *ServiceUnavailableException) UnmarshalEvent(
+ payloadUnmarshaler protocol.PayloadUnmarshaler,
+ msg eventstream.Message,
+) error {
+ if err := payloadUnmarshaler.UnmarshalPayload(
+ bytes.NewReader(msg.Payload), s,
+ ); err != nil {
+ return err
+ }
+ return nil
+}
+
+// MarshalEvent marshals the type into an stream event value. This method
+// should only used internally within the SDK's EventStream handling.
+func (s *ServiceUnavailableException) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+ msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.ExceptionMessageType))
+ var buf bytes.Buffer
+ if err = pm.MarshalPayload(&buf, s); err != nil {
+ return eventstream.Message{}, err
+ }
+ msg.Payload = buf.Bytes()
+ return msg, err
+}
+
+func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error {
+ return &ServiceUnavailableException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ServiceUnavailableException) Code() string {
+ return "ServiceUnavailableException"
+}
+
+// Message returns the exception's message.
+func (s *ServiceUnavailableException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ServiceUnavailableException) OrigErr() error {
+ return nil
+}
+
+func (s *ServiceUnavailableException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ServiceUnavailableException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ServiceUnavailableException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
// The model must request a specific tool. For example, {"tool" : {"name" :
// "Your tool name"}}.
//
@@ -5495,7 +5640,10 @@
return s
}
-// The number of requests exceeds the limit. Resubmit your request later.
+// Your request was throttled because of service-wide limitations. Resubmit
+// your request later or in a different region. You can also purchase Provisioned
+// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html)
+// to increase the rate or number of tokens you can process.
type ThrottlingException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
diff --git a/service/bedrockruntime/errors.go b/service/bedrockruntime/errors.go
index b783844..cecb3e5 100644
--- a/service/bedrockruntime/errors.go
+++ b/service/bedrockruntime/errors.go
@@ -55,13 +55,24 @@
// ErrCodeServiceQuotaExceededException for service response error code
// "ServiceQuotaExceededException".
//
- // The number of requests exceeds the service quota. Resubmit your request later.
+ // Your request exceeds the service quota for your account. You can view your
+ // quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html).
+ // You can resubmit your request later.
ErrCodeServiceQuotaExceededException = "ServiceQuotaExceededException"
+ // ErrCodeServiceUnavailableException for service response error code
+ // "ServiceUnavailableException".
+ //
+ // The service isn't currently available. Try again later.
+ ErrCodeServiceUnavailableException = "ServiceUnavailableException"
+
// ErrCodeThrottlingException for service response error code
// "ThrottlingException".
//
- // The number of requests exceeds the limit. Resubmit your request later.
+ // Your request was throttled because of service-wide limitations. Resubmit
+ // your request later or in a different region. You can also purchase Provisioned
+ // Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html)
+ // to increase the rate or number of tokens you can process.
ErrCodeThrottlingException = "ThrottlingException"
// ErrCodeValidationException for service response error code
@@ -80,6 +91,7 @@
"ModelTimeoutException": newErrorModelTimeoutException,
"ResourceNotFoundException": newErrorResourceNotFoundException,
"ServiceQuotaExceededException": newErrorServiceQuotaExceededException,
+ "ServiceUnavailableException": newErrorServiceUnavailableException,
"ThrottlingException": newErrorThrottlingException,
"ValidationException": newErrorValidationException,
}
diff --git a/service/bedrockruntime/eventstream_test.go b/service/bedrockruntime/eventstream_test.go
index b00292c..eb5ad91 100644
--- a/service/bedrockruntime/eventstream_test.go
+++ b/service/bedrockruntime/eventstream_test.go
@@ -2041,6 +2041,7 @@
var _ awserr.Error = (*InternalServerException)(nil)
var _ awserr.Error = (*ModelStreamErrorException)(nil)
+var _ awserr.Error = (*ServiceUnavailableException)(nil)
var _ awserr.Error = (*ThrottlingException)(nil)
var _ awserr.Error = (*ValidationException)(nil)
@@ -2341,6 +2342,7 @@
var _ awserr.Error = (*InternalServerException)(nil)
var _ awserr.Error = (*ModelStreamErrorException)(nil)
var _ awserr.Error = (*ModelTimeoutException)(nil)
+var _ awserr.Error = (*ServiceUnavailableException)(nil)
var _ awserr.Error = (*ThrottlingException)(nil)
var _ awserr.Error = (*ValidationException)(nil)
diff --git a/service/codecommit/api.go b/service/codecommit/api.go
index 0fe4ba9..07c3e8c 100644
--- a/service/codecommit/api.go
+++ b/service/codecommit/api.go
@@ -1591,6 +1591,9 @@
// - RepositoryLimitExceededException
// A repository resource limit was exceeded.
//
+// - OperationNotAllowedException
+// The requested action is not allowed.
+//
// - EncryptionIntegrityChecksFailedException
// An encryption integrity check failed.
//
@@ -16210,7 +16213,7 @@
// The ID of the encryption key. You can view the ID of an encryption key in
// the KMS console, or use the KMS APIs to programmatically retrieve a key ID.
- // For more information about acceptable values for kmsKeyID, see KeyId (https://docs.aws.amazon.com/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId)
+ // For more information about acceptable values for kmsKeyID, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId)
// in the Decrypt API description in the Key Management Service API Reference.
//
// If no key is specified, the default aws/codecommit Amazon Web Services managed
@@ -29546,6 +29549,70 @@
return s
}
+// The requested action is not allowed.
+type OperationNotAllowedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OperationNotAllowedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OperationNotAllowedException) GoString() string {
+ return s.String()
+}
+
+func newErrorOperationNotAllowedException(v protocol.ResponseMetadata) error {
+ return &OperationNotAllowedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *OperationNotAllowedException) Code() string {
+ return "OperationNotAllowedException"
+}
+
+// Message returns the exception's message.
+func (s *OperationNotAllowedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *OperationNotAllowedException) OrigErr() error {
+ return nil
+}
+
+func (s *OperationNotAllowedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *OperationNotAllowedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *OperationNotAllowedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
// Returns information about the template that created the approval rule for
// a pull request.
type OriginApprovalRuleTemplate struct {
@@ -36606,7 +36673,7 @@
// The ID of the encryption key. You can view the ID of an encryption key in
// the KMS console, or use the KMS APIs to programmatically retrieve a key ID.
- // For more information about acceptable values for keyID, see KeyId (https://docs.aws.amazon.com/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId)
+ // For more information about acceptable values for keyID, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId)
// in the Decrypt API description in the Key Management Service API Reference.
//
// KmsKeyId is a required field
diff --git a/service/codecommit/errors.go b/service/codecommit/errors.go
index b3b8dad..96f5e2b 100644
--- a/service/codecommit/errors.go
+++ b/service/codecommit/errors.go
@@ -966,6 +966,12 @@
// of approval rules associated with it.
ErrCodeNumberOfRulesExceededException = "NumberOfRulesExceededException"
+ // ErrCodeOperationNotAllowedException for service response error code
+ // "OperationNotAllowedException".
+ //
+ // The requested action is not allowed.
+ ErrCodeOperationNotAllowedException = "OperationNotAllowedException"
+
// ErrCodeOverrideAlreadySetException for service response error code
// "OverrideAlreadySetException".
//
@@ -1435,6 +1441,7 @@
"NoChangeException": newErrorNoChangeException,
"NumberOfRuleTemplatesExceededException": newErrorNumberOfRuleTemplatesExceededException,
"NumberOfRulesExceededException": newErrorNumberOfRulesExceededException,
+ "OperationNotAllowedException": newErrorOperationNotAllowedException,
"OverrideAlreadySetException": newErrorOverrideAlreadySetException,
"OverrideStatusRequiredException": newErrorOverrideStatusRequiredException,
"ParentCommitDoesNotExistException": newErrorParentCommitDoesNotExistException,
diff --git a/service/datazone/api.go b/service/datazone/api.go
index ac7a59e..25aa7b4 100644
--- a/service/datazone/api.go
+++ b/service/datazone/api.go
@@ -5409,6 +5409,101 @@
return out, req.Send()
}
+const opGetEnvironmentCredentials = "GetEnvironmentCredentials"
+
+// GetEnvironmentCredentialsRequest generates a "aws/request.Request" representing the
+// client's request for the GetEnvironmentCredentials operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetEnvironmentCredentials for more information on using the GetEnvironmentCredentials
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetEnvironmentCredentialsRequest method.
+// req, resp := client.GetEnvironmentCredentialsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/datazone-2018-05-10/GetEnvironmentCredentials
+func (c *DataZone) GetEnvironmentCredentialsRequest(input *GetEnvironmentCredentialsInput) (req *request.Request, output *GetEnvironmentCredentialsOutput) {
+ op := &request.Operation{
+ Name: opGetEnvironmentCredentials,
+ HTTPMethod: "GET",
+ HTTPPath: "/v2/domains/{domainIdentifier}/environments/{environmentIdentifier}/credentials",
+ }
+
+ if input == nil {
+ input = &GetEnvironmentCredentialsInput{}
+ }
+
+ output = &GetEnvironmentCredentialsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetEnvironmentCredentials API operation for Amazon DataZone.
+//
+// Gets the credentials of an environment in Amazon DataZone.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon DataZone's
+// API operation GetEnvironmentCredentials for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// The request has failed because of an unknown error, exception or failure.
+//
+// - ResourceNotFoundException
+// The specified resource cannot be found.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action.
+//
+// - ThrottlingException
+// The request was denied due to request throttling.
+//
+// - ValidationException
+// The input fails to satisfy the constraints specified by the Amazon Web Services
+// service.
+//
+// - UnauthorizedException
+// You do not have permission to perform this action.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/datazone-2018-05-10/GetEnvironmentCredentials
+func (c *DataZone) GetEnvironmentCredentials(input *GetEnvironmentCredentialsInput) (*GetEnvironmentCredentialsOutput, error) {
+ req, out := c.GetEnvironmentCredentialsRequest(input)
+ return out, req.Send()
+}
+
+// GetEnvironmentCredentialsWithContext is the same as GetEnvironmentCredentials with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetEnvironmentCredentials for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *DataZone) GetEnvironmentCredentialsWithContext(ctx aws.Context, input *GetEnvironmentCredentialsInput, opts ...request.Option) (*GetEnvironmentCredentialsOutput, error) {
+ req, out := c.GetEnvironmentCredentialsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opGetEnvironmentProfile = "GetEnvironmentProfile"
// GetEnvironmentProfileRequest generates a "aws/request.Request" representing the
@@ -27683,6 +27778,131 @@
return s
}
+type GetEnvironmentCredentialsInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The ID of the Amazon DataZone domain in which this environment and its credentials
+ // exist.
+ //
+ // DomainIdentifier is a required field
+ DomainIdentifier *string `location:"uri" locationName:"domainIdentifier" type:"string" required:"true"`
+
+ // The ID of the environment whose credentials this operation gets.
+ //
+ // EnvironmentIdentifier is a required field
+ EnvironmentIdentifier *string `location:"uri" locationName:"environmentIdentifier" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetEnvironmentCredentialsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetEnvironmentCredentialsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetEnvironmentCredentialsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetEnvironmentCredentialsInput"}
+ if s.DomainIdentifier == nil {
+ invalidParams.Add(request.NewErrParamRequired("DomainIdentifier"))
+ }
+ if s.DomainIdentifier != nil && len(*s.DomainIdentifier) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("DomainIdentifier", 1))
+ }
+ if s.EnvironmentIdentifier == nil {
+ invalidParams.Add(request.NewErrParamRequired("EnvironmentIdentifier"))
+ }
+ if s.EnvironmentIdentifier != nil && len(*s.EnvironmentIdentifier) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("EnvironmentIdentifier", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDomainIdentifier sets the DomainIdentifier field's value.
+func (s *GetEnvironmentCredentialsInput) SetDomainIdentifier(v string) *GetEnvironmentCredentialsInput {
+ s.DomainIdentifier = &v
+ return s
+}
+
+// SetEnvironmentIdentifier sets the EnvironmentIdentifier field's value.
+func (s *GetEnvironmentCredentialsInput) SetEnvironmentIdentifier(v string) *GetEnvironmentCredentialsInput {
+ s.EnvironmentIdentifier = &v
+ return s
+}
+
+type GetEnvironmentCredentialsOutput struct {
+ _ struct{} `type:"structure" sensitive:"true"`
+
+ // The access key ID of the environment.
+ AccessKeyId *string `locationName:"accessKeyId" type:"string"`
+
+ // The expiration timestamp of the environment credentials.
+ Expiration *time.Time `locationName:"expiration" type:"timestamp" timestampFormat:"iso8601"`
+
+ // The secret access key of the environment credentials.
+ SecretAccessKey *string `locationName:"secretAccessKey" type:"string"`
+
+ // The session token of the environment credentials.
+ SessionToken *string `locationName:"sessionToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetEnvironmentCredentialsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetEnvironmentCredentialsOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *GetEnvironmentCredentialsOutput) SetAccessKeyId(v string) *GetEnvironmentCredentialsOutput {
+ s.AccessKeyId = &v
+ return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *GetEnvironmentCredentialsOutput) SetExpiration(v time.Time) *GetEnvironmentCredentialsOutput {
+ s.Expiration = &v
+ return s
+}
+
+// SetSecretAccessKey sets the SecretAccessKey field's value.
+func (s *GetEnvironmentCredentialsOutput) SetSecretAccessKey(v string) *GetEnvironmentCredentialsOutput {
+ s.SecretAccessKey = &v
+ return s
+}
+
+// SetSessionToken sets the SessionToken field's value.
+func (s *GetEnvironmentCredentialsOutput) SetSessionToken(v string) *GetEnvironmentCredentialsOutput {
+ s.SessionToken = &v
+ return s
+}
+
type GetEnvironmentInput struct {
_ struct{} `type:"structure" nopayload:"true"`
diff --git a/service/datazone/datazoneiface/interface.go b/service/datazone/datazoneiface/interface.go
index 92d67fe..5ac48ac 100644
--- a/service/datazone/datazoneiface/interface.go
+++ b/service/datazone/datazoneiface/interface.go
@@ -280,6 +280,10 @@
GetEnvironmentBlueprintConfigurationWithContext(aws.Context, *datazone.GetEnvironmentBlueprintConfigurationInput, ...request.Option) (*datazone.GetEnvironmentBlueprintConfigurationOutput, error)
GetEnvironmentBlueprintConfigurationRequest(*datazone.GetEnvironmentBlueprintConfigurationInput) (*request.Request, *datazone.GetEnvironmentBlueprintConfigurationOutput)
+ GetEnvironmentCredentials(*datazone.GetEnvironmentCredentialsInput) (*datazone.GetEnvironmentCredentialsOutput, error)
+ GetEnvironmentCredentialsWithContext(aws.Context, *datazone.GetEnvironmentCredentialsInput, ...request.Option) (*datazone.GetEnvironmentCredentialsOutput, error)
+ GetEnvironmentCredentialsRequest(*datazone.GetEnvironmentCredentialsInput) (*request.Request, *datazone.GetEnvironmentCredentialsOutput)
+
GetEnvironmentProfile(*datazone.GetEnvironmentProfileInput) (*datazone.GetEnvironmentProfileOutput, error)
GetEnvironmentProfileWithContext(aws.Context, *datazone.GetEnvironmentProfileInput, ...request.Option) (*datazone.GetEnvironmentProfileOutput, error)
GetEnvironmentProfileRequest(*datazone.GetEnvironmentProfileInput) (*request.Request, *datazone.GetEnvironmentProfileOutput)
diff --git a/service/ec2/api.go b/service/ec2/api.go
index 02e0ebd..38db957 100644
--- a/service/ec2/api.go
+++ b/service/ec2/api.go
@@ -124700,9 +124700,38 @@
// The Availability Zone in which to launch the instances.
AvailabilityZone *string `locationName:"availabilityZone" type:"string"`
- // The ID of the AMI. An AMI is required to launch an instance. This parameter
- // is only available for fleets of type instant. For fleets of type maintain
- // and request, you must specify the AMI ID in the launch template.
+ // The ID of the AMI in the format ami-17characters00000.
+ //
+ // Alternatively, you can specify a Systems Manager parameter, using one of
+ // the following formats. The Systems Manager parameter will resolve to an AMI
+ // ID on launch.
+ //
+ // To reference a public parameter:
+ //
+ // * resolve:ssm:public-parameter
+ //
+ // To reference a parameter stored in the same account:
+ //
+ // * resolve:ssm:parameter-name
+ //
+ // * resolve:ssm:parameter-name:version-number
+ //
+ // * resolve:ssm:parameter-name:label
+ //
+ // To reference a parameter shared from another Amazon Web Services account:
+ //
+ // * resolve:ssm:parameter-ARN
+ //
+ // * resolve:ssm:parameter-ARN:version-number
+ //
+ // * resolve:ssm:parameter-ARN:label
+ //
+ // For more information, see Use a Systems Manager parameter instead of an AMI
+ // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id)
+ // in the Amazon EC2 User Guide.
+ //
+ // This parameter is only available for fleets of type instant. For fleets of
+ // type maintain and request, you must specify the AMI ID in the launch template.
ImageId *string `locationName:"imageId" type:"string"`
// The attributes for the instance types. When you specify instance attributes,
@@ -124845,9 +124874,38 @@
// The Availability Zone in which to launch the instances.
AvailabilityZone *string `type:"string"`
- // The ID of the AMI. An AMI is required to launch an instance. This parameter
- // is only available for fleets of type instant. For fleets of type maintain
- // and request, you must specify the AMI ID in the launch template.
+ // The ID of the AMI in the format ami-17characters00000.
+ //
+ // Alternatively, you can specify a Systems Manager parameter, using one of
+ // the following formats. The Systems Manager parameter will resolve to an AMI
+ // ID on launch.
+ //
+ // To reference a public parameter:
+ //
+ // * resolve:ssm:public-parameter
+ //
+ // To reference a parameter stored in the same account:
+ //
+ // * resolve:ssm:parameter-name
+ //
+ // * resolve:ssm:parameter-name:version-number
+ //
+ // * resolve:ssm:parameter-name:label
+ //
+ // To reference a parameter shared from another Amazon Web Services account:
+ //
+ // * resolve:ssm:parameter-ARN
+ //
+ // * resolve:ssm:parameter-ARN:version-number
+ //
+ // * resolve:ssm:parameter-ARN:label
+ //
+ // For more information, see Use a Systems Manager parameter instead of an AMI
+ // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id)
+ // in the Amazon EC2 User Guide.
+ //
+ // This parameter is only available for fleets of type instant. For fleets of
+ // type maintain and request, you must specify the AMI ID in the launch template.
ImageId *string `type:"string"`
// The attributes for the instance types. When you specify instance attributes,
@@ -168935,12 +168993,17 @@
// The name or Amazon Resource Name (ARN) of an IAM instance profile.
IamInstanceProfile *LaunchTemplateIamInstanceProfileSpecificationRequest `type:"structure"`
- // The ID of the AMI. Alternatively, you can specify a Systems Manager parameter,
- // which will resolve to an AMI ID on launch.
+ // The ID of the AMI in the format ami-17characters00000.
//
- // Valid formats:
+ // Alternatively, you can specify a Systems Manager parameter, using one of
+ // the following formats. The Systems Manager parameter will resolve to an AMI
+ // ID on launch.
//
- // * ami-17characters00000
+ // To reference a public parameter:
+ //
+ // * resolve:ssm:public-parameter
+ //
+ // To reference a parameter stored in the same account:
//
// * resolve:ssm:parameter-name
//
@@ -168948,15 +169011,26 @@
//
// * resolve:ssm:parameter-name:label
//
- // * resolve:ssm:public-parameter
+ // To reference a parameter shared from another Amazon Web Services account:
//
- // Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager
- // parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet,
- // you must specify the AMI ID.
+ // * resolve:ssm:parameter-ARN
+ //
+ // * resolve:ssm:parameter-ARN:version-number
+ //
+ // * resolve:ssm:parameter-ARN:label
//
// For more information, see Use a Systems Manager parameter instead of an AMI
// ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id)
// in the Amazon EC2 User Guide.
+ //
+ // If the launch template will be used for an EC2 Fleet or Spot Fleet, note
+ // the following:
+ //
+ // * Only EC2 Fleets of type instant support specifying a Systems Manager
+ // parameter.
+ //
+ // * For EC2 Fleets of type maintain or request, or for Spot Fleets, you
+ // must specify the AMI ID.
ImageId *string `type:"string"`
// Indicates whether an instance stops or terminates when you initiate shutdown
@@ -201114,9 +201188,6 @@
// ResourceTypeVpcBlockPublicAccessExclusion is a ResourceType enum value
ResourceTypeVpcBlockPublicAccessExclusion = "vpc-block-public-access-exclusion"
- // ResourceTypeVpcEncryptionControl is a ResourceType enum value
- ResourceTypeVpcEncryptionControl = "vpc-encryption-control"
-
// ResourceTypeIpamResourceDiscovery is a ResourceType enum value
ResourceTypeIpamResourceDiscovery = "ipam-resource-discovery"
@@ -201216,7 +201287,6 @@
ResourceTypeVerifiedAccessTrustProvider,
ResourceTypeVpnConnectionDeviceType,
ResourceTypeVpcBlockPublicAccessExclusion,
- ResourceTypeVpcEncryptionControl,
ResourceTypeIpamResourceDiscovery,
ResourceTypeIpamResourceDiscoveryAssociation,
ResourceTypeInstanceConnectEndpoint,
diff --git a/service/ecr/api.go b/service/ecr/api.go
index 7eac525..5d89b40 100644
--- a/service/ecr/api.go
+++ b/service/ecr/api.go
@@ -727,6 +727,105 @@
return out, req.Send()
}
+const opCreateRepositoryCreationTemplate = "CreateRepositoryCreationTemplate"
+
+// CreateRepositoryCreationTemplateRequest generates a "aws/request.Request" representing the
+// client's request for the CreateRepositoryCreationTemplate operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateRepositoryCreationTemplate for more information on using the CreateRepositoryCreationTemplate
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateRepositoryCreationTemplateRequest method.
+// req, resp := client.CreateRepositoryCreationTemplateRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/CreateRepositoryCreationTemplate
+func (c *ECR) CreateRepositoryCreationTemplateRequest(input *CreateRepositoryCreationTemplateInput) (req *request.Request, output *CreateRepositoryCreationTemplateOutput) {
+ op := &request.Operation{
+ Name: opCreateRepositoryCreationTemplate,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &CreateRepositoryCreationTemplateInput{}
+ }
+
+ output = &CreateRepositoryCreationTemplateOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateRepositoryCreationTemplate API operation for Amazon EC2 Container Registry.
+//
+// Creates a repository creation template. This template is used to define the
+// settings for repositories created by Amazon ECR on your behalf. For example,
+// repositories created through pull through cache actions. For more information,
+// see Private repository creation templates (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-creation-templates.html)
+// in the Amazon Elastic Container Registry User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon EC2 Container Registry's
+// API operation CreateRepositoryCreationTemplate for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ValidationException
+// There was an exception validating this request.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - LimitExceededException
+// The operation did not succeed because it would have exceeded a service limit
+// for your account. For more information, see Amazon ECR service quotas (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html)
+// in the Amazon Elastic Container Registry User Guide.
+//
+// - TemplateAlreadyExistsException
+// The repository creation template already exists. Specify a unique prefix
+// and try again.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/CreateRepositoryCreationTemplate
+func (c *ECR) CreateRepositoryCreationTemplate(input *CreateRepositoryCreationTemplateInput) (*CreateRepositoryCreationTemplateOutput, error) {
+ req, out := c.CreateRepositoryCreationTemplateRequest(input)
+ return out, req.Send()
+}
+
+// CreateRepositoryCreationTemplateWithContext is the same as CreateRepositoryCreationTemplate with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateRepositoryCreationTemplate for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ECR) CreateRepositoryCreationTemplateWithContext(ctx aws.Context, input *CreateRepositoryCreationTemplateInput, opts ...request.Option) (*CreateRepositoryCreationTemplateOutput, error) {
+ req, out := c.CreateRepositoryCreationTemplateRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDeleteLifecyclePolicy = "DeleteLifecyclePolicy"
// DeleteLifecyclePolicyRequest generates a "aws/request.Request" representing the
@@ -1095,6 +1194,96 @@
return out, req.Send()
}
+const opDeleteRepositoryCreationTemplate = "DeleteRepositoryCreationTemplate"
+
+// DeleteRepositoryCreationTemplateRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteRepositoryCreationTemplate operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteRepositoryCreationTemplate for more information on using the DeleteRepositoryCreationTemplate
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteRepositoryCreationTemplateRequest method.
+// req, resp := client.DeleteRepositoryCreationTemplateRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteRepositoryCreationTemplate
+func (c *ECR) DeleteRepositoryCreationTemplateRequest(input *DeleteRepositoryCreationTemplateInput) (req *request.Request, output *DeleteRepositoryCreationTemplateOutput) {
+ op := &request.Operation{
+ Name: opDeleteRepositoryCreationTemplate,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DeleteRepositoryCreationTemplateInput{}
+ }
+
+ output = &DeleteRepositoryCreationTemplateOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DeleteRepositoryCreationTemplate API operation for Amazon EC2 Container Registry.
+//
+// Deletes a repository creation template.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon EC2 Container Registry's
+// API operation DeleteRepositoryCreationTemplate for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ValidationException
+// There was an exception validating this request.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - TemplateNotFoundException
+// The specified repository creation template can't be found. Verify the registry
+// ID and prefix and try again.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteRepositoryCreationTemplate
+func (c *ECR) DeleteRepositoryCreationTemplate(input *DeleteRepositoryCreationTemplateInput) (*DeleteRepositoryCreationTemplateOutput, error) {
+ req, out := c.DeleteRepositoryCreationTemplateRequest(input)
+ return out, req.Send()
+}
+
+// DeleteRepositoryCreationTemplateWithContext is the same as DeleteRepositoryCreationTemplate with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteRepositoryCreationTemplate for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ECR) DeleteRepositoryCreationTemplateWithContext(ctx aws.Context, input *DeleteRepositoryCreationTemplateInput, opts ...request.Option) (*DeleteRepositoryCreationTemplateOutput, error) {
+ req, out := c.DeleteRepositoryCreationTemplateRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDeleteRepositoryPolicy = "DeleteRepositoryPolicy"
// DeleteRepositoryPolicyRequest generates a "aws/request.Request" representing the
@@ -1964,6 +2153,151 @@
return p.Err()
}
+const opDescribeRepositoryCreationTemplates = "DescribeRepositoryCreationTemplates"
+
+// DescribeRepositoryCreationTemplatesRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeRepositoryCreationTemplates operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeRepositoryCreationTemplates for more information on using the DescribeRepositoryCreationTemplates
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DescribeRepositoryCreationTemplatesRequest method.
+// req, resp := client.DescribeRepositoryCreationTemplatesRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeRepositoryCreationTemplates
+func (c *ECR) DescribeRepositoryCreationTemplatesRequest(input *DescribeRepositoryCreationTemplatesInput) (req *request.Request, output *DescribeRepositoryCreationTemplatesOutput) {
+ op := &request.Operation{
+ Name: opDescribeRepositoryCreationTemplates,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &DescribeRepositoryCreationTemplatesInput{}
+ }
+
+ output = &DescribeRepositoryCreationTemplatesOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DescribeRepositoryCreationTemplates API operation for Amazon EC2 Container Registry.
+//
+// Returns details about the repository creation templates in a registry. The
+// prefixes request parameter can be used to return the details for a specific
+// repository creation template.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon EC2 Container Registry's
+// API operation DescribeRepositoryCreationTemplates for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ValidationException
+// There was an exception validating this request.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeRepositoryCreationTemplates
+func (c *ECR) DescribeRepositoryCreationTemplates(input *DescribeRepositoryCreationTemplatesInput) (*DescribeRepositoryCreationTemplatesOutput, error) {
+ req, out := c.DescribeRepositoryCreationTemplatesRequest(input)
+ return out, req.Send()
+}
+
+// DescribeRepositoryCreationTemplatesWithContext is the same as DescribeRepositoryCreationTemplates with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeRepositoryCreationTemplates for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ECR) DescribeRepositoryCreationTemplatesWithContext(ctx aws.Context, input *DescribeRepositoryCreationTemplatesInput, opts ...request.Option) (*DescribeRepositoryCreationTemplatesOutput, error) {
+ req, out := c.DescribeRepositoryCreationTemplatesRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// DescribeRepositoryCreationTemplatesPages iterates over the pages of a DescribeRepositoryCreationTemplates operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See DescribeRepositoryCreationTemplates method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a DescribeRepositoryCreationTemplates operation.
+// pageNum := 0
+// err := client.DescribeRepositoryCreationTemplatesPages(params,
+// func(page *ecr.DescribeRepositoryCreationTemplatesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *ECR) DescribeRepositoryCreationTemplatesPages(input *DescribeRepositoryCreationTemplatesInput, fn func(*DescribeRepositoryCreationTemplatesOutput, bool) bool) error {
+ return c.DescribeRepositoryCreationTemplatesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// DescribeRepositoryCreationTemplatesPagesWithContext same as DescribeRepositoryCreationTemplatesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ECR) DescribeRepositoryCreationTemplatesPagesWithContext(ctx aws.Context, input *DescribeRepositoryCreationTemplatesInput, fn func(*DescribeRepositoryCreationTemplatesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *DescribeRepositoryCreationTemplatesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.DescribeRepositoryCreationTemplatesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*DescribeRepositoryCreationTemplatesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
const opGetAuthorizationToken = "GetAuthorizationToken"
// GetAuthorizationTokenRequest generates a "aws/request.Request" representing the
@@ -3631,7 +3965,9 @@
// a service-linked IAM role is created in your account for the replication
// process. For more information, see Using service-linked roles for Amazon
// ECR (https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html)
-// in the Amazon Elastic Container Registry User Guide.
+// in the Amazon Elastic Container Registry User Guide. For more information
+// on the custom role for replication, see Creating an IAM role for replication
+// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication-creation-templates.html#roles-creatingrole-user-console).
//
// When configuring cross-account replication, the destination account must
// grant the source account permission to replicate. This permission is controlled
@@ -4267,6 +4603,96 @@
return out, req.Send()
}
+const opUpdateRepositoryCreationTemplate = "UpdateRepositoryCreationTemplate"
+
+// UpdateRepositoryCreationTemplateRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateRepositoryCreationTemplate operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateRepositoryCreationTemplate for more information on using the UpdateRepositoryCreationTemplate
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateRepositoryCreationTemplateRequest method.
+// req, resp := client.UpdateRepositoryCreationTemplateRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UpdateRepositoryCreationTemplate
+func (c *ECR) UpdateRepositoryCreationTemplateRequest(input *UpdateRepositoryCreationTemplateInput) (req *request.Request, output *UpdateRepositoryCreationTemplateOutput) {
+ op := &request.Operation{
+ Name: opUpdateRepositoryCreationTemplate,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UpdateRepositoryCreationTemplateInput{}
+ }
+
+ output = &UpdateRepositoryCreationTemplateOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateRepositoryCreationTemplate API operation for Amazon EC2 Container Registry.
+//
+// Updates an existing repository creation template.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon EC2 Container Registry's
+// API operation UpdateRepositoryCreationTemplate for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ValidationException
+// There was an exception validating this request.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - TemplateNotFoundException
+// The specified repository creation template can't be found. Verify the registry
+// ID and prefix and try again.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UpdateRepositoryCreationTemplate
+func (c *ECR) UpdateRepositoryCreationTemplate(input *UpdateRepositoryCreationTemplateInput) (*UpdateRepositoryCreationTemplateOutput, error) {
+ req, out := c.UpdateRepositoryCreationTemplateRequest(input)
+ return out, req.Send()
+}
+
+// UpdateRepositoryCreationTemplateWithContext is the same as UpdateRepositoryCreationTemplate with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateRepositoryCreationTemplate for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ECR) UpdateRepositoryCreationTemplateWithContext(ctx aws.Context, input *UpdateRepositoryCreationTemplateInput, opts ...request.Option) (*UpdateRepositoryCreationTemplateOutput, error) {
+ req, out := c.UpdateRepositoryCreationTemplateRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opUploadLayerPart = "UploadLayerPart"
// UploadLayerPartRequest generates a "aws/request.Request" representing the
@@ -5330,8 +5756,6 @@
//
// * Microsoft Azure Container Registry (azure-container-registry) - <custom>.azurecr.io
//
- // * GitLab Container Registry (gitlab-container-registry) - registry.gitlab.com
- //
// UpstreamRegistryUrl is a required field
UpstreamRegistryUrl *string `locationName:"upstreamRegistryUrl" type:"string" required:"true"`
}
@@ -5485,6 +5909,211 @@
return s
}
+type CreateRepositoryCreationTemplateInput struct {
+ _ struct{} `type:"structure"`
+
+ // A list of enumerable strings representing the Amazon ECR repository creation
+ // scenarios that this template will apply towards. The two supported scenarios
+ // are PULL_THROUGH_CACHE and REPLICATION
+ //
+ // AppliedFor is a required field
+ AppliedFor []*string `locationName:"appliedFor" type:"list" required:"true" enum:"RCTAppliedFor"`
+
+ // The ARN of the role to be assumed by Amazon ECR. This role must be in the
+ // same account as the registry that you are configuring.
+ CustomRoleArn *string `locationName:"customRoleArn" type:"string"`
+
+ // A description for the repository creation template.
+ Description *string `locationName:"description" type:"string"`
+
+ // The encryption configuration to use for repositories created using the template.
+ EncryptionConfiguration *EncryptionConfigurationForRepositoryCreationTemplate `locationName:"encryptionConfiguration" type:"structure"`
+
+ // The tag mutability setting for the repository. If this parameter is omitted,
+ // the default setting of MUTABLE will be used which will allow image tags to
+ // be overwritten. If IMMUTABLE is specified, all image tags within the repository
+ // will be immutable which will prevent them from being overwritten.
+ ImageTagMutability *string `locationName:"imageTagMutability" type:"string" enum:"ImageTagMutability"`
+
+ // The lifecycle policy to use for repositories created using the template.
+ LifecyclePolicy *string `locationName:"lifecyclePolicy" type:"string"`
+
+ // The repository namespace prefix to associate with the template. All repositories
+ // created using this namespace prefix will have the settings defined in this
+ // template applied. For example, a prefix of prod would apply to all repositories
+ // beginning with prod/. Similarly, a prefix of prod/team would apply to all
+ // repositories beginning with prod/team/.
+ //
+ // To apply a template to all repositories in your registry that don't have
+ // an associated creation template, you can use ROOT as the prefix.
+ //
+ // There is always an assumed / applied to the end of the prefix. If you specify
+ // ecr-public as the prefix, Amazon ECR treats that as ecr-public/. When using
+ // a pull through cache rule, the repository prefix you specify during rule
+ // creation is what you should specify as your repository creation template
+ // prefix as well.
+ //
+ // Prefix is a required field
+ Prefix *string `locationName:"prefix" min:"1" type:"string" required:"true"`
+
+ // The repository policy to apply to repositories created using the template.
+ // A repository policy is a permissions policy associated with a repository
+ // to control access permissions.
+ RepositoryPolicy *string `locationName:"repositoryPolicy" type:"string"`
+
+ // The metadata to apply to the repository to help you categorize and organize.
+ // Each tag consists of a key and an optional value, both of which you define.
+ // Tag keys can have a maximum character length of 128 characters, and tag values
+ // can have a maximum length of 256 characters.
+ ResourceTags []*Tag `locationName:"resourceTags" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateRepositoryCreationTemplateInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateRepositoryCreationTemplateInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateRepositoryCreationTemplateInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateRepositoryCreationTemplateInput"}
+ if s.AppliedFor == nil {
+ invalidParams.Add(request.NewErrParamRequired("AppliedFor"))
+ }
+ if s.Prefix == nil {
+ invalidParams.Add(request.NewErrParamRequired("Prefix"))
+ }
+ if s.Prefix != nil && len(*s.Prefix) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Prefix", 1))
+ }
+ if s.EncryptionConfiguration != nil {
+ if err := s.EncryptionConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.ResourceTags != nil {
+ for i, v := range s.ResourceTags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ResourceTags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAppliedFor sets the AppliedFor field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetAppliedFor(v []*string) *CreateRepositoryCreationTemplateInput {
+ s.AppliedFor = v
+ return s
+}
+
+// SetCustomRoleArn sets the CustomRoleArn field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetCustomRoleArn(v string) *CreateRepositoryCreationTemplateInput {
+ s.CustomRoleArn = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetDescription(v string) *CreateRepositoryCreationTemplateInput {
+ s.Description = &v
+ return s
+}
+
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetEncryptionConfiguration(v *EncryptionConfigurationForRepositoryCreationTemplate) *CreateRepositoryCreationTemplateInput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
+// SetImageTagMutability sets the ImageTagMutability field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetImageTagMutability(v string) *CreateRepositoryCreationTemplateInput {
+ s.ImageTagMutability = &v
+ return s
+}
+
+// SetLifecyclePolicy sets the LifecyclePolicy field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetLifecyclePolicy(v string) *CreateRepositoryCreationTemplateInput {
+ s.LifecyclePolicy = &v
+ return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetPrefix(v string) *CreateRepositoryCreationTemplateInput {
+ s.Prefix = &v
+ return s
+}
+
+// SetRepositoryPolicy sets the RepositoryPolicy field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetRepositoryPolicy(v string) *CreateRepositoryCreationTemplateInput {
+ s.RepositoryPolicy = &v
+ return s
+}
+
+// SetResourceTags sets the ResourceTags field's value.
+func (s *CreateRepositoryCreationTemplateInput) SetResourceTags(v []*Tag) *CreateRepositoryCreationTemplateInput {
+ s.ResourceTags = v
+ return s
+}
+
+type CreateRepositoryCreationTemplateOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The registry ID associated with the request.
+ RegistryId *string `locationName:"registryId" type:"string"`
+
+ // The details of the repository creation template associated with the request.
+ RepositoryCreationTemplate *RepositoryCreationTemplate `locationName:"repositoryCreationTemplate" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateRepositoryCreationTemplateOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateRepositoryCreationTemplateOutput) GoString() string {
+ return s.String()
+}
+
+// SetRegistryId sets the RegistryId field's value.
+func (s *CreateRepositoryCreationTemplateOutput) SetRegistryId(v string) *CreateRepositoryCreationTemplateOutput {
+ s.RegistryId = &v
+ return s
+}
+
+// SetRepositoryCreationTemplate sets the RepositoryCreationTemplate field's value.
+func (s *CreateRepositoryCreationTemplateOutput) SetRepositoryCreationTemplate(v *RepositoryCreationTemplate) *CreateRepositoryCreationTemplateOutput {
+ s.RepositoryCreationTemplate = v
+ return s
+}
+
type CreateRepositoryInput struct {
_ struct{} `type:"structure"`
@@ -6118,6 +6747,95 @@
return s
}
+type DeleteRepositoryCreationTemplateInput struct {
+ _ struct{} `type:"structure"`
+
+ // The repository namespace prefix associated with the repository creation template.
+ //
+ // Prefix is a required field
+ Prefix *string `locationName:"prefix" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteRepositoryCreationTemplateInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteRepositoryCreationTemplateInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteRepositoryCreationTemplateInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteRepositoryCreationTemplateInput"}
+ if s.Prefix == nil {
+ invalidParams.Add(request.NewErrParamRequired("Prefix"))
+ }
+ if s.Prefix != nil && len(*s.Prefix) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Prefix", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *DeleteRepositoryCreationTemplateInput) SetPrefix(v string) *DeleteRepositoryCreationTemplateInput {
+ s.Prefix = &v
+ return s
+}
+
+type DeleteRepositoryCreationTemplateOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The registry ID associated with the request.
+ RegistryId *string `locationName:"registryId" type:"string"`
+
+ // The details of the repository creation template that was deleted.
+ RepositoryCreationTemplate *RepositoryCreationTemplate `locationName:"repositoryCreationTemplate" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteRepositoryCreationTemplateOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteRepositoryCreationTemplateOutput) GoString() string {
+ return s.String()
+}
+
+// SetRegistryId sets the RegistryId field's value.
+func (s *DeleteRepositoryCreationTemplateOutput) SetRegistryId(v string) *DeleteRepositoryCreationTemplateOutput {
+ s.RegistryId = &v
+ return s
+}
+
+// SetRepositoryCreationTemplate sets the RepositoryCreationTemplate field's value.
+func (s *DeleteRepositoryCreationTemplateOutput) SetRepositoryCreationTemplate(v *RepositoryCreationTemplate) *DeleteRepositoryCreationTemplateOutput {
+ s.RepositoryCreationTemplate = v
+ return s
+}
+
type DeleteRepositoryInput struct {
_ struct{} `type:"structure"`
@@ -7002,7 +7720,7 @@
type DescribeRegistryOutput struct {
_ struct{} `type:"structure"`
- // The ID of the registry.
+ // The registry ID associated with the request.
RegistryId *string `locationName:"registryId" type:"string"`
// The replication configuration for the registry.
@@ -7174,6 +7892,136 @@
return s
}
+type DescribeRepositoryCreationTemplatesInput struct {
+ _ struct{} `type:"structure"`
+
+ // The maximum number of repository results returned by DescribeRepositoryCreationTemplatesRequest
+ // in paginated output. When this parameter is used, DescribeRepositoryCreationTemplatesRequest
+ // only returns maxResults results in a single page along with a nextToken response
+ // element. The remaining results of the initial request can be seen by sending
+ // another DescribeRepositoryCreationTemplatesRequest request with the returned
+ // nextToken value. This value can be between 1 and 1000. If this parameter
+ // is not used, then DescribeRepositoryCreationTemplatesRequest returns up to
+ // 100 results and a nextToken value, if applicable.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // The nextToken value returned from a previous paginated DescribeRepositoryCreationTemplates
+ // request where maxResults was used and the results exceeded the value of that
+ // parameter. Pagination continues from the end of the previous results that
+ // returned the nextToken value. This value is null when there are no more results
+ // to return.
+ //
+ // This token should be treated as an opaque identifier that is only used to
+ // retrieve the next items in a list and not for other programmatic purposes.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // The repository namespace prefixes associated with the repository creation
+ // templates to describe. If this value is not specified, all repository creation
+ // templates are returned.
+ Prefixes []*string `locationName:"prefixes" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeRepositoryCreationTemplatesInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeRepositoryCreationTemplatesInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeRepositoryCreationTemplatesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DescribeRepositoryCreationTemplatesInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *DescribeRepositoryCreationTemplatesInput) SetMaxResults(v int64) *DescribeRepositoryCreationTemplatesInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeRepositoryCreationTemplatesInput) SetNextToken(v string) *DescribeRepositoryCreationTemplatesInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetPrefixes sets the Prefixes field's value.
+func (s *DescribeRepositoryCreationTemplatesInput) SetPrefixes(v []*string) *DescribeRepositoryCreationTemplatesInput {
+ s.Prefixes = v
+ return s
+}
+
+type DescribeRepositoryCreationTemplatesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The nextToken value to include in a future DescribeRepositoryCreationTemplates
+ // request. When the results of a DescribeRepositoryCreationTemplates request
+ // exceed maxResults, this value can be used to retrieve the next page of results.
+ // This value is null when there are no more results to return.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // The registry ID associated with the request.
+ RegistryId *string `locationName:"registryId" type:"string"`
+
+ // The details of the repository creation templates.
+ RepositoryCreationTemplates []*RepositoryCreationTemplate `locationName:"repositoryCreationTemplates" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeRepositoryCreationTemplatesOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeRepositoryCreationTemplatesOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *DescribeRepositoryCreationTemplatesOutput) SetNextToken(v string) *DescribeRepositoryCreationTemplatesOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetRegistryId sets the RegistryId field's value.
+func (s *DescribeRepositoryCreationTemplatesOutput) SetRegistryId(v string) *DescribeRepositoryCreationTemplatesOutput {
+ s.RegistryId = &v
+ return s
+}
+
+// SetRepositoryCreationTemplates sets the RepositoryCreationTemplates field's value.
+func (s *DescribeRepositoryCreationTemplatesOutput) SetRepositoryCreationTemplates(v []*RepositoryCreationTemplate) *DescribeRepositoryCreationTemplatesOutput {
+ s.RepositoryCreationTemplates = v
+ return s
+}
+
// The specified layer upload does not contain any layer parts.
type EmptyUploadException struct {
_ struct{} `type:"structure"`
@@ -7244,7 +8092,7 @@
//
// By default, when no encryption configuration is set or the AES256 encryption
// type is used, Amazon ECR uses server-side encryption with Amazon S3-managed
-// encryption keys which encrypts your data at rest using an AES-256 encryption
+// encryption keys which encrypts your data at rest using an AES256 encryption
// algorithm. This does not require any action on your part.
//
// For more control over the encryption of the contents of your repository,
@@ -7268,7 +8116,7 @@
//
// If you use the AES256 encryption type, Amazon ECR uses server-side encryption
// with Amazon S3-managed encryption keys which encrypts the images in the repository
- // using an AES-256 encryption algorithm. For more information, see Protecting
+ // using an AES256 encryption algorithm. For more information, see Protecting
// data using server-side encryption with Amazon S3-managed encryption keys
// (SSE-S3) (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
// in the Amazon Simple Storage Service Console Developer Guide.
@@ -7329,6 +8177,81 @@
return s
}
+// The encryption configuration to associate with the repository creation template.
+type EncryptionConfigurationForRepositoryCreationTemplate struct {
+ _ struct{} `type:"structure"`
+
+ // The encryption type to use.
+ //
+ // If you use the KMS encryption type, the contents of the repository will be
+ // encrypted using server-side encryption with Key Management Service key stored
+ // in KMS. When you use KMS to encrypt your data, you can either use the default
+ // Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS
+ // key, which you already created. For more information, see Protecting data
+ // using server-side encryption with an KMS key stored in Key Management Service
+ // (SSE-KMS) (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html)
+ // in the Amazon Simple Storage Service Console Developer Guide.
+ //
+ // If you use the AES256 encryption type, Amazon ECR uses server-side encryption
+ // with Amazon S3-managed encryption keys which encrypts the images in the repository
+ // using an AES256 encryption algorithm. For more information, see Protecting
+ // data using server-side encryption with Amazon S3-managed encryption keys
+ // (SSE-S3) (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+ // in the Amazon Simple Storage Service Console Developer Guide.
+ //
+ // EncryptionType is a required field
+ EncryptionType *string `locationName:"encryptionType" type:"string" required:"true" enum:"EncryptionType"`
+
+ // If you use the KMS encryption type, specify the KMS key to use for encryption.
+ // The full ARN of the KMS key must be specified. The key must exist in the
+ // same Region as the repository. If no key is specified, the default Amazon
+ // Web Services managed KMS key for Amazon ECR will be used.
+ KmsKey *string `locationName:"kmsKey" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfigurationForRepositoryCreationTemplate) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfigurationForRepositoryCreationTemplate) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *EncryptionConfigurationForRepositoryCreationTemplate) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "EncryptionConfigurationForRepositoryCreationTemplate"}
+ if s.EncryptionType == nil {
+ invalidParams.Add(request.NewErrParamRequired("EncryptionType"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetEncryptionType sets the EncryptionType field's value.
+func (s *EncryptionConfigurationForRepositoryCreationTemplate) SetEncryptionType(v string) *EncryptionConfigurationForRepositoryCreationTemplate {
+ s.EncryptionType = &v
+ return s
+}
+
+// SetKmsKey sets the KmsKey field's value.
+func (s *EncryptionConfigurationForRepositoryCreationTemplate) SetKmsKey(v string) *EncryptionConfigurationForRepositoryCreationTemplate {
+ s.KmsKey = &v
+ return s
+}
+
// The details of an enhanced image scan. This is returned when enhanced scanning
// is enabled for your private registry.
type EnhancedImageScanFinding struct {
@@ -8041,7 +8964,7 @@
// The JSON text of the permissions policy for a registry.
PolicyText *string `locationName:"policyText" type:"string"`
- // The ID of the registry.
+ // The registry ID associated with the request.
RegistryId *string `locationName:"registryId" type:"string"`
}
@@ -8100,7 +9023,7 @@
type GetRegistryScanningConfigurationOutput struct {
_ struct{} `type:"structure"`
- // The ID of the registry.
+ // The registry ID associated with the request.
RegistryId *string `locationName:"registryId" type:"string"`
// The scanning configuration for the registry.
@@ -11550,7 +12473,7 @@
// The JSON policy text for your registry.
PolicyText *string `locationName:"policyText" type:"string"`
- // The registry ID.
+ // The registry ID associated with the request.
RegistryId *string `locationName:"registryId" type:"string"`
}
@@ -12460,6 +13383,140 @@
return s.RespMetadata.RequestID
}
+// The details of the repository creation template associated with the request.
+type RepositoryCreationTemplate struct {
+ _ struct{} `type:"structure"`
+
+ // A list of enumerable Strings representing the repository creation scenarios
+ // that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE
+ // and REPLICATION
+ AppliedFor []*string `locationName:"appliedFor" type:"list" enum:"RCTAppliedFor"`
+
+ // The date and time, in JavaScript date format, when the repository creation
+ // template was created.
+ CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
+
+ // The ARN of the role to be assumed by Amazon ECR.
+ CustomRoleArn *string `locationName:"customRoleArn" type:"string"`
+
+ // The description associated with the repository creation template.
+ Description *string `locationName:"description" type:"string"`
+
+ // The encryption configuration associated with the repository creation template.
+ EncryptionConfiguration *EncryptionConfigurationForRepositoryCreationTemplate `locationName:"encryptionConfiguration" type:"structure"`
+
+ // The tag mutability setting for the repository. If this parameter is omitted,
+ // the default setting of MUTABLE will be used which will allow image tags to
+ // be overwritten. If IMMUTABLE is specified, all image tags within the repository
+ // will be immutable which will prevent them from being overwritten.
+ ImageTagMutability *string `locationName:"imageTagMutability" type:"string" enum:"ImageTagMutability"`
+
+ // The lifecycle policy to use for repositories created using the template.
+ LifecyclePolicy *string `locationName:"lifecyclePolicy" type:"string"`
+
+ // The repository namespace prefix associated with the repository creation template.
+ Prefix *string `locationName:"prefix" min:"1" type:"string"`
+
+ // he repository policy to apply to repositories created using the template.
+ // A repository policy is a permissions policy associated with a repository
+ // to control access permissions.
+ RepositoryPolicy *string `locationName:"repositoryPolicy" type:"string"`
+
+ // The metadata to apply to the repository to help you categorize and organize.
+ // Each tag consists of a key and an optional value, both of which you define.
+ // Tag keys can have a maximum character length of 128 characters, and tag values
+ // can have a maximum length of 256 characters.
+ ResourceTags []*Tag `locationName:"resourceTags" type:"list"`
+
+ // The date and time, in JavaScript date format, when the repository creation
+ // template was last updated.
+ UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RepositoryCreationTemplate) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RepositoryCreationTemplate) GoString() string {
+ return s.String()
+}
+
+// SetAppliedFor sets the AppliedFor field's value.
+func (s *RepositoryCreationTemplate) SetAppliedFor(v []*string) *RepositoryCreationTemplate {
+ s.AppliedFor = v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *RepositoryCreationTemplate) SetCreatedAt(v time.Time) *RepositoryCreationTemplate {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetCustomRoleArn sets the CustomRoleArn field's value.
+func (s *RepositoryCreationTemplate) SetCustomRoleArn(v string) *RepositoryCreationTemplate {
+ s.CustomRoleArn = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *RepositoryCreationTemplate) SetDescription(v string) *RepositoryCreationTemplate {
+ s.Description = &v
+ return s
+}
+
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *RepositoryCreationTemplate) SetEncryptionConfiguration(v *EncryptionConfigurationForRepositoryCreationTemplate) *RepositoryCreationTemplate {
+ s.EncryptionConfiguration = v
+ return s
+}
+
+// SetImageTagMutability sets the ImageTagMutability field's value.
+func (s *RepositoryCreationTemplate) SetImageTagMutability(v string) *RepositoryCreationTemplate {
+ s.ImageTagMutability = &v
+ return s
+}
+
+// SetLifecyclePolicy sets the LifecyclePolicy field's value.
+func (s *RepositoryCreationTemplate) SetLifecyclePolicy(v string) *RepositoryCreationTemplate {
+ s.LifecyclePolicy = &v
+ return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *RepositoryCreationTemplate) SetPrefix(v string) *RepositoryCreationTemplate {
+ s.Prefix = &v
+ return s
+}
+
+// SetRepositoryPolicy sets the RepositoryPolicy field's value.
+func (s *RepositoryCreationTemplate) SetRepositoryPolicy(v string) *RepositoryCreationTemplate {
+ s.RepositoryPolicy = &v
+ return s
+}
+
+// SetResourceTags sets the ResourceTags field's value.
+func (s *RepositoryCreationTemplate) SetResourceTags(v []*Tag) *RepositoryCreationTemplate {
+ s.ResourceTags = v
+ return s
+}
+
+// SetUpdatedAt sets the UpdatedAt field's value.
+func (s *RepositoryCreationTemplate) SetUpdatedAt(v time.Time) *RepositoryCreationTemplate {
+ s.UpdatedAt = &v
+ return s
+}
+
// The filter settings used with image replication. Specifying a repository
// filter to a replication rule provides a method for controlling which repositories
// in a private registry are replicated. If no filters are added, the contents
@@ -13796,6 +14853,136 @@
return s.String()
}
+// The repository creation template already exists. Specify a unique prefix
+// and try again.
+type TemplateAlreadyExistsException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TemplateAlreadyExistsException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TemplateAlreadyExistsException) GoString() string {
+ return s.String()
+}
+
+func newErrorTemplateAlreadyExistsException(v protocol.ResponseMetadata) error {
+ return &TemplateAlreadyExistsException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *TemplateAlreadyExistsException) Code() string {
+ return "TemplateAlreadyExistsException"
+}
+
+// Message returns the exception's message.
+func (s *TemplateAlreadyExistsException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *TemplateAlreadyExistsException) OrigErr() error {
+ return nil
+}
+
+func (s *TemplateAlreadyExistsException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *TemplateAlreadyExistsException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *TemplateAlreadyExistsException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The specified repository creation template can't be found. Verify the registry
+// ID and prefix and try again.
+type TemplateNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TemplateNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TemplateNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorTemplateNotFoundException(v protocol.ResponseMetadata) error {
+ return &TemplateNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *TemplateNotFoundException) Code() string {
+ return "TemplateNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *TemplateNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *TemplateNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *TemplateNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *TemplateNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *TemplateNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
// The list of tags on the repository is over the limit. The maximum number
// of tags that can be applied to a repository is 50.
type TooManyTagsException struct {
@@ -14471,6 +15658,200 @@
return s
}
+type UpdateRepositoryCreationTemplateInput struct {
+ _ struct{} `type:"structure"`
+
+ // Updates the list of enumerable strings representing the Amazon ECR repository
+ // creation scenarios that this template will apply towards. The two supported
+ // scenarios are PULL_THROUGH_CACHE and REPLICATION
+ AppliedFor []*string `locationName:"appliedFor" type:"list" enum:"RCTAppliedFor"`
+
+ // The ARN of the role to be assumed by Amazon ECR. This role must be in the
+ // same account as the registry that you are configuring.
+ CustomRoleArn *string `locationName:"customRoleArn" type:"string"`
+
+ // A description for the repository creation template.
+ Description *string `locationName:"description" type:"string"`
+
+ // The encryption configuration to associate with the repository creation template.
+ EncryptionConfiguration *EncryptionConfigurationForRepositoryCreationTemplate `locationName:"encryptionConfiguration" type:"structure"`
+
+ // Updates the tag mutability setting for the repository. If this parameter
+ // is omitted, the default setting of MUTABLE will be used which will allow
+ // image tags to be overwritten. If IMMUTABLE is specified, all image tags within
+ // the repository will be immutable which will prevent them from being overwritten.
+ ImageTagMutability *string `locationName:"imageTagMutability" type:"string" enum:"ImageTagMutability"`
+
+ // Updates the lifecycle policy associated with the specified repository creation
+ // template.
+ LifecyclePolicy *string `locationName:"lifecyclePolicy" type:"string"`
+
+ // The repository namespace prefix that matches an existing repository creation
+ // template in the registry. All repositories created using this namespace prefix
+ // will have the settings defined in this template applied. For example, a prefix
+ // of prod would apply to all repositories beginning with prod/. This includes
+ // a repository named prod/team1 as well as a repository named prod/repository1.
+ //
+ // To apply a template to all repositories in your registry that don't have
+ // an associated creation template, you can use ROOT as the prefix.
+ //
+ // Prefix is a required field
+ Prefix *string `locationName:"prefix" min:"1" type:"string" required:"true"`
+
+ // Updates the repository policy created using the template. A repository policy
+ // is a permissions policy associated with a repository to control access permissions.
+ RepositoryPolicy *string `locationName:"repositoryPolicy" type:"string"`
+
+ // The metadata to apply to the repository to help you categorize and organize.
+ // Each tag consists of a key and an optional value, both of which you define.
+ // Tag keys can have a maximum character length of 128 characters, and tag values
+ // can have a maximum length of 256 characters.
+ ResourceTags []*Tag `locationName:"resourceTags" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateRepositoryCreationTemplateInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateRepositoryCreationTemplateInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateRepositoryCreationTemplateInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateRepositoryCreationTemplateInput"}
+ if s.Prefix == nil {
+ invalidParams.Add(request.NewErrParamRequired("Prefix"))
+ }
+ if s.Prefix != nil && len(*s.Prefix) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Prefix", 1))
+ }
+ if s.EncryptionConfiguration != nil {
+ if err := s.EncryptionConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.ResourceTags != nil {
+ for i, v := range s.ResourceTags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ResourceTags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAppliedFor sets the AppliedFor field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetAppliedFor(v []*string) *UpdateRepositoryCreationTemplateInput {
+ s.AppliedFor = v
+ return s
+}
+
+// SetCustomRoleArn sets the CustomRoleArn field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetCustomRoleArn(v string) *UpdateRepositoryCreationTemplateInput {
+ s.CustomRoleArn = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetDescription(v string) *UpdateRepositoryCreationTemplateInput {
+ s.Description = &v
+ return s
+}
+
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetEncryptionConfiguration(v *EncryptionConfigurationForRepositoryCreationTemplate) *UpdateRepositoryCreationTemplateInput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
+// SetImageTagMutability sets the ImageTagMutability field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetImageTagMutability(v string) *UpdateRepositoryCreationTemplateInput {
+ s.ImageTagMutability = &v
+ return s
+}
+
+// SetLifecyclePolicy sets the LifecyclePolicy field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetLifecyclePolicy(v string) *UpdateRepositoryCreationTemplateInput {
+ s.LifecyclePolicy = &v
+ return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetPrefix(v string) *UpdateRepositoryCreationTemplateInput {
+ s.Prefix = &v
+ return s
+}
+
+// SetRepositoryPolicy sets the RepositoryPolicy field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetRepositoryPolicy(v string) *UpdateRepositoryCreationTemplateInput {
+ s.RepositoryPolicy = &v
+ return s
+}
+
+// SetResourceTags sets the ResourceTags field's value.
+func (s *UpdateRepositoryCreationTemplateInput) SetResourceTags(v []*Tag) *UpdateRepositoryCreationTemplateInput {
+ s.ResourceTags = v
+ return s
+}
+
+type UpdateRepositoryCreationTemplateOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The registry ID associated with the request.
+ RegistryId *string `locationName:"registryId" type:"string"`
+
+ // The details of the repository creation template associated with the request.
+ RepositoryCreationTemplate *RepositoryCreationTemplate `locationName:"repositoryCreationTemplate" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateRepositoryCreationTemplateOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateRepositoryCreationTemplateOutput) GoString() string {
+ return s.String()
+}
+
+// SetRegistryId sets the RegistryId field's value.
+func (s *UpdateRepositoryCreationTemplateOutput) SetRegistryId(v string) *UpdateRepositoryCreationTemplateOutput {
+ s.RegistryId = &v
+ return s
+}
+
+// SetRepositoryCreationTemplate sets the RepositoryCreationTemplate field's value.
+func (s *UpdateRepositoryCreationTemplateOutput) SetRepositoryCreationTemplate(v *RepositoryCreationTemplate) *UpdateRepositoryCreationTemplateOutput {
+ s.RepositoryCreationTemplate = v
+ return s
+}
+
type UploadLayerPartInput struct {
_ struct{} `type:"structure"`
@@ -15196,6 +16577,22 @@
}
const (
+ // RCTAppliedForReplication is a RCTAppliedFor enum value
+ RCTAppliedForReplication = "REPLICATION"
+
+ // RCTAppliedForPullThroughCache is a RCTAppliedFor enum value
+ RCTAppliedForPullThroughCache = "PULL_THROUGH_CACHE"
+)
+
+// RCTAppliedFor_Values returns all elements of the RCTAppliedFor enum
+func RCTAppliedFor_Values() []string {
+ return []string{
+ RCTAppliedForReplication,
+ RCTAppliedForPullThroughCache,
+ }
+}
+
+const (
// ReplicationStatusInProgress is a ReplicationStatus enum value
ReplicationStatusInProgress = "IN_PROGRESS"
diff --git a/service/ecr/ecriface/interface.go b/service/ecr/ecriface/interface.go
index cba70e7..cc89e94 100644
--- a/service/ecr/ecriface/interface.go
+++ b/service/ecr/ecriface/interface.go
@@ -88,6 +88,10 @@
CreateRepositoryWithContext(aws.Context, *ecr.CreateRepositoryInput, ...request.Option) (*ecr.CreateRepositoryOutput, error)
CreateRepositoryRequest(*ecr.CreateRepositoryInput) (*request.Request, *ecr.CreateRepositoryOutput)
+ CreateRepositoryCreationTemplate(*ecr.CreateRepositoryCreationTemplateInput) (*ecr.CreateRepositoryCreationTemplateOutput, error)
+ CreateRepositoryCreationTemplateWithContext(aws.Context, *ecr.CreateRepositoryCreationTemplateInput, ...request.Option) (*ecr.CreateRepositoryCreationTemplateOutput, error)
+ CreateRepositoryCreationTemplateRequest(*ecr.CreateRepositoryCreationTemplateInput) (*request.Request, *ecr.CreateRepositoryCreationTemplateOutput)
+
DeleteLifecyclePolicy(*ecr.DeleteLifecyclePolicyInput) (*ecr.DeleteLifecyclePolicyOutput, error)
DeleteLifecyclePolicyWithContext(aws.Context, *ecr.DeleteLifecyclePolicyInput, ...request.Option) (*ecr.DeleteLifecyclePolicyOutput, error)
DeleteLifecyclePolicyRequest(*ecr.DeleteLifecyclePolicyInput) (*request.Request, *ecr.DeleteLifecyclePolicyOutput)
@@ -104,6 +108,10 @@
DeleteRepositoryWithContext(aws.Context, *ecr.DeleteRepositoryInput, ...request.Option) (*ecr.DeleteRepositoryOutput, error)
DeleteRepositoryRequest(*ecr.DeleteRepositoryInput) (*request.Request, *ecr.DeleteRepositoryOutput)
+ DeleteRepositoryCreationTemplate(*ecr.DeleteRepositoryCreationTemplateInput) (*ecr.DeleteRepositoryCreationTemplateOutput, error)
+ DeleteRepositoryCreationTemplateWithContext(aws.Context, *ecr.DeleteRepositoryCreationTemplateInput, ...request.Option) (*ecr.DeleteRepositoryCreationTemplateOutput, error)
+ DeleteRepositoryCreationTemplateRequest(*ecr.DeleteRepositoryCreationTemplateInput) (*request.Request, *ecr.DeleteRepositoryCreationTemplateOutput)
+
DeleteRepositoryPolicy(*ecr.DeleteRepositoryPolicyInput) (*ecr.DeleteRepositoryPolicyOutput, error)
DeleteRepositoryPolicyWithContext(aws.Context, *ecr.DeleteRepositoryPolicyInput, ...request.Option) (*ecr.DeleteRepositoryPolicyOutput, error)
DeleteRepositoryPolicyRequest(*ecr.DeleteRepositoryPolicyInput) (*request.Request, *ecr.DeleteRepositoryPolicyOutput)
@@ -144,6 +152,13 @@
DescribeRepositoriesPages(*ecr.DescribeRepositoriesInput, func(*ecr.DescribeRepositoriesOutput, bool) bool) error
DescribeRepositoriesPagesWithContext(aws.Context, *ecr.DescribeRepositoriesInput, func(*ecr.DescribeRepositoriesOutput, bool) bool, ...request.Option) error
+ DescribeRepositoryCreationTemplates(*ecr.DescribeRepositoryCreationTemplatesInput) (*ecr.DescribeRepositoryCreationTemplatesOutput, error)
+ DescribeRepositoryCreationTemplatesWithContext(aws.Context, *ecr.DescribeRepositoryCreationTemplatesInput, ...request.Option) (*ecr.DescribeRepositoryCreationTemplatesOutput, error)
+ DescribeRepositoryCreationTemplatesRequest(*ecr.DescribeRepositoryCreationTemplatesInput) (*request.Request, *ecr.DescribeRepositoryCreationTemplatesOutput)
+
+ DescribeRepositoryCreationTemplatesPages(*ecr.DescribeRepositoryCreationTemplatesInput, func(*ecr.DescribeRepositoryCreationTemplatesOutput, bool) bool) error
+ DescribeRepositoryCreationTemplatesPagesWithContext(aws.Context, *ecr.DescribeRepositoryCreationTemplatesInput, func(*ecr.DescribeRepositoryCreationTemplatesOutput, bool) bool, ...request.Option) error
+
GetAuthorizationToken(*ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error)
GetAuthorizationTokenWithContext(aws.Context, *ecr.GetAuthorizationTokenInput, ...request.Option) (*ecr.GetAuthorizationTokenOutput, error)
GetAuthorizationTokenRequest(*ecr.GetAuthorizationTokenInput) (*request.Request, *ecr.GetAuthorizationTokenOutput)
@@ -242,6 +257,10 @@
UpdatePullThroughCacheRuleWithContext(aws.Context, *ecr.UpdatePullThroughCacheRuleInput, ...request.Option) (*ecr.UpdatePullThroughCacheRuleOutput, error)
UpdatePullThroughCacheRuleRequest(*ecr.UpdatePullThroughCacheRuleInput) (*request.Request, *ecr.UpdatePullThroughCacheRuleOutput)
+ UpdateRepositoryCreationTemplate(*ecr.UpdateRepositoryCreationTemplateInput) (*ecr.UpdateRepositoryCreationTemplateOutput, error)
+ UpdateRepositoryCreationTemplateWithContext(aws.Context, *ecr.UpdateRepositoryCreationTemplateInput, ...request.Option) (*ecr.UpdateRepositoryCreationTemplateOutput, error)
+ UpdateRepositoryCreationTemplateRequest(*ecr.UpdateRepositoryCreationTemplateInput) (*request.Request, *ecr.UpdateRepositoryCreationTemplateOutput)
+
UploadLayerPart(*ecr.UploadLayerPartInput) (*ecr.UploadLayerPartOutput, error)
UploadLayerPartWithContext(aws.Context, *ecr.UploadLayerPartInput, ...request.Option) (*ecr.UploadLayerPartOutput, error)
UploadLayerPartRequest(*ecr.UploadLayerPartInput) (*request.Request, *ecr.UploadLayerPartOutput)
diff --git a/service/ecr/errors.go b/service/ecr/errors.go
index 4e2bed9..ae0e20f 100644
--- a/service/ecr/errors.go
+++ b/service/ecr/errors.go
@@ -202,6 +202,20 @@
// These errors are usually caused by a server-side issue.
ErrCodeServerException = "ServerException"
+ // ErrCodeTemplateAlreadyExistsException for service response error code
+ // "TemplateAlreadyExistsException".
+ //
+ // The repository creation template already exists. Specify a unique prefix
+ // and try again.
+ ErrCodeTemplateAlreadyExistsException = "TemplateAlreadyExistsException"
+
+ // ErrCodeTemplateNotFoundException for service response error code
+ // "TemplateNotFoundException".
+ //
+ // The specified repository creation template can't be found. Verify the registry
+ // ID and prefix and try again.
+ ErrCodeTemplateNotFoundException = "TemplateNotFoundException"
+
// ErrCodeTooManyTagsException for service response error code
// "TooManyTagsException".
//
@@ -294,6 +308,8 @@
"ScanNotFoundException": newErrorScanNotFoundException,
"SecretNotFoundException": newErrorSecretNotFoundException,
"ServerException": newErrorServerException,
+ "TemplateAlreadyExistsException": newErrorTemplateAlreadyExistsException,
+ "TemplateNotFoundException": newErrorTemplateNotFoundException,
"TooManyTagsException": newErrorTooManyTagsException,
"UnableToAccessSecretException": newErrorUnableToAccessSecretException,
"UnableToDecryptSecretValueException": newErrorUnableToDecryptSecretValueException,
diff --git a/service/ecr/examples_test.go b/service/ecr/examples_test.go
index 1cd5801..d37c28e 100644
--- a/service/ecr/examples_test.go
+++ b/service/ecr/examples_test.go
@@ -146,6 +146,59 @@
fmt.Println(result)
}
+// Create a new repository creation template
+// This example creates a repository creation template.
+func ExampleECR_CreateRepositoryCreationTemplate_shared00() {
+ svc := ecr.New(session.New())
+ input := &ecr.CreateRepositoryCreationTemplateInput{
+ AppliedFor: []*string{
+ aws.String("REPLICATION"),
+ aws.String("PULL_THROUGH_CACHE"),
+ },
+ Description: aws.String("Repos for testing images"),
+ EncryptionConfiguration: &ecr.EncryptionConfigurationForRepositoryCreationTemplate{
+ EncryptionType: aws.String("AES256"),
+ },
+ ImageTagMutability: aws.String("MUTABLE"),
+ LifecyclePolicy: aws.String("{\r\n \"rules\": [\r\n {\r\n \"rulePriority\": 1,\r\n \"description\": \"Expire images older than 14 days\",\r\n \"selection\": {\r\n \"tagStatus\": \"untagged\",\r\n \"countType\": \"sinceImagePushed\",\r\n \"countUnit\": \"days\",\r\n \"countNumber\": 14\r\n },\r\n \"action\": {\r\n \"type\": \"expire\"\r\n }\r\n }\r\n ]\r\n}"),
+ Prefix: aws.String("eng/test"),
+ RepositoryPolicy: aws.String("{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n {\r\n \"Sid\": \"LambdaECRPullPolicy\",\r\n \"Effect\": \"Allow\",\r\n \"Principal\": {\r\n \"Service\": \"lambda.amazonaws.com\"\r\n },\r\n \"Action\": \"ecr:BatchGetImage\"\r\n }\r\n ]\r\n}"),
+ ResourceTags: []*ecr.Tag{
+ {
+ Key: aws.String("environment"),
+ Value: aws.String("test"),
+ },
+ },
+ }
+
+ result, err := svc.CreateRepositoryCreationTemplate(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case ecr.ErrCodeServerException:
+ fmt.Println(ecr.ErrCodeServerException, aerr.Error())
+ case ecr.ErrCodeValidationException:
+ fmt.Println(ecr.ErrCodeValidationException, aerr.Error())
+ case ecr.ErrCodeInvalidParameterException:
+ fmt.Println(ecr.ErrCodeInvalidParameterException, aerr.Error())
+ case ecr.ErrCodeLimitExceededException:
+ fmt.Println(ecr.ErrCodeLimitExceededException, aerr.Error())
+ case ecr.ErrCodeTemplateAlreadyExistsException:
+ fmt.Println(ecr.ErrCodeTemplateAlreadyExistsException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
// To force delete a repository
// This example force deletes a repository named ubuntu in the default registry for
// an account. The force parameter is required if the repository contains images.
@@ -184,6 +237,40 @@
fmt.Println(result)
}
+// Delete a repository creation template
+// This example deletes a repository creation template.
+func ExampleECR_DeleteRepositoryCreationTemplate_shared00() {
+ svc := ecr.New(session.New())
+ input := &ecr.DeleteRepositoryCreationTemplateInput{
+ Prefix: aws.String("eng"),
+ }
+
+ result, err := svc.DeleteRepositoryCreationTemplate(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case ecr.ErrCodeServerException:
+ fmt.Println(ecr.ErrCodeServerException, aerr.Error())
+ case ecr.ErrCodeValidationException:
+ fmt.Println(ecr.ErrCodeValidationException, aerr.Error())
+ case ecr.ErrCodeInvalidParameterException:
+ fmt.Println(ecr.ErrCodeInvalidParameterException, aerr.Error())
+ case ecr.ErrCodeTemplateNotFoundException:
+ fmt.Println(ecr.ErrCodeTemplateNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
// To delete the policy associated with a repository
// This example deletes the policy associated with the repository named ubuntu in the
// current account.
@@ -250,6 +337,42 @@
fmt.Println(result)
}
+// Describe a repository creation template
+// This example describes the contents of a repository creation template.
+func ExampleECR_DescribeRepositoryCreationTemplates_shared00() {
+ svc := ecr.New(session.New())
+ input := &ecr.DescribeRepositoryCreationTemplatesInput{
+ MaxResults: aws.Int64(123),
+ NextToken: aws.String(""),
+ Prefixes: []*string{
+ aws.String("eng"),
+ },
+ }
+
+ result, err := svc.DescribeRepositoryCreationTemplates(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case ecr.ErrCodeServerException:
+ fmt.Println(ecr.ErrCodeServerException, aerr.Error())
+ case ecr.ErrCodeValidationException:
+ fmt.Println(ecr.ErrCodeValidationException, aerr.Error())
+ case ecr.ErrCodeInvalidParameterException:
+ fmt.Println(ecr.ErrCodeInvalidParameterException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
// To obtain an authorization token
// This example gets an authorization token for your default registry.
func ExampleECR_GetAuthorizationToken_shared00() {
@@ -344,3 +467,46 @@
fmt.Println(result)
}
+
+// Update a repository creation template
+// This example updates a repository creation template.
+func ExampleECR_UpdateRepositoryCreationTemplate_shared00() {
+ svc := ecr.New(session.New())
+ input := &ecr.UpdateRepositoryCreationTemplateInput{
+ AppliedFor: []*string{
+ aws.String("REPLICATION"),
+ },
+ Prefix: aws.String("eng/test"),
+ ResourceTags: []*ecr.Tag{
+ {
+ Key: aws.String("environment"),
+ Value: aws.String("test"),
+ },
+ },
+ }
+
+ result, err := svc.UpdateRepositoryCreationTemplate(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case ecr.ErrCodeServerException:
+ fmt.Println(ecr.ErrCodeServerException, aerr.Error())
+ case ecr.ErrCodeValidationException:
+ fmt.Println(ecr.ErrCodeValidationException, aerr.Error())
+ case ecr.ErrCodeInvalidParameterException:
+ fmt.Println(ecr.ErrCodeInvalidParameterException, aerr.Error())
+ case ecr.ErrCodeTemplateNotFoundException:
+ fmt.Println(ecr.ErrCodeTemplateNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
diff --git a/service/eks/api.go b/service/eks/api.go
index 6adcdad..bf303c0 100644
--- a/service/eks/api.go
+++ b/service/eks/api.go
@@ -8007,6 +8007,11 @@
// any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+ // This value indicates if extended support is enabled or disabled for the cluster.
+ //
+ // Learn more about EKS Extended Support in the EKS User Guide. (https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)
+ UpgradePolicy *UpgradePolicyResponse `locationName:"upgradePolicy" type:"structure"`
+
// The Kubernetes server version for the cluster.
Version *string `locationName:"version" type:"string"`
}
@@ -8149,6 +8154,12 @@
return s
}
+// SetUpgradePolicy sets the UpgradePolicy field's value.
+func (s *Cluster) SetUpgradePolicy(v *UpgradePolicyResponse) *Cluster {
+ s.UpgradePolicy = v
+ return s
+}
+
// SetVersion sets the Version field's value.
func (s *Cluster) SetVersion(v string) *Cluster {
s.Version = &v
@@ -9019,6 +9030,10 @@
// any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+ // New clusters, by default, have extended support enabled. You can disable
+ // extended support when creating a cluster by setting this value to STANDARD.
+ UpgradePolicy *UpgradePolicyRequest `locationName:"upgradePolicy" type:"structure"`
+
// The desired Kubernetes version for your cluster. If you don't specify a value
// here, the default version available in Amazon EKS is used.
//
@@ -9140,6 +9155,12 @@
return s
}
+// SetUpgradePolicy sets the UpgradePolicy field's value.
+func (s *CreateClusterInput) SetUpgradePolicy(v *UpgradePolicyRequest) *CreateClusterInput {
+ s.UpgradePolicy = v
+ return s
+}
+
// SetVersion sets the Version field's value.
func (s *CreateClusterInput) SetVersion(v string) *CreateClusterInput {
s.Version = &v
@@ -18329,6 +18350,11 @@
// An object representing the VPC configuration to use for an Amazon EKS cluster.
ResourcesVpcConfig *VpcConfigRequest `locationName:"resourcesVpcConfig" type:"structure"`
+
+ // You can enable or disable extended support for clusters currently on standard
+ // support. You cannot disable extended support once it starts. You must enable
+ // extended support before your cluster exits standard support.
+ UpgradePolicy *UpgradePolicyRequest `locationName:"upgradePolicy" type:"structure"`
}
// String returns the string representation.
@@ -18395,6 +18421,12 @@
return s
}
+// SetUpgradePolicy sets the UpgradePolicy field's value.
+func (s *UpdateClusterConfigInput) SetUpgradePolicy(v *UpgradePolicyRequest) *UpdateClusterConfigInput {
+ s.UpgradePolicy = v
+ return s
+}
+
type UpdateClusterConfigOutput struct {
_ struct{} `type:"structure"`
@@ -19233,6 +19265,85 @@
return s
}
+// The support policy to use for the cluster. Extended support allows you to
+// remain on specific Kubernetes versions for longer. Clusters in extended support
+// have higher costs. The default value is EXTENDED. Use STANDARD to disable
+// extended support.
+//
+// Learn more about EKS Extended Support in the EKS User Guide. (https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)
+type UpgradePolicyRequest struct {
+ _ struct{} `type:"structure"`
+
+ // If the cluster is set to EXTENDED, it will enter extended support at the
+ // end of standard support. If the cluster is set to STANDARD, it will be automatically
+ // upgraded at the end of standard support.
+ //
+ // Learn more about EKS Extended Support in the EKS User Guide. (https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)
+ SupportType *string `locationName:"supportType" type:"string" enum:"SupportType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpgradePolicyRequest) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpgradePolicyRequest) GoString() string {
+ return s.String()
+}
+
+// SetSupportType sets the SupportType field's value.
+func (s *UpgradePolicyRequest) SetSupportType(v string) *UpgradePolicyRequest {
+ s.SupportType = &v
+ return s
+}
+
+// This value indicates if extended support is enabled or disabled for the cluster.
+//
+// Learn more about EKS Extended Support in the EKS User Guide. (https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)
+type UpgradePolicyResponse struct {
+ _ struct{} `type:"structure"`
+
+ // If the cluster is set to EXTENDED, it will enter extended support at the
+ // end of standard support. If the cluster is set to STANDARD, it will be automatically
+ // upgraded at the end of standard support.
+ //
+ // Learn more about EKS Extended Support in the EKS User Guide. (https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)
+ SupportType *string `locationName:"supportType" type:"string" enum:"SupportType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpgradePolicyResponse) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpgradePolicyResponse) GoString() string {
+ return s.String()
+}
+
+// SetSupportType sets the SupportType field's value.
+func (s *UpgradePolicyResponse) SetSupportType(v string) *UpgradePolicyResponse {
+ s.SupportType = &v
+ return s
+}
+
// An object representing the VPC configuration to use for an Amazon EKS cluster.
type VpcConfigRequest struct {
_ struct{} `type:"structure"`
@@ -20285,6 +20396,22 @@
}
const (
+ // SupportTypeStandard is a SupportType enum value
+ SupportTypeStandard = "STANDARD"
+
+ // SupportTypeExtended is a SupportType enum value
+ SupportTypeExtended = "EXTENDED"
+)
+
+// SupportType_Values returns all elements of the SupportType enum
+func SupportType_Values() []string {
+ return []string{
+ SupportTypeStandard,
+ SupportTypeExtended,
+ }
+}
+
+const (
// TaintEffectNoSchedule is a TaintEffect enum value
TaintEffectNoSchedule = "NO_SCHEDULE"
@@ -20388,6 +20515,9 @@
// UpdateParamTypePodIdentityAssociations is a UpdateParamType enum value
UpdateParamTypePodIdentityAssociations = "PodIdentityAssociations"
+
+ // UpdateParamTypeUpgradePolicy is a UpdateParamType enum value
+ UpdateParamTypeUpgradePolicy = "UpgradePolicy"
)
// UpdateParamType_Values returns all elements of the UpdateParamType enum
@@ -20421,6 +20551,7 @@
UpdateParamTypeSubnets,
UpdateParamTypeAuthenticationMode,
UpdateParamTypePodIdentityAssociations,
+ UpdateParamTypeUpgradePolicy,
}
}
@@ -20478,6 +20609,9 @@
// UpdateTypeAccessConfigUpdate is a UpdateType enum value
UpdateTypeAccessConfigUpdate = "AccessConfigUpdate"
+
+ // UpdateTypeUpgradePolicyUpdate is a UpdateType enum value
+ UpdateTypeUpgradePolicyUpdate = "UpgradePolicyUpdate"
)
// UpdateType_Values returns all elements of the UpdateType enum
@@ -20493,5 +20627,6 @@
UpdateTypeAddonUpdate,
UpdateTypeVpcConfigUpdate,
UpdateTypeAccessConfigUpdate,
+ UpdateTypeUpgradePolicyUpdate,
}
}
diff --git a/service/elbv2/api.go b/service/elbv2/api.go
index a1ff3f2..b773205 100644
--- a/service/elbv2/api.go
+++ b/service/elbv2/api.go
@@ -1173,6 +1173,92 @@
return out, req.Send()
}
+const opDeleteSharedTrustStoreAssociation = "DeleteSharedTrustStoreAssociation"
+
+// DeleteSharedTrustStoreAssociationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteSharedTrustStoreAssociation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteSharedTrustStoreAssociation for more information on using the DeleteSharedTrustStoreAssociation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteSharedTrustStoreAssociationRequest method.
+// req, resp := client.DeleteSharedTrustStoreAssociationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DeleteSharedTrustStoreAssociation
+func (c *ELBV2) DeleteSharedTrustStoreAssociationRequest(input *DeleteSharedTrustStoreAssociationInput) (req *request.Request, output *DeleteSharedTrustStoreAssociationOutput) {
+ op := &request.Operation{
+ Name: opDeleteSharedTrustStoreAssociation,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DeleteSharedTrustStoreAssociationInput{}
+ }
+
+ output = &DeleteSharedTrustStoreAssociationOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteSharedTrustStoreAssociation API operation for Elastic Load Balancing.
+//
+// Deletes a shared trust store association.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Elastic Load Balancing's
+// API operation DeleteSharedTrustStoreAssociation for usage and error information.
+//
+// Returned Error Codes:
+//
+// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound"
+// The specified trust store does not exist.
+//
+// - ErrCodeDeleteAssociationSameAccountException "DeleteAssociationSameAccount"
+// The specified association cannot be within the same account.
+//
+// - ErrCodeTrustStoreAssociationNotFoundException "AssociationNotFound"
+// The specified association does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DeleteSharedTrustStoreAssociation
+func (c *ELBV2) DeleteSharedTrustStoreAssociation(input *DeleteSharedTrustStoreAssociationInput) (*DeleteSharedTrustStoreAssociationOutput, error) {
+ req, out := c.DeleteSharedTrustStoreAssociationRequest(input)
+ return out, req.Send()
+}
+
+// DeleteSharedTrustStoreAssociationWithContext is the same as DeleteSharedTrustStoreAssociation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteSharedTrustStoreAssociation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ELBV2) DeleteSharedTrustStoreAssociationWithContext(ctx aws.Context, input *DeleteSharedTrustStoreAssociationInput, opts ...request.Option) (*DeleteSharedTrustStoreAssociationOutput, error) {
+ req, out := c.DeleteSharedTrustStoreAssociationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDeleteTargetGroup = "DeleteTargetGroup"
// DeleteTargetGroupRequest generates a "aws/request.Request" representing the
@@ -2745,8 +2831,8 @@
// DescribeTrustStoreRevocations API operation for Elastic Load Balancing.
//
-// Describes the revocation files in use by the specified trust store arn, or
-// revocation ID.
+// Describes the revocation files in use by the specified trust store or revocation
+// files.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2885,8 +2971,7 @@
// DescribeTrustStores API operation for Elastic Load Balancing.
//
-// Describes all trust stores for a given account by trust store arn’s or
-// name.
+// Describes all trust stores for the specified account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2972,6 +3057,84 @@
return p.Err()
}
+const opGetResourcePolicy = "GetResourcePolicy"
+
+// GetResourcePolicyRequest generates a "aws/request.Request" representing the
+// client's request for the GetResourcePolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetResourcePolicy for more information on using the GetResourcePolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetResourcePolicyRequest method.
+// req, resp := client.GetResourcePolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetResourcePolicy
+func (c *ELBV2) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) {
+ op := &request.Operation{
+ Name: opGetResourcePolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetResourcePolicyInput{}
+ }
+
+ output = &GetResourcePolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetResourcePolicy API operation for Elastic Load Balancing.
+//
+// Retrieves the resource policy for a specified resource.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Elastic Load Balancing's
+// API operation GetResourcePolicy for usage and error information.
+//
+// Returned Error Codes:
+// - ErrCodeResourceNotFoundException "ResourceNotFound"
+// The specified resource does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetResourcePolicy
+func (c *ELBV2) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) {
+ req, out := c.GetResourcePolicyRequest(input)
+ return out, req.Send()
+}
+
+// GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetResourcePolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *ELBV2) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) {
+ req, out := c.GetResourcePolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opGetTrustStoreCaCertificatesBundle = "GetTrustStoreCaCertificatesBundle"
// GetTrustStoreCaCertificatesBundleRequest generates a "aws/request.Request" representing the
@@ -3694,7 +3857,7 @@
// ModifyTrustStore API operation for Elastic Load Balancing.
//
-// Update the ca certificate bundle for a given trust store.
+// Update the ca certificate bundle for the specified trust store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -6653,6 +6816,88 @@
return s.String()
}
+type DeleteSharedTrustStoreAssociationInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the resource.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `type:"string" required:"true"`
+
+ // The Amazon Resource Name (ARN) of the trust store.
+ //
+ // TrustStoreArn is a required field
+ TrustStoreArn *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSharedTrustStoreAssociationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSharedTrustStoreAssociationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteSharedTrustStoreAssociationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteSharedTrustStoreAssociationInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.TrustStoreArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("TrustStoreArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *DeleteSharedTrustStoreAssociationInput) SetResourceArn(v string) *DeleteSharedTrustStoreAssociationInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetTrustStoreArn sets the TrustStoreArn field's value.
+func (s *DeleteSharedTrustStoreAssociationInput) SetTrustStoreArn(v string) *DeleteSharedTrustStoreAssociationInput {
+ s.TrustStoreArn = &v
+ return s
+}
+
+type DeleteSharedTrustStoreAssociationOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSharedTrustStoreAssociationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSharedTrustStoreAssociationOutput) GoString() string {
+ return s.String()
+}
+
type DeleteTargetGroupInput struct {
_ struct{} `type:"structure"`
@@ -7897,7 +8142,7 @@
type DescribeTargetHealthInput struct {
_ struct{} `type:"structure"`
- // Used to inclue anomaly detection information.
+ // Used to include anomaly detection information.
Include []*string `type:"list" enum:"DescribeTargetHealthInputIncludeEnum"`
// The Amazon Resource Name (ARN) of the target group.
@@ -8508,6 +8753,83 @@
return s
}
+type GetResourcePolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the resource.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetResourcePolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetResourcePolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetResourcePolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *GetResourcePolicyInput) SetResourceArn(v string) *GetResourcePolicyInput {
+ s.ResourceArn = &v
+ return s
+}
+
+type GetResourcePolicyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The content of the resource policy.
+ Policy *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetResourcePolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetResourcePolicyOutput) GoString() string {
+ return s.String()
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *GetResourcePolicyOutput) SetPolicy(v string) *GetResourcePolicyOutput {
+ s.Policy = &v
+ return s
+}
+
type GetTrustStoreCaCertificatesBundleInput struct {
_ struct{} `type:"structure"`
@@ -10271,6 +10593,9 @@
// The Amazon Resource Name (ARN) of the trust store.
TrustStoreArn *string `type:"string"`
+
+ // Indicates a shared trust stores association status.
+ TrustStoreAssociationStatus *string `type:"string" enum:"TrustStoreAssociationStatusEnum"`
}
// String returns the string representation.
@@ -10309,6 +10634,12 @@
return s
}
+// SetTrustStoreAssociationStatus sets the TrustStoreAssociationStatus field's value.
+func (s *MutualAuthenticationAttributes) SetTrustStoreAssociationStatus(v string) *MutualAuthenticationAttributes {
+ s.TrustStoreAssociationStatus = &v
+ return s
+}
+
// Information about a path pattern condition.
type PathPatternConditionConfig struct {
_ struct{} `type:"structure"`
@@ -11239,6 +11570,11 @@
// and dualstack-without-public-ipv4 (for IPv6 only public addresses, with private
// IPv4 and IPv6 addresses).
//
+ // Note: Application Load Balancer authentication only supports IPv4 addresses
+ // when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint.
+ // Without a public IPv4 address the load balancer cannot complete the authentication
+ // process, resulting in HTTP 500 errors.
+ //
// [Network Load Balancers] The IP address type. The possible values are ipv4
// (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You
// can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
@@ -13253,6 +13589,22 @@
}
const (
+ // TrustStoreAssociationStatusEnumActive is a TrustStoreAssociationStatusEnum enum value
+ TrustStoreAssociationStatusEnumActive = "active"
+
+ // TrustStoreAssociationStatusEnumRemoved is a TrustStoreAssociationStatusEnum enum value
+ TrustStoreAssociationStatusEnumRemoved = "removed"
+)
+
+// TrustStoreAssociationStatusEnum_Values returns all elements of the TrustStoreAssociationStatusEnum enum
+func TrustStoreAssociationStatusEnum_Values() []string {
+ return []string{
+ TrustStoreAssociationStatusEnumActive,
+ TrustStoreAssociationStatusEnumRemoved,
+ }
+}
+
+const (
// TrustStoreStatusActive is a TrustStoreStatus enum value
TrustStoreStatusActive = "ACTIVE"
diff --git a/service/elbv2/elbv2iface/interface.go b/service/elbv2/elbv2iface/interface.go
index 90aefdc..9555aa1 100644
--- a/service/elbv2/elbv2iface/interface.go
+++ b/service/elbv2/elbv2iface/interface.go
@@ -104,6 +104,10 @@
DeleteRuleWithContext(aws.Context, *elbv2.DeleteRuleInput, ...request.Option) (*elbv2.DeleteRuleOutput, error)
DeleteRuleRequest(*elbv2.DeleteRuleInput) (*request.Request, *elbv2.DeleteRuleOutput)
+ DeleteSharedTrustStoreAssociation(*elbv2.DeleteSharedTrustStoreAssociationInput) (*elbv2.DeleteSharedTrustStoreAssociationOutput, error)
+ DeleteSharedTrustStoreAssociationWithContext(aws.Context, *elbv2.DeleteSharedTrustStoreAssociationInput, ...request.Option) (*elbv2.DeleteSharedTrustStoreAssociationOutput, error)
+ DeleteSharedTrustStoreAssociationRequest(*elbv2.DeleteSharedTrustStoreAssociationInput) (*request.Request, *elbv2.DeleteSharedTrustStoreAssociationOutput)
+
DeleteTargetGroup(*elbv2.DeleteTargetGroupInput) (*elbv2.DeleteTargetGroupOutput, error)
DeleteTargetGroupWithContext(aws.Context, *elbv2.DeleteTargetGroupInput, ...request.Option) (*elbv2.DeleteTargetGroupOutput, error)
DeleteTargetGroupRequest(*elbv2.DeleteTargetGroupInput) (*request.Request, *elbv2.DeleteTargetGroupOutput)
@@ -190,6 +194,10 @@
DescribeTrustStoresPages(*elbv2.DescribeTrustStoresInput, func(*elbv2.DescribeTrustStoresOutput, bool) bool) error
DescribeTrustStoresPagesWithContext(aws.Context, *elbv2.DescribeTrustStoresInput, func(*elbv2.DescribeTrustStoresOutput, bool) bool, ...request.Option) error
+ GetResourcePolicy(*elbv2.GetResourcePolicyInput) (*elbv2.GetResourcePolicyOutput, error)
+ GetResourcePolicyWithContext(aws.Context, *elbv2.GetResourcePolicyInput, ...request.Option) (*elbv2.GetResourcePolicyOutput, error)
+ GetResourcePolicyRequest(*elbv2.GetResourcePolicyInput) (*request.Request, *elbv2.GetResourcePolicyOutput)
+
GetTrustStoreCaCertificatesBundle(*elbv2.GetTrustStoreCaCertificatesBundleInput) (*elbv2.GetTrustStoreCaCertificatesBundleOutput, error)
GetTrustStoreCaCertificatesBundleWithContext(aws.Context, *elbv2.GetTrustStoreCaCertificatesBundleInput, ...request.Option) (*elbv2.GetTrustStoreCaCertificatesBundleOutput, error)
GetTrustStoreCaCertificatesBundleRequest(*elbv2.GetTrustStoreCaCertificatesBundleInput) (*request.Request, *elbv2.GetTrustStoreCaCertificatesBundleOutput)
diff --git a/service/elbv2/errors.go b/service/elbv2/errors.go
index 2b8ccd9..a26c435 100644
--- a/service/elbv2/errors.go
+++ b/service/elbv2/errors.go
@@ -34,6 +34,12 @@
// The specified certificate does not exist.
ErrCodeCertificateNotFoundException = "CertificateNotFound"
+ // ErrCodeDeleteAssociationSameAccountException for service response error code
+ // "DeleteAssociationSameAccount".
+ //
+ // The specified association cannot be within the same account.
+ ErrCodeDeleteAssociationSameAccountException = "DeleteAssociationSameAccount"
+
// ErrCodeDuplicateListenerException for service response error code
// "DuplicateListener".
//
@@ -156,6 +162,12 @@
// A specified resource is in use.
ErrCodeResourceInUseException = "ResourceInUse"
+ // ErrCodeResourceNotFoundException for service response error code
+ // "ResourceNotFound".
+ //
+ // The specified resource does not exist.
+ ErrCodeResourceNotFoundException = "ResourceNotFound"
+
// ErrCodeRevocationContentNotFoundException for service response error code
// "RevocationContentNotFound".
//
@@ -276,6 +288,12 @@
// load balancer, it is counted as only one use.
ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException = "TooManyUniqueTargetGroupsPerLoadBalancer"
+ // ErrCodeTrustStoreAssociationNotFoundException for service response error code
+ // "AssociationNotFound".
+ //
+ // The specified association does not exist.
+ ErrCodeTrustStoreAssociationNotFoundException = "AssociationNotFound"
+
// ErrCodeTrustStoreInUseException for service response error code
// "TrustStoreInUse".
//
diff --git a/service/elbv2/examples_test.go b/service/elbv2/examples_test.go
index 65de2e0..20ce035 100644
--- a/service/elbv2/examples_test.go
+++ b/service/elbv2/examples_test.go
@@ -554,6 +554,40 @@
fmt.Println(result)
}
+// Delete a shared trust store association
+// This example deletes the association between the specified trust store and the specified
+// load balancer.
+func ExampleELBV2_DeleteSharedTrustStoreAssociation_shared00() {
+ svc := elbv2.New(session.New())
+ input := &elbv2.DeleteSharedTrustStoreAssociationInput{
+ ResourceArn: aws.String("arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/80233fa81d678c2c"),
+ TrustStoreArn: aws.String("arn:aws:elasticloadbalancing:us-east-1:123456789012:truststore/my-trust-store/73e2d6bc24d8a063"),
+ }
+
+ result, err := svc.DeleteSharedTrustStoreAssociation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case elbv2.ErrCodeTrustStoreNotFoundException:
+ fmt.Println(elbv2.ErrCodeTrustStoreNotFoundException, aerr.Error())
+ case elbv2.ErrCodeDeleteAssociationSameAccountException:
+ fmt.Println(elbv2.ErrCodeDeleteAssociationSameAccountException, aerr.Error())
+ case elbv2.ErrCodeTrustStoreAssociationNotFoundException:
+ fmt.Println(elbv2.ErrCodeTrustStoreAssociationNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
// To delete a target group
// This example deletes the specified target group.
func ExampleELBV2_DeleteTargetGroup_shared00() {
@@ -943,6 +977,34 @@
fmt.Println(result)
}
+// Retrieve a resource policy
+// This example retrieves the resource policy for the specified trust store.
+func ExampleELBV2_GetResourcePolicy_shared00() {
+ svc := elbv2.New(session.New())
+ input := &elbv2.GetResourcePolicyInput{
+ ResourceArn: aws.String("arn:aws:elasticloadbalancing:us-east-1:123456789012:truststore/my-trust-store/73e2d6bc24d8a067"),
+ }
+
+ result, err := svc.GetResourcePolicy(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case elbv2.ErrCodeResourceNotFoundException:
+ fmt.Println(elbv2.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
// To change the default action for a listener
// This example changes the default action for the specified listener.
func ExampleELBV2_ModifyListener_shared00() {
diff --git a/service/networkfirewall/api.go b/service/networkfirewall/api.go
index d63df00..47e9a9a 100644
--- a/service/networkfirewall/api.go
+++ b/service/networkfirewall/api.go
@@ -612,13 +612,15 @@
// CreateTLSInspectionConfiguration API operation for AWS Network Firewall.
//
-// Creates an Network Firewall TLS inspection configuration. A TLS inspection
-// configuration contains Certificate Manager certificate associations between
-// and the scope configurations that Network Firewall uses to decrypt and re-encrypt
-// traffic traveling through your firewall.
-//
-// After you create a TLS inspection configuration, you can associate it with
-// a new firewall policy.
+// Creates an Network Firewall TLS inspection configuration. Network Firewall
+// uses TLS inspection configurations to decrypt your firewall's inbound and
+// outbound SSL/TLS traffic. After decryption, Network Firewall inspects the
+// traffic according to your firewall policy's stateful rules, and then re-encrypts
+// it before sending it to its destination. You can enable inspection of your
+// firewall's inbound traffic, outbound traffic, or both. To use TLS inspection
+// with your firewall, you must first import or provision certificates using
+// ACM, create a TLS inspection configuration, add that configuration to a new
+// firewall policy, and then associate that policy with your firewall.
//
// To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.
//
@@ -9639,13 +9641,10 @@
// Defines where Network Firewall sends logs for the firewall for one log type.
// This is used in LoggingConfiguration. You can send each type of log to an
-// Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery
-// stream.
+// Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
//
-// Network Firewall generates logs for stateful rule groups. You can save alert
-// and flow log types. The stateful rules engine records flow logs for all network
-// traffic that it receives. It records alert logs for traffic that matches
-// stateful rules that have the rule action set to DROP or ALERT.
+// Network Firewall generates logs for stateful rule groups. You can save alert,
+// flow, and TLS log types.
type LogDestinationConfig struct {
_ struct{} `type:"structure"`
@@ -9662,24 +9661,35 @@
// with key logGroup. The following example specifies a log group named alert-log-group:
// "LogDestination": { "logGroup": "alert-log-group" }
//
- // * For a Kinesis Data Firehose delivery stream, provide the name of the
- // delivery stream, with key deliveryStream. The following example specifies
- // a delivery stream named alert-delivery-stream: "LogDestination": { "deliveryStream":
- // "alert-delivery-stream" }
+ // * For a Firehose delivery stream, provide the name of the delivery stream,
+ // with key deliveryStream. The following example specifies a delivery stream
+ // named alert-delivery-stream: "LogDestination": { "deliveryStream": "alert-delivery-stream"
+ // }
//
// LogDestination is a required field
LogDestination map[string]*string `type:"map" required:"true"`
// The type of storage destination to send these logs to. You can send logs
- // to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose
- // delivery stream.
+ // to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
//
// LogDestinationType is a required field
LogDestinationType *string `min:"2" type:"string" required:"true" enum:"LogDestinationType"`
- // The type of log to send. Alert logs report traffic that matches a StatefulRule
- // with an action setting that sends an alert log message. Flow logs are standard
- // network traffic flow logs.
+ // The type of log to record. You can record the following types of logs from
+ // your Network Firewall stateful engine.
+ //
+ // * ALERT - Logs for traffic that matches your stateful rules and that have
+ // an action that sends an alert. A stateful rule sends alerts for the rule
+ // actions DROP, ALERT, and REJECT. For more information, see StatefulRule.
+ //
+ // * FLOW - Standard network traffic flow logs. The stateful rules engine
+ // records flow logs for all network traffic that it receives. Each flow
+ // log record captures the network flow for a specific standard stateless
+ // rule group.
+ //
+ // * TLS - Logs for events that are related to TLS inspection. For more information,
+ // see Inspecting SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html)
+ // in the Network Firewall Developer Guide.
//
// LogType is a required field
LogType *string `type:"string" required:"true" enum:"LogType"`
@@ -11805,6 +11815,12 @@
// action, verify in the logs that the rule is filtering as you want, then
// change the action to DROP.
//
+ // * REJECT - Drops traffic that matches the conditions of the stateful rule,
+ // and sends a TCP reset packet back to sender of the packet. A TCP reset
+ // packet is a packet with no payload and an RST bit contained in the TCP
+ // header flags. REJECT is available only for TCP traffic. This option doesn't
+ // support FTP or IMAP protocols.
+ //
// Action is a required field
Action *string `type:"string" required:"true" enum:"StatefulAction"`
@@ -15004,6 +15020,9 @@
// LogTypeFlow is a LogType enum value
LogTypeFlow = "FLOW"
+
+ // LogTypeTls is a LogType enum value
+ LogTypeTls = "TLS"
)
// LogType_Values returns all elements of the LogType enum
@@ -15011,6 +15030,7 @@
return []string{
LogTypeAlert,
LogTypeFlow,
+ LogTypeTls,
}
}
diff --git a/service/outposts/api.go b/service/outposts/api.go
index 067ddce..f79373c 100644
--- a/service/outposts/api.go
+++ b/service/outposts/api.go
@@ -5888,6 +5888,9 @@
// The instance type.
InstanceType *string `type:"string"`
+
+ // The number of default VCPUs in an instance type.
+ VCPUs *int64 `type:"integer"`
}
// String returns the string representation.
@@ -5914,6 +5917,12 @@
return s
}
+// SetVCPUs sets the VCPUs field's value.
+func (s *InstanceTypeItem) SetVCPUs(v int64) *InstanceTypeItem {
+ s.VCPUs = &v
+ return s
+}
+
// An internal error has occurred.
type InternalServerException struct {
_ struct{} `type:"structure"`
diff --git a/service/sfn/api.go b/service/sfn/api.go
index 673a046..b29415b 100644
--- a/service/sfn/api.go
+++ b/service/sfn/api.go
@@ -86,6 +86,9 @@
// The maximum number of activities has been reached. Existing activities must
// be deleted before a new activity can be created.
//
+// - ActivityAlreadyExists
+// Activity already exists. EncryptionConfiguration may not be updated.
+//
// - InvalidName
// The provided name is not valid.
//
@@ -94,6 +97,19 @@
// Topic (https://docs.aws.amazon.com/step-functions/latest/dg/limits.html)
// in the Step Functions Developer Guide.
//
+// - InvalidEncryptionConfiguration
+// Received when encryptionConfiguration is specified but various conditions
+// exist which make the configuration invalid. For example, if type is set to
+// CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds
+// is not between 60 and 900, or the KMS key is not symmetric or inactive.
+//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/CreateActivity
func (c *SFN) CreateActivity(input *CreateActivityInput) (*CreateActivityOutput, error) {
req, out := c.CreateActivityRequest(input)
@@ -169,17 +185,23 @@
// If you set the publish parameter of this API action to true, it publishes
// version 1 as the first revision of the state machine.
//
+// For additional control over security, you can encrypt your data using a customer-managed
+// key for Step Functions state machines. You can configure a symmetric KMS
+// key and data key reuse period when creating or updating a State Machine.
+// The execution history and state machine definition will be encrypted with
+// the key applied to the State Machine.
+//
// This operation is eventually consistent. The results are best effort and
// may not reflect very recent updates and changes.
//
// CreateStateMachine is an idempotent API. Subsequent requests won’t create
// a duplicate resource if it was already created. CreateStateMachine's idempotency
// check is based on the state machine name, definition, type, LoggingConfiguration,
-// and TracingConfiguration. The check is also based on the publish and versionDescription
-// parameters. If a following request has a different roleArn or tags, Step
-// Functions will ignore these differences and treat it as an idempotent request
-// of the previous. In this case, roleArn and tags will not be updated, even
-// if they are different.
+// TracingConfiguration, and EncryptionConfiguration The check is also based
+// on the publish and versionDescription parameters. If a following request
+// has a different roleArn or tags, Step Functions will ignore these differences
+// and treat it as an idempotent request of the previous. In this case, roleArn
+// and tags will not be updated, even if they are different.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -200,6 +222,7 @@
// The provided name is not valid.
//
// - InvalidLoggingConfiguration
+// Configuration is not valid.
//
// - InvalidTracingConfiguration
// Your tracingConfiguration key does not match, or enabled has not been set
@@ -217,6 +240,7 @@
// must be deleted before a new state machine can be created.
//
// - StateMachineTypeNotSupported
+// State machine type is not supported.
//
// - TooManyTags
// You've exceeded the number of tags allowed for a resource. See the Limits
@@ -234,6 +258,19 @@
//
// HTTP Status Code: 409
//
+// - InvalidEncryptionConfiguration
+// Received when encryptionConfiguration is specified but various conditions
+// exist which make the configuration invalid. For example, if type is set to
+// CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds
+// is not between 60 and 900, or the KMS key is not symmetric or inactive.
+//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/CreateStateMachine
func (c *SFN) CreateStateMachine(input *CreateStateMachineInput) (*CreateStateMachineOutput, error) {
req, out := c.CreateStateMachineRequest(input)
@@ -954,6 +991,16 @@
// - InvalidArn
// The provided Amazon Resource Name (ARN) is not valid.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/DescribeExecution
func (c *SFN) DescribeExecution(input *DescribeExecutionInput) (*DescribeExecutionOutput, error) {
req, out := c.DescribeExecutionRequest(input)
@@ -1150,6 +1197,16 @@
// - StateMachineDoesNotExist
// The specified state machine does not exist.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/DescribeStateMachine
func (c *SFN) DescribeStateMachine(input *DescribeStateMachineInput) (*DescribeStateMachineOutput, error) {
req, out := c.DescribeStateMachineRequest(input)
@@ -1336,6 +1393,16 @@
// - InvalidArn
// The provided Amazon Resource Name (ARN) is not valid.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/DescribeStateMachineForExecution
func (c *SFN) DescribeStateMachineForExecution(input *DescribeStateMachineForExecutionInput) (*DescribeStateMachineForExecutionOutput, error) {
req, out := c.DescribeStateMachineForExecutionRequest(input)
@@ -1437,6 +1504,16 @@
// - InvalidArn
// The provided Amazon Resource Name (ARN) is not valid.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/GetActivityTask
func (c *SFN) GetActivityTask(input *GetActivityTaskInput) (*GetActivityTaskOutput, error) {
req, out := c.GetActivityTaskRequest(input)
@@ -1538,6 +1615,16 @@
// - InvalidToken
// The provided token is not valid.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/GetExecutionHistory
func (c *SFN) GetExecutionHistory(input *GetExecutionHistoryInput) (*GetExecutionHistoryOutput, error) {
req, out := c.GetExecutionHistoryRequest(input)
@@ -1846,6 +1933,7 @@
// The specified state machine does not exist.
//
// - StateMachineTypeNotSupported
+// State machine type is not supported.
//
// - ValidationException
// The input does not satisfy the constraints specified by an Amazon Web Services
@@ -2820,6 +2908,13 @@
// pattern, and optionally Task states using the job run (https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-sync)
// pattern to report that the task identified by the taskToken failed.
//
+// For an execution with encryption enabled, Step Functions will encrypt the
+// error and cause fields using the KMS key for the execution role.
+//
+// A caller can mark a task as fail without using any KMS permissions in the
+// execution role if the caller provides a null value for both error and cause
+// fields because no data needs to be encrypted.
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -2839,6 +2934,16 @@
// The task token has either expired or the task associated with the token has
// already been closed.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/SendTaskFailure
func (c *SFN) SendTaskFailure(input *SendTaskFailureInput) (*SendTaskFailureOutput, error) {
req, out := c.SendTaskFailureRequest(input)
@@ -3033,6 +3138,16 @@
// The task token has either expired or the task associated with the token has
// already been closed.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/SendTaskSuccess
func (c *SFN) SendTaskSuccess(input *SendTaskSuccessInput) (*SendTaskSuccessOutput, error) {
req, out := c.SendTaskSuccessRequest(input)
@@ -3173,6 +3288,16 @@
// The input does not satisfy the constraints specified by an Amazon Web Services
// service.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/StartExecution
func (c *SFN) StartExecution(input *StartExecutionInput) (*StartExecutionOutput, error) {
req, out := c.StartExecutionRequest(input)
@@ -3276,6 +3401,17 @@
// The specified state machine is being deleted.
//
// - StateMachineTypeNotSupported
+// State machine type is not supported.
+//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/StartSyncExecution
func (c *SFN) StartSyncExecution(input *StartSyncExecutionInput) (*StartSyncExecutionOutput, error) {
@@ -3346,6 +3482,13 @@
//
// This API action is not supported by EXPRESS state machines.
//
+// For an execution with encryption enabled, Step Functions will encrypt the
+// error and cause fields using the KMS key for the execution role.
+//
+// A caller can stop an execution without using any KMS permissions in the execution
+// role if the caller provides a null value for both error and cause fields
+// because no data needs to be encrypted.
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -3365,6 +3508,16 @@
// The input does not satisfy the constraints specified by an Amazon Web Services
// service.
//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsInvalidStateException
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/StopExecution
func (c *SFN) StopExecution(input *StopExecutionInput) (*StopExecutionOutput, error) {
req, out := c.StopExecutionRequest(input)
@@ -3828,8 +3981,8 @@
// UpdateStateMachine API operation for AWS Step Functions.
//
-// Updates an existing state machine by modifying its definition, roleArn, or
-// loggingConfiguration. Running executions will continue to use the previous
+// Updates an existing state machine by modifying its definition, roleArn, loggingConfiguration,
+// or EncryptionConfiguration. Running executions will continue to use the previous
// definition and roleArn. You must include at least one of definition or roleArn
// or you will receive a MissingRequiredParameter error.
//
@@ -3886,6 +4039,7 @@
// The provided Amazon States Language definition is not valid.
//
// - InvalidLoggingConfiguration
+// Configuration is not valid.
//
// - InvalidTracingConfiguration
// Your tracingConfiguration key does not match, or enabled has not been set
@@ -3917,6 +4071,19 @@
// The input does not satisfy the constraints specified by an Amazon Web Services
// service.
//
+// - InvalidEncryptionConfiguration
+// Received when encryptionConfiguration is specified but various conditions
+// exist which make the configuration invalid. For example, if type is set to
+// CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds
+// is not between 60 and 900, or the KMS key is not symmetric or inactive.
+//
+// - KmsAccessDeniedException
+// Either your KMS key policy or API caller does not have the required permissions.
+//
+// - KmsThrottlingException
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/UpdateStateMachine
func (c *SFN) UpdateStateMachine(input *UpdateStateMachineInput) (*UpdateStateMachineOutput, error) {
req, out := c.UpdateStateMachineRequest(input)
@@ -4156,6 +4323,70 @@
return out, req.Send()
}
+// Activity already exists. EncryptionConfiguration may not be updated.
+type ActivityAlreadyExists struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ActivityAlreadyExists) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ActivityAlreadyExists) GoString() string {
+ return s.String()
+}
+
+func newErrorActivityAlreadyExists(v protocol.ResponseMetadata) error {
+ return &ActivityAlreadyExists{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ActivityAlreadyExists) Code() string {
+ return "ActivityAlreadyExists"
+}
+
+// Message returns the exception's message.
+func (s *ActivityAlreadyExists) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ActivityAlreadyExists) OrigErr() error {
+ return nil
+}
+
+func (s *ActivityAlreadyExists) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ActivityAlreadyExists) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ActivityAlreadyExists) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
// The specified activity does not exist.
type ActivityDoesNotExist struct {
_ struct{} `type:"structure"`
@@ -4914,6 +5145,9 @@
type CreateActivityInput struct {
_ struct{} `type:"structure"`
+ // Settings to configure server-side encryption.
+ EncryptionConfiguration *EncryptionConfiguration `locationName:"encryptionConfiguration" type:"structure"`
+
// The name of the activity to create. This name must be unique for your Amazon
// Web Services account and region for 90 days. For more information, see Limits
// Related to State Machine Executions (https://docs.aws.amazon.com/step-functions/latest/dg/limits.html#service-limits-state-machine-executions)
@@ -4976,6 +5210,11 @@
if s.Name != nil && len(*s.Name) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Name", 1))
}
+ if s.EncryptionConfiguration != nil {
+ if err := s.EncryptionConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
@@ -4993,6 +5232,12 @@
return nil
}
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *CreateActivityInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *CreateActivityInput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
// SetName sets the Name field's value.
func (s *CreateActivityInput) SetName(v string) *CreateActivityInput {
s.Name = &v
@@ -5203,6 +5448,9 @@
// Definition is a required field
Definition *string `locationName:"definition" min:"1" type:"string" required:"true" sensitive:"true"`
+ // Settings to configure server-side encryption.
+ EncryptionConfiguration *EncryptionConfiguration `locationName:"encryptionConfiguration" type:"structure"`
+
// Defines what execution history events are logged and where they are logged.
//
// By default, the level is set to OFF. For more information see Log Levels
@@ -5307,6 +5555,11 @@
if s.RoleArn != nil && len(*s.RoleArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1))
}
+ if s.EncryptionConfiguration != nil {
+ if err := s.EncryptionConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
if s.LoggingConfiguration != nil {
if err := s.LoggingConfiguration.Validate(); err != nil {
invalidParams.AddNested("LoggingConfiguration", err.(request.ErrInvalidParams))
@@ -5335,6 +5588,12 @@
return s
}
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *CreateStateMachineInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *CreateStateMachineInput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
// SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s *CreateStateMachineInput) SetLoggingConfiguration(v *LoggingConfiguration) *CreateStateMachineInput {
s.LoggingConfiguration = v
@@ -5784,6 +6043,9 @@
// CreationDate is a required field
CreationDate *time.Time `locationName:"creationDate" type:"timestamp" required:"true"`
+ // Settings for configured server-side encryption.
+ EncryptionConfiguration *EncryptionConfiguration `locationName:"encryptionConfiguration" type:"structure"`
+
// The name of the activity.
//
// A name must not contain:
@@ -5835,6 +6097,12 @@
return s
}
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *DescribeActivityOutput) SetEncryptionConfiguration(v *EncryptionConfiguration) *DescribeActivityOutput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
// SetName sets the Name field's value.
func (s *DescribeActivityOutput) SetName(v string) *DescribeActivityOutput {
s.Name = &v
@@ -5848,6 +6116,12 @@
//
// ExecutionArn is a required field
ExecutionArn *string `locationName:"executionArn" min:"1" type:"string" required:"true"`
+
+ // If your state machine definition is encrypted with a KMS key, callers must
+ // have kms:Decrypt permission to decrypt the definition. Alternatively, you
+ // can call DescribeStateMachine API with includedData = METADATA_ONLY to get
+ // a successful response without the encrypted definition.
+ IncludedData *string `locationName:"includedData" type:"string" enum:"IncludedData"`
}
// String returns the string representation.
@@ -5890,6 +6164,12 @@
return s
}
+// SetIncludedData sets the IncludedData field's value.
+func (s *DescribeExecutionInput) SetIncludedData(v string) *DescribeExecutionInput {
+ s.IncludedData = &v
+ return s
+}
+
type DescribeExecutionOutput struct {
_ struct{} `type:"structure"`
@@ -6532,6 +6812,12 @@
//
// ExecutionArn is a required field
ExecutionArn *string `locationName:"executionArn" min:"1" type:"string" required:"true"`
+
+ // If your state machine definition is encrypted with a KMS key, callers must
+ // have kms:Decrypt permission to decrypt the definition. Alternatively, you
+ // can call the API with includedData = METADATA_ONLY to get a successful response
+ // without the encrypted definition.
+ IncludedData *string `locationName:"includedData" type:"string" enum:"IncludedData"`
}
// String returns the string representation.
@@ -6574,6 +6860,12 @@
return s
}
+// SetIncludedData sets the IncludedData field's value.
+func (s *DescribeStateMachineForExecutionInput) SetIncludedData(v string) *DescribeStateMachineForExecutionInput {
+ s.IncludedData = &v
+ return s
+}
+
type DescribeStateMachineForExecutionOutput struct {
_ struct{} `type:"structure"`
@@ -6587,6 +6879,9 @@
// Definition is a required field
Definition *string `locationName:"definition" min:"1" type:"string" required:"true" sensitive:"true"`
+ // Settings to configure server-side encryption.
+ EncryptionConfiguration *EncryptionConfiguration `locationName:"encryptionConfiguration" type:"structure"`
+
// A user-defined or an auto-generated string that identifies a Map state. This
// field is returned only if the executionArn is a child workflow execution
// that was started by a Distributed Map state.
@@ -6658,6 +6953,12 @@
return s
}
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *DescribeStateMachineForExecutionOutput) SetEncryptionConfiguration(v *EncryptionConfiguration) *DescribeStateMachineForExecutionOutput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
// SetLabel sets the Label field's value.
func (s *DescribeStateMachineForExecutionOutput) SetLabel(v string) *DescribeStateMachineForExecutionOutput {
s.Label = &v
@@ -6715,6 +7016,17 @@
type DescribeStateMachineInput struct {
_ struct{} `type:"structure"`
+ // If your state machine definition is encrypted with a KMS key, callers must
+ // have kms:Decrypt permission to decrypt the definition. Alternatively, you
+ // can call the API with includedData = METADATA_ONLY to get a successful response
+ // without the encrypted definition.
+ //
+ // When calling a labelled ARN for an encrypted state machine, the includedData
+ // = METADATA_ONLY parameter will not apply because Step Functions needs to
+ // decrypt the entire state machine definition to get the Distributed Map state’s
+ // definition. In this case, the API caller needs to have kms:Decrypt permission.
+ IncludedData *string `locationName:"includedData" type:"string" enum:"IncludedData"`
+
// The Amazon Resource Name (ARN) of the state machine for which you want the
// information.
//
@@ -6760,6 +7072,12 @@
return nil
}
+// SetIncludedData sets the IncludedData field's value.
+func (s *DescribeStateMachineInput) SetIncludedData(v string) *DescribeStateMachineInput {
+ s.IncludedData = &v
+ return s
+}
+
// SetStateMachineArn sets the StateMachineArn field's value.
func (s *DescribeStateMachineInput) SetStateMachineArn(v string) *DescribeStateMachineInput {
s.StateMachineArn = &v
@@ -6779,6 +7097,9 @@
// The Amazon States Language definition of the state machine. See Amazon States
// Language (https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html).
//
+ // If called with includedData = METADATA_ONLY, the returned definition will
+ // be {}.
+ //
// Definition is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by DescribeStateMachineOutput's
// String and GoString methods.
@@ -6793,6 +7114,9 @@
// String and GoString methods.
Description *string `locationName:"description" type:"string" sensitive:"true"`
+ // Settings to configure server-side encryption.
+ EncryptionConfiguration *EncryptionConfiguration `locationName:"encryptionConfiguration" type:"structure"`
+
// A user-defined or an auto-generated string that identifies a Map state. This
// parameter is present only if the stateMachineArn specified in input is a
// qualified state machine ARN.
@@ -6892,6 +7216,12 @@
return s
}
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *DescribeStateMachineOutput) SetEncryptionConfiguration(v *EncryptionConfiguration) *DescribeStateMachineOutput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
// SetLabel sets the Label field's value.
func (s *DescribeStateMachineOutput) SetLabel(v string) *DescribeStateMachineOutput {
s.Label = &v
@@ -6946,6 +7276,95 @@
return s
}
+// Settings to configure server-side encryption.
+//
+// For additional control over security, you can encrypt your data using a customer-managed
+// key for Step Functions state machines and activities. You can configure a
+// symmetric KMS key and data key reuse period when creating or updating a State
+// Machine, and when creating an Activity. The execution history and state machine
+// definition will be encrypted with the key applied to the State Machine. Activity
+// inputs will be encrypted with the key applied to the Activity.
+//
+// Step Functions automatically enables encryption at rest using Amazon Web
+// Services owned keys at no charge. However, KMS charges apply when using a
+// customer managed key. For more information about pricing, see Key Management
+// Service pricing (https://aws.amazon.com/kms/pricing/).
+//
+// For more information on KMS, see What is Key Management Service? (https://docs.aws.amazon.com/kms/latest/developerguide/overview.html)
+type EncryptionConfiguration struct {
+ _ struct{} `type:"structure"`
+
+ // Maximum duration that Step Functions will reuse data keys. When the period
+ // expires, Step Functions will call GenerateDataKey. Only applies to customer
+ // managed keys.
+ KmsDataKeyReusePeriodSeconds *int64 `locationName:"kmsDataKeyReusePeriodSeconds" min:"60" type:"integer"`
+
+ // An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key
+ // to encrypt data. To specify a KMS key in a different Amazon Web Services
+ // account, you must use the key ARN or alias ARN.
+ KmsKeyId *string `locationName:"kmsKeyId" min:"1" type:"string"`
+
+ // Encryption type
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"EncryptionType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfiguration) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfiguration) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *EncryptionConfiguration) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "EncryptionConfiguration"}
+ if s.KmsDataKeyReusePeriodSeconds != nil && *s.KmsDataKeyReusePeriodSeconds < 60 {
+ invalidParams.Add(request.NewErrParamMinValue("KmsDataKeyReusePeriodSeconds", 60))
+ }
+ if s.KmsKeyId != nil && len(*s.KmsKeyId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("KmsKeyId", 1))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetKmsDataKeyReusePeriodSeconds sets the KmsDataKeyReusePeriodSeconds field's value.
+func (s *EncryptionConfiguration) SetKmsDataKeyReusePeriodSeconds(v int64) *EncryptionConfiguration {
+ s.KmsDataKeyReusePeriodSeconds = &v
+ return s
+}
+
+// SetKmsKeyId sets the KmsKeyId field's value.
+func (s *EncryptionConfiguration) SetKmsKeyId(v string) *EncryptionConfiguration {
+ s.KmsKeyId = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *EncryptionConfiguration) SetType(v string) *EncryptionConfiguration {
+ s.Type = &v
+ return s
+}
+
// Contains details about an abort of an execution.
type ExecutionAbortedEventDetails struct {
_ struct{} `type:"structure"`
@@ -8758,6 +9177,73 @@
return s.RespMetadata.RequestID
}
+// Received when encryptionConfiguration is specified but various conditions
+// exist which make the configuration invalid. For example, if type is set to
+// CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds
+// is not between 60 and 900, or the KMS key is not symmetric or inactive.
+type InvalidEncryptionConfiguration struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidEncryptionConfiguration) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidEncryptionConfiguration) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidEncryptionConfiguration(v protocol.ResponseMetadata) error {
+ return &InvalidEncryptionConfiguration{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidEncryptionConfiguration) Code() string {
+ return "InvalidEncryptionConfiguration"
+}
+
+// Message returns the exception's message.
+func (s *InvalidEncryptionConfiguration) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidEncryptionConfiguration) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidEncryptionConfiguration) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidEncryptionConfiguration) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidEncryptionConfiguration) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
// The provided JSON input data is not valid.
type InvalidExecutionInput struct {
_ struct{} `type:"structure"`
@@ -8822,6 +9308,7 @@
return s.RespMetadata.RequestID
}
+// Configuration is not valid.
type InvalidLoggingConfiguration struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -9142,6 +9629,203 @@
return s.RespMetadata.RequestID
}
+// Either your KMS key policy or API caller does not have the required permissions.
+type KmsAccessDeniedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KmsAccessDeniedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KmsAccessDeniedException) GoString() string {
+ return s.String()
+}
+
+func newErrorKmsAccessDeniedException(v protocol.ResponseMetadata) error {
+ return &KmsAccessDeniedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *KmsAccessDeniedException) Code() string {
+ return "KmsAccessDeniedException"
+}
+
+// Message returns the exception's message.
+func (s *KmsAccessDeniedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *KmsAccessDeniedException) OrigErr() error {
+ return nil
+}
+
+func (s *KmsAccessDeniedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *KmsAccessDeniedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *KmsAccessDeniedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The KMS key is not in valid state, for example: Disabled or Deleted.
+type KmsInvalidStateException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Current status of the KMS; key. For example: DISABLED, PENDING_DELETION,
+ // PENDING_IMPORT, UNAVAILABLE, CREATING.
+ KmsKeyState *string `locationName:"kmsKeyState" type:"string" enum:"KmsKeyState"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KmsInvalidStateException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KmsInvalidStateException) GoString() string {
+ return s.String()
+}
+
+func newErrorKmsInvalidStateException(v protocol.ResponseMetadata) error {
+ return &KmsInvalidStateException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *KmsInvalidStateException) Code() string {
+ return "KmsInvalidStateException"
+}
+
+// Message returns the exception's message.
+func (s *KmsInvalidStateException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *KmsInvalidStateException) OrigErr() error {
+ return nil
+}
+
+func (s *KmsInvalidStateException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *KmsInvalidStateException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *KmsInvalidStateException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Received when KMS returns ThrottlingException for a KMS call that Step Functions
+// makes on behalf of the caller.
+type KmsThrottlingException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KmsThrottlingException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KmsThrottlingException) GoString() string {
+ return s.String()
+}
+
+func newErrorKmsThrottlingException(v protocol.ResponseMetadata) error {
+ return &KmsThrottlingException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *KmsThrottlingException) Code() string {
+ return "KmsThrottlingException"
+}
+
+// Message returns the exception's message.
+func (s *KmsThrottlingException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *KmsThrottlingException) OrigErr() error {
+ return nil
+}
+
+func (s *KmsThrottlingException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *KmsThrottlingException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *KmsThrottlingException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
// Contains details about a Lambda function that failed during an execution.
type LambdaFunctionFailedEventDetails struct {
_ struct{} `type:"structure"`
@@ -11933,6 +12617,12 @@
type StartSyncExecutionInput struct {
_ struct{} `type:"structure"`
+ // If your state machine definition is encrypted with a KMS key, callers must
+ // have kms:Decrypt permission to decrypt the definition. Alternatively, you
+ // can call the API with includedData = METADATA_ONLY to get a successful response
+ // without the encrypted definition.
+ IncludedData *string `locationName:"includedData" type:"string" enum:"IncludedData"`
+
// The string that contains the JSON input data for the execution, for example:
//
// "input": "{\"first_name\" : \"test\"}"
@@ -11998,6 +12688,12 @@
return nil
}
+// SetIncludedData sets the IncludedData field's value.
+func (s *StartSyncExecutionInput) SetIncludedData(v string) *StartSyncExecutionInput {
+ s.IncludedData = &v
+ return s
+}
+
// SetInput sets the Input field's value.
func (s *StartSyncExecutionInput) SetInput(v string) *StartSyncExecutionInput {
s.Input = &v
@@ -12714,6 +13410,7 @@
return s
}
+// State machine type is not supported.
type StateMachineTypeNotSupported struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -14463,6 +15160,9 @@
// String and GoString methods.
Definition *string `locationName:"definition" min:"1" type:"string" sensitive:"true"`
+ // Settings to configure server-side encryption.
+ EncryptionConfiguration *EncryptionConfiguration `locationName:"encryptionConfiguration" type:"structure"`
+
// Use the LoggingConfiguration data type to set CloudWatch Logs options.
LoggingConfiguration *LoggingConfiguration `locationName:"loggingConfiguration" type:"structure"`
@@ -14526,6 +15226,11 @@
if s.StateMachineArn != nil && len(*s.StateMachineArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("StateMachineArn", 1))
}
+ if s.EncryptionConfiguration != nil {
+ if err := s.EncryptionConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
if s.LoggingConfiguration != nil {
if err := s.LoggingConfiguration.Validate(); err != nil {
invalidParams.AddNested("LoggingConfiguration", err.(request.ErrInvalidParams))
@@ -14544,6 +15249,12 @@
return s
}
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *UpdateStateMachineInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *UpdateStateMachineInput {
+ s.EncryptionConfiguration = v
+ return s
+}
+
// SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s *UpdateStateMachineInput) SetLoggingConfiguration(v *LoggingConfiguration) *UpdateStateMachineInput {
s.LoggingConfiguration = v
@@ -14884,6 +15595,22 @@
}
const (
+ // EncryptionTypeAwsOwnedKey is a EncryptionType enum value
+ EncryptionTypeAwsOwnedKey = "AWS_OWNED_KEY"
+
+ // EncryptionTypeCustomerManagedKmsKey is a EncryptionType enum value
+ EncryptionTypeCustomerManagedKmsKey = "CUSTOMER_MANAGED_KMS_KEY"
+)
+
+// EncryptionType_Values returns all elements of the EncryptionType enum
+func EncryptionType_Values() []string {
+ return []string{
+ EncryptionTypeAwsOwnedKey,
+ EncryptionTypeCustomerManagedKmsKey,
+ }
+}
+
+const (
// ExecutionRedriveFilterRedriven is a ExecutionRedriveFilter enum value
ExecutionRedriveFilterRedriven = "REDRIVEN"
@@ -15204,6 +15931,22 @@
}
const (
+ // IncludedDataAllData is a IncludedData enum value
+ IncludedDataAllData = "ALL_DATA"
+
+ // IncludedDataMetadataOnly is a IncludedData enum value
+ IncludedDataMetadataOnly = "METADATA_ONLY"
+)
+
+// IncludedData_Values returns all elements of the IncludedData enum
+func IncludedData_Values() []string {
+ return []string{
+ IncludedDataAllData,
+ IncludedDataMetadataOnly,
+ }
+}
+
+const (
// InspectionLevelInfo is a InspectionLevel enum value
InspectionLevelInfo = "INFO"
@@ -15224,6 +15967,34 @@
}
const (
+ // KmsKeyStateDisabled is a KmsKeyState enum value
+ KmsKeyStateDisabled = "DISABLED"
+
+ // KmsKeyStatePendingDeletion is a KmsKeyState enum value
+ KmsKeyStatePendingDeletion = "PENDING_DELETION"
+
+ // KmsKeyStatePendingImport is a KmsKeyState enum value
+ KmsKeyStatePendingImport = "PENDING_IMPORT"
+
+ // KmsKeyStateUnavailable is a KmsKeyState enum value
+ KmsKeyStateUnavailable = "UNAVAILABLE"
+
+ // KmsKeyStateCreating is a KmsKeyState enum value
+ KmsKeyStateCreating = "CREATING"
+)
+
+// KmsKeyState_Values returns all elements of the KmsKeyState enum
+func KmsKeyState_Values() []string {
+ return []string{
+ KmsKeyStateDisabled,
+ KmsKeyStatePendingDeletion,
+ KmsKeyStatePendingImport,
+ KmsKeyStateUnavailable,
+ KmsKeyStateCreating,
+ }
+}
+
+const (
// LogLevelAll is a LogLevel enum value
LogLevelAll = "ALL"
diff --git a/service/sfn/doc.go b/service/sfn/doc.go
index 846e4f5..e2576e3 100644
--- a/service/sfn/doc.go
+++ b/service/sfn/doc.go
@@ -3,8 +3,8 @@
// Package sfn provides the client and types for making API
// requests to AWS Step Functions.
//
-// Step Functions is a service that lets you coordinate the components of distributed
-// applications and microservices using visual workflows.
+// Step Functions coordinates the components of distributed applications and
+// microservices using visual workflows.
//
// You can use Step Functions to build applications from individual components,
// each of which performs a discrete function, or task, allowing you to scale
diff --git a/service/sfn/errors.go b/service/sfn/errors.go
index bbe49f3..608b46b 100644
--- a/service/sfn/errors.go
+++ b/service/sfn/errors.go
@@ -8,6 +8,12 @@
const (
+ // ErrCodeActivityAlreadyExists for service response error code
+ // "ActivityAlreadyExists".
+ //
+ // Activity already exists. EncryptionConfiguration may not be updated.
+ ErrCodeActivityAlreadyExists = "ActivityAlreadyExists"
+
// ErrCodeActivityDoesNotExist for service response error code
// "ActivityDoesNotExist".
//
@@ -78,6 +84,15 @@
// The provided Amazon States Language definition is not valid.
ErrCodeInvalidDefinition = "InvalidDefinition"
+ // ErrCodeInvalidEncryptionConfiguration for service response error code
+ // "InvalidEncryptionConfiguration".
+ //
+ // Received when encryptionConfiguration is specified but various conditions
+ // exist which make the configuration invalid. For example, if type is set to
+ // CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds
+ // is not between 60 and 900, or the KMS key is not symmetric or inactive.
+ ErrCodeInvalidEncryptionConfiguration = "InvalidEncryptionConfiguration"
+
// ErrCodeInvalidExecutionInput for service response error code
// "InvalidExecutionInput".
//
@@ -86,6 +101,8 @@
// ErrCodeInvalidLoggingConfiguration for service response error code
// "InvalidLoggingConfiguration".
+ //
+ // Configuration is not valid.
ErrCodeInvalidLoggingConfiguration = "InvalidLoggingConfiguration"
// ErrCodeInvalidName for service response error code
@@ -113,6 +130,25 @@
// to true or false.
ErrCodeInvalidTracingConfiguration = "InvalidTracingConfiguration"
+ // ErrCodeKmsAccessDeniedException for service response error code
+ // "KmsAccessDeniedException".
+ //
+ // Either your KMS key policy or API caller does not have the required permissions.
+ ErrCodeKmsAccessDeniedException = "KmsAccessDeniedException"
+
+ // ErrCodeKmsInvalidStateException for service response error code
+ // "KmsInvalidStateException".
+ //
+ // The KMS key is not in valid state, for example: Disabled or Deleted.
+ ErrCodeKmsInvalidStateException = "KmsInvalidStateException"
+
+ // ErrCodeKmsThrottlingException for service response error code
+ // "KmsThrottlingException".
+ //
+ // Received when KMS returns ThrottlingException for a KMS call that Step Functions
+ // makes on behalf of the caller.
+ ErrCodeKmsThrottlingException = "KmsThrottlingException"
+
// ErrCodeMissingRequiredParameter for service response error code
// "MissingRequiredParameter".
//
@@ -162,6 +198,8 @@
// ErrCodeStateMachineTypeNotSupported for service response error code
// "StateMachineTypeNotSupported".
+ //
+ // State machine type is not supported.
ErrCodeStateMachineTypeNotSupported = "StateMachineTypeNotSupported"
// ErrCodeTaskDoesNotExist for service response error code
@@ -194,32 +232,37 @@
)
var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
- "ActivityDoesNotExist": newErrorActivityDoesNotExist,
- "ActivityLimitExceeded": newErrorActivityLimitExceeded,
- "ActivityWorkerLimitExceeded": newErrorActivityWorkerLimitExceeded,
- "ConflictException": newErrorConflictException,
- "ExecutionAlreadyExists": newErrorExecutionAlreadyExists,
- "ExecutionDoesNotExist": newErrorExecutionDoesNotExist,
- "ExecutionLimitExceeded": newErrorExecutionLimitExceeded,
- "ExecutionNotRedrivable": newErrorExecutionNotRedrivable,
- "InvalidArn": newErrorInvalidArn,
- "InvalidDefinition": newErrorInvalidDefinition,
- "InvalidExecutionInput": newErrorInvalidExecutionInput,
- "InvalidLoggingConfiguration": newErrorInvalidLoggingConfiguration,
- "InvalidName": newErrorInvalidName,
- "InvalidOutput": newErrorInvalidOutput,
- "InvalidToken": newErrorInvalidToken,
- "InvalidTracingConfiguration": newErrorInvalidTracingConfiguration,
- "MissingRequiredParameter": newErrorMissingRequiredParameter,
- "ResourceNotFound": newErrorResourceNotFound,
- "ServiceQuotaExceededException": newErrorServiceQuotaExceededException,
- "StateMachineAlreadyExists": newErrorStateMachineAlreadyExists,
- "StateMachineDeleting": newErrorStateMachineDeleting,
- "StateMachineDoesNotExist": newErrorStateMachineDoesNotExist,
- "StateMachineLimitExceeded": newErrorStateMachineLimitExceeded,
- "StateMachineTypeNotSupported": newErrorStateMachineTypeNotSupported,
- "TaskDoesNotExist": newErrorTaskDoesNotExist,
- "TaskTimedOut": newErrorTaskTimedOut,
- "TooManyTags": newErrorTooManyTags,
- "ValidationException": newErrorValidationException,
+ "ActivityAlreadyExists": newErrorActivityAlreadyExists,
+ "ActivityDoesNotExist": newErrorActivityDoesNotExist,
+ "ActivityLimitExceeded": newErrorActivityLimitExceeded,
+ "ActivityWorkerLimitExceeded": newErrorActivityWorkerLimitExceeded,
+ "ConflictException": newErrorConflictException,
+ "ExecutionAlreadyExists": newErrorExecutionAlreadyExists,
+ "ExecutionDoesNotExist": newErrorExecutionDoesNotExist,
+ "ExecutionLimitExceeded": newErrorExecutionLimitExceeded,
+ "ExecutionNotRedrivable": newErrorExecutionNotRedrivable,
+ "InvalidArn": newErrorInvalidArn,
+ "InvalidDefinition": newErrorInvalidDefinition,
+ "InvalidEncryptionConfiguration": newErrorInvalidEncryptionConfiguration,
+ "InvalidExecutionInput": newErrorInvalidExecutionInput,
+ "InvalidLoggingConfiguration": newErrorInvalidLoggingConfiguration,
+ "InvalidName": newErrorInvalidName,
+ "InvalidOutput": newErrorInvalidOutput,
+ "InvalidToken": newErrorInvalidToken,
+ "InvalidTracingConfiguration": newErrorInvalidTracingConfiguration,
+ "KmsAccessDeniedException": newErrorKmsAccessDeniedException,
+ "KmsInvalidStateException": newErrorKmsInvalidStateException,
+ "KmsThrottlingException": newErrorKmsThrottlingException,
+ "MissingRequiredParameter": newErrorMissingRequiredParameter,
+ "ResourceNotFound": newErrorResourceNotFound,
+ "ServiceQuotaExceededException": newErrorServiceQuotaExceededException,
+ "StateMachineAlreadyExists": newErrorStateMachineAlreadyExists,
+ "StateMachineDeleting": newErrorStateMachineDeleting,
+ "StateMachineDoesNotExist": newErrorStateMachineDoesNotExist,
+ "StateMachineLimitExceeded": newErrorStateMachineLimitExceeded,
+ "StateMachineTypeNotSupported": newErrorStateMachineTypeNotSupported,
+ "TaskDoesNotExist": newErrorTaskDoesNotExist,
+ "TaskTimedOut": newErrorTaskTimedOut,
+ "TooManyTags": newErrorTooManyTags,
+ "ValidationException": newErrorValidationException,
}
