dprevot/python-botocore
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

New upstream version 1.17.5+repack

Browse source
This commit is contained in:
Noah Meyerhans 2020-06-18 12:07:50 -07:00
parent 82654cf87d
commit cb148423d1
78 changed files with 9419 additions and 1006 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
PKG-INFO
View file

@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: botocore
Version: 1.16.19
Version: 1.17.5
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services

2
botocore.egg-info/PKG-INFO
View file

@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: botocore
Version: 1.16.19
Version: 1.17.5
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services

4
botocore.egg-info/SOURCES.txt
View file

@ -199,6 +199,9 @@ botocore/data/cloudwatch/2010-08-01/examples-1.json
botocore/data/cloudwatch/2010-08-01/paginators-1.json
botocore/data/cloudwatch/2010-08-01/service-2.json
botocore/data/cloudwatch/2010-08-01/waiters-2.json
botocore/data/codeartifact/2018-09-22/paginators-1.json
botocore/data/codeartifact/2018-09-22/paginators-1.sdk-extras.json
botocore/data/codeartifact/2018-09-22/service-2.json
botocore/data/codebuild/2016-10-06/examples-1.json
botocore/data/codebuild/2016-10-06/paginators-1.json
botocore/data/codebuild/2016-10-06/service-2.json
@ -416,6 +419,7 @@ botocore/data/inspector/2015-08-18/service-2.json
botocore/data/inspector/2016-02-16/examples-1.json
botocore/data/inspector/2016-02-16/paginators-1.json
botocore/data/inspector/2016-02-16/service-2.json
botocore/data/iot-data/2015-05-28/paginators-1.json
botocore/data/iot-data/2015-05-28/service-2.json
botocore/data/iot-jobs-data/2017-09-29/examples-1.json
botocore/data/iot-jobs-data/2017-09-29/paginators-1.json

2
botocore/__init__.py
View file

@ -16,7 +16,7 @@ import os
import re
import logging
__version__ = '1.16.19'
__version__ = '1.17.5'
class NullHandler(logging.Handler):

163
botocore/credentials.py
View file

@ -24,7 +24,7 @@ from copy import deepcopy
from hashlib import sha1
from dateutil.parser import parse
from dateutil.tz import tzlocal
from dateutil.tz import tzlocal, tzutc
import botocore.configloader
import botocore.compat
@ -40,9 +40,11 @@ from botocore.exceptions import InfiniteLoopConfigError
from botocore.exceptions import RefreshWithMFAUnsupportedError
from botocore.exceptions import MetadataRetrievalError
from botocore.exceptions import CredentialRetrievalError
from botocore.exceptions import UnauthorizedSSOTokenError
from botocore.utils import InstanceMetadataFetcher, parse_key_val_file
from botocore.utils import ContainerMetadataFetcher
from botocore.utils import FileWebIdentityTokenLoader
from botocore.utils import SSOTokenLoader
logger = logging.getLogger(__name__)
@ -138,16 +140,19 @@ class ProfileProviderBuilder(object):
This is needed to enable sharing between the default credential chain and
the source profile chain created by the assume role provider.
"""
def __init__(self, session, cache=None, region_name=None):
def __init__(self, session, cache=None, region_name=None,
sso_token_cache=None):
self._session = session
self._cache = cache
self._region_name = region_name
self._sso_token_cache = sso_token_cache
def providers(self, profile_name, disable_env_vars=False):
return [
self._create_web_identity_provider(
profile_name, disable_env_vars,
),
self._create_sso_provider(profile_name),
self._create_shared_credential_provider(profile_name),
self._create_process_provider(profile_name),
self._create_config_provider(profile_name),
@ -183,6 +188,15 @@ class ProfileProviderBuilder(object):
disable_env_vars=disable_env_vars,
)
def _create_sso_provider(self, profile_name):
return SSOProvider(
load_config=lambda: self._session.full_config,
client_creator=self._session.create_client,
profile_name=profile_name,
cache=self._cache,
token_cache=self._sso_token_cache,
)
def get_credentials(session):
resolver = create_credential_resolver(session)
@ -1956,3 +1970,148 @@ class CredentialResolver(object):
# +1
# -js
return None
class SSOCredentialFetcher(CachedCredentialFetcher):
def __init__(self, start_url, sso_region, role_name, account_id,
client_creator, token_loader=None, cache=None,
expiry_window_seconds=None):
self._client_creator = client_creator
self._sso_region = sso_region
self._role_name = role_name
self._account_id = account_id
self._start_url = start_url
self._token_loader = token_loader
super(SSOCredentialFetcher, self).__init__(
cache, expiry_window_seconds
)
def _create_cache_key(self):
"""Create a predictable cache key for the current configuration.
The cache key is intended to be compatible with file names.
"""
args = {
'startUrl': self._start_url,
'roleName': self._role_name,
'accountId': self._account_id,
}
# NOTE: It would be good to hoist this cache key construction logic
# into the CachedCredentialFetcher class as we should be consistent.
# Unfortunately, the current assume role fetchers that sub class don't
# pass separators resulting in non-minified JSON. In the long term,
# all fetchers should use the below caching scheme.
args = json.dumps(args, sort_keys=True, separators=(',', ':'))
argument_hash = sha1(args.encode('utf-8')).hexdigest()
return self._make_file_safe(argument_hash)
def _parse_timestamp(self, timestamp_ms):
# fromtimestamp expects seconds so: milliseconds / 1000 = seconds
timestamp_seconds = timestamp_ms / 1000.0
timestamp = datetime.datetime.fromtimestamp(timestamp_seconds, tzutc())
return _serialize_if_needed(timestamp)
def _get_credentials(self):
"""Get credentials by calling SSO get role credentials."""
config = Config(
signature_version=UNSIGNED,
region_name=self._sso_region,
)
client = self._client_creator('sso', config=config)
kwargs = {
'roleName': self._role_name,
'accountId': self._account_id,
'accessToken': self._token_loader(self._start_url),
}
try:
response = client.get_role_credentials(**kwargs)
except client.exceptions.UnauthorizedException:
raise UnauthorizedSSOTokenError()
credentials = response['roleCredentials']
credentials = {
'ProviderType': 'sso',
'Credentials': {
'AccessKeyId': credentials['accessKeyId'],
'SecretAccessKey': credentials['secretAccessKey'],
'SessionToken': credentials['sessionToken'],
'Expiration': self._parse_timestamp(credentials['expiration']),
}
}
return credentials
class SSOProvider(CredentialProvider):
METHOD = 'sso'
_SSO_TOKEN_CACHE_DIR = os.path.expanduser(
os.path.join('~', '.aws', 'sso', 'cache')
)
_SSO_CONFIG_VARS = [
'sso_start_url',
'sso_region',
'sso_role_name',
'sso_account_id',
]
def __init__(self, load_config, client_creator, profile_name,
cache=None, token_cache=None):
if token_cache is None:
token_cache = JSONFileCache(self._SSO_TOKEN_CACHE_DIR)
self._token_cache = token_cache
if cache is None:
cache = {}
self.cache = cache
self._load_config = load_config
self._client_creator = client_creator
self._profile_name = profile_name
def _load_sso_config(self):
loaded_config = self._load_config()
profiles = loaded_config.get('profiles', {})
profile_name = self._profile_name
profile_config = profiles.get(self._profile_name, {})
if all(c not in profile_config for c in self._SSO_CONFIG_VARS):
return None
config = {}
missing_config_vars = []
for config_var in self._SSO_CONFIG_VARS:
if config_var in profile_config:
config[config_var] = profile_config[config_var]
else:
missing_config_vars.append(config_var)
if missing_config_vars:
missing = ', '.join(missing_config_vars)
raise InvalidConfigError(
error_msg=(
'The profile "%s" is configured to use SSO but is missing '
'required configuration: %s' % (profile_name, missing)
)
)
return config
def load(self):
sso_config = self._load_sso_config()
if not sso_config:
return None
sso_fetcher = SSOCredentialFetcher(
sso_config['sso_start_url'],
sso_config['sso_region'],
sso_config['sso_role_name'],
sso_config['sso_account_id'],
self._client_creator,
token_loader=SSOTokenLoader(cache=self._token_cache),
cache=self.cache,
)
return DeferredRefreshableCredentials(
method=self.METHOD,
refresh_using=sso_fetcher.fetch_credentials,
)

29
botocore/data/alexaforbusiness/2017-11-09/service-2.json
View file

@ -1516,6 +1516,7 @@
},
"BusinessReportContentRange":{
"type":"structure",
"required":["Interval"],
"members":{
"Interval":{
"shape":"BusinessReportInterval",
@ -1917,6 +1918,10 @@
"shape":"ClientRequestToken",
"documentation":"<p>The client request token.</p>",
"idempotencyToken":true
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags for the business report schedule.</p>"
}
}
},
@ -2227,6 +2232,10 @@
"MeetingRoomConfiguration":{
"shape":"CreateMeetingRoomConfiguration",
"documentation":"<p>The meeting room settings of a room profile.</p>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags for the profile.</p>"
}
}
},
@ -2271,7 +2280,7 @@
},
"ProfileArn":{
"shape":"Arn",
"documentation":"<p>The profile ARN for the room.</p>"
"documentation":"<p>The profile ARN for the room. This is required.</p>"
},
"ProviderCalendarId":{
"shape":"ProviderCalendarId",
@ -2313,6 +2322,10 @@
"shape":"ClientRequestToken",
"documentation":"<p>A unique, user-specified identifier for this request that ensures idempotency. </p>",
"idempotencyToken":true
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags for the skill group.</p>"
}
}
},
@ -2726,7 +2739,7 @@
"documentation":"<p>The room ARN associated with a device.</p>"
},
"RoomName":{
"shape":"RoomName",
"shape":"DeviceRoomName",
"documentation":"<p>The name of the room associated with a device.</p>"
},
"DeviceStatusInfo":{
@ -2813,6 +2826,12 @@
"documentation":"<p>The request failed because this device is no longer registered and therefore no longer managed by this account.</p>",
"exception":true
},
"DeviceRoomName":{
"type":"string",
"max":100,
"min":1,
"pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u0085\\u00A0-\\uD7FF\\uE000-\\uFFFD\\u10000-\\u10FFFF]*"
},
"DeviceSerialNumber":{
"type":"string",
"pattern":"[a-zA-Z0-9]{1,200}"
@ -2862,7 +2881,9 @@
"INVALID_CERTIFICATE_AUTHORITY",
"NETWORK_PROFILE_NOT_FOUND",
"INVALID_PASSWORD_STATE",
"PASSWORD_NOT_FOUND"
"PASSWORD_NOT_FOUND",
"PASSWORD_MANAGER_ACCESS_DENIED",
"CERTIFICATE_AUTHORITY_ACCESS_DENIED"
]
},
"DeviceStatusDetails":{
@ -5098,7 +5119,7 @@
},
"Reviews":{
"shape":"Reviews",
"documentation":"<p>The list of reviews for the skill, including Key and Value pair.</p>"
"documentation":"<p> <i>This member has been deprecated.</i> </p> <p>The list of reviews for the skill, including Key and Value pair.</p>"
},
"DeveloperInfo":{
"shape":"DeveloperInfo",

26
botocore/data/apigateway/2015-07-09/service-2.json
View file

@ -4957,7 +4957,7 @@
},
"body":{
"shape":"Blob",
"documentation":"<p>[Required] The POST request body containing external API definitions. Currently, only OpenAPI definition JSON/YAML files are supported. The maximum size of the API definition file is 2MB.</p>"
"documentation":"<p>[Required] The POST request body containing external API definitions. Currently, only OpenAPI definition JSON/YAML files are supported. The maximum size of the API definition file is 6MB.</p>"
}
},
"documentation":"<p>A POST request to import an API to API Gateway using an input of an API definition file.</p>",
@ -5013,7 +5013,7 @@
},
"cacheNamespace":{
"shape":"String",
"documentation":"<p>An API-specific tag group of related cached parameters. To be valid values for <code>cacheKeyParameters</code>, these parameters must also be specified for <a>Method</a> <code>requestParameters</code>.</p>"
"documentation":"<p>Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the <code>cacheNamespace</code>. You can specify the same <code>cacheNamespace</code> across resources to return the same cached data for requests to different resources.</p>"
},
"cacheKeyParameters":{
"shape":"ListOfString",
@ -5022,6 +5022,10 @@
"integrationResponses":{
"shape":"MapOfIntegrationResponse",
"documentation":"<p>Specifies the integration's responses.</p> <div class=\"remarks\"> <p/> <h4>Example: Get integration responses of a method</h4> <h5>Request</h5> <p/> <pre><code>GET /restapis/fugvjdxtri/resources/3kzxbg5sa2/methods/GET/integration/responses/200 HTTP/1.1 Content-Type: application/json Host: apigateway.us-east-1.amazonaws.com X-Amz-Date: 20160607T191449Z Authorization: AWS4-HMAC-SHA256 Credential={access_key_ID}/20160607/us-east-1/apigateway/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature={sig4_hash} </code></pre> <h5>Response</h5> <p>The successful response returns <code>200 OK</code> status and a payload as follows:</p> <pre><code>{ \"_links\": { \"curies\": { \"href\": \"https://docs.aws.amazon.com/apigateway/latest/developerguide/restapi-integration-response-{rel}.html\", \"name\": \"integrationresponse\", \"templated\": true }, \"self\": { \"href\": \"/restapis/fugvjdxtri/resources/3kzxbg5sa2/methods/GET/integration/responses/200\", \"title\": \"200\" }, \"integrationresponse:delete\": { \"href\": \"/restapis/fugvjdxtri/resources/3kzxbg5sa2/methods/GET/integration/responses/200\" }, \"integrationresponse:update\": { \"href\": \"/restapis/fugvjdxtri/resources/3kzxbg5sa2/methods/GET/integration/responses/200\" } }, \"responseParameters\": { \"method.response.header.Content-Type\": \"'application/xml'\" }, \"responseTemplates\": { \"application/json\": \"$util.urlDecode(\\\"%3CkinesisStreams%3E#foreach($stream in $input.path('$.StreamNames'))%3Cstream%3E%3Cname%3E$stream%3C/name%3E%3C/stream%3E#end%3C/kinesisStreams%3E\\\")\\n\" }, \"statusCode\": \"200\" }</code></pre> <p/> </div> <div class=\"seeAlso\"> <a href=\"https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-create-api.html\">Creating an API</a> </div>"
},
"tlsConfig":{
"shape":"TlsConfig",
"documentation":"<p>Specifies the TLS configuration for an integration.</p>"
}
},
"documentation":"<p>Represents an HTTP, HTTP_PROXY, AWS, AWS_PROXY, or Mock integration.</p> <div class=\"remarks\">In the API Gateway console, the built-in Lambda integration is an AWS integration.</div> <div class=\"seeAlso\"> <a href=\"https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-create-api.html\">Creating an API</a> </div>"
@ -5560,11 +5564,11 @@
},
"cacheNamespace":{
"shape":"String",
"documentation":"<p>A list of request parameters whose values are to be cached.</p>"
"documentation":"<p>Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the <code>cacheNamespace</code>. You can specify the same <code>cacheNamespace</code> across resources to return the same cached data for requests to different resources.</p>"
},
"cacheKeyParameters":{
"shape":"ListOfString",
"documentation":"<p>An API-specific tag group of related cached parameters.</p>"
"documentation":"<p>A list of request parameters whose values API Gateway caches. To be valid values for <code>cacheKeyParameters</code>, these parameters must also be specified for <a>Method</a> <code>requestParameters</code>.</p>"
},
"contentHandling":{
"shape":"ContentHandlingStrategy",
@ -5573,7 +5577,8 @@
"timeoutInMillis":{
"shape":"NullableInteger",
"documentation":"<p>Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds.</p>"
}
},
"tlsConfig":{"shape":"TlsConfig"}
},
"documentation":"<p>Sets up a method's integration.</p>"
},
@ -5774,7 +5779,7 @@
},
"body":{
"shape":"Blob",
"documentation":"<p>[Required] The PUT request body containing external API definitions. Currently, only OpenAPI definition JSON/YAML files are supported. The maximum size of the API definition file is 2MB.</p>"
"documentation":"<p>[Required] The PUT request body containing external API definitions. Currently, only OpenAPI definition JSON/YAML files are supported. The maximum size of the API definition file is 6MB.</p>"
}
},
"documentation":"<p>A PUT request to update an existing API, with external API definitions specified as the request body.</p>",
@ -6368,6 +6373,15 @@
"documentation":"<p> The API request rate limits.</p>"
},
"Timestamp":{"type":"timestamp"},
"TlsConfig":{
"type":"structure",
"members":{
"insecureSkipVerification":{
"shape":"Boolean",
"documentation":"<p>Specifies whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a <a href=\"https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-supported-certificate-authorities-for-http-endpoints.html\">supported certificate authority</a>. This isnt recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate's expiration date, hostname, and presence of a root certificate authority. Supported only for <code>HTTP</code> and <code>HTTP_PROXY</code> integrations.</p>"
}
}
},
"TooManyRequestsException":{
"type":"structure",
"members":{

349
botocore/data/appconfig/2019-10-09/service-2.json
View file

@ -75,6 +75,25 @@
],
"documentation":"<p>For each application, you define one or more environments. An environment is a logical deployment group of AppConfig targets, such as applications in a <code>Beta</code> or <code>Production</code> environment. You can also define environments for application subcomponents such as the <code>Web</code>, <code>Mobile</code> and <code>Back-end</code> components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.</p>"
},
"CreateHostedConfigurationVersion":{
"name":"CreateHostedConfigurationVersion",
"http":{
"method":"POST",
"requestUri":"/applications/{ApplicationId}/configurationprofiles/{ConfigurationProfileId}/hostedconfigurationversions",
"responseCode":201
},
"input":{"shape":"CreateHostedConfigurationVersionRequest"},
"output":{"shape":"HostedConfigurationVersion"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"ServiceQuotaExceededException"},
{"shape":"ResourceNotFoundException"},
{"shape":"ConflictException"},
{"shape":"PayloadTooLargeException"},
{"shape":"InternalServerException"}
],
"documentation":"<p>Create a new configuration in the AppConfig configuration store.</p>"
},
"DeleteApplication":{
"name":"DeleteApplication",
"http":{
@ -137,6 +156,21 @@
],
"documentation":"<p>Delete an environment. Deleting an environment does not delete a configuration from a host.</p>"
},
"DeleteHostedConfigurationVersion":{
"name":"DeleteHostedConfigurationVersion",
"http":{
"method":"DELETE",
"requestUri":"/applications/{ApplicationId}/configurationprofiles/{ConfigurationProfileId}/hostedconfigurationversions/{VersionNumber}",
"responseCode":204
},
"input":{"shape":"DeleteHostedConfigurationVersionRequest"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"ResourceNotFoundException"},
{"shape":"InternalServerException"}
],
"documentation":"<p>Delete a version of a configuration from the AppConfig configuration store.</p>"
},
"GetApplication":{
"name":"GetApplication",
"http":{
@ -165,7 +199,6 @@
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"InternalServerException"},
{"shape":"ResourceNotFoundException"},
{"shape":"BadRequestException"}
],
"documentation":"<p>Receive information about a configuration.</p> <important> <p>AWS AppConfig uses the value of the <code>ClientConfigurationVersion</code> parameter to identify the configuration version on your clients. If you dont send <code>ClientConfigurationVersion</code> with each call to <code>GetConfiguration</code>, your clients receive the current configuration. You are charged each time your clients receive a configuration.</p> <p>To avoid excess charges, we recommend that you include the <code>ClientConfigurationVersion</code> value with every call to <code>GetConfiguration</code>. This value must be saved on your client. Subsequent calls to <code>GetConfiguration</code> must pass this value by using the <code>ClientConfigurationVersion</code> parameter. </p> </important>"
@ -234,6 +267,22 @@
],
"documentation":"<p>Retrieve information about an environment. An environment is a logical deployment group of AppConfig applications, such as applications in a <code>Production</code> environment or in an <code>EU_Region</code> environment. Each configuration deployment targets an environment. You can enable one or more Amazon CloudWatch alarms for an environment. If an alarm is triggered during a deployment, AppConfig roles back the configuration.</p>"
},
"GetHostedConfigurationVersion":{
"name":"GetHostedConfigurationVersion",
"http":{
"method":"GET",
"requestUri":"/applications/{ApplicationId}/configurationprofiles/{ConfigurationProfileId}/hostedconfigurationversions/{VersionNumber}",
"responseCode":200
},
"input":{"shape":"GetHostedConfigurationVersionRequest"},
"output":{"shape":"HostedConfigurationVersion"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"ResourceNotFoundException"},
{"shape":"InternalServerException"}
],
"documentation":"<p>Get information about a specific configuration version.</p>"
},
"ListApplications":{
"name":"ListApplications",
"http":{
@ -312,6 +361,22 @@
],
"documentation":"<p>List the environments for an application.</p>"
},
"ListHostedConfigurationVersions":{
"name":"ListHostedConfigurationVersions",
"http":{
"method":"GET",
"requestUri":"/applications/{ApplicationId}/configurationprofiles/{ConfigurationProfileId}/hostedconfigurationversions",
"responseCode":200
},
"input":{"shape":"ListHostedConfigurationVersionsRequest"},
"output":{"shape":"HostedConfigurationVersions"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"ResourceNotFoundException"},
{"shape":"InternalServerException"}
],
"documentation":"<p>View a list of configurations stored in the AppConfig configuration store by version.</p>"
},
"ListTagsForResource":{
"name":"ListTagsForResource",
"http":{
@ -521,7 +586,14 @@
"error":{"httpStatusCode":400},
"exception":true
},
"Blob":{"type":"blob"},
"Blob":{
"type":"blob",
"sensitive":true
},
"BytesMeasure":{
"type":"string",
"enum":["KILOBYTES"]
},
"Configuration":{
"type":"structure",
"members":{
@ -568,7 +640,7 @@
"documentation":"<p>The URI location of the configuration.</p>"
},
"RetrievalRoleArn":{
"shape":"Arn",
"shape":"RoleArn",
"documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified LocationUri.</p>"
},
"Validators":{
@ -652,8 +724,7 @@
"required":[
"ApplicationId",
"Name",
"LocationUri",
"RetrievalRoleArn"
"LocationUri"
],
"members":{
"ApplicationId":{
@ -675,7 +746,7 @@
"documentation":"<p>A URI to locate the configuration. You can specify a Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. For an SSM document, specify either the document name in the format <code>ssm-document://&lt;Document_name&gt;</code> or the Amazon Resource Name (ARN). For a parameter, specify either the parameter name in the format <code>ssm-parameter://&lt;Parameter_name&gt;</code> or the ARN. For an Amazon S3 object, specify the URI in the following format: <code>s3://&lt;bucket&gt;/&lt;objectKey&gt; </code>. Here is an example: s3://my-bucket/my-app/us-east-1/my-config.json</p>"
},
"RetrievalRoleArn":{
"shape":"Arn",
"shape":"RoleArn",
"documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified LocationUri.</p>"
},
"Validators":{
@ -764,6 +835,53 @@
}
}
},
"CreateHostedConfigurationVersionRequest":{
"type":"structure",
"required":[
"ApplicationId",
"ConfigurationProfileId",
"Content",
"ContentType"
],
"members":{
"ApplicationId":{
"shape":"Id",
"documentation":"<p>The application ID.</p>",
"location":"uri",
"locationName":"ApplicationId"
},
"ConfigurationProfileId":{
"shape":"Id",
"documentation":"<p>The configuration profile ID.</p>",
"location":"uri",
"locationName":"ConfigurationProfileId"
},
"Description":{
"shape":"Description",
"documentation":"<p>A description of the configuration.</p>",
"location":"header",
"locationName":"Description"
},
"Content":{
"shape":"Blob",
"documentation":"<p>The content of the configuration or the configuration data.</p>"
},
"ContentType":{
"shape":"StringWithLengthBetween1And255",
"documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://docs.aws.amazon.com/https:/www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>",
"location":"header",
"locationName":"Content-Type"
},
"LatestVersionNumber":{
"shape":"Integer",
"documentation":"<p>An optional locking token used to prevent race conditions from overwriting configuration updates when creating a new version. To ensure your data is not overwritten when creating multiple hosted configuration versions in rapid succession, specify the version of the latest hosted configuration version.</p>",
"box":true,
"location":"header",
"locationName":"Latest-Version-Number"
}
},
"payload":"Content"
},
"DeleteApplicationRequest":{
"type":"structure",
"required":["ApplicationId"],
@ -830,6 +948,34 @@
}
}
},
"DeleteHostedConfigurationVersionRequest":{
"type":"structure",
"required":[
"ApplicationId",
"ConfigurationProfileId",
"VersionNumber"
],
"members":{
"ApplicationId":{
"shape":"Id",
"documentation":"<p>The application ID.</p>",
"location":"uri",
"locationName":"ApplicationId"
},
"ConfigurationProfileId":{
"shape":"Id",
"documentation":"<p>The configuration profile ID.</p>",
"location":"uri",
"locationName":"ConfigurationProfileId"
},
"VersionNumber":{
"shape":"Integer",
"documentation":"<p>The versions number to delete.</p>",
"location":"uri",
"locationName":"VersionNumber"
}
}
},
"Deployment":{
"type":"structure",
"members":{
@ -1011,7 +1157,7 @@
},
"DeploymentStrategyId":{
"type":"string",
"pattern":"([a-z0-9]{4,7}|arn:aws.*)"
"pattern":"(^[a-z0-9]{4,7}$|^AppConfig\\.[A-Za-z0-9]{9,40}$)"
},
"DeploymentStrategyList":{
"type":"list",
@ -1140,6 +1286,7 @@
}
}
},
"Float":{"type":"float"},
"GetApplicationRequest":{
"type":"structure",
"required":["ApplicationId"],
@ -1276,6 +1423,34 @@
}
}
},
"GetHostedConfigurationVersionRequest":{
"type":"structure",
"required":[
"ApplicationId",
"ConfigurationProfileId",
"VersionNumber"
],
"members":{
"ApplicationId":{
"shape":"Id",
"documentation":"<p>The application ID.</p>",
"location":"uri",
"locationName":"ApplicationId"
},
"ConfigurationProfileId":{
"shape":"Id",
"documentation":"<p>The configuration profile ID.</p>",
"location":"uri",
"locationName":"ConfigurationProfileId"
},
"VersionNumber":{
"shape":"Integer",
"documentation":"<p>The version.</p>",
"location":"uri",
"locationName":"VersionNumber"
}
}
},
"GrowthFactor":{
"type":"float",
"max":100.0,
@ -1288,6 +1463,89 @@
"EXPONENTIAL"
]
},
"HostedConfigurationVersion":{
"type":"structure",
"members":{
"ApplicationId":{
"shape":"Id",
"documentation":"<p>The application ID.</p>",
"location":"header",
"locationName":"Application-Id"
},
"ConfigurationProfileId":{
"shape":"Id",
"documentation":"<p>The configuration profile ID.</p>",
"location":"header",
"locationName":"Configuration-Profile-Id"
},
"VersionNumber":{
"shape":"Integer",
"documentation":"<p>The configuration version.</p>",
"location":"header",
"locationName":"Version-Number"
},
"Description":{
"shape":"Description",
"documentation":"<p>A description of the configuration.</p>",
"location":"header",
"locationName":"Description"
},
"Content":{
"shape":"Blob",
"documentation":"<p>The content of the configuration or the configuration data.</p>"
},
"ContentType":{
"shape":"StringWithLengthBetween1And255",
"documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://docs.aws.amazon.com/https:/www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>",
"location":"header",
"locationName":"Content-Type"
}
},
"payload":"Content"
},
"HostedConfigurationVersionSummary":{
"type":"structure",
"members":{
"ApplicationId":{
"shape":"Id",
"documentation":"<p>The application ID.</p>"
},
"ConfigurationProfileId":{
"shape":"Id",
"documentation":"<p>The configuration profile ID.</p>"
},
"VersionNumber":{
"shape":"Integer",
"documentation":"<p>The configuration version.</p>"
},
"Description":{
"shape":"Description",
"documentation":"<p>A description of the configuration.</p>"
},
"ContentType":{
"shape":"StringWithLengthBetween1And255",
"documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://docs.aws.amazon.com/https:/www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>"
}
},
"documentation":"<p>Information about the configuration.</p>"
},
"HostedConfigurationVersionSummaryList":{
"type":"list",
"member":{"shape":"HostedConfigurationVersionSummary"}
},
"HostedConfigurationVersions":{
"type":"structure",
"members":{
"Items":{
"shape":"HostedConfigurationVersionSummaryList",
"documentation":"<p>The elements from this collection.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>The token for the next set of items to return. Use this token to get the next set of results.</p>"
}
}
},
"Id":{
"type":"string",
"pattern":"[a-z0-9]{4,7}"
@ -1427,6 +1685,40 @@
}
}
},
"ListHostedConfigurationVersionsRequest":{
"type":"structure",
"required":[
"ApplicationId",
"ConfigurationProfileId"
],
"members":{
"ApplicationId":{
"shape":"Id",
"documentation":"<p>The application ID.</p>",
"location":"uri",
"locationName":"ApplicationId"
},
"ConfigurationProfileId":{
"shape":"Id",
"documentation":"<p>The configuration profile ID.</p>",
"location":"uri",
"locationName":"ConfigurationProfileId"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.</p>",
"box":true,
"location":"querystring",
"locationName":"max_results"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>A token to start the list. Use this token to get the next set of results. </p>",
"location":"querystring",
"locationName":"next_token"
}
}
},
"ListTagsForResourceRequest":{
"type":"structure",
"required":["ResourceArn"],
@ -1457,7 +1749,7 @@
"documentation":"<p>ARN of the Amazon CloudWatch alarm.</p>"
},
"AlarmRoleArn":{
"shape":"Arn",
"shape":"RoleArn",
"documentation":"<p>ARN of an IAM role for AppConfig to monitor <code>AlarmArn</code>.</p>"
}
},
@ -1479,6 +1771,18 @@
"max":2048,
"min":1
},
"PayloadTooLargeException":{
"type":"structure",
"members":{
"Message":{"shape":"String"},
"Measure":{"shape":"BytesMeasure"},
"Limit":{"shape":"Float"},
"Size":{"shape":"Float"}
},
"documentation":"<p>The configuration size is too large.</p>",
"error":{"httpStatusCode":413},
"exception":true
},
"Percentage":{
"type":"float",
"max":100.0,
@ -1510,6 +1814,21 @@
}
}
},
"RoleArn":{
"type":"string",
"max":2048,
"min":20,
"pattern":"^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):(iam)::\\d{12}:role[/].*)$"
},
"ServiceQuotaExceededException":{
"type":"structure",
"members":{
"Message":{"shape":"String"}
},
"documentation":"<p>The number of hosted configuration versions exceeds the limit for the AppConfig configuration store. Delete one or more versions and try again.</p>",
"error":{"httpStatusCode":402},
"exception":true
},
"StartDeploymentRequest":{
"type":"structure",
"required":[
@ -1587,7 +1906,13 @@
"StringWithLengthBetween0And32768":{
"type":"string",
"max":32768,
"min":0
"min":0,
"sensitive":true
},
"StringWithLengthBetween1And255":{
"type":"string",
"max":255,
"min":1
},
"StringWithLengthBetween1And64":{
"type":"string",
@ -1713,7 +2038,7 @@
"documentation":"<p>A description of the configuration profile.</p>"
},
"RetrievalRoleArn":{
"shape":"Arn",
"shape":"RoleArn",
"documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified LocationUri.</p>"
},
"Validators":{
@ -1862,9 +2187,9 @@
},
"Version":{
"type":"string",
"max":128,
"max":1024,
"min":1
}
},
"documentation":"<fullname>AWS AppConfig</fullname> <p>Use AWS AppConfig, a capability of AWS Systems Manager, to create, manage, and quickly deploy application configurations. AppConfig supports controlled deployments to applications of any size and includes built-in validation checks and monitoring. You can use AppConfig with applications hosted on Amazon EC2 instances, AWS Lambda, containers, mobile applications, or IoT devices.</p> <p>To prevent errors when deploying application configurations, especially for production systems where a simple typo could cause an unexpected outage, AppConfig includes validators. A validator provides a syntactic or semantic check to ensure that the configuration you want to deploy works as intended. To validate your application configuration data, you provide a schema or a Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.</p> <p>During a configuration deployment, AppConfig monitors the application to ensure that the deployment is successful. If the system encounters an error, AppConfig rolls back the change to minimize impact for your application users. You can configure a deployment strategy for each application or environment that includes deployment criteria, including velocity, bake time, and alarms to monitor. Similar to error monitoring, if a deployment triggers an alarm, AppConfig automatically rolls back to the previous version. </p> <p>AppConfig supports multiple use cases. Here are some examples.</p> <ul> <li> <p> <b>Application tuning</b>: Use AppConfig to carefully introduce changes to your application that can only be tested with production traffic.</p> </li> <li> <p> <b>Feature toggle</b>: Use AppConfig to turn on new features that require a timely deployment, such as a product launch or announcement. </p> </li> <li> <p> <b>User membership</b>: Use AppConfig to allow premium subscribers to access paid content. </p> </li> <li> <p> <b>Operational issues</b>: Use AppConfig to reduce stress on your application when a dependency or other external factor impacts the system.</p> </li> </ul> <p>This reference is intended to be used with the <a href=\"http://docs.aws.amazon.com/systems-manager/latest/userguide/appconfig.html\">AWS AppConfig User Guide</a>.</p>"
"documentation":"<fullname>AWS AppConfig</fullname> <p>Use AWS AppConfig, a capability of AWS Systems Manager, to create, manage, and quickly deploy application configurations. AppConfig supports controlled deployments to applications of any size and includes built-in validation checks and monitoring. You can use AppConfig with applications hosted on Amazon EC2 instances, AWS Lambda, containers, mobile applications, or IoT devices.</p> <p>To prevent errors when deploying application configurations, especially for production systems where a simple typo could cause an unexpected outage, AppConfig includes validators. A validator provides a syntactic or semantic check to ensure that the configuration you want to deploy works as intended. To validate your application configuration data, you provide a schema or a Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.</p> <p>During a configuration deployment, AppConfig monitors the application to ensure that the deployment is successful. If the system encounters an error, AppConfig rolls back the change to minimize impact for your application users. You can configure a deployment strategy for each application or environment that includes deployment criteria, including velocity, bake time, and alarms to monitor. Similar to error monitoring, if a deployment triggers an alarm, AppConfig automatically rolls back to the previous version. </p> <p>AppConfig supports multiple use cases. Here are some examples.</p> <ul> <li> <p> <b>Application tuning</b>: Use AppConfig to carefully introduce changes to your application that can only be tested with production traffic.</p> </li> <li> <p> <b>Feature toggle</b>: Use AppConfig to turn on new features that require a timely deployment, such as a product launch or announcement. </p> </li> <li> <p> <b>Allow list</b>: Use AppConfig to allow premium subscribers to access paid content. </p> </li> <li> <p> <b>Operational issues</b>: Use AppConfig to reduce stress on your application when a dependency or other external factor impacts the system.</p> </li> </ul> <p>This reference is intended to be used with the <a href=\"http://docs.aws.amazon.com/systems-manager/latest/userguide/appconfig.html\">AWS AppConfig User Guide</a>.</p>"
}

170
botocore/data/appmesh/2019-01-25/service-2.json
View file

@ -1230,11 +1230,11 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"resourceOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"uid": {
"shape": "String",
@ -1505,7 +1505,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -1674,7 +1674,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -1881,6 +1881,23 @@
"senderFault": true
}
},
"ListenerTimeout": {
"type": "structure",
"members": {
"grpc": {
"shape": "GrpcTimeout"
},
"http": {
"shape": "HttpTimeout"
},
"http2": {
"shape": "HttpTimeout"
},
"tcp": {
"shape": "TcpTimeout"
}
}
},
"MeshList": {
"type": "list",
"member": {
@ -1984,10 +2001,12 @@
"documentation": "<p>The full Amazon Resource Name (ARN) for the route.</p>"
},
"createdAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was created.</p>"
},
"lastUpdatedAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was last updated.</p>"
},
"meshName": {
"shape": "ResourceName",
@ -1995,18 +2014,19 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"resourceOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"routeName": {
"shape": "ResourceName",
"documentation": "<p>The name of the route.</p>"
},
"version": {
"shape": "Long"
"shape": "Long",
"documentation": "<p>The version of the resource. Resources are created at version 1, and this version is incremented each time that they're updated.</p>"
},
"virtualRouterName": {
"shape": "ResourceName",
@ -2030,7 +2050,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2329,7 +2349,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2432,6 +2452,17 @@
},
"documentation": "<p>An object that represents a virtual node service provider.</p>"
},
"HttpTimeout": {
"type": "structure",
"members": {
"idle": {
"shape": "Duration"
},
"perRequest": {
"shape": "Duration"
}
}
},
"DeleteVirtualServiceInput": {
"type": "structure",
"required": [
@ -2447,7 +2478,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2528,7 +2559,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2607,7 +2638,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2650,7 +2681,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2746,7 +2777,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2775,7 +2806,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2863,7 +2894,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2948,7 +2979,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -2985,10 +3016,12 @@
"documentation": "<p>The full Amazon Resource Name (ARN) for the virtual service.</p>"
},
"createdAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was created.</p>"
},
"lastUpdatedAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was last updated.</p>"
},
"meshName": {
"shape": "ResourceName",
@ -2996,14 +3029,15 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"resourceOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"version": {
"shape": "Long"
"shape": "Long",
"documentation": "<p>The version of the resource. Resources are created at version 1, and this version is incremented each time that they're updated.</p>"
},
"virtualServiceName": {
"shape": "ServiceName",
@ -3012,6 +3046,17 @@
},
"documentation": "<p>An object that represents a virtual service returned by a list operation.</p>"
},
"GrpcTimeout": {
"type": "structure",
"members": {
"idle": {
"shape": "Duration"
},
"perRequest": {
"shape": "Duration"
}
}
},
"VirtualNodeStatus": {
"type": "structure",
"required": [
@ -3043,10 +3088,12 @@
"documentation": "<p>The full Amazon Resource Name (ARN) for the virtual router.</p>"
},
"createdAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was created.</p>"
},
"lastUpdatedAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was last updated.</p>"
},
"meshName": {
"shape": "ResourceName",
@ -3054,14 +3101,15 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"resourceOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"version": {
"shape": "Long"
"shape": "Long",
"documentation": "<p>The version of the resource. Resources are created at version 1, and this version is incremented each time that they're updated.</p>"
},
"virtualRouterName": {
"shape": "ResourceName",
@ -3152,10 +3200,12 @@
"documentation": "<p>The full Amazon Resource Name (ARN) for the virtual node.</p>"
},
"createdAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was created.</p>"
},
"lastUpdatedAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was last updated.</p>"
},
"meshName": {
"shape": "ResourceName",
@ -3163,14 +3213,15 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"resourceOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"version": {
"shape": "Long"
"shape": "Long",
"documentation": "<p>The version of the resource. Resources are created at version 1, and this version is incremented each time that they're updated.</p>"
},
"virtualNodeName": {
"shape": "ResourceName",
@ -3290,7 +3341,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -3385,6 +3436,9 @@
"action": {
"shape": "TcpRouteAction",
"documentation": "<p>The action to take if a match is determined.</p>"
},
"timeout": {
"shape": "TcpTimeout"
}
},
"documentation": "<p>An object that represents a TCP route type.</p>"
@ -3415,7 +3469,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -3461,7 +3515,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -3504,7 +3558,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -3649,10 +3703,12 @@
"documentation": "<p>The full Amazon Resource Name (ARN) of the service mesh.</p>"
},
"createdAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was created.</p>"
},
"lastUpdatedAt": {
"shape": "Timestamp"
"shape": "Timestamp",
"documentation": "<p>The Unix epoch timestamp in seconds for when the resource was last updated.</p>"
},
"meshName": {
"shape": "ResourceName",
@ -3660,14 +3716,15 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"resourceOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>"
"documentation": "<p>The AWS IAM account ID of the resource owner. If the account ID is not your own, then it's\n the ID of the mesh owner or of another account that the mesh is shared with. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>"
},
"version": {
"shape": "Long"
"shape": "Long",
"documentation": "<p>The version of the resource. Resources are created at version 1, and this version is incremented each time that they're updated.</p>"
}
},
"documentation": "<p>An object that represents a service mesh returned by a list operation.</p>"
@ -3749,7 +3806,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -3789,6 +3846,9 @@
"shape": "PortMapping",
"documentation": "<p>The port mapping information for the listener.</p>"
},
"timeout": {
"shape": "ListenerTimeout"
},
"tls": {
"shape": "ListenerTls",
"documentation": "<p>A reference to an object that represents the Transport Layer Security (TLS) properties for a listener.</p>"
@ -3814,6 +3874,9 @@
"retryPolicy": {
"shape": "GrpcRetryPolicy",
"documentation": "<p>An object that represents a retry policy.</p>"
},
"timeout": {
"shape": "GrpcTimeout"
}
},
"documentation": "<p>An object that represents a gRPC route type.</p>"
@ -3942,7 +4005,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -4042,7 +4105,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then\n the account that you specify must share the mesh with your account before you can create \n the resource in the service mesh. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -4089,6 +4152,14 @@
"String": {
"type": "string"
},
"TcpTimeout": {
"type": "structure",
"members": {
"idle": {
"shape": "Duration"
}
}
},
"HttpScheme": {
"type": "string",
"enum": [
@ -4118,7 +4189,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
},
@ -4159,6 +4230,9 @@
"retryPolicy": {
"shape": "HttpRetryPolicy",
"documentation": "<p>An object that represents a retry policy.</p>"
},
"timeout": {
"shape": "HttpTimeout"
}
},
"documentation": "<p>An object that represents an HTTP or HTTP/2 route type.</p>"
@ -4177,7 +4251,7 @@
},
"meshOwner": {
"shape": "AccountId",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with Shared Meshes</a>.</p>",
"documentation": "<p>The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then it's\n the ID of the account that shared the mesh with your account. For more information about mesh sharing, see <a href=\"https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html\">Working with shared meshes</a>.</p>",
"location": "querystring",
"locationName": "meshOwner"
}

24
botocore/data/athena/2017-05-18/paginators-1.json
View file

@ -21,6 +21,30 @@
"ResultSet.ResultSetMetadata",
"UpdateCount"
]
},
"ListDataCatalogs": {
"input_token": "NextToken",
"limit_key": "MaxResults",
"output_token": "NextToken",
"result_key": "DataCatalogsSummary"
},
"ListDatabases": {
"input_token": "NextToken",
"limit_key": "MaxResults",
"output_token": "NextToken",
"result_key": "DatabaseList"
},
"ListTableMetadata": {
"input_token": "NextToken",
"limit_key": "MaxResults",
"output_token": "NextToken",
"result_key": "TableMetadataList"
},
"ListTagsForResource": {
"input_token": "NextToken",
"limit_key": "MaxResults",
"output_token": "NextToken",
"result_key": "Tags"
}
}
}

654
botocore/data/athena/2017-05-18/service-2.json
View file

@ -40,6 +40,20 @@
],
"documentation":"<p>Returns the details of a single query execution or a list of up to 50 query executions, which you provide as an array of query execution ID strings. Requires you to have access to the workgroup in which the queries ran. To get a list of query execution IDs, use <a>ListQueryExecutionsInput$WorkGroup</a>. Query executions differ from named (saved) queries. Use <a>BatchGetNamedQueryInput</a> to get details about named queries.</p>"
},
"CreateDataCatalog":{
"name":"CreateDataCatalog",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"CreateDataCatalogInput"},
"output":{"shape":"CreateDataCatalogOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Creates (registers) a data catalog with the specified name and properties. Catalogs created are visible to all users of the same AWS account.</p>"
},
"CreateNamedQuery":{
"name":"CreateNamedQuery",
"http":{
@ -69,6 +83,20 @@
],
"documentation":"<p>Creates a workgroup with the specified name.</p>"
},
"DeleteDataCatalog":{
"name":"DeleteDataCatalog",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DeleteDataCatalogInput"},
"output":{"shape":"DeleteDataCatalogOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Deletes a data catalog.</p>"
},
"DeleteNamedQuery":{
"name":"DeleteNamedQuery",
"http":{
@ -99,6 +127,35 @@
"documentation":"<p>Deletes the workgroup with the specified name. The primary workgroup cannot be deleted.</p>",
"idempotent":true
},
"GetDataCatalog":{
"name":"GetDataCatalog",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"GetDataCatalogInput"},
"output":{"shape":"GetDataCatalogOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Returns the specified data catalog.</p>"
},
"GetDatabase":{
"name":"GetDatabase",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"GetDatabaseInput"},
"output":{"shape":"GetDatabaseOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"},
{"shape":"MetadataException"}
],
"documentation":"<p>Returns a database object for the specfied database and data catalog.</p>"
},
"GetNamedQuery":{
"name":"GetNamedQuery",
"http":{
@ -141,6 +198,21 @@
],
"documentation":"<p>Streams the results of a single query execution specified by <code>QueryExecutionId</code> from the Athena query results location in Amazon S3. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/querying.html\">Query Results</a> in the <i>Amazon Athena User Guide</i>. This request does not execute the query but returns results. Use <a>StartQueryExecution</a> to run a query.</p> <p>To stream query results successfully, the IAM principal with permission to call <code>GetQueryResults</code> also must have permissions to the Amazon S3 <code>GetObject</code> action for the Athena query results location.</p> <important> <p>IAM principals with permission to the Amazon S3 <code>GetObject</code> action for the query results location are able to retrieve query results from Amazon S3 even if permission to the <code>GetQueryResults</code> action is denied. To restrict user or role access, ensure that Amazon S3 permissions to the Athena query location are denied.</p> </important>"
},
"GetTableMetadata":{
"name":"GetTableMetadata",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"GetTableMetadataInput"},
"output":{"shape":"GetTableMetadataOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"},
{"shape":"MetadataException"}
],
"documentation":"<p>Returns table metadata for the specified catalog, database, and table.</p>"
},
"GetWorkGroup":{
"name":"GetWorkGroup",
"http":{
@ -155,6 +227,35 @@
],
"documentation":"<p>Returns information about the workgroup with the specified name.</p>"
},
"ListDataCatalogs":{
"name":"ListDataCatalogs",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ListDataCatalogsInput"},
"output":{"shape":"ListDataCatalogsOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Lists the data catalogs in the current AWS account.</p>"
},
"ListDatabases":{
"name":"ListDatabases",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ListDatabasesInput"},
"output":{"shape":"ListDatabasesOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"},
{"shape":"MetadataException"}
],
"documentation":"<p>Lists the databases in the specified data catalog.</p>"
},
"ListNamedQueries":{
"name":"ListNamedQueries",
"http":{
@ -167,7 +268,7 @@
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Provides a list of available query IDs only for queries saved in the specified workgroup. Requires that you have access to the workgroup. If a workgroup is not specified, lists the saved queries for the primary workgroup.</p> <p>For code samples using the AWS SDK for Java, see <a href=\"http://docs.aws.amazon.com/athena/latest/ug/code-samples.html\">Examples and Code Samples</a> in the <i>Amazon Athena User Guide</i>.</p>"
"documentation":"<p>Provides a list of available query IDs only for queries saved in the specified workgroup. Requires that you have access to the specified workgroup. If a workgroup is not specified, lists the saved queries for the primary workgroup.</p> <p>For code samples using the AWS SDK for Java, see <a href=\"http://docs.aws.amazon.com/athena/latest/ug/code-samples.html\">Examples and Code Samples</a> in the <i>Amazon Athena User Guide</i>.</p>"
},
"ListQueryExecutions":{
"name":"ListQueryExecutions",
@ -183,6 +284,21 @@
],
"documentation":"<p>Provides a list of available query execution IDs for the queries in the specified workgroup. If a workgroup is not specified, returns a list of query execution IDs for the primary workgroup. Requires you to have access to the workgroup in which the queries ran.</p> <p>For code samples using the AWS SDK for Java, see <a href=\"http://docs.aws.amazon.com/athena/latest/ug/code-samples.html\">Examples and Code Samples</a> in the <i>Amazon Athena User Guide</i>.</p>"
},
"ListTableMetadata":{
"name":"ListTableMetadata",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ListTableMetadataInput"},
"output":{"shape":"ListTableMetadataOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"},
{"shape":"MetadataException"}
],
"documentation":"<p>Lists the metadata for the tables in the specified data catalog database.</p>"
},
"ListTagsForResource":{
"name":"ListTagsForResource",
"http":{
@ -196,7 +312,7 @@
{"shape":"InvalidRequestException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Lists the tags associated with this workgroup.</p>"
"documentation":"<p>Lists the tags associated with an Athena workgroup or data catalog resource.</p>"
},
"ListWorkGroups":{
"name":"ListWorkGroups",
@ -225,7 +341,7 @@
{"shape":"InvalidRequestException"},
{"shape":"TooManyRequestsException"}
],
"documentation":"<p>Runs the SQL query statements contained in the <code>Query</code>. Requires you to have access to the workgroup in which the query ran.</p> <p>For code samples using the AWS SDK for Java, see <a href=\"http://docs.aws.amazon.com/athena/latest/ug/code-samples.html\">Examples and Code Samples</a> in the <i>Amazon Athena User Guide</i>.</p>",
"documentation":"<p>Runs the SQL query statements contained in the <code>Query</code>. Requires you to have access to the workgroup in which the query ran. Running queries against an external catalog requires <a>GetDataCatalog</a> permission to the catalog. For code samples using the AWS SDK for Java, see <a href=\"http://docs.aws.amazon.com/athena/latest/ug/code-samples.html\">Examples and Code Samples</a> in the <i>Amazon Athena User Guide</i>.</p>",
"idempotent":true
},
"StopQueryExecution":{
@ -256,7 +372,7 @@
{"shape":"InvalidRequestException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Adds one or more tags to the resource, such as a workgroup. A tag is a label that you assign to an AWS Athena resource (a workgroup). Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize resources (workgroups) in Athena, for example, by purpose, owner, or environment. Use a consistent set of tag keys to make it easier to search and filter workgroups in your account. For best practices, see <a href=\"https://aws.amazon.com/answers/account-management/aws-tagging-strategies/\">AWS Tagging Strategies</a>. The key length is from 1 (minimum) to 128 (maximum) Unicode characters in UTF-8. The tag value length is from 0 (minimum) to 256 (maximum) Unicode characters in UTF-8. You can use letters and numbers representable in UTF-8, and the following characters: + - = . _ : / @. Tag keys and values are case-sensitive. Tag keys must be unique per resource. If you specify more than one, separate them by commas.</p>"
"documentation":"<p>Adds one or more tags to an Athena resource. A tag is a label that you assign to a resource. In Athena, a resource can be a workgroup or data catalog. Each tag consists of a key and an optional value, both of which you define. For example, you can use tags to categorize Athena workgroups or data catalogs by purpose, owner, or environment. Use a consistent set of tag keys to make it easier to search and filter workgroups or data catalogs in your account. For best practices, see <a href=\"https://aws.amazon.com/answers/account-management/aws-tagging-strategies/\">Tagging Best Practices</a>. Tag keys can be from 1 to 128 UTF-8 Unicode characters, and tag values can be from 0 to 256 UTF-8 Unicode characters. Tags can use letters and numbers representable in UTF-8, and the following characters: + - = . _ : / @. Tag keys and values are case-sensitive. Tag keys must be unique per resource. If you specify more than one tag, separate them by commas.</p>"
},
"UntagResource":{
"name":"UntagResource",
@ -271,7 +387,21 @@
{"shape":"InvalidRequestException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Removes one or more tags from the workgroup resource. Takes as an input a list of TagKey Strings separated by commas, and removes their tags at the same time.</p>"
"documentation":"<p>Removes one or more tags from a data catalog or workgroup resource.</p>"
},
"UpdateDataCatalog":{
"name":"UpdateDataCatalog",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"UpdateDataCatalogInput"},
"output":{"shape":"UpdateDataCatalogOutput"},
"errors":[
{"shape":"InternalServerException"},
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Updates the data catalog that has the specified name.</p>"
},
"UpdateWorkGroup":{
"name":"UpdateWorkGroup",
@ -346,6 +476,31 @@
"type":"long",
"min":10000000
},
"CatalogNameString":{
"type":"string",
"max":256,
"min":1,
"pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
},
"Column":{
"type":"structure",
"required":["Name"],
"members":{
"Name":{
"shape":"NameString",
"documentation":"<p>The name of the column.</p>"
},
"Type":{
"shape":"TypeString",
"documentation":"<p>The data type of the column.</p>"
},
"Comment":{
"shape":"CommentString",
"documentation":"<p>Optional information about the column.</p>"
}
},
"documentation":"<p>Contains metadata for a column in a table.</p>"
},
"ColumnInfo":{
"type":"structure",
"required":[
@ -400,6 +555,10 @@
"type":"list",
"member":{"shape":"ColumnInfo"}
},
"ColumnList":{
"type":"list",
"member":{"shape":"Column"}
},
"ColumnNullable":{
"type":"string",
"enum":[
@ -408,6 +567,46 @@
"UNKNOWN"
]
},
"CommentString":{
"type":"string",
"max":255,
"min":0,
"pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
},
"CreateDataCatalogInput":{
"type":"structure",
"required":[
"Name",
"Type"
],
"members":{
"Name":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog to create. The catalog name must be unique for the AWS account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.</p>"
},
"Type":{
"shape":"DataCatalogType",
"documentation":"<p>The type of data catalog to create: <code>LAMBDA</code> for a federated catalog, <code>GLUE</code> for AWS Glue Catalog, or <code>HIVE</code> for an external hive metastore.</p>"
},
"Description":{
"shape":"DescriptionString",
"documentation":"<p>A description of the data catalog to be created.</p>"
},
"Parameters":{
"shape":"ParametersMap",
"documentation":"<p>Specifies the Lambda function or functions to use for creating the data catalog. This is a mapping whose values depend on the catalog type. </p> <ul> <li> <p>For the <code>HIVE</code> data catalog type, use the following syntax. The <code>metadata-function</code> parameter is required. <code>The sdk-version</code> parameter is optional and defaults to the currently supported version.</p> <p> <code>metadata-function=<i>lambda_arn</i>, sdk-version=<i>version_number</i> </code> </p> </li> <li> <p>For the <code>LAMBDA</code> data catalog type, use one of the following sets of required parameters, but not both.</p> <ul> <li> <p>If you have one Lambda function that processes metadata and another for reading the actual data, use the following syntax. Both parameters are required.</p> <p> <code>metadata-function=<i>lambda_arn</i>, record-function=<i>lambda_arn</i> </code> </p> </li> <li> <p> If you have a composite Lambda function that processes both metadata and data, use the following syntax to specify your Lambda function.</p> <p> <code>function=<i>lambda_arn</i> </code> </p> </li> </ul> </li> <li> <p>The <code>GLUE</code> type has no parameters.</p> </li> </ul>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>A list of comma separated tags to add to the data catalog that is created.</p>"
}
}
},
"CreateDataCatalogOutput":{
"type":"structure",
"members":{
}
},
"CreateNamedQueryInput":{
"type":"structure",
"required":[
@ -470,7 +669,7 @@
},
"Tags":{
"shape":"TagList",
"documentation":"<p>One or more tags, separated by commas, that you want to attach to the workgroup as you create it.</p>"
"documentation":"<p>A list of comma separated tags to add to the workgroup that is created.</p>"
}
}
},
@ -479,6 +678,81 @@
"members":{
}
},
"DataCatalog":{
"type":"structure",
"required":[
"Name",
"Type"
],
"members":{
"Name":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog. The catalog name must be unique for the AWS account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.</p>"
},
"Description":{
"shape":"DescriptionString",
"documentation":"<p>An optional description of the data catalog.</p>"
},
"Type":{
"shape":"DataCatalogType",
"documentation":"<p>The type of data catalog: <code>LAMBDA</code> for a federated catalog, <code>GLUE</code> for AWS Glue Catalog, or <code>HIVE</code> for an external hive metastore.</p>"
},
"Parameters":{
"shape":"ParametersMap",
"documentation":"<p>Specifies the Lambda function or functions to use for the data catalog. This is a mapping whose values depend on the catalog type. </p> <ul> <li> <p>For the <code>HIVE</code> data catalog type, use the following syntax. The <code>metadata-function</code> parameter is required. <code>The sdk-version</code> parameter is optional and defaults to the currently supported version.</p> <p> <code>metadata-function=<i>lambda_arn</i>, sdk-version=<i>version_number</i> </code> </p> </li> <li> <p>For the <code>LAMBDA</code> data catalog type, use one of the following sets of required parameters, but not both.</p> <ul> <li> <p>If you have one Lambda function that processes metadata and another for reading the actual data, use the following syntax. Both parameters are required.</p> <p> <code>metadata-function=<i>lambda_arn</i>, record-function=<i>lambda_arn</i> </code> </p> </li> <li> <p> If you have a composite Lambda function that processes both metadata and data, use the following syntax to specify your Lambda function.</p> <p> <code>function=<i>lambda_arn</i> </code> </p> </li> </ul> </li> <li> <p>The <code>GLUE</code> type has no parameters.</p> </li> </ul>"
}
},
"documentation":"<p>Contains information about a data catalog in an AWS account.</p>"
},
"DataCatalogSummary":{
"type":"structure",
"members":{
"CatalogName":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog.</p>"
},
"Type":{
"shape":"DataCatalogType",
"documentation":"<p>The data catalog type.</p>"
}
},
"documentation":"<p>The summary information for the data catalog, which includes its name and type.</p>"
},
"DataCatalogSummaryList":{
"type":"list",
"member":{"shape":"DataCatalogSummary"}
},
"DataCatalogType":{
"type":"string",
"enum":[
"LAMBDA",
"GLUE",
"HIVE"
]
},
"Database":{
"type":"structure",
"required":["Name"],
"members":{
"Name":{
"shape":"NameString",
"documentation":"<p>The name of the database.</p>"
},
"Description":{
"shape":"DescriptionString",
"documentation":"<p>An optional description of the database.</p>"
},
"Parameters":{
"shape":"ParametersMap",
"documentation":"<p>A set of custom key/value pairs.</p>"
}
},
"documentation":"<p>Contains metadata information for a database in a data catalog.</p>"
},
"DatabaseList":{
"type":"list",
"member":{"shape":"Database"}
},
"DatabaseString":{
"type":"string",
"max":255,
@ -495,6 +769,21 @@
},
"documentation":"<p>A piece of data (a field in the table).</p>"
},
"DeleteDataCatalogInput":{
"type":"structure",
"required":["Name"],
"members":{
"Name":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog to delete.</p>"
}
}
},
"DeleteDataCatalogOutput":{
"type":"structure",
"members":{
}
},
"DeleteNamedQueryInput":{
"type":"structure",
"required":["NamedQueryId"],
@ -565,6 +854,56 @@
"min":1
},
"ErrorMessage":{"type":"string"},
"ExpressionString":{
"type":"string",
"max":256,
"min":0
},
"GetDataCatalogInput":{
"type":"structure",
"required":["Name"],
"members":{
"Name":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog to return.</p>"
}
}
},
"GetDataCatalogOutput":{
"type":"structure",
"members":{
"DataCatalog":{
"shape":"DataCatalog",
"documentation":"<p>The data catalog returned.</p>"
}
}
},
"GetDatabaseInput":{
"type":"structure",
"required":[
"CatalogName",
"DatabaseName"
],
"members":{
"CatalogName":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog that contains the database to return.</p>"
},
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database to return.</p>"
}
}
},
"GetDatabaseOutput":{
"type":"structure",
"members":{
"Database":{
"shape":"Database",
"documentation":"<p>The database returned.</p>"
}
}
},
"GetNamedQueryInput":{
"type":"structure",
"required":["NamedQueryId"],
@ -613,7 +952,7 @@
},
"NextToken":{
"shape":"Token",
"documentation":"<p>The token that specifies where to start pagination if a previous request was truncated.</p>"
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
},
"MaxResults":{
"shape":"MaxQueryResults",
@ -634,7 +973,38 @@
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token to be used by the next request if this request is truncated.</p>"
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
}
}
},
"GetTableMetadataInput":{
"type":"structure",
"required":[
"CatalogName",
"DatabaseName",
"TableName"
],
"members":{
"CatalogName":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog that contains the database and table metadata to return.</p>"
},
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database that contains the table metadata to return.</p>"
},
"TableName":{
"shape":"NameString",
"documentation":"<p>The name of the table for which metadata is returned.</p>"
}
}
},
"GetTableMetadataOutput":{
"type":"structure",
"members":{
"TableMetadata":{
"shape":"TableMetadata",
"documentation":"<p>An object that contains table metadata.</p>"
}
}
},
@ -681,12 +1051,75 @@
"documentation":"<p>Indicates that something is wrong with the input to the request. For example, a required parameter may be missing or out of range.</p>",
"exception":true
},
"KeyString":{
"type":"string",
"max":255,
"min":1,
"pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
},
"ListDataCatalogsInput":{
"type":"structure",
"members":{
"NextToken":{
"shape":"Token",
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the NextToken from the response object of the previous page call.</p>"
},
"MaxResults":{
"shape":"MaxDataCatalogsCount",
"documentation":"<p>Specifies the maximum number of data catalogs to return.</p>"
}
}
},
"ListDataCatalogsOutput":{
"type":"structure",
"members":{
"DataCatalogsSummary":{
"shape":"DataCatalogSummaryList",
"documentation":"<p>A summary list of data catalogs.</p>"
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the NextToken from the response object of the previous page call.</p>"
}
}
},
"ListDatabasesInput":{
"type":"structure",
"required":["CatalogName"],
"members":{
"CatalogName":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog that contains the databases to return.</p>"
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
},
"MaxResults":{
"shape":"MaxDatabasesCount",
"documentation":"<p>Specifies the maximum number of results to return.</p>"
}
}
},
"ListDatabasesOutput":{
"type":"structure",
"members":{
"DatabaseList":{
"shape":"DatabaseList",
"documentation":"<p>A list of databases from a data catalog.</p>"
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the NextToken from the response object of the previous page call.</p>"
}
}
},
"ListNamedQueriesInput":{
"type":"structure",
"members":{
"NextToken":{
"shape":"Token",
"documentation":"<p>The token that specifies where to start pagination if a previous request was truncated.</p>"
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
},
"MaxResults":{
"shape":"MaxNamedQueriesCount",
@ -694,7 +1127,7 @@
},
"WorkGroup":{
"shape":"WorkGroupName",
"documentation":"<p>The name of the workgroup from which the named queries are returned. If a workgroup is not specified, the saved queries for the primary workgroup are returned.</p>"
"documentation":"<p>The name of the workgroup from which the named queries are being returned. If a workgroup is not specified, the saved queries for the primary workgroup are returned.</p>"
}
}
},
@ -707,7 +1140,7 @@
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token to be used by the next request if this request is truncated.</p>"
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
}
}
},
@ -716,7 +1149,7 @@
"members":{
"NextToken":{
"shape":"Token",
"documentation":"<p>The token that specifies where to start pagination if a previous request was truncated.</p>"
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
},
"MaxResults":{
"shape":"MaxQueryExecutionsCount",
@ -724,7 +1157,7 @@
},
"WorkGroup":{
"shape":"WorkGroupName",
"documentation":"<p>The name of the workgroup from which queries are returned. If a workgroup is not specified, a list of available query execution IDs for the queries in the primary workgroup is returned.</p>"
"documentation":"<p>The name of the workgroup from which queries are being returned. If a workgroup is not specified, a list of available query execution IDs for the queries in the primary workgroup is returned.</p>"
}
}
},
@ -741,21 +1174,63 @@
}
}
},
"ListTableMetadataInput":{
"type":"structure",
"required":[
"CatalogName",
"DatabaseName"
],
"members":{
"CatalogName":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog for which table metadata should be returned.</p>"
},
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database for which table metadata should be returned.</p>"
},
"Expression":{
"shape":"ExpressionString",
"documentation":"<p>A regex filter that pattern-matches table names. If no expression is supplied, metadata for all tables are listed.</p>"
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the NextToken from the response object of the previous page call.</p>"
},
"MaxResults":{
"shape":"MaxTableMetadataCount",
"documentation":"<p>Specifies the maximum number of results to return.</p>"
}
}
},
"ListTableMetadataOutput":{
"type":"structure",
"members":{
"TableMetadataList":{
"shape":"TableMetadataList",
"documentation":"<p>A list of table metadata.</p>"
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the NextToken from the response object of the previous page call.</p>"
}
}
},
"ListTagsForResourceInput":{
"type":"structure",
"required":["ResourceARN"],
"members":{
"ResourceARN":{
"shape":"AmazonResourceName",
"documentation":"<p>Lists the tags for the workgroup resource with the specified ARN.</p>"
"documentation":"<p>Lists the tags for the resource with the specified ARN.</p>"
},
"NextToken":{
"shape":"Token",
"documentation":"<p>The token for the next set of results, or null if there are no additional results for this request, where the request lists the tags for the workgroup resource with the specified ARN.</p>"
"documentation":"<p>The token for the next set of results, or null if there are no additional results for this request, where the request lists the tags for the resource with the specified ARN.</p>"
},
"MaxResults":{
"shape":"MaxTagsCount",
"documentation":"<p>The maximum number of results to be returned per request that lists the tags for the workgroup resource.</p>"
"documentation":"<p>The maximum number of results to be returned per request that lists the tags for the resource.</p>"
}
}
},
@ -764,7 +1239,7 @@
"members":{
"Tags":{
"shape":"TagList",
"documentation":"<p>The list of tags associated with this workgroup.</p>"
"documentation":"<p>The list of tags associated with the specified resource.</p>"
},
"NextToken":{
"shape":"Token",
@ -777,7 +1252,7 @@
"members":{
"NextToken":{
"shape":"Token",
"documentation":"<p>A token to be used by the next request if this request is truncated.</p>"
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
},
"MaxResults":{
"shape":"MaxWorkGroupsCount",
@ -794,11 +1269,23 @@
},
"NextToken":{
"shape":"Token",
"documentation":"<p>A token to be used by the next request if this request is truncated.</p>"
"documentation":"<p>A token generated by the Athena service that specifies where to continue pagination if a previous request was truncated. To obtain the next set of pages, pass in the <code>NextToken</code> from the response object of the previous page call.</p>"
}
}
},
"Long":{"type":"long"},
"MaxDataCatalogsCount":{
"type":"integer",
"box":true,
"max":50,
"min":2
},
"MaxDatabasesCount":{
"type":"integer",
"box":true,
"max":50,
"min":1
},
"MaxNamedQueriesCount":{
"type":"integer",
"box":true,
@ -817,6 +1304,12 @@
"max":1000,
"min":1
},
"MaxTableMetadataCount":{
"type":"integer",
"box":true,
"max":50,
"min":1
},
"MaxTagsCount":{
"type":"integer",
"box":true,
@ -828,6 +1321,14 @@
"max":50,
"min":1
},
"MetadataException":{
"type":"structure",
"members":{
"Message":{"shape":"ErrorMessage"}
},
"documentation":"<p>An exception that Athena received when it called a custom metastore. Occurs if the error is not caused by user input (<code>InvalidRequestException</code>) or from the Athena platform (<code>InternalServerException</code>). For example, if a user-created Lambda function is missing permissions, the Lambda <code>4XX</code> exception is returned in a <code>MetadataException</code>.</p>",
"exception":true
},
"NameString":{
"type":"string",
"max":128,
@ -879,6 +1380,15 @@
"type":"list",
"member":{"shape":"NamedQuery"}
},
"ParametersMap":{
"type":"map",
"key":{"shape":"KeyString"},
"value":{"shape":"ParametersMapValue"}
},
"ParametersMapValue":{
"type":"string",
"max":51200
},
"QueryExecution":{
"type":"structure",
"members":{
@ -922,10 +1432,14 @@
"members":{
"Database":{
"shape":"DatabaseString",
"documentation":"<p>The name of the database.</p>"
"documentation":"<p>The name of the database used in the query execution.</p>"
},
"Catalog":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog used in the query execution.</p>"
}
},
"documentation":"<p>The database in which the query execution occurs.</p>"
"documentation":"<p>The database and data catalog context in which the query execution occurs.</p>"
},
"QueryExecutionId":{"type":"string"},
"QueryExecutionIdList":{
@ -987,7 +1501,7 @@
"members":{
"State":{
"shape":"QueryExecutionState",
"documentation":"<p>The state of query execution. <code>QUEUED</code> indicates that the query has been submitted to the service, and Athena will execute the query as soon as resources are available. <code>RUNNING</code> indicates that the query is in execution phase. <code>SUCCEEDED</code> indicates that the query completed without errors. <code>FAILED</code> indicates that the query experienced an error and did not complete processing. <code>CANCELLED</code> indicates that a user input interrupted query execution. </p>"
"documentation":"<p>The state of query execution. <code>QUEUED</code> indicates that the query has been submitted to the service, and Athena will execute the query as soon as resources are available. <code>RUNNING</code> indicates that the query is in execution phase. <code>SUCCEEDED</code> indicates that the query completed without errors. <code>FAILED</code> indicates that the query experienced an error and did not complete processing. <code>CANCELLED</code> indicates that a user input interrupted query execution.</p> <note> <p>Athena automatically retries your queries in cases of certain transient errors. As a result, you may see the query state transition from <code>RUNNING</code> or <code>FAILED</code> to <code>QUEUED</code>. </p> </note>"
},
"StateChangeReason":{
"shape":"String",
@ -1066,7 +1580,7 @@
"documentation":"<p>The metadata that describes the column structure and data types of a table of query results.</p>"
}
},
"documentation":"<p>The metadata and rows that comprise a query result set. The metadata describes the column structure and data types.</p>"
"documentation":"<p>The metadata and rows that comprise a query result set. The metadata describes the column structure and data types. To return a <code>ResultSet</code> object, use <a>GetQueryResults</a>.</p>"
},
"ResultSetMetadata":{
"type":"structure",
@ -1076,7 +1590,7 @@
"documentation":"<p>Information about the columns returned in a query result metadata.</p>"
}
},
"documentation":"<p>The metadata that describes the column structure and data types of a table of query results. </p>"
"documentation":"<p>The metadata that describes the column structure and data types of a table of query results. To return a <code>ResultSetMetadata</code> object, use <a>GetQueryResults</a>.</p>"
},
"Row":{
"type":"structure",
@ -1153,6 +1667,49 @@
}
},
"String":{"type":"string"},
"TableMetadata":{
"type":"structure",
"required":["Name"],
"members":{
"Name":{
"shape":"NameString",
"documentation":"<p>The name of the table.</p>"
},
"CreateTime":{
"shape":"Timestamp",
"documentation":"<p>The time that the table was created.</p>"
},
"LastAccessTime":{
"shape":"Timestamp",
"documentation":"<p>The last time the table was accessed.</p>"
},
"TableType":{
"shape":"TableTypeString",
"documentation":"<p>The type of table. In Athena, only <code>EXTERNAL_TABLE</code> is supported.</p>"
},
"Columns":{
"shape":"ColumnList",
"documentation":"<p>A list of the columns in the table.</p>"
},
"PartitionKeys":{
"shape":"ColumnList",
"documentation":"<p>A list of the partition keys in the table.</p>"
},
"Parameters":{
"shape":"ParametersMap",
"documentation":"<p>A set of custom key/value pairs for table properties.</p>"
}
},
"documentation":"<p>Contains metadata for a table.</p>"
},
"TableMetadataList":{
"type":"list",
"member":{"shape":"TableMetadata"}
},
"TableTypeString":{
"type":"string",
"max":255
},
"Tag":{
"type":"structure",
"members":{
@ -1165,7 +1722,7 @@
"documentation":"<p>A tag value. The tag value length is from 0 to 256 Unicode characters in UTF-8. You can use letters and numbers representable in UTF-8, and the following characters: + - = . _ : / @. Tag values are case-sensitive. </p>"
}
},
"documentation":"<p>A tag that you can add to a resource. A tag is a label that you assign to an AWS Athena resource (a workgroup). Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize workgroups in Athena, for example, by purpose, owner, or environment. Use a consistent set of tag keys to make it easier to search and filter workgroups in your account. The maximum tag key length is 128 Unicode characters in UTF-8. The maximum tag value length is 256 Unicode characters in UTF-8. You can use letters and numbers representable in UTF-8, and the following characters: + - = . _ : / @. Tag keys and values are case-sensitive. Tag keys must be unique per resource. </p>"
"documentation":"<p>A label that you assign to a resource. In Athena, a resource can be a workgroup or data catalog. Each tag consists of a key and an optional value, both of which you define. For example, you can use tags to categorize Athena workgroups or data catalogs by purpose, owner, or environment. Use a consistent set of tag keys to make it easier to search and filter workgroups or data catalogs in your account. For best practices, see <a href=\"https://aws.amazon.com/answers/account-management/aws-tagging-strategies/\">Tagging Best Practices</a>. Tag keys can be from 1 to 128 UTF-8 Unicode characters, and tag values can be from 0 to 256 UTF-8 Unicode characters. Tags can use letters and numbers representable in UTF-8, and the following characters: + - = . _ : / @. Tag keys and values are case-sensitive. Tag keys must be unique per resource. If you specify more than one tag, separate them by commas. </p>"
},
"TagKey":{
"type":"string",
@ -1189,11 +1746,11 @@
"members":{
"ResourceARN":{
"shape":"AmazonResourceName",
"documentation":"<p>Requests that one or more tags are added to the resource (such as a workgroup) for the specified ARN.</p>"
"documentation":"<p>Specifies the ARN of the Athena resource (workgroup or data catalog) to which tags are to be added.</p>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>One or more tags, separated by commas, to be added to the resource, such as a workgroup.</p>"
"documentation":"<p>A collection of one or more tags, separated by commas, to be added to an Athena workgroup or data catalog resource.</p>"
}
}
},
@ -1212,6 +1769,7 @@
"documentation":"<p>The reason for the query throttling, for example, when it exceeds the concurrent query limit.</p>",
"enum":["CONCURRENT_QUERY_LIMIT_EXCEEDED"]
},
"Timestamp":{"type":"timestamp"},
"Token":{
"type":"string",
"max":1024,
@ -1226,6 +1784,12 @@
"documentation":"<p>Indicates that the request was throttled.</p>",
"exception":true
},
"TypeString":{
"type":"string",
"max":4096,
"min":0,
"pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
},
"UnprocessedNamedQueryId":{
"type":"structure",
"members":{
@ -1279,11 +1843,11 @@
"members":{
"ResourceARN":{
"shape":"AmazonResourceName",
"documentation":"<p>Removes one or more tags from the workgroup resource for the specified ARN.</p>"
"documentation":"<p>Specifies the ARN of the resource from which tags are to be removed.</p>"
},
"TagKeys":{
"shape":"TagKeyList",
"documentation":"<p>Removes the tags associated with one or more tag keys from the workgroup resource.</p>"
"documentation":"<p>A comma-separated list of one or more tag keys whose tags are to be removed from the specified resource.</p>"
}
}
},
@ -1292,6 +1856,36 @@
"members":{
}
},
"UpdateDataCatalogInput":{
"type":"structure",
"required":[
"Name",
"Type"
],
"members":{
"Name":{
"shape":"CatalogNameString",
"documentation":"<p>The name of the data catalog to update. The catalog name must be unique for the AWS account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.</p>"
},
"Type":{
"shape":"DataCatalogType",
"documentation":"<p>Specifies the type of data catalog to update. Specify <code>LAMBDA</code> for a federated catalog, <code>GLUE</code> for AWS Glue Catalog, or <code>HIVE</code> for an external hive metastore.</p>"
},
"Description":{
"shape":"DescriptionString",
"documentation":"<p>New or modified text that describes the data catalog.</p>"
},
"Parameters":{
"shape":"ParametersMap",
"documentation":"<p>Specifies the Lambda function or functions to use for updating the data catalog. This is a mapping whose values depend on the catalog type. </p> <ul> <li> <p>For the <code>HIVE</code> data catalog type, use the following syntax. The <code>metadata-function</code> parameter is required. <code>The sdk-version</code> parameter is optional and defaults to the currently supported version.</p> <p> <code>metadata-function=<i>lambda_arn</i>, sdk-version=<i>version_number</i> </code> </p> </li> <li> <p>For the <code>LAMBDA</code> data catalog type, use one of the following sets of required parameters, but not both.</p> <ul> <li> <p>If you have one Lambda function that processes metadata and another for reading the actual data, use the following syntax. Both parameters are required.</p> <p> <code>metadata-function=<i>lambda_arn</i>, record-function=<i>lambda_arn</i> </code> </p> </li> <li> <p> If you have a composite Lambda function that processes both metadata and data, use the following syntax to specify your Lambda function.</p> <p> <code>function=<i>lambda_arn</i> </code> </p> </li> </ul> </li> <li> <p>The <code>GLUE</code> type has no parameters.</p> </li> </ul>"
}
}
},
"UpdateDataCatalogOutput":{
"type":"structure",
"members":{
}
},
"UpdateWorkGroupInput":{
"type":"structure",
"required":["WorkGroup"],
@ -1409,7 +2003,7 @@
},
"WorkGroupName":{
"type":"string",
"pattern":"[a-zA-z0-9._-]{1,128}"
"pattern":"[a-zA-Z0-9._-]{1,128}"
},
"WorkGroupState":{
"type":"string",

256
botocore/data/autoscaling/2011-01-01/service-2.json
View file

@ -92,6 +92,24 @@
],
"documentation":"<p>Creates or updates one or more scheduled scaling actions for an Auto Scaling group. If you leave a parameter unspecified when updating a scheduled scaling action, the corresponding value remains unchanged.</p>"
},
"CancelInstanceRefresh":{
"name":"CancelInstanceRefresh",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"CancelInstanceRefreshType"},
"output":{
"shape":"CancelInstanceRefreshAnswer",
"resultWrapper":"CancelInstanceRefreshResult"
},
"errors":[
{"shape":"LimitExceededFault"},
{"shape":"ResourceContentionFault"},
{"shape":"ActiveInstanceRefreshNotFoundFault"}
],
"documentation":"<p>Cancels an instance refresh operation in progress. Cancellation does not roll back any replacements that have already been completed, but it prevents new replacements from being started. </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html\">Replacing Auto Scaling Instances Based on an Instance Refresh</a>.</p>"
},
"CompleteLifecycleAction":{
"name":"CompleteLifecycleAction",
"http":{
@ -324,6 +342,23 @@
],
"documentation":"<p>Describes the notification types that are supported by Amazon EC2 Auto Scaling.</p>"
},
"DescribeInstanceRefreshes":{
"name":"DescribeInstanceRefreshes",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DescribeInstanceRefreshesType"},
"output":{
"shape":"DescribeInstanceRefreshesAnswer",
"resultWrapper":"DescribeInstanceRefreshesResult"
},
"errors":[
{"shape":"InvalidNextToken"},
{"shape":"ResourceContentionFault"}
],
"documentation":"<p>Describes one or more instance refreshes.</p> <p>You can determine the status of a request by looking at the <code>Status</code> parameter. The following are the possible statuses: </p> <ul> <li> <p> <code>Pending</code> - The request was created, but the operation has not started.</p> </li> <li> <p> <code>InProgress</code> - The operation is in progress.</p> </li> <li> <p> <code>Successful</code> - The operation completed successfully.</p> </li> <li> <p> <code>Failed</code> - The operation failed to complete. You can troubleshoot using the status reason and the scaling activities. </p> </li> <li> <p> <code>Cancelling</code> - An ongoing operation is being cancelled. Cancellation does not roll back any replacements that have already been completed, but it prevents new replacements from being started. </p> </li> <li> <p> <code>Cancelled</code> - The operation is cancelled. </p> </li> </ul>"
},
"DescribeLaunchConfigurations":{
"name":"DescribeLaunchConfigurations",
"http":{
@ -786,6 +821,24 @@
],
"documentation":"<p>Updates the instance protection settings of the specified instances.</p> <p>For more information about preventing instances that are part of an Auto Scaling group from terminating on scale in, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance Protection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
},
"StartInstanceRefresh":{
"name":"StartInstanceRefresh",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"StartInstanceRefreshType"},
"output":{
"shape":"StartInstanceRefreshAnswer",
"resultWrapper":"StartInstanceRefreshResult"
},
"errors":[
{"shape":"LimitExceededFault"},
{"shape":"ResourceContentionFault"},
{"shape":"InstanceRefreshInProgressFault"}
],
"documentation":"<p>Starts a new instance refresh operation, which triggers a rolling replacement of all previously launched instances in the Auto Scaling group with a new group of instances.</p> <p>If successful, this call creates a new instance refresh request with a unique ID that you can use to track its progress. To query its status, call the <a>DescribeInstanceRefreshes</a> API. To describe the instance refreshes that have already run, call the <a>DescribeInstanceRefreshes</a> API. To cancel an active instance refresh operation, use the <a>CancelInstanceRefresh</a> API.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html\">Replacing Auto Scaling Instances Based on an Instance Refresh</a>.</p>"
},
"SuspendProcesses":{
"name":"SuspendProcesses",
"http":{
@ -832,6 +885,19 @@
}
},
"shapes":{
"ActiveInstanceRefreshNotFoundFault":{
"type":"structure",
"members":{
"message":{"shape":"XmlStringMaxLen255"}
},
"documentation":"<p>The request failed because an active instance refresh for the specified Auto Scaling group was not found. </p>",
"error":{
"code":"ActiveInstanceRefreshNotFound",
"httpStatusCode":400,
"senderFault":true
},
"exception":true
},
"Activities":{
"type":"list",
"member":{"shape":"Activity"}
@ -1367,6 +1433,25 @@
"type":"list",
"member":{"shape":"BlockDeviceMapping"}
},
"CancelInstanceRefreshAnswer":{
"type":"structure",
"members":{
"InstanceRefreshId":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>The instance refresh ID.</p>"
}
}
},
"CancelInstanceRefreshType":{
"type":"structure",
"required":["AutoScalingGroupName"],
"members":{
"AutoScalingGroupName":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>The name of the Auto Scaling group.</p>"
}
}
},
"ClassicLinkVPCSecurityGroups":{
"type":"list",
"member":{"shape":"XmlStringMaxLen255"}
@ -1774,6 +1859,41 @@
}
}
},
"DescribeInstanceRefreshesAnswer":{
"type":"structure",
"members":{
"InstanceRefreshes":{
"shape":"InstanceRefreshes",
"documentation":"<p>The instance refreshes for the specified group.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html\">Replacing Auto Scaling Instances Based on an Instance Refresh</a>.</p>"
},
"NextToken":{
"shape":"XmlString",
"documentation":"<p>A string that indicates that the response contains more items than can be returned in a single response. To receive additional items, specify this string for the <code>NextToken</code> value when requesting the next set of items. This value is null when there are no more items to return.</p>"
}
}
},
"DescribeInstanceRefreshesType":{
"type":"structure",
"required":["AutoScalingGroupName"],
"members":{
"AutoScalingGroupName":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>The name of the Auto Scaling group.</p>"
},
"InstanceRefreshIds":{
"shape":"InstanceRefreshIds",
"documentation":"<p>One or more instance refresh IDs.</p>"
},
"NextToken":{
"shape":"XmlString",
"documentation":"<p>The token for the next set of items to return. (You received this token from a previous call.)</p>"
},
"MaxRecords":{
"shape":"MaxRecords",
"documentation":"<p>The maximum number of items to return with this call. The default value is <code>50</code> and the maximum value is <code>100</code>.</p>"
}
}
},
"DescribeLifecycleHookTypesAnswer":{
"type":"structure",
"members":{
@ -2362,6 +2482,76 @@
"documentation":"<p>Describes whether detailed monitoring is enabled for the Auto Scaling instances.</p>"
},
"InstanceProtected":{"type":"boolean"},
"InstanceRefresh":{
"type":"structure",
"members":{
"InstanceRefreshId":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>The instance refresh ID.</p>"
},
"AutoScalingGroupName":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>The name of the Auto Scaling group.</p>"
},
"Status":{
"shape":"InstanceRefreshStatus",
"documentation":"<p>The current status for the instance refresh operation:</p> <ul> <li> <p> <code>Pending</code> - The request was created, but the operation has not started.</p> </li> <li> <p> <code>InProgress</code> - The operation is in progress.</p> </li> <li> <p> <code>Successful</code> - The operation completed successfully.</p> </li> <li> <p> <code>Failed</code> - The operation failed to complete. You can troubleshoot using the status reason and the scaling activities. </p> </li> <li> <p> <code>Cancelling</code> - An ongoing operation is being cancelled. Cancellation does not roll back any replacements that have already been completed, but it prevents new replacements from being started. </p> </li> <li> <p> <code>Cancelled</code> - The operation is cancelled. </p> </li> </ul>"
},
"StatusReason":{
"shape":"XmlStringMaxLen1023",
"documentation":"<p>Provides more details about the current status of the instance refresh. </p>"
},
"StartTime":{
"shape":"TimestampType",
"documentation":"<p>The date and time at which the instance refresh began.</p>"
},
"EndTime":{
"shape":"TimestampType",
"documentation":"<p>The date and time at which the instance refresh ended.</p>"
},
"PercentageComplete":{
"shape":"IntPercent",
"documentation":"<p>The percentage of the instance refresh that is complete. For each instance replacement, Amazon EC2 Auto Scaling tracks the instance's health status and warm-up time. When the instance's health status changes to healthy and the specified warm-up time passes, the instance is considered updated and added to the percentage complete.</p>"
},
"InstancesToUpdate":{
"shape":"InstancesToUpdate",
"documentation":"<p>The number of instances remaining to update before the instance refresh is complete.</p>"
}
},
"documentation":"<p>Describes an instance refresh for an Auto Scaling group. </p>"
},
"InstanceRefreshIds":{
"type":"list",
"member":{"shape":"XmlStringMaxLen255"}
},
"InstanceRefreshInProgressFault":{
"type":"structure",
"members":{
"message":{"shape":"XmlStringMaxLen255"}
},
"documentation":"<p>The request failed because an active instance refresh operation already exists for the specified Auto Scaling group.</p>",
"error":{
"code":"InstanceRefreshInProgress",
"httpStatusCode":400,
"senderFault":true
},
"exception":true
},
"InstanceRefreshStatus":{
"type":"string",
"enum":[
"Pending",
"InProgress",
"Successful",
"Failed",
"Cancelling",
"Cancelled"
]
},
"InstanceRefreshes":{
"type":"list",
"member":{"shape":"InstanceRefresh"}
},
"Instances":{
"type":"list",
"member":{"shape":"Instance"}
@ -2394,7 +2584,16 @@
"documentation":"<p>The maximum price per unit hour that you are willing to pay for a Spot Instance. If you leave the value of this parameter blank (which is the default), the maximum Spot price is set at the On-Demand price.</p> <p>To remove a value that you previously set, include the parameter but leave the value blank.</p>"
}
},
"documentation":"<p>Describes an instances distribution for an Auto Scaling group with <a>MixedInstancesPolicy</a>.</p> <p>The instances distribution specifies the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances, and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacity.</p> <p>When you update <code>SpotAllocationStrategy</code>, <code>SpotInstancePools</code>, or <code>SpotMaxPrice</code>, this update action does not deploy any changes across the running Amazon EC2 instances in the group. Your existing Spot Instances continue to run as long as the maximum price for those instances is higher than the current Spot price. When scale out occurs, Amazon EC2 Auto Scaling launches instances based on the new settings. When scale in occurs, Amazon EC2 Auto Scaling terminates instances according to the group's termination policies.</p>"
"documentation":"<p>Describes an instances distribution for an Auto Scaling group with a <a>MixedInstancesPolicy</a>.</p> <p>The instances distribution specifies the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances, and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacity.</p> <p>When you update <code>SpotAllocationStrategy</code>, <code>SpotInstancePools</code>, or <code>SpotMaxPrice</code>, this update action does not deploy any changes across the running Amazon EC2 instances in the group. Your existing Spot Instances continue to run as long as the maximum price for those instances is higher than the current Spot price. When scale out occurs, Amazon EC2 Auto Scaling launches instances based on the new settings. When scale in occurs, Amazon EC2 Auto Scaling terminates instances according to the group's termination policies.</p>"
},
"InstancesToUpdate":{
"type":"integer",
"min":0
},
"IntPercent":{
"type":"integer",
"max":100,
"min":0
},
"InvalidNextToken":{
"type":"structure",
@ -2966,7 +3165,7 @@
},
"ResourceLabel":{
"shape":"XmlStringMaxLen1023",
"documentation":"<p>Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is <code>ALBRequestCountPerTarget</code> and there is a target group attached to the Auto Scaling group.</p> <p>The format is <code>app/<i>load-balancer-name</i>/<i>load-balancer-id</i>/targetgroup/<i>target-group-name</i>/<i>target-group-id</i> </code>, where </p> <ul> <li> <p> <code>app/<i>load-balancer-name</i>/<i>load-balancer-id</i> </code> is the final portion of the load balancer ARN, and</p> </li> <li> <p> <code>targetgroup/<i>target-group-name</i>/<i>target-group-id</i> </code> is the final portion of the target group ARN.</p> </li> </ul>"
"documentation":"<p>Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is <code>ALBRequestCountPerTarget</code> and there is a target group attached to the Auto Scaling group.</p> <p>Elastic Load Balancing sends data about your load balancers to Amazon CloudWatch. CloudWatch collects the data and specifies the format to use to access the data. The format is <code>app/<i>load-balancer-name</i>/<i>load-balancer-id</i>/targetgroup/<i>target-group-name</i>/<i>target-group-id</i> </code>, where </p> <ul> <li> <p> <code>app/<i>load-balancer-name</i>/<i>load-balancer-id</i> </code> is the final portion of the load balancer ARN, and</p> </li> <li> <p> <code>targetgroup/<i>target-group-name</i>/<i>target-group-id</i> </code> is the final portion of the target group ARN.</p> </li> </ul> <p>To find the ARN for an Application Load Balancer, use the <a href=\"https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html\">DescribeLoadBalancers</a> API operation. To find the ARN for the target group, use the <a href=\"https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html\">DescribeTargetGroups</a> API operation.</p>"
}
},
"documentation":"<p>Represents a predefined metric for a target tracking scaling policy to use with Amazon EC2 Auto Scaling.</p>"
@ -2981,7 +3180,7 @@
"members":{
"ProcessName":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>One of the following processes:</p> <ul> <li> <p> <code>Launch</code> </p> </li> <li> <p> <code>Terminate</code> </p> </li> <li> <p> <code>AddToLoadBalancer</code> </p> </li> <li> <p> <code>AlarmNotification</code> </p> </li> <li> <p> <code>AZRebalance</code> </p> </li> <li> <p> <code>HealthCheck</code> </p> </li> <li> <p> <code>ReplaceUnhealthy</code> </p> </li> <li> <p> <code>ScheduledActions</code> </p> </li> </ul>"
"documentation":"<p>One of the following processes:</p> <ul> <li> <p> <code>Launch</code> </p> </li> <li> <p> <code>Terminate</code> </p> </li> <li> <p> <code>AddToLoadBalancer</code> </p> </li> <li> <p> <code>AlarmNotification</code> </p> </li> <li> <p> <code>AZRebalance</code> </p> </li> <li> <p> <code>HealthCheck</code> </p> </li> <li> <p> <code>InstanceRefresh</code> </p> </li> <li> <p> <code>ReplaceUnhealthy</code> </p> </li> <li> <p> <code>ScheduledActions</code> </p> </li> </ul>"
}
},
"documentation":"<p>Describes a process type.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html#process-types\">Scaling Processes</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
@ -3206,6 +3405,28 @@
}
}
},
"RefreshInstanceWarmup":{
"type":"integer",
"min":0
},
"RefreshPreferences":{
"type":"structure",
"members":{
"MinHealthyPercentage":{
"shape":"IntPercent",
"documentation":"<p>The amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group (rounded up to the nearest integer). The default is <code>90</code>. </p>"
},
"InstanceWarmup":{
"shape":"RefreshInstanceWarmup",
"documentation":"<p>The number of seconds until a newly launched instance is configured and ready to use. During this time, Amazon EC2 Auto Scaling does not immediately move on to the next replacement. The default is to use the value specified for the health check grace period for the group.</p> <p>Note: While warming up, a newly launched instance is not counted toward the aggregated metrics of the Auto Scaling group. </p>"
}
},
"documentation":"<p>Describes information used to start an instance refresh. </p>"
},
"RefreshStrategy":{
"type":"string",
"enum":["Rolling"]
},
"ResourceContentionFault":{
"type":"structure",
"members":{
@ -3358,7 +3579,7 @@
},
"ScalingProcesses":{
"shape":"ProcessNames",
"documentation":"<p>One or more of the following processes. If you omit this parameter, all processes are specified.</p> <ul> <li> <p> <code>Launch</code> </p> </li> <li> <p> <code>Terminate</code> </p> </li> <li> <p> <code>HealthCheck</code> </p> </li> <li> <p> <code>ReplaceUnhealthy</code> </p> </li> <li> <p> <code>AZRebalance</code> </p> </li> <li> <p> <code>AlarmNotification</code> </p> </li> <li> <p> <code>ScheduledActions</code> </p> </li> <li> <p> <code>AddToLoadBalancer</code> </p> </li> </ul>"
"documentation":"<p>One or more of the following processes:</p> <ul> <li> <p> <code>Launch</code> </p> </li> <li> <p> <code>Terminate</code> </p> </li> <li> <p> <code>AddToLoadBalancer</code> </p> </li> <li> <p> <code>AlarmNotification</code> </p> </li> <li> <p> <code>AZRebalance</code> </p> </li> <li> <p> <code>HealthCheck</code> </p> </li> <li> <p> <code>InstanceRefresh</code> </p> </li> <li> <p> <code>ReplaceUnhealthy</code> </p> </li> <li> <p> <code>ScheduledActions</code> </p> </li> </ul> <p>If you omit this parameter, all processes are specified.</p>"
}
}
},
@ -3562,6 +3783,33 @@
"max":255,
"min":1
},
"StartInstanceRefreshAnswer":{
"type":"structure",
"members":{
"InstanceRefreshId":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>A unique ID for tracking the progress of the request.</p>"
}
}
},
"StartInstanceRefreshType":{
"type":"structure",
"required":["AutoScalingGroupName"],
"members":{
"AutoScalingGroupName":{
"shape":"XmlStringMaxLen255",
"documentation":"<p>The name of the Auto Scaling group.</p>"
},
"Strategy":{
"shape":"RefreshStrategy",
"documentation":"<p>The strategy to use for the instance refresh. The only valid value is <code>Rolling</code>.</p> <p>A rolling update is an update that is applied to all instances in an Auto Scaling group until all instances have been updated. A rolling update can fail due to failed health checks or if instances are on standby or are protected from scale-in. If the rolling update process fails, any instances that were already replaced are not rolled back to their previous configuration. </p>"
},
"Preferences":{
"shape":"RefreshPreferences",
"documentation":"<p>Set of preferences associated with the instance refresh request.</p>"
}
}
},
"StepAdjustment":{
"type":"structure",
"required":["ScalingAdjustment"],

78
botocore/data/chime/2018-05-01/service-2.json
View file

@ -314,7 +314,27 @@
{"shape":"ServiceUnavailableException"},
{"shape":"ServiceFailureException"}
],
"documentation":"<p>Creates a new Amazon Chime SDK meeting in the specified media Region with no initial attendees. For more information about the Amazon Chime SDK, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/meetings-sdk.html\">Using the Amazon Chime SDK</a> in the <i>Amazon Chime Developer Guide</i>.</p>"
"documentation":"<p>Creates a new Amazon Chime SDK meeting in the specified media Region with no initial attendees. For more information about specifying media Regions, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/chime-sdk-meetings-regions.html\">Amazon Chime SDK Media Regions</a> in the <i>Amazon Chime Developer Guide</i>. For more information about the Amazon Chime SDK, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/meetings-sdk.html\">Using the Amazon Chime SDK</a> in the <i>Amazon Chime Developer Guide</i>.</p>"
},
"CreateMeetingWithAttendees":{
"name":"CreateMeetingWithAttendees",
"http":{
"method":"POST",
"requestUri":"/meetings?operation=create-attendees",
"responseCode":201
},
"input":{"shape":"CreateMeetingWithAttendeesRequest"},
"output":{"shape":"CreateMeetingWithAttendeesResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"ForbiddenException"},
{"shape":"ResourceLimitExceededException"},
{"shape":"ThrottledClientException"},
{"shape":"UnauthorizedClientException"},
{"shape":"ServiceUnavailableException"},
{"shape":"ServiceFailureException"}
],
"documentation":"<p>Creates a new Amazon Chime SDK meeting in the specified media Region, with attendees. For more information about specifying media Regions, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/chime-sdk-meetings-regions.html\">Amazon Chime SDK Media Regions</a> in the <i>Amazon Chime Developer Guide</i>. For more information about the Amazon Chime SDK, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/meetings-sdk.html\">Using the Amazon Chime SDK</a> in the <i>Amazon Chime Developer Guide</i>.</p>"
},
"CreatePhoneNumberOrder":{
"name":"CreatePhoneNumberOrder",
@ -3021,7 +3041,7 @@
},
"MediaRegion":{
"shape":"String",
"documentation":"<p>The Region in which to create the meeting. Available values: <code>ap-northeast-1</code>, <code>ap-southeast-1</code>, <code>ap-southeast-2</code>, <code>ca-central-1</code>, <code>eu-central-1</code>, <code>eu-north-1</code>, <code>eu-west-1</code>, <code>eu-west-2</code>, <code>eu-west-3</code>, <code>sa-east-1</code>, <code>us-east-1</code>, <code>us-east-2</code>, <code>us-west-1</code>, <code>us-west-2</code>.</p>"
"documentation":"<p>The Region in which to create the meeting. Default: <code>us-east-1</code>.</p> <p>Available values: <code>ap-northeast-1</code>, <code>ap-southeast-1</code>, <code>ap-southeast-2</code>, <code>ca-central-1</code>, <code>eu-central-1</code>, <code>eu-north-1</code>, <code>eu-west-1</code>, <code>eu-west-2</code>, <code>eu-west-3</code>, <code>sa-east-1</code>, <code>us-east-1</code>, <code>us-east-2</code>, <code>us-west-1</code>, <code>us-west-2</code>.</p>"
},
"Tags":{
"shape":"MeetingTagList",
@ -3042,6 +3062,58 @@
}
}
},
"CreateMeetingWithAttendeesRequest":{
"type":"structure",
"required":["ClientRequestToken"],
"members":{
"ClientRequestToken":{
"shape":"ClientRequestToken",
"documentation":"<p>The unique identifier for the client request. Use a different token for different meetings.</p>",
"idempotencyToken":true
},
"ExternalMeetingId":{
"shape":"ExternalMeetingIdType",
"documentation":"<p>The external meeting ID.</p>"
},
"MeetingHostId":{
"shape":"ExternalUserIdType",
"documentation":"<p>Reserved.</p>"
},
"MediaRegion":{
"shape":"String",
"documentation":"<p>The Region in which to create the meeting. Default: <code>us-east-1</code>.</p> <p>Available values: <code>ap-northeast-1</code>, <code>ap-southeast-1</code>, <code>ap-southeast-2</code>, <code>ca-central-1</code>, <code>eu-central-1</code>, <code>eu-north-1</code>, <code>eu-west-1</code>, <code>eu-west-2</code>, <code>eu-west-3</code>, <code>sa-east-1</code>, <code>us-east-1</code>, <code>us-east-2</code>, <code>us-west-1</code>, <code>us-west-2</code>.</p>"
},
"Tags":{
"shape":"MeetingTagList",
"documentation":"<p>The tag key-value pairs.</p>"
},
"NotificationsConfiguration":{"shape":"MeetingNotificationConfiguration"},
"Attendees":{
"shape":"CreateMeetingWithAttendeesRequestItemList",
"documentation":"<p>The request containing the attendees to create.</p>"
}
}
},
"CreateMeetingWithAttendeesRequestItemList":{
"type":"list",
"member":{"shape":"CreateAttendeeRequestItem"},
"max":5,
"min":1
},
"CreateMeetingWithAttendeesResponse":{
"type":"structure",
"members":{
"Meeting":{"shape":"Meeting"},
"Attendees":{
"shape":"AttendeeList",
"documentation":"<p>The attendee information, including attendees IDs and join tokens.</p>"
},
"Errors":{
"shape":"BatchCreateAttendeeErrorList",
"documentation":"<p>If the action fails for one or more of the attendees in the request, a list of the attendees is returned, along with error codes and error messages.</p>"
}
}
},
"CreatePhoneNumberOrderRequest":{
"type":"structure",
"required":[
@ -5045,7 +5117,7 @@
"documentation":"<p>The SQS queue ARN.</p>"
}
},
"documentation":"<p>The configuration for resource targets to receive notifications when Amazon Chime SDK meeting and attendee events occur.</p>"
"documentation":"<p>The configuration for resource targets to receive notifications when Amazon Chime SDK meeting and attendee events occur. The Amazon Chime SDK supports resource targets located in the US East (N. Virginia) AWS Region (<code>us-east-1</code>).</p>"
},
"MeetingTagKeyList":{
"type":"list",

12
botocore/data/cloudformation/2010-05-15/service-2.json
View file

@ -3365,7 +3365,7 @@
},
"ExecutionRoleArn":{
"shape":"RoleArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the IAM execution role to use to register the type. If your resource type calls AWS APIs in any of its handlers, you must create an <i> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html\">IAM execution role</a> </i> that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your resource type with the appropriate credentials.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the IAM role for CloudFormation to assume when invoking the resource provider. If your resource type calls AWS APIs in any of its handlers, you must create an <i> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html\">IAM execution role</a> </i> that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. When CloudFormation needs to invoke the resource provider handler, CloudFormation assumes this execution role to create a temporary session token, which it then passes to the resource provider handler, thereby supplying your resource provider with the appropriate credentials.</p>"
},
"ClientRequestToken":{
"shape":"RequestToken",
@ -4026,7 +4026,7 @@
},
"OrganizationalUnitId":{
"shape":"OrganizationalUnitId",
"documentation":"<p>Reserved for internal use. No data returned.</p>"
"documentation":"<p>[<code>Service-managed</code> permissions] The organization root ID or organizational unit (OU) IDs that you specified for <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeploymentTargets.html\">DeploymentTargets</a>.</p>"
},
"DriftStatus":{
"shape":"StackDriftStatus",
@ -4092,7 +4092,7 @@
},
"OrganizationalUnitId":{
"shape":"OrganizationalUnitId",
"documentation":"<p>Reserved for internal use. No data returned.</p>"
"documentation":"<p>[<code>Service-managed</code> permissions] The organization root ID or organizational unit (OU) IDs that you specified for <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeploymentTargets.html\">DeploymentTargets</a>.</p>"
},
"DriftStatus":{
"shape":"StackDriftStatus",
@ -4450,7 +4450,7 @@
},
"OrganizationalUnitIds":{
"shape":"OrganizationalUnitIdList",
"documentation":"<p>Reserved for internal use. No data returned.</p>"
"documentation":"<p>[<code>Service-managed</code> permissions] The organization root ID or organizational unit (OU) IDs that you specified for <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeploymentTargets.html\">DeploymentTargets</a>.</p>"
}
},
"documentation":"<p>A structure that contains information about a stack set. A stack set enables you to provision stacks into AWS accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, as well as any parameters and capabilities that the template requires. </p>"
@ -4622,7 +4622,7 @@
},
"MaxConcurrentCount":{
"shape":"MaxConcurrentCount",
"documentation":"<p>The maximum number of accounts in which to perform this operation at one time. This is dependent on the value of <code>FailureToleranceCount</code><code>MaxConcurrentCount</code> is at most one more than the <code>FailureToleranceCount</code> .</p> <p>Note that this setting lets you specify the <i>maximum</i> for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.</p> <p>Conditional: You must specify either <code>MaxConcurrentCount</code> or <code>MaxConcurrentPercentage</code>, but not both.</p>"
"documentation":"<p>The maximum number of accounts in which to perform this operation at one time. This is dependent on the value of <code>FailureToleranceCount</code>. <code>MaxConcurrentCount</code> is at most one more than the <code>FailureToleranceCount</code>.</p> <p>Note that this setting lets you specify the <i>maximum</i> for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.</p> <p>Conditional: You must specify either <code>MaxConcurrentCount</code> or <code>MaxConcurrentPercentage</code>, but not both.</p>"
},
"MaxConcurrentPercentage":{
"shape":"MaxConcurrentPercentage",
@ -4670,7 +4670,7 @@
},
"OrganizationalUnitId":{
"shape":"OrganizationalUnitId",
"documentation":"<p>Reserved for internal use. No data returned.</p>"
"documentation":"<p>[<code>Service-managed</code> permissions] The organization root ID or organizational unit (OU) IDs that you specified for <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeploymentTargets.html\">DeploymentTargets</a>.</p>"
}
},
"documentation":"<p>The structure that contains information about a specified operation's results for a given account in a given Region.</p>"

62
botocore/data/cloudfront/2019-03-26/service-2.json
View file

@ -1018,7 +1018,7 @@
},
"TargetOriginId":{
"shape":"string",
"documentation":"<p>The value of <code>ID</code> for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior in your distribution.</p>"
"documentation":"<p>The value of <code>ID</code> for the origin that you want CloudFront to route requests to when they match this cache behavior.</p>"
},
"ForwardedValues":{
"shape":"ForwardedValues",
@ -1026,11 +1026,11 @@
},
"TrustedSigners":{
"shape":"TrustedSigners",
"documentation":"<p>A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.</p> <p>If you want to require signed URLs in requests for objects in the target origin that match the <code>PathPattern</code> for this cache behavior, specify <code>true</code> for <code>Enabled</code>, and specify the applicable values for <code>Quantity</code> and <code>Items</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html\">Serving Private Content through CloudFront</a> in the <i>Amazon CloudFront Developer Guide</i>. </p> <p>If you don't want to require signed URLs in requests for objects that match <code>PathPattern</code>, specify <code>false</code> for <code>Enabled</code> and <code>0</code> for <code>Quantity</code>. Omit <code>Items</code>.</p> <p>To add, change, or remove one or more trusted signers, change <code>Enabled</code> to <code>true</code> (if it's currently <code>false</code>), change <code>Quantity</code> as applicable, and specify all of the trusted signers that you want to include in the updated distribution.</p>"
"documentation":"<p>A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.</p> <p>If you want to require signed URLs in requests for objects in the target origin that match the <code>PathPattern</code> for this cache behavior, specify <code>true</code> for <code>Enabled</code>, and specify the applicable values for <code>Quantity</code> and <code>Items</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html\">Serving Private Content with Signed URLs and Signed Cookies</a> in the <i>Amazon CloudFront Developer Guide</i>. </p> <p>If you dont want to require signed URLs in requests for objects that match <code>PathPattern</code>, specify <code>false</code> for <code>Enabled</code> and <code>0</code> for <code>Quantity</code>. Omit <code>Items</code>.</p> <p>To add, change, or remove one or more trusted signers, change <code>Enabled</code> to <code>true</code> (if its currently <code>false</code>), change <code>Quantity</code> as applicable, and specify all of the trusted signers that you want to include in the updated distribution.</p>"
},
"ViewerProtocolPolicy":{
"shape":"ViewerProtocolPolicy",
"documentation":"<p>The protocol that viewers can use to access the files in the origin specified by <code>TargetOriginId</code> when a request matches the path pattern in <code>PathPattern</code>. You can specify the following options:</p> <ul> <li> <p> <code>allow-all</code>: Viewers can use HTTP or HTTPS.</p> </li> <li> <p> <code>redirect-to-https</code>: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL. </p> </li> <li> <p> <code>https-only</code>: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden). </p> </li> </ul> <p>For more information about requiring the HTTPS protocol, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html\">Using an HTTPS Connection to Access Your Objects</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> <note> <p>The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html\">Managing How Long Content Stays in an Edge Cache (Expiration)</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> </note>"
"documentation":"<p>The protocol that viewers can use to access the files in the origin specified by <code>TargetOriginId</code> when a request matches the path pattern in <code>PathPattern</code>. You can specify the following options:</p> <ul> <li> <p> <code>allow-all</code>: Viewers can use HTTP or HTTPS.</p> </li> <li> <p> <code>redirect-to-https</code>: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL. </p> </li> <li> <p> <code>https-only</code>: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden). </p> </li> </ul> <p>For more information about requiring the HTTPS protocol, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html\">Requiring HTTPS Between Viewers and CloudFront</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> <note> <p>The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html\">Managing Cache Expiration</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> </note>"
},
"MinTTL":{
"shape":"long",
@ -1059,10 +1059,10 @@
},
"FieldLevelEncryptionId":{
"shape":"string",
"documentation":"<p>The value of <code>ID</code> for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior in your distribution.</p>"
"documentation":"<p>The value of <code>ID</code> for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for this cache behavior.</p>"
}
},
"documentation":"<p>A complex type that describes how CloudFront processes requests.</p> <p>You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to distribute objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used.</p> <p>For the current limit on the number of cache behaviors that you can add to a distribution, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_cloudfront\">Amazon CloudFront Limits</a> in the <i>AWS General Reference</i>.</p> <p>If you don't want to specify any cache behaviors, include only an empty <code>CacheBehaviors</code> element. Don't include an empty <code>CacheBehavior</code> element, or CloudFront returns a <code>MalformedXML</code> error.</p> <p>To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty <code>CacheBehaviors</code> element.</p> <p>To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution.</p> <p>For more information about cache behaviors, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior\">Cache Behaviors</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
"documentation":"<p>A complex type that describes how CloudFront processes requests.</p> <p>You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used.</p> <p>For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html\">Quotas</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> <p>If you dont want to specify any cache behaviors, include only an empty <code>CacheBehaviors</code> element. Dont include an empty <code>CacheBehavior</code> element because this is invalid.</p> <p>To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty <code>CacheBehaviors</code> element.</p> <p>To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution.</p> <p>For more information about cache behaviors, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior\">Cache Behavior Settings</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
},
"CacheBehaviorList":{
"type":"list",
@ -1745,30 +1745,30 @@
"members":{
"HTTPPort":{
"shape":"integer",
"documentation":"<p>The HTTP port the custom origin listens on.</p>"
"documentation":"<p>The HTTP port that CloudFront uses to connect to the origin. Specify the HTTP port that the origin listens on.</p>"
},
"HTTPSPort":{
"shape":"integer",
"documentation":"<p>The HTTPS port the custom origin listens on.</p>"
"documentation":"<p>The HTTPS port that CloudFront uses to connect to the origin. Specify the HTTPS port that the origin listens on.</p>"
},
"OriginProtocolPolicy":{
"shape":"OriginProtocolPolicy",
"documentation":"<p>The origin protocol policy to apply to your origin.</p>"
"documentation":"<p>Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are:</p> <ul> <li> <p> <code>http-only</code> CloudFront always uses HTTP to connect to the origin.</p> </li> <li> <p> <code>match-viewer</code> CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.</p> </li> <li> <p> <code>https-only</code> CloudFront always uses HTTPS to connect to the origin.</p> </li> </ul>"
},
"OriginSslProtocols":{
"shape":"OriginSslProtocols",
"documentation":"<p>The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS.</p>"
"documentation":"<p>Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include <code>SSLv3</code>, <code>TLSv1</code>, <code>TLSv1.1</code>, and <code>TLSv1.2</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols\">Minimum Origin SSL Protocol</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
},
"OriginReadTimeout":{
"shape":"integer",
"documentation":"<p>You can create a custom origin read timeout. All timeout units are in seconds. The default origin read timeout is 30 seconds, but you can configure custom timeout lengths using the CloudFront API. The minimum timeout length is 4 seconds; the maximum is 60 seconds.</p> <p>If you need to increase the maximum time limit, contact the <a href=\"https://console.aws.amazon.com/support/home#/\">AWS Support Center</a>.</p>"
"documentation":"<p>Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the <i>origin response timeout</i>. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you dont specify otherwise) is 30 seconds.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout\">Origin Response Timeout</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
},
"OriginKeepaliveTimeout":{
"shape":"integer",
"documentation":"<p>You can create a custom keep-alive timeout. All timeout units are in seconds. The default keep-alive timeout is 5 seconds, but you can configure custom timeout lengths using the CloudFront API. The minimum timeout length is 1 second; the maximum is 60 seconds.</p> <p>If you need to increase the maximum time limit, contact the <a href=\"https://console.aws.amazon.com/support/home#/\">AWS Support Center</a>.</p>"
"documentation":"<p>Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you dont specify otherwise) is 5 seconds.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout\">Origin Keep-alive Timeout</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
}
},
"documentation":"<p>A custom origin or an Amazon S3 bucket configured as a website endpoint.</p>"
"documentation":"<p>A custom origin. A custom origin is any origin that is <i>not</i> an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html\">configured with static website hosting</a> <i>is</i> a custom origin.</p>"
},
"DefaultCacheBehavior":{
"type":"structure",
@ -1782,7 +1782,7 @@
"members":{
"TargetOriginId":{
"shape":"string",
"documentation":"<p>The value of <code>ID</code> for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior in your distribution.</p>"
"documentation":"<p>The value of <code>ID</code> for the origin that you want CloudFront to route requests to when they use the default cache behavior.</p>"
},
"ForwardedValues":{
"shape":"ForwardedValues",
@ -1790,11 +1790,11 @@
},
"TrustedSigners":{
"shape":"TrustedSigners",
"documentation":"<p>A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.</p> <p>If you want to require signed URLs in requests for objects in the target origin that match the <code>PathPattern</code> for this cache behavior, specify <code>true</code> for <code>Enabled</code>, and specify the applicable values for <code>Quantity</code> and <code>Items</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html\">Serving Private Content through CloudFront</a> in the <i> Amazon CloudFront Developer Guide</i>.</p> <p>If you don't want to require signed URLs in requests for objects that match <code>PathPattern</code>, specify <code>false</code> for <code>Enabled</code> and <code>0</code> for <code>Quantity</code>. Omit <code>Items</code>.</p> <p>To add, change, or remove one or more trusted signers, change <code>Enabled</code> to <code>true</code> (if it's currently <code>false</code>), change <code>Quantity</code> as applicable, and specify all of the trusted signers that you want to include in the updated distribution.</p>"
"documentation":"<p>A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.</p> <p>If you want to require signed URLs in requests for objects in the target origin that match the <code>PathPattern</code> for this cache behavior, specify <code>true</code> for <code>Enabled</code>, and specify the applicable values for <code>Quantity</code> and <code>Items</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html\">Serving Private Content with Signed URLs and Signed Cookies</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> <p>If you dont want to require signed URLs in requests for objects that match <code>PathPattern</code>, specify <code>false</code> for <code>Enabled</code> and <code>0</code> for <code>Quantity</code>. Omit <code>Items</code>.</p> <p>To add, change, or remove one or more trusted signers, change <code>Enabled</code> to <code>true</code> (if its currently <code>false</code>), change <code>Quantity</code> as applicable, and specify all of the trusted signers that you want to include in the updated distribution.</p>"
},
"ViewerProtocolPolicy":{
"shape":"ViewerProtocolPolicy",
"documentation":"<p>The protocol that viewers can use to access the files in the origin specified by <code>TargetOriginId</code> when a request matches the path pattern in <code>PathPattern</code>. You can specify the following options:</p> <ul> <li> <p> <code>allow-all</code>: Viewers can use HTTP or HTTPS.</p> </li> <li> <p> <code>redirect-to-https</code>: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.</p> </li> <li> <p> <code>https-only</code>: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).</p> </li> </ul> <p>For more information about requiring the HTTPS protocol, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html\">Using an HTTPS Connection to Access Your Objects</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> <note> <p>The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html\">Managing How Long Content Stays in an Edge Cache (Expiration)</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> </note>"
"documentation":"<p>The protocol that viewers can use to access the files in the origin specified by <code>TargetOriginId</code> when a request matches the path pattern in <code>PathPattern</code>. You can specify the following options:</p> <ul> <li> <p> <code>allow-all</code>: Viewers can use HTTP or HTTPS.</p> </li> <li> <p> <code>redirect-to-https</code>: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.</p> </li> <li> <p> <code>https-only</code>: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).</p> </li> </ul> <p>For more information about requiring the HTTPS protocol, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html\">Requiring HTTPS Between Viewers and CloudFront</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> <note> <p>The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html\">Managing Cache Expiration</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> </note>"
},
"MinTTL":{
"shape":"long",
@ -1823,10 +1823,10 @@
},
"FieldLevelEncryptionId":{
"shape":"string",
"documentation":"<p>The value of <code>ID</code> for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior in your distribution.</p>"
"documentation":"<p>The value of <code>ID</code> for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for the default cache behavior.</p>"
}
},
"documentation":"<p>A complex type that describes the default cache behavior if you don't specify a <code>CacheBehavior</code> element or if files don't match any of the values of <code>PathPattern</code> in <code>CacheBehavior</code> elements. You must create exactly one default cache behavior.</p>"
"documentation":"<p>A complex type that describes the default cache behavior if you dont specify a <code>CacheBehavior</code> element or if request URLs dont match any of the values of <code>PathPattern</code> in <code>CacheBehavior</code> elements. You must create exactly one default cache behavior.</p>"
},
"DeleteCloudFrontOriginAccessIdentityRequest":{
"type":"structure",
@ -3112,7 +3112,7 @@
"members":{
"Message":{"shape":"string"}
},
"documentation":"<p>The argument is invalid.</p>",
"documentation":"<p>An argument is invalid.</p>",
"error":{"httpStatusCode":400},
"exception":true
},
@ -3929,30 +3929,38 @@
"members":{
"Id":{
"shape":"string",
"documentation":"<p>A unique identifier for the origin or origin group. The value of <code>Id</code> must be unique within the distribution.</p> <p>When you specify the value of <code>TargetOriginId</code> for the default cache behavior or for another cache behavior, you indicate the origin to which you want the cache behavior to route requests by specifying the value of the <code>Id</code> element for that origin. When a request matches the path pattern for that cache behavior, CloudFront routes the request to the specified origin. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior\">Cache Behavior Settings</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
"documentation":"<p>A unique identifier for the origin. This value must be unique within the distribution.</p> <p>Use this value to specify the <code>TargetOriginId</code> in a <code>CacheBehavior</code> or <code>DefaultCacheBehavior</code>.</p>"
},
"DomainName":{
"shape":"string",
"documentation":"<p> <b>Amazon S3 origins</b>: The DNS name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin, for example, <code>myawsbucket.s3.amazonaws.com</code>. If you set up your bucket to be configured as a website endpoint, enter the Amazon S3 static website hosting endpoint for the bucket.</p> <p>For more information about specifying this value for different types of origins, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDomainName\">Origin Domain Name</a> in the <i>Amazon CloudFront Developer Guide</i>.</p> <p>Constraints for Amazon S3 origins: </p> <ul> <li> <p>If you configured Amazon S3 Transfer Acceleration for your bucket, don't specify the <code>s3-accelerate</code> endpoint for <code>DomainName</code>.</p> </li> <li> <p>The bucket name must be between 3 and 63 characters long (inclusive).</p> </li> <li> <p>The bucket name must contain only lowercase characters, numbers, periods, underscores, and dashes.</p> </li> <li> <p>The bucket name must not contain adjacent periods.</p> </li> </ul> <p> <b>Custom Origins</b>: The DNS domain name for the HTTP server from which you want CloudFront to get objects for this origin, for example, <code>www.example.com</code>. </p> <p>Constraints for custom origins:</p> <ul> <li> <p> <code>DomainName</code> must be a valid DNS name that contains only a-z, A-Z, 0-9, dot (.), hyphen (-), or underscore (_) characters.</p> </li> <li> <p>The name cannot exceed 128 characters.</p> </li> </ul>"
"documentation":"<p>The domain name for the origin.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDomainName\">Origin Domain Name</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
},
"OriginPath":{
"shape":"string",
"documentation":"<p>An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. When you include the <code>OriginPath</code> element, specify the directory name, beginning with a <code>/</code>. CloudFront appends the directory name to the value of <code>DomainName</code>, for example, <code>example.com/production</code>. Do not include a <code>/</code> at the end of the directory name.</p> <p>For example, suppose you've specified the following values for your distribution:</p> <ul> <li> <p> <code>DomainName</code>: An Amazon S3 bucket named <code>myawsbucket</code>.</p> </li> <li> <p> <code>OriginPath</code>: <code>/production</code> </p> </li> <li> <p> <code>CNAME</code>: <code>example.com</code> </p> </li> </ul> <p>When a user enters <code>example.com/index.html</code> in a browser, CloudFront sends a request to Amazon S3 for <code>myawsbucket/production/index.html</code>.</p> <p>When a user enters <code>example.com/acme/index.html</code> in a browser, CloudFront sends a request to Amazon S3 for <code>myawsbucket/production/acme/index.html</code>.</p>"
"documentation":"<p>An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginPath\">Origin Path</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
},
"CustomHeaders":{
"shape":"CustomHeaders",
"documentation":"<p>A complex type that contains names and values for the custom headers that you want.</p>"
"documentation":"<p>A list of HTTP header names and values that CloudFront adds to requests it sends to the origin.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html\">Adding Custom Headers to Origin Requests</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
},
"S3OriginConfig":{
"shape":"S3OriginConfig",
"documentation":"<p>A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin, use the <code>CustomOriginConfig</code> element instead.</p>"
"documentation":"<p>Use this type to specify an origin that is an Amazon S3 bucket that is <i> <b>not</b> </i> configured with static website hosting. To specify any other type of origin, including an Amazon S3 bucket that is configured with static website hosting, use the <code>CustomOriginConfig</code> type instead.</p>"
},
"CustomOriginConfig":{
"shape":"CustomOriginConfig",
"documentation":"<p>A complex type that contains information about a custom origin. If the origin is an Amazon S3 bucket, use the <code>S3OriginConfig</code> element instead.</p>"
"documentation":"<p>Use this type to specify an origin that is a content container or HTTP server, including an Amazon S3 bucket that is configured with static website hosting. To specify an Amazon S3 bucket that is <i> <b>not</b> </i> configured with static website hosting, use the <code>S3OriginConfig</code> type instead.</p>"
},
"ConnectionAttempts":{
"shape":"integer",
"documentation":"<p>The number of times that CloudFront attempts to connect to the origin. The minimum number is 1, the maximum is 3, and the default (if you dont specify otherwise) is 3.</p> <p>For a custom origin (including an Amazon S3 bucket thats configured with static website hosting), this value also specifies the number of times that CloudFront attempts to get a response from the origin, in the case of an <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout\">Origin Response Timeout</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#origin-connection-attempts\">Origin Connection Attempts</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
},
"ConnectionTimeout":{
"shape":"integer",
"documentation":"<p>The number of seconds that CloudFront waits when trying to establish a connection to the origin. The minimum timeout is 1 second, the maximum is 10 seconds, and the default (if you dont specify otherwise) is 10 seconds.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#origin-connection-timeout\">Origin Connection Timeout</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
}
},
"documentation":"<p>A complex type that describes the Amazon S3 bucket, HTTP server (for example, a web server), Amazon MediaStore, or other server from which CloudFront gets your files. This can also be an origin group, if you've created an origin group. You must specify at least one origin or origin group.</p> <p>For the current limit on the number of origins or origin groups that you can specify for a distribution, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_cloudfront\">Amazon CloudFront Limits</a> in the <i>AWS General Reference</i>.</p>"
"documentation":"<p>An origin.</p> <p>An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:</p> <ul> <li> <p>Use the <code>S3OriginConfig</code> type to specify an Amazon S3 bucket that is <i> <b>not</b> </i> configured with static website hosting.</p> </li> <li> <p>Use the <code>CustomOriginConfig</code> type to specify various other kinds of content containers or HTTP servers, including:</p> <ul> <li> <p>An Amazon S3 bucket that is configured with static website hosting</p> </li> <li> <p>An Elastic Load Balancing load balancer</p> </li> <li> <p>An AWS Elemental MediaPackage origin</p> </li> <li> <p>An AWS Elemental MediaStore container</p> </li> <li> <p>Any other HTTP server, running on an Amazon EC2 instance or any other kind of host</p> </li> </ul> </li> </ul> <p>For the current maximum number of origins that you can specify per distribution, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions\">General Quotas on Web Distributions</a> in the <i>Amazon CloudFront Developer Guide</i> (quotas were formerly referred to as limits).</p>"
},
"OriginCustomHeader":{
"type":"structure",
@ -4154,7 +4162,7 @@
"members":{
"Message":{"shape":"string"}
},
"documentation":"<p>The precondition given in one or more of the request-header fields evaluated to <code>false</code>. </p>",
"documentation":"<p>The precondition given in one or more of the request header fields evaluated to <code>false</code>.</p>",
"error":{"httpStatusCode":412},
"exception":true
},
@ -4427,7 +4435,7 @@
"documentation":"<p>The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can <i>only</i> access objects in an Amazon S3 bucket through CloudFront. The format of the value is:</p> <p>origin-access-identity/cloudfront/<i>ID-of-origin-access-identity</i> </p> <p>where <code> <i>ID-of-origin-access-identity</i> </code> is the value that CloudFront returned in the <code>ID</code> element when you created the origin access identity.</p> <p>If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty <code>OriginAccessIdentity</code> element.</p> <p>To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty <code>OriginAccessIdentity</code> element.</p> <p>To replace the origin access identity, update the distribution configuration and specify the new origin access identity.</p> <p>For more information about the origin access identity, see <a href=\"https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html\">Serving Private Content through CloudFront</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>"
}
},
"documentation":"<p>A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin, use the <code>CustomOriginConfig</code> element instead.</p>"
"documentation":"<p>A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin or an S3 bucket that is configured as a website endpoint, use the <code>CustomOriginConfig</code> element instead.</p>"
},
"SSLSupportMethod":{
"type":"string",

40
botocore/data/codeartifact/2018-09-22/paginators-1.json Normal file
View file

@ -0,0 +1,40 @@
{
"pagination": {
"ListDomains": {
"input_token": "nextToken",
"output_token": "nextToken",
"limit_key": "maxResults",
"result_key": "domains"
},
"ListPackageVersionAssets": {
"input_token": "nextToken",
"output_token": "nextToken",
"limit_key": "maxResults",
"result_key": "assets"
},
"ListPackageVersions": {
"input_token": "nextToken",
"output_token": "nextToken",
"limit_key": "maxResults",
"result_key": "versions"
},
"ListPackages": {
"input_token": "nextToken",
"output_token": "nextToken",
"limit_key": "maxResults",
"result_key": "packages"
},
"ListRepositories": {
"input_token": "nextToken",
"output_token": "nextToken",
"limit_key": "maxResults",
"result_key": "repositories"
},
"ListRepositoriesInDomain": {
"input_token": "nextToken",
"output_token": "nextToken",
"limit_key": "maxResults",
"result_key": "repositories"
}
}
}

24
botocore/data/codeartifact/2018-09-22/paginators-1.sdk-extras.json Normal file
View file

@ -0,0 +1,24 @@
{
"version": 1.0,
"merge": {
"pagination": {
"ListPackageVersionAssets": {
"non_aggregate_keys": [
"package",
"format",
"namespace",
"version",
"versionRevision"
]
},
"ListPackageVersions": {
"non_aggregate_keys": [
"defaultDisplayVersion",
"format",
"package",
"namespace"
]
}
}
}
}

2962
botocore/data/codeartifact/2018-09-22/service-2.json Normal file
View file

File diff suppressed because one or more lines are too long

6
botocore/data/cognito-idp/2016-04-18/service-2.json
View file

@ -284,6 +284,7 @@
{"shape":"NotAuthorizedException"},
{"shape":"UserNotFoundException"},
{"shape":"AliasExistsException"},
{"shape":"LimitExceededException"},
{"shape":"InternalErrorException"}
],
"documentation":"<p>Links an existing user account in a user pool (<code>DestinationUser</code>) to an identity from an external identity provider (<code>SourceUser</code>) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in, so that the federated user identity can be used to sign in as the existing user account. </p> <p> For example, if there is an existing user with a username and password, this API links that user to a federated user identity, so that when the federated user identity is used, the user signs in as the existing user account. </p> <important> <p>Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.</p> </important> <p>See also .</p> <p>This action is enabled only for admin access and requires developer credentials.</p>"
@ -3187,10 +3188,7 @@
"AuthParametersType":{
"type":"map",
"key":{"shape":"StringType"},
"value":{"shape":"AuthParametersValueType"}
},
"AuthParametersValueType":{
"type":"string",
"value":{"shape":"StringType"},
"sensitive":true
},
"AuthenticationResultType":{

440
botocore/data/compute-optimizer/2019-11-01/service-2.json
View file

@ -13,6 +13,66 @@
"uid":"compute-optimizer-2019-11-01"
},
"operations":{
"DescribeRecommendationExportJobs":{
"name":"DescribeRecommendationExportJobs",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DescribeRecommendationExportJobsRequest"},
"output":{"shape":"DescribeRecommendationExportJobsResponse"},
"errors":[
{"shape":"OptInRequiredException"},
{"shape":"InternalServerException"},
{"shape":"ServiceUnavailableException"},
{"shape":"AccessDeniedException"},
{"shape":"InvalidParameterValueException"},
{"shape":"ResourceNotFoundException"},
{"shape":"MissingAuthenticationToken"},
{"shape":"ThrottlingException"}
],
"documentation":"<p>Describes recommendation export jobs created in the last seven days.</p> <p>Use the <code>ExportAutoScalingGroupRecommendations</code> or <code>ExportEC2InstanceRecommendations</code> actions to request an export of your recommendations. Then use the <code>DescribeRecommendationExportJobs</code> action to view your export jobs.</p>"
},
"ExportAutoScalingGroupRecommendations":{
"name":"ExportAutoScalingGroupRecommendations",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ExportAutoScalingGroupRecommendationsRequest"},
"output":{"shape":"ExportAutoScalingGroupRecommendationsResponse"},
"errors":[
{"shape":"OptInRequiredException"},
{"shape":"InternalServerException"},
{"shape":"ServiceUnavailableException"},
{"shape":"AccessDeniedException"},
{"shape":"InvalidParameterValueException"},
{"shape":"MissingAuthenticationToken"},
{"shape":"ThrottlingException"},
{"shape":"LimitExceededException"}
],
"documentation":"<p>Exports optimization recommendations for Auto Scaling groups.</p> <p>Recommendations are exported in a comma-separated values (.csv) file, and its metadata in a JavaScript Object Notation (.json) file, to an existing Amazon Simple Storage Service (Amazon S3) bucket that you specify. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/exporting-recommendations.html\">Exporting Recommendations</a> in the <i>Compute Optimizer User Guide</i>.</p> <p>You can have only one Auto Scaling group export job in progress per AWS Region.</p>"
},
"ExportEC2InstanceRecommendations":{
"name":"ExportEC2InstanceRecommendations",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ExportEC2InstanceRecommendationsRequest"},
"output":{"shape":"ExportEC2InstanceRecommendationsResponse"},
"errors":[
{"shape":"OptInRequiredException"},
{"shape":"InternalServerException"},
{"shape":"ServiceUnavailableException"},
{"shape":"AccessDeniedException"},
{"shape":"InvalidParameterValueException"},
{"shape":"MissingAuthenticationToken"},
{"shape":"ThrottlingException"},
{"shape":"LimitExceededException"}
],
"documentation":"<p>Exports optimization recommendations for Amazon EC2 instances.</p> <p>Recommendations are exported in a comma-separated values (.csv) file, and its metadata in a JavaScript Object Notation (.json) file, to an existing Amazon Simple Storage Service (Amazon S3) bucket that you specify. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/exporting-recommendations.html\">Exporting Recommendations</a> in the <i>Compute Optimizer User Guide</i>.</p> <p>You can have only one Amazon EC2 instance export job in progress per AWS Region.</p>"
},
"GetAutoScalingGroupRecommendations":{
"name":"GetAutoScalingGroupRecommendations",
"http":{
@ -89,7 +149,7 @@
{"shape":"MissingAuthenticationToken"},
{"shape":"ThrottlingException"}
],
"documentation":"<p>Returns the enrollment (opt in) status of an account to the AWS Compute Optimizer service.</p> <p>If the account is a master account of an organization, this operation also confirms the enrollment status of member accounts within the organization.</p>"
"documentation":"<p>Returns the enrollment (opt in) status of an account to the AWS Compute Optimizer service.</p> <p>If the account is the master account of an organization, this action also confirms the enrollment status of member accounts within the organization.</p>"
},
"GetRecommendationSummaries":{
"name":"GetRecommendationSummaries",
@ -126,7 +186,7 @@
{"shape":"MissingAuthenticationToken"},
{"shape":"ThrottlingException"}
],
"documentation":"<p>Updates the enrollment (opt in) status of an account to the AWS Compute Optimizer service.</p> <p>If the account is a master account of an organization, this operation can also enroll member accounts within the organization.</p>"
"documentation":"<p>Updates the enrollment (opt in) status of an account to the AWS Compute Optimizer service.</p> <p>If the account is a master account of an organization, this action can also be used to enroll member accounts within the organization.</p>"
}
},
"shapes":{
@ -245,19 +305,238 @@
"member":{"shape":"AutoScalingGroupRecommendation"}
},
"Code":{"type":"string"},
"CreationTimestamp":{"type":"timestamp"},
"CurrentInstanceType":{"type":"string"},
"DescribeRecommendationExportJobsRequest":{
"type":"structure",
"members":{
"jobIds":{
"shape":"JobIds",
"documentation":"<p>The identification numbers of the export jobs to return.</p> <p>An export job ID is returned when you create an export using the <code>ExportAutoScalingGroupRecommendations</code> or <code>ExportEC2InstanceRecommendations</code> actions.</p> <p>All export jobs created in the last seven days are returned if this parameter is omitted.</p>"
},
"filters":{
"shape":"JobFilters",
"documentation":"<p>An array of objects that describe a filter to return a more specific list of export jobs.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The token to advance to the next page of export jobs.</p>"
},
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of export jobs to return with a single request.</p> <p>To retrieve the remaining results, make another request with the returned <code>NextToken</code> value.</p>"
}
}
},
"DescribeRecommendationExportJobsResponse":{
"type":"structure",
"members":{
"recommendationExportJobs":{
"shape":"RecommendationExportJobs",
"documentation":"<p>An array of objects that describe recommendation export jobs.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The token to use to advance to the next page of export jobs.</p> <p>This value is null when there are no more pages of export jobs to return.</p>"
}
}
},
"DesiredCapacity":{"type":"integer"},
"DestinationBucket":{"type":"string"},
"DestinationKey":{"type":"string"},
"DestinationKeyPrefix":{"type":"string"},
"ErrorMessage":{"type":"string"},
"ExportAutoScalingGroupRecommendationsRequest":{
"type":"structure",
"required":["s3DestinationConfig"],
"members":{
"accountIds":{
"shape":"AccountIds",
"documentation":"<p>The IDs of the AWS accounts for which to export Auto Scaling group recommendations.</p> <p>If your account is the master account of an organization, use this parameter to specify the member accounts for which you want to export recommendations.</p> <p>This parameter cannot be specified together with the include member accounts parameter. The parameters are mutually exclusive.</p> <p>Recommendations for member accounts are not included in the export if this parameter, or the include member accounts parameter, is omitted.</p> <p>You can specify multiple account IDs per request.</p>"
},
"filters":{
"shape":"Filters",
"documentation":"<p>An array of objects that describe a filter to export a more specific set of Auto Scaling group recommendations.</p>"
},
"fieldsToExport":{
"shape":"ExportableAutoScalingGroupFields",
"documentation":"<p>The recommendations data to include in the export file.</p>"
},
"s3DestinationConfig":{
"shape":"S3DestinationConfig",
"documentation":"<p>An object to specify the destination Amazon Simple Storage Service (Amazon S3) bucket name and key prefix for the export job.</p> <p>You must create the destination Amazon S3 bucket for your recommendations export before you create the export job. Compute Optimizer does not create the S3 bucket for you. After you create the S3 bucket, ensure that it has the required permission policy to allow Compute Optimizer to write the export file to it. If you plan to specify an object prefix when you create the export job, you must include the object prefix in the policy that you add to the S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/create-s3-bucket-policy-for-compute-optimizer.html\">Amazon S3 Bucket Policy for Compute Optimizer</a> in the <i>Compute Optimizer user guide</i>.</p>"
},
"fileFormat":{
"shape":"FileFormat",
"documentation":"<p>The format of the export file.</p> <p>The only export file format currently supported is <code>Csv</code>.</p>"
},
"includeMemberAccounts":{
"shape":"IncludeMemberAccounts",
"documentation":"<p>Indicates whether to include recommendations for resources in all member accounts of the organization if your account is the master account of an organization.</p> <p>The member accounts must also be opted in to Compute Optimizer.</p> <p>Recommendations for member accounts of the organization are not included in the export file if this parameter is omitted.</p> <p>This parameter cannot be specified together with the account IDs parameter. The parameters are mutually exclusive.</p> <p>Recommendations for member accounts are not included in the export if this parameter, or the account IDs parameter, is omitted.</p>"
}
}
},
"ExportAutoScalingGroupRecommendationsResponse":{
"type":"structure",
"members":{
"jobId":{
"shape":"JobId",
"documentation":"<p>The identification number of the export job.</p> <p>Use the <code>DescribeRecommendationExportJobs</code> action, and specify the job ID to view the status of an export job.</p>"
},
"s3Destination":{
"shape":"S3Destination",
"documentation":"<p>An object that describes the destination Amazon S3 bucket of a recommendations export file.</p>"
}
}
},
"ExportDestination":{
"type":"structure",
"members":{
"s3":{
"shape":"S3Destination",
"documentation":"<p>An object that describes the destination Amazon Simple Storage Service (Amazon S3) bucket name and object keys of a recommendations export file, and its associated metadata file.</p>"
}
},
"documentation":"<p>Describes the destination of the recommendations export and metadata files.</p>"
},
"ExportEC2InstanceRecommendationsRequest":{
"type":"structure",
"required":["s3DestinationConfig"],
"members":{
"accountIds":{
"shape":"AccountIds",
"documentation":"<p>The IDs of the AWS accounts for which to export instance recommendations.</p> <p>If your account is the master account of an organization, use this parameter to specify the member accounts for which you want to export recommendations.</p> <p>This parameter cannot be specified together with the include member accounts parameter. The parameters are mutually exclusive.</p> <p>Recommendations for member accounts are not included in the export if this parameter, or the include member accounts parameter, is omitted.</p> <p>You can specify multiple account IDs per request.</p>"
},
"filters":{
"shape":"Filters",
"documentation":"<p>An array of objects that describe a filter to export a more specific set of instance recommendations.</p>"
},
"fieldsToExport":{
"shape":"ExportableInstanceFields",
"documentation":"<p>The recommendations data to include in the export file.</p>"
},
"s3DestinationConfig":{
"shape":"S3DestinationConfig",
"documentation":"<p>An object to specify the destination Amazon Simple Storage Service (Amazon S3) bucket name and key prefix for the export job.</p> <p>You must create the destination Amazon S3 bucket for your recommendations export before you create the export job. Compute Optimizer does not create the S3 bucket for you. After you create the S3 bucket, ensure that it has the required permission policy to allow Compute Optimizer to write the export file to it. If you plan to specify an object prefix when you create the export job, you must include the object prefix in the policy that you add to the S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/create-s3-bucket-policy-for-compute-optimizer.html\">Amazon S3 Bucket Policy for Compute Optimizer</a> in the <i>Compute Optimizer user guide</i>.</p>"
},
"fileFormat":{
"shape":"FileFormat",
"documentation":"<p>The format of the export file.</p> <p>The only export file format currently supported is <code>Csv</code>.</p>"
},
"includeMemberAccounts":{
"shape":"IncludeMemberAccounts",
"documentation":"<p>Indicates whether to include recommendations for resources in all member accounts of the organization if your account is the master account of an organization.</p> <p>The member accounts must also be opted in to Compute Optimizer.</p> <p>Recommendations for member accounts of the organization are not included in the export file if this parameter is omitted.</p> <p>Recommendations for member accounts are not included in the export if this parameter, or the account IDs parameter, is omitted.</p>"
}
}
},
"ExportEC2InstanceRecommendationsResponse":{
"type":"structure",
"members":{
"jobId":{
"shape":"JobId",
"documentation":"<p>The identification number of the export job.</p> <p>Use the <code>DescribeRecommendationExportJobs</code> action, and specify the job ID to view the status of an export job.</p>"
},
"s3Destination":{
"shape":"S3Destination",
"documentation":"<p>An object that describes the destination Amazon S3 bucket of a recommendations export file.</p>"
}
}
},
"ExportableAutoScalingGroupField":{
"type":"string",
"enum":[
"AccountId",
"AutoScalingGroupArn",
"AutoScalingGroupName",
"Finding",
"UtilizationMetricsCpuMaximum",
"UtilizationMetricsMemoryMaximum",
"LookbackPeriodInDays",
"CurrentConfigurationInstanceType",
"CurrentConfigurationDesiredCapacity",
"CurrentConfigurationMinSize",
"CurrentConfigurationMaxSize",
"CurrentOnDemandPrice",
"CurrentStandardOneYearNoUpfrontReservedPrice",
"CurrentStandardThreeYearNoUpfrontReservedPrice",
"CurrentVCpus",
"CurrentMemory",
"CurrentStorage",
"CurrentNetwork",
"RecommendationOptionsConfigurationInstanceType",
"RecommendationOptionsConfigurationDesiredCapacity",
"RecommendationOptionsConfigurationMinSize",
"RecommendationOptionsConfigurationMaxSize",
"RecommendationOptionsProjectedUtilizationMetricsCpuMaximum",
"RecommendationOptionsProjectedUtilizationMetricsMemoryMaximum",
"RecommendationOptionsPerformanceRisk",
"RecommendationOptionsOnDemandPrice",
"RecommendationOptionsStandardOneYearNoUpfrontReservedPrice",
"RecommendationOptionsStandardThreeYearNoUpfrontReservedPrice",
"RecommendationOptionsVcpus",
"RecommendationOptionsMemory",
"RecommendationOptionsStorage",
"RecommendationOptionsNetwork",
"LastRefreshTimestamp"
]
},
"ExportableAutoScalingGroupFields":{
"type":"list",
"member":{"shape":"ExportableAutoScalingGroupField"}
},
"ExportableInstanceField":{
"type":"string",
"enum":[
"AccountId",
"InstanceArn",
"InstanceName",
"Finding",
"LookbackPeriodInDays",
"CurrentInstanceType",
"UtilizationMetricsCpuMaximum",
"UtilizationMetricsMemoryMaximum",
"CurrentOnDemandPrice",
"CurrentStandardOneYearNoUpfrontReservedPrice",
"CurrentStandardThreeYearNoUpfrontReservedPrice",
"CurrentVCpus",
"CurrentMemory",
"CurrentStorage",
"CurrentNetwork",
"RecommendationOptionsInstanceType",
"RecommendationOptionsProjectedUtilizationMetricsCpuMaximum",
"RecommendationOptionsProjectedUtilizationMetricsMemoryMaximum",
"RecommendationOptionsPerformanceRisk",
"RecommendationOptionsVcpus",
"RecommendationOptionsMemory",
"RecommendationOptionsStorage",
"RecommendationOptionsNetwork",
"RecommendationOptionsOnDemandPrice",
"RecommendationOptionsStandardOneYearNoUpfrontReservedPrice",
"RecommendationOptionsStandardThreeYearNoUpfrontReservedPrice",
"RecommendationsSourcesRecommendationSourceArn",
"RecommendationsSourcesRecommendationSourceType",
"LastRefreshTimestamp"
]
},
"ExportableInstanceFields":{
"type":"list",
"member":{"shape":"ExportableInstanceField"}
},
"FailureReason":{"type":"string"},
"FileFormat":{
"type":"string",
"enum":["Csv"]
},
"Filter":{
"type":"structure",
"members":{
"name":{
"shape":"FilterName",
"documentation":"<p>The name of the filter.</p> <p>Specify <code>Finding</code> to filter the results to a specific findings classification.</p> <p>Specify <code>RecommendationSourceType</code> to filter the results to a specific resource type.</p>"
"documentation":"<p>The name of the filter.</p> <p>Specify <code>Finding</code> to return recommendations with a specific findings classification (e.g., <code>Overprovisioned</code>).</p> <p>Specify <code>RecommendationSourceType</code> to return recommendations of a specific resource type (e.g., <code>AutoScalingGroup</code>).</p>"
},
"values":{
"shape":"FilterValues",
"documentation":"<p>The value of the filter.</p> <p>If you specify the <code>name</code> parameter as <code>Finding</code>, and you're recommendations for an <i>instance</i>, then the valid values are <code>Underprovisioned</code>, <code>Overprovisioned</code>, <code>NotOptimized</code>, or <code>Optimized</code>.</p> <p>If you specify the <code>name</code> parameter as <code>Finding</code>, and you're recommendations for an <i>Auto Scaling group</i>, then the valid values are <code>Optimized</code>, or <code>NotOptimized</code>.</p> <p>If you specify the <code>name</code> parameter as <code>RecommendationSourceType</code>, then the valid values are <code>EC2Instance</code>, or <code>AutoScalingGroup</code>.</p>"
"documentation":"<p>The value of the filter.</p> <p>If you specify the <code>name</code> parameter as <code>Finding</code>, and you request recommendations for an <i>instance</i>, then the valid values are <code>Underprovisioned</code>, <code>Overprovisioned</code>, <code>NotOptimized</code>, or <code>Optimized</code>.</p> <p>If you specify the <code>name</code> parameter as <code>Finding</code>, and you request recommendations for an <i>Auto Scaling group</i>, then the valid values are <code>Optimized</code>, or <code>NotOptimized</code>.</p> <p>If you specify the <code>name</code> parameter as <code>RecommendationSourceType</code>, then the valid values are <code>Ec2Instance</code>, or <code>AutoScalingGroup</code>.</p>"
}
},
"documentation":"<p>Describes a filter that returns a more specific list of recommendations.</p>"
@ -292,7 +571,7 @@
"members":{
"accountIds":{
"shape":"AccountIds",
"documentation":"<p>The AWS account IDs for which to return Auto Scaling group recommendations.</p> <p>Only one account ID can be specified per request.</p>"
"documentation":"<p>The IDs of the AWS accounts for which to return Auto Scaling group recommendations.</p> <p>If your account is the master account of an organization, use this parameter to specify the member accounts for which you want to return Auto Scaling group recommendations.</p> <p>Only one account ID can be specified per request.</p>"
},
"autoScalingGroupArns":{
"shape":"AutoScalingGroupArns",
@ -304,7 +583,7 @@
},
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of Auto Scaling group recommendations to return with a single call.</p> <p>To retrieve the remaining results, make another call with the returned <code>NextToken</code> value.</p>"
"documentation":"<p>The maximum number of Auto Scaling group recommendations to return with a single request.</p> <p>To retrieve the remaining results, make another request with the returned <code>NextToken</code> value.</p>"
},
"filters":{
"shape":"Filters",
@ -342,7 +621,7 @@
},
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of instance recommendations to return with a single call.</p> <p>To retrieve the remaining results, make another call with the returned <code>NextToken</code> value.</p>"
"documentation":"<p>The maximum number of instance recommendations to return with a single request.</p> <p>To retrieve the remaining results, make another request with the returned <code>NextToken</code> value.</p>"
},
"filters":{
"shape":"Filters",
@ -350,7 +629,7 @@
},
"accountIds":{
"shape":"AccountIds",
"documentation":"<p>The AWS account IDs for which to return instance recommendations.</p> <p>Only one account ID can be specified per request.</p>"
"documentation":"<p>The IDs of the AWS accounts for which to return instance recommendations.</p> <p>If your account is the master account of an organization, use this parameter to specify the member accounts for which you want to return instance recommendations.</p> <p>Only one account ID can be specified per request.</p>"
}
}
},
@ -461,7 +740,7 @@
"members":{
"accountIds":{
"shape":"AccountIds",
"documentation":"<p>The AWS account IDs for which to return recommendation summaries.</p> <p>Only one account ID can be specified per request.</p>"
"documentation":"<p>The IDs of the AWS accounts for which to return recommendation summaries.</p> <p>If your account is the master account of an organization, use this parameter to specify the member accounts for which you want to return recommendation summaries.</p> <p>Only one account ID can be specified per request.</p>"
},
"nextToken":{
"shape":"NextToken",
@ -469,7 +748,7 @@
},
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of recommendation summaries to return with a single call.</p> <p>To retrieve the remaining results, make another call with the returned <code>NextToken</code> value.</p>"
"documentation":"<p>The maximum number of recommendation summaries to return with a single request.</p> <p>To retrieve the remaining results, make another request with the returned <code>NextToken</code> value.</p>"
}
}
},
@ -503,7 +782,7 @@
},
"accountId":{
"shape":"AccountId",
"documentation":"<p>The AWS account ID of the instance recommendation.</p>"
"documentation":"<p>The AWS account ID of the instance.</p>"
},
"instanceName":{
"shape":"InstanceName",
@ -572,7 +851,7 @@
"members":{
"message":{"shape":"ErrorMessage"}
},
"documentation":"<p>The request processing has failed because of an unknown error, exception, or failure.</p>",
"documentation":"<p>An internal error has occurred. Try your call again.</p>",
"exception":true,
"fault":true
},
@ -585,7 +864,56 @@
"exception":true,
"synthetic":true
},
"JobFilter":{
"type":"structure",
"members":{
"name":{
"shape":"JobFilterName",
"documentation":"<p>The name of the filter.</p> <p>Specify <code>ResourceType</code> to return export jobs of a specific resource type (e.g., <code>Ec2Instance</code>).</p> <p>Specify <code>JobStatus</code> to return export jobs with a specific status (e.g, <code>Complete</code>).</p>"
},
"values":{
"shape":"FilterValues",
"documentation":"<p>The value of the filter.</p> <p>If you specify the <code>name</code> parameter as <code>ResourceType</code>, the valid values are <code>Ec2Instance</code> or <code>AutoScalingGroup</code>.</p> <p>If you specify the <code>name</code> parameter as <code>JobStatus</code>, the valid values are <code>Queued</code>, <code>InProgress</code>, <code>Complete</code>, or <code>Failed</code>.</p>"
}
},
"documentation":"<p>Describes a filter that returns a more specific list of recommendation export jobs.</p> <p>This filter is used with the <code>DescribeRecommendationExportJobs</code> action.</p>"
},
"JobFilterName":{
"type":"string",
"enum":[
"ResourceType",
"JobStatus"
]
},
"JobFilters":{
"type":"list",
"member":{"shape":"JobFilter"}
},
"JobId":{"type":"string"},
"JobIds":{
"type":"list",
"member":{"shape":"JobId"}
},
"JobStatus":{
"type":"string",
"enum":[
"Queued",
"InProgress",
"Complete",
"Failed"
]
},
"LastRefreshTimestamp":{"type":"timestamp"},
"LastUpdatedTimestamp":{"type":"timestamp"},
"LimitExceededException":{
"type":"structure",
"members":{
"message":{"shape":"ErrorMessage"}
},
"documentation":"<p>The request exceeds a limit of the service.</p>",
"exception":true,
"synthetic":true
},
"LookBackPeriodInDays":{"type":"double"},
"MaxResults":{
"type":"integer",
@ -594,6 +922,7 @@
"MaxSize":{"type":"integer"},
"MemberAccountsEnrolled":{"type":"boolean"},
"Message":{"type":"string"},
"MetadataKey":{"type":"string"},
"MetricName":{
"type":"string",
"enum":[
@ -629,7 +958,7 @@
"members":{
"message":{"shape":"ErrorMessage"}
},
"documentation":"<p>You must opt in to the service to perform this action.</p>",
"documentation":"<p>The account is not opted in to AWS Compute Optimizer.</p>",
"exception":true,
"synthetic":true
},
@ -666,6 +995,44 @@
"member":{"shape":"UtilizationMetric"}
},
"Rank":{"type":"integer"},
"RecommendationExportJob":{
"type":"structure",
"members":{
"jobId":{
"shape":"JobId",
"documentation":"<p>The identification number of the export job.</p>"
},
"destination":{
"shape":"ExportDestination",
"documentation":"<p>An object that describes the destination of the export file.</p>"
},
"resourceType":{
"shape":"ResourceType",
"documentation":"<p>The resource type of the exported recommendations.</p>"
},
"status":{
"shape":"JobStatus",
"documentation":"<p>The status of the export job.</p>"
},
"creationTimestamp":{
"shape":"CreationTimestamp",
"documentation":"<p>The timestamp of when the export job was created.</p>"
},
"lastUpdatedTimestamp":{
"shape":"LastUpdatedTimestamp",
"documentation":"<p>The timestamp of when the export job was last updated.</p>"
},
"failureReason":{
"shape":"FailureReason",
"documentation":"<p>The reason for an export job failure.</p>"
}
},
"documentation":"<p>Describes a recommendation export job.</p> <p>Use the <code>DescribeRecommendationExportJobs</code> action to view your recommendation export jobs.</p> <p>Use the <code>ExportAutoScalingGroupRecommendations</code> or <code>ExportEC2InstanceRecommendations</code> actions to request an export of your recommendations.</p>"
},
"RecommendationExportJobs":{
"type":"list",
"member":{"shape":"RecommendationExportJob"}
},
"RecommendationOptions":{
"type":"list",
"member":{"shape":"InstanceRecommendationOption"}
@ -746,10 +1113,49 @@
"members":{
"message":{"shape":"ErrorMessage"}
},
"documentation":"<p>The specified resource was not found.</p>",
"documentation":"<p>A resource that is required for the action doesn't exist.</p>",
"exception":true,
"synthetic":true
},
"ResourceType":{
"type":"string",
"enum":[
"Ec2Instance",
"AutoScalingGroup"
]
},
"S3Destination":{
"type":"structure",
"members":{
"bucket":{
"shape":"DestinationBucket",
"documentation":"<p>The name of the Amazon S3 bucket used as the destination of an export file.</p>"
},
"key":{
"shape":"DestinationKey",
"documentation":"<p>The Amazon S3 bucket key of an export file.</p> <p>The key uniquely identifies the object, or export file, in the S3 bucket.</p>"
},
"metadataKey":{
"shape":"MetadataKey",
"documentation":"<p>The Amazon S3 bucket key of a metadata file.</p> <p>The key uniquely identifies the object, or metadata file, in the S3 bucket.</p>"
}
},
"documentation":"<p>Describes the destination Amazon Simple Storage Service (Amazon S3) bucket name and object keys of a recommendations export file, and its associated metadata file.</p>"
},
"S3DestinationConfig":{
"type":"structure",
"members":{
"bucket":{
"shape":"DestinationBucket",
"documentation":"<p>The name of the Amazon S3 bucket to use as the destination for an export job.</p>"
},
"keyPrefix":{
"shape":"DestinationKeyPrefix",
"documentation":"<p>The Amazon S3 bucket prefix for an export job.</p>"
}
},
"documentation":"<p>Describes the destination Amazon Simple Storage Service (Amazon S3) bucket name and key prefix for a recommendations export job.</p> <p>You must create the destination Amazon S3 bucket for your recommendations export before you create the export job. Compute Optimizer does not create the S3 bucket for you. After you create the S3 bucket, ensure that it has the required permission policy to allow Compute Optimizer to write the export file to it. If you plan to specify an object prefix when you create the export job, you must include the object prefix in the policy that you add to the S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/create-s3-bucket-policy-for-compute-optimizer.html\">Amazon S3 Bucket Policy for Compute Optimizer</a> in the <i>Compute Optimizer user guide</i>.</p>"
},
"ServiceUnavailableException":{
"type":"structure",
"members":{
@ -794,7 +1200,7 @@
"members":{
"message":{"shape":"ErrorMessage"}
},
"documentation":"<p>The limit on the number of requests per second was exceeded.</p>",
"documentation":"<p>The request was denied due to request throttling.</p>",
"exception":true,
"synthetic":true
},
@ -813,7 +1219,7 @@
},
"includeMemberAccounts":{
"shape":"IncludeMemberAccounts",
"documentation":"<p>Indicates whether to enroll member accounts within the organization, if the account is a master account of an organization.</p>"
"documentation":"<p>Indicates whether to enroll member accounts of the organization if the your account is the master account of an organization.</p>"
}
}
},
@ -853,5 +1259,5 @@
"member":{"shape":"UtilizationMetric"}
}
},
"documentation":"<p>AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of your AWS resources, such as EC2 instances and Auto Scaling groups. It reports whether your resources are optimal, and generates optimization recommendations to reduce the cost and improve the performance of your workloads. Compute Optimizer also provides recent utilization metric data, as well as projected utilization metric data for the recommendations, which you can use to evaluate which recommendation provides the best price-performance trade-off. The analysis of your usage patterns can help you decide when to move or resize your running resources, and still meet your performance and capacity requirements. For more information about Compute Optimizer, see the <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/\">AWS Compute Optimizer User Guide</a>.</p>"
"documentation":"<p>AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of your AWS resources, such as EC2 instances and Auto Scaling groups. It reports whether your resources are optimal, and generates optimization recommendations to reduce the cost and improve the performance of your workloads. Compute Optimizer also provides recent utilization metric data, as well as projected utilization metric data for the recommendations, which you can use to evaluate which recommendation provides the best price-performance trade-off. The analysis of your usage patterns can help you decide when to move or resize your running resources, and still meet your performance and capacity requirements. For more information about Compute Optimizer, including the required permissions to use the service, see the <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/\">AWS Compute Optimizer User Guide</a>.</p>"
}

3
botocore/data/dataexchange/2017-07-25/service-2.json
View file

@ -1393,8 +1393,7 @@
},
"documentation": "<p>Encryption configuration of the export job. Includes the encryption type as well as the AWS KMS key. The KMS key is only necessary if you chose the KMS encryption type.</p>",
"required": [
"Type",
"KmsKeyArn"
"Type"
]
},
"GetAssetRequest": {

204
botocore/data/directconnect/2012-10-25/service-2.json
View file

@ -321,7 +321,7 @@
{"shape":"DirectConnectServerException"},
{"shape":"DirectConnectClientException"}
],
"documentation":"<p>Creates a private virtual interface. A virtual interface is the VLAN that transports AWS Direct Connect traffic. A private virtual interface can be connected to either a Direct Connect gateway or a Virtual Private Gateway (VGW). Connecting the private virtual interface to a Direct Connect gateway enables the possibility for connecting to multiple VPCs, including VPCs in different AWS Regions. Connecting the private virtual interface to a VGW only provides access to a single VPC within the same Region.</p>"
"documentation":"<p>Creates a private virtual interface. A virtual interface is the VLAN that transports AWS Direct Connect traffic. A private virtual interface can be connected to either a Direct Connect gateway or a Virtual Private Gateway (VGW). Connecting the private virtual interface to a Direct Connect gateway enables the possibility for connecting to multiple VPCs, including VPCs in different AWS Regions. Connecting the private virtual interface to a VGW only provides access to a single VPC within the same Region.</p> <p>Setting the MTU of a virtual interface to 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether your connection supports jumbo frames, call <a>DescribeConnections</a>. To check whether your virtual interface supports jumbo frames, call <a>DescribeVirtualInterfaces</a>.</p>"
},
"CreatePublicVirtualInterface":{
"name":"CreatePublicVirtualInterface",
@ -353,7 +353,7 @@
{"shape":"DirectConnectServerException"},
{"shape":"DirectConnectClientException"}
],
"documentation":"<p>Creates a transit virtual interface. A transit virtual interface should be used to access one or more transit gateways associated with Direct Connect gateways. A transit virtual interface enables the connection of multiple VPCs attached to a transit gateway to a Direct Connect gateway.</p> <important> <p>If you associate your transit gateway with one or more Direct Connect gateways, the Autonomous System Number (ASN) used by the transit gateway and the Direct Connect gateway must be different. For example, if you use the default ASN 64512 for both your the transit gateway and Direct Connect gateway, the association request fails.</p> </important>"
"documentation":"<p>Creates a transit virtual interface. A transit virtual interface should be used to access one or more transit gateways associated with Direct Connect gateways. A transit virtual interface enables the connection of multiple VPCs attached to a transit gateway to a Direct Connect gateway.</p> <important> <p>If you associate your transit gateway with one or more Direct Connect gateways, the Autonomous System Number (ASN) used by the transit gateway and the Direct Connect gateway must be different. For example, if you use the default ASN 64512 for both your the transit gateway and Direct Connect gateway, the association request fails.</p> </important> <p>Setting the MTU of a virtual interface to 8500 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether your connection supports jumbo frames, call <a>DescribeConnections</a>. To check whether your virtual interface supports jumbo frames, call <a>DescribeVirtualInterfaces</a>.</p>"
},
"DeleteBGPPeer":{
"name":"DeleteBGPPeer",
@ -706,6 +706,48 @@
],
"documentation":"<p>Disassociates a connection from a link aggregation group (LAG). The connection is interrupted and re-established as a standalone connection (the connection is not deleted; to delete the connection, use the <a>DeleteConnection</a> request). If the LAG has associated virtual interfaces or hosted connections, they remain associated with the LAG. A disassociated connection owned by an AWS Direct Connect Partner is automatically converted to an interconnect.</p> <p>If disassociating the connection would cause the LAG to fall below its setting for minimum number of operational connections, the request fails, except when it's the last member of the LAG. If all connections are disassociated, the LAG continues to exist as an empty LAG with no physical connections. </p>"
},
"ListVirtualInterfaceTestHistory":{
"name":"ListVirtualInterfaceTestHistory",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ListVirtualInterfaceTestHistoryRequest"},
"output":{"shape":"ListVirtualInterfaceTestHistoryResponse"},
"errors":[
{"shape":"DirectConnectServerException"},
{"shape":"DirectConnectClientException"}
],
"documentation":"<p>Lists the virtual interface failover test history.</p>"
},
"StartBgpFailoverTest":{
"name":"StartBgpFailoverTest",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"StartBgpFailoverTestRequest"},
"output":{"shape":"StartBgpFailoverTestResponse"},
"errors":[
{"shape":"DirectConnectServerException"},
{"shape":"DirectConnectClientException"}
],
"documentation":"<p>Starts the virtual interface failover test that verifies your configuration meets your resiliency requirements by placing the BGP peering session in the DOWN state. You can then send traffic to verify that there are no outages.</p> <p>You can run the test on public, private, transit, and hosted virtual interfaces.</p> <p>You can use <a href=\"https://docs.aws.amazon.com/directconnect/latest/APIReference/API_ListVirtualInterfaceTestHistory.html\">ListVirtualInterfaceTestHistory</a> to view the virtual interface test history.</p> <p>If you need to stop the test before the test interval completes, use <a href=\"https://docs.aws.amazon.com/directconnect/latest/APIReference/API_StopBgpFailoverTest.html\">StopBgpFailoverTest</a>.</p>"
},
"StopBgpFailoverTest":{
"name":"StopBgpFailoverTest",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"StopBgpFailoverTestRequest"},
"output":{"shape":"StopBgpFailoverTestResponse"},
"errors":[
{"shape":"DirectConnectServerException"},
{"shape":"DirectConnectClientException"}
],
"documentation":"<p>Stops the virtual interface failover test.</p>"
},
"TagResource":{
"name":"TagResource",
"http":{
@ -776,7 +818,7 @@
{"shape":"DirectConnectServerException"},
{"shape":"DirectConnectClientException"}
],
"documentation":"<p>Updates the specified attributes of the specified virtual private interface.</p> <p>Setting the MTU of a virtual interface to 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether your connection supports jumbo frames, call <a>DescribeConnections</a>. To check whether your virtual interface supports jumbo frames, call <a>DescribeVirtualInterfaces</a>.</p>"
"documentation":"<p>Updates the specified attributes of the specified virtual private interface.</p> <p>Setting the MTU of a virtual interface to 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether your connection supports jumbo frames, call <a>DescribeConnections</a>. To check whether your virtual q interface supports jumbo frames, call <a>DescribeVirtualInterfaces</a>.</p>"
}
},
"shapes":{
@ -1088,6 +1130,10 @@
"documentation":"<p>Information about a BGP peer.</p>"
},
"BGPPeerId":{"type":"string"},
"BGPPeerIdList":{
"type":"list",
"member":{"shape":"BGPPeerId"}
},
"BGPPeerList":{
"type":"list",
"member":{"shape":"BGPPeer"}
@ -2286,7 +2332,9 @@
"documentation":"<p>A tag key was specified more than once.</p>",
"exception":true
},
"EndTime":{"type":"timestamp"},
"ErrorMessage":{"type":"string"},
"FailureTestHistoryStatus":{"type":"string"},
"GatewayIdToAssociate":{"type":"string"},
"GatewayIdentifier":{"type":"string"},
"GatewayType":{
@ -2495,6 +2543,48 @@
}
}
},
"ListVirtualInterfaceTestHistoryRequest":{
"type":"structure",
"members":{
"testId":{
"shape":"TestId",
"documentation":"<p>The ID of the virtual interface failover test.</p>"
},
"virtualInterfaceId":{
"shape":"VirtualInterfaceId",
"documentation":"<p>The ID of the virtual interface that was tested.</p>"
},
"bgpPeers":{
"shape":"BGPPeerIdList",
"documentation":"<p>The BGP peers that were placed in the DOWN state during the virtual interface failover test.</p>"
},
"status":{
"shape":"FailureTestHistoryStatus",
"documentation":"<p>The status of the virtual interface failover test.</p>"
},
"maxResults":{
"shape":"MaxResultSetSize",
"documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p> <p>If <code>MaxResults</code> is given a value larger than 100, only 100 results are returned.</p>"
},
"nextToken":{
"shape":"PaginationToken",
"documentation":"<p>The token for the next page of results.</p>"
}
}
},
"ListVirtualInterfaceTestHistoryResponse":{
"type":"structure",
"members":{
"virtualInterfaceTestHistory":{
"shape":"VirtualInterfaceTestHistoryList",
"documentation":"<p>The ID of the tested virtual interface.</p>"
},
"nextToken":{
"shape":"PaginationToken",
"documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
}
}
},
"Loa":{
"type":"structure",
"members":{
@ -2598,7 +2688,7 @@
"members":{
"virtualInterfaceName":{
"shape":"VirtualInterfaceName",
"documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
"documentation":"<p>The name of the virtual interface assigned by the customer network. The name has a maximum of 100 characters. The following are valid characters: a-z, 0-9 and a hyphen (-).</p>"
},
"vlan":{
"shape":"VLAN",
@ -2653,7 +2743,7 @@
"members":{
"virtualInterfaceName":{
"shape":"VirtualInterfaceName",
"documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
"documentation":"<p>The name of the virtual interface assigned by the customer network. The name has a maximum of 100 characters. The following are valid characters: a-z, 0-9 and a hyphen (-).</p>"
},
"vlan":{
"shape":"VLAN",
@ -2700,7 +2790,7 @@
"members":{
"virtualInterfaceName":{
"shape":"VirtualInterfaceName",
"documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
"documentation":"<p>The name of the virtual interface assigned by the customer network. The name has a maximum of 100 characters. The following are valid characters: a-z, 0-9 and a hyphen (-).</p>"
},
"vlan":{
"shape":"VLAN",
@ -2747,7 +2837,7 @@
"members":{
"virtualInterfaceName":{
"shape":"VirtualInterfaceName",
"documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
"documentation":"<p>The name of the virtual interface assigned by the customer network. The name has a maximum of 100 characters. The following are valid characters: a-z, 0-9 and a hyphen (-).</p>"
},
"vlan":{
"shape":"VLAN",
@ -2789,7 +2879,7 @@
"members":{
"virtualInterfaceName":{
"shape":"VirtualInterfaceName",
"documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
"documentation":"<p>The name of the virtual interface assigned by the customer network. The name has a maximum of 100 characters. The following are valid characters: a-z, 0-9 and a hyphen (-).</p>"
},
"vlan":{
"shape":"VLAN",
@ -2835,7 +2925,7 @@
"members":{
"virtualInterfaceName":{
"shape":"VirtualInterfaceName",
"documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
"documentation":"<p>The name of the virtual interface assigned by the customer network. The name has a maximum of 100 characters. The following are valid characters: a-z, 0-9 and a hyphen (-).</p>"
},
"vlan":{
"shape":"VLAN",
@ -2920,7 +3010,54 @@
"member":{"shape":"RouteFilterPrefix"}
},
"RouterConfig":{"type":"string"},
"StartBgpFailoverTestRequest":{
"type":"structure",
"required":["virtualInterfaceId"],
"members":{
"virtualInterfaceId":{
"shape":"VirtualInterfaceId",
"documentation":"<p>The ID of the virtual interface you want to test.</p>"
},
"bgpPeers":{
"shape":"BGPPeerIdList",
"documentation":"<p>The BGP peers to place in the DOWN state.</p>"
},
"testDurationInMinutes":{
"shape":"TestDuration",
"documentation":"<p>The time in minutes that the virtual interface failover test will last.</p> <p>Maximum value: 180 minutes (3 hours).</p> <p>Default: 180 minutes (3 hours).</p>"
}
}
},
"StartBgpFailoverTestResponse":{
"type":"structure",
"members":{
"virtualInterfaceTest":{
"shape":"VirtualInterfaceTestHistory",
"documentation":"<p>Information about the virtual interface failover test.</p>"
}
}
},
"StartTime":{"type":"timestamp"},
"StateChangeError":{"type":"string"},
"StopBgpFailoverTestRequest":{
"type":"structure",
"required":["virtualInterfaceId"],
"members":{
"virtualInterfaceId":{
"shape":"VirtualInterfaceId",
"documentation":"<p>The ID of the virtual interface you no longer want to test.</p>"
}
}
},
"StopBgpFailoverTestResponse":{
"type":"structure",
"members":{
"virtualInterfaceTest":{
"shape":"VirtualInterfaceTestHistory",
"documentation":"<p>Information about the virtual interface failover test.</p>"
}
}
},
"Tag":{
"type":"structure",
"required":["key"],
@ -2979,6 +3116,11 @@
"min":0,
"pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
},
"TestDuration":{
"type":"integer",
"box":true
},
"TestId":{"type":"string"},
"TooManyTagsException":{
"type":"structure",
"members":{
@ -3122,7 +3264,7 @@
},
"virtualInterfaceName":{
"shape":"VirtualInterfaceName",
"documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
"documentation":"<p>The name of the virtual interface assigned by the customer network. The name has a maximum of 100 characters. The following are valid characters: a-z, 0-9 and a hyphen (-).</p>"
},
"vlan":{
"shape":"VLAN",
@ -3220,6 +3362,48 @@
"unknown"
]
},
"VirtualInterfaceTestHistory":{
"type":"structure",
"members":{
"testId":{
"shape":"TestId",
"documentation":"<p>The ID of the virtual interface failover test.</p>"
},
"virtualInterfaceId":{
"shape":"VirtualInterfaceId",
"documentation":"<p>The ID of the tested virtual interface.</p>"
},
"bgpPeers":{
"shape":"BGPPeerIdList",
"documentation":"<p>The BGP peers that were put in the DOWN state as part of the virtual interface failover test.</p>"
},
"status":{
"shape":"FailureTestHistoryStatus",
"documentation":"<p>The status of the virtual interface failover test.</p>"
},
"ownerAccount":{
"shape":"OwnerAccount",
"documentation":"<p>The owner ID of the tested virtual interface.</p>"
},
"testDurationInMinutes":{
"shape":"TestDuration",
"documentation":"<p>The time that the virtual interface failover test ran in minutes.</p>"
},
"startTime":{
"shape":"StartTime",
"documentation":"<p>The time that the virtual interface moves to the DOWN state.</p>"
},
"endTime":{
"shape":"EndTime",
"documentation":"<p>The time that the virtual interface moves out of the DOWN state.</p>"
}
},
"documentation":"<p>Information about the virtual interface failover test.</p>"
},
"VirtualInterfaceTestHistoryList":{
"type":"list",
"member":{"shape":"VirtualInterfaceTestHistory"}
},
"VirtualInterfaceType":{"type":"string"},
"VirtualInterfaces":{
"type":"structure",

2
botocore/data/dlm/2018-01-12/service-2.json
View file

@ -717,7 +717,7 @@
},
"ScheduleName":{
"type":"string",
"max":500,
"max":120,
"min":0,
"pattern":"[\\p{all}]*"
},

76
botocore/data/ec2/2016-11-15/service-2.json
View file

File diff suppressed because one or more lines are too long

73
botocore/data/ecs/2014-11-13/service-2.json
View file

@ -25,7 +25,8 @@
{"shape":"ServerException"},
{"shape":"ClientException"},
{"shape":"InvalidParameterException"},
{"shape":"LimitExceededException"}
{"shape":"LimitExceededException"},
{"shape":"UpdateInProgressException"}
],
"documentation":"<p>Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.</p> <p>Only capacity providers using an Auto Scaling group can be created. Amazon ECS tasks on AWS Fargate use the <code>FARGATE</code> and <code>FARGATE_SPOT</code> capacity providers which are already created and available to all accounts in Regions supported by AWS Fargate.</p>"
},
@ -116,6 +117,21 @@
],
"documentation":"<p>Deletes one or more custom attributes from an Amazon ECS resource.</p>"
},
"DeleteCapacityProvider":{
"name":"DeleteCapacityProvider",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DeleteCapacityProviderRequest"},
"output":{"shape":"DeleteCapacityProviderResponse"},
"errors":[
{"shape":"ServerException"},
{"shape":"ClientException"},
{"shape":"InvalidParameterException"}
],
"documentation":"<p>Deletes the specified capacity provider.</p> <note> <p>The <code>FARGATE</code> and <code>FARGATE_SPOT</code> capacity providers are reserved and cannot be deleted. You can disassociate them from a cluster using either the <a>PutClusterCapacityProviders</a> API or by deleting the cluster.</p> </note> <p>Prior to a capacity provider being deleted, the capacity provider must be removed from the capacity provider strategy from all services. The <a>UpdateService</a> API can be used to remove a capacity provider from a service's capacity provider strategy. When updating a service, the <code>forceNewDeployment</code> option can be used to ensure that any tasks using the Amazon EC2 instance capacity provided by the capacity provider are transitioned to use the capacity from the remaining capacity providers. Only capacity providers that are not associated with a cluster can be deleted. To remove a capacity provider from a cluster, you can either use <a>PutClusterCapacityProviders</a> or delete the cluster.</p>"
},
"DeleteCluster":{
"name":"DeleteCluster",
"http":{
@ -993,12 +1009,20 @@
},
"status":{
"shape":"CapacityProviderStatus",
"documentation":"<p>The current status of the capacity provider. Only capacity providers in an <code>ACTIVE</code> state can be used in a cluster.</p>"
"documentation":"<p>The current status of the capacity provider. Only capacity providers in an <code>ACTIVE</code> state can be used in a cluster. When a capacity provider is successfully deleted, it will have an <code>INACTIVE</code> status.</p>"
},
"autoScalingGroupProvider":{
"shape":"AutoScalingGroupProvider",
"documentation":"<p>The Auto Scaling group settings for the capacity provider.</p>"
},
"updateStatus":{
"shape":"CapacityProviderUpdateStatus",
"documentation":"<p>The update status of the capacity provider. The following are the possible states that will be returned.</p> <dl> <dt>DELETE_IN_PROGRESS</dt> <dd> <p>The capacity provider is in the process of being deleted.</p> </dd> <dt>DELETE_COMPLETE</dt> <dd> <p>The capacity provider has been successfully deleted and will have an <code>INACTIVE</code> status.</p> </dd> <dt>DELETE_FAILED</dt> <dd> <p>The capacity provider was unable to be deleted. The update status reason will provide further details about why the delete failed.</p> </dd> </dl>"
},
"updateStatusReason":{
"shape":"String",
"documentation":"<p>The update status reason. This provides further details about the update status for the capacity provider.</p>"
},
"tags":{
"shape":"Tags",
"documentation":"<p>The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
@ -1016,7 +1040,10 @@
},
"CapacityProviderStatus":{
"type":"string",
"enum":["ACTIVE"]
"enum":[
"ACTIVE",
"INACTIVE"
]
},
"CapacityProviderStrategy":{
"type":"list",
@ -1051,6 +1078,14 @@
"max":1000,
"min":0
},
"CapacityProviderUpdateStatus":{
"type":"string",
"enum":[
"DELETE_IN_PROGRESS",
"DELETE_COMPLETE",
"DELETE_FAILED"
]
},
"CapacityProviders":{
"type":"list",
"member":{"shape":"CapacityProvider"}
@ -1426,7 +1461,7 @@
},
"ulimits":{
"shape":"UlimitList",
"documentation":"<p>A list of <code>ulimits</code> to set in the container. This parameter maps to <code>Ulimits</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--ulimit</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. Valid naming values are displayed in the <a>Ulimit</a> data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: <code>sudo docker version --format '{{.Server.APIVersion}}'</code> </p> <note> <p>This parameter is not supported for Windows containers.</p> </note>"
"documentation":"<p>A list of <code>ulimits</code> to set in the container. If a ulimit value is specified in a task definition, it will override the default values set by Docker. This parameter maps to <code>Ulimits</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--ulimit</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. Valid naming values are displayed in the <a>Ulimit</a> data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: <code>sudo docker version --format '{{.Server.APIVersion}}'</code> </p> <note> <p>This parameter is not supported for Windows containers.</p> </note>"
},
"logConfiguration":{
"shape":"LogConfiguration",
@ -1928,6 +1963,22 @@
}
}
},
"DeleteCapacityProviderRequest":{
"type":"structure",
"required":["capacityProvider"],
"members":{
"capacityProvider":{
"shape":"String",
"documentation":"<p>The short name or full Amazon Resource Name (ARN) of the capacity provider to delete.</p>"
}
}
},
"DeleteCapacityProviderResponse":{
"type":"structure",
"members":{
"capacityProvider":{"shape":"CapacityProvider"}
}
},
"DeleteClusterRequest":{
"type":"structure",
"required":["cluster"],
@ -2808,7 +2859,7 @@
"members":{
"name":{
"shape":"SettingName",
"documentation":"<p>The resource name you want to list the account settings for.</p>"
"documentation":"<p>The name of the account setting you want to list the settings for.</p>"
},
"value":{
"shape":"String",
@ -3673,7 +3724,7 @@
},
"executionRoleArn":{
"shape":"String",
"documentation":"<p>The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html\">Amazon ECS task execution IAM role</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
},
"networkMode":{
"shape":"NetworkMode",
@ -4687,7 +4738,7 @@
},
"executionRoleArn":{
"shape":"String",
"documentation":"<p>The Amazon Resource Name (ARN) of the task execution role that containers in this task can assume. All containers in this task are granted the permissions that are specified in this role.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html\">Amazon ECS task execution IAM role</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
},
"networkMode":{
"shape":"NetworkMode",
@ -4818,7 +4869,7 @@
},
"executionRoleArn":{
"shape":"String",
"documentation":"<p>The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the task execution IAM role override for the task.</p>"
},
"memory":{
"shape":"String",
@ -5302,7 +5353,7 @@
},
"host":{
"shape":"HostVolumeProperties",
"documentation":"<p>This parameter is specified when you are using bind mount host volumes. Bind mount host volumes are supported when you are using either the EC2 or Fargate launch types. The contents of the <code>host</code> parameter determine whether your bind mount host volume persists on the host container instance and where it is stored. If the <code>host</code> parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data is not guaranteed to persist after the containers associated with it stop running.</p> <p>Windows containers can mount whole directories on the same drive as <code>$env:ProgramData</code>. Windows containers cannot mount directories on a different drive, and mount point cannot be across drives. For example, you can mount <code>C:\\my\\path:C:\\my\\path</code> and <code>D:\\:D:\\</code>, but not <code>D:\\my\\path:C:\\my\\path</code> or <code>D:\\:C:\\my\\path</code>.</p>"
"documentation":"<p>This parameter is specified when you are using bind mount host volumes. The contents of the <code>host</code> parameter determine whether your bind mount host volume persists on the host container instance and where it is stored. If the <code>host</code> parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data is not guaranteed to persist after the containers associated with it stop running.</p> <p>Windows containers can mount whole directories on the same drive as <code>$env:ProgramData</code>. Windows containers cannot mount directories on a different drive, and mount point cannot be across drives. For example, you can mount <code>C:\\my\\path:C:\\my\\path</code> and <code>D:\\:D:\\</code>, but not <code>D:\\my\\path:C:\\my\\path</code> or <code>D:\\:C:\\my\\path</code>.</p>"
},
"dockerVolumeConfiguration":{
"shape":"DockerVolumeConfiguration",
@ -5310,10 +5361,10 @@
},
"efsVolumeConfiguration":{
"shape":"EFSVolumeConfiguration",
"documentation":"<p>This parameter is specified when you are using an Amazon Elastic File System (Amazon EFS) file storage. Amazon EFS file systems are only supported when you are using the EC2 launch type.</p> <important> <p> <code>EFSVolumeConfiguration</code> remains in preview and is a Beta Service as defined by and subject to the Beta Service Participation Service Terms located at <a href=\"https://aws.amazon.com/service-terms\">https://aws.amazon.com/service-terms</a> (\"Beta Terms\"). These Beta Terms apply to your participation in this preview of <code>EFSVolumeConfiguration</code>.</p> </important>"
"documentation":"<p>This parameter is specified when you are using an Amazon Elastic File System file system for task storage.</p>"
}
},
"documentation":"<p>A data volume used in a task definition. For tasks that use a Docker volume, specify a <code>DockerVolumeConfiguration</code>. For tasks that use a bind mount host volume, specify a <code>host</code> and optional <code>sourcePath</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html\">Using Data Volumes in Tasks</a>.</p>"
"documentation":"<p>A data volume used in a task definition. For tasks that use Amazon Elastic File System (Amazon EFS) file storage, specify an <code>efsVolumeConfiguration</code>. For tasks that use a Docker volume, specify a <code>DockerVolumeConfiguration</code>. For tasks that use a bind mount host volume, specify a <code>host</code> and optional <code>sourcePath</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html\">Using Data Volumes in Tasks</a>.</p>"
},
"VolumeFrom":{
"type":"structure",

10
botocore/data/elasticache/2015-02-02/service-2.json
View file

@ -2386,6 +2386,7 @@
"shape":"BooleanOptional",
"documentation":"<p>Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails.</p> <p>If <code>true</code>, Multi-AZ is enabled for this replication group. If <code>false</code>, Multi-AZ is disabled for this replication group.</p> <p> <code>AutomaticFailoverEnabled</code> must be enabled for Redis (cluster mode enabled) replication groups.</p> <p>Default: false</p> <p>Amazon ElastiCache for Redis does not support Multi-AZ with automatic failover on:</p> <ul> <li> <p>Redis versions earlier than 2.8.6.</p> </li> <li> <p>Redis (cluster mode disabled): T1 node types.</p> </li> <li> <p>Redis (cluster mode enabled): T1 node types.</p> </li> </ul>"
},
"MultiAZEnabled":{"shape":"BooleanOptional"},
"NumCacheClusters":{
"shape":"IntegerOptional",
"documentation":"<p>The number of nodes in the cluster.</p> <p>This parameter is not used if there is more than one node group (shard). You should use <code>ReplicasPerNodeGroup</code> instead.</p> <p>If <code>AutomaticFailoverEnabled</code> is <code>true</code>, the value of this parameter must be at least 2. If <code>AutomaticFailoverEnabled</code> is <code>false</code> you can omit this parameter (it will default to 1), or you can explicitly set it to a value between 2 and 6.</p> <p>The maximum permitted value for <code>NumCacheClusters</code> is 6 (1 primary plus 5 replicas).</p>"
@ -3945,6 +3946,7 @@
"shape":"BooleanOptional",
"documentation":"<p>Determines whether a read replica is automatically promoted to read/write primary if the existing primary encounters a failure.</p> <p>Valid values: <code>true</code> | <code>false</code> </p> <p>Amazon ElastiCache for Redis does not support Multi-AZ with automatic failover on:</p> <ul> <li> <p>Redis versions earlier than 2.8.6.</p> </li> <li> <p>Redis (cluster mode disabled): T1 node types.</p> </li> <li> <p>Redis (cluster mode enabled): T1 node types.</p> </li> </ul>"
},
"MultiAZEnabled":{"shape":"BooleanOptional"},
"NodeGroupId":{
"shape":"String",
"documentation":"<p>Deprecated. This parameter is not used.</p>",
@ -4056,6 +4058,13 @@
"ReplicationGroup":{"shape":"ReplicationGroup"}
}
},
"MultiAZStatus":{
"type":"string",
"enum":[
"enabled",
"disabled"
]
},
"NoOperationFault":{
"type":"structure",
"members":{
@ -4712,6 +4721,7 @@
"shape":"AutomaticFailoverStatus",
"documentation":"<p>Indicates the status of Multi-AZ with automatic failover for this Redis replication group.</p> <p>Amazon ElastiCache for Redis does not support Multi-AZ with automatic failover on:</p> <ul> <li> <p>Redis versions earlier than 2.8.6.</p> </li> <li> <p>Redis (cluster mode disabled): T1 node types.</p> </li> <li> <p>Redis (cluster mode enabled): T1 node types.</p> </li> </ul>"
},
"MultiAZ":{"shape":"MultiAZStatus"},
"ConfigurationEndpoint":{
"shape":"Endpoint",
"documentation":"<p>The configuration endpoint for this replication group. Use the configuration endpoint to connect to this replication group.</p>"

74
botocore/data/elasticbeanstalk/2010-12-01/service-2.json
View file

@ -41,6 +41,18 @@
],
"documentation":"<p>Applies a scheduled managed action immediately. A managed action can be applied only if its status is <code>Scheduled</code>. Get the status and action ID of a managed action with <a>DescribeEnvironmentManagedActions</a>.</p>"
},
"AssociateEnvironmentOperationsRole":{
"name":"AssociateEnvironmentOperationsRole",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"AssociateEnvironmentOperationsRoleMessage"},
"errors":[
{"shape":"InsufficientPrivilegesException"}
],
"documentation":"<p>Add or change the operations role used by an environment. After this call is made, Elastic Beanstalk uses the associated operations role for permissions to downstream services during subsequent calls acting on this environment. For more information, see <a href=\"https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-operationsrole.html\">Operations roles</a> in the <i>AWS Elastic Beanstalk Developer Guide</i>.</p>"
},
"CheckDNSAvailability":{
"name":"CheckDNSAvailability",
"http":{
@ -442,6 +454,18 @@
],
"documentation":"<p>Describes a platform version. Provides full details. Compare to <a>ListPlatformVersions</a>, which provides summary information about a list of platform versions.</p> <p>For definitions of platform version and other platform-related terms, see <a href=\"https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-glossary.html\">AWS Elastic Beanstalk Platforms Glossary</a>.</p>"
},
"DisassociateEnvironmentOperationsRole":{
"name":"DisassociateEnvironmentOperationsRole",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DisassociateEnvironmentOperationsRoleMessage"},
"errors":[
{"shape":"InsufficientPrivilegesException"}
],
"documentation":"<p>Disassociate the operations role from an environment. After this call is made, Elastic Beanstalk uses the caller's permissions for permissions to downstream services during subsequent calls acting on this environment. For more information, see <a href=\"https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-operationsrole.html\">Operations roles</a> in the <i>AWS Elastic Beanstalk Developer Guide</i>.</p>"
},
"ListAvailableSolutionStacks":{
"name":"ListAvailableSolutionStacks",
"http":{
@ -984,6 +1008,24 @@
},
"documentation":"<p>The result message containing information about the managed action.</p>"
},
"AssociateEnvironmentOperationsRoleMessage":{
"type":"structure",
"required":[
"EnvironmentName",
"OperationsRole"
],
"members":{
"EnvironmentName":{
"shape":"EnvironmentName",
"documentation":"<p>The name of the environment to which to set the operations role.</p>"
},
"OperationsRole":{
"shape":"OperationsRole",
"documentation":"<p>The Amazon Resource Name (ARN) of an existing IAM role to be used as the environment's operations role.</p>"
}
},
"documentation":"<p>Request to add or change the operations role used by an environment.</p>"
},
"AutoCreateApplication":{"type":"boolean"},
"AutoScalingGroup":{
"type":"structure",
@ -1524,7 +1566,7 @@
},
"PlatformArn":{
"shape":"PlatformArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the custom platform to use with the environment. For more information, see <a href=\"https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/custom-platforms.html\"> Custom Platforms</a> in the <i>AWS Elastic Beanstalk Developer Guide</i>.</p> <note> <p>If you specify <code>PlatformArn</code>, don't specify <code>SolutionStackName</code>.</p> </note>"
"documentation":"<p>The Amazon Resource Name (ARN) of the custom platform to use with the environment. For more information, see <a href=\"https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/custom-platforms.html\">Custom Platforms</a> in the <i>AWS Elastic Beanstalk Developer Guide</i>.</p> <note> <p>If you specify <code>PlatformArn</code>, don't specify <code>SolutionStackName</code>.</p> </note>"
},
"OptionSettings":{
"shape":"ConfigurationOptionSettingsList",
@ -1533,6 +1575,10 @@
"OptionsToRemove":{
"shape":"OptionsSpecifierList",
"documentation":"<p>A list of custom user-defined configuration options to remove from the configuration set for this new environment.</p>"
},
"OperationsRole":{
"shape":"OperationsRole",
"documentation":"<p>The Amazon Resource Name (ARN) of an existing IAM role to be used as the environment's operations role. If specified, Elastic Beanstalk uses the operations role for permissions to downstream services during this call and during subsequent calls acting on this environment. To specify an operations role, you must have the <code>iam:PassRole</code> permission for the role. For more information, see <a href=\"https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-operationsrole.html\">Operations roles</a> in the <i>AWS Elastic Beanstalk Developer Guide</i>.</p>"
}
},
"documentation":"<p/>"
@ -2117,6 +2163,17 @@
"type":"string",
"max":200
},
"DisassociateEnvironmentOperationsRoleMessage":{
"type":"structure",
"required":["EnvironmentName"],
"members":{
"EnvironmentName":{
"shape":"EnvironmentName",
"documentation":"<p>The name of the environment from which to disassociate the operations role.</p>"
}
},
"documentation":"<p>Request to disassociate the operations role from an environment.</p>"
},
"Ec2InstanceId":{"type":"string"},
"ElasticBeanstalkServiceException":{
"type":"structure",
@ -2213,6 +2270,10 @@
"EnvironmentArn":{
"shape":"EnvironmentArn",
"documentation":"<p>The environment's Amazon Resource Name (ARN), which can be used in other API requests that require an ARN.</p>"
},
"OperationsRole":{
"shape":"OperationsRole",
"documentation":"<p>The Amazon Resource Name (ARN) of the environment's operations role. For more information, see <a href=\"https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-operationsrole.html\">Operations roles</a> in the <i>AWS Elastic Beanstalk Developer Guide</i>.</p>"
}
},
"documentation":"<p>Describes the properties of an environment.</p>"
@ -2997,6 +3058,11 @@
},
"exception":true
},
"OperationsRole":{
"type":"string",
"max":256,
"min":1
},
"OptionNamespace":{"type":"string"},
"OptionRestrictionMaxLength":{"type":"integer"},
"OptionRestrictionMaxValue":{"type":"integer"},
@ -4081,11 +4147,11 @@
},
"TagsToAdd":{
"shape":"TagList",
"documentation":"<p>A list of tags to add or update.</p> <p>If a key of an existing tag is added, the tag's value is updated.</p>"
"documentation":"<p>A list of tags to add or update. If a key of an existing tag is added, the tag's value is updated.</p> <p>Specify at least one of these parameters: <code>TagsToAdd</code>, <code>TagsToRemove</code>.</p>"
},
"TagsToRemove":{
"shape":"TagKeyList",
"documentation":"<p>A list of tag keys to remove.</p> <p>If a tag key doesn't exist, it is silently ignored.</p>"
"documentation":"<p>A list of tag keys to remove. If a tag key doesn't exist, it is silently ignored.</p> <p>Specify at least one of these parameters: <code>TagsToAdd</code>, <code>TagsToRemove</code>.</p>"
}
}
},
@ -4165,5 +4231,5 @@
},
"VirtualizationType":{"type":"string"}
},
"documentation":"<fullname>AWS Elastic Beanstalk</fullname> <p>AWS Elastic Beanstalk makes it easy for you to create, deploy, and manage scalable, fault-tolerant applications running on the Amazon Web Services cloud.</p> <p>For more information about this product, go to the <a href=\"http://aws.amazon.com/elasticbeanstalk/\">AWS Elastic Beanstalk</a> details page. The location of the latest AWS Elastic Beanstalk WSDL is <a href=\"http://elasticbeanstalk.s3.amazonaws.com/doc/2010-12-01/AWSElasticBeanstalk.wsdl\">http://elasticbeanstalk.s3.amazonaws.com/doc/2010-12-01/AWSElasticBeanstalk.wsdl</a>. To install the Software Development Kits (SDKs), Integrated Development Environment (IDE) Toolkits, and command line tools that enable you to access the API, go to <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon Web Services</a>.</p> <p> <b>Endpoints</b> </p> <p>For a list of region-specific endpoints that AWS Elastic Beanstalk supports, go to <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region\">Regions and Endpoints</a> in the <i>Amazon Web Services Glossary</i>.</p>"
"documentation":"<fullname>AWS Elastic Beanstalk</fullname> <p>AWS Elastic Beanstalk makes it easy for you to create, deploy, and manage scalable, fault-tolerant applications running on the Amazon Web Services cloud.</p> <p>For more information about this product, go to the <a href=\"http://aws.amazon.com/elasticbeanstalk/\">AWS Elastic Beanstalk</a> details page. The location of the latest AWS Elastic Beanstalk WSDL is <a href=\"https://elasticbeanstalk.s3.amazonaws.com/doc/2010-12-01/AWSElasticBeanstalk.wsdl\">https://elasticbeanstalk.s3.amazonaws.com/doc/2010-12-01/AWSElasticBeanstalk.wsdl</a>. To install the Software Development Kits (SDKs), Integrated Development Environment (IDE) Toolkits, and command line tools that enable you to access the API, go to <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon Web Services</a>.</p> <p> <b>Endpoints</b> </p> <p>For a list of region-specific endpoints that AWS Elastic Beanstalk supports, go to <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region\">Regions and Endpoints</a> in the <i>Amazon Web Services Glossary</i>.</p>"
}

12
botocore/data/emr/2009-03-31/service-2.json
View file

@ -905,6 +905,10 @@
"shape":"String",
"documentation":"<p>The path to the Amazon S3 location where logs for this cluster are stored.</p>"
},
"LogEncryptionKmsKeyId":{
"shape":"String",
"documentation":"<p> The AWS KMS customer master key (CMK) used for encrypting log files. This attribute is only available with EMR version 5.30.0 and later, excluding EMR 6.0.0. </p>"
},
"RequestedAmiVersion":{
"shape":"String",
"documentation":"<p>The AMI version requested for this cluster.</p>"
@ -2416,6 +2420,10 @@
"shape":"XmlString",
"documentation":"<p>The location in Amazon S3 where log files for the job are stored.</p>"
},
"LogEncryptionKmsKeyId":{
"shape":"XmlString",
"documentation":"<p>The AWS KMS customer master key (CMK) used for encrypting log files. This attribute is only available with EMR version 5.30.0 and later, excluding EMR 6.0.0.</p>"
},
"AmiVersion":{
"shape":"XmlStringMaxLen256",
"documentation":"<p>Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases 4.0 and later, <code>ReleaseLabel</code> is used. To specify a custom AMI, use <code>CustomAmiID</code>.</p>"
@ -3239,6 +3247,10 @@
"shape":"XmlString",
"documentation":"<p>The location in Amazon S3 to write the log files of the job flow. If a value is not provided, logs are not created.</p>"
},
"LogEncryptionKmsKeyId":{
"shape":"XmlString",
"documentation":"<p>The AWS KMS customer master key (CMK) used for encrypting log files. If a value is not provided, the logs will remain encrypted by AES-256. This attribute is only available with EMR version 5.30.0 and later, excluding EMR 6.0.0.</p>"
},
"AdditionalInfo":{
"shape":"XmlString",
"documentation":"<p>A JSON string for selecting additional features.</p>"

121
botocore/data/endpoints.json
View file

@ -965,6 +965,20 @@
"us-west-2" : { }
}
},
"codeartifact" : {
"endpoints" : {
"ap-northeast-1" : { },
"ap-south-1" : { },
"ap-southeast-1" : { },
"ap-southeast-2" : { },
"eu-central-1" : { },
"eu-north-1" : { },
"eu-west-1" : { },
"us-east-1" : { },
"us-east-2" : { },
"us-west-2" : { }
}
},
"codebuild" : {
"endpoints" : {
"ap-east-1" : { },
@ -1428,6 +1442,7 @@
},
"datasync" : {
"endpoints" : {
"af-south-1" : { },
"ap-east-1" : { },
"ap-northeast-1" : { },
"ap-northeast-2" : { },
@ -1437,6 +1452,7 @@
"ca-central-1" : { },
"eu-central-1" : { },
"eu-north-1" : { },
"eu-south-1" : { },
"eu-west-1" : { },
"eu-west-2" : { },
"eu-west-3" : { },
@ -2569,8 +2585,10 @@
"ap-east-1" : { },
"ap-northeast-1" : { },
"ap-northeast-2" : { },
"ap-south-1" : { },
"ap-southeast-1" : { },
"ap-southeast-2" : { },
"ca-central-1" : { },
"eu-central-1" : { },
"eu-north-1" : { },
"eu-west-1" : { },
@ -3214,6 +3232,7 @@
},
"license-manager" : {
"endpoints" : {
"af-south-1" : { },
"ap-east-1" : { },
"ap-northeast-1" : { },
"ap-northeast-2" : { },
@ -3223,6 +3242,7 @@
"ca-central-1" : { },
"eu-central-1" : { },
"eu-north-1" : { },
"eu-south-1" : { },
"eu-west-1" : { },
"eu-west-2" : { },
"eu-west-3" : { },
@ -4680,6 +4700,30 @@
"eu-west-1" : { },
"eu-west-2" : { },
"eu-west-3" : { },
"fips-us-east-1" : {
"credentialScope" : {
"region" : "us-east-1"
},
"hostname" : "securityhub-fips.us-east-1.amazonaws.com"
},
"fips-us-east-2" : {
"credentialScope" : {
"region" : "us-east-2"
},
"hostname" : "securityhub-fips.us-east-2.amazonaws.com"
},
"fips-us-west-1" : {
"credentialScope" : {
"region" : "us-west-1"
},
"hostname" : "securityhub-fips.us-west-1.amazonaws.com"
},
"fips-us-west-2" : {
"credentialScope" : {
"region" : "us-west-2"
},
"hostname" : "securityhub-fips.us-west-2.amazonaws.com"
},
"me-south-1" : { },
"sa-east-1" : { },
"us-east-1" : { },
@ -5971,6 +6015,15 @@
"cn-northwest-1" : { }
}
},
"autoscaling-plans" : {
"defaults" : {
"protocols" : [ "http", "https" ]
},
"endpoints" : {
"cn-north-1" : { },
"cn-northwest-1" : { }
}
},
"backup" : {
"endpoints" : {
"cn-north-1" : { },
@ -5983,6 +6036,18 @@
"cn-northwest-1" : { }
}
},
"budgets" : {
"endpoints" : {
"aws-cn-global" : {
"credentialScope" : {
"region" : "cn-northwest-1"
},
"hostname" : "budgets.amazonaws.com.cn"
}
},
"isRegionalized" : false,
"partitionEndpoint" : "aws-cn-global"
},
"cloudformation" : {
"endpoints" : {
"cn-north-1" : { },
@ -6247,6 +6312,12 @@
"cn-northwest-1" : { }
}
},
"kinesisanalytics" : {
"endpoints" : {
"cn-north-1" : { },
"cn-northwest-1" : { }
}
},
"kms" : {
"endpoints" : {
"cn-north-1" : { },
@ -6594,7 +6665,19 @@
},
"api.sagemaker" : {
"endpoints" : {
"us-gov-west-1" : { }
"us-gov-west-1" : { },
"us-gov-west-1-fips" : {
"credentialScope" : {
"region" : "us-gov-west-1"
},
"hostname" : "api-fips.sagemaker.us-gov-west-1.amazonaws.com"
},
"us-gov-west-1-fips-secondary" : {
"credentialScope" : {
"region" : "us-gov-west-1"
},
"hostname" : "api.sagemaker.us-gov-west-1.amazonaws.com"
}
}
},
"apigateway" : {
@ -7192,6 +7275,12 @@
"region" : "us-gov-west-1"
},
"hostname" : "iam.us-gov.amazonaws.com"
},
"iam-govcloud-fips" : {
"credentialScope" : {
"region" : "us-gov-west-1"
},
"hostname" : "iam.us-gov.amazonaws.com"
}
},
"isRegionalized" : false,
@ -7238,6 +7327,18 @@
},
"kinesis" : {
"endpoints" : {
"fips-us-gov-east-1" : {
"credentialScope" : {
"region" : "us-gov-east-1"
},
"hostname" : "kinesis-fips.us-gov-east-1.amazonaws.com"
},
"fips-us-gov-west-1" : {
"credentialScope" : {
"region" : "us-gov-west-1"
},
"hostname" : "kinesis-fips.us-gov-west-1.amazonaws.com"
},
"us-gov-east-1" : { },
"us-gov-west-1" : { }
}
@ -7569,6 +7670,18 @@
},
"securityhub" : {
"endpoints" : {
"fips-us-gov-east-1" : {
"credentialScope" : {
"region" : "us-gov-east-1"
},
"hostname" : "securityhub-fips.us-gov-east-1.amazonaws.com"
},
"fips-us-gov-west-1" : {
"credentialScope" : {
"region" : "us-gov-west-1"
},
"hostname" : "securityhub-fips.us-gov-west-1.amazonaws.com"
},
"us-gov-east-1" : { },
"us-gov-west-1" : { }
}
@ -7733,6 +7846,12 @@
},
"storagegateway" : {
"endpoints" : {
"fips" : {
"credentialScope" : {
"region" : "us-gov-west-1"
},
"hostname" : "storagegateway-fips.us-gov-west-1.amazonaws.com"
},
"us-gov-east-1" : { },
"us-gov-west-1" : { }
}

470
botocore/data/es/2015-01-01/service-2.json
View file

@ -10,6 +10,21 @@
"uid":"es-2015-01-01"
},
"operations":{
"AcceptInboundCrossClusterSearchConnection":{
"name":"AcceptInboundCrossClusterSearchConnection",
"http":{
"method":"PUT",
"requestUri":"/2015-01-01/es/ccs/inboundConnection/{ConnectionId}/accept"
},
"input":{"shape":"AcceptInboundCrossClusterSearchConnectionRequest"},
"output":{"shape":"AcceptInboundCrossClusterSearchConnectionResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"LimitExceededException"},
{"shape":"DisabledOperationException"}
],
"documentation":"<p>Allows the destination domain owner to accept an inbound cross-cluster search connection request.</p>"
},
"AddTags":{
"name":"AddTags",
"http":{
@ -78,6 +93,22 @@
],
"documentation":"<p>Creates a new Elasticsearch domain. For more information, see <a href=\"http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomains\" target=\"_blank\">Creating Elasticsearch Domains</a> in the <i>Amazon Elasticsearch Service Developer Guide</i>.</p>"
},
"CreateOutboundCrossClusterSearchConnection":{
"name":"CreateOutboundCrossClusterSearchConnection",
"http":{
"method":"POST",
"requestUri":"/2015-01-01/es/ccs/outboundConnection"
},
"input":{"shape":"CreateOutboundCrossClusterSearchConnectionRequest"},
"output":{"shape":"CreateOutboundCrossClusterSearchConnectionResponse"},
"errors":[
{"shape":"LimitExceededException"},
{"shape":"InternalException"},
{"shape":"ResourceAlreadyExistsException"},
{"shape":"DisabledOperationException"}
],
"documentation":"<p>Creates a new cross-cluster search connection from a source domain to a destination domain.</p>"
},
"CreatePackage":{
"name":"CreatePackage",
"http":{
@ -126,6 +157,34 @@
],
"documentation":"<p>Deletes the service-linked role that Elasticsearch Service uses to manage and maintain VPC domains. Role deletion will fail if any existing VPC domains use the role. You must delete any such Elasticsearch domains before deleting the role. See <a href=\"http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-enabling-slr\" target=\"_blank\">Deleting Elasticsearch Service Role</a> in <i>VPC Endpoints for Amazon Elasticsearch Service Domains</i>.</p>"
},
"DeleteInboundCrossClusterSearchConnection":{
"name":"DeleteInboundCrossClusterSearchConnection",
"http":{
"method":"DELETE",
"requestUri":"/2015-01-01/es/ccs/inboundConnection/{ConnectionId}"
},
"input":{"shape":"DeleteInboundCrossClusterSearchConnectionRequest"},
"output":{"shape":"DeleteInboundCrossClusterSearchConnectionResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"DisabledOperationException"}
],
"documentation":"<p>Allows the destination domain owner to delete an existing inbound cross-cluster search connection.</p>"
},
"DeleteOutboundCrossClusterSearchConnection":{
"name":"DeleteOutboundCrossClusterSearchConnection",
"http":{
"method":"DELETE",
"requestUri":"/2015-01-01/es/ccs/outboundConnection/{ConnectionId}"
},
"input":{"shape":"DeleteOutboundCrossClusterSearchConnectionRequest"},
"output":{"shape":"DeleteOutboundCrossClusterSearchConnectionResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"DisabledOperationException"}
],
"documentation":"<p>Allows the source domain owner to delete an existing outbound cross-cluster search connection.</p>"
},
"DeletePackage":{
"name":"DeletePackage",
"http":{
@ -209,6 +268,34 @@
],
"documentation":"<p> Describe Elasticsearch Limits for a given InstanceType and ElasticsearchVersion. When modifying existing Domain, specify the <code> <a>DomainName</a> </code> to know what Limits are supported for modifying. </p>"
},
"DescribeInboundCrossClusterSearchConnections":{
"name":"DescribeInboundCrossClusterSearchConnections",
"http":{
"method":"POST",
"requestUri":"/2015-01-01/es/ccs/inboundConnection/search"
},
"input":{"shape":"DescribeInboundCrossClusterSearchConnectionsRequest"},
"output":{"shape":"DescribeInboundCrossClusterSearchConnectionsResponse"},
"errors":[
{"shape":"InvalidPaginationTokenException"},
{"shape":"DisabledOperationException"}
],
"documentation":"<p>Lists all the inbound cross-cluster search connections for a destination domain.</p>"
},
"DescribeOutboundCrossClusterSearchConnections":{
"name":"DescribeOutboundCrossClusterSearchConnections",
"http":{
"method":"POST",
"requestUri":"/2015-01-01/es/ccs/outboundConnection/search"
},
"input":{"shape":"DescribeOutboundCrossClusterSearchConnectionsRequest"},
"output":{"shape":"DescribeOutboundCrossClusterSearchConnectionsResponse"},
"errors":[
{"shape":"InvalidPaginationTokenException"},
{"shape":"DisabledOperationException"}
],
"documentation":"<p>Lists all the outbound cross-cluster search connections for a source domain.</p>"
},
"DescribePackages":{
"name":"DescribePackages",
"http":{
@ -440,6 +527,20 @@
],
"documentation":"<p>Allows you to purchase reserved Elasticsearch instances.</p>"
},
"RejectInboundCrossClusterSearchConnection":{
"name":"RejectInboundCrossClusterSearchConnection",
"http":{
"method":"PUT",
"requestUri":"/2015-01-01/es/ccs/inboundConnection/{ConnectionId}/reject"
},
"input":{"shape":"RejectInboundCrossClusterSearchConnectionRequest"},
"output":{"shape":"RejectInboundCrossClusterSearchConnectionResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"DisabledOperationException"}
],
"documentation":"<p>Allows the destination domain owner to reject an inbound cross-cluster search connection request.</p>"
},
"RemoveTags":{
"name":"RemoveTags",
"http":{
@ -512,6 +613,29 @@
"type":"string",
"documentation":"<p>The Amazon Resource Name (ARN) of the Elasticsearch domain. See <a href=\"http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html\" target=\"_blank\">Identifiers for IAM Entities</a> in <i>Using AWS Identity and Access Management</i> for more information.</p>"
},
"AcceptInboundCrossClusterSearchConnectionRequest":{
"type":"structure",
"required":["CrossClusterSearchConnectionId"],
"members":{
"CrossClusterSearchConnectionId":{
"shape":"CrossClusterSearchConnectionId",
"documentation":"<p>The id of the inbound connection that you want to accept.</p>",
"location":"uri",
"locationName":"ConnectionId"
}
},
"documentation":"<p>Container for the parameters to the <code><a>AcceptInboundCrossClusterSearchConnection</a></code> operation.</p>"
},
"AcceptInboundCrossClusterSearchConnectionResponse":{
"type":"structure",
"members":{
"CrossClusterSearchConnection":{
"shape":"InboundCrossClusterSearchConnection",
"documentation":"<p>Specifies the <code><a>InboundCrossClusterSearchConnection</a></code> of accepted inbound connection. </p>"
}
},
"documentation":"<p>The result of a <code><a>AcceptInboundCrossClusterSearchConnection</a></code> operation. Contains details of accepted inbound connection.</p>"
},
"AccessDeniedException":{
"type":"structure",
"members":{
@ -780,6 +904,10 @@
"error":{"httpStatusCode":409},
"exception":true
},
"ConnectionAlias":{
"type":"string",
"max":20
},
"CreateElasticsearchDomainRequest":{
"type":"structure",
"required":["DomainName"],
@ -852,6 +980,55 @@
},
"documentation":"<p>The result of a <code>CreateElasticsearchDomain</code> operation. Contains the status of the newly created Elasticsearch domain.</p>"
},
"CreateOutboundCrossClusterSearchConnectionRequest":{
"type":"structure",
"required":[
"SourceDomainInfo",
"DestinationDomainInfo",
"ConnectionAlias"
],
"members":{
"SourceDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the source Elasticsearch domain.</p>"
},
"DestinationDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the destination Elasticsearch domain.</p>"
},
"ConnectionAlias":{
"shape":"ConnectionAlias",
"documentation":"<p>Specifies the connection alias that will be used by the customer for this connection.</p>"
}
},
"documentation":"<p>Container for the parameters to the <code><a>CreateOutboundCrossClusterSearchConnection</a></code> operation.</p>"
},
"CreateOutboundCrossClusterSearchConnectionResponse":{
"type":"structure",
"members":{
"SourceDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the source Elasticsearch domain.</p>"
},
"DestinationDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the destination Elasticsearch domain.</p>"
},
"ConnectionAlias":{
"shape":"ConnectionAlias",
"documentation":"<p>Specifies the connection alias provided during the create connection request.</p>"
},
"ConnectionStatus":{
"shape":"OutboundCrossClusterSearchConnectionStatus",
"documentation":"<p>Specifies the <code><a>OutboundCrossClusterSearchConnectionStatus</a></code> for the newly created connection.</p>"
},
"CrossClusterSearchConnectionId":{
"shape":"CrossClusterSearchConnectionId",
"documentation":"<p>Unique id for the created outbound connection, which is used for subsequent operations on connection.</p>"
}
},
"documentation":"<p>The result of a <code><a>CreateOutboundCrossClusterSearchConnection</a></code> request. Contains the details of the newly created cross-cluster search connection.</p>"
},
"CreatePackageRequest":{
"type":"structure",
"required":[
@ -890,6 +1067,8 @@
"documentation":"<p> Container for response returned by <code> <a>CreatePackage</a> </code> operation. </p>"
},
"CreatedAt":{"type":"timestamp"},
"CrossClusterSearchConnectionId":{"type":"string"},
"CrossClusterSearchConnectionStatusMessage":{"type":"string"},
"DeleteElasticsearchDomainRequest":{
"type":"structure",
"required":["DomainName"],
@ -913,6 +1092,52 @@
},
"documentation":"<p>The result of a <code>DeleteElasticsearchDomain</code> request. Contains the status of the pending deletion, or no status if the domain and all of its resources have been deleted.</p>"
},
"DeleteInboundCrossClusterSearchConnectionRequest":{
"type":"structure",
"required":["CrossClusterSearchConnectionId"],
"members":{
"CrossClusterSearchConnectionId":{
"shape":"CrossClusterSearchConnectionId",
"documentation":"<p>The id of the inbound connection that you want to permanently delete.</p>",
"location":"uri",
"locationName":"ConnectionId"
}
},
"documentation":"<p>Container for the parameters to the <code><a>DeleteInboundCrossClusterSearchConnection</a></code> operation.</p>"
},
"DeleteInboundCrossClusterSearchConnectionResponse":{
"type":"structure",
"members":{
"CrossClusterSearchConnection":{
"shape":"InboundCrossClusterSearchConnection",
"documentation":"<p>Specifies the <code><a>InboundCrossClusterSearchConnection</a></code> of deleted inbound connection. </p>"
}
},
"documentation":"<p>The result of a <code><a>DeleteInboundCrossClusterSearchConnection</a></code> operation. Contains details of deleted inbound connection.</p>"
},
"DeleteOutboundCrossClusterSearchConnectionRequest":{
"type":"structure",
"required":["CrossClusterSearchConnectionId"],
"members":{
"CrossClusterSearchConnectionId":{
"shape":"CrossClusterSearchConnectionId",
"documentation":"<p>The id of the outbound connection that you want to permanently delete.</p>",
"location":"uri",
"locationName":"ConnectionId"
}
},
"documentation":"<p>Container for the parameters to the <code><a>DeleteOutboundCrossClusterSearchConnection</a></code> operation.</p>"
},
"DeleteOutboundCrossClusterSearchConnectionResponse":{
"type":"structure",
"members":{
"CrossClusterSearchConnection":{
"shape":"OutboundCrossClusterSearchConnection",
"documentation":"<p>Specifies the <code><a>OutboundCrossClusterSearchConnection</a></code> of deleted outbound connection. </p>"
}
},
"documentation":"<p>The result of a <code><a>DeleteOutboundCrossClusterSearchConnection</a></code> operation. Contains details of deleted outbound connection.</p>"
},
"DeletePackageRequest":{
"type":"structure",
"required":["PackageID"],
@ -1052,6 +1277,70 @@
},
"documentation":"<p> Container for the parameters received from <code> <a>DescribeElasticsearchInstanceTypeLimits</a> </code> operation. </p>"
},
"DescribeInboundCrossClusterSearchConnectionsRequest":{
"type":"structure",
"members":{
"Filters":{
"shape":"FilterList",
"documentation":"<p> A list of filters used to match properties for inbound cross-cluster search connection. Available <code><a>Filter</a></code> names for this operation are: <ul> <li>cross-cluster-search-connection-id</li> <li>source-domain-info.domain-name</li> <li>source-domain-info.owner-id</li> <li>source-domain-info.region</li> <li>destination-domain-info.domain-name</li> </ul> </p>"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>Set this value to limit the number of results returned. If not specified, defaults to 100.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p> NextToken is sent in case the earlier API call results contain the NextToken. It is used for pagination.</p>"
}
},
"documentation":"<p>Container for the parameters to the <code><a>DescribeInboundCrossClusterSearchConnections</a></code> operation.</p>"
},
"DescribeInboundCrossClusterSearchConnectionsResponse":{
"type":"structure",
"members":{
"CrossClusterSearchConnections":{
"shape":"InboundCrossClusterSearchConnections",
"documentation":"<p>Consists of list of <code><a>InboundCrossClusterSearchConnection</a></code> matching the specified filter criteria.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>If more results are available and NextToken is present, make the next request to the same API with the received NextToken to paginate the remaining results. </p>"
}
},
"documentation":"<p>The result of a <code><a>DescribeInboundCrossClusterSearchConnections</a></code> request. Contains the list of connections matching the filter criteria.</p>"
},
"DescribeOutboundCrossClusterSearchConnectionsRequest":{
"type":"structure",
"members":{
"Filters":{
"shape":"FilterList",
"documentation":"<p> A list of filters used to match properties for outbound cross-cluster search connection. Available <code><a>Filter</a></code> names for this operation are: <ul> <li>cross-cluster-search-connection-id</li> <li>destination-domain-info.domain-name</li> <li>destination-domain-info.owner-id</li> <li>destination-domain-info.region</li> <li>source-domain-info.domain-name</li> </ul> </p>"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>Set this value to limit the number of results returned. If not specified, defaults to 100.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p> NextToken is sent in case the earlier API call results contain the NextToken. It is used for pagination.</p>"
}
},
"documentation":"<p>Container for the parameters to the <code><a>DescribeOutboundCrossClusterSearchConnections</a></code> operation.</p>"
},
"DescribeOutboundCrossClusterSearchConnectionsResponse":{
"type":"structure",
"members":{
"CrossClusterSearchConnections":{
"shape":"OutboundCrossClusterSearchConnections",
"documentation":"<p>Consists of list of <code><a>OutboundCrossClusterSearchConnection</a></code> matching the specified filter criteria.</p>"
},
"NextToken":{
"shape":"NextToken",
"documentation":"<p>If more results are available and NextToken is present, make the next request to the same API with the received NextToken to paginate the remaining results. </p>"
}
},
"documentation":"<p>The result of a <code><a>DescribeOutboundCrossClusterSearchConnections</a></code> request. Contains the list of connections matching the filter criteria.</p>"
},
"DescribePackagesFilter":{
"type":"structure",
"members":{
@ -1284,6 +1573,15 @@
"member":{"shape":"DomainInfo"},
"documentation":"<p> Contains the list of Elasticsearch domain information.</p>"
},
"DomainInformation":{
"type":"structure",
"required":["DomainName"],
"members":{
"OwnerId":{"shape":"OwnerId"},
"DomainName":{"shape":"DomainName"},
"Region":{"shape":"Region"}
}
},
"DomainName":{
"type":"string",
"documentation":"<p>The name of an Elasticsearch domain. Domain names are unique across the domains owned by an account within an AWS region. Domain names start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).</p>",
@ -1762,6 +2060,24 @@
},
"ErrorMessage":{"type":"string"},
"ErrorType":{"type":"string"},
"Filter":{
"type":"structure",
"members":{
"Name":{
"shape":"NonEmptyString",
"documentation":"<p> Specifies the name of the filter. </p>"
},
"Values":{
"shape":"ValueStringList",
"documentation":"<p> Contains one or more values for the filter. </p>"
}
},
"documentation":"<p> A filter used to limit results when describing inbound or outbound cross-cluster search connections. Multiple values can be specified per filter. A cross-cluster search connection must match at least one of the specified values for it to be returned from an operation. </p>"
},
"FilterList":{
"type":"list",
"member":{"shape":"Filter"}
},
"GUID":{
"type":"string",
"pattern":"\\p{XDigit}{8}-\\p{XDigit}{4}-\\p{XDigit}{4}-\\p{XDigit}{4}-\\p{XDigit}{12}"
@ -1859,6 +2175,57 @@
"min":1,
"pattern":"[\\w-]+:[0-9a-f-]+"
},
"InboundCrossClusterSearchConnection":{
"type":"structure",
"members":{
"SourceDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the source Elasticsearch domain.</p>"
},
"DestinationDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the destination Elasticsearch domain.</p>"
},
"CrossClusterSearchConnectionId":{
"shape":"CrossClusterSearchConnectionId",
"documentation":"<p>Specifies the connection id for the inbound cross-cluster search connection.</p>"
},
"ConnectionStatus":{
"shape":"InboundCrossClusterSearchConnectionStatus",
"documentation":"<p>Specifies the <code><a>InboundCrossClusterSearchConnectionStatus</a></code> for the outbound connection.</p>"
}
},
"documentation":"<p>Specifies details of an inbound connection.</p>"
},
"InboundCrossClusterSearchConnectionStatus":{
"type":"structure",
"members":{
"StatusCode":{
"shape":"InboundCrossClusterSearchConnectionStatusCode",
"documentation":"<p>The state code for inbound connection. This can be one of the following:</p> <ul> <li>PENDING_ACCEPTANCE: Inbound connection is not yet accepted by destination domain owner.</li> <li>APPROVED: Inbound connection is pending acceptance by destination domain owner.</li> <li>REJECTING: Inbound connection rejection is in process.</li> <li>REJECTED: Inbound connection is rejected.</li> <li>DELETING: Inbound connection deletion is in progress.</li> <li>DELETED: Inbound connection is deleted and cannot be used further.</li> </ul>"
},
"Message":{
"shape":"CrossClusterSearchConnectionStatusMessage",
"documentation":"<p>Specifies verbose information for the inbound connection status.</p>"
}
},
"documentation":"<p>Specifies the coonection status of an inbound cross-cluster search connection.</p>"
},
"InboundCrossClusterSearchConnectionStatusCode":{
"type":"string",
"enum":[
"PENDING_ACCEPTANCE",
"APPROVED",
"REJECTING",
"REJECTED",
"DELETING",
"DELETED"
]
},
"InboundCrossClusterSearchConnections":{
"type":"list",
"member":{"shape":"InboundCrossClusterSearchConnection"}
},
"InstanceCount":{
"type":"integer",
"documentation":"<p>Specifies the number of EC2 instances in the Elasticsearch domain.</p>",
@ -1890,6 +2257,14 @@
"error":{"httpStatusCode":500},
"exception":true
},
"InvalidPaginationTokenException":{
"type":"structure",
"members":{
},
"documentation":"<p>The request processing has failed because of invalid pagination token provided by customer. Returns an HTTP status code of 400. </p>",
"error":{"httpStatusCode":400},
"exception":true
},
"InvalidTypeException":{
"type":"structure",
"members":{
@ -2224,6 +2599,10 @@
},
"documentation":"<p>Status of the node-to-node encryption options for the specified Elasticsearch domain.</p>"
},
"NonEmptyString":{
"type":"string",
"min":1
},
"OptionState":{
"type":"string",
"documentation":"<p>The state of a requested change. One of the following:</p> <ul> <li>Processing: The request change is still in-process.</li> <li>Active: The request change is processed and deployed to the Elasticsearch domain.</li> </ul>",
@ -2264,6 +2643,68 @@
},
"documentation":"<p>Provides the current status of the entity.</p>"
},
"OutboundCrossClusterSearchConnection":{
"type":"structure",
"members":{
"SourceDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the source Elasticsearch domain.</p>"
},
"DestinationDomainInfo":{
"shape":"DomainInformation",
"documentation":"<p>Specifies the <code><a>DomainInformation</a></code> for the destination Elasticsearch domain.</p>"
},
"CrossClusterSearchConnectionId":{
"shape":"CrossClusterSearchConnectionId",
"documentation":"<p>Specifies the connection id for the outbound cross-cluster search connection.</p>"
},
"ConnectionAlias":{
"shape":"ConnectionAlias",
"documentation":"<p>Specifies the connection alias for the outbound cross-cluster search connection.</p>"
},
"ConnectionStatus":{
"shape":"OutboundCrossClusterSearchConnectionStatus",
"documentation":"<p>Specifies the <code><a>OutboundCrossClusterSearchConnectionStatus</a></code> for the outbound connection.</p>"
}
},
"documentation":"<p>Specifies details of an outbound connection.</p>"
},
"OutboundCrossClusterSearchConnectionStatus":{
"type":"structure",
"members":{
"StatusCode":{
"shape":"OutboundCrossClusterSearchConnectionStatusCode",
"documentation":"<p>The state code for outbound connection. This can be one of the following:</p> <ul> <li>VALIDATING: The outbound connection request is being validated.</li> <li>VALIDATION_FAILED: Validation failed for the connection request.</li> <li>PENDING_ACCEPTANCE: Outbound connection request is validated and is not yet accepted by destination domain owner.</li> <li>PROVISIONING: Outbound connection request is in process.</li> <li>ACTIVE: Outbound connection is active and ready to use.</li> <li>REJECTED: Outbound connection request is rejected by destination domain owner.</li> <li>DELETING: Outbound connection deletion is in progress.</li> <li>DELETED: Outbound connection is deleted and cannot be used further.</li> </ul>"
},
"Message":{
"shape":"CrossClusterSearchConnectionStatusMessage",
"documentation":"<p>Specifies verbose information for the outbound connection status.</p>"
}
},
"documentation":"<p>Specifies the connection status of an outbound cross-cluster search connection.</p>"
},
"OutboundCrossClusterSearchConnectionStatusCode":{
"type":"string",
"enum":[
"PENDING_ACCEPTANCE",
"VALIDATING",
"VALIDATION_FAILED",
"PROVISIONING",
"ACTIVE",
"REJECTED",
"DELETING",
"DELETED"
]
},
"OutboundCrossClusterSearchConnections":{
"type":"list",
"member":{"shape":"OutboundCrossClusterSearchConnection"}
},
"OwnerId":{
"type":"string",
"max":12,
"min":12
},
"PackageDescription":{
"type":"string",
"max":1024
@ -2408,6 +2849,30 @@
"member":{"shape":"RecurringCharge"}
},
"ReferencePath":{"type":"string"},
"Region":{"type":"string"},
"RejectInboundCrossClusterSearchConnectionRequest":{
"type":"structure",
"required":["CrossClusterSearchConnectionId"],
"members":{
"CrossClusterSearchConnectionId":{
"shape":"CrossClusterSearchConnectionId",
"documentation":"<p>The id of the inbound connection that you want to reject.</p>",
"location":"uri",
"locationName":"ConnectionId"
}
},
"documentation":"<p>Container for the parameters to the <code><a>RejectInboundCrossClusterSearchConnection</a></code> operation.</p>"
},
"RejectInboundCrossClusterSearchConnectionResponse":{
"type":"structure",
"members":{
"CrossClusterSearchConnection":{
"shape":"InboundCrossClusterSearchConnection",
"documentation":"<p>Specifies the <code><a>InboundCrossClusterSearchConnection</a></code> of rejected inbound connection. </p>"
}
},
"documentation":"<p>The result of a <code><a>RejectInboundCrossClusterSearchConnection</a></code> operation. Contains details of rejected inbound connection.</p>"
},
"RemoveTagsRequest":{
"type":"structure",
"required":[
@ -2997,6 +3462,11 @@
"error":{"httpStatusCode":400},
"exception":true
},
"ValueStringList":{
"type":"list",
"member":{"shape":"NonEmptyString"},
"min":1
},
"VolumeType":{
"type":"string",
"documentation":"<p> The type of EBS volume, standard, gp2, or io1. See <a href=\"http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomain-configure-ebs\" target=\"_blank\">Configuring EBS-based Storage</a>for more information.</p>",

112
botocore/data/fsx/2018-03-01/service-2.json
View file

@ -264,9 +264,10 @@
{"shape":"IncompatibleParameterError"},
{"shape":"InternalServerError"},
{"shape":"FileSystemNotFound"},
{"shape":"MissingFileSystemConfiguration"}
{"shape":"MissingFileSystemConfiguration"},
{"shape":"ServiceLimitExceeded"}
],
"documentation":"<p>Updates a file system configuration.</p>"
"documentation":"<p>Use this operation to update the configuration of an existing Amazon FSx file system. For an Amazon FSx for Lustre file system, you can update only the WeeklyMaintenanceStartTime. For an Amazon for Windows File Server file system, you can update the following properties:</p> <ul> <li> <p>AutomaticBackupRetentionDays</p> </li> <li> <p>DailyAutomaticBackupStartTime</p> </li> <li> <p>SelfManagedActiveDirectoryConfiguration</p> </li> <li> <p>StorageCapacity</p> </li> <li> <p>ThroughputCapacity</p> </li> <li> <p>WeeklyMaintenanceStartTime</p> </li> </ul> <p>You can update multiple properties in a single request.</p>"
}
},
"shapes":{
@ -324,6 +325,53 @@
"min":1,
"pattern":"^.{1,255}$"
},
"AdministrativeAction":{
"type":"structure",
"members":{
"AdministrativeActionType":{"shape":"AdministrativeActionType"},
"ProgressPercent":{
"shape":"ProgressPercent",
"documentation":"<p>Provides the percent complete of a <code>STORAGE_OPTIMIZATION</code> administrative action.</p>"
},
"RequestTime":{
"shape":"RequestTime",
"documentation":"<p>Time that the administrative action request was received.</p>"
},
"Status":{
"shape":"Status",
"documentation":"<p>Describes the status of the administrative action, as follows:</p> <ul> <li> <p> <code>FAILED</code> - Amazon FSx failed to process the administrative action successfully.</p> </li> <li> <p> <code>IN_PROGRESS</code> - Amazon FSx is processing the administrative action.</p> </li> <li> <p> <code>PENDING</code> - Amazon FSx is waiting to process the administrative action.</p> </li> <li> <p> <code>COMPLETED</code> - Amazon FSx has finished processing the administrative task.</p> </li> <li> <p> <code>UPDATED_OPTIMIZING</code> - For a storage capacity increase update, Amazon FSx has updated the file system with the new storage capacity, and is now performing the storage optimization process. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing Storage Capacity</a>.</p> </li> </ul>"
},
"TargetFileSystemValues":{
"shape":"FileSystem",
"documentation":"<p>Describes the target <code>StorageCapacity</code> or <code>ThroughputCapacity</code> value provided in the <code>UpdateFileSystem</code> operation. Returned for <code>FILE_SYSTEM_UPDATE</code> administrative actions. </p>"
},
"FailureDetails":{"shape":"AdministrativeActionFailureDetails"}
},
"documentation":"<p>Describes a specific Amazon FSx Administrative Action for the current Windows file system.</p>"
},
"AdministrativeActionFailureDetails":{
"type":"structure",
"members":{
"Message":{
"shape":"ErrorMessage",
"documentation":"<p>Error message providing details about the failure.</p>"
}
},
"documentation":"<p>Provides information about a failed administrative action.</p>"
},
"AdministrativeActionType":{
"type":"string",
"documentation":"<p>Describes the type of administrative action, as follows:</p> <ul> <li> <p> <code>FILE_SYSTEM_UPDATE</code> - A file system update administrative action initiated by the user from the Amazon FSx console, API (UpdateFileSystem), or CLI (update-file-system). A</p> </li> <li> <p> <code>STORAGE_OPTIMIZATION</code> - Once the <code>FILE_SYSTEM_UPDATE</code> task to increase a file system's storage capacity completes successfully, a <code>STORAGE_OPTIMIZATION</code> task starts. Storage optimization is the process of migrating the file system data to the new, larger disks. You can track the storage migration progress using the <code>ProgressPercent</code> property. When <code>STORAGE_OPTIMIZATION</code> completes successfully, the parent <code>FILE_SYSTEM_UPDATE</code> action status changes to <code>COMPLETED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing Storage Capacity</a>. </p> </li> </ul>",
"enum":[
"FILE_SYSTEM_UPDATE",
"STORAGE_OPTIMIZATION"
]
},
"AdministrativeActions":{
"type":"list",
"member":{"shape":"AdministrativeAction"},
"max":50
},
"ArchivePath":{
"type":"string",
"max":900,
@ -645,7 +693,7 @@
"members":{
"WeeklyMaintenanceStartTime":{
"shape":"WeeklyTime",
"documentation":"<p>The preferred time to perform weekly maintenance, in the UTC time zone.</p>"
"documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.</p>"
},
"ImportPath":{
"shape":"ArchivePath",
@ -693,7 +741,7 @@
},
"StorageType":{
"shape":"StorageType",
"documentation":"<p>Sets the storage type for the Amazon FSx for Windows file system you're creating. Valid values are <code>SSD</code> and <code>HDD</code>.</p> <ul> <li> <p>Set to <code>SSD</code> to use solid state drive storage. SSD is supported on all Windows deployment types.</p> </li> <li> <p>Set to <code>HDD</code> to use hard disk drive storage. HDD is supported on <code>SINGLE_AZ_2</code> and <code>MULTI_AZ_1</code> Windows file system deployment types. </p> </li> </ul> <p> Default value is <code>SSD</code>. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-tco.html#saz-maz-storage-type\"> Storage Type Options</a> in the <i>Amazon FSx for Windows User Guide</i>. </p>"
"documentation":"<p>Sets the storage type for the Amazon FSx for Windows file system you're creating. Valid values are <code>SSD</code> and <code>HDD</code>.</p> <ul> <li> <p>Set to <code>SSD</code> to use solid state drive storage. SSD is supported on all Windows deployment types.</p> </li> <li> <p>Set to <code>HDD</code> to use hard disk drive storage. HDD is supported on <code>SINGLE_AZ_2</code> and <code>MULTI_AZ_1</code> Windows file system deployment types. </p> </li> </ul> <p> Default value is <code>SSD</code>. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options\"> Storage Type Options</a> in the <i>Amazon FSx for Windows User Guide</i>. </p>"
},
"SubnetIds":{
"shape":"SubnetIds",
@ -749,7 +797,7 @@
},
"WeeklyMaintenanceStartTime":{
"shape":"WeeklyTime",
"documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone.</p>"
"documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.</p>"
},
"DailyAutomaticBackupStartTime":{
"shape":"DailyTime",
@ -1253,7 +1301,11 @@
"shape":"WindowsFileSystemConfiguration",
"documentation":"<p>The configuration for this Microsoft Windows file system.</p>"
},
"LustreConfiguration":{"shape":"LustreFileSystemConfiguration"}
"LustreConfiguration":{"shape":"LustreFileSystemConfiguration"},
"AdministrativeActions":{
"shape":"AdministrativeActions",
"documentation":"<p>A list of administrative actions for the file system that are in process or waiting to be processed. Administrative actions describe changes to the Windows file system that you have initiated using the <code>UpdateFileSystem</code> action. </p>"
}
},
"documentation":"<p>A description of a specific Amazon FSx file system.</p>"
},
@ -1492,7 +1544,7 @@
"members":{
"WeeklyMaintenanceStartTime":{
"shape":"WeeklyTime",
"documentation":"<p>The UTC time that you want to begin your weekly maintenance window.</p>"
"documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.</p>"
},
"DataRepositoryConfiguration":{"shape":"DataRepositoryConfiguration"},
"DeploymentType":{
@ -1519,6 +1571,7 @@
"MaxResults":{
"type":"integer",
"documentation":"<p>The maximum number of resources to return in the response. This value must be an integer greater than zero.</p>",
"max":2147483647,
"min":1
},
"Megabytes":{
@ -1603,6 +1656,7 @@
"type":"string",
"enum":["FAILED_FILES_ONLY"]
},
"RequestTime":{"type":"timestamp"},
"ResourceARN":{
"type":"string",
"documentation":"<p>The Amazon Resource Name (ARN) for a given resource. ARNs uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General Reference</i>.</p>",
@ -1727,7 +1781,7 @@
"documentation":"<p>A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory.</p>"
}
},
"documentation":"<p>The configuration that Amazon FSx uses to join the Windows File Server instance to the self-managed Microsoft Active Directory (AD) directory.</p>"
"documentation":"<p>The configuration that Amazon FSx uses to join the Windows File Server instance to a self-managed Microsoft Active Directory (AD) directory.</p>"
},
"ServiceLimit":{
"type":"string",
@ -1753,9 +1807,20 @@
"exception":true
},
"StartTime":{"type":"timestamp"},
"Status":{
"type":"string",
"enum":[
"FAILED",
"IN_PROGRESS",
"PENDING",
"COMPLETED",
"UPDATED_OPTIMIZING"
]
},
"StorageCapacity":{
"type":"integer",
"documentation":"<p>The storage capacity for your Amazon FSx file system, in gibibytes.</p>",
"max":2147483647,
"min":0
},
"StorageType":{
@ -1895,7 +1960,7 @@
"members":{
"WeeklyMaintenanceStartTime":{
"shape":"WeeklyTime",
"documentation":"<p>The preferred time to perform weekly maintenance, in the UTC time zone.</p>"
"documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.</p>"
}
},
"documentation":"<p>The configuration object for Amazon FSx for Lustre file systems used in the <code>UpdateFileSystem</code> operation.</p>"
@ -1904,15 +1969,22 @@
"type":"structure",
"required":["FileSystemId"],
"members":{
"FileSystemId":{"shape":"FileSystemId"},
"FileSystemId":{
"shape":"FileSystemId",
"documentation":"<p>Identifies the file system that you are updating.</p>"
},
"ClientRequestToken":{
"shape":"ClientRequestToken",
"documentation":"<p>(Optional) A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent updates. This string is automatically filled on your behalf when you use the AWS Command Line Interface (AWS CLI) or an AWS SDK.</p>",
"documentation":"<p>A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent updates. This string is automatically filled on your behalf when you use the AWS Command Line Interface (AWS CLI) or an AWS SDK.</p>",
"idempotencyToken":true
},
"StorageCapacity":{
"shape":"StorageCapacity",
"documentation":"<p>Use this parameter to increase the storage capacity of an Amazon FSx for Windows File Server file system. Specifies the storage capacity target value, GiB, for the file system you're updating. The storage capacity target value must be at least 10 percent (%) greater than the current storage capacity value. In order to increase storage capacity, the file system needs to have at least 16 MB/s of throughput capacity. You cannot make a storage capacity increase request if there is an existing storage capacity increase request in progress. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing Storage Capacity</a>.</p>"
},
"WindowsConfiguration":{
"shape":"UpdateFileSystemWindowsConfiguration",
"documentation":"<p>The configuration update for this Microsoft Windows file system. The only supported options are for backup and maintenance and for self-managed Active Directory configuration.</p>"
"documentation":"<p>The configuration updates for an Amazon FSx for Windows File Server file system.</p>"
},
"LustreConfiguration":{"shape":"UpdateFileSystemLustreConfiguration"}
},
@ -1933,22 +2005,26 @@
"members":{
"WeeklyMaintenanceStartTime":{
"shape":"WeeklyTime",
"documentation":"<p>The preferred time to perform weekly maintenance, in the UTC time zone.</p>"
"documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. Where d is the weekday number, from 1 through 7, with 1 = Monday and 7 = Sunday.</p>"
},
"DailyAutomaticBackupStartTime":{
"shape":"DailyTime",
"documentation":"<p>The preferred time to take daily automatic backups, in the UTC time zone.</p>"
"documentation":"<p>The preferred time to start the daily automatic backup, in the UTC time zone, for example, <code>02:00</code> </p>"
},
"AutomaticBackupRetentionDays":{
"shape":"AutomaticBackupRetentionDays",
"documentation":"<p>The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 35 days.</p>"
"documentation":"<p>The number of days to retain automatic daily backups. Setting this to zero (0) disables automatic daily backups. You can retain automatic daily backups for a maximum of 35 days. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#automatic-backups\">Working with Automatic Daily Backups</a>.</p>"
},
"ThroughputCapacity":{
"shape":"MegabytesPerSecond",
"documentation":"<p>Sets the target value for a file system's throughput capacity, in MB/s, that you are updating the file system to. Valid values are 8, 16, 32, 64, 128, 256, 512, 1024, 2048. You cannot make a throughput capacity update request if there is an existing throughput capacity update request in progress. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-throughput-capacity.html\">Managing Throughput Capacity</a>.</p>"
},
"SelfManagedActiveDirectoryConfiguration":{
"shape":"SelfManagedActiveDirectoryConfigurationUpdates",
"documentation":"<p>The configuration Amazon FSx uses to join the Windows File Server instance to the self-managed Microsoft AD directory.</p>"
"documentation":"<p>The configuration Amazon FSx uses to join the Windows File Server instance to the self-managed Microsoft AD directory. You cannot make a self-managed Microsoft AD update request if there is an existing self-managed Microsoft AD update request in progress.</p>"
}
},
"documentation":"<p>Updates the Microsoft Windows configuration for an existing Amazon FSx for Windows File Server file system. Amazon FSx overwrites existing properties with non-null values provided in the request. If you don't specify a non-null value for a property, that property is not updated.</p>"
"documentation":"<p>Updates the configuration for an existing Amazon FSx for Windows File Server file system. Amazon FSx only overwrites existing properties with non-null values provided in the request.</p>"
},
"VpcId":{
"type":"string",
@ -2006,7 +2082,7 @@
},
"WeeklyMaintenanceStartTime":{
"shape":"WeeklyTime",
"documentation":"<p>The preferred time to perform weekly maintenance, in the UTC time zone.</p>"
"documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.</p>"
},
"DailyAutomaticBackupStartTime":{
"shape":"DailyTime",

44
botocore/data/glue/2017-03-31/service-2.json
View file

@ -3185,7 +3185,7 @@
},
"Configuration":{
"shape":"CrawlerConfiguration",
"documentation":"<p>Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
"documentation":"<p>Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
},
"CrawlerSecurityConfiguration":{
"shape":"CrawlerSecurityConfiguration",
@ -3400,7 +3400,7 @@
},
"Schedule":{
"shape":"CronExpression",
"documentation":"<p>A <code>cron</code> expression used to specify the schedule. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, specify <code>cron(15 12 * * ? *)</code>.</p>"
"documentation":"<p>A <code>cron</code> expression used to specify the schedule (see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, you would specify: <code>cron(15 12 * * ? *)</code>.</p>"
},
"Classifiers":{
"shape":"ClassifierNameList",
@ -3416,7 +3416,7 @@
},
"Configuration":{
"shape":"CrawlerConfiguration",
"documentation":"<p>The crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
"documentation":"<p>Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
},
"CrawlerSecurityConfiguration":{
"shape":"CrawlerSecurityConfiguration",
@ -3424,7 +3424,7 @@
},
"Tags":{
"shape":"TagsMap",
"documentation":"<p>The tags to use with this crawler request. You can use tags to limit access to the crawler. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/monitor-tags.html\">AWS Tags in AWS Glue</a>.</p>"
"documentation":"<p>The tags to use with this crawler request. You may use tags to limit access to the crawler. For more information about tags in AWS Glue, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/monitor-tags.html\">AWS Tags in AWS Glue</a> in the developer guide.</p>"
}
}
},
@ -3774,7 +3774,7 @@
},
"JsonPath":{
"shape":"JsonPath",
"documentation":"<p>A <code>JsonPath</code> string defining the JSON data for the classifier to classify. AWS Glue supports a subset of <code>JsonPath</code>, as described in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json\">Writing JsonPath Custom Classifiers</a>.</p>"
"documentation":"<p>A <code>JsonPath</code> string defining the JSON data for the classifier to classify. AWS Glue supports a subset of JsonPath, as described in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json\">Writing JsonPath Custom Classifiers</a>.</p>"
}
},
"documentation":"<p>Specifies a JSON classifier for <code>CreateClassifier</code> to create.</p>"
@ -4744,6 +4744,14 @@
"Path":{
"shape":"Path",
"documentation":"<p>The name of the DynamoDB table to crawl.</p>"
},
"scanAll":{
"shape":"NullableBoolean",
"documentation":"<p>Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table.</p> <p>A value of <code>true</code> means to scan all records, while a value of <code>false</code> means to sample the records. If no value is specified, the value defaults to <code>true</code>.</p>"
},
"scanRate":{
"shape":"NullableDouble",
"documentation":"<p>The percentage of the configured read capacity units to use by the AWS Glue crawler. Read capacity units is a term defined by DynamoDB, and is a numeric value that acts as rate limiter for the number of reads that can be performed on that table per second.</p> <p>The valid values are null or a value between 0.1 to 1.5. A null value is used when user does not provide a value, and defaults to 0.5 of the configured Read Capacity Unit (for provisioned tables), or 0.25 of the max configured Read Capacity Unit (for tables using on-demand mode).</p>"
}
},
"documentation":"<p>Specifies an Amazon DynamoDB table to crawl.</p>"
@ -6159,7 +6167,7 @@
},
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the catalog database where the functions are located.</p>"
"documentation":"<p>The name of the catalog database where the functions are located. If none is provided, functions from all the databases across the catalog will be returned.</p>"
},
"Pattern":{
"shape":"NameString",
@ -6387,11 +6395,11 @@
},
"GrokPattern":{
"shape":"GrokPattern",
"documentation":"<p>The grok pattern applied to a data store by this classifier. For more information, see built-in patterns in <a href=\"http://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html\">Writing Custom Classifiers</a>.</p>"
"documentation":"<p>The grok pattern applied to a data store by this classifier. For more information, see built-in patterns in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html\">Writing Custom Classifiers</a>.</p>"
},
"CustomPatterns":{
"shape":"CustomPatterns",
"documentation":"<p>Optional custom grok patterns defined by this classifier. For more information, see custom patterns in <a href=\"http://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html\">Writing Custom Classifiers</a>.</p>"
"documentation":"<p>Optional custom grok patterns defined by this classifier. For more information, see custom patterns in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html\">Writing Custom Classifiers</a>.</p>"
}
},
"documentation":"<p>A classifier that uses <code>grok</code> patterns.</p>"
@ -6507,7 +6515,7 @@
},
"Exclusions":{
"shape":"PathList",
"documentation":"<p>A list of glob patterns used to exclude from the crawl. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/add-crawler.html\">Catalog Tables with a Crawler</a>.</p>"
"documentation":"<p>A list of glob patterns used to exclude from the crawl. For more information, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/add-crawler.html\">Catalog Tables with a Crawler</a>.</p>"
}
},
"documentation":"<p>Specifies a JDBC data store to crawl.</p>"
@ -6909,7 +6917,7 @@
},
"JsonPath":{
"shape":"JsonPath",
"documentation":"<p>A <code>JsonPath</code> string defining the JSON data for the classifier to classify. AWS Glue supports a subset of <code>JsonPath</code>, as described in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json\">Writing JsonPath Custom Classifiers</a>.</p>"
"documentation":"<p>A <code>JsonPath</code> string defining the JSON data for the classifier to classify. AWS Glue supports a subset of JsonPath, as described in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json\">Writing JsonPath Custom Classifiers</a>.</p>"
}
},
"documentation":"<p>A classifier for <code>JSON</code> content.</p>"
@ -7943,7 +7951,7 @@
},
"Exclusions":{
"shape":"PathList",
"documentation":"<p>A list of glob patterns used to exclude from the crawl. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/add-crawler.html\">Catalog Tables with a Crawler</a>.</p>"
"documentation":"<p>A list of glob patterns used to exclude from the crawl. For more information, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/add-crawler.html\">Catalog Tables with a Crawler</a>.</p>"
}
},
"documentation":"<p>Specifies a data store in Amazon Simple Storage Service (Amazon S3).</p>"
@ -7958,7 +7966,7 @@
"members":{
"ScheduleExpression":{
"shape":"CronExpression",
"documentation":"<p>A <code>cron</code> expression used to specify the schedule. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, specify <code>cron(15 12 * * ? *)</code>.</p>"
"documentation":"<p>A <code>cron</code> expression used to specify the schedule (see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, you would specify: <code>cron(15 12 * * ? *)</code>.</p>"
},
"State":{
"shape":"ScheduleState",
@ -9287,7 +9295,7 @@
},
"Schedule":{
"shape":"CronExpression",
"documentation":"<p>A <code>cron</code> expression used to specify the schedule. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, specify <code>cron(15 12 * * ? *)</code>.</p>"
"documentation":"<p>A <code>cron</code> expression used to specify the schedule (see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, you would specify: <code>cron(15 12 * * ? *)</code>.</p>"
},
"Classifiers":{
"shape":"ClassifierNameList",
@ -9303,7 +9311,7 @@
},
"Configuration":{
"shape":"CrawlerConfiguration",
"documentation":"<p>The crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
"documentation":"<p>Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
},
"CrawlerSecurityConfiguration":{
"shape":"CrawlerSecurityConfiguration",
@ -9326,7 +9334,7 @@
},
"Schedule":{
"shape":"CronExpression",
"documentation":"<p>The updated <code>cron</code> expression used to specify the schedule. For more information, see <a href=\"http://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, specify <code>cron(15 12 * * ? *)</code>.</p>"
"documentation":"<p>The updated <code>cron</code> expression used to specify the schedule (see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html\">Time-Based Schedules for Jobs and Crawlers</a>. For example, to run something every day at 12:15 UTC, you would specify: <code>cron(15 12 * * ? *)</code>.</p>"
}
}
},
@ -9498,7 +9506,7 @@
},
"JsonPath":{
"shape":"JsonPath",
"documentation":"<p>A <code>JsonPath</code> string defining the JSON data for the classifier to classify. AWS Glue supports a subset of <code>JsonPath</code>, as described in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json\">Writing JsonPath Custom Classifiers</a>.</p>"
"documentation":"<p>A <code>JsonPath</code> string defining the JSON data for the classifier to classify. AWS Glue supports a subset of JsonPath, as described in <a href=\"https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json\">Writing JsonPath Custom Classifiers</a>.</p>"
}
},
"documentation":"<p>Specifies a JSON classifier to be updated.</p>"
@ -9739,6 +9747,10 @@
"shape":"NameString",
"documentation":"<p>The name of the function.</p>"
},
"DatabaseName":{
"shape":"NameString",
"documentation":"<p>The name of the database where the function resides.</p>"
},
"ClassName":{
"shape":"NameString",
"documentation":"<p>The Java class that contains the function code.</p>"

223
botocore/data/guardduty/2017-11-28/service-2.json
View file

@ -595,7 +595,7 @@
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Lists details about associated member accounts for the current GuardDuty master account.</p>"
"documentation":"<p>Lists details about all member accounts for the current GuardDuty master account.</p>"
},
"ListOrganizationAdminAccounts":{
"name":"ListOrganizationAdminAccounts",
@ -870,6 +870,22 @@
"members":{
}
},
"AccessControlList":{
"type":"structure",
"members":{
"AllowsPublicReadAccess":{
"shape":"Boolean",
"documentation":"<p>A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).</p>",
"locationName":"allowsPublicReadAccess"
},
"AllowsPublicWriteAccess":{
"shape":"Boolean",
"documentation":"<p>A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).</p>",
"locationName":"allowsPublicWriteAccess"
}
},
"documentation":"<p>Contains information on the current access control policies for the bucket.</p>"
},
"AccessKeyDetails":{
"type":"structure",
"members":{
@ -933,6 +949,17 @@
"max":50,
"min":1
},
"AccountLevelPermissions":{
"type":"structure",
"members":{
"BlockPublicAccess":{
"shape":"BlockPublicAccess",
"documentation":"<p>Describes the S3 Block Public Access settings of the bucket's parent account.</p>",
"locationName":"blockPublicAccess"
}
},
"documentation":"<p>Contains information about the account level permissions on the S3 bucket.</p>"
},
"Action":{
"type":"structure",
"members":{
@ -1069,7 +1096,70 @@
"error":{"httpStatusCode":400},
"exception":true
},
"BlockPublicAccess":{
"type":"structure",
"members":{
"IgnorePublicAcls":{
"shape":"Boolean",
"documentation":"<p>Indicates if S3 Block Public Access is set to <code>IgnorePublicAcls</code>.</p>",
"locationName":"ignorePublicAcls"
},
"RestrictPublicBuckets":{
"shape":"Boolean",
"documentation":"<p>Indicates if S3 Block Public Access is set to <code>RestrictPublicBuckets</code>.</p>",
"locationName":"restrictPublicBuckets"
},
"BlockPublicAcls":{
"shape":"Boolean",
"documentation":"<p>Indicates if S3 Block Public Access is set to <code>BlockPublicAcls</code>.</p>",
"locationName":"blockPublicAcls"
},
"BlockPublicPolicy":{
"shape":"Boolean",
"documentation":"<p>Indicates if S3 Block Public Access is set to <code>BlockPublicPolicy</code>.</p>",
"locationName":"blockPublicPolicy"
}
},
"documentation":"<p>Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html\">S3 Block Public Access</a> for more information. </p>"
},
"Boolean":{"type":"boolean"},
"BucketLevelPermissions":{
"type":"structure",
"members":{
"AccessControlList":{
"shape":"AccessControlList",
"documentation":"<p>Contains information on how Access Control Policies are applied to the bucket.</p>",
"locationName":"accessControlList"
},
"BucketPolicy":{
"shape":"BucketPolicy",
"documentation":"<p>Contains information on the bucket policies for the S3 bucket.</p>",
"locationName":"bucketPolicy"
},
"BlockPublicAccess":{
"shape":"BlockPublicAccess",
"documentation":"<p>Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.</p>",
"locationName":"blockPublicAccess"
}
},
"documentation":"<p>Contains information about the bucket level permissions for the S3 bucket.</p>"
},
"BucketPolicy":{
"type":"structure",
"members":{
"AllowsPublicReadAccess":{
"shape":"Boolean",
"documentation":"<p>A value that indicates whether public read access for the bucket is enabled through a bucket policy.</p>",
"locationName":"allowsPublicReadAccess"
},
"AllowsPublicWriteAccess":{
"shape":"Boolean",
"documentation":"<p>A value that indicates whether public write access for the bucket is enabled through a bucket policy.</p>",
"locationName":"allowsPublicWriteAccess"
}
},
"documentation":"<p>Contains information on the current bucket policies for the S3 bucket.</p>"
},
"City":{
"type":"structure",
"members":{
@ -1307,7 +1397,7 @@
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the IPSet.</p>",
"documentation":"<p>The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
"locationName":"location"
},
"Activate":{
@ -1463,7 +1553,7 @@
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the ThreatIntelSet.</p>",
"documentation":"<p>The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
"locationName":"location"
},
"Activate":{
@ -1522,6 +1612,22 @@
}
}
},
"DefaultServerSideEncryption":{
"type":"structure",
"members":{
"EncryptionType":{
"shape":"String",
"documentation":"<p>The type of encryption used for objects within the S3 bucket.</p>",
"locationName":"encryptionType"
},
"KmsMasterKeyArn":{
"shape":"String",
"documentation":"<p>The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket <code>EncryptionType</code> is <code>aws:kms</code>.</p>",
"locationName":"kmsMasterKeyArn"
}
},
"documentation":"<p>Contains information on the server side encryption method used in the S3 bucket. See <a href=\"https://docs.aws.amazon.com/AmazonS3/atest/dev/serv-side-encryption.html\">S3 Server-Side Encryption</a> for more information.</p>"
},
"DeleteDetectorRequest":{
"type":"structure",
"required":["DetectorId"],
@ -2422,7 +2528,7 @@
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the IPSet.</p>",
"documentation":"<p>The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
"locationName":"location"
},
"Status":{
@ -2556,7 +2662,7 @@
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the ThreatIntelSet.</p>",
"documentation":"<p>The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
"locationName":"location"
},
"Status":{
@ -2876,7 +2982,7 @@
},
"FindingCriteria":{
"shape":"FindingCriteria",
"documentation":"<p>Represents the criteria used for querying findings. Valid values include:</p> <ul> <li> <p>JSON field name</p> </li> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.outpostArn</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.localIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: Timestamp in Unix Epoch millisecond format: 1486685375000</p> </li> </ul>",
"documentation":"<p>Represents the criteria used for querying findings. Valid values include:</p> <ul> <li> <p>JSON field name</p> </li> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: Timestamp in Unix Epoch millisecond format: 1486685375000</p> </li> </ul>",
"locationName":"findingCriteria"
},
"SortCriteria":{
@ -3008,7 +3114,7 @@
},
"OnlyAssociated":{
"shape":"String",
"documentation":"<p>Specifies what member accounts the response includes based on their relationship status with the master account. The default value is \"true\". If set to \"false\" the response includes all existing member accounts (including members who haven't been invited yet or have been disassociated).</p>",
"documentation":"<p>Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).</p>",
"location":"querystring",
"locationName":"onlyAssociated"
}
@ -3428,6 +3534,33 @@
},
"documentation":"<p>Contains information about the ISP organization of the remote IP address.</p>"
},
"Owner":{
"type":"structure",
"members":{
"Id":{
"shape":"String",
"documentation":"<p>The canonical user ID of the bucket owner. For information about locating your canonical user ID see <a href=\"https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId\">Finding Your Account Canonical User ID.</a> </p>",
"locationName":"id"
}
},
"documentation":"<p>Contains information on the owner of the bucket.</p>"
},
"PermissionConfiguration":{
"type":"structure",
"members":{
"BucketLevelPermissions":{
"shape":"BucketLevelPermissions",
"documentation":"<p>Contains information about the bucket level permissions for the S3 bucket.</p>",
"locationName":"bucketLevelPermissions"
},
"AccountLevelPermissions":{
"shape":"AccountLevelPermissions",
"documentation":"<p>Contains information about the account level permissions on the S3 bucket.</p>",
"locationName":"accountLevelPermissions"
}
},
"documentation":"<p>Contains information about how permissions are configured for the S3 bucket.</p>"
},
"PortProbeAction":{
"type":"structure",
"members":{
@ -3509,6 +3642,22 @@
"type":"list",
"member":{"shape":"ProductCode"}
},
"PublicAccess":{
"type":"structure",
"members":{
"PermissionConfiguration":{
"shape":"PermissionConfiguration",
"documentation":"<p>Contains information about how permissions are configured for the S3 bucket.</p>",
"locationName":"permissionConfiguration"
},
"EffectivePermission":{
"shape":"String",
"documentation":"<p>Describes the effective permission on this bucket after factoring all attached policies.</p>",
"locationName":"effectivePermission"
}
},
"documentation":"<p>Describes the public access policies that apply to the S3 bucket.</p>"
},
"PublishingStatus":{
"type":"string",
"enum":[
@ -3575,6 +3724,11 @@
"documentation":"<p>The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.</p>",
"locationName":"accessKeyDetails"
},
"S3BucketDetails":{
"shape":"S3BucketDetails",
"documentation":"<p>Contains information on the S3 bucket.</p>",
"locationName":"s3BucketDetails"
},
"InstanceDetails":{
"shape":"InstanceDetails",
"documentation":"<p>The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.</p>",
@ -3588,6 +3742,56 @@
},
"documentation":"<p>Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding.</p>"
},
"S3BucketDetail":{
"type":"structure",
"members":{
"Arn":{
"shape":"String",
"documentation":"<p>The Amazon Resource Name (ARN) of the S3 bucket.</p>",
"locationName":"arn"
},
"Name":{
"shape":"String",
"documentation":"<p>The name of the S3 bucket.</p>",
"locationName":"name"
},
"Type":{
"shape":"String",
"documentation":"<p>Describes whether the bucket is a source or destination bucket.</p>",
"locationName":"type"
},
"CreatedAt":{
"shape":"Timestamp",
"documentation":"<p>The date and time the bucket was created at.</p>",
"locationName":"createdAt"
},
"Owner":{
"shape":"Owner",
"documentation":"<p>The owner of the S3 bucket.</p>",
"locationName":"owner"
},
"Tags":{
"shape":"Tags",
"documentation":"<p>All tags attached to the S3 bucket</p>",
"locationName":"tags"
},
"DefaultServerSideEncryption":{
"shape":"DefaultServerSideEncryption",
"documentation":"<p>Describes the server side encryption method used in the S3 bucket.</p>",
"locationName":"defaultServerSideEncryption"
},
"PublicAccess":{
"shape":"PublicAccess",
"documentation":"<p>Describes the public access policies that apply to the S3 bucket.</p>",
"locationName":"publicAccess"
}
}
},
"S3BucketDetails":{
"type":"list",
"member":{"shape":"S3BucketDetail"},
"documentation":"<p>Contains information on the S3 bucket.</p>"
},
"SecurityGroup":{
"type":"structure",
"members":{
@ -3868,6 +4072,7 @@
"type":"list",
"member":{"shape":"String"}
},
"Timestamp":{"type":"timestamp"},
"UnarchiveFindingsRequest":{
"type":"structure",
"required":[
@ -4086,7 +4291,7 @@
},
"Location":{
"shape":"Location",
"documentation":"<p>The updated URI of the file that contains the IPSet.</p>",
"documentation":"<p>The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
"locationName":"location"
},
"Activate":{
@ -4183,7 +4388,7 @@
},
"Location":{
"shape":"Location",
"documentation":"<p>The updated URI of the file that contains the ThreateIntelSet.</p>",
"documentation":"<p>The updated URI of the file that contains the ThreateIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
"locationName":"location"
},
"Activate":{

56
botocore/data/iam/2010-05-08/service-2.json
View file

@ -849,7 +849,7 @@
{"shape":"NoSuchEntityException"},
{"shape":"InvalidInputException"}
],
"documentation":"<p>Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access AWS services. Recent activity usually appears within four hours. IAM reports activity for the last 365 days, or less if your Region began supporting this feature within the last year. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period\">Regions Where Data Is Tracked</a>.</p> <important> <p>The service last accessed data includes all attempts to access an AWS API, not just the successful ones. This includes all attempts that were made using the AWS Management Console, the AWS API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html\">Logging IAM Events with CloudTrail</a> in the <i>IAM User Guide</i>.</p> </important> <p>The <code>GenerateServiceLastAccessedDetails</code> operation returns a <code>JobId</code>. Use this parameter in the following operations to retrieve the following details from your report: </p> <ul> <li> <p> <a>GetServiceLastAccessedDetails</a> Use this operation for users, groups, roles, or policies to list every AWS service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.</p> <p>The <code>JobId</code> returned by <code>GenerateServiceLastAccessedDetail</code> must be used by the same role within a session, or by the same user when used to call <code>GetServiceLastAccessedDetail</code>.</p> </li> <li> <p> <a>GetServiceLastAccessedDetailsWithEntities</a> Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific AWS service. </p> </li> </ul> <p>To check the status of the <code>GenerateServiceLastAccessedDetails</code> request, use the <code>JobId</code> parameter in the same operations and test the <code>JobStatus</code> response parameter.</p> <p>For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the <a>ListPoliciesGrantingServiceAccess</a> operation.</p> <note> <p>Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics\">Evaluating Policies</a> in the <i>IAM User Guide</i>.</p> </note> <p>For more information about service last accessed data, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html\">Reducing Policy Scope by Viewing User Activity</a> in the <i>IAM User Guide</i>.</p>"
"documentation":"<p>Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access AWS services. Recent activity usually appears within four hours. IAM reports activity for the last 365 days, or less if your Region began supporting this feature within the last year. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period\">Regions Where Data Is Tracked</a>.</p> <important> <p>The service last accessed data includes all attempts to access an AWS API, not just the successful ones. This includes all attempts that were made using the AWS Management Console, the AWS API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html\">Logging IAM Events with CloudTrail</a> in the <i>IAM User Guide</i>.</p> </important> <p>The <code>GenerateServiceLastAccessedDetails</code> operation returns a <code>JobId</code>. Use this parameter in the following operations to retrieve the following details from your report: </p> <ul> <li> <p> <a>GetServiceLastAccessedDetails</a> Use this operation for users, groups, roles, or policies to list every AWS service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.</p> <p>The <code>JobId</code> returned by <code>GenerateServiceLastAccessedDetail</code> must be used by the same role within a session, or by the same user when used to call <code>GetServiceLastAccessedDetail</code>.</p> </li> <li> <p> <a>GetServiceLastAccessedDetailsWithEntities</a> Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific AWS service. </p> </li> </ul> <p>To check the status of the <code>GenerateServiceLastAccessedDetails</code> request, use the <code>JobId</code> parameter in the same operations and test the <code>JobStatus</code> response parameter.</p> <p>For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the <a>ListPoliciesGrantingServiceAccess</a> operation.</p> <note> <p>Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics\">Evaluating Policies</a> in the <i>IAM User Guide</i>.</p> </note> <p>For more information about service and action last accessed data, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html\">Reducing Permissions Using Service Last Accessed Data</a> in the <i>IAM User Guide</i>.</p>"
},
"GetAccessKeyLastUsed":{
"name":"GetAccessKeyLastUsed",
@ -1201,7 +1201,7 @@
{"shape":"NoSuchEntityException"},
{"shape":"InvalidInputException"}
],
"documentation":"<p>Retrieves a service last accessed report that was created using the <code>GenerateServiceLastAccessedDetails</code> operation. You can use the <code>JobId</code> parameter in <code>GetServiceLastAccessedDetails</code> to retrieve the status of your report job. When the report is complete, you can retrieve the generated report. The report includes a list of AWS services that the resource (user, group, role, or managed policy) can access.</p> <note> <p>Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics\">Evaluating Policies</a> in the <i>IAM User Guide</i>.</p> </note> <p>For each service that the resource could access using permissions policies, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, the <code>GetServiceLastAccessedDetails</code> operation returns the reason that it failed.</p> <p>The <code>GetServiceLastAccessedDetails</code> operation returns a list of services. This list includes the number of entities that have attempted to access the service and the date and time of the last attempt. It also returns the ARN of the following entity, depending on the resource ARN that you used to generate the report:</p> <ul> <li> <p> <b>User</b> Returns the user ARN that you used to generate the report</p> </li> <li> <p> <b>Group</b> Returns the ARN of the group member (user) that last attempted to access the service</p> </li> <li> <p> <b>Role</b> Returns the role ARN that you used to generate the report</p> </li> <li> <p> <b>Policy</b> Returns the ARN of the user or role that last used the policy to attempt to access the service</p> </li> </ul> <p>By default, the list is sorted by service namespace.</p>"
"documentation":"<p>Retrieves a service last accessed report that was created using the <code>GenerateServiceLastAccessedDetails</code> operation. You can use the <code>JobId</code> parameter in <code>GetServiceLastAccessedDetails</code> to retrieve the status of your report job. When the report is complete, you can retrieve the generated report. The report includes a list of AWS services that the resource (user, group, role, or managed policy) can access.</p> <note> <p>Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics\">Evaluating Policies</a> in the <i>IAM User Guide</i>.</p> </note> <p>For each service that the resource could access using permissions policies, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, the <code>GetServiceLastAccessedDetails</code> operation returns the reason that it failed.</p> <p>The <code>GetServiceLastAccessedDetails</code> operation returns a list of services. This list includes the number of entities that have attempted to access the service and the date and time of the last attempt. It also returns the ARN of the following entity, depending on the resource ARN that you used to generate the report:</p> <ul> <li> <p> <b>User</b> Returns the user ARN that you used to generate the report</p> </li> <li> <p> <b>Group</b> Returns the ARN of the group member (user) that last attempted to access the service</p> </li> <li> <p> <b>Role</b> Returns the role ARN that you used to generate the report</p> </li> <li> <p> <b>Policy</b> Returns the ARN of the user or role that last used the policy to attempt to access the service</p> </li> </ul> <p>By default, the list is sorted by service namespace.</p> <p>If you specified <code>ACTION_LEVEL</code> granularity when you generated the report, this operation returns service and action last accessed data. This includes the most recent access attempt for each tracked action within a service. Otherwise, this operation returns only service data.</p> <p>For more information about service and action last accessed data, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html\">Reducing Permissions Using Service Last Accessed Data</a> in the <i>IAM User Guide</i>.</p>"
},
"GetServiceLastAccessedDetailsWithEntities":{
"name":"GetServiceLastAccessedDetailsWithEntities",
@ -2291,6 +2291,13 @@
}
},
"shapes":{
"AccessAdvisorUsageGranularityType":{
"type":"string",
"enum":[
"SERVICE_LEVEL",
"ACTION_LEVEL"
]
},
"AccessDetail":{
"type":"structure",
"required":[
@ -3709,6 +3716,10 @@
"Arn":{
"shape":"arnType",
"documentation":"<p>The ARN of the IAM resource (user, group, role, or managed policy) used to generate information about when the resource was last used in an attempt to access an AWS service.</p>"
},
"Granularity":{
"shape":"AccessAdvisorUsageGranularityType",
"documentation":"<p>The level of detail that you want to generate. You can specify whether you want to generate information about the last attempt to access services or actions. If you specify service-level granularity, this operation generates only service data. If you specify action-level granularity, it generates service and action data. If you don't include this optional parameter, the operation generates service data.</p>"
}
}
},
@ -4307,6 +4318,10 @@
"shape":"jobStatusType",
"documentation":"<p>The status of the job.</p>"
},
"JobType":{
"shape":"AccessAdvisorUsageGranularityType",
"documentation":"<p>The type of job. Service jobs return information about when each service was last accessed. Action jobs also include information about when tracked actions within the service were last accessed.</p>"
},
"JobCreationDate":{
"shape":"dateType",
"documentation":"<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when the report job was created.</p>"
@ -4321,7 +4336,7 @@
},
"IsTruncated":{
"shape":"booleanType",
"documentation":"<p/> <p>A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the <code>Marker</code> request parameter to retrieve more items. Note that IAM might return fewer than the <code>MaxItems</code> number of results even when there are more results available. We recommend that you check <code>IsTruncated</code> after every call to ensure that you receive all your results.</p>"
"documentation":"<p>A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the <code>Marker</code> request parameter to retrieve more items. Note that IAM might return fewer than the <code>MaxItems</code> number of results even when there are more results available. We recommend that you check <code>IsTruncated</code> after every call to ensure that you receive all your results.</p>"
},
"Marker":{
"shape":"responseMarkerType",
@ -6783,9 +6798,17 @@
"shape":"arnType",
"documentation":"<p>The ARN of the authenticated entity (user or role) that last attempted to access the service. AWS does not report unauthenticated requests.</p> <p>This field is null if no IAM entities attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">reporting period</a>.</p>"
},
"LastAuthenticatedRegion":{
"shape":"stringType",
"documentation":"<p>The Region from which the authenticated entity (user or role) last attempted to access the service. AWS does not report unauthenticated requests.</p> <p>This field is null if no IAM entities attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">reporting period</a>.</p>"
},
"TotalAuthenticatedEntities":{
"shape":"integerType",
"documentation":"<p>The total number of authenticated principals (root user, IAM users, or IAM roles) that have attempted to access the service.</p> <p>This field is null if no principals attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">reporting period</a>.</p>"
},
"TrackedActionsLastAccessed":{
"shape":"TrackedActionsLastAccessed",
"documentation":"<p>An object that contains details about the most recent attempt to access a tracked action within the service.</p> <p>This field is null if there no tracked actions or if the principal did not use the tracked actions within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">reporting period</a>. This field is also null if the report was generated at the service level and not the action level. For more information, see the <code>Granularity</code> field in <a>GenerateServiceLastAccessedDetails</a>.</p>"
}
},
"documentation":"<p>Contains details about the most recent attempt to access the service.</p> <p>This data type is used as a response element in the <a>GetServiceLastAccessedDetails</a> operation.</p>"
@ -7039,7 +7062,7 @@
},
"PermissionsBoundaryPolicyInputList":{
"shape":"SimulationPolicyListType",
"documentation":"<p>The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permission boundary policy is used for the simulation. For more information about permissions boundaries, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html\">Permissions Boundaries for IAM Entities</a> in the <i>IAM User Guide</i>. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy.</p> <p>The <a href=\"http://wikipedia.org/wiki/regex\">regex pattern</a> used to validate this parameter is a string of characters consisting of the following:</p> <ul> <li> <p>Any printable ASCII character ranging from the space character (<code>\\u0020</code>) through the end of the ASCII character range</p> </li> <li> <p>The printable characters in the Basic Latin and Latin-1 Supplement character set (through <code>\\u00FF</code>)</p> </li> <li> <p>The special characters tab (<code>\\u0009</code>), line feed (<code>\\u000A</code>), and carriage return (<code>\\u000D</code>)</p> </li> </ul>"
"documentation":"<p>The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permissions boundary policy is used for the simulation. For more information about permissions boundaries, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html\">Permissions Boundaries for IAM Entities</a> in the <i>IAM User Guide</i>. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy.</p> <p>The <a href=\"http://wikipedia.org/wiki/regex\">regex pattern</a> used to validate this parameter is a string of characters consisting of the following:</p> <ul> <li> <p>Any printable ASCII character ranging from the space character (<code>\\u0020</code>) through the end of the ASCII character range</p> </li> <li> <p>The printable characters in the Basic Latin and Latin-1 Supplement character set (through <code>\\u00FF</code>)</p> </li> <li> <p>The special characters tab (<code>\\u0009</code>), line feed (<code>\\u000A</code>), and carriage return (<code>\\u000D</code>)</p> </li> </ul>"
},
"ActionNames":{
"shape":"ActionNameListType",
@ -7161,6 +7184,29 @@
}
}
},
"TrackedActionLastAccessed":{
"type":"structure",
"members":{
"ActionName":{
"shape":"stringType",
"documentation":"<p>The name of the tracked action to which access was attempted. Tracked actions are actions that report activity to IAM.</p>"
},
"LastAccessedEntity":{"shape":"arnType"},
"LastAccessedTime":{
"shape":"dateType",
"documentation":"<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when an authenticated entity most recently attempted to access the tracked service. AWS does not report unauthenticated requests.</p> <p>This field is null if no IAM entities attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">reporting period</a>.</p>"
},
"LastAccessedRegion":{
"shape":"stringType",
"documentation":"<p>The Region from which the authenticated entity (user or role) last attempted to access the tracked action. AWS does not report unauthenticated requests.</p> <p>This field is null if no IAM entities attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">reporting period</a>.</p>"
}
},
"documentation":"<p>Contains details about the most recent attempt to access an action within the service.</p> <p>This data type is used as a response element in the <a>GetServiceLastAccessedDetails</a> operation.</p>"
},
"TrackedActionsLastAccessed":{
"type":"list",
"member":{"shape":"TrackedActionLastAccessed"}
},
"UnmodifiableEntityException":{
"type":"structure",
"members":{
@ -8285,5 +8331,5 @@
"pattern":"[\\w+=,.@-]+"
}
},
"documentation":"<fullname>AWS Identity and Access Management</fullname> <p>AWS Identity and Access Management (IAM) is a web service that you can use to manage users and user permissions under your AWS account. This guide provides descriptions of IAM actions that you can call programmatically. For general information about IAM, see <a href=\"http://aws.amazon.com/iam/\">AWS Identity and Access Management (IAM)</a>. For the user guide for IAM, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/\">Using IAM</a>. </p> <note> <p>AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests (see below), managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon Web Services</a> page. </p> </note> <p>We recommend that you use the AWS SDKs to make programmatic API calls to IAM. However, you can also use the IAM Query API to make direct calls to the IAM web service. To learn more about the IAM Query API, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html\">Making Query Requests</a> in the <i>Using IAM</i> guide. IAM supports GET and POST requests for all actions. That is, the API does not require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request. </p> <p> <b>Signing Requests</b> </p> <p>Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use your AWS account access key ID and secret access key for everyday work with IAM. You can use the access key ID and secret access key for an IAM user or you can use the AWS Security Token Service to generate temporary security credentials and use those to sign requests.</p> <p>To sign requests, we recommend that you use <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4</a>. If you have an existing application that uses Signature Version 2, you do not have to update it to use Signature Version 4. However, some operations now require Signature Version 4. The documentation for operations that require version 4 indicate this requirement. </p> <p> <b>Additional Resources</b> </p> <p>For more information, see the following:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html\">AWS Security Credentials</a>. This topic provides general information about the types of credentials used for accessing AWS. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html\">IAM Best Practices</a>. This topic presents a list of suggestions for using the IAM service to help secure your AWS resources. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html\">Signing AWS API Requests</a>. This set of topics walk you through the process of signing a request using an access key ID and secret access key. </p> </li> </ul>"
"documentation":"<fullname>AWS Identity and Access Management</fullname> <p>AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access. For more information about IAM, see <a href=\"http://aws.amazon.com/iam/\">AWS Identity and Access Management (IAM)</a> and the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/\">AWS Identity and Access Management User Guide</a>.</p>"
}

70
botocore/data/imagebuilder/2019-12-02/service-2.json
View file

@ -51,7 +51,8 @@
{"shape":"CallRateLimitExceededException"},
{"shape":"InvalidVersionNumberException"},
{"shape":"ResourceInUseException"},
{"shape":"InvalidParameterCombinationException"}
{"shape":"InvalidParameterCombinationException"},
{"shape":"ServiceQuotaExceededException"}
],
"documentation":"<p>Creates a new component that can be used to build, validate, test, and assess your image.</p>"
},
@ -73,7 +74,8 @@
{"shape":"CallRateLimitExceededException"},
{"shape":"ResourceInUseException"},
{"shape":"ResourceAlreadyExistsException"},
{"shape":"InvalidParameterCombinationException"}
{"shape":"InvalidParameterCombinationException"},
{"shape":"ServiceQuotaExceededException"}
],
"documentation":"<p>Creates a new distribution configuration. Distribution configurations define and configure the outputs of your pipeline. </p>"
},
@ -93,7 +95,8 @@
{"shape":"IdempotentParameterMismatchException"},
{"shape":"ForbiddenException"},
{"shape":"CallRateLimitExceededException"},
{"shape":"ResourceInUseException"}
{"shape":"ResourceInUseException"},
{"shape":"ServiceQuotaExceededException"}
],
"documentation":"<p> Creates a new image. This request will create a new image along with all of the configured output resources defined in the distribution configuration. </p>"
},
@ -114,7 +117,8 @@
{"shape":"ForbiddenException"},
{"shape":"CallRateLimitExceededException"},
{"shape":"ResourceInUseException"},
{"shape":"ResourceAlreadyExistsException"}
{"shape":"ResourceAlreadyExistsException"},
{"shape":"ServiceQuotaExceededException"}
],
"documentation":"<p> Creates a new image pipeline. Image pipelines enable you to automate the creation and distribution of images. </p>"
},
@ -136,7 +140,8 @@
{"shape":"CallRateLimitExceededException"},
{"shape":"InvalidVersionNumberException"},
{"shape":"ResourceInUseException"},
{"shape":"ResourceAlreadyExistsException"}
{"shape":"ResourceAlreadyExistsException"},
{"shape":"ServiceQuotaExceededException"}
],
"documentation":"<p> Creates a new image recipe. Image recipes define how images are configured, tested, and assessed. </p>"
},
@ -157,7 +162,8 @@
{"shape":"ForbiddenException"},
{"shape":"CallRateLimitExceededException"},
{"shape":"ResourceInUseException"},
{"shape":"ResourceAlreadyExistsException"}
{"shape":"ResourceAlreadyExistsException"},
{"shape":"ServiceQuotaExceededException"}
],
"documentation":"<p> Creates a new infrastructure configuration. An infrastructure configuration defines the environment in which your image will be built and tested. </p>"
},
@ -533,7 +539,7 @@
{"shape":"ForbiddenException"},
{"shape":"CallRateLimitExceededException"}
],
"documentation":"<p> Returns a list of distribution configurations. </p>"
"documentation":"<p> Returns a list of image build versions. </p>"
},
"ListImagePipelineImages":{
"name":"ListImagePipelineImages",
@ -610,7 +616,7 @@
{"shape":"ForbiddenException"},
{"shape":"CallRateLimitExceededException"}
],
"documentation":"<p> Returns the list of image build versions for the specified semantic version. </p>"
"documentation":"<p> Returns the list of images that you have access to. </p>"
},
"ListInfrastructureConfigurations":{
"name":"ListInfrastructureConfigurations",
@ -1376,6 +1382,10 @@
"shape":"TagMap",
"documentation":"<p> The tags of the image recipe. </p>"
},
"workingDirectory":{
"shape":"NonEmptyString",
"documentation":"<p>The working directory to be used during build and test workflows.</p>"
},
"clientToken":{
"shape":"ClientToken",
"documentation":"<p>The idempotency token used to make this request idempotent. </p>",
@ -1504,6 +1514,10 @@
"shape":"SnsTopicArn",
"documentation":"<p>The SNS topic on which to send image build events. </p>"
},
"resourceTags":{
"shape":"ResourceTagMap",
"documentation":"<p>The tags attached to the resource created by Image Builder.</p>"
},
"tags":{
"shape":"TagMap",
"documentation":"<p>The tags of the infrastructure configuration. </p>"
@ -1921,7 +1935,7 @@
"required":["componentBuildVersionArn"],
"members":{
"componentBuildVersionArn":{
"shape":"ComponentBuildVersionArn",
"shape":"ComponentVersionArnOrBuildVersionArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the component that you want to retrieve. Regex requires \"/\\d+$\" suffix.</p>",
"location":"querystring",
"locationName":"componentBuildVersionArn"
@ -2071,7 +2085,7 @@
"required":["imageBuildVersionArn"],
"members":{
"imageBuildVersionArn":{
"shape":"ImageBuildVersionArn",
"shape":"ImageVersionArnOrBuildVersionArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the image that you want to retrieve. </p>",
"location":"querystring",
"locationName":"imageBuildVersionArn"
@ -2329,6 +2343,10 @@
"tags":{
"shape":"TagMap",
"documentation":"<p>The tags of the image recipe.</p>"
},
"workingDirectory":{
"shape":"NonEmptyString",
"documentation":"<p>The working directory to be used during build and test workflows.</p>"
}
},
"documentation":"<p>An image recipe.</p>"
@ -2512,6 +2530,10 @@
"type":"string",
"pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:\\d{12}|aws):image/[a-z0-9-_]+/\\d+\\.\\d+\\.\\d+$"
},
"ImageVersionArnOrBuildVersionArn":{
"type":"string",
"pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:\\d{12}|aws):image/[a-z0-9-_]+/(?:(?:(\\d+|x)\\.(\\d+|x)\\.(\\d+|x))|(?:\\d+\\.\\d+\\.\\d+/\\d+))$"
},
"ImageVersionList":{
"type":"list",
"member":{"shape":"ImageVersion"}
@ -2650,6 +2672,10 @@
"shape":"DateTime",
"documentation":"<p>The date on which the infrastructure configuration was last updated.</p>"
},
"resourceTags":{
"shape":"ResourceTagMap",
"documentation":"<p>The tags attached to the resource created by Image Builder.</p>"
},
"tags":{
"shape":"TagMap",
"documentation":"<p>The tags of the infrastructure configuration.</p>"
@ -2684,6 +2710,10 @@
"shape":"DateTime",
"documentation":"<p>The date on which the infrastructure configuration was last updated.</p>"
},
"resourceTags":{
"shape":"ResourceTagMap",
"documentation":"<p>The tags attached to the image created by Image Builder.</p>"
},
"tags":{
"shape":"TagMap",
"documentation":"<p>The tags of the infrastructure configuration.</p>"
@ -3358,6 +3388,13 @@
"max":30000,
"min":1
},
"ResourceTagMap":{
"type":"map",
"key":{"shape":"TagKey"},
"value":{"shape":"TagValue"},
"max":30,
"min":1
},
"RestrictedInteger":{
"type":"integer",
"max":25,
@ -3404,6 +3441,15 @@
"error":{"httpStatusCode":500},
"exception":true
},
"ServiceQuotaExceededException":{
"type":"structure",
"members":{
"message":{"shape":"ErrorMessage"}
},
"documentation":"<p>You have exceeded the number of permitted resources or operations for this service. For service quotas, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/imagebuilder.html#limits_imagebuilder\">EC2 Image Builder endpoints and quotas</a>.</p>",
"error":{"httpStatusCode":402},
"exception":true
},
"ServiceUnavailableException":{
"type":"structure",
"members":{
@ -3694,6 +3740,10 @@
"shape":"ClientToken",
"documentation":"<p>The idempotency token used to make this request idempotent. </p>",
"idempotencyToken":true
},
"resourceTags":{
"shape":"ResourceTagMap",
"documentation":"<p>The tags attached to the resource created by Image Builder.</p>"
}
}
},

3
botocore/data/iot-data/2015-05-28/paginators-1.json Normal file
View file

@ -0,0 +1,3 @@
{
"pagination": {}
}

118
botocore/data/iot-data/2015-05-28/service-2.json
View file

@ -1,14 +1,14 @@
{
"version":"2.0",
"metadata":{
"uid":"iot-data-2015-05-28",
"apiVersion":"2015-05-28",
"endpointPrefix":"data.iot",
"protocol":"rest-json",
"serviceFullName":"AWS IoT Data Plane",
"serviceId":"IoT Data Plane",
"signatureVersion":"v4",
"signingName":"iotdata"
"signingName":"iotdata",
"uid":"iot-data-2015-05-28"
},
"operations":{
"DeleteThingShadow":{
@ -29,7 +29,7 @@
{"shape":"MethodNotAllowedException"},
{"shape":"UnsupportedDocumentEncodingException"}
],
"documentation":"<p>Deletes the thing shadow for the specified thing.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/API_DeleteThingShadow.html\">DeleteThingShadow</a> in the <i>AWS IoT Developer Guide</i>.</p>"
"documentation":"<p>Deletes the shadow for the specified thing.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/API_DeleteThingShadow.html\">DeleteThingShadow</a> in the AWS IoT Developer Guide.</p>"
},
"GetThingShadow":{
"name":"GetThingShadow",
@ -49,7 +49,26 @@
{"shape":"MethodNotAllowedException"},
{"shape":"UnsupportedDocumentEncodingException"}
],
"documentation":"<p>Gets the thing shadow for the specified thing.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/API_GetThingShadow.html\">GetThingShadow</a> in the <i>AWS IoT Developer Guide</i>.</p>"
"documentation":"<p>Gets the shadow for the specified thing.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/API_GetThingShadow.html\">GetThingShadow</a> in the AWS IoT Developer Guide.</p>"
},
"ListNamedShadowsForThing":{
"name":"ListNamedShadowsForThing",
"http":{
"method":"GET",
"requestUri":"/api/things/shadow/ListNamedShadowsForThing/{thingName}"
},
"input":{"shape":"ListNamedShadowsForThingRequest"},
"output":{"shape":"ListNamedShadowsForThingResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidRequestException"},
{"shape":"ThrottlingException"},
{"shape":"UnauthorizedException"},
{"shape":"ServiceUnavailableException"},
{"shape":"InternalFailureException"},
{"shape":"MethodNotAllowedException"}
],
"documentation":"<p>Lists the shadows for the specified thing.</p>"
},
"Publish":{
"name":"Publish",
@ -64,7 +83,7 @@
{"shape":"UnauthorizedException"},
{"shape":"MethodNotAllowedException"}
],
"documentation":"<p>Publishes state information.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#http\">HTTP Protocol</a> in the <i>AWS IoT Developer Guide</i>.</p>"
"documentation":"<p>Publishes state information.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#http\">HTTP Protocol</a> in the AWS IoT Developer Guide.</p>"
},
"UpdateThingShadow":{
"name":"UpdateThingShadow",
@ -85,7 +104,7 @@
{"shape":"MethodNotAllowedException"},
{"shape":"UnsupportedDocumentEncodingException"}
],
"documentation":"<p>Updates the thing shadow for the specified thing.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/API_UpdateThingShadow.html\">UpdateThingShadow</a> in the <i>AWS IoT Developer Guide</i>.</p>"
"documentation":"<p>Updates the shadow for the specified thing.</p> <p>For more information, see <a href=\"http://docs.aws.amazon.com/iot/latest/developerguide/API_UpdateThingShadow.html\">UpdateThingShadow</a> in the AWS IoT Developer Guide.</p>"
}
},
"shapes":{
@ -93,7 +112,7 @@
"type":"structure",
"members":{
"message":{
"shape":"ErrorMessage",
"shape":"errorMessage",
"documentation":"<p>The message for the exception.</p>"
}
},
@ -110,6 +129,12 @@
"documentation":"<p>The name of the thing.</p>",
"location":"uri",
"locationName":"thingName"
},
"shadowName":{
"shape":"ShadowName",
"documentation":"<p>The name of the shadow.</p>",
"location":"querystring",
"locationName":"name"
}
},
"documentation":"<p>The input for the DeleteThingShadow operation.</p>"
@ -126,7 +151,6 @@
"documentation":"<p>The output from the DeleteThingShadow operation.</p>",
"payload":"payload"
},
"ErrorMessage":{"type":"string"},
"GetThingShadowRequest":{
"type":"structure",
"required":["thingName"],
@ -136,6 +160,12 @@
"documentation":"<p>The name of the thing.</p>",
"location":"uri",
"locationName":"thingName"
},
"shadowName":{
"shape":"ShadowName",
"documentation":"<p>The name of the shadow.</p>",
"location":"querystring",
"locationName":"name"
}
},
"documentation":"<p>The input for the GetThingShadow operation.</p>"
@ -177,11 +207,52 @@
"exception":true
},
"JsonDocument":{"type":"blob"},
"ListNamedShadowsForThingRequest":{
"type":"structure",
"required":["thingName"],
"members":{
"thingName":{
"shape":"ThingName",
"documentation":"<p>The name of the thing.</p>",
"location":"uri",
"locationName":"thingName"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The token to retrieve the next set of results.</p>",
"location":"querystring",
"locationName":"nextToken"
},
"pageSize":{
"shape":"PageSize",
"documentation":"<p>The result page size.</p>",
"location":"querystring",
"locationName":"pageSize"
}
}
},
"ListNamedShadowsForThingResponse":{
"type":"structure",
"members":{
"results":{
"shape":"NamedShadowList",
"documentation":"<p>The list of shadows for the specified thing.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>The token for the next set of results, or null if there are no additional results.</p>"
},
"timestamp":{
"shape":"Timestamp",
"documentation":"<p>The Epoch date and time the response was generated by AWS IoT.</p>"
}
}
},
"MethodNotAllowedException":{
"type":"structure",
"members":{
"message":{
"shape":"ErrorMessage",
"shape":"errorMessage",
"documentation":"<p>The message for the exception.</p>"
}
},
@ -189,6 +260,16 @@
"error":{"httpStatusCode":405},
"exception":true
},
"NamedShadowList":{
"type":"list",
"member":{"shape":"ShadowName"}
},
"NextToken":{"type":"string"},
"PageSize":{
"type":"integer",
"max":100,
"min":1
},
"Payload":{"type":"blob"},
"PublishRequest":{
"type":"structure",
@ -223,7 +304,7 @@
"type":"structure",
"members":{
"message":{
"shape":"ErrorMessage",
"shape":"errorMessage",
"documentation":"<p>The message for the exception.</p>"
}
},
@ -256,11 +337,17 @@
"exception":true,
"fault":true
},
"ShadowName":{
"type":"string",
"max":64,
"min":1,
"pattern":"[a-zA-Z0-9:_-]+"
},
"ThingName":{
"type":"string",
"max":128,
"min":1,
"pattern":"[a-zA-Z0-9_-]+"
"pattern":"[a-zA-Z0-9:_-]+"
},
"ThrottlingException":{
"type":"structure",
@ -274,6 +361,7 @@
"error":{"httpStatusCode":429},
"exception":true
},
"Timestamp":{"type":"long"},
"Topic":{"type":"string"},
"UnauthorizedException":{
"type":"structure",
@ -312,6 +400,12 @@
"location":"uri",
"locationName":"thingName"
},
"shadowName":{
"shape":"ShadowName",
"documentation":"<p>The name of the shadow.</p>",
"location":"querystring",
"locationName":"name"
},
"payload":{
"shape":"JsonDocument",
"documentation":"<p>The state information, in JSON format.</p>"
@ -333,5 +427,5 @@
},
"errorMessage":{"type":"string"}
},
"documentation":"<fullname>AWS IoT</fullname> <p>AWS IoT-Data enables secure, bi-directional communication between Internet-connected things (such as sensors, actuators, embedded devices, or smart appliances) and the AWS cloud. It implements a broker for applications and things to publish messages over HTTP (Publish) and retrieve, update, and delete thing shadows. A thing shadow is a persistent representation of your things and their state in the AWS cloud.</p>"
"documentation":"<fullname>AWS IoT</fullname> <p>AWS IoT-Data enables secure, bi-directional communication between Internet-connected things (such as sensors, actuators, embedded devices, or smart appliances) and the AWS cloud. It implements a broker for applications and things to publish messages over HTTP (Publish) and retrieve, update, and delete shadows. A shadow is a persistent representation of your things and their state in the AWS cloud.</p> <p>Find the endpoint address for actions in the AWS IoT data plane by running this CLI command:</p> <p> <code>aws iot describe-endpoint --endpoint-type iot:Data-ATS</code> </p> <p>The service name used by <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">AWS Signature Version 4</a> to sign requests is: <i>iotdevicegateway</i>.</p>"
}

161
botocore/data/iot/2015-05-28/service-2.json
View file

@ -2901,7 +2901,7 @@
{"shape":"InternalFailureException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Remove the specified thing from the specified group.</p>"
"documentation":"<p>Remove the specified thing from the specified group.</p> <p>You must specify either a <code>thingGroupArn</code> or a <code>thingGroupName</code> to identify the thing group and either a <code>thingArn</code> or a <code>thingName</code> to identify the thing to remove from the thing group. </p>"
},
"ReplaceTopicRule":{
"name":"ReplaceTopicRule",
@ -3560,10 +3560,10 @@
"members":{
"criteriaList":{
"shape":"AbortCriteriaList",
"documentation":"<p>The list of abort criteria to define rules to abort the job.</p>"
"documentation":"<p>The list of criteria that determine when and how to abort the job.</p>"
}
},
"documentation":"<p>Details of abort criteria to abort the job.</p>"
"documentation":"<p>The criteria that determine when and how a job abort takes place.</p>"
},
"AbortCriteria":{
"type":"structure",
@ -3576,22 +3576,22 @@
"members":{
"failureType":{
"shape":"JobExecutionFailureType",
"documentation":"<p>The type of job execution failure to define a rule to initiate a job abort.</p>"
"documentation":"<p>The type of job execution failures that can initiate a job abort.</p>"
},
"action":{
"shape":"AbortAction",
"documentation":"<p>The type of abort action to initiate a job abort.</p>"
"documentation":"<p>The type of job action to take to initiate the job abort.</p>"
},
"thresholdPercentage":{
"shape":"AbortThresholdPercentage",
"documentation":"<p>The threshold as a percentage of the total number of executed things that will initiate a job abort.</p> <p>AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).</p>"
"documentation":"<p>The minimum percentage of job execution failures that must occur to initiate the job abort.</p> <p>AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).</p>"
},
"minNumberOfExecutedThings":{
"shape":"MinimumNumberOfExecutedThings",
"documentation":"<p>Minimum number of executed things before evaluating an abort rule.</p>"
"documentation":"<p>The minimum number of things which must receive job execution notifications before the job can be aborted.</p>"
}
},
"documentation":"<p>Details of abort criteria to define rules to abort the job.</p>"
"documentation":"<p>The criteria that determine when and how a job abort takes place.</p>"
},
"AbortCriteriaList":{
"type":"list",
@ -4032,7 +4032,7 @@
},
"target":{
"shape":"PolicyTarget",
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/iot-security-identity.html\">identity</a> to which the policy is attached.</p>"
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/security-iam.html\">identity</a> to which the policy is attached.</p>"
}
}
},
@ -4645,16 +4645,108 @@
"AwsIotJobArn":{"type":"string"},
"AwsIotJobId":{"type":"string"},
"AwsIotSqlVersion":{"type":"string"},
"AwsJobAbortConfig":{
"type":"structure",
"required":["abortCriteriaList"],
"members":{
"abortCriteriaList":{
"shape":"AwsJobAbortCriteriaList",
"documentation":"<p>The list of criteria that determine when and how to abort the job.</p>"
}
},
"documentation":"<p>The criteria that determine when and how a job abort takes place.</p>"
},
"AwsJobAbortCriteria":{
"type":"structure",
"required":[
"failureType",
"action",
"thresholdPercentage",
"minNumberOfExecutedThings"
],
"members":{
"failureType":{
"shape":"AwsJobAbortCriteriaFailureType",
"documentation":"<p>The type of job execution failures that can initiate a job abort.</p>"
},
"action":{
"shape":"AwsJobAbortCriteriaAbortAction",
"documentation":"<p>The type of job action to take to initiate the job abort.</p>"
},
"thresholdPercentage":{
"shape":"AwsJobAbortCriteriaAbortThresholdPercentage",
"documentation":"<p>The minimum percentage of job execution failures that must occur to initiate the job abort.</p> <p>AWS IoT supports up to two digits after the decimal (for example, 10.9 and 10.99, but not 10.999).</p>"
},
"minNumberOfExecutedThings":{
"shape":"AwsJobAbortCriteriaMinimumNumberOfExecutedThings",
"documentation":"<p>The minimum number of things which must receive job execution notifications before the job can be aborted.</p>"
}
},
"documentation":"<p>The criteria that determine when and how a job abort takes place.</p>"
},
"AwsJobAbortCriteriaAbortAction":{
"type":"string",
"enum":["CANCEL"]
},
"AwsJobAbortCriteriaAbortThresholdPercentage":{
"type":"double",
"max":100
},
"AwsJobAbortCriteriaFailureType":{
"type":"string",
"enum":[
"FAILED",
"REJECTED",
"TIMED_OUT",
"ALL"
]
},
"AwsJobAbortCriteriaList":{
"type":"list",
"member":{"shape":"AwsJobAbortCriteria"},
"min":1
},
"AwsJobAbortCriteriaMinimumNumberOfExecutedThings":{
"type":"integer",
"min":1
},
"AwsJobExecutionsRolloutConfig":{
"type":"structure",
"members":{
"maximumPerMinute":{
"shape":"MaximumPerMinute",
"documentation":"<p>The maximum number of OTA update job executions started per minute.</p>"
},
"exponentialRate":{
"shape":"AwsJobExponentialRolloutRate",
"documentation":"<p>The rate of increase for a job rollout. This parameter allows you to define an exponential rate increase for a job rollout.</p>"
}
},
"documentation":"<p>Configuration for the rollout of OTA updates.</p>"
},
"AwsJobExponentialRolloutRate":{
"type":"structure",
"required":[
"baseRatePerMinute",
"incrementFactor",
"rateIncreaseCriteria"
],
"members":{
"baseRatePerMinute":{
"shape":"AwsJobRolloutRatePerMinute",
"documentation":"<p>The minimum number of things that will be notified of a pending job, per minute, at the start of the job rollout. This is the initial rate of the rollout.</p>"
},
"incrementFactor":{
"shape":"AwsJobRolloutIncrementFactor",
"documentation":"<p>The rate of increase for a job rollout. The number of things notified is multiplied by this factor.</p>"
},
"rateIncreaseCriteria":{
"shape":"AwsJobRateIncreaseCriteria",
"documentation":"<p>The criteria to initiate the increase in rate of rollout for a job.</p> <p>AWS IoT supports up to one digit after the decimal (for example, 1.5, but not 1.55).</p>"
}
},
"documentation":"<p>The rate of increase for a job rollout. This parameter allows you to define an exponential rate increase for a job rollout.</p>"
},
"AwsJobPresignedUrlConfig":{
"type":"structure",
"members":{
@ -4665,6 +4757,41 @@
},
"documentation":"<p>Configuration information for pre-signed URLs. Valid when <code>protocols</code> contains HTTP.</p>"
},
"AwsJobRateIncreaseCriteria":{
"type":"structure",
"members":{
"numberOfNotifiedThings":{
"shape":"AwsJobRateIncreaseCriteriaNumberOfThings",
"documentation":"<p>When this number of things have been notified, it will initiate an increase in the rollout rate.</p>"
},
"numberOfSucceededThings":{
"shape":"AwsJobRateIncreaseCriteriaNumberOfThings",
"documentation":"<p>When this number of things have succeeded in their job execution, it will initiate an increase in the rollout rate.</p>"
}
},
"documentation":"<p>The criteria to initiate the increase in rate of rollout for a job.</p>"
},
"AwsJobRateIncreaseCriteriaNumberOfThings":{
"type":"integer",
"min":1
},
"AwsJobRolloutIncrementFactor":{"type":"double"},
"AwsJobRolloutRatePerMinute":{
"type":"integer",
"max":1000,
"min":1
},
"AwsJobTimeoutConfig":{
"type":"structure",
"members":{
"inProgressTimeoutInMinutes":{
"shape":"AwsJobTimeoutInProgressTimeoutInMinutes",
"documentation":"<p>Specifies the amount of time, in minutes, this device has to finish execution of this job. The timeout interval can be anywhere between 1 minute and 7 days (1 to 10080 minutes). The in progress timer can't be updated and will apply to all job executions for the job. Whenever a job execution remains in the IN_PROGRESS status for longer than this interval, the job execution will fail and switch to the terminal <code>TIMED_OUT</code> status.</p>"
}
},
"documentation":"<p>Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to <code>IN_PROGRESS</code>. If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to <code>TIMED_OUT</code>.</p>"
},
"AwsJobTimeoutInProgressTimeoutInMinutes":{"type":"long"},
"Behavior":{
"type":"structure",
"required":["name"],
@ -5865,7 +5992,7 @@
},
"targets":{
"shape":"Targets",
"documentation":"<p>The targeted devices to receive OTA updates.</p>"
"documentation":"<p>The devices targeted to receive OTA updates.</p>"
},
"protocols":{
"shape":"Protocols",
@ -5883,13 +6010,21 @@
"shape":"AwsJobPresignedUrlConfig",
"documentation":"<p>Configuration information for pre-signed URLs.</p>"
},
"awsJobAbortConfig":{
"shape":"AwsJobAbortConfig",
"documentation":"<p>The criteria that determine when and how a job abort takes place.</p>"
},
"awsJobTimeoutConfig":{
"shape":"AwsJobTimeoutConfig",
"documentation":"<p>Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to <code>IN_PROGRESS</code>. If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to <code>TIMED_OUT</code>.</p>"
},
"files":{
"shape":"OTAUpdateFiles",
"documentation":"<p>The files to be streamed by the OTA update.</p>"
},
"roleArn":{
"shape":"RoleArn",
"documentation":"<p>The IAM role that allows access to the AWS IoT Jobs service.</p>"
"documentation":"<p>The IAM role that grants AWS IoT access to the Amazon S3, AWS IoT jobs and AWS Code Signing resources to create an OTA update job.</p>"
},
"additionalParameters":{
"shape":"AdditionalParameterMap",
@ -6803,7 +6938,7 @@
"members":{
"otaUpdateId":{
"shape":"OTAUpdateId",
"documentation":"<p>The OTA update ID to delete.</p>",
"documentation":"<p>The ID of the OTA update to delete.</p>",
"location":"uri",
"locationName":"otaUpdateId"
},
@ -6815,7 +6950,7 @@
},
"forceDeleteAWSJob":{
"shape":"ForceDeleteAWSJob",
"documentation":"<p>Specifies if the AWS Job associated with the OTA update should be deleted with the OTA update is deleted.</p>",
"documentation":"<p>Specifies if the AWS Job associated with the OTA update should be deleted when the OTA update is deleted.</p>",
"location":"querystring",
"locationName":"forceDeleteAWSJob"
}

91
botocore/data/kms/2014-11-01/service-2.json
View file

@ -63,7 +63,7 @@
{"shape":"LimitExceededException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Creates a display name for a customer managed customer master key (CMK). You can use an alias to identify a CMK in cryptographic operations, such as <a>Encrypt</a> and <a>GenerateDataKey</a>. You can change the CMK associated with the alias at any time.</p> <p>Aliases are easier to remember than key IDs. They can also help to simplify your applications. For example, if you use an alias in your code, you can change the CMK your code uses by associating a given alias with a different CMK. </p> <p>To run the same code in multiple AWS regions, use an alias in your code, such as <code>alias/ApplicationKey</code>. Then, in each AWS Region, create an <code>alias/ApplicationKey</code> alias that is associated with a CMK in that Region. When you run your code, it uses the <code>alias/ApplicationKey</code> CMK for that AWS Region without any Region-specific code.</p> <p>This operation does not return a response. To get the alias that you created, use the <a>ListAliases</a> operation.</p> <p>To use aliases successfully, be aware of the following information.</p> <ul> <li> <p>Each alias points to only one CMK at a time, although a single CMK can have multiple aliases. The alias and its associated CMK must be in the same AWS account and Region. </p> </li> <li> <p>You can associate an alias with any customer managed CMK in the same AWS account and Region. However, you do not have permission to associate an alias with an <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">AWS managed CMK</a> or an <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk\">AWS owned CMK</a>. </p> </li> <li> <p>To change the CMK associated with an alias, use the <a>UpdateAlias</a> operation. The current CMK and the new CMK must be the same type (both symmetric or both asymmetric) and they must have the same key usage (<code>ENCRYPT_DECRYPT</code> or <code>SIGN_VERIFY</code>). This restriction prevents cryptographic errors in code that uses aliases.</p> </li> <li> <p>The alias name must begin with <code>alias/</code> followed by a name, such as <code>alias/ExampleAlias</code>. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with <code>alias/aws/</code>. The <code>alias/aws/</code> prefix is reserved for <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">AWS managed CMKs</a>. </p> </li> <li> <p>The alias name must be unique within an AWS Region. However, you can use the same alias name in multiple Regions of the same AWS account. Each instance of the alias is associated with a CMK in its Region.</p> </li> <li> <p>After you create an alias, you cannot change its alias name. However, you can use the <a>DeleteAlias</a> operation to delete the alias and then create a new alias with the desired name.</p> </li> <li> <p>You can use an alias name or alias ARN to identify a CMK in AWS KMS cryptographic operations and in the <a>DescribeKey</a> operation. However, you cannot use alias names or alias ARNs in API operations that manage CMKs, such as <a>DisableKey</a> or <a>GetKeyPolicy</a>. For information about the valid CMK identifiers for each AWS KMS API operation, see the descriptions of the <code>KeyId</code> parameter in the API operation documentation.</p> </li> </ul> <p>Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the <a>DescribeKey</a> operation. To get the aliases and alias ARNs of CMKs in each AWS account and Region, use the <a>ListAliases</a> operation.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Creates a display name for a customer managed customer master key (CMK). You can use an alias to identify a CMK in <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a>, such as <a>Encrypt</a> and <a>GenerateDataKey</a>. You can change the CMK associated with the alias at any time.</p> <p>Aliases are easier to remember than key IDs. They can also help to simplify your applications. For example, if you use an alias in your code, you can change the CMK your code uses by associating a given alias with a different CMK. </p> <p>To run the same code in multiple AWS regions, use an alias in your code, such as <code>alias/ApplicationKey</code>. Then, in each AWS Region, create an <code>alias/ApplicationKey</code> alias that is associated with a CMK in that Region. When you run your code, it uses the <code>alias/ApplicationKey</code> CMK for that AWS Region without any Region-specific code.</p> <p>This operation does not return a response. To get the alias that you created, use the <a>ListAliases</a> operation.</p> <p>To use aliases successfully, be aware of the following information.</p> <ul> <li> <p>Each alias points to only one CMK at a time, although a single CMK can have multiple aliases. The alias and its associated CMK must be in the same AWS account and Region. </p> </li> <li> <p>You can associate an alias with any customer managed CMK in the same AWS account and Region. However, you do not have permission to associate an alias with an <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">AWS managed CMK</a> or an <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk\">AWS owned CMK</a>. </p> </li> <li> <p>To change the CMK associated with an alias, use the <a>UpdateAlias</a> operation. The current CMK and the new CMK must be the same type (both symmetric or both asymmetric) and they must have the same key usage (<code>ENCRYPT_DECRYPT</code> or <code>SIGN_VERIFY</code>). This restriction prevents cryptographic errors in code that uses aliases.</p> </li> <li> <p>The alias name must begin with <code>alias/</code> followed by a name, such as <code>alias/ExampleAlias</code>. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with <code>alias/aws/</code>. The <code>alias/aws/</code> prefix is reserved for <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">AWS managed CMKs</a>. </p> </li> <li> <p>The alias name must be unique within an AWS Region. However, you can use the same alias name in multiple Regions of the same AWS account. Each instance of the alias is associated with a CMK in its Region.</p> </li> <li> <p>After you create an alias, you cannot change its alias name. However, you can use the <a>DeleteAlias</a> operation to delete the alias and then create a new alias with the desired name.</p> </li> <li> <p>You can use an alias name or alias ARN to identify a CMK in AWS KMS <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> and in the <a>DescribeKey</a> operation. However, you cannot use alias names or alias ARNs in API operations that manage CMKs, such as <a>DisableKey</a> or <a>GetKeyPolicy</a>. For information about the valid CMK identifiers for each AWS KMS API operation, see the descriptions of the <code>KeyId</code> parameter in the API operation documentation.</p> </li> </ul> <p>Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the <a>DescribeKey</a> operation. To get the aliases and alias ARNs of CMKs in each AWS account and Region, use the <a>ListAliases</a> operation.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"CreateCustomKeyStore":{
"name":"CreateCustomKeyStore",
@ -102,7 +102,7 @@
{"shape":"LimitExceededException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Adds a grant to a customer master key (CMK). The grant allows the grantee principal to use the CMK when the conditions specified in the grant are met. When setting permissions, grants are an alternative to key policies. </p> <p>To create a grant that allows a cryptographic operation only when the request includes a particular <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>, use the <code>Constraints</code> parameter. For details, see <a>GrantConstraints</a>.</p> <p>You can create grants on symmetric and asymmetric CMKs. However, if the grant allows an operation that the CMK does not support, <code>CreateGrant</code> fails with a <code>ValidationException</code>. </p> <ul> <li> <p>Grants for symmetric CMKs cannot allow operations that are not supported for symmetric CMKs, including <a>Sign</a>, <a>Verify</a>, and <a>GetPublicKey</a>. (There are limited exceptions to this rule for legacy operations, but you should not create a grant for an operation that AWS KMS does not support.)</p> </li> <li> <p>Grants for asymmetric CMKs cannot allow operations that are not supported for asymmetric CMKs, including operations that <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey\">generate data keys</a> or <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPair\">data key pairs</a>, or operations related to <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html\">automatic key rotation</a>, <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html\">imported key material</a>, or CMKs in <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">custom key stores</a>.</p> </li> <li> <p>Grants for asymmetric CMKs with a <code>KeyUsage</code> of <code>ENCRYPT_DECRYPT</code> cannot allow the <a>Sign</a> or <a>Verify</a> operations. Grants for asymmetric CMKs with a <code>KeyUsage</code> of <code>SIGN_VERIFY</code> cannot allow the <a>Encrypt</a> or <a>Decrypt</a> operations.</p> </li> <li> <p>Grants for asymmetric CMKs cannot include an encryption context grant constraint. An encryption context is not supported on asymmetric CMKs.</p> </li> </ul> <p>For information about symmetric and asymmetric CMKs, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the <code>KeyId</code> parameter. For more information about grants, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/grants.html\">Grants</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Adds a grant to a customer master key (CMK). The grant allows the grantee principal to use the CMK when the conditions specified in the grant are met. When setting permissions, grants are an alternative to key policies. </p> <p>To create a grant that allows a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operation</a> only when the request includes a particular <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>, use the <code>Constraints</code> parameter. For details, see <a>GrantConstraints</a>.</p> <p>You can create grants on symmetric and asymmetric CMKs. However, if the grant allows an operation that the CMK does not support, <code>CreateGrant</code> fails with a <code>ValidationException</code>. </p> <ul> <li> <p>Grants for symmetric CMKs cannot allow operations that are not supported for symmetric CMKs, including <a>Sign</a>, <a>Verify</a>, and <a>GetPublicKey</a>. (There are limited exceptions to this rule for legacy operations, but you should not create a grant for an operation that AWS KMS does not support.)</p> </li> <li> <p>Grants for asymmetric CMKs cannot allow operations that are not supported for asymmetric CMKs, including operations that <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey\">generate data keys</a> or <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPair\">data key pairs</a>, or operations related to <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html\">automatic key rotation</a>, <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html\">imported key material</a>, or CMKs in <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">custom key stores</a>.</p> </li> <li> <p>Grants for asymmetric CMKs with a <code>KeyUsage</code> of <code>ENCRYPT_DECRYPT</code> cannot allow the <a>Sign</a> or <a>Verify</a> operations. Grants for asymmetric CMKs with a <code>KeyUsage</code> of <code>SIGN_VERIFY</code> cannot allow the <a>Encrypt</a> or <a>Decrypt</a> operations.</p> </li> <li> <p>Grants for asymmetric CMKs cannot include an encryption context grant constraint. An encryption context is not supported on asymmetric CMKs.</p> </li> </ul> <p>For information about symmetric and asymmetric CMKs, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the <code>KeyId</code> parameter. For more information about grants, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/grants.html\">Grants</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"CreateKey":{
"name":"CreateKey",
@ -177,7 +177,7 @@
{"shape":"CustomKeyStoreNotFoundException"},
{"shape":"KMSInternalException"}
],
"documentation":"<p>Deletes a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">custom key store</a>. This operation does not delete the AWS CloudHSM cluster that is associated with the custom key store, or affect any users or keys in the cluster.</p> <p>The custom key store that you delete cannot contain any AWS KMS <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys\">customer master keys (CMKs)</a>. Before deleting the key store, verify that you will never need to use any of the CMKs in the key store for any cryptographic operations. Then, use <a>ScheduleKeyDeletion</a> to delete the AWS KMS customer master keys (CMKs) from the key store. When the scheduled waiting period expires, the <code>ScheduleKeyDeletion</code> operation deletes the CMKs. Then it makes a best effort to delete the key material from the associated cluster. However, you might need to manually <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key\">delete the orphaned key material</a> from the cluster and its backups.</p> <p>After all CMKs are deleted from AWS KMS, use <a>DisconnectCustomKeyStore</a> to disconnect the key store from AWS KMS. Then, you can delete the custom key store.</p> <p>Instead of deleting the custom key store, consider using <a>DisconnectCustomKeyStore</a> to disconnect it from AWS KMS. While the key store is disconnected, you cannot create or use the CMKs in the key store. But, you do not need to delete CMKs and you can reconnect a disconnected custom key store at any time.</p> <p>If the operation succeeds, it returns a JSON object with no properties.</p> <p>This operation is part of the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">Custom Key Store feature</a> feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the isolation and control of a single-tenant key store.</p>"
"documentation":"<p>Deletes a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">custom key store</a>. This operation does not delete the AWS CloudHSM cluster that is associated with the custom key store, or affect any users or keys in the cluster.</p> <p>The custom key store that you delete cannot contain any AWS KMS <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys\">customer master keys (CMKs)</a>. Before deleting the key store, verify that you will never need to use any of the CMKs in the key store for any <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a>. Then, use <a>ScheduleKeyDeletion</a> to delete the AWS KMS customer master keys (CMKs) from the key store. When the scheduled waiting period expires, the <code>ScheduleKeyDeletion</code> operation deletes the CMKs. Then it makes a best effort to delete the key material from the associated cluster. However, you might need to manually <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key\">delete the orphaned key material</a> from the cluster and its backups.</p> <p>After all CMKs are deleted from AWS KMS, use <a>DisconnectCustomKeyStore</a> to disconnect the key store from AWS KMS. Then, you can delete the custom key store.</p> <p>Instead of deleting the custom key store, consider using <a>DisconnectCustomKeyStore</a> to disconnect it from AWS KMS. While the key store is disconnected, you cannot create or use the CMKs in the key store. But, you do not need to delete CMKs and you can reconnect a disconnected custom key store at any time.</p> <p>If the operation succeeds, it returns a JSON object with no properties.</p> <p>This operation is part of the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">Custom Key Store feature</a> feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the isolation and control of a single-tenant key store.</p>"
},
"DeleteImportedKeyMaterial":{
"name":"DeleteImportedKeyMaterial",
@ -240,7 +240,7 @@
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for cryptographic operations. You cannot perform this operation on a CMK in a different AWS account.</p> <p>For more information about how key state affects the use of a CMK, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects the Use of a Customer Master Key</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a>. You cannot perform this operation on a CMK in a different AWS account.</p> <p>For more information about how key state affects the use of a CMK, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects the Use of a Customer Master Key</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"DisableKeyRotation":{
"name":"DisableKeyRotation",
@ -273,7 +273,7 @@
{"shape":"CustomKeyStoreNotFoundException"},
{"shape":"KMSInternalException"}
],
"documentation":"<p>Disconnects the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">custom key store</a> from its associated AWS CloudHSM cluster. While a custom key store is disconnected, you can manage the custom key store and its customer master keys (CMKs), but you cannot create or use CMKs in the custom key store. You can reconnect the custom key store at any time.</p> <note> <p>While a custom key store is disconnected, all attempts to create customer master keys (CMKs) in the custom key store or to use existing CMKs in cryptographic operations will fail. This action can prevent users from storing and accessing sensitive data.</p> </note> <p/> <p>To find the connection state of a custom key store, use the <a>DescribeCustomKeyStores</a> operation. To reconnect a custom key store, use the <a>ConnectCustomKeyStore</a> operation.</p> <p>If the operation succeeds, it returns a JSON object with no properties.</p> <p>This operation is part of the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">Custom Key Store feature</a> feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the isolation and control of a single-tenant key store.</p>"
"documentation":"<p>Disconnects the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">custom key store</a> from its associated AWS CloudHSM cluster. While a custom key store is disconnected, you can manage the custom key store and its customer master keys (CMKs), but you cannot create or use CMKs in the custom key store. You can reconnect the custom key store at any time.</p> <note> <p>While a custom key store is disconnected, all attempts to create customer master keys (CMKs) in the custom key store or to use existing CMKs in <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> will fail. This action can prevent users from storing and accessing sensitive data.</p> </note> <p/> <p>To find the connection state of a custom key store, use the <a>DescribeCustomKeyStores</a> operation. To reconnect a custom key store, use the <a>ConnectCustomKeyStore</a> operation.</p> <p>If the operation succeeds, it returns a JSON object with no properties.</p> <p>This operation is part of the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html\">Custom Key Store feature</a> feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the isolation and control of a single-tenant key store.</p>"
},
"EnableKey":{
"name":"EnableKey",
@ -290,7 +290,7 @@
{"shape":"LimitExceededException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Sets the key state of a customer master key (CMK) to enabled. This allows you to use the CMK for cryptographic operations. You cannot perform this operation on a CMK in a different AWS account.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Sets the key state of a customer master key (CMK) to enabled. This allows you to use the CMK for <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a>. You cannot perform this operation on a CMK in a different AWS account.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"EnableKeyRotation":{
"name":"EnableKeyRotation",
@ -328,7 +328,7 @@
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Encrypts plaintext into ciphertext by using a customer master key (CMK). The <code>Encrypt</code> operation has two primary use cases:</p> <ul> <li> <p>You can encrypt small amounts of arbitrary data, such as a personal identifier or database password, or other sensitive information. </p> </li> <li> <p>You can use the <code>Encrypt</code> operation to move encrypted data from one AWS region to another. In the first region, generate a data key and use the plaintext key to encrypt the data. Then, in the new region, call the <code>Encrypt</code> method on same plaintext data key. Now, you can safely move the encrypted data and encrypted data key to the new region, and decrypt in the new region when necessary.</p> </li> </ul> <p>You don't need to use the <code>Encrypt</code> operation to encrypt a data key. The <a>GenerateDataKey</a> and <a>GenerateDataKeyPair</a> operations return a plaintext data key and an encrypted copy of that data key.</p> <p>When you encrypt data, you must specify a symmetric or asymmetric CMK to use in the encryption operation. The CMK must have a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT.</code> To find the <code>KeyUsage</code> of a CMK, use the <a>DescribeKey</a> operation. </p> <p>If you use a symmetric CMK, you can use an encryption context to add additional security to your encryption operation. If you specify an <code>EncryptionContext</code> when encrypting data, you must specify the same encryption context (a case-sensitive exact match) when decrypting the data. Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>If you specify an asymmetric CMK, you must also specify the encryption algorithm. The algorithm must be compatible with the CMK type.</p> <important> <p>When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record the CMK and encryption algorithm that you choose. You will be required to provide the same CMK and encryption algorithm when you decrypt the data. If the CMK and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p> <p>You are not required to supply the CMK ID and encryption algorithm when you decrypt with symmetric CMKs because AWS KMS stores this information in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p> </important> <p>The maximum size of the data that you can encrypt varies with the type of CMK and the encryption algorithm that you choose.</p> <ul> <li> <p>Symmetric CMKs</p> <ul> <li> <p> <code>SYMMETRIC_DEFAULT</code>: 4096 bytes</p> </li> </ul> </li> <li> <p> <code>RSA_2048</code> </p> <ul> <li> <p> <code>RSAES_OAEP_SHA_1</code>: 214 bytes</p> </li> <li> <p> <code>RSAES_OAEP_SHA_256</code>: 190 bytes</p> </li> </ul> </li> <li> <p> <code>RSA_3072</code> </p> <ul> <li> <p> <code>RSAES_OAEP_SHA_1</code>: 342 bytes</p> </li> <li> <p> <code>RSAES_OAEP_SHA_256</code>: 318 bytes</p> </li> </ul> </li> <li> <p> <code>RSA_4096</code> </p> <ul> <li> <p> <code>RSAES_OAEP_SHA_1</code>: 470 bytes</p> </li> <li> <p> <code>RSAES_OAEP_SHA_256</code>: 446 bytes</p> </li> </ul> </li> </ul> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter.</p>"
"documentation":"<p>Encrypts plaintext into ciphertext by using a customer master key (CMK). The <code>Encrypt</code> operation has two primary use cases:</p> <ul> <li> <p>You can encrypt small amounts of arbitrary data, such as a personal identifier or database password, or other sensitive information. </p> </li> <li> <p>You can use the <code>Encrypt</code> operation to move encrypted data from one AWS Region to another. For example, in Region A, generate a data key and use the plaintext key to encrypt your data. Then, in Region A, use the <code>Encrypt</code> operation to encrypt the plaintext data key under a CMK in Region B. Now, you can move the encrypted data and the encrypted data key to Region B. When necessary, you can decrypt the encrypted data key and the encrypted data entirely within in Region B.</p> </li> </ul> <p>You don't need to use the <code>Encrypt</code> operation to encrypt a data key. The <a>GenerateDataKey</a> and <a>GenerateDataKeyPair</a> operations return a plaintext data key and an encrypted copy of that data key.</p> <p>When you encrypt data, you must specify a symmetric or asymmetric CMK to use in the encryption operation. The CMK must have a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT.</code> To find the <code>KeyUsage</code> of a CMK, use the <a>DescribeKey</a> operation. </p> <p>If you use a symmetric CMK, you can use an encryption context to add additional security to your encryption operation. If you specify an <code>EncryptionContext</code> when encrypting data, you must specify the same encryption context (a case-sensitive exact match) when decrypting the data. Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>If you specify an asymmetric CMK, you must also specify the encryption algorithm. The algorithm must be compatible with the CMK type.</p> <important> <p>When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record the CMK and encryption algorithm that you choose. You will be required to provide the same CMK and encryption algorithm when you decrypt the data. If the CMK and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p> <p>You are not required to supply the CMK ID and encryption algorithm when you decrypt with symmetric CMKs because AWS KMS stores this information in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p> </important> <p>The maximum size of the data that you can encrypt varies with the type of CMK and the encryption algorithm that you choose.</p> <ul> <li> <p>Symmetric CMKs</p> <ul> <li> <p> <code>SYMMETRIC_DEFAULT</code>: 4096 bytes</p> </li> </ul> </li> <li> <p> <code>RSA_2048</code> </p> <ul> <li> <p> <code>RSAES_OAEP_SHA_1</code>: 214 bytes</p> </li> <li> <p> <code>RSAES_OAEP_SHA_256</code>: 190 bytes</p> </li> </ul> </li> <li> <p> <code>RSA_3072</code> </p> <ul> <li> <p> <code>RSAES_OAEP_SHA_1</code>: 342 bytes</p> </li> <li> <p> <code>RSAES_OAEP_SHA_256</code>: 318 bytes</p> </li> </ul> </li> <li> <p> <code>RSA_4096</code> </p> <ul> <li> <p> <code>RSAES_OAEP_SHA_1</code>: 470 bytes</p> </li> <li> <p> <code>RSAES_OAEP_SHA_256</code>: 446 bytes</p> </li> </ul> </li> </ul> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter.</p>"
},
"GenerateDataKey":{
"name":"GenerateDataKey",
@ -348,7 +348,7 @@
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Generates a unique symmetric data key. This operation returns a plaintext copy of the data key and a copy that is encrypted under a customer master key (CMK) that you specify. You can use the plaintext key to encrypt your data outside of AWS KMS and store the encrypted data key with the encrypted data.</p> <p> <code>GenerateDataKey</code> returns a unique data key for each request. The bytes in the key are not related to the caller or CMK that is used to encrypt the data key.</p> <p>To generate a data key, specify the symmetric CMK that will be used to encrypt the data key. You cannot use an asymmetric CMK to generate data keys. To get the type of your CMK, use the <a>DescribeKey</a> operation.</p> <p>You must also specify the length of the data key. Use either the <code>KeySpec</code> or <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use the <code>KeySpec</code> parameter. </p> <p>If the operation succeeds, the plaintext copy of the data key is in the <code>Plaintext</code> field of the response, and the encrypted copy of the data key in the <code>CiphertextBlob</code> field.</p> <p>To get only an encrypted copy of the data key, use <a>GenerateDataKeyWithoutPlaintext</a>. To generate an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operation. To get a cryptographically secure random byte string, use <a>GenerateRandom</a>.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>We recommend that you use the following pattern to encrypt data locally in your application:</p> <ol> <li> <p>Use the <code>GenerateDataKey</code> operation to get a data encryption key.</p> </li> <li> <p>Use the plaintext data key (returned in the <code>Plaintext</code> field of the response) to encrypt data locally, then erase the plaintext data key from memory.</p> </li> <li> <p>Store the encrypted data key (returned in the <code>CiphertextBlob</code> field of the response) alongside the locally encrypted data.</p> </li> </ol> <p>To decrypt data locally:</p> <ol> <li> <p>Use the <a>Decrypt</a> operation to decrypt the encrypted data key. The operation returns a plaintext copy of the data key.</p> </li> <li> <p>Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.</p> </li> </ol>"
"documentation":"<p>Generates a unique symmetric data key for client-side encryption. This operation returns a plaintext copy of the data key and a copy that is encrypted under a customer master key (CMK) that you specify. You can use the plaintext key to encrypt your data outside of AWS KMS and store the encrypted data key with the encrypted data.</p> <p> <code>GenerateDataKey</code> returns a unique data key for each request. The bytes in the plaintext key are not related to the caller or the CMK.</p> <p>To generate a data key, specify the symmetric CMK that will be used to encrypt the data key. You cannot use an asymmetric CMK to generate data keys. To get the type of your CMK, use the <a>DescribeKey</a> operation. You must also specify the length of the data key. Use either the <code>KeySpec</code> or <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use the <code>KeySpec</code> parameter. </p> <p>To get only an encrypted copy of the data key, use <a>GenerateDataKeyWithoutPlaintext</a>. To generate an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operation. To get a cryptographically secure random byte string, use <a>GenerateRandom</a>.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p> <b>How to use your data key</b> </p> <p>We recommend that you use the following pattern to encrypt data locally in your application. You can write your own code or use a client-side encryption library, such as the <a href=\"https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/\">AWS Encryption SDK</a>, the <a href=\"https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/\">Amazon DynamoDB Encryption Client</a>, or <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html\">Amazon S3 client-side encryption</a> to do these tasks for you.</p> <p>To encrypt data outside of AWS KMS:</p> <ol> <li> <p>Use the <code>GenerateDataKey</code> operation to get a data key.</p> </li> <li> <p>Use the plaintext data key (in the <code>Plaintext</code> field of the response) to encrypt your data outside of AWS KMS. Then erase the plaintext data key from memory.</p> </li> <li> <p>Store the encrypted data key (in the <code>CiphertextBlob</code> field of the response) with the encrypted data.</p> </li> </ol> <p>To decrypt data outside of AWS KMS:</p> <ol> <li> <p>Use the <a>Decrypt</a> operation to decrypt the encrypted data key. The operation returns a plaintext copy of the data key.</p> </li> <li> <p>Use the plaintext data key to decrypt data outside of AWS KMS, then erase the plaintext data key from memory.</p> </li> </ol>"
},
"GenerateDataKeyPair":{
"name":"GenerateDataKeyPair",
@ -366,9 +366,10 @@
{"shape":"InvalidKeyUsageException"},
{"shape":"InvalidGrantTokenException"},
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
{"shape":"KMSInvalidStateException"},
{"shape":"UnsupportedOperationException"}
],
"documentation":"<p>Generates a unique asymmetric data key pair. The <code>GenerateDataKeyPair</code> operation returns a plaintext public key, a plaintext private key, and a copy of the private key that is encrypted under the symmetric CMK you specify. You can use the data key pair to perform asymmetric cryptography outside of AWS KMS.</p> <p> <code>GenerateDataKeyPair</code> returns a unique data key pair for each request. The bytes in the keys are not related to the caller or the CMK that is used to encrypt the private key.</p> <p>You can use the public key that <code>GenerateDataKeyPair</code> returns to encrypt data or verify a signature outside of AWS KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p> <p>To generate a data key pair, you must specify a symmetric customer master key (CMK) to encrypt the private key in a data key pair. You cannot use an asymmetric CMK. To get the type of your CMK, use the <a>DescribeKey</a> operation.</p> <p>If you are using the data key pair to encrypt data, or for any operation where you don't immediately need a private key, consider using the <a>GenerateDataKeyPairWithoutPlaintext</a> operation. <code>GenerateDataKeyPairWithoutPlaintext</code> returns a plaintext public key and an encrypted private key, but omits the plaintext private key that you need only to decrypt ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use the <a>Decrypt</a> operation to decrypt the encrypted private key in the data key pair.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Generates a unique asymmetric data key pair. The <code>GenerateDataKeyPair</code> operation returns a plaintext public key, a plaintext private key, and a copy of the private key that is encrypted under the symmetric CMK you specify. You can use the data key pair to perform asymmetric cryptography outside of AWS KMS.</p> <p> <code>GenerateDataKeyPair</code> returns a unique data key pair for each request. The bytes in the keys are not related to the caller or the CMK that is used to encrypt the private key.</p> <p>You can use the public key that <code>GenerateDataKeyPair</code> returns to encrypt data or verify a signature outside of AWS KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p> <p>To generate a data key pair, you must specify a symmetric customer master key (CMK) to encrypt the private key in a data key pair. You cannot use an asymmetric CMK or a CMK in a custom key store. To get the type and origin of your CMK, use the <a>DescribeKey</a> operation. </p> <p>If you are using the data key pair to encrypt data, or for any operation where you don't immediately need a private key, consider using the <a>GenerateDataKeyPairWithoutPlaintext</a> operation. <code>GenerateDataKeyPairWithoutPlaintext</code> returns a plaintext public key and an encrypted private key, but omits the plaintext private key that you need only to decrypt ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use the <a>Decrypt</a> operation to decrypt the encrypted private key in the data key pair.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"GenerateDataKeyPairWithoutPlaintext":{
"name":"GenerateDataKeyPairWithoutPlaintext",
@ -386,9 +387,10 @@
{"shape":"InvalidKeyUsageException"},
{"shape":"InvalidGrantTokenException"},
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
{"shape":"KMSInvalidStateException"},
{"shape":"UnsupportedOperationException"}
],
"documentation":"<p>Generates a unique asymmetric data key pair. The <code>GenerateDataKeyPairWithoutPlaintext</code> operation returns a plaintext public key and a copy of the private key that is encrypted under the symmetric CMK you specify. Unlike <a>GenerateDataKeyPair</a>, this operation does not return a plaintext private key. </p> <p>To generate a data key pair, you must specify a symmetric customer master key (CMK) to encrypt the private key in the data key pair. You cannot use an asymmetric CMK. To get the type of your CMK, use the <code>KeySpec</code> field in the <a>DescribeKey</a> response.</p> <p>You can use the public key that <code>GenerateDataKeyPairWithoutPlaintext</code> returns to encrypt data or verify a signature outside of AWS KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p> <p> <code>GenerateDataKeyPairWithoutPlaintext</code> returns a unique data key pair for each request. The bytes in the key are not related to the caller or CMK that is used to encrypt the private key.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Generates a unique asymmetric data key pair. The <code>GenerateDataKeyPairWithoutPlaintext</code> operation returns a plaintext public key and a copy of the private key that is encrypted under the symmetric CMK you specify. Unlike <a>GenerateDataKeyPair</a>, this operation does not return a plaintext private key. </p> <p>To generate a data key pair, you must specify a symmetric customer master key (CMK) to encrypt the private key in the data key pair. You cannot use an asymmetric CMK or a CMK in a custom key store. To get the type and origin of your CMK, use the <code>KeySpec</code> field in the <a>DescribeKey</a> response.</p> <p>You can use the public key that <code>GenerateDataKeyPairWithoutPlaintext</code> returns to encrypt data or verify a signature outside of AWS KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the <a>Decrypt</a> operation to decrypt the encrypted private key.</p> <p> <code>GenerateDataKeyPairWithoutPlaintext</code> returns a unique data key pair for each request. The bytes in the key are not related to the caller or CMK that is used to encrypt the private key.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"GenerateDataKeyWithoutPlaintext":{
"name":"GenerateDataKeyWithoutPlaintext",
@ -408,7 +410,7 @@
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Generates a unique symmetric data key. This operation returns a data key that is encrypted under a customer master key (CMK) that you specify. To request an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operations.</p> <p> <code>GenerateDataKeyWithoutPlaintext</code> is identical to the <a>GenerateDataKey</a> operation except that returns only the encrypted copy of the data key. This operation is useful for systems that need to encrypt data at some point, but not immediately. When you need to encrypt the data, you call the <a>Decrypt</a> operation on the encrypted copy of the key. </p> <p>It's also useful in distributed systems with different levels of trust. For example, you might store encrypted data in containers. One component of your system creates new containers and stores an encrypted data key with each container. Then, a different component puts the data into the containers. That component first decrypts the data key, uses the plaintext data key to encrypt data, puts the encrypted data into the container, and then destroys the plaintext data key. In this system, the component that creates the containers never sees the plaintext data key.</p> <p> <code>GenerateDataKeyWithoutPlaintext</code> returns a unique data key for each request. The bytes in the keys are not related to the caller or CMK that is used to encrypt the private key.</p> <p>To generate a data key, you must specify the symmetric customer master key (CMK) that is used to encrypt the data key. You cannot use an asymmetric CMK to generate a data key. To get the type of your CMK, use the <a>DescribeKey</a> operation.</p> <p>If the operation succeeds, you will find the encrypted copy of the data key in the <code>CiphertextBlob</code> field.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Generates a unique symmetric data key. This operation returns a data key that is encrypted under a customer master key (CMK) that you specify. To request an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operations.</p> <p> <code>GenerateDataKeyWithoutPlaintext</code> is identical to the <a>GenerateDataKey</a> operation except that returns only the encrypted copy of the data key. This operation is useful for systems that need to encrypt data at some point, but not immediately. When you need to encrypt the data, you call the <a>Decrypt</a> operation on the encrypted copy of the key. </p> <p>It's also useful in distributed systems with different levels of trust. For example, you might store encrypted data in containers. One component of your system creates new containers and stores an encrypted data key with each container. Then, a different component puts the data into the containers. That component first decrypts the data key, uses the plaintext data key to encrypt data, puts the encrypted data into the container, and then destroys the plaintext data key. In this system, the component that creates the containers never sees the plaintext data key.</p> <p> <code>GenerateDataKeyWithoutPlaintext</code> returns a unique data key for each request. The bytes in the keys are not related to the caller or CMK that is used to encrypt the private key.</p> <p>To generate a data key, you must specify the symmetric customer master key (CMK) that is used to encrypt the data key. You cannot use an asymmetric CMK to generate a data key. To get the type of your CMK, use the <a>DescribeKey</a> operation.</p> <p>If the operation succeeds, you will find the encrypted copy of the data key in the <code>CiphertextBlob</code> field.</p> <p>You can use the optional encryption context to add additional security to the encryption operation. If you specify an <code>EncryptionContext</code>, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an <code>InvalidCiphertextException</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"GenerateRandom":{
"name":"GenerateRandom",
@ -556,7 +558,7 @@
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Gets a list of all grants for the specified customer master key (CMK).</p> <p>To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the <code>KeyId</code> parameter.</p>"
"documentation":"<p>Gets a list of all grants for the specified customer master key (CMK).</p> <p>To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the <code>KeyId</code> parameter.</p> <note> <p>The <code>GranteePrincipal</code> field in the <code>ListGrants</code> response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an AWS service, the <code>GranteePrincipal</code> field contains the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services\">service principal</a>, which might represent several different grantee principals.</p> </note>"
},
"ListKeyPolicies":{
"name":"ListKeyPolicies",
@ -662,7 +664,7 @@
{"shape":"KMSInternalException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Decrypts ciphertext and then reencrypts it entirely within AWS KMS. You can use this operation to change the customer master key (CMK) under which data is encrypted, such as when you <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually\">manually rotate</a> a CMK or change the CMK that protects a ciphertext. You can also use it to reencrypt ciphertext under the same CMK, such as to change the encryption context of a ciphertext. </p> <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using an AWS KMS CMK in an AWS KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the public key of an asymmetric CMK outside of AWS KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the <a href=\"https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/\">AWS Encryption SDK</a> or <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html\">Amazon S3 client-side encryption</a>. These libraries return a ciphertext format that is incompatible with AWS KMS.</p> <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the decrypt operation and the subsequent encrypt operation.</p> <ul> <li> <p>If your ciphertext was encrypted under an asymmetric CMK, you must identify the <i>source CMK</i>, that is, the CMK that encrypted the ciphertext. You must also supply the encryption algorithm that was used. This information is required to decrypt the data.</p> </li> <li> <p>It is optional, but you can specify a source CMK even when the ciphertext was encrypted under a symmetric CMK. This ensures that the ciphertext is decrypted only by using a particular CMK. If the CMK that you specify cannot decrypt the ciphertext, the <code>ReEncrypt</code> operation fails.</p> </li> <li> <p>To reencrypt the data, you must specify the <i>destination CMK</i>, that is, the CMK that re-encrypts the data after it is decrypted. You can select a symmetric or asymmetric CMK. If the destination CMK is an asymmetric CMK, you must also provide the encryption algorithm. The algorithm that you choose must be compatible with the CMK.</p> <important> <p>When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record the CMK and encryption algorithm that you choose. You will be required to provide the same CMK and encryption algorithm when you decrypt the data. If the CMK and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p> <p>You are not required to supply the CMK ID and encryption algorithm when you decrypt with symmetric CMKs because AWS KMS stores this information in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p> </important> </li> </ul> <p>Unlike other AWS KMS API operations, <code>ReEncrypt</code> callers must have two permissions:</p> <ul> <li> <p> <code>kms:EncryptFrom</code> permission on the source CMK</p> </li> <li> <p> <code>kms:EncryptTo</code> permission on the destination CMK</p> </li> </ul> <p>To permit reencryption from</p> <p> or to a CMK, include the <code>\"kms:ReEncrypt*\"</code> permission in your <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html\">key policy</a>. This permission is automatically included in the key policy when you use the console to create a CMK. But you must include it manually when you create a CMK programmatically or when you use the <a>PutKeyPolicy</a> operation set a key policy.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Decrypts ciphertext and then reencrypts it entirely within AWS KMS. You can use this operation to change the customer master key (CMK) under which data is encrypted, such as when you <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually\">manually rotate</a> a CMK or change the CMK that protects a ciphertext. You can also use it to reencrypt ciphertext under the same CMK, such as to change the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a> of a ciphertext.</p> <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using an AWS KMS CMK in an AWS KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the public key of an <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks\">asymmetric CMK</a> outside of AWS KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the <a href=\"https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/\">AWS Encryption SDK</a> or <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html\">Amazon S3 client-side encryption</a>. These libraries return a ciphertext format that is incompatible with AWS KMS.</p> <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the decrypt operation and the subsequent encrypt operation.</p> <ul> <li> <p>If your ciphertext was encrypted under an asymmetric CMK, you must identify the <i>source CMK</i>, that is, the CMK that encrypted the ciphertext. You must also supply the encryption algorithm that was used. This information is required to decrypt the data.</p> </li> <li> <p>It is optional, but you can specify a source CMK even when the ciphertext was encrypted under a symmetric CMK. This ensures that the ciphertext is decrypted only by using a particular CMK. If the CMK that you specify cannot decrypt the ciphertext, the <code>ReEncrypt</code> operation fails.</p> </li> <li> <p>To reencrypt the data, you must specify the <i>destination CMK</i>, that is, the CMK that re-encrypts the data after it is decrypted. You can select a symmetric or asymmetric CMK. If the destination CMK is an asymmetric CMK, you must also provide the encryption algorithm. The algorithm that you choose must be compatible with the CMK.</p> <important> <p>When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record the CMK and encryption algorithm that you choose. You will be required to provide the same CMK and encryption algorithm when you decrypt the data. If the CMK and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p> <p>You are not required to supply the CMK ID and encryption algorithm when you decrypt with symmetric CMKs because AWS KMS stores this information in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p> </important> </li> </ul> <p>Unlike other AWS KMS API operations, <code>ReEncrypt</code> callers must have two permissions:</p> <ul> <li> <p> <code>kms:ReEncryptFrom</code> permission on the source CMK</p> </li> <li> <p> <code>kms:ReEncryptTo</code> permission on the destination CMK</p> </li> </ul> <p>To permit reencryption from or to a CMK, include the <code>\"kms:ReEncrypt*\"</code> permission in your <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html\">key policy</a>. This permission is automatically included in the key policy when you use the console to create a CMK. But you must include it manually when you create a CMK programmatically or when you use the <a>PutKeyPolicy</a> operation to set a key policy.</p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"RetireGrant":{
"name":"RetireGrant",
@ -780,6 +782,7 @@
{"shape":"DependencyTimeoutException"},
{"shape":"NotFoundException"},
{"shape":"KMSInternalException"},
{"shape":"LimitExceededException"},
{"shape":"KMSInvalidStateException"}
],
"documentation":"<p>Associates an existing AWS KMS alias with a different customer master key (CMK). Each alias is associated with only one CMK at a time, although a CMK can have multiple aliases. The alias and the CMK must be in the same AWS account and region. You cannot perform this operation on an alias in a different AWS account. </p> <p>The current and new CMK must be the same type (both symmetric or both asymmetric), and they must have the same key usage (<code>ENCRYPT_DECRYPT</code> or <code>SIGN_VERIFY</code>). This restriction prevents errors in code that uses aliases. If you must assign an alias to a different type of CMK, use <a>DeleteAlias</a> to delete the old alias and <a>CreateAlias</a> to create a new alias.</p> <p>You cannot use <code>UpdateAlias</code> to change an alias name. To change an alias name, use <a>DeleteAlias</a> to delete the old alias and <a>CreateAlias</a> to create a new alias.</p> <p>Because an alias is not a property of a CMK, you can create, update, and delete the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the <a>DescribeKey</a> operation. To get the aliases of all CMKs in the account, use the <a>ListAliases</a> operation. </p> <p>The CMK that you use for this operation must be in a compatible key state. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
@ -909,7 +912,7 @@
"members":{
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The unique identifier of the master key for which deletion is canceled.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK whose deletion is canceled.</p>"
}
}
},
@ -1081,7 +1084,7 @@
},
"Constraints":{
"shape":"GrantConstraints",
"documentation":"<p>Allows a cryptographic operation only when the encryption context matches or includes the encryption context specified in this structure. For more information about encryption context, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p>"
"documentation":"<p>Allows a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operation</a> only when the encryption context matches or includes the encryption context specified in this structure. For more information about encryption context, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p>"
},
"GrantTokens":{
"shape":"GrantTokenList",
@ -1119,7 +1122,7 @@
},
"KeyUsage":{
"shape":"KeyUsageType",
"documentation":"<p>Determines the cryptographic operations for which you can use the CMK. The default value is <code>ENCRYPT_DECRYPT</code>. This parameter is required only for asymmetric CMKs. You can't change the <code>KeyUsage</code> value after the CMK is created.</p> <p>Select only one valid value.</p> <ul> <li> <p>For symmetric CMKs, omit the parameter or specify <code>ENCRYPT_DECRYPT</code>.</p> </li> <li> <p>For asymmetric CMKs with RSA key material, specify <code>ENCRYPT_DECRYPT</code> or <code>SIGN_VERIFY</code>.</p> </li> <li> <p>For asymmetric CMKs with ECC key material, specify <code>SIGN_VERIFY</code>.</p> </li> </ul>"
"documentation":"<p>Determines the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> for which you can use the CMK. The default value is <code>ENCRYPT_DECRYPT</code>. This parameter is required only for asymmetric CMKs. You can't change the <code>KeyUsage</code> value after the CMK is created.</p> <p>Select only one valid value.</p> <ul> <li> <p>For symmetric CMKs, omit the parameter or specify <code>ENCRYPT_DECRYPT</code>.</p> </li> <li> <p>For asymmetric CMKs with RSA key material, specify <code>ENCRYPT_DECRYPT</code> or <code>SIGN_VERIFY</code>.</p> </li> <li> <p>For asymmetric CMKs with ECC key material, specify <code>SIGN_VERIFY</code>.</p> </li> </ul>"
},
"CustomerMasterKeySpec":{
"shape":"CustomerMasterKeySpec",
@ -1223,7 +1226,7 @@
},
"ConnectionErrorCode":{
"shape":"ConnectionErrorCodeType",
"documentation":"<p>Describes the connection error. This field appears in the response only when the <code>ConnectionState</code> is <code>FAILED</code>. For help resolving these errors, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed\">How to Fix a Connection Failure</a> in <i>AWS Key Management Service Developer Guide</i>.</p> <p>Valid values are:</p> <ul> <li> <p> <code>CLUSTER_NOT_FOUND</code> - AWS KMS cannot find the AWS CloudHSM cluster with the specified cluster ID.</p> </li> <li> <p> <code>INSUFFICIENT_CLOUDHSM_HSMS</code> - The associated AWS CloudHSM cluster does not contain any active HSMs. To connect a custom key store to its AWS CloudHSM cluster, the cluster must contain at least one active HSM.</p> </li> <li> <p> <code>INTERNAL_ERROR</code> - AWS KMS could not complete the request due to an internal error. Retry the request. For <code>ConnectCustomKeyStore</code> requests, disconnect the custom key store before trying to connect again.</p> </li> <li> <p> <code>INVALID_CREDENTIALS</code> - AWS KMS does not have the correct password for the <code>kmsuser</code> crypto user in the AWS CloudHSM cluster. Before you can connect your custom key store to its AWS CloudHSM cluster, you must change the <code>kmsuser</code> account password and update the key store password value for the custom key store.</p> </li> <li> <p> <code>NETWORK_ERRORS</code> - Network errors are preventing AWS KMS from connecting to the custom key store.</p> </li> <li> <p> <code>SUBNET_NOT_FOUND</code> - A subnet in the AWS CloudHSM cluster configuration was deleted. If AWS KMS cannot find all of the subnets that were configured for the cluster when the custom key store was created, attempts to connect fail. To fix this error, create a cluster from a backup and associate it with your custom key store. This process includes selecting a VPC and subnets. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed\">How to Fix a Connection Failure</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> </li> <li> <p> <code>USER_LOCKED_OUT</code> - The <code>kmsuser</code> CU account is locked out of the associated AWS CloudHSM cluster due to too many failed password attempts. Before you can connect your custom key store to its AWS CloudHSM cluster, you must change the <code>kmsuser</code> account password and update the key store password value for the custom key store.</p> </li> <li> <p> <code>USER_LOGGED_IN</code> - The <code>kmsuser</code> CU account is logged into the the associated AWS CloudHSM cluster. This prevents AWS KMS from rotating the <code>kmsuser</code> account password and logging into the cluster. Before you can connect your custom key store to its AWS CloudHSM cluster, you must log the <code>kmsuser</code> CU out of the cluster. If you changed the <code>kmsuser</code> password to log into the cluster, you must also and update the key store password value for the custom key store. For help, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2\">How to Log Out and Reconnect</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> </li> <li> <p> <code>USER_NOT_FOUND</code> - AWS KMS cannot find a <code>kmsuser</code> CU account in the associated AWS CloudHSM cluster. Before you can connect your custom key store to its AWS CloudHSM cluster, you must create a <code>kmsuser</code> CU account in the cluster, and then update the key store password value for the custom key store.</p> </li> </ul>"
"documentation":"<p>Describes the connection error. This field appears in the response only when the <code>ConnectionState</code> is <code>FAILED</code>. For help resolving these errors, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed\">How to Fix a Connection Failure</a> in <i>AWS Key Management Service Developer Guide</i>.</p> <p>Valid values are:</p> <ul> <li> <p> <code>CLUSTER_NOT_FOUND</code> - AWS KMS cannot find the AWS CloudHSM cluster with the specified cluster ID.</p> </li> <li> <p> <code>INSUFFICIENT_CLOUDHSM_HSMS</code> - The associated AWS CloudHSM cluster does not contain any active HSMs. To connect a custom key store to its AWS CloudHSM cluster, the cluster must contain at least one active HSM.</p> </li> <li> <p> <code>INTERNAL_ERROR</code> - AWS KMS could not complete the request due to an internal error. Retry the request. For <code>ConnectCustomKeyStore</code> requests, disconnect the custom key store before trying to connect again.</p> </li> <li> <p> <code>INVALID_CREDENTIALS</code> - AWS KMS does not have the correct password for the <code>kmsuser</code> crypto user in the AWS CloudHSM cluster. Before you can connect your custom key store to its AWS CloudHSM cluster, you must change the <code>kmsuser</code> account password and update the key store password value for the custom key store.</p> </li> <li> <p> <code>NETWORK_ERRORS</code> - Network errors are preventing AWS KMS from connecting to the custom key store.</p> </li> <li> <p> <code>SUBNET_NOT_FOUND</code> - A subnet in the AWS CloudHSM cluster configuration was deleted. If AWS KMS cannot find all of the subnets in the cluster configuration, attempts to connect the custom key store to the AWS CloudHSM cluster fail. To fix this error, create a cluster from a recent backup and associate it with your custom key store. (This process creates a new cluster configuration with a VPC and private subnets.) For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed\">How to Fix a Connection Failure</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> </li> <li> <p> <code>USER_LOCKED_OUT</code> - The <code>kmsuser</code> CU account is locked out of the associated AWS CloudHSM cluster due to too many failed password attempts. Before you can connect your custom key store to its AWS CloudHSM cluster, you must change the <code>kmsuser</code> account password and update the key store password value for the custom key store.</p> </li> <li> <p> <code>USER_LOGGED_IN</code> - The <code>kmsuser</code> CU account is logged into the the associated AWS CloudHSM cluster. This prevents AWS KMS from rotating the <code>kmsuser</code> account password and logging into the cluster. Before you can connect your custom key store to its AWS CloudHSM cluster, you must log the <code>kmsuser</code> CU out of the cluster. If you changed the <code>kmsuser</code> password to log into the cluster, you must also and update the key store password value for the custom key store. For help, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2\">How to Log Out and Reconnect</a> in the <i>AWS Key Management Service Developer Guide</i>.</p> </li> <li> <p> <code>USER_NOT_FOUND</code> - AWS KMS cannot find a <code>kmsuser</code> CU account in the associated AWS CloudHSM cluster. Before you can connect your custom key store to its AWS CloudHSM cluster, you must create a <code>kmsuser</code> CU account in the cluster, and then update the key store password value for the custom key store.</p> </li> </ul>"
},
"CreationDate":{
"shape":"DateType",
@ -1275,7 +1278,7 @@
},
"EncryptionContext":{
"shape":"EncryptionContextType",
"documentation":"<p>Specifies the encryption context to use when decrypting the data. An encryption context is valid only for cryptographic operations with a symmetric CMK. The standard asymmetric encryption algorithms that AWS KMS uses do not support an encryption context.</p> <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric CMK, but it is highly recommended.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Specifies the encryption context to use when decrypting the data. An encryption context is valid only for <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> with a symmetric CMK. The standard asymmetric encryption algorithms that AWS KMS uses do not support an encryption context.</p> <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric CMK, but it is highly recommended.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"GrantTokens":{
"shape":"GrantTokenList",
@ -1296,7 +1299,7 @@
"members":{
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The ARN of the customer master key that was used to perform the decryption.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK that was used to decrypt the ciphertext.</p>"
},
"Plaintext":{
"shape":"PlaintextType",
@ -1498,7 +1501,7 @@
},
"EncryptionContext":{
"shape":"EncryptionContextType",
"documentation":"<p>Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for cryptographic operations with a symmetric CMK. The standard asymmetric encryption algorithms that AWS KMS uses do not support an encryption context. </p> <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric CMK, but it is highly recommended.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> with a symmetric CMK. The standard asymmetric encryption algorithms that AWS KMS uses do not support an encryption context. </p> <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric CMK, but it is highly recommended.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">Encryption Context</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"GrantTokens":{
"shape":"GrantTokenList",
@ -1519,7 +1522,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The ID of the key used during encryption.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK that was used to encrypt the plaintext.</p>"
},
"EncryptionAlgorithm":{
"shape":"EncryptionAlgorithmSpec",
@ -1575,7 +1578,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>Specifies the symmetric CMK that encrypts the private key in the data key pair. You cannot specify an asymmetric CMKs.</p> <p>To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>. To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>To get the key ID and key ARN for a CMK, use <a>ListKeys</a> or <a>DescribeKey</a>. To get the alias name and alias ARN, use <a>ListAliases</a>.</p>"
"documentation":"<p>Specifies the symmetric CMK that encrypts the private key in the data key pair. You cannot specify an asymmetric CMK or a CMK in a custom key store. To get the type and origin of your CMK, use the <a>DescribeKey</a> operation.</p> <p>To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>. To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>To get the key ID and key ARN for a CMK, use <a>ListKeys</a> or <a>DescribeKey</a>. To get the alias name and alias ARN, use <a>ListAliases</a>.</p>"
},
"KeyPairSpec":{
"shape":"DataKeyPairSpec",
@ -1604,7 +1607,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The identifier of the CMK that encrypted the private key.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK that encrypted the private key.</p>"
},
"KeyPairSpec":{
"shape":"DataKeyPairSpec",
@ -1625,7 +1628,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>Specifies the CMK that encrypts the private key in the data key pair. You must specify a symmetric CMK. You cannot use an asymmetric CMK. To get the type of your CMK, use the <a>DescribeKey</a> operation. </p> <p>To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>To get the key ID and key ARN for a CMK, use <a>ListKeys</a> or <a>DescribeKey</a>. To get the alias name and alias ARN, use <a>ListAliases</a>.</p>"
"documentation":"<p>Specifies the CMK that encrypts the private key in the data key pair. You must specify a symmetric CMK. You cannot use an asymmetric CMK or a CMK in a custom key store. To get the type and origin of your CMK, use the <a>DescribeKey</a> operation. </p> <p>To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>To get the key ID and key ARN for a CMK, use <a>ListKeys</a> or <a>DescribeKey</a>. To get the alias name and alias ARN, use <a>ListAliases</a>.</p>"
},
"KeyPairSpec":{
"shape":"DataKeyPairSpec",
@ -1650,7 +1653,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>Specifies the CMK that encrypted the private key in the data key pair. You must specify a symmetric CMK. You cannot use an asymmetric CMK. To get the type of your CMK, use the <a>DescribeKey</a> operation.</p> <p>To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>To get the key ID and key ARN for a CMK, use <a>ListKeys</a> or <a>DescribeKey</a>. To get the alias name and alias ARN, use <a>ListAliases</a>.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK that encrypted the private key.</p>"
},
"KeyPairSpec":{
"shape":"DataKeyPairSpec",
@ -1697,7 +1700,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The identifier of the CMK that encrypted the data key.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK that encrypted the data key.</p>"
}
}
},
@ -1736,7 +1739,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The identifier of the CMK that encrypted the data key.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK that encrypted the data key.</p>"
}
}
},
@ -1834,7 +1837,7 @@
"members":{
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The identifier of the CMK to use in a subsequent <a>ImportKeyMaterial</a> request. This is the same CMK specified in the <code>GetParametersForImport</code> request.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK to use in a subsequent <a>ImportKeyMaterial</a> request. This is the same CMK specified in the <code>GetParametersForImport</code> request.</p>"
},
"ImportToken":{
"shape":"CiphertextType",
@ -1869,7 +1872,7 @@
"members":{
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The identifier of the asymmetric CMK from which the public key was downloaded.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the asymmetric CMK from which the public key was downloaded.</p>"
},
"PublicKey":{
"shape":"PublicKeyType",
@ -1898,14 +1901,14 @@
"members":{
"EncryptionContextSubset":{
"shape":"EncryptionContextType",
"documentation":"<p>A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.</p>"
"documentation":"<p>A list of key-value pairs that must be included in the encryption context of the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operation</a> request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.</p>"
},
"EncryptionContextEquals":{
"shape":"EncryptionContextType",
"documentation":"<p>A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.</p>"
"documentation":"<p>A list of key-value pairs that must match the encryption context in the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operation</a> request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.</p>"
}
},
"documentation":"<p>Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>.</p> <p>AWS KMS applies the grant constraints only when the grant allows a cryptographic operation that accepts an encryption context as input, such as the following.</p> <ul> <li> <p> <a>Encrypt</a> </p> </li> <li> <p> <a>Decrypt</a> </p> </li> <li> <p> <a>GenerateDataKey</a> </p> </li> <li> <p> <a>GenerateDataKeyWithoutPlaintext</a> </p> </li> <li> <p> <a>ReEncrypt</a> </p> </li> </ul> <p>AWS KMS does not apply the grant constraints to other operations, such as <a>DescribeKey</a> or <a>ScheduleKeyDeletion</a>.</p> <important> <p>In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.</p> <p>However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.</p> <p>To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the <code>kms:EncryptionContext:</code> and <code>kms:EncryptionContextKeys</code> conditions in an IAM or key policy. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context\">kms:EncryptionContext:</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p> </important>"
"documentation":"<p>Use this structure to allow <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> in the grant only when the operation request includes the specified <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>. </p> <p>AWS KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks\">symmetric CMK</a>. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric CMKs and management operations, such as <a>DescribeKey</a> or <a>ScheduleKeyDeletion</a>.</p> <important> <p>In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.</p> <p>However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.</p> <p>To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the <code>kms:EncryptionContext:</code> and <code>kms:EncryptionContextKeys</code> conditions in an IAM or key policy. For details, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context\">kms:EncryptionContext:</a> in the <i> <i>AWS Key Management Service Developer Guide</i> </i>.</p> </important>"
},
"GrantIdType":{
"type":"string",
@ -1937,7 +1940,7 @@
},
"GranteePrincipal":{
"shape":"PrincipalIdType",
"documentation":"<p>The principal that receives the grant's permissions.</p>"
"documentation":"<p>The identity that gets the permissions in the grant.</p> <p>The <code>GranteePrincipal</code> field in the <code>ListGrants</code> response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an AWS service, the <code>GranteePrincipal</code> field contains the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services\">service principal</a>, which might represent several different grantee principals.</p>"
},
"RetiringPrincipal":{
"shape":"PrincipalIdType",
@ -1956,7 +1959,7 @@
"documentation":"<p>A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.</p>"
}
},
"documentation":"<p>Contains information about an entry in a list of grants.</p>"
"documentation":"<p>Contains information about a grant.</p>"
},
"GrantNameType":{
"type":"string",
@ -2206,11 +2209,11 @@
},
"KeyUsage":{
"shape":"KeyUsageType",
"documentation":"<p>The cryptographic operations for which you can use the CMK.</p>"
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> for which you can use the CMK.</p>"
},
"KeyState":{
"shape":"KeyState",
"documentation":"<p>The state of the CMK.</p> <p>For more information about how key state affects the use of a CMK, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects the Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
"documentation":"<p>The current status of the CMK.</p> <p>For more information about how key state affects the use of a CMK, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>"
},
"DeletionDate":{
"shape":"DateType",
@ -2246,11 +2249,11 @@
},
"EncryptionAlgorithms":{
"shape":"EncryptionAlgorithmSpecList",
"documentation":"<p>A list of encryption algorithms that the CMK supports. You cannot use the CMK with other encryption algorithms within AWS KMS.</p> <p>This field appears only when the <code>KeyUsage</code> of the CMK is <code>ENCRYPT_DECRYPT</code>.</p>"
"documentation":"<p>The encryption algorithms that the CMK supports. You cannot use the CMK with other encryption algorithms within AWS KMS.</p> <p>This field appears only when the <code>KeyUsage</code> of the CMK is <code>ENCRYPT_DECRYPT</code>.</p>"
},
"SigningAlgorithms":{
"shape":"SigningAlgorithmSpecList",
"documentation":"<p>A list of signing algorithms that the CMK supports. You cannot use the CMK with other signing algorithms within AWS KMS.</p> <p>This field appears only when the <code>KeyUsage</code> of the CMK is <code>SIGN_VERIFY</code>.</p>"
"documentation":"<p>The signing algorithms that the CMK supports. You cannot use the CMK with other signing algorithms within AWS KMS.</p> <p>This field appears only when the <code>KeyUsage</code> of the CMK is <code>SIGN_VERIFY</code>.</p>"
}
},
"documentation":"<p>Contains metadata about a customer master key (CMK).</p> <p>This data type is used as a response element for the <a>CreateKey</a> and <a>DescribeKey</a> operations.</p>"
@ -2647,7 +2650,7 @@
},
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>Unique identifier of the CMK used to reencrypt the data.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK that was used to reencrypt the data.</p>"
},
"SourceEncryptionAlgorithm":{
"shape":"EncryptionAlgorithmSpec",
@ -2712,7 +2715,7 @@
"members":{
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The unique identifier of the customer master key (CMK) for which deletion is scheduled.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the CMK whose deletion is scheduled.</p>"
},
"DeletionDate":{
"shape":"DateType",
@ -2755,7 +2758,7 @@
"members":{
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The Amazon Resource Name (ARN) of the asymmetric CMK that was used to sign the message.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the asymmetric CMK that was used to sign the message.</p>"
},
"Signature":{
"shape":"CiphertextType",
@ -2977,7 +2980,7 @@
"members":{
"KeyId":{
"shape":"KeyIdType",
"documentation":"<p>The unique identifier for the asymmetric CMK that was used to verify the signature.</p>"
"documentation":"<p>The Amazon Resource Name (<a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN\">key ARN</a>) of the asymmetric CMK that was used to verify the signature.</p>"
},
"SignatureValid":{
"shape":"BooleanType",

99
botocore/data/lambda/2015-03-31/service-2.json
View file

@ -442,6 +442,10 @@
{"shape":"EC2UnexpectedException"},
{"shape":"SubnetIPAddressLimitReachedException"},
{"shape":"ENILimitReachedException"},
{"shape":"EFSMountConnectivityException"},
{"shape":"EFSMountFailureException"},
{"shape":"EFSMountTimeoutException"},
{"shape":"EFSIOException"},
{"shape":"EC2ThrottledException"},
{"shape":"EC2AccessDeniedException"},
{"shape":"InvalidSubnetIDException"},
@ -697,7 +701,7 @@
{"shape":"InvalidParameterValueException"},
{"shape":"TooManyRequestsException"}
],
"documentation":"<p>Configures options for <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html\">asynchronous invocation</a> on a function, version, or alias. If a configuration already exists for a function, version, or alias, this operation overwrites it. If you exclude any settings, they are removed. To set one option without affecting existing settings for other options, use <a>PutFunctionEventInvokeConfig</a>.</p> <p>By default, Lambda retries an asynchronous invocation twice if the function returns an error. It retains events in a queue for up to six hours. When an event fails all processing attempts or stays in the asynchronous invocation queue for too long, Lambda discards it. To retain discarded events, configure a dead-letter queue with <a>UpdateFunctionConfiguration</a>.</p> <p>To send an invocation record to a queue, topic, function, or event bus, specify a <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations\">destination</a>. You can configure separate destinations for successful invocations (on-success) and events that fail all processing attempts (on-failure). You can configure destinations in addition to or instead of a dead-letter queue.</p>"
"documentation":"<p>Configures options for <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html\">asynchronous invocation</a> on a function, version, or alias. If a configuration already exists for a function, version, or alias, this operation overwrites it. If you exclude any settings, they are removed. To set one option without affecting existing settings for other options, use <a>UpdateFunctionEventInvokeConfig</a>.</p> <p>By default, Lambda retries an asynchronous invocation twice if the function returns an error. It retains events in a queue for up to six hours. When an event fails all processing attempts or stays in the asynchronous invocation queue for too long, Lambda discards it. To retain discarded events, configure a dead-letter queue with <a>UpdateFunctionConfiguration</a>.</p> <p>To send an invocation record to a queue, topic, function, or event bus, specify a <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations\">destination</a>. You can configure separate destinations for successful invocations (on-success) and events that fail all processing attempts (on-failure). You can configure destinations in addition to or instead of a dead-letter queue.</p>"
},
"PutProvisionedConcurrencyConfig":{
"name":"PutProvisionedConcurrencyConfig",
@ -1100,7 +1104,7 @@
"members":{
"AdditionalVersionWeights":{
"shape":"AdditionalVersionWeights",
"documentation":"<p>The name of the second alias, and the percentage of traffic that's routed to it.</p>"
"documentation":"<p>The second version, and the percentage of traffic that's routed to it.</p>"
}
},
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html\">traffic-shifting</a> configuration of a Lambda function alias.</p>"
@ -1179,7 +1183,7 @@
},
"RoutingConfig":{
"shape":"AliasRoutingConfiguration",
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html\">routing configuration</a> of the alias.</p>"
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html#configuring-alias-routing\">routing configuration</a> of the alias.</p>"
}
}
},
@ -1313,6 +1317,10 @@
"Layers":{
"shape":"LayerList",
"documentation":"<p>A list of <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html\">function layers</a> to add to the function's execution environment. Specify each layer by its ARN, including the version.</p>"
},
"FileSystemConfigs":{
"shape":"FileSystemConfigList",
"documentation":"<p>Connection settings for an Amazon EFS file system.</p>"
}
}
},
@ -1506,6 +1514,46 @@
"error":{"httpStatusCode":502},
"exception":true
},
"EFSIOException":{
"type":"structure",
"members":{
"Type":{"shape":"String"},
"Message":{"shape":"String"}
},
"documentation":"<p>An error occured when reading from or writing to a connected file system.</p>",
"error":{"httpStatusCode":410},
"exception":true
},
"EFSMountConnectivityException":{
"type":"structure",
"members":{
"Type":{"shape":"String"},
"Message":{"shape":"String"}
},
"documentation":"<p>The function couldn't make a network connection to the configured file system.</p>",
"error":{"httpStatusCode":408},
"exception":true
},
"EFSMountFailureException":{
"type":"structure",
"members":{
"Type":{"shape":"String"},
"Message":{"shape":"String"}
},
"documentation":"<p>The function couldn't mount the configured file system due to a permission or configuration issue.</p>",
"error":{"httpStatusCode":403},
"exception":true
},
"EFSMountTimeoutException":{
"type":"structure",
"members":{
"Type":{"shape":"String"},
"Message":{"shape":"String"}
},
"documentation":"<p>The function was able to make a network connection to the configured file system, but the mount operation timed out.</p>",
"error":{"httpStatusCode":408},
"exception":true
},
"ENILimitReachedException":{
"type":"structure",
"members":{
@ -1650,6 +1698,34 @@
"min":0,
"pattern":"[a-zA-Z0-9._\\-]+"
},
"FileSystemArn":{
"type":"string",
"max":200,
"pattern":"arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:access-point/fsap-[a-f0-9]{17}"
},
"FileSystemConfig":{
"type":"structure",
"required":[
"Arn",
"LocalMountPath"
],
"members":{
"Arn":{
"shape":"FileSystemArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.</p>"
},
"LocalMountPath":{
"shape":"LocalMountPath",
"documentation":"<p>The path where the function can access the file system, starting with <code>/mnt/</code>.</p>"
}
},
"documentation":"<p>Details about the connection between a Lambda function and an Amazon EFS file system.</p>"
},
"FileSystemConfigList":{
"type":"list",
"member":{"shape":"FileSystemConfig"},
"max":1
},
"FunctionArn":{
"type":"string",
"pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?"
@ -1796,6 +1872,10 @@
"LastUpdateStatusReasonCode":{
"shape":"LastUpdateStatusReasonCode",
"documentation":"<p>The reason code for the last update that was performed on the function.</p>"
},
"FileSystemConfigs":{
"shape":"FileSystemConfigList",
"documentation":"<p>Connection settings for an Amazon EFS file system.</p>"
}
},
"documentation":"<p>Details about a function's configuration.</p>"
@ -2922,6 +3002,11 @@
}
}
},
"LocalMountPath":{
"type":"string",
"max":160,
"pattern":"^/mnt/[a-zA-Z0-9-_.]+$"
},
"LogType":{
"type":"string",
"enum":[
@ -3432,7 +3517,7 @@
"Type":{"shape":"String"},
"Message":{"shape":"String"}
},
"documentation":"<p>The operation conflicts with the resource's availability. For example, you attempted to update an EventSource Mapping in CREATING, or tried to delete a EventSource mapping currently in the UPDATING state. </p>",
"documentation":"<p>The operation conflicts with the resource's availability. For example, you attempted to update an EventSource Mapping in CREATING, or tried to delete a EventSource mapping currently in the UPDATING state.</p>",
"error":{"httpStatusCode":400},
"exception":true
},
@ -3733,7 +3818,7 @@
},
"RoutingConfig":{
"shape":"AliasRoutingConfiguration",
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html\">routing configuration</a> of the alias.</p>"
"documentation":"<p>The <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html#configuring-alias-routing\">routing configuration</a> of the alias.</p>"
},
"RevisionId":{
"shape":"String",
@ -3890,6 +3975,10 @@
"Layers":{
"shape":"LayerList",
"documentation":"<p>A list of <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html\">function layers</a> to add to the function's execution environment. Specify each layer by its ARN, including the version.</p>"
},
"FileSystemConfigs":{
"shape":"FileSystemConfigList",
"documentation":"<p>Connection settings for an Amazon EFS file system.</p>"
}
}
},

58
botocore/data/lex-models/2017-04-19/service-2.json
View file

@ -1170,6 +1170,10 @@
"checksum":{
"shape":"String",
"documentation":"<p>Checksum of the intent version created.</p>"
},
"kendraConfiguration":{
"shape":"KendraConfiguration",
"documentation":"<p>Configuration information, if any, for connectin an Amazon Kendra index with the <code>AMAZON.KendraSearchIntent</code> intent.</p>"
}
}
},
@ -2191,6 +2195,10 @@
"checksum":{
"shape":"String",
"documentation":"<p>Checksum of the intent.</p>"
},
"kendraConfiguration":{
"shape":"KendraConfiguration",
"documentation":"<p>Configuration information, if any, to connect to an Amazon Kendra index with the <code>AMAZON.KendraSearchIntent</code> intent.</p>"
}
}
},
@ -2457,7 +2465,7 @@
"type":"string",
"max":2048,
"min":20,
"pattern":"^arn:[\\w\\-]+:iam::[\\d]{12}:role\\/[\\w+=,\\.@\\-]{1,64}$"
"pattern":"^arn:[\\w\\-]+:iam::[\\d]{12}:role/.+$"
},
"ImportStatus":{
"type":"string",
@ -2541,6 +2549,34 @@
"exception":true,
"fault":true
},
"KendraConfiguration":{
"type":"structure",
"required":[
"kendraIndex",
"role"
],
"members":{
"kendraIndex":{
"shape":"KendraIndexArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Kendra index that you want the AMAZON.KendraSearchIntent intent to search. The index must be in the same account and Region as the Amazon Lex bot. If the Amazon Kendra index does not exist, you get an exception when you call the <code>PutIntent</code> operation.</p>"
},
"queryFilterString":{
"shape":"QueryFilterString",
"documentation":"<p>A query filter that Amazon Lex sends to Amazon Kendra to filter the response from the query. The filter is in the format defined by Amazon Kendra. For more information, see <a href=\"http://docs.aws.amazon.com/kendra/latest/dg/filtering.html\">Filtering queries</a>.</p> <p>You can override this filter string with a new filter string at runtime.</p>"
},
"role":{
"shape":"roleArn",
"documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that has permission to search the Amazon Kendra index. The role must be in the same account and Region as the Amazon Lex bot. If the role does not exist, you get an exception when you call the <code>PutIntent</code> operation.</p>"
}
},
"documentation":"<p>Provides configuration information for the AMAZON.KendraSearchIntent intent. When you use this intent, Amazon Lex searches the specified Amazon Kendra index and returns documents from the index that match the user's utterance. For more information, see <a href=\"http://docs.aws.amazon.com/lex/latest/dg/built-in-intent-kendra-search.html\"> AMAZON.KendraSearchIntent</a>.</p>"
},
"KendraIndexArn":{
"type":"string",
"max":2048,
"min":20,
"pattern":"arn:aws:kendra:[a-z]+-[a-z]+-[0-9]:[0-9]{12}:index\\/[a-zA-Z0-9][a-zA-Z0-9_-]*"
},
"KmsKeyArn":{
"type":"string",
"max":2048,
@ -3084,6 +3120,10 @@
"createVersion":{
"shape":"Boolean",
"documentation":"<p>When set to <code>true</code> a new numbered version of the intent is created. This is the same as calling the <code>CreateIntentVersion</code> operation. If you do not specify <code>createVersion</code>, the default is <code>false</code>.</p>"
},
"kendraConfiguration":{
"shape":"KendraConfiguration",
"documentation":"<p>Configuration information required to use the <code>AMAZON.KendraSearchIntent</code> intent to connect to an Amazon Kendra index. For more information, see <a href=\"http://docs.aws.amazon.com/lex/latest/dg/built-in-intent-kendra-search.html\"> AMAZON.KendraSearchIntent</a>.</p>"
}
}
},
@ -3153,6 +3193,10 @@
"createVersion":{
"shape":"Boolean",
"documentation":"<p> <code>True</code> if a new version of the intent was created. If the <code>createVersion</code> field was not specified in the request, the <code>createVersion</code> field is set to false in the response.</p>"
},
"kendraConfiguration":{
"shape":"KendraConfiguration",
"documentation":"<p>Configuration information, if any, required to connect to an Amazon Kendra index and use the <code>AMAZON.KendraSearchIntent</code> intent.</p>"
}
}
},
@ -3245,6 +3289,10 @@
}
}
},
"QueryFilterString":{
"type":"string",
"min":0
},
"ReferenceType":{
"type":"string",
"enum":[
@ -3344,7 +3392,7 @@
},
"priority":{
"shape":"Priority",
"documentation":"<p> Directs Lex the order in which to elicit this slot value from the user. For example, if the intent has two slots with priorities 1 and 2, AWS Lex first elicits a value for the slot with priority 1.</p> <p>If multiple slots share the same priority, the order in which Lex elicits values is arbitrary.</p>"
"documentation":"<p> Directs Amazon Lex the order in which to elicit this slot value from the user. For example, if the intent has two slots with priorities 1 and 2, AWS Amazon Lex first elicits a value for the slot with priority 1.</p> <p>If multiple slots share the same priority, the order in which Amazon Lex elicits values is arbitrary.</p>"
},
"sampleUtterances":{
"shape":"SlotUtteranceList",
@ -3712,6 +3760,12 @@
"max":64,
"min":1,
"pattern":"\\$LATEST|[0-9]+"
},
"roleArn":{
"type":"string",
"max":2048,
"min":20,
"pattern":"arn:aws:iam::[0-9]{12}:role/.*"
}
},
"documentation":"<fullname>Amazon Lex Build-Time Actions</fullname> <p> Amazon Lex is an AWS service for building conversational voice and text interfaces. Use these actions to create, update, and delete conversational bots for new and existing client applications. </p>"

56
botocore/data/lightsail/2016-11-28/service-2.json
View file

@ -1179,7 +1179,7 @@
{"shape":"AccountSetupInProgressException"},
{"shape":"UnauthenticatedException"}
],
"documentation":"<p>Returns the data points for the specified Amazon Lightsail instance metric, given an instance name.</p>"
"documentation":"<p>Returns the data points for the specified Amazon Lightsail instance metric, given an instance name.</p> <p>Metrics report the utilization of your resources, and the error counts generated by them. Monitor and collect metric data regularly to maintain the reliability, availability, and performance of your resources.</p>"
},
"GetInstancePortStates":{
"name":"GetInstancePortStates",
@ -1350,7 +1350,7 @@
{"shape":"AccountSetupInProgressException"},
{"shape":"UnauthenticatedException"}
],
"documentation":"<p>Returns information about health metrics for your Lightsail load balancer.</p>"
"documentation":"<p>Returns information about health metrics for your Lightsail load balancer.</p> <p>Metrics report the utilization of your resources, and the error counts generated by them. Monitor and collect metric data regularly to maintain the reliability, availability, and performance of your resources.</p>"
},
"GetLoadBalancerTlsCertificates":{
"name":"GetLoadBalancerTlsCertificates",
@ -1616,7 +1616,7 @@
{"shape":"AccountSetupInProgressException"},
{"shape":"UnauthenticatedException"}
],
"documentation":"<p>Returns the data points of the specified metric for a database in Amazon Lightsail.</p>"
"documentation":"<p>Returns the data points of the specified metric for a database in Amazon Lightsail.</p> <p>Metrics report the utilization of your resources, and the error counts generated by them. Monitor and collect metric data regularly to maintain the reliability, availability, and performance of your resources.</p>"
},
"GetRelationalDatabaseParameters":{
"name":"GetRelationalDatabaseParameters",
@ -2614,7 +2614,7 @@
"members":{
"price":{
"shape":"float",
"documentation":"<p>The price in US dollars (e.g., <code>5.0</code>).</p>"
"documentation":"<p>The price in US dollars (e.g., <code>5.0</code>) of the bundle.</p>"
},
"cpuCount":{
"shape":"integer",
@ -4762,7 +4762,7 @@
},
"metricName":{
"shape":"InstanceMetricName",
"documentation":"<p>The metric for which you want to return information.</p> <p>Valid instance metric names are listed below, along with the most useful <code>statistics</code> to include in your request, and the published <code>unit</code> value.</p> <ul> <li> <p> <b> <code>CPUUtilization</code> </b> - The percentage of allocated compute units that are currently in use on the instance. This metric identifies the processing power to run the applications on the instance. Tools in your operating system can show a lower percentage than Lightsail when the instance is not allocated a full processor core.</p> <p> <code>Statistics</code>: The most useful statistics are <code>Maximum</code> and <code>Average</code>.</p> <p> <code>Unit</code>: The published unit is <code>Percent</code>.</p> </li> <li> <p> <b> <code>NetworkIn</code> </b> - The number of bytes received on all network interfaces by the instance. This metric identifies the volume of incoming network traffic to the instance. The number reported is the number of bytes received during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Bytes</code>.</p> </li> <li> <p> <b> <code>NetworkOut</code> </b> - The number of bytes sent out on all network interfaces by the instance. This metric identifies the volume of outgoing network traffic from the instance. The number reported is the number of bytes sent during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Bytes</code>.</p> </li> <li> <p> <b> <code>StatusCheckFailed</code> </b> - Reports whether the instance passed or failed both the instance status check and the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Count</code>.</p> </li> <li> <p> <b> <code>StatusCheckFailed_Instance</code> </b> - Reports whether the instance passed or failed the instance status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Count</code>.</p> </li> <li> <p> <b> <code>StatusCheckFailed_System</code> </b> - Reports whether the instance passed or failed the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Count</code>.</p> </li> </ul>"
"documentation":"<p>The metric for which you want to return information.</p> <p>Valid instance metric names are listed below, along with the most useful <code>statistics</code> to include in your request, and the published <code>unit</code> value.</p> <ul> <li> <p> <b> <code>BurstCapacityPercentage</code> </b> - The percentage of CPU performance available for your instance to burst above its baseline. Your instance continuously accrues and consumes burst capacity. Burst capacity stops accruing when your instance's <code>BurstCapacityPercentage</code> reaches 100%. For more information, see <a href=\"https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-viewing-instance-burst-capacity\">Viewing instance burst capacity in Amazon Lightsail</a>.</p> <p> <code>Statistics</code>: The most useful statistics are <code>Maximum</code> and <code>Average</code>.</p> <p> <code>Unit</code>: The published unit is <code>Percent</code>.</p> </li> <li> <p> <b> <code>BurstCapacityTime</code> </b> - The available amount of time for your instance to burst at 100% CPU utilization. Your instance continuously accrues and consumes burst capacity. Burst capacity time stops accruing when your instance's <code>BurstCapacityPercentage</code> metric reaches 100%.</p> <p>Burst capacity time is consumed at the full rate only when your instance operates at 100% CPU utilization. For example, if your instance operates at 50% CPU utilization in the burstable zone for a 5-minute period, then it consumes CPU burst capacity minutes at a 50% rate in that period. Your instance consumed 2 minutes and 30 seconds of CPU burst capacity minutes in the 5-minute period. For more information, see <a href=\"https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-viewing-instance-burst-capacity\">Viewing instance burst capacity in Amazon Lightsail</a>.</p> <p> <code>Statistics</code>: The most useful statistics are <code>Maximum</code> and <code>Average</code>.</p> <p> <code>Unit</code>: The published unit is <code>Seconds</code>.</p> </li> <li> <p> <b> <code>CPUUtilization</code> </b> - The percentage of allocated compute units that are currently in use on the instance. This metric identifies the processing power to run the applications on the instance. Tools in your operating system can show a lower percentage than Lightsail when the instance is not allocated a full processor core.</p> <p> <code>Statistics</code>: The most useful statistics are <code>Maximum</code> and <code>Average</code>.</p> <p> <code>Unit</code>: The published unit is <code>Percent</code>.</p> </li> <li> <p> <b> <code>NetworkIn</code> </b> - The number of bytes received on all network interfaces by the instance. This metric identifies the volume of incoming network traffic to the instance. The number reported is the number of bytes received during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Bytes</code>.</p> </li> <li> <p> <b> <code>NetworkOut</code> </b> - The number of bytes sent out on all network interfaces by the instance. This metric identifies the volume of outgoing network traffic from the instance. The number reported is the number of bytes sent during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Bytes</code>.</p> </li> <li> <p> <b> <code>StatusCheckFailed</code> </b> - Reports whether the instance passed or failed both the instance status check and the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Count</code>.</p> </li> <li> <p> <b> <code>StatusCheckFailed_Instance</code> </b> - Reports whether the instance passed or failed the instance status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Count</code>.</p> </li> <li> <p> <b> <code>StatusCheckFailed_System</code> </b> - Reports whether the instance passed or failed the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> <p> <code>Unit</code>: The published unit is <code>Count</code>.</p> </li> </ul>"
},
"period":{
"shape":"MetricPeriod",
@ -4791,11 +4791,11 @@
"members":{
"metricName":{
"shape":"InstanceMetricName",
"documentation":"<p>The metric name to return data for.</p>"
"documentation":"<p>The name of the metric returned.</p>"
},
"metricData":{
"shape":"MetricDatapointList",
"documentation":"<p>An array of key-value pairs containing information about the results of your get instance metric data request.</p>"
"documentation":"<p>An array of objects that describe the metric data returned.</p>"
}
}
},
@ -4994,7 +4994,7 @@
},
"unit":{
"shape":"MetricUnit",
"documentation":"<p>The unit for the metric data request. Valid units depend on the metric data being required. For the valid units with each available metric, see the <code>metricName</code> parameter.</p>"
"documentation":"<p>The unit for the metric data request. Valid units depend on the metric data being requested. For the valid units with each available metric, see the <code>metricName</code> parameter.</p>"
},
"statistics":{
"shape":"MetricStatisticList",
@ -5007,11 +5007,11 @@
"members":{
"metricName":{
"shape":"LoadBalancerMetricName",
"documentation":"<p>The metric about which you are receiving information. Valid values are listed below, along with the most useful <code>statistics</code> to include in your request.</p> <ul> <li> <p> <b> <code>ClientTLSNegotiationErrorCount</code> </b> - The number of TLS connections initiated by the client that did not establish a session with the load balancer. Possible causes include a mismatch of ciphers or protocols.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> </li> <li> <p> <b> <code>HealthyHostCount</code> </b> - The number of target instances that are considered healthy.</p> <p> <code>Statistics</code>: The most useful statistic are <code>Average</code>, <code>Minimum</code>, and <code>Maximum</code>.</p> </li> <li> <p> <b> <code>UnhealthyHostCount</code> </b> - The number of target instances that are considered unhealthy.</p> <p> <code>Statistics</code>: The most useful statistic are <code>Average</code>, <code>Minimum</code>, and <code>Maximum</code>.</p> </li> <li> <p> <b> <code>HTTPCode_LB_4XX_Count</code> </b> - The number of HTTP 4XX client error codes that originate from the load balancer. Client errors are generated when requests are malformed or incomplete. These requests have not been received by the target instance. This count does not include any response codes generated by the target instances.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>.</p> </li> <li> <p> <b> <code>HTTPCode_LB_5XX_Count</code> </b> - The number of HTTP 5XX server error codes that originate from the load balancer. This count does not include any response codes generated by the target instances.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>.</p> </li> <li> <p> <b> <code>HTTPCode_Instance_2XX_Count</code> </b> - The number of HTTP response codes generated by the target instances. This does not include any response codes generated by the load balancer.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>.</p> </li> <li> <p> <b> <code>HTTPCode_Instance_3XX_Count</code> </b> - The number of HTTP response codes generated by the target instances. This does not include any response codes generated by the load balancer. </p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>.</p> </li> <li> <p> <b> <code>HTTPCode_Instance_4XX_Count</code> </b> - The number of HTTP response codes generated by the target instances. This does not include any response codes generated by the load balancer.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>.</p> </li> <li> <p> <b> <code>HTTPCode_Instance_5XX_Count</code> </b> - The number of HTTP response codes generated by the target instances. This does not include any response codes generated by the load balancer.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>.</p> </li> <li> <p> <b> <code>InstanceResponseTime</code> </b> - The time elapsed, in seconds, after the request leaves the load balancer until a response from the target instance is received.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Average</code>.</p> </li> <li> <p> <b> <code>RejectedConnectionCount</code> </b> - The number of connections that were rejected because the load balancer had reached its maximum number of connections.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>.</p> </li> <li> <p> <b> <code>RequestCount</code> </b> - The number of requests processed over IPv4. This count includes only the requests with a response generated by a target instance of the load balancer.</p> <p> <code>Statistics</code>: The most useful statistic is <code>Sum</code>. Note that <code>Minimum</code>, <code>Maximum</code>, and <code>Average</code> all return <code>1</code>.</p> </li> </ul>"
"documentation":"<p>The name of the metric returned.</p>"
},
"metricData":{
"shape":"MetricDatapointList",
"documentation":"<p>An array of metric datapoint objects.</p>"
"documentation":"<p>An array of objects that describe the metric data returned.</p>"
}
}
},
@ -5375,7 +5375,7 @@
},
"unit":{
"shape":"MetricUnit",
"documentation":"<p>The unit for the metric data request. Valid units depend on the metric data being required. For the valid units with each available metric, see the <code>metricName</code> parameter.</p>"
"documentation":"<p>The unit for the metric data request. Valid units depend on the metric data being requested. For the valid units with each available metric, see the <code>metricName</code> parameter.</p>"
},
"statistics":{
"shape":"MetricStatisticList",
@ -5388,11 +5388,11 @@
"members":{
"metricName":{
"shape":"RelationalDatabaseMetricName",
"documentation":"<p>The name of the metric.</p>"
"documentation":"<p>The name of the metric returned.</p>"
},
"metricData":{
"shape":"MetricDatapointList",
"documentation":"<p>An object describing the result of your get relational database metric data request.</p>"
"documentation":"<p>An array of objects that describe the metric data returned.</p>"
}
}
},
@ -5864,7 +5864,9 @@
"NetworkOut",
"StatusCheckFailed",
"StatusCheckFailed_Instance",
"StatusCheckFailed_System"
"StatusCheckFailed_System",
"BurstCapacityTime",
"BurstCapacityPercentage"
]
},
"InstanceNetworking":{
@ -5897,15 +5899,15 @@
"members":{
"fromPort":{
"shape":"Port",
"documentation":"<p>The first port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - <code>8</code> (to configure Ping)</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The first port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - The ICMP type. For example, specify <code>8</code> as the <code>fromPort</code> (ICMP type), and <code>-1</code> as the <code>toPort</code> (ICMP code), to enable ICMP Ping. For more information, see <a href=\"https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages\">Control Messages</a> on <i>Wikipedia</i>.</p> </li> </ul>"
},
"toPort":{
"shape":"Port",
"documentation":"<p>The last port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - <code>-1</code> (to configure Ping)</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The last port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - The ICMP code. For example, specify <code>8</code> as the <code>fromPort</code> (ICMP type), and <code>-1</code> as the <code>toPort</code> (ICMP code), to enable ICMP Ping. For more information, see <a href=\"https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages\">Control Messages</a> on <i>Wikipedia</i>.</p> </li> </ul>"
},
"protocol":{
"shape":"NetworkProtocol",
"documentation":"<p>The IP protocol name.</p> <p>The name can be one of the following:</p> <ul> <li> <p> <code>tcp</code> - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.</p> </li> <li> <p> <code>all</code> - All transport layer protocol types. For more general information, see <a href=\"https://en.wikipedia.org/wiki/Transport_layer\">Transport layer</a> on <i>Wikipedia</i>.</p> </li> <li> <p> <code>udp</code> - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.</p> </li> <li> <p> <code>icmp</code> - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached.</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The IP protocol name.</p> <p>The name can be one of the following:</p> <ul> <li> <p> <code>tcp</code> - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.</p> </li> <li> <p> <code>all</code> - All transport layer protocol types. For more general information, see <a href=\"https://en.wikipedia.org/wiki/Transport_layer\">Transport layer</a> on <i>Wikipedia</i>.</p> </li> <li> <p> <code>udp</code> - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.</p> </li> <li> <p> <code>icmp</code> - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify <code>icmp</code> as the <code>protocol</code>, you must specify the ICMP type using the <code>fromPort</code> parameter, and ICMP code using the <code>toPort</code> parameter.</p> </li> </ul>"
},
"accessFrom":{
"shape":"string",
@ -5943,15 +5945,15 @@
"members":{
"fromPort":{
"shape":"Port",
"documentation":"<p>The first port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - <code>8</code> (to configure Ping)</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The first port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - The ICMP type. For example, specify <code>8</code> as the <code>fromPort</code> (ICMP type), and <code>-1</code> as the <code>toPort</code> (ICMP code), to enable ICMP Ping. For more information, see <a href=\"https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages\">Control Messages</a> on <i>Wikipedia</i>.</p> </li> </ul>"
},
"toPort":{
"shape":"Port",
"documentation":"<p>The last port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - <code>-1</code> (to configure Ping)</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The last port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - The ICMP code. For example, specify <code>8</code> as the <code>fromPort</code> (ICMP type), and <code>-1</code> as the <code>toPort</code> (ICMP code), to enable ICMP Ping. For more information, see <a href=\"https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages\">Control Messages</a> on <i>Wikipedia</i>.</p> </li> </ul>"
},
"protocol":{
"shape":"NetworkProtocol",
"documentation":"<p>The IP protocol name.</p> <p>The name can be one of the following:</p> <ul> <li> <p> <code>tcp</code> - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.</p> </li> <li> <p> <code>all</code> - All transport layer protocol types. For more general information, see <a href=\"https://en.wikipedia.org/wiki/Transport_layer\">Transport layer</a> on <i>Wikipedia</i>.</p> </li> <li> <p> <code>udp</code> - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.</p> </li> <li> <p> <code>icmp</code> - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached.</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The IP protocol name.</p> <p>The name can be one of the following:</p> <ul> <li> <p> <code>tcp</code> - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.</p> </li> <li> <p> <code>all</code> - All transport layer protocol types. For more general information, see <a href=\"https://en.wikipedia.org/wiki/Transport_layer\">Transport layer</a> on <i>Wikipedia</i>.</p> </li> <li> <p> <code>udp</code> - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.</p> </li> <li> <p> <code>icmp</code> - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify <code>icmp</code> as the <code>protocol</code>, you must specify the ICMP type using the <code>fromPort</code> parameter, and ICMP code using the <code>toPort</code> parameter.</p> </li> </ul>"
},
"state":{
"shape":"PortState",
@ -6324,7 +6326,7 @@
},
"status":{
"shape":"LoadBalancerTlsCertificateStatus",
"documentation":"<p>The status of the SSL/TLS certificate. Valid values are below.</p>"
"documentation":"<p>The validation status of the SSL/TLS certificate. Valid values are below.</p>"
},
"domainName":{
"shape":"DomainName",
@ -6609,7 +6611,9 @@
"DiskQueueDepth",
"FreeStorageSpace",
"NetworkReceiveThroughput",
"NetworkTransmitThroughput"
"NetworkTransmitThroughput",
"BurstCapacityTime",
"BurstCapacityPercentage"
]
},
"MetricPeriod":{
@ -6969,15 +6973,15 @@
"members":{
"fromPort":{
"shape":"Port",
"documentation":"<p>The first port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - <code>8</code> (to configure Ping)</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The first port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - The ICMP type. For example, specify <code>8</code> as the <code>fromPort</code> (ICMP type), and <code>-1</code> as the <code>toPort</code> (ICMP code), to enable ICMP Ping. For more information, see <a href=\"https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages\">Control Messages</a> on <i>Wikipedia</i>.</p> </li> </ul>"
},
"toPort":{
"shape":"Port",
"documentation":"<p>The last port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - <code>-1</code> (to configure Ping)</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The last port in a range of open ports on an instance.</p> <p>Allowed ports:</p> <ul> <li> <p>TCP and UDP - <code>0</code> to <code>65535</code> </p> </li> <li> <p>ICMP - The ICMP code. For example, specify <code>8</code> as the <code>fromPort</code> (ICMP type), and <code>-1</code> as the <code>toPort</code> (ICMP code), to enable ICMP Ping. For more information, see <a href=\"https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Control_messages\">Control Messages</a> on <i>Wikipedia</i>.</p> </li> </ul>"
},
"protocol":{
"shape":"NetworkProtocol",
"documentation":"<p>The IP protocol name.</p> <p>The name can be one of the following:</p> <ul> <li> <p> <code>tcp</code> - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.</p> </li> <li> <p> <code>all</code> - All transport layer protocol types. For more general information, see <a href=\"https://en.wikipedia.org/wiki/Transport_layer\">Transport layer</a> on <i>Wikipedia</i>.</p> </li> <li> <p> <code>udp</code> - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.</p> </li> <li> <p> <code>icmp</code> - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached.</p> <note> <p>Ping is the only communication supported through the ICMP protocol in Lightsail. To configure ping, specify the <code>fromPort</code> parameter as <code>8</code>, and the <code>toPort</code> parameter as <code>-1</code>.</p> </note> </li> </ul>"
"documentation":"<p>The IP protocol name.</p> <p>The name can be one of the following:</p> <ul> <li> <p> <code>tcp</code> - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.</p> </li> <li> <p> <code>all</code> - All transport layer protocol types. For more general information, see <a href=\"https://en.wikipedia.org/wiki/Transport_layer\">Transport layer</a> on <i>Wikipedia</i>.</p> </li> <li> <p> <code>udp</code> - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.</p> </li> <li> <p> <code>icmp</code> - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify <code>icmp</code> as the <code>protocol</code>, you must specify the ICMP type using the <code>fromPort</code> parameter, and ICMP code using the <code>toPort</code> parameter.</p> </li> </ul>"
},
"cidrs":{
"shape":"StringList",
@ -7031,7 +7035,7 @@
},
"metricName":{
"shape":"MetricName",
"documentation":"<p>The name of the metric to associate with the alarm.</p> <p>You can configure up to two alarms per metric.</p> <p>The following metrics are available for each resource type:</p> <ul> <li> <p> <b>Instances</b>: <code>CPUUtilization</code>, <code>NetworkIn</code>, <code>NetworkOut</code>, <code>StatusCheckFailed</code>, <code>StatusCheckFailed_Instance</code>, and <code>StatusCheckFailed_System</code>.</p> </li> <li> <p> <b>Load balancers</b>: <code>ClientTLSNegotiationErrorCount</code>, <code>HealthyHostCount</code>, <code>UnhealthyHostCount</code>, <code>HTTPCode_LB_4XX_Count</code>, <code>HTTPCode_LB_5XX_Count</code>, <code>HTTPCode_Instance_2XX_Count</code>, <code>HTTPCode_Instance_3XX_Count</code>, <code>HTTPCode_Instance_4XX_Count</code>, <code>HTTPCode_Instance_5XX_Count</code>, <code>InstanceResponseTime</code>, <code>RejectedConnectionCount</code>, and <code>RequestCount</code>.</p> </li> <li> <p> <b>Relational databases</b>: <code>CPUUtilization</code>, <code>DatabaseConnections</code>, <code>DiskQueueDepth</code>, <code>FreeStorageSpace</code>, <code>NetworkReceiveThroughput</code>, and <code>NetworkTransmitThroughput</code>.</p> </li> </ul>"
"documentation":"<p>The name of the metric to associate with the alarm.</p> <p>You can configure up to two alarms per metric.</p> <p>The following metrics are available for each resource type:</p> <ul> <li> <p> <b>Instances</b>: <code>BurstCapacityPercentage</code>, <code>BurstCapacityTime</code>, <code>CPUUtilization</code>, <code>NetworkIn</code>, <code>NetworkOut</code>, <code>StatusCheckFailed</code>, <code>StatusCheckFailed_Instance</code>, and <code>StatusCheckFailed_System</code>.</p> </li> <li> <p> <b>Load balancers</b>: <code>ClientTLSNegotiationErrorCount</code>, <code>HealthyHostCount</code>, <code>UnhealthyHostCount</code>, <code>HTTPCode_LB_4XX_Count</code>, <code>HTTPCode_LB_5XX_Count</code>, <code>HTTPCode_Instance_2XX_Count</code>, <code>HTTPCode_Instance_3XX_Count</code>, <code>HTTPCode_Instance_4XX_Count</code>, <code>HTTPCode_Instance_5XX_Count</code>, <code>InstanceResponseTime</code>, <code>RejectedConnectionCount</code>, and <code>RequestCount</code>.</p> </li> <li> <p> <b>Relational databases</b>: <code>CPUUtilization</code>, <code>DatabaseConnections</code>, <code>DiskQueueDepth</code>, <code>FreeStorageSpace</code>, <code>NetworkReceiveThroughput</code>, and <code>NetworkTransmitThroughput</code>.</p> </li> </ul> <p>For more information about these metrics, see <a href=\"https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-resource-health-metrics#available-metrics\">Metrics available in Lightsail</a>.</p>"
},
"monitoredResourceName":{
"shape":"ResourceName",

183
botocore/data/macie2/2020-01-01/service-2.json
View file

@ -57,52 +57,6 @@
],
"documentation": "<p>Accepts an Amazon Macie membership invitation that was received from a specific account.</p>"
},
"ArchiveFindings": {
"name": "ArchiveFindings",
"http": {
"method": "POST",
"requestUri": "/findings/archive",
"responseCode": 200
},
"input": {
"shape": "ArchiveFindingsRequest"
},
"output": {
"shape": "ArchiveFindingsResponse",
"documentation": "<p>The request succeeded and there isn't any content to include in the body of the response (No Content).</p>"
},
"errors": [
{
"shape": "ValidationException",
"documentation": "<p>The request failed because it contains a syntax error.</p>"
},
{
"shape": "InternalServerException",
"documentation": "<p>The request failed due to an unknown internal server error, exception, or failure.</p>"
},
{
"shape": "ServiceQuotaExceededException",
"documentation": "<p>The request failed because fulfilling the request would exceed one or more service quotas for your account.</p>"
},
{
"shape": "AccessDeniedException",
"documentation": "<p>The request was denied because you don't have sufficient access to the specified resource.</p>"
},
{
"shape": "ResourceNotFoundException",
"documentation": "<p>The request failed because the specified resource wasn't found.</p>"
},
{
"shape": "ThrottlingException",
"documentation": "<p>The request failed because you sent too many requests during a certain amount of time.</p>"
},
{
"shape": "ConflictException",
"documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
}
],
"documentation": " <p>Archives one or more findings.</p>"
},
"BatchGetCustomDataIdentifiers": {
"name": "BatchGetCustomDataIdentifiers",
"http": {
@ -1158,7 +1112,7 @@
"documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
}
],
"documentation": "<p>Retrieves the configuration settings for exporting data classification results.</p>"
"documentation": "<p>Retrieves the configuration settings for storing data classification results.</p>"
},
"GetCustomDataIdentifier": {
"name": "GetCustomDataIdentifier",
@ -2003,7 +1957,7 @@
"documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
}
],
"documentation": "<p>Creates or updates the configuration settings for exporting data classification results.</p>"
"documentation": "<p>Creates or updates the configuration settings for storing data classification results.</p>"
},
"TagResource": {
"name": "TagResource",
@ -2068,52 +2022,6 @@
],
"documentation": "<p>Tests a custom data identifier.</p>"
},
"UnarchiveFindings": {
"name": "UnarchiveFindings",
"http": {
"method": "POST",
"requestUri": "/findings/unarchive",
"responseCode": 200
},
"input": {
"shape": "UnarchiveFindingsRequest"
},
"output": {
"shape": "UnarchiveFindingsResponse",
"documentation": "<p>The request succeeded and there isn't any content to include in the body of the response (No Content).</p>"
},
"errors": [
{
"shape": "ValidationException",
"documentation": "<p>The request failed because it contains a syntax error.</p>"
},
{
"shape": "InternalServerException",
"documentation": "<p>The request failed due to an unknown internal server error, exception, or failure.</p>"
},
{
"shape": "ServiceQuotaExceededException",
"documentation": "<p>The request failed because fulfilling the request would exceed one or more service quotas for your account.</p>"
},
{
"shape": "AccessDeniedException",
"documentation": "<p>The request was denied because you don't have sufficient access to the specified resource.</p>"
},
{
"shape": "ResourceNotFoundException",
"documentation": "<p>The request failed because the specified resource wasn't found.</p>"
},
{
"shape": "ThrottlingException",
"documentation": "<p>The request failed because you sent too many requests during a certain amount of time.</p>"
},
{
"shape": "ConflictException",
"documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
}
],
"documentation": " <p>Reactivates (unarchives) one or more findings.</p>"
},
"UntagResource": {
"name": "UntagResource",
"http": {
@ -2498,23 +2406,6 @@
},
"documentation": "<p>Reserved for future use.</p>"
},
"ArchiveFindingsRequest": {
"type": "structure",
"members": {
"findingIds": {
"shape": "__listOf__string",
"locationName": "findingIds",
"documentation": "<p>An array of strings that lists the unique identifiers for the findings to archive.</p>"
}
},
"required": [
"findingIds"
]
},
"ArchiveFindingsResponse": {
"type": "structure",
"members": {}
},
"AssumedRole": {
"type": "structure",
"members": {
@ -2977,10 +2868,10 @@
"s3Destination": {
"shape": "S3Destination",
"locationName": "s3Destination",
"documentation": "<p>The S3 bucket to export data classification results to, and the encryption settings to use when storing results in that bucket.</p>"
"documentation": "<p>The S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.</p>"
}
},
"documentation": "<p>Specifies where to export data classification results to, and the encryption settings to use when storing results in that location. Currently, you can export classification results only to an S3 bucket.</p>"
"documentation": "<p>Specifies where to store data classification results, and the encryption settings to use when storing results in that location. Currently, you can store classification results only in an S3 bucket.</p>"
},
"ClassificationResult": {
"type": "structure",
@ -3148,7 +3039,7 @@
"maximumMatchDistance": {
"shape": "__integer",
"locationName": "maximumMatchDistance",
"documentation": "<p>The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 300.</p>"
"documentation": "<p>The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.</p>"
},
"name": {
"shape": "__string",
@ -3183,7 +3074,7 @@
"action": {
"shape": "FindingsFilterAction",
"locationName": "action",
"documentation": "<p>The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, automatically archive the findings; and, NOOP, don't perform any action on the findings.</p>"
"documentation": "<p>The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.</p>"
},
"clientToken": {
"shape": "__string",
@ -3827,7 +3718,7 @@
"findingPublishingFrequency": {
"shape": "FindingPublishingFrequency",
"locationName": "findingPublishingFrequency",
"documentation": "Specifies how often to publish findings for the account. This includes adding findings to AWS Security Hub and exporting finding events to Amazon CloudWatch."
"documentation": "Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events)."
},
"status": {
"shape": "MacieStatus",
@ -3869,7 +3760,8 @@
"enum": [
"NONE",
"AES256",
"aws:kms"
"aws:kms",
"UNKNOWN"
]
},
"ErrorCode": {
@ -4025,6 +3917,7 @@
},
"FindingActionType": {
"type": "string",
"documentation": "<p>The type of action that occurred for the resource and produced the policy finding.</p>",
"enum": [
"AWS_API_CALL"
]
@ -4045,10 +3938,10 @@
"userIdentity": {
"shape": "UserIdentity",
"locationName": "userIdentity",
"documentation": "<p>The name and type of entity who performed the action on the affected resource.</p>"
"documentation": "<p>The name and type of entity that performed the action on the affected resource.</p>"
}
},
"documentation": "<p>Provides information about an entity who performed an action that produced a policy finding for a resource.</p>"
"documentation": "<p>Provides information about an entity that performed an action that produced a policy finding for a resource.</p>"
},
"FindingCategory": {
"type": "string",
@ -4071,7 +3964,7 @@
},
"FindingPublishingFrequency": {
"type": "string",
"documentation": "<p>The frequency with which Amazon Macie publishes findings for an account. This includes adding findings to AWS Security Hub and exporting finding events to Amazon CloudWatch. Valid values are:</p>",
"documentation": "<p>The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are:</p>",
"enum": [
"FIFTEEN_MINUTES",
"ONE_HOUR",
@ -4120,7 +4013,7 @@
},
"FindingsFilterAction": {
"type": "string",
"documentation": "<p>The action to perform on findings that meet the filter criteria. Valid values are:</p>",
"documentation": "<p>The action to perform on findings that meet the filter criteria. To suppress (automatically archive) findings that meet the criteria, set this value to ARCHIVE. Valid values are:</p>",
"enum": [
"ARCHIVE",
"NOOP"
@ -4222,7 +4115,7 @@
"configuration": {
"shape": "ClassificationExportConfiguration",
"locationName": "configuration",
"documentation": "<p>The location that data classification results are exported to, and the encryption settings that are used when storing results in that location.</p>"
"documentation": "<p>The location where data classification results are stored, and the encryption settings that are used when storing results in that location.</p>"
}
}
},
@ -4358,7 +4251,7 @@
"action": {
"shape": "FindingsFilterAction",
"locationName": "action",
"documentation": "<p>The action that's performed on findings that meet the filter criteria (findingCriteria). Possible values are: ARCHIVE, automatically archive the findings; and, NOOP, don't perform any action on the findings.</p>"
"documentation": "<p>The action that's performed on findings that meet the filter criteria (findingCriteria). Possible values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.</p>"
},
"arn": {
"shape": "__string",
@ -4454,7 +4347,7 @@
"findingPublishingFrequency": {
"shape": "FindingPublishingFrequency",
"locationName": "findingPublishingFrequency",
"documentation": "<p>The frequency with which Amazon Macie publishes findings for the account. This includes adding findings to AWS Security Hub and exporting finding events to Amazon CloudWatch.</p>"
"documentation": "<p>The frequency with which Amazon Macie publishes updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).</p>"
},
"serviceRole": {
"shape": "__string",
@ -5386,7 +5279,7 @@
"actor": {
"shape": "FindingActor",
"locationName": "actor",
"documentation": "<p>The entity who performed the action that produced the finding.</p>"
"documentation": "<p>The entity that performed the action that produced the finding.</p>"
}
},
"documentation": "<p>Provides detailed information about a policy finding.</p>"
@ -5397,7 +5290,7 @@
"configuration": {
"shape": "ClassificationExportConfiguration",
"locationName": "configuration",
"documentation": "<p>The location to export data classification results to, and the encryption settings to use when storing results in that location.</p>"
"documentation": "<p>The location to store data classification results in, and the encryption settings to use when storing results in that location.</p>"
}
},
"required": [
@ -5410,7 +5303,7 @@
"configuration": {
"shape": "ClassificationExportConfiguration",
"locationName": "configuration",
"documentation": "<p>The location that data classification results are exported to, and the encryption settings that are used when storing results in that location.</p>"
"documentation": "<p>The location where the data classification results are stored, and the encryption settings that are used when storing results in that location.</p>"
}
}
},
@ -5559,7 +5452,7 @@
"bucketName": {
"shape": "__string",
"locationName": "bucketName",
"documentation": "<p>The Amazon Resource Name (ARN) of the bucket. This must be the ARN of an existing bucket.</p>"
"documentation": "<p>The name of the bucket.</p>"
},
"keyPrefix": {
"shape": "__string",
@ -5569,10 +5462,10 @@
"kmsKeyArn": {
"shape": "__string",
"locationName": "kmsKeyArn",
"documentation": "<p>The Amazon Resource Name (ARN) of the AWS Key Management Service master key to use for encryption of the exported results. This must be the ARN of an existing KMS key. In addition, the key must be in the same AWS Region as the bucket.</p>"
"documentation": "<p>The Amazon Resource Name (ARN) of the AWS Key Management Service customer master key (CMK) to use for encryption of the results. This must be the ARN of an existing CMK that's in the same AWS Region as the bucket.</p>"
}
},
"documentation": "<p>Specifies an S3 bucket to export data classification results to, and the encryption settings to use when storing results in that bucket.</p>",
"documentation": "<p>Specifies an S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.</p>",
"required": [
"bucketName",
"kmsKeyArn"
@ -5700,7 +5593,7 @@
"category": {
"shape": "SensitiveDataItemCategory",
"locationName": "category",
"documentation": "<p>The category of sensitive data that was detected. For example, FINANCIAL_INFORMATION, for financial information such as credit card numbers, or PERSONAL_INFORMATION, for personally identifiable information such as names and addresses.</p>"
"documentation": "<p>The category of sensitive data that was detected. For example: FINANCIAL_INFORMATION, for financial information such as credit card numbers; PERSONAL_INFORMATION, for personally identifiable information such as full names and mailing addresses; or, CUSTOM_IDENTIFIER, for data that was detected by a custom data identifier.</p>"
},
"detections": {
"shape": "DefaultDetections",
@ -5717,6 +5610,7 @@
},
"SensitiveDataItemCategory": {
"type": "string",
"documentation": "<p>The category of sensitive data that was detected and produced the finding.</p>",
"enum": [
"FINANCIAL_INFORMATION",
"PERSONAL_INFORMATION",
@ -5790,7 +5684,7 @@
"documentation": "<p>The source and type of credentials that the entity obtained.</p>"
}
},
"documentation": "<p>Provides information about a session that was created for an entity who performed an action by using temporary security credentials.</p>"
"documentation": "<p>Provides information about a session that was created for an entity that performed an action by using temporary security credentials.</p>"
},
"SessionContextAttributes": {
"type": "structure",
@ -6037,7 +5931,7 @@
"maximumMatchDistance": {
"shape": "__integer",
"locationName": "maximumMatchDistance",
"documentation": "<p>The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 300.</p>"
"documentation": "<p>The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.</p>"
},
"regex": {
"shape": "__string",
@ -6080,23 +5974,6 @@
"httpStatusCode": 429
}
},
"UnarchiveFindingsRequest": {
"type": "structure",
"members": {
"findingIds": {
"shape": "__listOf__string",
"locationName": "findingIds",
"documentation": "<p>An array of strings that lists the unique identifiers for the findings to reactivate.</p>"
}
},
"required": [
"findingIds"
]
},
"UnarchiveFindingsResponse": {
"type": "structure",
"members": {}
},
"Unit": {
"type": "string",
"enum": [
@ -6179,7 +6056,7 @@
"action": {
"shape": "FindingsFilterAction",
"locationName": "action",
"documentation": "<p>The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, automatically archive the findings; and, NOOP, don't perform any action on the findings.</p>"
"documentation": "<p>The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.</p>"
},
"description": {
"shape": "__string",
@ -6233,7 +6110,7 @@
"findingPublishingFrequency": {
"shape": "FindingPublishingFrequency",
"locationName": "findingPublishingFrequency",
"documentation": "Specifies how often to publish findings for the account. This includes adding findings to AWS Security Hub and exporting finding events to Amazon CloudWatch."
"documentation": "Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events)."
},
"status": {
"shape": "MacieStatus",
@ -6659,5 +6536,5 @@
"timestampFormat": "unixTimestamp"
}
},
"documentation": "<p>Amazon Macie</p>"
"documentation": "<p>Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automates the discovery of sensitive data, such as PII and intellectual property, to provide you with insight into the data that your organization stores in AWS. Macie also provides an inventory of your Amazon S3 buckets, which it continually monitors for you. If Macie detects sensitive data or potential data access issues, it generates detailed findings for you to review and act upon as necessary.</p>"
}

417
botocore/data/mediaconvert/2017-08-29/service-2.json
View file

@ -1392,6 +1392,8 @@
"AC3",
"EAC3",
"EAC3_ATMOS",
"VORBIS",
"OPUS",
"PASSTHROUGH"
]
},
@ -1438,13 +1440,23 @@
"locationName": "mp3Settings",
"documentation": "Required when you set Codec, under AudioDescriptions>CodecSettings, to the value MP3."
},
"OpusSettings": {
"shape": "OpusSettings",
"locationName": "opusSettings",
"documentation": "Required when you set Codec, under AudioDescriptions>CodecSettings, to the value OPUS."
},
"VorbisSettings": {
"shape": "VorbisSettings",
"locationName": "vorbisSettings",
"documentation": "Required when you set Codec, under AudioDescriptions>CodecSettings, to the value Vorbis."
},
"WavSettings": {
"shape": "WavSettings",
"locationName": "wavSettings",
"documentation": "Required when you set (Codec) under (AudioDescriptions)>(CodecSettings) to the value WAV."
}
},
"documentation": "Audio codec settings (CodecSettings) under (AudioDescriptions) contains the group of settings related to audio encoding. The settings in this group vary depending on the value that you choose for Audio codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AAC, AacSettings * MP2, Mp2Settings * MP3, Mp3Settings * WAV, WavSettings * AIFF, AiffSettings * AC3, Ac3Settings * EAC3, Eac3Settings * EAC3_ATMOS, Eac3AtmosSettings"
"documentation": "Audio codec settings (CodecSettings) under (AudioDescriptions) contains the group of settings related to audio encoding. The settings in this group vary depending on the value that you choose for Audio codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AAC, AacSettings * MP2, Mp2Settings * MP3, Mp3Settings * WAV, WavSettings * AIFF, AiffSettings * AC3, Ac3Settings * EAC3, Eac3Settings * EAC3_ATMOS, Eac3AtmosSettings * VORBIS, VorbisSettings * OPUS, OpusSettings"
},
"AudioDefaultSelection": {
"type": "string",
@ -1480,7 +1492,7 @@
"CodecSettings": {
"shape": "AudioCodecSettings",
"locationName": "codecSettings",
"documentation": "Audio codec settings (CodecSettings) under (AudioDescriptions) contains the group of settings related to audio encoding. The settings in this group vary depending on the value that you choose for Audio codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AAC, AacSettings * MP2, Mp2Settings * MP3, Mp3Settings * WAV, WavSettings * AIFF, AiffSettings * AC3, Ac3Settings * EAC3, Eac3Settings * EAC3_ATMOS, Eac3AtmosSettings"
"documentation": "Audio codec settings (CodecSettings) under (AudioDescriptions) contains the group of settings related to audio encoding. The settings in this group vary depending on the value that you choose for Audio codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AAC, AacSettings * MP2, Mp2Settings * MP3, Mp3Settings * WAV, WavSettings * AIFF, AiffSettings * AC3, Ac3Settings * EAC3, Eac3Settings * EAC3_ATMOS, Eac3AtmosSettings * VORBIS, VorbisSettings * OPUS, OpusSettings"
},
"CustomLanguageCode": {
"shape": "__stringPatternAZaZ23AZaZ",
@ -1602,7 +1614,7 @@
"documentation": "Enable this setting on one audio selector to set it as the default for the job. The service uses this default for outputs where it can't find the specified input audio. If you don't set a default, those outputs have no audio."
},
"ExternalAudioFileInput": {
"shape": "__stringPatternS3MM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEE",
"shape": "__stringPatternS3WWEEBBMMMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEE",
"locationName": "externalAudioFileInput",
"documentation": "Specifies audio data from an external file source."
},
@ -2148,15 +2160,15 @@
"FramerateDenominator": {
"shape": "__integerMin1Max1001",
"locationName": "framerateDenominator",
"documentation": "Specify the denominator of the fraction that represents the framerate for the setting Caption source framerate (CaptionSourceFramerate). Use this setting along with the setting Framerate numerator (framerateNumerator)."
"documentation": "Specify the denominator of the fraction that represents the frame rate for the setting Caption source frame rate (CaptionSourceFramerate). Use this setting along with the setting Framerate numerator (framerateNumerator)."
},
"FramerateNumerator": {
"shape": "__integerMin1Max60000",
"locationName": "framerateNumerator",
"documentation": "Specify the numerator of the fraction that represents the framerate for the setting Caption source framerate (CaptionSourceFramerate). Use this setting along with the setting Framerate denominator (framerateDenominator)."
"documentation": "Specify the numerator of the fraction that represents the frame rate for the setting Caption source frame rate (CaptionSourceFramerate). Use this setting along with the setting Framerate denominator (framerateDenominator)."
}
},
"documentation": "Ignore this setting unless your input captions format is SCC. To have the service compensate for differing framerates between your input captions and input video, specify the framerate of the captions file. Specify this value as a fraction, using the settings Framerate numerator (framerateNumerator) and Framerate denominator (framerateDenominator). For example, you might specify 24 / 1 for 24 fps, 25 / 1 for 25 fps, 24000 / 1001 for 23.976 fps, or 30000 / 1001 for 29.97 fps."
"documentation": "Ignore this setting unless your input captions format is SCC. To have the service compensate for differing frame rates between your input captions and input video, specify the frame rate of the captions file. Specify this value as a fraction, using the settings Framerate numerator (framerateNumerator) and Framerate denominator (framerateDenominator). For example, you might specify 24 / 1 for 24 fps, 25 / 1 for 25 fps, 24000 / 1001 for 23.976 fps, or 30000 / 1001 for 29.97 fps."
},
"CaptionSourceSettings": {
"type": "structure",
@ -2676,6 +2688,7 @@
"MP4",
"MPD",
"MXF",
"WEBM",
"RAW"
]
},
@ -4114,7 +4127,7 @@
"Framerate": {
"shape": "CaptionSourceFramerate",
"locationName": "framerate",
"documentation": "Ignore this setting unless your input captions format is SCC. To have the service compensate for differing framerates between your input captions and input video, specify the framerate of the captions file. Specify this value as a fraction, using the settings Framerate numerator (framerateNumerator) and Framerate denominator (framerateDenominator). For example, you might specify 24 / 1 for 24 fps, 25 / 1 for 25 fps, 24000 / 1001 for 23.976 fps, or 30000 / 1001 for 29.97 fps."
"documentation": "Ignore this setting unless your input captions format is SCC. To have the service compensate for differing frame rates between your input captions and input video, specify the frame rate of the captions file. Specify this value as a fraction, using the settings Framerate numerator (framerateNumerator) and Framerate denominator (framerateDenominator). For example, you might specify 24 / 1 for 24 fps, 25 / 1 for 25 fps, 24000 / 1001 for 23.976 fps, or 30000 / 1001 for 29.97 fps."
},
"SourceFile": {
"shape": "__stringMin14PatternS3SccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMIHttpsSccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMI",
@ -4363,7 +4376,7 @@
},
"H264FramerateConversionAlgorithm": {
"type": "string",
"documentation": "When set to INTERPOLATE, produces smoother motion during frame rate conversion.",
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use duplicate drop conversion.",
"enum": [
"DUPLICATE_DROP",
"INTERPOLATE"
@ -4398,7 +4411,7 @@
},
"H264ParControl": {
"type": "string",
"documentation": "Using the API, enable ParFollowSource if you want the service to use the pixel aspect ratio from the input. Using the console, do this by choosing Follow source for Pixel aspect ratio.",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
@ -4406,7 +4419,7 @@
},
"H264QualityTuningLevel": {
"type": "string",
"documentation": "Use Quality tuning level (H264QualityTuningLevel) to specifiy whether to use fast single-pass, high-quality singlepass, or high-quality multipass video encoding.",
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, single-pass encoding.",
"enum": [
"SINGLE_PASS",
"SINGLE_PASS_HQ",
@ -4511,7 +4524,7 @@
"FramerateConversionAlgorithm": {
"shape": "H264FramerateConversionAlgorithm",
"locationName": "framerateConversionAlgorithm",
"documentation": "When set to INTERPOLATE, produces smoother motion during frame rate conversion."
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use duplicate drop conversion."
},
"FramerateDenominator": {
"shape": "__integerMin1Max2147483647",
@ -4581,7 +4594,7 @@
"ParControl": {
"shape": "H264ParControl",
"locationName": "parControl",
"documentation": "Using the API, enable ParFollowSource if you want the service to use the pixel aspect ratio from the input. Using the console, do this by choosing Follow source for Pixel aspect ratio."
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings."
},
"ParDenominator": {
"shape": "__integerMin1Max2147483647",
@ -4596,7 +4609,7 @@
"QualityTuningLevel": {
"shape": "H264QualityTuningLevel",
"locationName": "qualityTuningLevel",
"documentation": "Use Quality tuning level (H264QualityTuningLevel) to specifiy whether to use fast single-pass, high-quality singlepass, or high-quality multipass video encoding."
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, single-pass encoding."
},
"QvbrSettings": {
"shape": "H264QvbrSettings",
@ -4782,7 +4795,7 @@
},
"H265FramerateControl": {
"type": "string",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job sepecification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
@ -4825,7 +4838,7 @@
},
"H265ParControl": {
"type": "string",
"documentation": "Using the API, enable ParFollowSource if you want the service to use the pixel aspect ratio from the input. Using the console, do this by choosing Follow source for Pixel aspect ratio.",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
@ -4833,7 +4846,7 @@
},
"H265QualityTuningLevel": {
"type": "string",
"documentation": "Use Quality tuning level (H265QualityTuningLevel) to specifiy whether to use fast single-pass, high-quality singlepass, or high-quality multipass video encoding.",
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, single-pass encoding.",
"enum": [
"SINGLE_PASS",
"SINGLE_PASS_HQ",
@ -4929,7 +4942,7 @@
"FramerateControl": {
"shape": "H265FramerateControl",
"locationName": "framerateControl",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job sepecification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
},
"FramerateConversionAlgorithm": {
"shape": "H265FramerateConversionAlgorithm",
@ -5004,7 +5017,7 @@
"ParControl": {
"shape": "H265ParControl",
"locationName": "parControl",
"documentation": "Using the API, enable ParFollowSource if you want the service to use the pixel aspect ratio from the input. Using the console, do this by choosing Follow source for Pixel aspect ratio."
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings."
},
"ParDenominator": {
"shape": "__integerMin1Max2147483647",
@ -5019,7 +5032,7 @@
"QualityTuningLevel": {
"shape": "H265QualityTuningLevel",
"locationName": "qualityTuningLevel",
"documentation": "Use Quality tuning level (H265QualityTuningLevel) to specifiy whether to use fast single-pass, high-quality singlepass, or high-quality multipass video encoding."
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, single-pass encoding."
},
"QvbrSettings": {
"shape": "H265QvbrSettings",
@ -5703,12 +5716,12 @@
"AudioSelectors": {
"shape": "__mapOfAudioSelector",
"locationName": "audioSelectors",
"documentation": "Use Audio selectors (AudioSelectors) to specify a track or set of tracks from the input that you will use in your outputs. You can use mutiple Audio selectors per input."
"documentation": "Use Audio selectors (AudioSelectors) to specify a track or set of tracks from the input that you will use in your outputs. You can use multiple Audio selectors per input."
},
"CaptionSelectors": {
"shape": "__mapOfCaptionSelector",
"locationName": "captionSelectors",
"documentation": "Use Captions selectors (CaptionSelectors) to specify the captions data from the input that you will use in your outputs. You can use mutiple captions selectors per input."
"documentation": "Use Captions selectors (CaptionSelectors) to specify the captions data from the input that you will use in your outputs. You can use multiple captions selectors per input."
},
"Crop": {
"shape": "Rectangle",
@ -5718,7 +5731,7 @@
"DeblockFilter": {
"shape": "InputDeblockFilter",
"locationName": "deblockFilter",
"documentation": "Enable Deblock (InputDeblockFilter) to produce smoother motion in the output. Default is disabled. Only manaully controllable for MPEG2 and uncompressed video inputs."
"documentation": "Enable Deblock (InputDeblockFilter) to produce smoother motion in the output. Default is disabled. Only manually controllable for MPEG2 and uncompressed video inputs."
},
"DecryptionSettings": {
"shape": "InputDecryptionSettings",
@ -5811,7 +5824,7 @@
},
"InputDeblockFilter": {
"type": "string",
"documentation": "Enable Deblock (InputDeblockFilter) to produce smoother motion in the output. Default is disabled. Only manaully controllable for MPEG2 and uncompressed video inputs.",
"documentation": "Enable Deblock (InputDeblockFilter) to produce smoother motion in the output. Default is disabled. Only manually controllable for MPEG2 and uncompressed video inputs.",
"enum": [
"ENABLED",
"DISABLED"
@ -5890,12 +5903,12 @@
"AudioSelectors": {
"shape": "__mapOfAudioSelector",
"locationName": "audioSelectors",
"documentation": "Use Audio selectors (AudioSelectors) to specify a track or set of tracks from the input that you will use in your outputs. You can use mutiple Audio selectors per input."
"documentation": "Use Audio selectors (AudioSelectors) to specify a track or set of tracks from the input that you will use in your outputs. You can use multiple Audio selectors per input."
},
"CaptionSelectors": {
"shape": "__mapOfCaptionSelector",
"locationName": "captionSelectors",
"documentation": "Use Captions selectors (CaptionSelectors) to specify the captions data from the input that you will use in your outputs. You can use mutiple captions selectors per input."
"documentation": "Use Captions selectors (CaptionSelectors) to specify the captions data from the input that you will use in your outputs. You can use multiple captions selectors per input."
},
"Crop": {
"shape": "Rectangle",
@ -5905,7 +5918,7 @@
"DeblockFilter": {
"shape": "InputDeblockFilter",
"locationName": "deblockFilter",
"documentation": "Enable Deblock (InputDeblockFilter) to produce smoother motion in the output. Default is disabled. Only manaully controllable for MPEG2 and uncompressed video inputs."
"documentation": "Enable Deblock (InputDeblockFilter) to produce smoother motion in the output. Default is disabled. Only manually controllable for MPEG2 and uncompressed video inputs."
},
"DenoiseFilter": {
"shape": "InputDenoiseFilter",
@ -7582,7 +7595,7 @@
},
"Mpeg2FramerateControl": {
"type": "string",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job sepecification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
@ -7590,7 +7603,7 @@
},
"Mpeg2FramerateConversionAlgorithm": {
"type": "string",
"documentation": "When set to INTERPOLATE, produces smoother motion during frame rate conversion.",
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use duplicate drop conversion.",
"enum": [
"DUPLICATE_DROP",
"INTERPOLATE"
@ -7628,7 +7641,7 @@
},
"Mpeg2ParControl": {
"type": "string",
"documentation": "Using the API, enable ParFollowSource if you want the service to use the pixel aspect ratio from the input. Using the console, do this by choosing Follow source for Pixel aspect ratio.",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
@ -7636,7 +7649,7 @@
},
"Mpeg2QualityTuningLevel": {
"type": "string",
"documentation": "Use Quality tuning level (Mpeg2QualityTuningLevel) to specifiy whether to use single-pass or multipass video encoding.",
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, single-pass encoding.",
"enum": [
"SINGLE_PASS",
"MULTI_PASS"
@ -7689,12 +7702,12 @@
"FramerateControl": {
"shape": "Mpeg2FramerateControl",
"locationName": "framerateControl",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job sepecification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
},
"FramerateConversionAlgorithm": {
"shape": "Mpeg2FramerateConversionAlgorithm",
"locationName": "framerateConversionAlgorithm",
"documentation": "When set to INTERPOLATE, produces smoother motion during frame rate conversion."
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use duplicate drop conversion."
},
"FramerateDenominator": {
"shape": "__integerMin1Max1001",
@ -7759,7 +7772,7 @@
"ParControl": {
"shape": "Mpeg2ParControl",
"locationName": "parControl",
"documentation": "Using the API, enable ParFollowSource if you want the service to use the pixel aspect ratio from the input. Using the console, do this by choosing Follow source for Pixel aspect ratio."
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings."
},
"ParDenominator": {
"shape": "__integerMin1Max2147483647",
@ -7774,7 +7787,7 @@
"QualityTuningLevel": {
"shape": "Mpeg2QualityTuningLevel",
"locationName": "qualityTuningLevel",
"documentation": "Use Quality tuning level (Mpeg2QualityTuningLevel) to specifiy whether to use single-pass or multipass video encoding."
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, single-pass encoding."
},
"RateControlMode": {
"shape": "Mpeg2RateControlMode",
@ -7979,6 +7992,15 @@
},
"documentation": "Settings for your Nielsen configuration. If you don't do Nielsen measurement and analytics, ignore these settings. When you enable Nielsen configuration (nielsenConfiguration), MediaConvert enables PCM to ID3 tagging for all outputs in the job. To enable Nielsen configuration programmatically, include an instance of nielsenConfiguration in your JSON job specification. Even if you don't include any children of nielsenConfiguration, you still enable the setting."
},
"NoiseFilterPostTemporalSharpening": {
"type": "string",
"documentation": "Optional. When you set Noise reducer (noiseReducer) to Temporal (TEMPORAL), you can optionally use this setting to apply additional sharpening. The default behavior, Auto (AUTO) allows the transcoder to determine whether to apply filtering, depending on input type and quality.",
"enum": [
"DISABLED",
"ENABLED",
"AUTO"
]
},
"NoiseReducer": {
"type": "structure",
"members": {
@ -8059,6 +8081,11 @@
"locationName": "aggressiveMode",
"documentation": "Use Aggressive mode for content that has complex motion. Higher values produce stronger temporal filtering. This filters highly complex scenes more aggressively and creates better VQ for low bitrate outputs."
},
"PostTemporalSharpening": {
"shape": "NoiseFilterPostTemporalSharpening",
"locationName": "postTemporalSharpening",
"documentation": "Optional. When you set Noise reducer (noiseReducer) to Temporal (TEMPORAL), you can optionally use this setting to apply additional sharpening. The default behavior, Auto (AUTO) allows the transcoder to determine whether to apply filtering, depending on input type and quality."
},
"Speed": {
"shape": "__integerMinNegative1Max3",
"locationName": "speed",
@ -8086,6 +8113,27 @@
},
"documentation": "The resource you requested doesn't exist."
},
"OpusSettings": {
"type": "structure",
"members": {
"Bitrate": {
"shape": "__integerMin32000Max192000",
"locationName": "bitrate",
"documentation": "Optional. Specify the average bitrate in bits per second. Valid values are multiples of 8000, from 32000 through 192000. The default value is 96000, which we recommend for quality and bandwidth."
},
"Channels": {
"shape": "__integerMin1Max2",
"locationName": "channels",
"documentation": "Specify the number of channels in this output audio track. Choosing Mono on the console gives you 1 output channel; choosing Stereo gives you 2. In the API, valid values are 1 and 2."
},
"SampleRate": {
"shape": "__integerMin16000Max48000",
"locationName": "sampleRate",
"documentation": "Optional. Sample rate in hz. Valid values are 16000, 24000, and 48000. The default value is 48000."
}
},
"documentation": "Required when you set Codec, under AudioDescriptions>CodecSettings, to the value OPUS."
},
"Order": {
"type": "string",
"documentation": "Optional. When you request lists of resources, you can specify whether they are sorted in ASCENDING or DESCENDING order. Default varies by resource.",
@ -8115,7 +8163,7 @@
"Extension": {
"shape": "__string",
"locationName": "extension",
"documentation": "Use Extension (Extension) to specify the file extension for outputs in File output groups. If you do not specify a value, the service will use default extensions by container type as follows * MPEG-2 transport stream, m2ts * Quicktime, mov * MXF container, mxf * MPEG-4 container, mp4 * No Container, the service will use codec extensions (e.g. AAC, H265, H265, AC3)"
"documentation": "Use Extension (Extension) to specify the file extension for outputs in File output groups. If you do not specify a value, the service will use default extensions by container type as follows * MPEG-2 transport stream, m2ts * Quicktime, mov * MXF container, mxf * MPEG-4 container, mp4 * WebM container, webm * No Container, the service will use codec extensions (e.g. AAC, H265, H265, AC3)"
},
"NameModifier": {
"shape": "__stringMin1",
@ -8377,7 +8425,7 @@
},
"ProresFramerateControl": {
"type": "string",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job sepecification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
@ -8385,7 +8433,7 @@
},
"ProresFramerateConversionAlgorithm": {
"type": "string",
"documentation": "When set to INTERPOLATE, produces smoother motion during frame rate conversion.",
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use duplicate drop conversion.",
"enum": [
"DUPLICATE_DROP",
"INTERPOLATE"
@ -8404,7 +8452,7 @@
},
"ProresParControl": {
"type": "string",
"documentation": "Use (ProresParControl) to specify how the service determines the pixel aspect ratio. Set to Follow source (INITIALIZE_FROM_SOURCE) to use the pixel aspect ratio from the input. To specify a different pixel aspect ratio: Using the console, choose it from the dropdown menu. Using the API, set ProresParControl to (SPECIFIED) and provide for (ParNumerator) and (ParDenominator).",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
@ -8421,12 +8469,12 @@
"FramerateControl": {
"shape": "ProresFramerateControl",
"locationName": "framerateControl",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job sepecification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
},
"FramerateConversionAlgorithm": {
"shape": "ProresFramerateConversionAlgorithm",
"locationName": "framerateConversionAlgorithm",
"documentation": "When set to INTERPOLATE, produces smoother motion during frame rate conversion."
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use duplicate drop conversion."
},
"FramerateDenominator": {
"shape": "__integerMin1Max2147483647",
@ -8446,7 +8494,7 @@
"ParControl": {
"shape": "ProresParControl",
"locationName": "parControl",
"documentation": "Use (ProresParControl) to specify how the service determines the pixel aspect ratio. Set to Follow source (INITIALIZE_FROM_SOURCE) to use the pixel aspect ratio from the input. To specify a different pixel aspect ratio: Using the console, choose it from the dropdown menu. Using the API, set ProresParControl to (SPECIFIED) and provide for (ParNumerator) and (ParDenominator)."
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To use a different PAR, choose (SPECIFIED). In the console, SPECIFIED corresponds to any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings."
},
"ParDenominator": {
"shape": "__integerMin1Max2147483647",
@ -9340,7 +9388,9 @@
"H_264",
"H_265",
"MPEG2",
"PRORES"
"PRORES",
"VP8",
"VP9"
]
},
"VideoCodecSettings": {
@ -9380,9 +9430,19 @@
"shape": "ProresSettings",
"locationName": "proresSettings",
"documentation": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value PRORES."
},
"Vp8Settings": {
"shape": "Vp8Settings",
"locationName": "vp8Settings",
"documentation": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value VP8."
},
"Vp9Settings": {
"shape": "Vp9Settings",
"locationName": "vp9Settings",
"documentation": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value VP9."
}
},
"documentation": "Video codec settings, (CodecSettings) under (VideoDescription), contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * FRAME_CAPTURE, FrameCaptureSettings * AV1, Av1Settings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings"
"documentation": "Video codec settings, (CodecSettings) under (VideoDescription), contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * FRAME_CAPTURE, FrameCaptureSettings * AV1, Av1Settings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings * VP8, Vp8Settings * VP9, Vp9Settings"
},
"VideoDescription": {
"type": "structure",
@ -9400,7 +9460,7 @@
"CodecSettings": {
"shape": "VideoCodecSettings",
"locationName": "codecSettings",
"documentation": "Video codec settings, (CodecSettings) under (VideoDescription), contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * FRAME_CAPTURE, FrameCaptureSettings * AV1, Av1Settings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings"
"documentation": "Video codec settings, (CodecSettings) under (VideoDescription), contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec (Codec). For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * FRAME_CAPTURE, FrameCaptureSettings * AV1, Av1Settings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings * VP8, Vp8Settings * VP9, Vp9Settings"
},
"ColorMetadata": {
"shape": "ColorMetadata",
@ -9566,6 +9626,247 @@
"PIC_TIMING_SEI"
]
},
"VorbisSettings": {
"type": "structure",
"members": {
"Channels": {
"shape": "__integerMin1Max2",
"locationName": "channels",
"documentation": "Optional. Specify the number of channels in this output audio track. Choosing Mono on the console gives you 1 output channel; choosing Stereo gives you 2. In the API, valid values are 1 and 2. The default value is 2."
},
"SampleRate": {
"shape": "__integerMin22050Max48000",
"locationName": "sampleRate",
"documentation": "Optional. Specify the audio sample rate in Hz. Valid values are 22050, 32000, 44100, and 48000. The default value is 48000."
},
"VbrQuality": {
"shape": "__integerMinNegative1Max10",
"locationName": "vbrQuality",
"documentation": "Optional. Specify the variable audio quality of this Vorbis output from -1 (lowest quality, ~45 kbit/s) to 10 (highest quality, ~500 kbit/s). The default value is 4 (~128 kbit/s). Values 5 and 6 are approximately 160 and 192 kbit/s, respectively."
}
},
"documentation": "Required when you set Codec, under AudioDescriptions>CodecSettings, to the value Vorbis."
},
"Vp8FramerateControl": {
"type": "string",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
]
},
"Vp8FramerateConversionAlgorithm": {
"type": "string",
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use Drop duplicate (DUPLICATE_DROP) conversion. When you choose Interpolate (INTERPOLATE) instead, the conversion produces smoother motion.",
"enum": [
"DUPLICATE_DROP",
"INTERPOLATE"
]
},
"Vp8ParControl": {
"type": "string",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To specify a different PAR in the console, choose any value other than Follow source. To specify a different PAR by editing the JSON job specification, choose SPECIFIED. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
]
},
"Vp8QualityTuningLevel": {
"type": "string",
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, multi-pass encoding.",
"enum": [
"MULTI_PASS",
"MULTI_PASS_HQ"
]
},
"Vp8RateControlMode": {
"type": "string",
"documentation": "With the VP8 codec, you can use only the variable bitrate (VBR) rate control mode.",
"enum": [
"VBR"
]
},
"Vp8Settings": {
"type": "structure",
"members": {
"Bitrate": {
"shape": "__integerMin1000Max1152000000",
"locationName": "bitrate",
"documentation": "Target bitrate in bits/second. For example, enter five megabits per second as 5000000."
},
"FramerateControl": {
"shape": "Vp8FramerateControl",
"locationName": "framerateControl",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
},
"FramerateConversionAlgorithm": {
"shape": "Vp8FramerateConversionAlgorithm",
"locationName": "framerateConversionAlgorithm",
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use Drop duplicate (DUPLICATE_DROP) conversion. When you choose Interpolate (INTERPOLATE) instead, the conversion produces smoother motion."
},
"FramerateDenominator": {
"shape": "__integerMin1Max2147483647",
"locationName": "framerateDenominator",
"documentation": "When you use the API for transcode jobs that use frame rate conversion, specify the frame rate as a fraction. For example, 24000 / 1001 = 23.976 fps. Use FramerateDenominator to specify the denominator of this fraction. In this example, use 1001 for the value of FramerateDenominator. When you use the console for transcode jobs that use frame rate conversion, provide the value as a decimal number for Framerate. In this example, specify 23.976."
},
"FramerateNumerator": {
"shape": "__integerMin1Max2147483647",
"locationName": "framerateNumerator",
"documentation": "When you use the API for transcode jobs that use frame rate conversion, specify the frame rate as a fraction. For example, 24000 / 1001 = 23.976 fps. Use FramerateNumerator to specify the numerator of this fraction. In this example, use 24000 for the value of FramerateNumerator. When you use the console for transcode jobs that use frame rate conversion, provide the value as a decimal number for Framerate. In this example, specify 23.976."
},
"GopSize": {
"shape": "__doubleMin0",
"locationName": "gopSize",
"documentation": "GOP Length (keyframe interval) in frames. Must be greater than zero."
},
"HrdBufferSize": {
"shape": "__integerMin0Max47185920",
"locationName": "hrdBufferSize",
"documentation": "Optional. Size of buffer (HRD buffer model) in bits. For example, enter five megabits as 5000000."
},
"MaxBitrate": {
"shape": "__integerMin1000Max1152000000",
"locationName": "maxBitrate",
"documentation": "Ignore this setting unless you set qualityTuningLevel to MULTI_PASS. Optional. Specify the maximum bitrate in bits/second. For example, enter five megabits per second as 5000000. The default behavior uses twice the target bitrate as the maximum bitrate."
},
"ParControl": {
"shape": "Vp8ParControl",
"locationName": "parControl",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To specify a different PAR in the console, choose any value other than Follow source. To specify a different PAR by editing the JSON job specification, choose SPECIFIED. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings."
},
"ParDenominator": {
"shape": "__integerMin1Max2147483647",
"locationName": "parDenominator",
"documentation": "Required when you set Pixel aspect ratio (parControl) to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parDenominator is 33."
},
"ParNumerator": {
"shape": "__integerMin1Max2147483647",
"locationName": "parNumerator",
"documentation": "Required when you set Pixel aspect ratio (parControl) to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parNumerator is 40."
},
"QualityTuningLevel": {
"shape": "Vp8QualityTuningLevel",
"locationName": "qualityTuningLevel",
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, multi-pass encoding."
},
"RateControlMode": {
"shape": "Vp8RateControlMode",
"locationName": "rateControlMode",
"documentation": "With the VP8 codec, you can use only the variable bitrate (VBR) rate control mode."
}
},
"documentation": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value VP8."
},
"Vp9FramerateControl": {
"type": "string",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
]
},
"Vp9FramerateConversionAlgorithm": {
"type": "string",
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use Drop duplicate (DUPLICATE_DROP) conversion. When you choose Interpolate (INTERPOLATE) instead, the conversion produces smoother motion.",
"enum": [
"DUPLICATE_DROP",
"INTERPOLATE"
]
},
"Vp9ParControl": {
"type": "string",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source (INITIALIZE_FROM_SOURCE), uses the PAR from your input video for your output. To specify a different PAR in the console, choose any value other than Follow source. To specify a different PAR by editing the JSON job specification, choose SPECIFIED. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings.",
"enum": [
"INITIALIZE_FROM_SOURCE",
"SPECIFIED"
]
},
"Vp9QualityTuningLevel": {
"type": "string",
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, multi-pass encoding.",
"enum": [
"MULTI_PASS",
"MULTI_PASS_HQ"
]
},
"Vp9RateControlMode": {
"type": "string",
"documentation": "With the VP9 codec, you can use only the variable bitrate (VBR) rate control mode.",
"enum": [
"VBR"
]
},
"Vp9Settings": {
"type": "structure",
"members": {
"Bitrate": {
"shape": "__integerMin1000Max480000000",
"locationName": "bitrate",
"documentation": "Target bitrate in bits/second. For example, enter five megabits per second as 5000000."
},
"FramerateControl": {
"shape": "Vp9FramerateControl",
"locationName": "framerateControl",
"documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator."
},
"FramerateConversionAlgorithm": {
"shape": "Vp9FramerateConversionAlgorithm",
"locationName": "framerateConversionAlgorithm",
"documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use Drop duplicate (DUPLICATE_DROP) conversion. When you choose Interpolate (INTERPOLATE) instead, the conversion produces smoother motion."
},
"FramerateDenominator": {
"shape": "__integerMin1Max2147483647",
"locationName": "framerateDenominator",
"documentation": "When you use the API for transcode jobs that use frame rate conversion, specify the frame rate as a fraction. For example, 24000 / 1001 = 23.976 fps. Use FramerateDenominator to specify the denominator of this fraction. In this example, use 1001 for the value of FramerateDenominator. When you use the console for transcode jobs that use frame rate conversion, provide the value as a decimal number for Framerate. In this example, specify 23.976."
},
"FramerateNumerator": {
"shape": "__integerMin1Max2147483647",
"locationName": "framerateNumerator",
"documentation": "When you use the API for transcode jobs that use frame rate conversion, specify the frame rate as a fraction. For example, 24000 / 1001 = 23.976 fps. Use FramerateNumerator to specify the numerator of this fraction. In this example, use 24000 for the value of FramerateNumerator. When you use the console for transcode jobs that use frame rate conversion, provide the value as a decimal number for Framerate. In this example, specify 23.976."
},
"GopSize": {
"shape": "__doubleMin0",
"locationName": "gopSize",
"documentation": "GOP Length (keyframe interval) in frames. Must be greater than zero."
},
"HrdBufferSize": {
"shape": "__integerMin0Max47185920",
"locationName": "hrdBufferSize",
"documentation": "Size of buffer (HRD buffer model) in bits. For example, enter five megabits as 5000000."
},
"MaxBitrate": {
"shape": "__integerMin1000Max480000000",
"locationName": "maxBitrate",
"documentation": "Ignore this setting unless you set qualityTuningLevel to MULTI_PASS. Optional. Specify the maximum bitrate in bits/second. For example, enter five megabits per second as 5000000. The default behavior uses twice the target bitrate as the maximum bitrate."
},
"ParControl": {
"shape": "Vp9ParControl",
"locationName": "parControl",
"documentation": "Optional. Specify how the service determines the pixel aspect ratio for this output. The default behavior is to use the same pixel aspect ratio as your input video."
},
"ParDenominator": {
"shape": "__integerMin1Max2147483647",
"locationName": "parDenominator",
"documentation": "Required when you set Pixel aspect ratio (parControl) to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parDenominator is 33."
},
"ParNumerator": {
"shape": "__integerMin1Max2147483647",
"locationName": "parNumerator",
"documentation": "Required when you set Pixel aspect ratio (parControl) to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parNumerator is 40."
},
"QualityTuningLevel": {
"shape": "Vp9QualityTuningLevel",
"locationName": "qualityTuningLevel",
"documentation": "Optional. Use Quality tuning level (qualityTuningLevel) to choose how you want to trade off encoding speed for output video quality. The default behavior is faster, lower quality, multi-pass encoding."
},
"RateControlMode": {
"shape": "Vp9RateControlMode",
"locationName": "rateControlMode",
"documentation": "With the VP9 codec, you can use only the variable bitrate (VBR) rate control mode."
}
},
"documentation": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value VP9."
},
"WavFormat": {
"type": "string",
"documentation": "The service defaults to using RIFF for WAV outputs. If your output audio is likely to exceed 4 GB in file size, or if you otherwise need the extended support of the RF64 format, set your output WAV file format to RF64.",
@ -9790,6 +10091,11 @@
"min": 1000,
"max": 300000000
},
"__integerMin1000Max480000000": {
"type": "integer",
"min": 1000,
"max": 480000000
},
"__integerMin10Max48": {
"type": "integer",
"min": 10,
@ -9800,6 +10106,11 @@
"min": 16000,
"max": 320000
},
"__integerMin16000Max48000": {
"type": "integer",
"min": 16000,
"max": 48000
},
"__integerMin16Max24": {
"type": "integer",
"min": 16,
@ -9910,6 +10221,11 @@
"min": 2,
"max": 2147483647
},
"__integerMin32000Max192000": {
"type": "integer",
"min": 32000,
"max": 192000
},
"__integerMin32000Max384000": {
"type": "integer",
"min": 32000,
@ -9980,6 +10296,11 @@
"min": -180,
"max": 180
},
"__integerMinNegative1Max10": {
"type": "integer",
"min": -1,
"max": 10
},
"__integerMinNegative1Max3": {
"type": "integer",
"min": -1,
@ -10406,14 +10727,14 @@
"type": "string",
"pattern": "^s3:\\/\\/.*\\/(ASSETMAP.xml)?$"
},
"__stringPatternS3MM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEE": {
"type": "string",
"pattern": "^((s3://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vV]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE]))))|(https?://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vV]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE])))(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
},
"__stringPatternS3MM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8WWEEBBMMLLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMXXMMLLHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8WWEEBBMMLLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMXXMMLL": {
"type": "string",
"pattern": "^((s3://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vV]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[wW][eE][bB][mM]|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[xX][mM][lL]))))|(https?://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vV]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[wW][eE][bB][mM]|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[xX][mM][lL])))(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
},
"__stringPatternS3WWEEBBMMMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMOOVVMMTTSSMM2TTWWMMVVAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEE": {
"type": "string",
"pattern": "^((s3://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([wW][eE][bB][mM]|[mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vV]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE]))))|(https?://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vV]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE])))(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
},
"__stringPatternSNManifestConfirmConditionNotificationNS": {
"type": "string",
"pattern": "^\\s*<(.|\\n)*ManifestConfirmConditionNotification(.|\\n)*>\\s*$"

147
botocore/data/mediapackage-vod/2018-11-07/service-2.json
View file

@ -446,7 +446,7 @@
}
},
"ListTagsForResource": {
"documentation": "List tags for a given MediaPackage VOD resource",
"documentation": "Returns a list of the tags assigned to the specified resource.",
"errors": [],
"http": {
"method": "GET",
@ -463,7 +463,7 @@
}
},
"TagResource": {
"documentation": "Set tags for a given MediaPackage VOD resource",
"documentation": "Adds tags to the specified resource. You can specify one or more tags to add.",
"errors": [],
"http": {
"method": "POST",
@ -476,7 +476,7 @@
"name": "TagResource"
},
"UntagResource": {
"documentation": "Delete tags for a given MediaPackage VOD resource",
"documentation": "Removes tags from the specified resource. You can specify one or more tags to remove.",
"errors": [],
"http": {
"method": "DELETE",
@ -487,6 +487,42 @@
"shape": "UntagResourceRequest"
},
"name": "UntagResource"
},
"UpdatePackagingGroup": {
"documentation": "Updates a specific packaging group. You can't change the id attribute or any other system-generated attributes.",
"errors": [
{
"shape": "UnprocessableEntityException"
},
{
"shape": "InternalServerErrorException"
},
{
"shape": "ForbiddenException"
},
{
"shape": "NotFoundException"
},
{
"shape": "ServiceUnavailableException"
},
{
"shape": "TooManyRequestsException"
}
],
"http": {
"method": "PUT",
"requestUri": "/packaging_groups/{id}",
"responseCode": 200
},
"input": {
"shape": "UpdatePackagingGroupRequest"
},
"name": "UpdatePackagingGroup",
"output": {
"documentation": "The updated MediaPackage VOD PackagingGroup resource.",
"shape": "UpdatePackagingGroupResponse"
}
}
},
"shapes": {
@ -650,6 +686,26 @@
},
"type": "structure"
},
"Authorization": {
"documentation": "CDN Authorization credentials",
"members": {
"CdnIdentifierSecret": {
"documentation": "The Amazon Resource Name (ARN) for the secret in AWS Secrets Manager that is used for CDN authorization.",
"locationName": "cdnIdentifierSecret",
"shape": "__string"
},
"SecretsRoleArn": {
"documentation": "The Amazon Resource Name (ARN) for the IAM role that allows MediaPackage to communicate with AWS Secrets Manager.",
"locationName": "secretsRoleArn",
"shape": "__string"
}
},
"required": [
"SecretsRoleArn",
"CdnIdentifierSecret"
],
"type": "structure"
},
"CmafEncryption": {
"documentation": "A CMAF encryption configuration.",
"members": {
@ -859,6 +915,10 @@
"CreatePackagingGroupRequest": {
"documentation": "A new MediaPackage VOD PackagingGroup resource configuration.",
"members": {
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
},
"Id": {
"documentation": "The ID of the PackagingGroup.",
"locationName": "id",
@ -881,6 +941,10 @@
"locationName": "arn",
"shape": "__string"
},
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
},
"DomainName": {
"documentation": "The fully qualified domain name for Assets in the PackagingGroup.",
"locationName": "domainName",
@ -1166,6 +1230,10 @@
"locationName": "arn",
"shape": "__string"
},
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
},
"DomainName": {
"documentation": "The fully qualified domain name for Assets in the PackagingGroup.",
"locationName": "domainName",
@ -1431,6 +1499,7 @@
"ListTagsForResourceRequest": {
"members": {
"ResourceArn": {
"documentation": "The Amazon Resource Name (ARN) for the resource. You can get this from the response to any request to the resource.",
"location": "uri",
"locationName": "resource-arn",
"shape": "__string"
@ -1444,6 +1513,7 @@
"ListTagsForResourceResponse": {
"members": {
"Tags": {
"documentation": "A collection of tags associated with a resource",
"locationName": "tags",
"shape": "__mapOf__string"
}
@ -1632,6 +1702,10 @@
"locationName": "arn",
"shape": "__string"
},
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
},
"DomainName": {
"documentation": "The fully qualified domain name for Assets in the PackagingGroup.",
"locationName": "domainName",
@ -1652,6 +1726,10 @@
"PackagingGroupCreateParameters": {
"documentation": "Parameters used to create a new MediaPackage VOD PackagingGroup resource.",
"members": {
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
},
"Id": {
"documentation": "The ID of the PackagingGroup.",
"locationName": "id",
@ -1683,6 +1761,16 @@
},
"type": "structure"
},
"PackagingGroupUpdateParameters": {
"documentation": "Parameters used to update a MediaPackage packaging group.",
"members": {
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
}
},
"type": "structure"
},
"Profile": {
"enum": [
"NONE",
@ -1770,11 +1858,13 @@
"TagResourceRequest": {
"members": {
"ResourceArn": {
"documentation": "The Amazon Resource Name (ARN) for the resource. You can get this from the response to any request to the resource.",
"location": "uri",
"locationName": "resource-arn",
"shape": "__string"
},
"Tags": {
"documentation": "A collection of tags associated with a resource",
"locationName": "tags",
"shape": "__mapOf__string"
}
@ -1798,6 +1888,7 @@
"TagsModel": {
"members": {
"Tags": {
"documentation": "A collection of tags associated with a resource",
"locationName": "tags",
"shape": "__mapOf__string"
}
@ -1838,12 +1929,13 @@
"UntagResourceRequest": {
"members": {
"ResourceArn": {
"documentation": "The Amazon Resource Name (ARN) for the resource. You can get this from the response to any request to the resource.",
"location": "uri",
"locationName": "resource-arn",
"shape": "__string"
},
"TagKeys": {
"documentation": "The key(s) of tag to be deleted",
"documentation": "A comma-separated list of the tag keys to remove from the resource.",
"location": "querystring",
"locationName": "tagKeys",
"shape": "__listOf__string"
@ -1855,6 +1947,53 @@
],
"type": "structure"
},
"UpdatePackagingGroupRequest": {
"documentation": "A MediaPackage VOD PackagingGroup resource configuration.",
"members": {
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
},
"Id": {
"documentation": "The ID of a MediaPackage VOD PackagingGroup resource.",
"location": "uri",
"locationName": "id",
"shape": "__string"
}
},
"required": [
"Id"
],
"type": "structure"
},
"UpdatePackagingGroupResponse": {
"members": {
"Arn": {
"documentation": "The ARN of the PackagingGroup.",
"locationName": "arn",
"shape": "__string"
},
"Authorization": {
"locationName": "authorization",
"shape": "Authorization"
},
"DomainName": {
"documentation": "The fully qualified domain name for Assets in the PackagingGroup.",
"locationName": "domainName",
"shape": "__string"
},
"Id": {
"documentation": "The ID of the PackagingGroup.",
"locationName": "id",
"shape": "__string"
},
"Tags": {
"locationName": "tags",
"shape": "Tags"
}
},
"type": "structure"
},
"__PeriodTriggersElement": {
"enum": [
"ADS"

2
botocore/data/meteringmarketplace/2016-01-14/service-2.json
View file

@ -442,5 +442,5 @@
},
"errorMessage":{"type":"string"}
},
"documentation":"<fullname>AWS Marketplace Metering Service</fullname> <p>This reference provides descriptions of the low-level AWS Marketplace Metering Service API.</p> <p>AWS Marketplace sellers can use this API to submit usage data for custom usage dimensions.</p> <p> <b>Submitting Metering Records</b> </p> <ul> <li> <p> <i>MeterUsage</i>- Submits the metering record for a Marketplace product. MeterUsage is called from an EC2 instance or a container running on EKS or ECS.</p> </li> <li> <p> <i>BatchMeterUsage</i>- Submits the metering record for a set of customers. BatchMeterUsage is called from a software-as-a-service (SaaS) application.</p> </li> </ul> <p> <b>Accepting New Customers</b> </p> <ul> <li> <p> <i>ResolveCustomer</i>- Called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a Registration Token through the browser. The Registration Token is resolved through this API to obtain a CustomerIdentifier and Product Code.</p> </li> </ul> <p> <b>Entitlement and Metering for Paid Container Products</b> </p> <ul> <li> <p> Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the RegisterUsage operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage, but you can do so if you want to receive usage data in your seller reports. For more information on using the RegisterUsage operation, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/container-based-products.html\">Container-Based Products</a>. </p> </li> </ul> <p>BatchMeterUsage API calls are captured by AWS CloudTrail. You can use Cloudtrail to verify that the SaaS metering records that you sent are accurate by searching for records with the eventName of BatchMeterUsage. You can also use CloudTrail to audit records over time. For more information, see the <i> <a href=\"http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html\">AWS CloudTrail User Guide</a> </i>.</p>"
"documentation":"<fullname>AWS Marketplace Metering Service</fullname> <p>This reference provides descriptions of the low-level AWS Marketplace Metering Service API.</p> <p>AWS Marketplace sellers can use this API to submit usage data for custom usage dimensions.</p> <p>For information on the permissions you need to use this API, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/iam-user-policy-for-aws-marketplace-actions.html\">AWS Marketing metering and entitlement API permissions</a> in the <i>AWS Marketplace Seller Guide.</i> </p> <p> <b>Submitting Metering Records</b> </p> <ul> <li> <p> <i>MeterUsage</i>- Submits the metering record for a Marketplace product. MeterUsage is called from an EC2 instance or a container running on EKS or ECS.</p> </li> <li> <p> <i>BatchMeterUsage</i>- Submits the metering record for a set of customers. BatchMeterUsage is called from a software-as-a-service (SaaS) application.</p> </li> </ul> <p> <b>Accepting New Customers</b> </p> <ul> <li> <p> <i>ResolveCustomer</i>- Called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a Registration Token through the browser. The Registration Token is resolved through this API to obtain a CustomerIdentifier and Product Code.</p> </li> </ul> <p> <b>Entitlement and Metering for Paid Container Products</b> </p> <ul> <li> <p> Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the RegisterUsage operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage, but you can do so if you want to receive usage data in your seller reports. For more information on using the RegisterUsage operation, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/container-based-products.html\">Container-Based Products</a>. </p> </li> </ul> <p>BatchMeterUsage API calls are captured by AWS CloudTrail. You can use Cloudtrail to verify that the SaaS metering records that you sent are accurate by searching for records with the eventName of BatchMeterUsage. You can also use CloudTrail to audit records over time. For more information, see the <i> <a href=\"http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html\">AWS CloudTrail User Guide</a> </i>.</p>"
}

6
botocore/data/personalize-runtime/2018-05-22/service-2.json
View file

@ -124,6 +124,10 @@
"context":{
"shape":"Context",
"documentation":"<p>The contextual metadata to use when getting recommendations. Contextual metadata includes any interaction information that might be relevant when getting a user's recommendations, such as the user's current location or device type.</p>"
},
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the filter to apply to the returned recommendations. For more information, see Using Filters with Amazon Personalize.</p>"
}
}
},
@ -170,7 +174,7 @@
},
"score":{
"shape":"Score",
"documentation":"<p>A numeric representation of the model's certainty in the item's suitability. For more information on scoring logic, see <a>how-scores-work</a>.</p>"
"documentation":"<p>A numeric representation of the model's certainty that the item will be the next user selection. For more information on scoring logic, see <a>how-scores-work</a>.</p>"
}
},
"documentation":"<p>An object that identifies an item.</p> <p>The and APIs return a list of <code>PredictedItem</code>s.</p>"

240
botocore/data/personalize/2018-05-22/service-2.json
View file

@ -116,6 +116,22 @@
"documentation":"<p>Creates an event tracker that you use when sending event data to the specified dataset group using the <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_UBS_PutEvents.html\">PutEvents</a> API.</p> <p>When Amazon Personalize creates an event tracker, it also creates an <i>event-interactions</i> dataset in the dataset group associated with the event tracker. The event-interactions dataset stores the event data from the <code>PutEvents</code> call. The contents of this dataset are not available to the user.</p> <note> <p>Only one event tracker can be associated with a dataset group. You will get an error if you call <code>CreateEventTracker</code> using the same dataset group as an existing event tracker.</p> </note> <p>When you send event data you include your tracking ID. The tracking ID identifies the customer and authorizes the customer to send the data.</p> <p>The event tracker can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul> <p>To get the status of the event tracker, call <a>DescribeEventTracker</a>.</p> <note> <p>The event tracker must be in the ACTIVE state before using the tracking ID.</p> </note> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListEventTrackers</a> </p> </li> <li> <p> <a>DescribeEventTracker</a> </p> </li> <li> <p> <a>DeleteEventTracker</a> </p> </li> </ul>",
"idempotent":true
},
"CreateFilter":{
"name":"CreateFilter",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"CreateFilterRequest"},
"output":{"shape":"CreateFilterResponse"},
"errors":[
{"shape":"InvalidInputException"},
{"shape":"ResourceAlreadyExistsException"},
{"shape":"ResourceNotFoundException"},
{"shape":"LimitExceededException"}
],
"documentation":"<p>Creates a recommendation filter. For more information, see Using Filters with Amazon Personalize.</p>"
},
"CreateSchema":{
"name":"CreateSchema",
"http":{
@ -224,6 +240,19 @@
"documentation":"<p>Deletes the event tracker. Does not delete the event-interactions dataset from the associated dataset group. For more information on event trackers, see <a>CreateEventTracker</a>.</p>",
"idempotent":true
},
"DeleteFilter":{
"name":"DeleteFilter",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DeleteFilterRequest"},
"errors":[
{"shape":"InvalidInputException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Deletes a filter.</p>"
},
"DeleteSchema":{
"name":"DeleteSchema",
"http":{
@ -374,6 +403,21 @@
"documentation":"<p>Describes the given feature transformation.</p>",
"idempotent":true
},
"DescribeFilter":{
"name":"DescribeFilter",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DescribeFilterRequest"},
"output":{"shape":"DescribeFilterResponse"},
"errors":[
{"shape":"InvalidInputException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Describes a filter's properties.</p>",
"idempotent":true
},
"DescribeRecipe":{
"name":"DescribeRecipe",
"http":{
@ -538,6 +582,21 @@
"documentation":"<p>Returns the list of event trackers associated with the account. The response provides the properties for each event tracker, including the Amazon Resource Name (ARN) and tracking ID. For more information on event trackers, see <a>CreateEventTracker</a>.</p>",
"idempotent":true
},
"ListFilters":{
"name":"ListFilters",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ListFiltersRequest"},
"output":{"shape":"ListFiltersResponse"},
"errors":[
{"shape":"InvalidInputException"},
{"shape":"InvalidNextTokenException"}
],
"documentation":"<p>Lists all filters that belong to a given dataset group.</p>",
"idempotent":true
},
"ListRecipes":{
"name":"ListRecipes",
"http":{
@ -729,6 +788,10 @@
"shape":"Arn",
"documentation":"<p>The Amazon Resource Name (ARN) of the batch inference job.</p>"
},
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the filter used on the batch inference job.</p>"
},
"failureReason":{
"shape":"FailureReason",
"documentation":"<p>If the batch inference job failed, the reason for the failure.</p>"
@ -1011,6 +1074,10 @@
"shape":"Arn",
"documentation":"<p>The Amazon Resource Name (ARN) of the solution version that will be used to generate the batch inference recommendations.</p>"
},
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the filter to apply to the batch inference job. For more information on using filters, see Using Filters with Amazon Personalize.</p>"
},
"numResults":{
"shape":"NumBatchResults",
"documentation":"<p>The number of recommendations to retreive.</p>"
@ -1198,6 +1265,37 @@
}
}
},
"CreateFilterRequest":{
"type":"structure",
"required":[
"name",
"datasetGroupArn",
"filterExpression"
],
"members":{
"name":{
"shape":"Name",
"documentation":"<p>The name of the filter to create.</p>"
},
"datasetGroupArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the dataset group that the filter will belong to.</p>"
},
"filterExpression":{
"shape":"FilterExpression",
"documentation":"<p>The filter expression that designates the interaction types that the filter will filter out. A filter expression must follow the following format:</p> <p> <code>EXCLUDE itemId WHERE INTERACTIONS.event_type in (\"EVENT_TYPE\")</code> </p> <p>Where \"EVENT_TYPE\" is the type of event to filter out. To filter out all items with any interactions history, set <code>\"*\"</code> as the EVENT_TYPE. For more information, see Using Filters with Amazon Personalize.</p>"
}
}
},
"CreateFilterResponse":{
"type":"structure",
"members":{
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the new filter.</p>"
}
}
},
"CreateSchemaRequest":{
"type":"structure",
"required":[
@ -1714,6 +1812,16 @@
}
}
},
"DeleteFilterRequest":{
"type":"structure",
"required":["filterArn"],
"members":{
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the filter to delete.</p>"
}
}
},
"DeleteSchemaRequest":{
"type":"structure",
"required":["schemaArn"],
@ -1886,6 +1994,25 @@
}
}
},
"DescribeFilterRequest":{
"type":"structure",
"required":["filterArn"],
"members":{
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the filter to describe.</p>"
}
}
},
"DescribeFilterResponse":{
"type":"structure",
"members":{
"filter":{
"shape":"Filter",
"documentation":"<p>The filter's details.</p>"
}
}
},
"DescribeRecipeRequest":{
"type":"structure",
"required":["recipeArn"],
@ -2088,6 +2215,89 @@
"value":{"shape":"ParameterValue"},
"max":100
},
"Filter":{
"type":"structure",
"members":{
"name":{
"shape":"Name",
"documentation":"<p>The name of the filter.</p>"
},
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the filter.</p>"
},
"creationDateTime":{
"shape":"Date",
"documentation":"<p>The time at which the filter was created.</p>"
},
"lastUpdatedDateTime":{
"shape":"Date",
"documentation":"<p>The time at which the filter was last updated.</p>"
},
"datasetGroupArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the dataset group to which the filter belongs.</p>"
},
"failureReason":{
"shape":"FailureReason",
"documentation":"<p>If the filter failed, the reason for its failure.</p>"
},
"filterExpression":{
"shape":"FilterExpression",
"documentation":"<p>Specifies the type of item interactions to filter out of recommendation results. The filter expression must follow the following format:</p> <p> <code>EXCLUDE itemId WHERE INTERACTIONS.event_type in (\"EVENT_TYPE\")</code> </p> <p>Where \"EVENT_TYPE\" is the type of event to filter out. For more information, see Using Filters with Amazon Personalize.</p>"
},
"status":{
"shape":"Status",
"documentation":"<p>The status of the filter.</p>"
}
},
"documentation":"<p>Contains information on a recommendation filter, including its ARN, status, and filter expression.</p>"
},
"FilterExpression":{
"type":"string",
"max":2500,
"min":1,
"sensitive":true
},
"FilterSummary":{
"type":"structure",
"members":{
"name":{
"shape":"Name",
"documentation":"<p>The name of the filter.</p>"
},
"filterArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the filter.</p>"
},
"creationDateTime":{
"shape":"Date",
"documentation":"<p>The time at which the filter was created.</p>"
},
"lastUpdatedDateTime":{
"shape":"Date",
"documentation":"<p>The time at which the filter was last updated.</p>"
},
"datasetGroupArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the dataset group to which the filter belongs.</p>"
},
"failureReason":{
"shape":"FailureReason",
"documentation":"<p>If the filter failed, the reason for the failure.</p>"
},
"status":{
"shape":"Status",
"documentation":"<p>The status of the filter.</p>"
}
},
"documentation":"<p>A short summary of a filter's attributes.</p>"
},
"Filters":{
"type":"list",
"member":{"shape":"FilterSummary"},
"max":100
},
"GetSolutionMetricsRequest":{
"type":"structure",
"required":["solutionVersionArn"],
@ -2425,6 +2635,36 @@
}
}
},
"ListFiltersRequest":{
"type":"structure",
"members":{
"datasetGroupArn":{
"shape":"Arn",
"documentation":"<p>The ARN of the dataset group that contains the filters.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>A token returned from the previous call to <code>ListFilters</code> for getting the next set of filters (if they exist).</p>"
},
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>The maximum number of filters to return.</p>"
}
}
},
"ListFiltersResponse":{
"type":"structure",
"members":{
"Filters":{
"shape":"Filters",
"documentation":"<p>A list of returned filters.</p>"
},
"nextToken":{
"shape":"NextToken",
"documentation":"<p>A token for getting the next set of filters (if they exist).</p>"
}
}
},
"ListRecipesRequest":{
"type":"structure",
"members":{

130
botocore/data/pinpoint/2016-12-01/service-2.json
View file

@ -5692,6 +5692,10 @@
"Activity": {
"type": "structure",
"members": {
"CUSTOM": {
"shape": "CustomMessageActivity",
"documentation": "<p>The settings for a custom message activity. This type of activity calls an AWS Lambda function or web hook that sends messages to participants.</p>"
},
"ConditionalSplit": {
"shape": "ConditionalSplitActivity",
"documentation": "<p>The settings for a yes/no split activity. This type of activity sends participants down one of two paths in a journey, based on conditions that you specify.</p>"
@ -5712,10 +5716,18 @@
"shape": "MultiConditionalSplitActivity",
"documentation": "<p>The settings for a multivariate split activity. This type of activity sends participants down one of as many as five paths (including a default <i>Else</i> path) in a journey, based on conditions that you specify.</p>"
},
"PUSH": {
"shape": "PushMessageActivity",
"documentation": "<p>The settings for a push notification activity. This type of activity sends a push notification to participants.</p>"
},
"RandomSplit": {
"shape": "RandomSplitActivity",
"documentation": "<p>The settings for a random split activity. This type of activity randomly sends specified percentages of participants down one of as many as five paths in a journey, based on conditions that you specify.</p>"
},
"SMS": {
"shape": "SMSMessageActivity",
"documentation": "<p>The settings for an SMS activity. This type of activity sends a text message to participants.</p>"
},
"Wait": {
"shape": "WaitActivity",
"documentation": "<p>The settings for a wait activity. This type of activity waits for a certain amount of time or until a specific date and time before moving participants to the next activity in a journey.</p>"
@ -6434,7 +6446,7 @@
},
"MessageType": {
"shape": "MessageType",
"documentation": "<p>The type of SMS message. Valid values are: TRANSACTIONAL, the message is critical or time-sensitive, such as a one-time password that supports a customer transaction; and, PROMOTIONAL, the message isn't critical or time-sensitive, such as a marketing message.</p>"
"documentation": "<p>The SMS message type. Valid values are TRANSACTIONAL (for messages that are critical or time-sensitive, such as a one-time passwords) and PROMOTIONAL (for messsages that aren't critical or time-sensitive, such as marketing messages).</p>"
},
"SenderId": {
"shape": "__string",
@ -6526,6 +6538,7 @@
"ChannelType": {
"type": "string",
"enum": [
"PUSH",
"GCM",
"APNS",
"APNS_SANDBOX",
@ -7014,6 +7027,36 @@
"DeliveryUri"
]
},
"CustomMessageActivity": {
"type": "structure",
"members": {
"DeliveryUri": {
"shape": "__string",
"documentation": "<p>The destination to send the custom message to. This value can be one of the following:</p> <ul><li><p>The name or Amazon Resource Name (ARN) of an AWS Lambda function to invoke to handle delivery of the custom message.</p></li> <li><p>The URL for a web application or service that supports HTTPS and can receive the message. The URL has to be a full URL, including the HTTPS protocol.</p></li></ul>"
},
"EndpointTypes": {
"shape": "ListOf__EndpointTypesElement",
"documentation": "<p>The types of endpoints to send the custom message to. Each valid value maps to a type of channel that you can associate with an endpoint by using the ChannelType property of an endpoint.</p>"
},
"MessageConfig": {
"shape": "JourneyCustomMessage",
"documentation": "<p>Specifies the message data included in a custom channel message that's sent to participants in a journey.</p>"
},
"NextActivity": {
"shape": "__string",
"documentation": "<p>The unique identifier for the next activity to perform, after Amazon Pinpoint calls the AWS Lambda function or web hook.</p>"
},
"TemplateName": {
"shape": "__string",
"documentation": "<p>The name of the custom message template to use for the message. If specified, this value must match the name of an existing message template.</p>"
},
"TemplateVersion": {
"shape": "__string",
"documentation": "<p>The unique identifier for the version of the message template to use for the message. If specified, this value must match the identifier for an existing template version. To retrieve a list of versions and version identifiers for a template, use the <link linkend=\"templates-template-name-template-type-versions\">Template Versions</link> resource.</p> <p>If you don't specify a value for this property, Amazon Pinpoint uses the <i>active version</i> of the template. The <i>active version</i> is typically the version of a template that's been most recently reviewed and approved for use, depending on your workflow. It isn't necessarily the latest version of a template.</p>"
}
},
"documentation": "<p>The settings for a custom message activity. This type of activity calls an AWS Lambda function or web hook that sends messages to participants.</p>"
},
"DefaultMessage": {
"type": "structure",
"members": {
@ -7927,7 +7970,7 @@
"members": {
"MessageConfig": {
"shape": "JourneyEmailMessage",
"documentation": "<p>The \"From\" address to use for the message.</p>"
"documentation": "<p>Specifies the sender address for an email message that's sent to participants in the journey.</p>"
},
"NextActivity": {
"shape": "__string",
@ -7935,7 +7978,7 @@
},
"TemplateName": {
"shape": "__string",
"documentation": "<p>The name of the email template to use for the message.</p>"
"documentation": "<p>The name of the email message template to use for the message. If specified, this value must match the name of an existing message template.</p>"
},
"TemplateVersion": {
"shape": "__string",
@ -10712,6 +10755,16 @@
"FAILED"
]
},
"JourneyCustomMessage": {
"type": "structure",
"members": {
"Data": {
"shape": "__string",
"documentation": "<p>The message content that's passed to an AWS Lambda function or to a web hook.</p>"
}
},
"documentation": "<p>Specifies the message content for a custom channel message that's sent to participants in a journey.</p>"
},
"JourneyDateRangeKpiResponse": {
"type": "structure",
"members": {
@ -10848,6 +10901,16 @@
},
"documentation": "<p>Specifies limits on the messages that a journey can send and the number of times participants can enter a journey.</p>"
},
"JourneyPushMessage": {
"type": "structure",
"members": {
"TimeToLive": {
"shape": "__string",
"documentation": "<p>The number of seconds that the push notification service should keep the message, if the service is unable to deliver the notification the first time. This value is converted to an expiration value when it's sent to a push-notification service. If this value is 0, the service treats the notification as if it expires immediately and the service doesn't store or try to deliver the notification again.</p> <p>This value doesn't apply to messages that are sent through the Amazon Device Messaging (ADM) service.</p>"
}
},
"documentation": "<p>Specifies the message configuration for a push notification that's sent to participants in a journey.</p>"
},
"JourneyResponse": {
"type": "structure",
"members": {
@ -10920,6 +10983,20 @@
"ApplicationId"
]
},
"JourneySMSMessage": {
"type": "structure",
"members": {
"MessageType": {
"shape": "MessageType",
"documentation": "<p>The SMS message type. Valid values are TRANSACTIONAL (for messages that are critical or time-sensitive, such as a one-time passwords) and PROMOTIONAL (for messsages that aren't critical or time-sensitive, such as marketing messages).</p>"
},
"SenderId": {
"shape": "__string",
"documentation": "<p>The sender ID to display as the sender of the message on a recipient's device. Support for sender IDs varies by country or region. For more information, see <a href=\"https://docs.aws.amazon.com.amazon.com/pinpoint/latest/userguide/channels-sms-countries.html\">Supported Countries and Regions</a> in the Amazon Pinpoint User Guide.</p>"
}
},
"documentation": "<p>Specifies the sender ID and message type for an SMS message that's sent to participants in a journey.</p>"
},
"JourneySchedule": {
"type": "structure",
"members": {
@ -11601,6 +11678,28 @@
},
"documentation": "<p>Specifies the properties and attributes of an endpoint that's associated with an event.</p>"
},
"PushMessageActivity": {
"type": "structure",
"members": {
"MessageConfig": {
"shape": "JourneyPushMessage",
"documentation": "<p>Specifies the time to live (TTL) value for push notifications that are sent to participants in a journey.</p>"
},
"NextActivity": {
"shape": "__string",
"documentation": "<p>The unique identifier for the next activity to perform, after the message is sent.</p>"
},
"TemplateName": {
"shape": "__string",
"documentation": "<p>The name of the push notification template to use for the message. If specified, this value must match the name of an existing message template.</p>"
},
"TemplateVersion": {
"shape": "__string",
"documentation": "<p>The unique identifier for the version of the push notification template to use for the message. If specified, this value must match the identifier for an existing template version. To retrieve a list of versions and version identifiers for a template, use the <link linkend=\"templates-template-name-template-type-versions\">Template Versions</link> resource.</p> <p>If you don't specify a value for this property, Amazon Pinpoint uses the <i>active version</i> of the template. The <i>active version</i> is typically the version of a template that's been most recently reviewed and approved for use, depending on your workflow. It isn't necessarily the latest version of a template.</p>"
}
},
"documentation": "<p>Specifies the settings for a push notification activity in a journey. This type of activity sends a push notification to participants.</p>"
},
"PushNotificationTemplateRequest": {
"type": "structure",
"members": {
@ -12095,7 +12194,7 @@
},
"MessageType": {
"shape": "MessageType",
"documentation": "<p>The SMS message type. Valid values are: TRANSACTIONAL, the message is critical or time-sensitive, such as a one-time password that supports a customer transaction; and, PROMOTIONAL, the message is not critical or time-sensitive, such as a marketing message.</p>"
"documentation": "<p>The SMS message type. Valid values are TRANSACTIONAL (for messages that are critical or time-sensitive, such as a one-time passwords) and PROMOTIONAL (for messsages that aren't critical or time-sensitive, such as marketing messages).</p>"
},
"OriginationNumber": {
"shape": "__string",
@ -12112,6 +12211,28 @@
},
"documentation": "<p>Specifies the default settings for a one-time SMS message that's sent directly to an endpoint.</p>"
},
"SMSMessageActivity": {
"type": "structure",
"members": {
"MessageConfig": {
"shape": "JourneySMSMessage",
"documentation": "<p>Specifies the sender ID and message type for an SMS message that's sent to participants in a journey.</p>"
},
"NextActivity": {
"shape": "__string",
"documentation": "<p>The unique identifier for the next activity to perform, after the message is sent.</p>"
},
"TemplateName": {
"shape": "__string",
"documentation": "<p>The name of the SMS message template to use for the message. If specified, this value must match the name of an existing message template.</p>"
},
"TemplateVersion": {
"shape": "__string",
"documentation": "<p>The unique identifier for the version of the SMS template to use for the message. If specified, this value must match the identifier for an existing template version. To retrieve a list of versions and version identifiers for a template, use the <link linkend=\"templates-template-name-template-type-versions\">Template Versions</link> resource.</p> <p>If you don't specify a value for this property, Amazon Pinpoint uses the <i>active version</i> of the template. The <i>active version</i> is typically the version of a template that's been most recently reviewed and approved for use, depending on your workflow. It isn't necessarily the latest version of a template.</p>"
}
},
"documentation": "<p>Specifies the settings for an SMS activity in a journey. This type of activity sends a text message to participants.</p>"
},
"SMSTemplateRequest": {
"type": "structure",
"members": {
@ -14352,6 +14473,7 @@
"__EndpointTypesElement": {
"type": "string",
"enum": [
"PUSH",
"GCM",
"APNS",
"APNS_SANDBOX",

1
botocore/data/polly/2016-06-10/service-2.json
View file

@ -1035,6 +1035,7 @@
"Justin",
"Karl",
"Kendra",
"Kevin",
"Kimberly",
"Lea",
"Liv",

14
botocore/data/qldb/2019-01-02/service-2.json
View file

@ -128,7 +128,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"ResourcePreconditionNotMetException"}
],
"documentation":"<p>Returns a journal block object at a specified address in a ledger. Also returns a proof of the specified block for verification if <code>DigestTipAddress</code> is provided.</p> <p>If the specified ledger doesn't exist or is in <code>DELETING</code> status, then throws <code>ResourceNotFoundException</code>.</p> <p>If the specified ledger is in <code>CREATING</code> status, then throws <code>ResourcePreconditionNotMetException</code>.</p> <p>If no block exists with the specified address, then throws <code>InvalidParameterException</code>.</p>"
"documentation":"<p>Returns a block object at a specified address in a journal. Also returns a proof of the specified block for verification if <code>DigestTipAddress</code> is provided.</p> <p>For information about the data contents in a block, see <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/journal-contents.html\">Journal contents</a> in the <i>Amazon QLDB Developer Guide</i>.</p> <p>If the specified ledger doesn't exist or is in <code>DELETING</code> status, then throws <code>ResourceNotFoundException</code>.</p> <p>If the specified ledger is in <code>CREATING</code> status, then throws <code>ResourcePreconditionNotMetException</code>.</p> <p>If no block exists with the specified address, then throws <code>InvalidParameterException</code>.</p>"
},
"GetDigest":{
"name":"GetDigest",
@ -232,7 +232,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"ResourcePreconditionNotMetException"}
],
"documentation":"<p>Creates a stream for a given Amazon QLDB ledger that delivers the journal data to a specified Amazon Kinesis Data Streams resource. The stream captures every document revision that is committed to your journal and sends it to the Kinesis data stream.</p>"
"documentation":"<p>Creates a journal stream for a given Amazon QLDB ledger. The stream captures every document revision that is committed to the ledger's journal and delivers the data to a specified Amazon Kinesis Data Streams resource.</p>"
},
"TagResource":{
"name":"TagResource",
@ -323,7 +323,7 @@
"members":{
"Name":{
"shape":"LedgerName",
"documentation":"<p>The name of the ledger that you want to create. The name must be unique among all of your ledgers in the current AWS Region.</p>"
"documentation":"<p>The name of the ledger that you want to create. The name must be unique among all of your ledgers in the current AWS Region.</p> <p>Naming constraints for ledger names are defined in <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/limits.html#limits.naming\">Quotas in Amazon QLDB</a> in the <i>Amazon QLDB Developer Guide</i>.</p>"
},
"Tags":{
"shape":"Tags",
@ -788,7 +788,7 @@
},
"AggregationEnabled":{
"shape":"Boolean",
"documentation":"<p>Enables QLDB to publish multiple stream records in a single Kinesis Data Streams record. To learn more, see <a href=\"https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-concepts.html\">KPL Key Concepts</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p>"
"documentation":"<p>Enables QLDB to publish multiple data records in a single Kinesis Data Streams record. To learn more, see <a href=\"https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-concepts.html\">KPL Key Concepts</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p>"
}
},
"documentation":"<p>The configuration settings of the Amazon Kinesis Data Streams destination for your Amazon QLDB journal stream.</p>"
@ -1171,7 +1171,7 @@
},
"ExclusiveEndTime":{
"shape":"Timestamp",
"documentation":"<p>The exclusive date and time that specifies when the stream ends. If you keep this parameter blank, the stream runs indefinitely until you cancel it.</p> <p>The <code>ExclusiveEndTime</code> must be in <code>ISO 8601</code> date and time format and in Universal Coordinated Time (UTC). For example: <code>2019-06-13T21:36:34Z</code> </p>"
"documentation":"<p>The exclusive date and time that specifies when the stream ends. If you don't define this parameter, the stream runs indefinitely until you cancel it.</p> <p>The <code>ExclusiveEndTime</code> must be in <code>ISO 8601</code> date and time format and in Universal Coordinated Time (UTC). For example: <code>2019-06-13T21:36:34Z</code> </p>"
},
"KinesisConfiguration":{
"shape":"KinesisConfiguration",
@ -1179,7 +1179,7 @@
},
"StreamName":{
"shape":"StreamName",
"documentation":"<p>The name that you want to assign to the QLDB journal stream. User-defined names can help identify and indicate the purpose of a stream.</p> <p>Your stream name must be unique among other <i>active</i> streams for a given ledger. If you try to create a stream with the same name and configuration of an active, existing stream for the same ledger, QLDB simply returns the existing stream. Stream names have the same naming constraints as ledger names, as defined in <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/limits.html#limits.naming\">Quotas in Amazon QLDB</a> in the <i>Amazon QLDB Developer Guide</i>.</p>"
"documentation":"<p>The name that you want to assign to the QLDB journal stream. User-defined names can help identify and indicate the purpose of a stream.</p> <p>Your stream name must be unique among other <i>active</i> streams for a given ledger. Stream names have the same naming constraints as ledger names, as defined in <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/limits.html#limits.naming\">Quotas in Amazon QLDB</a> in the <i>Amazon QLDB Developer Guide</i>.</p>"
}
}
},
@ -1337,7 +1337,7 @@
"documentation":"<p>An Amazon Ion plaintext value contained in a <code>ValueHolder</code> structure.</p>"
}
},
"documentation":"<p>A structure that can contain an Amazon Ion value in multiple encoding formats.</p>",
"documentation":"<p>A structure that can contain a value in multiple encoding formats.</p>",
"sensitive":true
}
},

3
botocore/data/route53/2013-04-01/service-2.json
View file

@ -31,7 +31,8 @@
{"shape":"InvalidInput"},
{"shape":"PublicZoneVPCAssociation"},
{"shape":"ConflictingDomainExists"},
{"shape":"LimitsExceeded"}
{"shape":"LimitsExceeded"},
{"shape":"PriorRequestNotComplete"}
],
"documentation":"<p>Associates an Amazon VPC with a private hosted zone. </p> <note> <p>To perform the association, the VPC and the private hosted zone must already exist. Also, you can't convert a public hosted zone into a private hosted zone.</p> </note> <p>If you want to associate a VPC that was created by one AWS account with a private hosted zone that was created by a different account, do one of the following:</p> <ul> <li> <p>Use the AWS account that created the private hosted zone to submit a <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateVPCAssociationAuthorization.html\">CreateVPCAssociationAuthorization</a> request. Then use the account that created the VPC to submit an <code>AssociateVPCWithHostedZone</code> request.</p> </li> <li> <p>If a subnet in the VPC was shared with another account, you can use the account that the subnet was shared with to submit an <code>AssociateVPCWithHostedZone</code> request. For more information about sharing subnets, see <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html\">Working with Shared VPCs</a>.</p> </li> </ul>"
},

19
botocore/data/sagemaker-runtime/2017-05-13/service-2.json
View file

@ -32,7 +32,7 @@
"shapes":{
"BodyBlob":{
"type":"blob",
"max":5242880,
"max":6291456,
"sensitive":true
},
"CustomAttributesHeader":{
@ -77,7 +77,7 @@
},
"Body":{
"shape":"BodyBlob",
"documentation":"<p>Provides input data, in the format specified in the <code>ContentType</code> request header. Amazon SageMaker passes all of the data in the body to the model. </p> <p>For information about the format of the request body, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/cdf-inference.html\">Common Data FormatsInference</a>.</p>"
"documentation":"<p>Provides input data, in the format specified in the <code>ContentType</code> request header. Amazon SageMaker passes all of the data in the body to the model. </p> <p>For information about the format of the request body, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/cdf-inference.html\">Common Data Formats-Inference</a>.</p>"
},
"ContentType":{
"shape":"Header",
@ -99,9 +99,15 @@
},
"TargetModel":{
"shape":"TargetModelHeader",
"documentation":"<p>Specifies the model to be requested for an inference when invoking a multi-model endpoint. </p>",
"documentation":"<p>The model to request for inference when invoking a multi-model endpoint. </p>",
"location":"header",
"locationName":"X-Amzn-SageMaker-Target-Model"
},
"TargetVariant":{
"shape":"TargetVariantHeader",
"documentation":"<p>Specify the production variant to send the inference request to when invoking an endpoint that is running two or more variants. Note that this parameter overrides the default behavior for the endpoint, which is to distribute the invocation traffic based on the variant weights.</p>",
"location":"header",
"locationName":"X-Amzn-SageMaker-Target-Variant"
}
},
"payload":"Body"
@ -112,7 +118,7 @@
"members":{
"Body":{
"shape":"BodyBlob",
"documentation":"<p>Includes the inference provided by the model.</p> <p>For information about the format of the response body, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/cdf-inference.html\">Common Data FormatsInference</a>.</p>"
"documentation":"<p>Includes the inference provided by the model.</p> <p>For information about the format of the response body, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/cdf-inference.html\">Common Data Formats-Inference</a>.</p>"
},
"ContentType":{
"shape":"Header",
@ -179,6 +185,11 @@
"min":1,
"pattern":"\\A\\S[\\p{Print}]*\\z"
},
"TargetVariantHeader":{
"type":"string",
"max":63,
"pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*"
},
"ValidationError":{
"type":"structure",
"members":{

78
botocore/data/sagemaker/2017-07-24/service-2.json
View file

File diff suppressed because one or more lines are too long

98
botocore/data/servicecatalog/2015-12-10/service-2.json
View file

@ -71,7 +71,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"LimitExceededException"}
],
"documentation":"<p>Associates the specified product with the specified portfolio.</p>"
"documentation":"<p>Associates the specified product with the specified portfolio.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"AssociateServiceActionWithProvisioningArtifact":{
"name":"AssociateServiceActionWithProvisioningArtifact",
@ -160,7 +160,7 @@
{"shape":"LimitExceededException"},
{"shape":"DuplicateResourceException"}
],
"documentation":"<p>Creates a constraint.</p>"
"documentation":"<p>Creates a constraint.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"CreatePortfolio":{
"name":"CreatePortfolio",
@ -175,7 +175,7 @@
{"shape":"LimitExceededException"},
{"shape":"TagOptionNotMigratedException"}
],
"documentation":"<p>Creates a portfolio.</p>"
"documentation":"<p>Creates a portfolio.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"CreatePortfolioShare":{
"name":"CreatePortfolioShare",
@ -192,7 +192,7 @@
{"shape":"OperationNotSupportedException"},
{"shape":"InvalidStateException"}
],
"documentation":"<p>Shares the specified portfolio with the specified account or organization node. Shares to an organization node can only be created by the master account of an Organization. AWSOrganizationsAccess must be enabled in order to create a portfolio share to an organization node.</p>"
"documentation":"<p>Shares the specified portfolio with the specified account or organization node. Shares to an organization node can only be created by the master account of an organization or by a delegated administrator. You can share portfolios to an organization, an organizational unit, or a specific account.</p> <p>Note that if a delegated admin is de-registered, they can no longer create portfolio shares.</p> <p> <code>AWSOrganizationsAccess</code> must be enabled in order to create a portfolio share to an organization node.</p>"
},
"CreateProduct":{
"name":"CreateProduct",
@ -207,7 +207,7 @@
{"shape":"LimitExceededException"},
{"shape":"TagOptionNotMigratedException"}
],
"documentation":"<p>Creates a product.</p>"
"documentation":"<p>Creates a product.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"CreateProvisionedProductPlan":{
"name":"CreateProvisionedProductPlan",
@ -280,7 +280,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidParametersException"}
],
"documentation":"<p>Deletes the specified constraint.</p>"
"documentation":"<p>Deletes the specified constraint.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"DeletePortfolio":{
"name":"DeletePortfolio",
@ -296,7 +296,7 @@
{"shape":"ResourceInUseException"},
{"shape":"TagOptionNotMigratedException"}
],
"documentation":"<p>Deletes the specified portfolio.</p> <p>You cannot delete a portfolio if it was shared with you or if it has associated products, users, constraints, or shared accounts.</p>"
"documentation":"<p>Deletes the specified portfolio.</p> <p>You cannot delete a portfolio if it was shared with you or if it has associated products, users, constraints, or shared accounts.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"DeletePortfolioShare":{
"name":"DeletePortfolioShare",
@ -312,7 +312,7 @@
{"shape":"OperationNotSupportedException"},
{"shape":"InvalidStateException"}
],
"documentation":"<p>Stops sharing the specified portfolio with the specified account or organization node. Shares to an organization node can only be deleted by the master account of an Organization.</p>"
"documentation":"<p>Stops sharing the specified portfolio with the specified account or organization node. Shares to an organization node can only be deleted by the master account of an organization or by a delegated administrator.</p> <p>Note that if a delegated admin is de-registered, portfolio shares created from that account are removed.</p>"
},
"DeleteProduct":{
"name":"DeleteProduct",
@ -328,7 +328,7 @@
{"shape":"InvalidParametersException"},
{"shape":"TagOptionNotMigratedException"}
],
"documentation":"<p>Deletes the specified product.</p> <p>You cannot delete a product if it was shared with you or is associated with a portfolio.</p>"
"documentation":"<p>Deletes the specified product.</p> <p>You cannot delete a product if it was shared with you or is associated with a portfolio.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"DeleteProvisionedProductPlan":{
"name":"DeleteProvisionedProductPlan",
@ -425,7 +425,7 @@
"errors":[
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Gets information about the specified portfolio.</p>"
"documentation":"<p>Gets information about the specified portfolio.</p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"DescribePortfolioShareStatus":{
"name":"DescribePortfolioShareStatus",
@ -440,7 +440,7 @@
{"shape":"InvalidParametersException"},
{"shape":"OperationNotSupportedException"}
],
"documentation":"<p>Gets the status of the specified portfolio share operation. This API can only be called by the master account in the organization.</p>"
"documentation":"<p>Gets the status of the specified portfolio share operation. This API can only be called by the master account in the organization or by a delegated admin.</p>"
},
"DescribeProduct":{
"name":"DescribeProduct",
@ -465,7 +465,8 @@
"input":{"shape":"DescribeProductAsAdminInput"},
"output":{"shape":"DescribeProductAsAdminOutput"},
"errors":[
{"shape":"ResourceNotFoundException"}
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidParametersException"}
],
"documentation":"<p>Gets information about the specified product. This operation is run with administrator access.</p>"
},
@ -519,7 +520,8 @@
"input":{"shape":"DescribeProvisioningArtifactInput"},
"output":{"shape":"DescribeProvisioningArtifactOutput"},
"errors":[
{"shape":"ResourceNotFoundException"}
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidParametersException"}
],
"documentation":"<p>Gets information about the specified provisioning artifact (also known as a version) for the specified product.</p>"
},
@ -604,7 +606,7 @@
{"shape":"InvalidStateException"},
{"shape":"OperationNotSupportedException"}
],
"documentation":"<p>Disable portfolio sharing through AWS Organizations feature. This feature will not delete your current shares but it will prevent you from creating new shares throughout your organization. Current shares will not be in sync with your organization structure if it changes after calling this API. This API can only be called by the master account in the organization.</p>"
"documentation":"<p>Disable portfolio sharing through AWS Organizations feature. This feature will not delete your current shares but it will prevent you from creating new shares throughout your organization. Current shares will not be in sync with your organization structure if it changes after calling this API. This API can only be called by the master account in the organization.</p> <p>This API can't be invoked if there are active delegated administrators in the organization.</p> <p>Note that a delegated administrator is not authorized to invoke <code>DisableAWSOrganizationsAccess</code>.</p>"
},
"DisassociateBudgetFromResource":{
"name":"DisassociateBudgetFromResource",
@ -646,7 +648,7 @@
{"shape":"ResourceInUseException"},
{"shape":"InvalidParametersException"}
],
"documentation":"<p>Disassociates the specified product from the specified portfolio. </p>"
"documentation":"<p>Disassociates the specified product from the specified portfolio. </p> <p>A delegated admin is authorized to invoke this command.</p>"
},
"DisassociateServiceActionFromProvisioningArtifact":{
"name":"DisassociateServiceActionFromProvisioningArtifact",
@ -688,7 +690,7 @@
{"shape":"InvalidStateException"},
{"shape":"OperationNotSupportedException"}
],
"documentation":"<p>Enable portfolio sharing feature through AWS Organizations. This API will allow Service Catalog to receive updates on your organization in order to sync your shares with the current structure. This API can only be called by the master account in the organization.</p> <p>By calling this API Service Catalog will make a call to organizations:EnableAWSServiceAccess on your behalf so that your shares can be in sync with any changes in your AWS Organizations structure.</p>"
"documentation":"<p>Enable portfolio sharing feature through AWS Organizations. This API will allow Service Catalog to receive updates on your organization in order to sync your shares with the current structure. This API can only be called by the master account in the organization.</p> <p>By calling this API Service Catalog will make a call to organizations:EnableAWSServiceAccess on your behalf so that your shares can be in sync with any changes in your AWS Organizations structure.</p> <p>Note that a delegated administrator is not authorized to invoke <code>EnableAWSOrganizationsAccess</code>.</p>"
},
"ExecuteProvisionedProductPlan":{
"name":"ExecuteProvisionedProductPlan",
@ -732,7 +734,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"OperationNotSupportedException"}
],
"documentation":"<p>Get the Access Status for AWS Organization portfolio share feature. This API can only be called by the master account in the organization.</p>"
"documentation":"<p>Get the Access Status for AWS Organization portfolio share feature. This API can only be called by the master account in the organization or by a delegated admin.</p>"
},
"ListAcceptedPortfolioShares":{
"name":"ListAcceptedPortfolioShares",
@ -803,7 +805,7 @@
{"shape":"InvalidParametersException"},
{"shape":"OperationNotSupportedException"}
],
"documentation":"<p>Lists the organization nodes that have access to the specified portfolio. This API can only be called by the master account in the organization.</p>"
"documentation":"<p>Lists the organization nodes that have access to the specified portfolio. This API can only be called by the master account in the organization or by a delegated admin.</p> <p>If a delegated admin is de-registered, they can no longer perform this operation.</p>"
},
"ListPortfolioAccess":{
"name":"ListPortfolioAccess",
@ -817,7 +819,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidParametersException"}
],
"documentation":"<p>Lists the account IDs that have access to the specified portfolio.</p>"
"documentation":"<p>Lists the account IDs that have access to the specified portfolio.</p> <p>A delegated admin can list the accounts that have access to the shared portfolio. Note that if a delegated admin is de-registered, they can no longer perform this operation.</p>"
},
"ListPortfolios":{
"name":"ListPortfolios",
@ -1988,7 +1990,7 @@
},
"Definition":{
"shape":"ServiceActionDefinitionMap",
"documentation":"<p>The self-service action definition. Can be one of the following:</p> <dl> <dt>Name</dt> <dd> <p>The name of the AWS Systems Manager Document. For example, <code>AWS-RestartEC2Instance</code>.</p> </dd> <dt>Version</dt> <dd> <p>The AWS Systems Manager automation document version. For example, <code>\"Version\": \"1\"</code> </p> </dd> <dt>AssumeRole</dt> <dd> <p>The Amazon Resource Name (ARN) of the role that performs the self-service actions on your behalf. For example, <code>\"AssumeRole\": \"arn:aws:iam::12345678910:role/ActionRole\"</code>.</p> <p>To reuse the provisioned product launch role, set to <code>\"AssumeRole\": \"LAUNCH_ROLE\"</code>.</p> </dd> <dt>Parameters</dt> <dd> <p>The list of parameters in JSON format.</p> <p>For example: <code>[{\\\"Name\\\":\\\"InstanceId\\\",\\\"Type\\\":\\\"TARGET\\\"}]</code> or <code>[{\\\"Name\\\":\\\"InstanceId\\\",\\\"Type\\\":\\\"TEXT_VALUE\\\"}]</code>.</p> </dd> </dl>"
"documentation":"<p>The self-service action definition. Can be one of the following:</p> <dl> <dt>Name</dt> <dd> <p>The name of the AWS Systems Manager document (SSM document). For example, <code>AWS-RestartEC2Instance</code>.</p> <p>If you are using a shared SSM document, you must provide the ARN instead of the name.</p> </dd> <dt>Version</dt> <dd> <p>The AWS Systems Manager automation document version. For example, <code>\"Version\": \"1\"</code> </p> </dd> <dt>AssumeRole</dt> <dd> <p>The Amazon Resource Name (ARN) of the role that performs the self-service actions on your behalf. For example, <code>\"AssumeRole\": \"arn:aws:iam::12345678910:role/ActionRole\"</code>.</p> <p>To reuse the provisioned product launch role, set to <code>\"AssumeRole\": \"LAUNCH_ROLE\"</code>.</p> </dd> <dt>Parameters</dt> <dd> <p>The list of parameters in JSON format.</p> <p>For example: <code>[{\\\"Name\\\":\\\"InstanceId\\\",\\\"Type\\\":\\\"TARGET\\\"}]</code> or <code>[{\\\"Name\\\":\\\"InstanceId\\\",\\\"Type\\\":\\\"TEXT_VALUE\\\"}]</code>.</p> </dd> </dl>"
},
"Description":{
"shape":"ServiceActionDescription",
@ -2348,7 +2350,6 @@
},
"DescribeProductAsAdminInput":{
"type":"structure",
"required":["Id"],
"members":{
"AcceptLanguage":{
"shape":"AcceptLanguage",
@ -2357,6 +2358,10 @@
"Id":{
"shape":"Id",
"documentation":"<p>The product identifier.</p>"
},
"Name":{
"shape":"ProductViewName",
"documentation":"<p>The product name.</p>"
}
}
},
@ -2387,7 +2392,6 @@
},
"DescribeProductInput":{
"type":"structure",
"required":["Id"],
"members":{
"AcceptLanguage":{
"shape":"AcceptLanguage",
@ -2396,6 +2400,10 @@
"Id":{
"shape":"Id",
"documentation":"<p>The product identifier.</p>"
},
"Name":{
"shape":"ProductViewName",
"documentation":"<p>The product name.</p>"
}
}
},
@ -2413,6 +2421,10 @@
"Budgets":{
"shape":"Budgets",
"documentation":"<p>Information about the associated budgets.</p>"
},
"LaunchPaths":{
"shape":"LaunchPaths",
"documentation":"<p>Information about the associated launch paths.</p>"
}
}
},
@ -2511,10 +2523,6 @@
},
"DescribeProvisioningArtifactInput":{
"type":"structure",
"required":[
"ProvisioningArtifactId",
"ProductId"
],
"members":{
"AcceptLanguage":{
"shape":"AcceptLanguage",
@ -2528,6 +2536,14 @@
"shape":"Id",
"documentation":"<p>The product identifier.</p>"
},
"ProvisioningArtifactName":{
"shape":"ProvisioningArtifactName",
"documentation":"<p>The provisioning artifact name.</p>"
},
"ProductName":{
"shape":"ProductViewName",
"documentation":"<p>The product name.</p>"
},
"Verbose":{
"shape":"Verbose",
"documentation":"<p>Indicates whether a verbose level of detail is enabled.</p>"
@ -3075,6 +3091,20 @@
"exception":true
},
"LastRequestId":{"type":"string"},
"LaunchPath":{
"type":"structure",
"members":{
"Id":{
"shape":"Id",
"documentation":"<p>The identifier of the launch path.</p>"
},
"Name":{
"shape":"PortfolioName",
"documentation":"<p>The name of the launch path.</p>"
}
},
"documentation":"<p>A launch path object.</p>"
},
"LaunchPathSummaries":{
"type":"list",
"member":{"shape":"LaunchPathSummary"}
@ -3101,6 +3131,10 @@
},
"documentation":"<p>Summary information about a product path for a user.</p>"
},
"LaunchPaths":{
"type":"list",
"member":{"shape":"LaunchPath"}
},
"LimitExceededException":{
"type":"structure",
"members":{
@ -4501,7 +4535,10 @@
},
"ProvisioningArtifactActive":{"type":"boolean"},
"ProvisioningArtifactCreatedTime":{"type":"timestamp"},
"ProvisioningArtifactDescription":{"type":"string"},
"ProvisioningArtifactDescription":{
"type":"string",
"max":8192
},
"ProvisioningArtifactDetail":{
"type":"structure",
"members":{
@ -4556,7 +4593,10 @@
},
"ProvisioningArtifactInfoKey":{"type":"string"},
"ProvisioningArtifactInfoValue":{"type":"string"},
"ProvisioningArtifactName":{"type":"string"},
"ProvisioningArtifactName":{
"type":"string",
"max":8192
},
"ProvisioningArtifactParameter":{
"type":"structure",
"members":{
@ -5912,7 +5952,7 @@
},
"ProvisionedProductProperties":{
"shape":"ProvisionedProductProperties",
"documentation":"<p>A map that contains the provisioned product properties to be updated.</p> <p>The <code>OWNER</code> key only accepts user ARNs. The owner is the user that is allowed to see, update, terminate, and execute service actions in the provisioned product.</p> <p>The administrator can change the owner of a provisioned product to another IAM user within the same account. Both end user owners and administrators can see ownership history of the provisioned product using the <code>ListRecordHistory</code> API. The new owner can describe all past records for the provisioned product using the <code>DescribeRecord</code> API. The previous owner can no longer use <code>DescribeRecord</code>, but can still see the product's history from when he was an owner using <code>ListRecordHistory</code>.</p> <p>If a provisioned product ownership is assigned to an end user, they can see and perform any action through the API or Service Catalog console such as update, terminate, and execute service actions. If an end user provisions a product and the owner is updated to someone else, they will no longer be able to see or perform any actions through API or the Service Catalog console on that provisioned product.</p>"
"documentation":"<p>A map that contains the provisioned product properties to be updated.</p> <p>The <code>OWNER</code> key accepts user ARNs and role ARNs. The owner is the user that is allowed to see, update, terminate, and execute service actions in the provisioned product.</p> <p>The administrator can change the owner of a provisioned product to another IAM user within the same account. Both end user owners and administrators can see ownership history of the provisioned product using the <code>ListRecordHistory</code> API. The new owner can describe all past records for the provisioned product using the <code>DescribeRecord</code> API. The previous owner can no longer use <code>DescribeRecord</code>, but can still see the product's history from when he was an owner using <code>ListRecordHistory</code>.</p> <p>If a provisioned product ownership is assigned to an end user, they can see and perform any action through the API or Service Catalog console such as update, terminate, and execute service actions. If an end user provisions a product and the owner is updated to someone else, they will no longer be able to see or perform any actions through API or the Service Catalog console on that provisioned product.</p>"
},
"IdempotencyToken":{
"shape":"IdempotencyToken",

226
botocore/data/servicediscovery/2017-03-14/service-2.json
View file

@ -25,7 +25,8 @@
{"shape":"InvalidInput"},
{"shape":"NamespaceAlreadyExists"},
{"shape":"ResourceLimitExceeded"},
{"shape":"DuplicateRequest"}
{"shape":"DuplicateRequest"},
{"shape":"TooManyTagsException"}
],
"documentation":"<p>Creates an HTTP namespace. Service instances that you register using an HTTP namespace can be discovered using a <code>DiscoverInstances</code> request but can't be discovered using DNS. </p> <p>For the current limit on the number of namespaces that you can create using the same AWS account, see <a href=\"https://docs.aws.amazon.com/cloud-map/latest/dg/cloud-map-limits.html\">AWS Cloud Map Limits</a> in the <i>AWS Cloud Map Developer Guide</i>.</p>"
},
@ -41,7 +42,8 @@
{"shape":"InvalidInput"},
{"shape":"NamespaceAlreadyExists"},
{"shape":"ResourceLimitExceeded"},
{"shape":"DuplicateRequest"}
{"shape":"DuplicateRequest"},
{"shape":"TooManyTagsException"}
],
"documentation":"<p>Creates a private namespace based on DNS, which will be visible only inside a specified Amazon VPC. The namespace defines your service naming scheme. For example, if you name your namespace <code>example.com</code> and name your service <code>backend</code>, the resulting DNS name for the service will be <code>backend.example.com</code>. For the current limit on the number of namespaces that you can create using the same AWS account, see <a href=\"https://docs.aws.amazon.com/cloud-map/latest/dg/cloud-map-limits.html\">AWS Cloud Map Limits</a> in the <i>AWS Cloud Map Developer Guide</i>.</p>"
},
@ -57,7 +59,8 @@
{"shape":"InvalidInput"},
{"shape":"NamespaceAlreadyExists"},
{"shape":"ResourceLimitExceeded"},
{"shape":"DuplicateRequest"}
{"shape":"DuplicateRequest"},
{"shape":"TooManyTagsException"}
],
"documentation":"<p>Creates a public namespace based on DNS, which will be visible on the internet. The namespace defines your service naming scheme. For example, if you name your namespace <code>example.com</code> and name your service <code>backend</code>, the resulting DNS name for the service will be <code>backend.example.com</code>. For the current limit on the number of namespaces that you can create using the same AWS account, see <a href=\"https://docs.aws.amazon.com/cloud-map/latest/dg/cloud-map-limits.html\">AWS Cloud Map Limits</a> in the <i>AWS Cloud Map Developer Guide</i>.</p>"
},
@ -73,7 +76,8 @@
{"shape":"InvalidInput"},
{"shape":"ResourceLimitExceeded"},
{"shape":"NamespaceNotFound"},
{"shape":"ServiceAlreadyExists"}
{"shape":"ServiceAlreadyExists"},
{"shape":"TooManyTagsException"}
],
"documentation":"<p>Creates a service, which defines the configuration for the following entities:</p> <ul> <li> <p>For public and private DNS namespaces, one of the following combinations of DNS records in Amazon Route 53:</p> <ul> <li> <p>A</p> </li> <li> <p>AAAA</p> </li> <li> <p>A and AAAA</p> </li> <li> <p>SRV</p> </li> <li> <p>CNAME</p> </li> </ul> </li> <li> <p>Optionally, a health check</p> </li> </ul> <p>After you create the service, you can submit a <a href=\"https://docs.aws.amazon.com/cloud-map/latest/api/API_RegisterInstance.html\">RegisterInstance</a> request, and AWS Cloud Map uses the values in the configuration to create the specified entities.</p> <p>For the current limit on the number of instances that you can register using the same namespace and using the same service, see <a href=\"https://docs.aws.amazon.com/cloud-map/latest/dg/cloud-map-limits.html\">AWS Cloud Map Limits</a> in the <i>AWS Cloud Map Developer Guide</i>.</p>"
},
@ -136,7 +140,8 @@
"errors":[
{"shape":"ServiceNotFound"},
{"shape":"NamespaceNotFound"},
{"shape":"InvalidInput"}
{"shape":"InvalidInput"},
{"shape":"RequestLimitExceeded"}
],
"documentation":"<p>Discovers registered instances for a specified namespace and service. You can use <code>DiscoverInstances</code> to discover instances for any type of namespace. For public and private DNS namespaces, you can also use DNS queries to discover instances.</p>",
"endpoint":{"hostPrefix":"data-"}
@ -266,6 +271,20 @@
],
"documentation":"<p>Lists summary information for all the services that are associated with one or more specified namespaces.</p>"
},
"ListTagsForResource":{
"name":"ListTagsForResource",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"ListTagsForResourceRequest"},
"output":{"shape":"ListTagsForResourceResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidInput"}
],
"documentation":"<p>Lists tags for the specified resource.</p>"
},
"RegisterInstance":{
"name":"RegisterInstance",
"http":{
@ -283,6 +302,35 @@
],
"documentation":"<p>Creates or updates one or more records and, optionally, creates a health check based on the settings in a specified service. When you submit a <code>RegisterInstance</code> request, the following occurs:</p> <ul> <li> <p>For each DNS record that you define in the service that is specified by <code>ServiceId</code>, a record is created or updated in the hosted zone that is associated with the corresponding namespace.</p> </li> <li> <p>If the service includes <code>HealthCheckConfig</code>, a health check is created based on the settings in the health check configuration.</p> </li> <li> <p>The health check, if any, is associated with each of the new or updated records.</p> </li> </ul> <important> <p>One <code>RegisterInstance</code> request must complete before you can submit another request and specify the same service ID and instance ID.</p> </important> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cloud-map/latest/api/API_CreateService.html\">CreateService</a>.</p> <p>When AWS Cloud Map receives a DNS query for the specified DNS name, it returns the applicable value:</p> <ul> <li> <p> <b>If the health check is healthy</b>: returns all the records</p> </li> <li> <p> <b>If the health check is unhealthy</b>: returns the applicable value for the last healthy instance</p> </li> <li> <p> <b>If you didn't specify a health check configuration</b>: returns all the records</p> </li> </ul> <p>For the current limit on the number of instances that you can register using the same namespace and using the same service, see <a href=\"https://docs.aws.amazon.com/cloud-map/latest/dg/cloud-map-limits.html\">AWS Cloud Map Limits</a> in the <i>AWS Cloud Map Developer Guide</i>.</p>"
},
"TagResource":{
"name":"TagResource",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"TagResourceRequest"},
"output":{"shape":"TagResourceResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"TooManyTagsException"},
{"shape":"InvalidInput"}
],
"documentation":"<p>Adds one or more tags to the specified resource.</p>"
},
"UntagResource":{
"name":"UntagResource",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"UntagResourceRequest"},
"output":{"shape":"UntagResourceResponse"},
"errors":[
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidInput"}
],
"documentation":"<p>Removes one or more tags from the specified resource.</p>"
},
"UpdateInstanceCustomHealthStatus":{
"name":"UpdateInstanceCustomHealthStatus",
"http":{
@ -315,17 +363,24 @@
}
},
"shapes":{
"AmazonResourceName":{
"type":"string",
"max":1011,
"min":1
},
"Arn":{
"type":"string",
"max":255
},
"AttrKey":{
"type":"string",
"max":255
"max":255,
"pattern":"^[a-zA-Z0-9!-~]+$"
},
"AttrValue":{
"type":"string",
"max":1024
"max":1024,
"pattern":"^([a-zA-Z0-9!-~][ \\ta-zA-Z0-9!-~]*){0,1}[a-zA-Z0-9!-~]{0,1}$"
},
"Attributes":{
"type":"map",
@ -349,6 +404,10 @@
"Description":{
"shape":"ResourceDescription",
"documentation":"<p>A description for the namespace.</p>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags to add to the namespace. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
}
}
},
@ -384,6 +443,10 @@
"Vpc":{
"shape":"ResourceId",
"documentation":"<p>The ID of the Amazon VPC that you want to associate the namespace with.</p>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags to add to the namespace. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
}
}
},
@ -412,6 +475,10 @@
"Description":{
"shape":"ResourceDescription",
"documentation":"<p>A description for the namespace.</p>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags to add to the namespace. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
}
}
},
@ -456,6 +523,10 @@
"HealthCheckCustomConfig":{
"shape":"HealthCheckCustomConfig",
"documentation":"<p>A complex type that contains information about an optional custom health check.</p> <important> <p>If you specify a health check configuration, you can specify either <code>HealthCheckCustomConfig</code> or <code>HealthCheckConfig</code> but not both.</p> </important> <p>You can't add, update, or delete a <code>HealthCheckCustomConfig</code> configuration from an existing service.</p>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags to add to the service. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.</p>"
}
}
},
@ -559,7 +630,7 @@
"documentation":"<p>The name of the service that you specified when you registered the instance.</p>"
},
"MaxResults":{
"shape":"MaxResults",
"shape":"DiscoverMaxResults",
"documentation":"<p>The maximum number of instances that you want AWS Cloud Map to return in the response to a <code>DiscoverInstances</code> request. If you don't specify a value for <code>MaxResults</code>, AWS Cloud Map returns up to 100 instances.</p>"
},
"QueryParameters":{
@ -581,6 +652,11 @@
}
}
},
"DiscoverMaxResults":{
"type":"integer",
"max":1000,
"min":1
},
"DnsConfig":{
"type":"structure",
"required":["DnsRecords"],
@ -1075,6 +1151,25 @@
}
}
},
"ListTagsForResourceRequest":{
"type":"structure",
"required":["ResourceARN"],
"members":{
"ResourceARN":{
"shape":"AmazonResourceName",
"documentation":"<p>The Amazon Resource Name (ARN) of the resource that you want to retrieve tags for.</p>"
}
}
},
"ListTagsForResourceResponse":{
"type":"structure",
"members":{
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags that are assigned to the resource.</p>"
}
}
},
"MaxResults":{
"type":"integer",
"max":100,
@ -1419,7 +1514,7 @@
},
"Attributes":{
"shape":"Attributes",
"documentation":"<p>A string map that contains the following information for the service that you specify in <code>ServiceId</code>:</p> <ul> <li> <p>The attributes that apply to the records that are defined in the service. </p> </li> <li> <p>For each attribute, the applicable value.</p> </li> </ul> <p>Supported attribute keys include the following:</p> <p> <b>AWS_ALIAS_DNS_NAME</b> </p> <p> <b/> </p> <p>If you want AWS Cloud Map to create an Amazon Route 53 alias record that routes traffic to an Elastic Load Balancing load balancer, specify the DNS name that is associated with the load balancer. For information about how to get the DNS name, see \"DNSName\" in the topic <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html\">AliasTarget</a> in the <i>Route 53 API Reference</i>.</p> <p>Note the following:</p> <ul> <li> <p>The configuration for the service that is specified by <code>ServiceId</code> must include settings for an A record, an AAAA record, or both.</p> </li> <li> <p>In the service that is specified by <code>ServiceId</code>, the value of <code>RoutingPolicy</code> must be <code>WEIGHTED</code>.</p> </li> <li> <p>If the service that is specified by <code>ServiceId</code> includes <code>HealthCheckConfig</code> settings, AWS Cloud Map will create the Route 53 health check, but it won't associate the health check with the alias record.</p> </li> <li> <p>Auto naming currently doesn't support creating alias records that route traffic to AWS resources other than ELB load balancers.</p> </li> <li> <p>If you specify a value for <code>AWS_ALIAS_DNS_NAME</code>, don't specify values for any of the <code>AWS_INSTANCE</code> attributes.</p> </li> </ul> <p> <b>AWS_INIT_HEALTH_STATUS</b> </p> <p>If the service configuration includes <code>HealthCheckCustomConfig</code>, you can optionally use <code>AWS_INIT_HEALTH_STATUS</code> to specify the initial status of the custom health check, <code>HEALTHY</code> or <code>UNHEALTHY</code>. If you don't specify a value for <code>AWS_INIT_HEALTH_STATUS</code>, the initial status is <code>HEALTHY</code>.</p> <p> <b>AWS_INSTANCE_CNAME</b> </p> <p>If the service configuration includes a CNAME record, the domain name that you want Route 53 to return in response to DNS queries, for example, <code>example.com</code>.</p> <p>This value is required if the service specified by <code>ServiceId</code> includes settings for an CNAME record.</p> <p> <b>AWS_INSTANCE_IPV4</b> </p> <p>If the service configuration includes an A record, the IPv4 address that you want Route 53 to return in response to DNS queries, for example, <code>192.0.2.44</code>.</p> <p>This value is required if the service specified by <code>ServiceId</code> includes settings for an A record. If the service includes settings for an SRV record, you must specify a value for <code>AWS_INSTANCE_IPV4</code>, <code>AWS_INSTANCE_IPV6</code>, or both.</p> <p> <b>AWS_INSTANCE_IPV6</b> </p> <p>If the service configuration includes an AAAA record, the IPv6 address that you want Route 53 to return in response to DNS queries, for example, <code>2001:0db8:85a3:0000:0000:abcd:0001:2345</code>.</p> <p>This value is required if the service specified by <code>ServiceId</code> includes settings for an AAAA record. If the service includes settings for an SRV record, you must specify a value for <code>AWS_INSTANCE_IPV4</code>, <code>AWS_INSTANCE_IPV6</code>, or both.</p> <p> <b>AWS_INSTANCE_PORT</b> </p> <p>If the service includes an SRV record, the value that you want Route 53 to return for the port.</p> <p>If the service includes <code>HealthCheckConfig</code>, the port on the endpoint that you want Route 53 to send requests to. </p> <p>This value is required if you specified settings for an SRV record or a Route 53 health check when you created the service.</p> <p> <b>Custom attributes</b> </p> <p>You can add up to 30 custom attributes. For each key-value pair, the maximum length of the attribute name is 255 characters, and the maximum length of the attribute value is 1,024 characters. </p>"
"documentation":"<p>A string map that contains the following information for the service that you specify in <code>ServiceId</code>:</p> <ul> <li> <p>The attributes that apply to the records that are defined in the service. </p> </li> <li> <p>For each attribute, the applicable value.</p> </li> </ul> <p>Supported attribute keys include the following:</p> <p> <b>AWS_ALIAS_DNS_NAME</b> </p> <p> <b/> </p> <p>If you want AWS Cloud Map to create an Amazon Route 53 alias record that routes traffic to an Elastic Load Balancing load balancer, specify the DNS name that is associated with the load balancer. For information about how to get the DNS name, see \"DNSName\" in the topic <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html\">AliasTarget</a> in the <i>Route 53 API Reference</i>.</p> <p>Note the following:</p> <ul> <li> <p>The configuration for the service that is specified by <code>ServiceId</code> must include settings for an A record, an AAAA record, or both.</p> </li> <li> <p>In the service that is specified by <code>ServiceId</code>, the value of <code>RoutingPolicy</code> must be <code>WEIGHTED</code>.</p> </li> <li> <p>If the service that is specified by <code>ServiceId</code> includes <code>HealthCheckConfig</code> settings, AWS Cloud Map will create the Route 53 health check, but it won't associate the health check with the alias record.</p> </li> <li> <p>Auto naming currently doesn't support creating alias records that route traffic to AWS resources other than ELB load balancers.</p> </li> <li> <p>If you specify a value for <code>AWS_ALIAS_DNS_NAME</code>, don't specify values for any of the <code>AWS_INSTANCE</code> attributes.</p> </li> </ul> <p> <b>AWS_INIT_HEALTH_STATUS</b> </p> <p>If the service configuration includes <code>HealthCheckCustomConfig</code>, you can optionally use <code>AWS_INIT_HEALTH_STATUS</code> to specify the initial status of the custom health check, <code>HEALTHY</code> or <code>UNHEALTHY</code>. If you don't specify a value for <code>AWS_INIT_HEALTH_STATUS</code>, the initial status is <code>HEALTHY</code>.</p> <p> <b>AWS_INSTANCE_CNAME</b> </p> <p>If the service configuration includes a CNAME record, the domain name that you want Route 53 to return in response to DNS queries, for example, <code>example.com</code>.</p> <p>This value is required if the service specified by <code>ServiceId</code> includes settings for an CNAME record.</p> <p> <b>AWS_INSTANCE_IPV4</b> </p> <p>If the service configuration includes an A record, the IPv4 address that you want Route 53 to return in response to DNS queries, for example, <code>192.0.2.44</code>.</p> <p>This value is required if the service specified by <code>ServiceId</code> includes settings for an A record. If the service includes settings for an SRV record, you must specify a value for <code>AWS_INSTANCE_IPV4</code>, <code>AWS_INSTANCE_IPV6</code>, or both.</p> <p> <b>AWS_INSTANCE_IPV6</b> </p> <p>If the service configuration includes an AAAA record, the IPv6 address that you want Route 53 to return in response to DNS queries, for example, <code>2001:0db8:85a3:0000:0000:abcd:0001:2345</code>.</p> <p>This value is required if the service specified by <code>ServiceId</code> includes settings for an AAAA record. If the service includes settings for an SRV record, you must specify a value for <code>AWS_INSTANCE_IPV4</code>, <code>AWS_INSTANCE_IPV6</code>, or both.</p> <p> <b>AWS_INSTANCE_PORT</b> </p> <p>If the service includes an SRV record, the value that you want Route 53 to return for the port.</p> <p>If the service includes <code>HealthCheckConfig</code>, the port on the endpoint that you want Route 53 to send requests to. </p> <p>This value is required if you specified settings for an SRV record or a Route 53 health check when you created the service.</p> <p> <b>Custom attributes</b> </p> <p>You can add up to 30 custom attributes. For each key-value pair, the maximum length of the attribute name is 255 characters, and the maximum length of the attribute value is 1,024 characters. Total size of all provided attributes (sum of all keys and values) must not exceed 5,000 characters.</p>"
}
}
},
@ -1432,6 +1527,14 @@
}
}
},
"RequestLimitExceeded":{
"type":"structure",
"members":{
"Message":{"shape":"ErrorMessage"}
},
"documentation":"<p>The operation can't be completed because you've reached the limit on the number of requests.</p>",
"exception":true
},
"ResourceCount":{"type":"integer"},
"ResourceDescription":{
"type":"string",
@ -1457,6 +1560,14 @@
"documentation":"<p>The resource can't be created because you've reached the limit on the number of resources.</p>",
"exception":true
},
"ResourceNotFoundException":{
"type":"structure",
"members":{
"Message":{"shape":"ErrorMessage"}
},
"documentation":"<p>The operation can't be completed because the resource was not found.</p>",
"exception":true
},
"ResourcePath":{
"type":"string",
"max":255
@ -1536,7 +1647,6 @@
},
"ServiceChange":{
"type":"structure",
"required":["DnsConfig"],
"members":{
"Description":{
"shape":"ResourceDescription",
@ -1629,7 +1739,103 @@
},
"documentation":"<p>A complex type that contains information about a specified service.</p>"
},
"Tag":{
"type":"structure",
"required":[
"Key",
"Value"
],
"members":{
"Key":{
"shape":"TagKey",
"documentation":"<p>The key identifier, or name, of the tag.</p>"
},
"Value":{
"shape":"TagValue",
"documentation":"<p>The string value that's associated with the key of the tag. You can set the value of a tag to an empty string, but you can't set the value of a tag to null.</p>"
}
},
"documentation":"<p>A custom key-value pair associated with a resource.</p>"
},
"TagKey":{
"type":"string",
"max":128,
"min":1
},
"TagKeyList":{
"type":"list",
"member":{"shape":"TagKey"},
"max":200,
"min":0
},
"TagList":{
"type":"list",
"member":{"shape":"Tag"},
"max":200,
"min":0
},
"TagResourceRequest":{
"type":"structure",
"required":[
"ResourceARN",
"Tags"
],
"members":{
"ResourceARN":{
"shape":"AmazonResourceName",
"documentation":"<p>The Amazon Resource Name (ARN) of the resource that you want to retrieve tags for.</p>"
},
"Tags":{
"shape":"TagList",
"documentation":"<p>The tags to add to the specified resource. Specifying the tag key is required. You can set the value of a tag to an empty string, but you can't set the value of a tag to null.</p>"
}
}
},
"TagResourceResponse":{
"type":"structure",
"members":{
}
},
"TagValue":{
"type":"string",
"max":256,
"min":0
},
"Timestamp":{"type":"timestamp"},
"TooManyTagsException":{
"type":"structure",
"members":{
"Message":{"shape":"ErrorMessage"},
"ResourceName":{
"shape":"AmazonResourceName",
"documentation":"<p>The name of the resource.</p>"
}
},
"documentation":"<p>The list of tags on the resource is over the limit. The maximum number of tags that can be applied to a resource is 50.</p>",
"exception":true
},
"UntagResourceRequest":{
"type":"structure",
"required":[
"ResourceARN",
"TagKeys"
],
"members":{
"ResourceARN":{
"shape":"AmazonResourceName",
"documentation":"<p>The Amazon Resource Name (ARN) of the resource that you want to retrieve tags for.</p>"
},
"TagKeys":{
"shape":"TagKeyList",
"documentation":"<p>The tag keys to remove from the specified resource.</p>"
}
}
},
"UntagResourceResponse":{
"type":"structure",
"members":{
}
},
"UpdateInstanceCustomHealthStatusRequest":{
"type":"structure",
"required":[

146
botocore/data/shield/2016-06-02/service-2.json
View file

@ -31,7 +31,7 @@
{"shape":"OptimisticLockException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Authorizes the DDoS Response team (DRT) to access the specified Amazon S3 bucket containing your AWS WAF logs. You can associate up to 10 Amazon S3 buckets with your subscription.</p> <p>To use the services of the DRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
"documentation":"<p>Authorizes the DDoS Response Team (DRT) to access the specified Amazon S3 bucket containing your AWS WAF logs. You can associate up to 10 Amazon S3 buckets with your subscription.</p> <p>To use the services of the DRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
},
"AssociateDRTRole":{
"name":"AssociateDRTRole",
@ -49,7 +49,7 @@
{"shape":"OptimisticLockException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Authorizes the DDoS Response team (DRT), using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks. This enables the DRT to inspect your AWS WAF configuration and create or update AWS WAF rules and web ACLs.</p> <p>You can associate only one <code>RoleArn</code> with your subscription. If you submit an <code>AssociateDRTRole</code> request for an account that already has an associated role, the new <code>RoleArn</code> will replace the existing <code>RoleArn</code>. </p> <p>Prior to making the <code>AssociateDRTRole</code> request, you must attach the <a href=\"https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy\">AWSShieldDRTAccessPolicy</a> managed policy to the role you will specify in the request. For more information see <a href=\" https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html\">Attaching and Detaching IAM Policies</a>. The role must also trust the service principal <code> drt.shield.amazonaws.com</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html\">IAM JSON Policy Elements: Principal</a>.</p> <p>The DRT will have access only to your AWS WAF and Shield resources. By submitting this request, you authorize the DRT to inspect your AWS WAF and Shield configuration and create and update AWS WAF rules and web ACLs on your behalf. The DRT takes these actions only if explicitly authorized by you.</p> <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html\">Granting a User Permissions to Pass a Role to an AWS Service</a>. </p> <p>To use the services of the DRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
"documentation":"<p>Authorizes the DDoS Response Team (DRT), using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks. This enables the DRT to inspect your AWS WAF configuration and create or update AWS WAF rules and web ACLs.</p> <p>You can associate only one <code>RoleArn</code> with your subscription. If you submit an <code>AssociateDRTRole</code> request for an account that already has an associated role, the new <code>RoleArn</code> will replace the existing <code>RoleArn</code>. </p> <p>Prior to making the <code>AssociateDRTRole</code> request, you must attach the <a href=\"https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy\">AWSShieldDRTAccessPolicy</a> managed policy to the role you will specify in the request. For more information see <a href=\" https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html\">Attaching and Detaching IAM Policies</a>. The role must also trust the service principal <code> drt.shield.amazonaws.com</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html\">IAM JSON Policy Elements: Principal</a>.</p> <p>The DRT will have access only to your AWS WAF and Shield resources. By submitting this request, you authorize the DRT to inspect your AWS WAF and Shield configuration and create and update AWS WAF rules and web ACLs on your behalf. The DRT takes these actions only if explicitly authorized by you.</p> <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html\">Granting a User Permissions to Pass a Role to an AWS Service</a>. </p> <p>To use the services of the DRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
},
"AssociateHealthCheck":{
"name":"AssociateHealthCheck",
@ -68,6 +68,23 @@
],
"documentation":"<p>Adds health-based detection to the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your AWS resource to improve responsiveness and accuracy in attack detection and mitigation. </p> <p>You define the health check in Route 53 and then associate it with your Shield Advanced protection. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option\">Shield Advanced Health-Based Detection</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/\">AWS WAF and AWS Shield Developer Guide</a>. </p>"
},
"AssociateProactiveEngagementDetails":{
"name":"AssociateProactiveEngagementDetails",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"AssociateProactiveEngagementDetailsRequest"},
"output":{"shape":"AssociateProactiveEngagementDetailsResponse"},
"errors":[
{"shape":"InternalErrorException"},
{"shape":"InvalidOperationException"},
{"shape":"InvalidParameterException"},
{"shape":"ResourceNotFoundException"},
{"shape":"OptimisticLockException"}
],
"documentation":"<p>Initializes proactive engagement and sets the list of contacts for the DDoS Response Team (DRT) to use. You must provide at least one phone number in the emergency contact list. </p> <p>After you have initialized proactive engagement using this call, to disable or enable proactive engagement, use the calls <code>DisableProactiveEngagement</code> and <code>EnableProactiveEngagement</code>. </p> <note> <p>This call defines the list of email addresses and phone numbers that the DDoS Response Team (DRT) can use to contact you for escalations to the DRT and to initiate proactive customer support.</p> <p>The contacts that you provide in the request replace any contacts that were already defined. If you already have contacts defined and want to use them, retrieve the list using <code>DescribeEmergencyContactSettings</code> and then provide it to this call. </p> </note>"
},
"CreateProtection":{
"name":"CreateProtection",
"http":{
@ -99,7 +116,7 @@
{"shape":"InternalErrorException"},
{"shape":"ResourceAlreadyExistsException"}
],
"documentation":"<p>Activates AWS Shield Advanced for an account.</p> <p>As part of this request you can specify <code>EmergencySettings</code> that automaticaly grant the DDoS response team (DRT) needed permissions to assist you during a suspected DDoS attack. For more information see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/authorize-DRT.html\">Authorize the DDoS Response Team to Create Rules and Web ACLs on Your Behalf</a>.</p> <p>To use the services of the DRT, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p> <p>When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period. You can change this by submitting an <code>UpdateSubscription</code> request. </p>"
"documentation":"<p>Activates AWS Shield Advanced for an account.</p> <p>When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period. You can change this by submitting an <code>UpdateSubscription</code> request. </p>"
},
"DeleteProtection":{
"name":"DeleteProtection",
@ -158,7 +175,7 @@
{"shape":"InternalErrorException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Returns the current role and list of Amazon S3 log buckets used by the DDoS Response team (DRT) to access your AWS account while assisting with attack mitigation.</p>"
"documentation":"<p>Returns the current role and list of Amazon S3 log buckets used by the DDoS Response Team (DRT) to access your AWS account while assisting with attack mitigation.</p>"
},
"DescribeEmergencyContactSettings":{
"name":"DescribeEmergencyContactSettings",
@ -172,7 +189,7 @@
{"shape":"InternalErrorException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Lists the email addresses that the DRT can use to contact you during a suspected attack.</p>"
"documentation":"<p>A list of email addresses and phone numbers that the DDoS Response Team (DRT) can use to contact you if you have proactive engagement enabled, for escalations to the DRT and to initiate proactive customer support.</p>"
},
"DescribeProtection":{
"name":"DescribeProtection",
@ -203,6 +220,23 @@
],
"documentation":"<p>Provides details about the AWS Shield Advanced subscription for an account.</p>"
},
"DisableProactiveEngagement":{
"name":"DisableProactiveEngagement",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"DisableProactiveEngagementRequest"},
"output":{"shape":"DisableProactiveEngagementResponse"},
"errors":[
{"shape":"InternalErrorException"},
{"shape":"InvalidOperationException"},
{"shape":"InvalidParameterException"},
{"shape":"ResourceNotFoundException"},
{"shape":"OptimisticLockException"}
],
"documentation":"<p>Removes authorization from the DDoS Response Team (DRT) to notify contacts about escalations to the DRT and to initiate proactive customer support.</p>"
},
"DisassociateDRTLogBucket":{
"name":"DisassociateDRTLogBucket",
"http":{
@ -219,7 +253,7 @@
{"shape":"OptimisticLockException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Removes the DDoS Response team's (DRT) access to the specified Amazon S3 bucket containing your AWS WAF logs.</p> <p>To make a <code>DisassociateDRTLogBucket</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>. However, if you are not subscribed to one of these support plans, but had been previously and had granted the DRT access to your account, you can submit a <code>DisassociateDRTLogBucket</code> request to remove this access.</p>"
"documentation":"<p>Removes the DDoS Response Team's (DRT) access to the specified Amazon S3 bucket containing your AWS WAF logs.</p> <p>To make a <code>DisassociateDRTLogBucket</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>. However, if you are not subscribed to one of these support plans, but had been previously and had granted the DRT access to your account, you can submit a <code>DisassociateDRTLogBucket</code> request to remove this access.</p>"
},
"DisassociateDRTRole":{
"name":"DisassociateDRTRole",
@ -235,7 +269,7 @@
{"shape":"OptimisticLockException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Removes the DDoS Response team's (DRT) access to your AWS account.</p> <p>To make a <code>DisassociateDRTRole</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>. However, if you are not subscribed to one of these support plans, but had been previously and had granted the DRT access to your account, you can submit a <code>DisassociateDRTRole</code> request to remove this access.</p>"
"documentation":"<p>Removes the DDoS Response Team's (DRT) access to your AWS account.</p> <p>To make a <code>DisassociateDRTRole</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>. However, if you are not subscribed to one of these support plans, but had been previously and had granted the DRT access to your account, you can submit a <code>DisassociateDRTRole</code> request to remove this access.</p>"
},
"DisassociateHealthCheck":{
"name":"DisassociateHealthCheck",
@ -253,6 +287,23 @@
],
"documentation":"<p>Removes health-based detection from the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your AWS resource to improve responsiveness and accuracy in attack detection and mitigation. </p> <p>You define the health check in Route 53 and then associate or disassociate it with your Shield Advanced protection. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option\">Shield Advanced Health-Based Detection</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/\">AWS WAF and AWS Shield Developer Guide</a>. </p>"
},
"EnableProactiveEngagement":{
"name":"EnableProactiveEngagement",
"http":{
"method":"POST",
"requestUri":"/"
},
"input":{"shape":"EnableProactiveEngagementRequest"},
"output":{"shape":"EnableProactiveEngagementResponse"},
"errors":[
{"shape":"InternalErrorException"},
{"shape":"InvalidOperationException"},
{"shape":"InvalidParameterException"},
{"shape":"ResourceNotFoundException"},
{"shape":"OptimisticLockException"}
],
"documentation":"<p>Authorizes the DDoS Response Team (DRT) to use email and phone to notify contacts about escalations to the DRT and to initiate proactive customer support.</p>"
},
"GetSubscriptionState":{
"name":"GetSubscriptionState",
"http":{
@ -310,7 +361,7 @@
{"shape":"OptimisticLockException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Updates the details of the list of email addresses that the DRT can use to contact you during a suspected attack.</p>"
"documentation":"<p>Updates the details of the list of email addresses and phone numbers that the DDoS Response Team (DRT) can use to contact you if you have proactive engagement enabled, for escalations to the DRT and to initiate proactive customer support.</p>"
},
"UpdateSubscription":{
"name":"UpdateSubscription",
@ -344,7 +395,7 @@
"members":{
"message":{"shape":"errorMessage"}
},
"documentation":"<p>In order to grant the necessary access to the DDoS Response Team, the user submitting the request must have the <code>iam:PassRole</code> permission. This error indicates the user did not have the appropriate permissions. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html\">Granting a User Permissions to Pass a Role to an AWS Service</a>. </p>",
"documentation":"<p>In order to grant the necessary access to the DDoS Response Team (DRT), the user submitting the request must have the <code>iam:PassRole</code> permission. This error indicates the user did not have the appropriate permissions. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html\">Granting a User Permissions to Pass a Role to an AWS Service</a>. </p>",
"exception":true
},
"AssociateDRTLogBucketRequest":{
@ -399,6 +450,21 @@
"members":{
}
},
"AssociateProactiveEngagementDetailsRequest":{
"type":"structure",
"required":["EmergencyContactList"],
"members":{
"EmergencyContactList":{
"shape":"EmergencyContactList",
"documentation":"<p>A list of email addresses and phone numbers that the DDoS Response Team (DRT) can use to contact you for escalations to the DRT and to initiate proactive customer support. </p> <p>To enable proactive engagement, the contact list must include at least one phone number.</p> <note> <p>The contacts that you provide here replace any contacts that were already defined. If you already have contacts defined and want to use them, retrieve the list using <code>DescribeEmergencyContactSettings</code> and then provide it here. </p> </note>"
}
}
},
"AssociateProactiveEngagementDetailsResponse":{
"type":"structure",
"members":{
}
},
"AttackDetail":{
"type":"structure",
"members":{
@ -546,6 +612,12 @@
"DISABLED"
]
},
"ContactNotes":{
"type":"string",
"max":1024,
"min":1,
"pattern":"^[\\w\\s\\.\\-,:/()+@]*$"
},
"Contributor":{
"type":"structure",
"members":{
@ -670,7 +742,7 @@
"members":{
"EmergencyContactList":{
"shape":"EmergencyContactList",
"documentation":"<p>A list of email addresses that the DRT can use to contact you during a suspected attack.</p>"
"documentation":"<p>A list of email addresses and phone numbers that the DDoS Response Team (DRT) can use to contact you if you have proactive engagement enabled, for escalations to the DRT and to initiate proactive customer support.</p>"
}
}
},
@ -710,6 +782,16 @@
}
}
},
"DisableProactiveEngagementRequest":{
"type":"structure",
"members":{
}
},
"DisableProactiveEngagementResponse":{
"type":"structure",
"members":{
}
},
"DisassociateDRTLogBucketRequest":{
"type":"structure",
"required":["LogBucket"],
@ -774,10 +856,18 @@
"members":{
"EmailAddress":{
"shape":"EmailAddress",
"documentation":"<p>An email address that the DRT can use to contact you during a suspected attack.</p>"
"documentation":"<p>The email address for the contact.</p>"
},
"PhoneNumber":{
"shape":"PhoneNumber",
"documentation":"<p>The phone number for the contact.</p>"
},
"ContactNotes":{
"shape":"ContactNotes",
"documentation":"<p>Additional notes regarding the contact. </p>"
}
},
"documentation":"<p>Contact information that the DRT can use to contact you during a suspected attack.</p>"
"documentation":"<p>Contact information that the DRT can use to contact you if you have proactive engagement enabled, for escalations to the DRT and to initiate proactive customer support.</p>"
},
"EmergencyContactList":{
"type":"list",
@ -785,6 +875,16 @@
"max":10,
"min":0
},
"EnableProactiveEngagementRequest":{
"type":"structure",
"members":{
}
},
"EnableProactiveEngagementResponse":{
"type":"structure",
"members":{
}
},
"GetSubscriptionStateRequest":{
"type":"structure",
"members":{
@ -1001,9 +1101,23 @@
"members":{
"message":{"shape":"errorMessage"}
},
"documentation":"<p>Exception that indicates that the protection state has been modified by another client. You can retry the request.</p>",
"documentation":"<p>Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.</p>",
"exception":true
},
"PhoneNumber":{
"type":"string",
"max":16,
"min":1,
"pattern":"^\\+[1-9]\\d{1,14}$"
},
"ProactiveEngagementStatus":{
"type":"string",
"enum":[
"ENABLED",
"DISABLED",
"PENDING"
]
},
"Protection":{
"type":"structure",
"members":{
@ -1130,6 +1244,10 @@
"Limits":{
"shape":"Limits",
"documentation":"<p>Specifies how many protections of a given type you can create.</p>"
},
"ProactiveEngagementStatus":{
"shape":"ProactiveEngagementStatus",
"documentation":"<p>If <code>ENABLED</code>, the DDoS Response Team (DRT) will use email and phone to notify contacts about escalations to the DRT and to initiate proactive customer support.</p> <p>If <code>PENDING</code>, you have requested proactive engagement and the request is pending. The status changes to <code>ENABLED</code> when your request is fully processed.</p> <p>If <code>DISABLED</code>, the DRT will not proactively notify contacts about escalations or to initiate proactive customer support. </p>"
}
},
"documentation":"<p>Information about the AWS Shield Advanced subscription for an account.</p>"
@ -1233,7 +1351,7 @@
"members":{
"EmergencyContactList":{
"shape":"EmergencyContactList",
"documentation":"<p>A list of email addresses that the DRT can use to contact you during a suspected attack.</p>"
"documentation":"<p>A list of email addresses and phone numbers that the DDoS Response Team (DRT) can use to contact you if you have proactive engagement enabled, for escalations to the DRT and to initiate proactive customer support.</p> <p>If you have proactive engagement enabled, the contact list must include at least one phone number.</p>"
}
}
},

56
botocore/data/snowball/2016-06-30/service-2.json
View file

@ -464,7 +464,7 @@
},
"SnowballType":{
"shape":"SnowballType",
"documentation":"<p>The type of AWS Snowball device to use for this cluster. Currently, the only supported device type for cluster jobs is <code>EDGE</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/snowball/latest/developer-guide/device-differences.html\">Snowball Edge Device Options</a> in the Snowball Edge Developer Guide.</p>"
"documentation":"<p>The type of AWS Snowball device to use for this cluster. </p> <note> <p>For cluster jobs, AWS Snowball currently supports only the <code>EDGE</code> device type.</p> </note>"
},
"CreationDate":{
"shape":"Timestamp",
@ -580,11 +580,11 @@
},
"SnowballType":{
"shape":"SnowballType",
"documentation":"<p>The type of AWS Snowball device to use for this cluster. Currently, the only supported device type for cluster jobs is <code>EDGE</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/snowball/latest/developer-guide/device-differences.html\">Snowball Edge Device Options</a> in the Snowball Edge Developer Guide.</p>"
"documentation":"<p>The type of AWS Snowball device to use for this cluster. </p> <note> <p>For cluster jobs, AWS Snowball currently supports only the <code>EDGE</code> device type.</p> </note>"
},
"ShippingOption":{
"shape":"ShippingOption",
"documentation":"<p>The shipping speed for each node in this cluster. This speed doesn't dictate how soon you'll get each Snowball Edge device, rather it represents how quickly each device moves to its destination while in transit. Regional shipping speeds are as follows:</p> <ul> <li> <p>In Australia, you have access to express shipping. Typically, devices shipped express are delivered in about a day.</p> </li> <li> <p>In the European Union (EU), you have access to express shipping. Typically, Snowball Edges shipped express are delivered in about a day. In addition, most countries in the EU have access to standard shipping, which typically takes less than a week, one way.</p> </li> <li> <p>In India, Snowball Edges are delivered in one to seven days.</p> </li> <li> <p>In the US, you have access to one-day shipping and two-day shipping.</p> </li> </ul>"
"documentation":"<p>The shipping speed for each node in this cluster. This speed doesn't dictate how soon you'll get each Snowball Edge device, rather it represents how quickly each device moves to its destination while in transit. Regional shipping speeds are as follows: </p> <ul> <li> <p>In Australia, you have access to express shipping. Typically, Snowballs shipped express are delivered in about a day.</p> </li> <li> <p>In the European Union (EU), you have access to express shipping. Typically, Snowballs shipped express are delivered in about a day. In addition, most countries in the EU have access to standard shipping, which typically takes less than a week, one way.</p> </li> <li> <p>In India, Snowballs are delivered in one to seven days.</p> </li> <li> <p>In the United States of America (US), you have access to one-day shipping and two-day shipping.</p> </li> </ul> <ul> <li> <p>In Australia, you have access to express shipping. Typically, devices shipped express are delivered in about a day.</p> </li> <li> <p>In the European Union (EU), you have access to express shipping. Typically, Snowball Edges shipped express are delivered in about a day. In addition, most countries in the EU have access to standard shipping, which typically takes less than a week, one way.</p> </li> <li> <p>In India, Snowball Edges are delivered in one to seven days.</p> </li> <li> <p>In the US, you have access to one-day shipping and two-day shipping.</p> </li> </ul>"
},
"Notification":{
"shape":"Notification",
@ -654,7 +654,7 @@
},
"SnowballType":{
"shape":"SnowballType",
"documentation":"<p>The type of AWS Snowball device to use for this job. Currently, the only supported device type for cluster jobs is <code>EDGE</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/snowball/latest/developer-guide/device-differences.html\">Snowball Edge Device Options</a> in the Snowball Edge Developer Guide.</p>"
"documentation":"<p>The type of AWS Snowball device to use for this job. </p> <note> <p>For cluster jobs, AWS Snowball currently supports only the <code>EDGE</code> device type.</p> </note> <p>The type of AWS Snowball device to use for this job. Currently, the only supported device type for cluster jobs is <code>EDGE</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/snowball/latest/developer-guide/device-differences.html\">Snowball Edge Device Options</a> in the Snowball Edge Developer Guide.</p>"
},
"ForwardingAddressId":{
"shape":"AddressId",
@ -663,6 +663,10 @@
"TaxDocuments":{
"shape":"TaxDocuments",
"documentation":"<p>The tax documents required in your AWS Region.</p>"
},
"DeviceConfiguration":{
"shape":"DeviceConfiguration",
"documentation":"<p>Defines the device configuration for an AWS Snowcone job.</p>"
}
}
},
@ -784,6 +788,16 @@
}
}
},
"DeviceConfiguration":{
"type":"structure",
"members":{
"SnowconeDeviceConfiguration":{
"shape":"SnowconeDeviceConfiguration",
"documentation":"<p>Returns information about the device configuration for an AWS Snowcone job.</p>"
}
},
"documentation":"<p>The container for <code>SnowconeDeviceConfiguration</code>. </p>"
},
"Ec2AmiResource":{
"type":"structure",
"required":["AmiId"],
@ -928,7 +942,7 @@
"members":{
"Message":{"shape":"String"}
},
"documentation":"<p>Job or cluster creation failed. One ore more inputs were invalid. Confirm that the <a>CreateClusterRequest$SnowballType</a> value supports your <a>CreateJobRequest$JobType</a>, and try again.</p>",
"documentation":"<p>Job or cluster creation failed. One or more inputs were invalid. Confirm that the <a>CreateClusterRequest$SnowballType</a> value supports your <a>CreateJobRequest$JobType</a>, and try again.</p>",
"exception":true
},
"InvalidJobStateException":{
@ -1095,7 +1109,8 @@
"TaxDocuments":{
"shape":"TaxDocuments",
"documentation":"<p>The metadata associated with the tax documents required in your AWS Region.</p>"
}
},
"DeviceConfiguration":{"shape":"DeviceConfiguration"}
},
"documentation":"<p>Contains information about a specific job including shipping information, job status, and other important metadata. This information is returned as a part of the response syntax of the <code>DescribeJob</code> action.</p>"
},
@ -1405,6 +1420,7 @@
"T100",
"T42",
"T98",
"T8",
"NoPreference"
]
},
@ -1415,9 +1431,20 @@
"EDGE",
"EDGE_C",
"EDGE_CG",
"EDGE_S"
"EDGE_S",
"SNC1_HDD"
]
},
"SnowconeDeviceConfiguration":{
"type":"structure",
"members":{
"WirelessConnection":{
"shape":"WirelessConnection",
"documentation":"<p>Configures the wireless connection for the AWS Snowcone device.</p>"
}
},
"documentation":"<p>Specifies the device configuration for an AWS Snowcone job. </p>"
},
"SnsTopicARN":{
"type":"string",
"max":255,
@ -1430,10 +1457,7 @@
"TaxDocuments":{
"type":"structure",
"members":{
"IND":{
"shape":"INDTaxDocuments",
"documentation":"<p>The tax documents required in AWS Regions in India.</p>"
}
"IND":{"shape":"INDTaxDocuments"}
},
"documentation":"<p>The tax documents required in your AWS Region.</p>"
},
@ -1535,6 +1559,16 @@
"type":"structure",
"members":{
}
},
"WirelessConnection":{
"type":"structure",
"members":{
"IsWifiEnabled":{
"shape":"Boolean",
"documentation":"<p>Enables the Wi-Fi adapter on an AWS Snowcone device.</p>"
}
},
"documentation":"<p>Configures the wireless connection on an AWS Snowcone device.</p>"
}
},
"documentation":"<p>AWS Snowball is a petabyte-scale data transport solution that uses secure devices to transfer large amounts of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3). The Snowball commands described here provide access to the same functionality that is available in the AWS Snowball Management Console, which enables you to create and manage jobs for Snowball. To transfer data locally with a Snowball device, you'll need to use the Snowball client or the Amazon S3 API adapter for Snowball. For more information, see the <a href=\"https://docs.aws.amazon.com/AWSImportExport/latest/ug/api-reference.html\">User Guide</a>.</p>"

21
botocore/data/ssm/2014-11-06/service-2.json
View file

@ -2066,6 +2066,7 @@
"documentation":"<p>Error returned if an attempt is made to register a patch group with a patch baseline that is already registered with a different patch baseline.</p>",
"exception":true
},
"ApplyOnlyAtCronInterval":{"type":"boolean"},
"ApproveAfterDays":{
"type":"integer",
"max":100,
@ -2227,6 +2228,10 @@
"SyncCompliance":{
"shape":"AssociationSyncCompliance",
"documentation":"<p>The mode for generating association compliance. You can specify <code>AUTO</code> or <code>MANUAL</code>. In <code>AUTO</code> mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is <code>COMPLIANT</code>. If the association execution doesn't run successfully, the association is <code>NON-COMPLIANT</code>.</p> <p>In <code>MANUAL</code> mode, you must specify the <code>AssociationId</code> as a parameter for the <a>PutComplianceItems</a> API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the <a>PutComplianceItems</a> API action.</p> <p>By default, all associations use <code>AUTO</code> mode.</p>"
},
"ApplyOnlyAtCronInterval":{
"shape":"ApplyOnlyAtCronInterval",
"documentation":"<p>By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it.</p>"
}
},
"documentation":"<p>Describes the parameters for a document.</p>"
@ -2628,6 +2633,10 @@
"SyncCompliance":{
"shape":"AssociationSyncCompliance",
"documentation":"<p>The mode for generating association compliance. You can specify <code>AUTO</code> or <code>MANUAL</code>. In <code>AUTO</code> mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is <code>COMPLIANT</code>. If the association execution doesn't run successfully, the association is <code>NON-COMPLIANT</code>.</p> <p>In <code>MANUAL</code> mode, you must specify the <code>AssociationId</code> as a parameter for the <a>PutComplianceItems</a> API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the <a>PutComplianceItems</a> API action.</p> <p>By default, all associations use <code>AUTO</code> mode.</p>"
},
"ApplyOnlyAtCronInterval":{
"shape":"ApplyOnlyAtCronInterval",
"documentation":"<p>By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it.</p>"
}
},
"documentation":"<p>Information about the association version.</p>"
@ -3929,6 +3938,10 @@
"SyncCompliance":{
"shape":"AssociationSyncCompliance",
"documentation":"<p>The mode for generating association compliance. You can specify <code>AUTO</code> or <code>MANUAL</code>. In <code>AUTO</code> mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is <code>COMPLIANT</code>. If the association execution doesn't run successfully, the association is <code>NON-COMPLIANT</code>. </p> <p>In <code>MANUAL</code> mode, you must specify the <code>AssociationId</code> as a parameter for the <a>PutComplianceItems</a> API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the <a>PutComplianceItems</a> API action.</p> <p>By default, all associations use <code>AUTO</code> mode.</p>"
},
"ApplyOnlyAtCronInterval":{
"shape":"ApplyOnlyAtCronInterval",
"documentation":"<p>By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it.</p>"
}
},
"documentation":"<p>Describes the association of a Systems Manager SSM document and an instance.</p>"
@ -4001,6 +4014,10 @@
"SyncCompliance":{
"shape":"AssociationSyncCompliance",
"documentation":"<p>The mode for generating association compliance. You can specify <code>AUTO</code> or <code>MANUAL</code>. In <code>AUTO</code> mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is <code>COMPLIANT</code>. If the association execution doesn't run successfully, the association is <code>NON-COMPLIANT</code>.</p> <p>In <code>MANUAL</code> mode, you must specify the <code>AssociationId</code> as a parameter for the <a>PutComplianceItems</a> API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the <a>PutComplianceItems</a> API action.</p> <p>By default, all associations use <code>AUTO</code> mode.</p>"
},
"ApplyOnlyAtCronInterval":{
"shape":"ApplyOnlyAtCronInterval",
"documentation":"<p>By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it.</p>"
}
}
},
@ -13476,6 +13493,10 @@
"SyncCompliance":{
"shape":"AssociationSyncCompliance",
"documentation":"<p>The mode for generating association compliance. You can specify <code>AUTO</code> or <code>MANUAL</code>. In <code>AUTO</code> mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is <code>COMPLIANT</code>. If the association execution doesn't run successfully, the association is <code>NON-COMPLIANT</code>.</p> <p>In <code>MANUAL</code> mode, you must specify the <code>AssociationId</code> as a parameter for the <a>PutComplianceItems</a> API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the <a>PutComplianceItems</a> API action.</p> <p>By default, all associations use <code>AUTO</code> mode.</p>"
},
"ApplyOnlyAtCronInterval":{
"shape":"ApplyOnlyAtCronInterval",
"documentation":"<p>By default, when you update an association, the system runs it immediately after it is updated and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you update it.</p> <p>Also, if you specified this option when you created the association, you can reset it. To do so, specify the <code>no-apply-only-at-cron-interval</code> parameter when you update the association from the command line. This parameter forces the association to run immediately after updating it and according to the interval specified.</p>"
}
}
},

357
botocore/data/storagegateway/2013-06-30/service-2.json
View file

@ -24,7 +24,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Activates the gateway you previously deployed on your host. In the activation process, you specify information such as the AWS Region that you want to use for storing snapshots or tapes, the time zone for scheduled snapshots the gateway snapshot schedule window, an activation key, and a name for your gateway. The activation process also associates your gateway with your account; for more information, see <a>UpdateGatewayInformation</a>.</p> <note> <p>You must turn on the gateway VM before you can activate your gateway.</p> </note>"
"documentation":"<p>Activates the gateway you previously deployed on your host. In the activation process, you specify information such as the AWS Region that you want to use for storing snapshots or tapes, the time zone for scheduled snapshots the gateway snapshot schedule window, an activation key, and a name for your gateway. The activation process also associates your gateway with your account. For more information, see <a>UpdateGatewayInformation</a>.</p> <note> <p>You must turn on the gateway VM before you can activate your gateway.</p> </note>"
},
"AddCache":{
"name":"AddCache",
@ -38,7 +38,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Configures one or more gateway local disks as cache for a gateway. This operation is only supported in the cached volume, tape and file gateway type (see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html\">Storage Gateway Concepts</a>).</p> <p>In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add cache, and one or more disk IDs that you want to configure as cache.</p>"
"documentation":"<p>Configures one or more gateway local disks as cache for a gateway. This operation is only supported in the cached volume, tape, and file gateway type (see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html\">How AWS Storage Gateway works (architecture)</a>.</p> <p>In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add cache, and one or more disk IDs that you want to configure as cache.</p>"
},
"AddTagsToResource":{
"name":"AddTagsToResource",
@ -94,7 +94,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Assigns a tape to a tape pool for archiving. The tape assigned to a pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the S3 storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>Assigns a tape to a tape pool for archiving. The tape assigned to a pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the S3 storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
},
"AttachVolume":{
"name":"AttachVolume",
@ -150,7 +150,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Creates a cached volume on a specified cached volume gateway. This operation is only supported in the cached volume gateway type.</p> <note> <p>Cache storage must be allocated to the gateway before you can create a cached volume. Use the <a>AddCache</a> operation to add cache storage to a gateway. </p> </note> <p>In the request, you must specify the gateway, size of the volume in bytes, the iSCSI target name, an IP address on which to expose the target, and a unique client token. In response, the gateway creates the volume and returns information about it. This information includes the volume Amazon Resource Name (ARN), its size, and the iSCSI target ARN that initiators can use to connect to the volume target.</p> <p>Optionally, you can provide the ARN for an existing volume as the <code>SourceVolumeARN</code> for this cached volume, which creates an exact copy of the existing volumes latest recovery point. The <code>VolumeSizeInBytes</code> value must be equal to or larger than the size of the copied volume, in bytes.</p>"
"documentation":"<p>Creates a cached volume on a specified cached volume gateway. This operation is only supported in the cached volume gateway type.</p> <note> <p>Cache storage must be allocated to the gateway before you can create a cached volume. Use the <a>AddCache</a> operation to add cache storage to a gateway.</p> </note> <p>In the request, you must specify the gateway, size of the volume in bytes, the iSCSI target name, an IP address on which to expose the target, and a unique client token. In response, the gateway creates the volume and returns information about it. This information includes the volume Amazon Resource Name (ARN), its size, and the iSCSI target ARN that initiators can use to connect to the volume target.</p> <p>Optionally, you can provide the ARN for an existing volume as the <code>SourceVolumeARN</code> for this cached volume, which creates an exact copy of the existing volumes latest recovery point. The <code>VolumeSizeInBytes</code> value must be equal to or larger than the size of the copied volume, in bytes.</p>"
},
"CreateNFSFileShare":{
"name":"CreateNFSFileShare",
@ -164,7 +164,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Creates a Network File System (NFS) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an NFS interface. This operation is only supported for file gateways.</p> <important> <p>File gateway requires AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in the AWS Region, activate it. For information about how to activate AWS STS, see Activating and Deactivating AWS STS in an AWS Region in the AWS Identity and Access Management User Guide. </p> <p>File gateway does not support creating hard or symbolic links on a file share.</p> </important>"
"documentation":"<p>Creates a Network File System (NFS) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an NFS interface. This operation is only supported for file gateways.</p> <important> <p>File gateway requires AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in the AWS Region, activate it. For information about how to activate AWS STS, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\">Activating and deactivating AWS STS in an AWS Region</a> in the <i>AWS Identity and Access Management User Guide</i>.</p> <p>File gateway does not support creating hard or symbolic links on a file share.</p> </important>"
},
"CreateSMBFileShare":{
"name":"CreateSMBFileShare",
@ -178,7 +178,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Creates a Server Message Block (SMB) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway expose file shares using an SMB interface. This operation is only supported for file gateways.</p> <important> <p>File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\">Activating and Deactivating AWS STS in an AWS Region</a> in the <i>AWS Identity and Access Management User Guide.</i> </p> <p>File gateways don't support creating hard or symbolic links on a file share.</p> </important>"
"documentation":"<p>Creates a Server Message Block (SMB) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway expose file shares using an SMB interface. This operation is only supported for file gateways.</p> <important> <p>File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\">Activating and deactivating AWS STS in an AWS Region</a> in the <i>AWS Identity and Access Management User Guide</i>.</p> <p>File gateways don't support creating hard or symbolic links on a file share.</p> </important>"
},
"CreateSnapshot":{
"name":"CreateSnapshot",
@ -193,7 +193,7 @@
{"shape":"InternalServerError"},
{"shape":"ServiceUnavailableError"}
],
"documentation":"<p>Initiates a snapshot of a volume.</p> <p>AWS Storage Gateway provides the ability to back up point-in-time snapshots of your data to Amazon Simple Storage Service (Amazon S3) for durable off-site recovery, as well as import the data to an Amazon Elastic Block Store (EBS) volume in Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gateway volume on a scheduled or ad hoc basis. This API enables you to take an ad hoc snapshot. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-volumes.html#SchedulingSnapshot\">Editing a Snapshot Schedule</a>.</p> <p>In the CreateSnapshot request you identify the volume by providing its Amazon Resource Name (ARN). You must also provide description for the snapshot. When AWS Storage Gateway takes the snapshot of specified volume, the snapshot and description appears in the AWS Storage Gateway Console. In response, AWS Storage Gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot. This operation is only supported in stored and cached volume gateway type.</p> <note> <p>To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Operations.html\">EC2 API reference</a>.</p> </note> <important> <p>Volume and snapshot IDs are changing to a longer length ID format. For more information, see the important note on the <a href=\"https://docs.aws.amazon.com/storagegateway/latest/APIReference/Welcome.html\">Welcome</a> page.</p> </important>"
"documentation":"<p>Initiates a snapshot of a volume.</p> <p>AWS Storage Gateway provides the ability to back up point-in-time snapshots of your data to Amazon Simple Storage (Amazon S3) for durable off-site recovery, as well as import the data to an Amazon Elastic Block Store (EBS) volume in Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gateway volume on a scheduled or ad hoc basis. This API enables you to take ad-hoc snapshot. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-volumes.html#SchedulingSnapshot\">Editing a snapshot schedule</a>.</p> <p>In the CreateSnapshot request you identify the volume by providing its Amazon Resource Name (ARN). You must also provide description for the snapshot. When AWS Storage Gateway takes the snapshot of specified volume, the snapshot and description appears in the AWS Storage Gateway Console. In response, AWS Storage Gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot. This operation is only supported in stored and cached volume gateway type.</p> <note> <p>To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSnapshots.html\">DescribeSnapshots</a> or <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteSnapshot.html\">DeleteSnapshot</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p> </note> <important> <p>Volume and snapshot IDs are changing to a longer length ID format. For more information, see the important note on the <a href=\"https://docs.aws.amazon.com/storagegateway/latest/APIReference/Welcome.html\">Welcome</a> page.</p> </important>"
},
"CreateSnapshotFromVolumeRecoveryPoint":{
"name":"CreateSnapshotFromVolumeRecoveryPoint",
@ -208,7 +208,7 @@
{"shape":"InternalServerError"},
{"shape":"ServiceUnavailableError"}
],
"documentation":"<p>Initiates a snapshot of a gateway from a volume recovery point. This operation is only supported in the cached volume gateway type.</p> <p>A volume recovery point is a point in time at which all data of the volume is consistent and from which you can create a snapshot. To get a list of volume recovery point for cached volume gateway, use <a>ListVolumeRecoveryPoints</a>.</p> <p>In the <code>CreateSnapshotFromVolumeRecoveryPoint</code> request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide a description for the snapshot. When the gateway takes a snapshot of the specified volume, the snapshot and its description appear in the AWS Storage Gateway console. In response, the gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot.</p> <note> <p>To list or delete a snapshot, you must use the Amazon EC2 API. For more information, in <i>Amazon Elastic Compute Cloud API Reference</i>.</p> </note>"
"documentation":"<p>Initiates a snapshot of a gateway from a volume recovery point. This operation is only supported in the cached volume gateway type.</p> <p>A volume recovery point is a point in time at which all data of the volume is consistent and from which you can create a snapshot. To get a list of volume recovery point for cached volume gateway, use <a>ListVolumeRecoveryPoints</a>.</p> <p>In the <code>CreateSnapshotFromVolumeRecoveryPoint</code> request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide a description for the snapshot. When the gateway takes a snapshot of the specified volume, the snapshot and its description appear in the AWS Storage Gateway console. In response, the gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot.</p> <note> <p>To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSnapshots.html\">DescribeSnapshots</a> or <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteSnapshot.html\">DeleteSnapshot</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p> </note>"
},
"CreateStorediSCSIVolume":{
"name":"CreateStorediSCSIVolume",
@ -236,7 +236,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Creates a virtual tape by using your own barcode. You write data to the virtual tape and then archive the tape. A barcode is unique and cannot be reused if it has already been used on a tape. This applies to barcodes used on deleted tapes. This operation is only supported in the tape gateway type.</p> <note> <p>Cache storage must be allocated to the gateway before you can create a virtual tape. Use the <a>AddCache</a> operation to add cache storage to a gateway.</p> </note>"
"documentation":"<p>Creates a virtual tape by using your own barcode. You write data to the virtual tape and then archive the tape. A barcode is unique and can not be reused if it has already been used on a tape. This applies to barcodes used on deleted tapes. This operation is only supported in the tape gateway type.</p> <note> <p>Cache storage must be allocated to the gateway before you can create a virtual tape. Use the <a>AddCache</a> operation to add cache storage to a gateway.</p> </note>"
},
"CreateTapes":{
"name":"CreateTapes",
@ -250,7 +250,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Creates one or more virtual tapes. You write data to the virtual tapes and then archive the tapes. This operation is only supported in the tape gateway type.</p> <note> <p>Cache storage must be allocated to the gateway before you can create virtual tapes. Use the <a>AddCache</a> operation to add cache storage to a gateway. </p> </note>"
"documentation":"<p>Creates one or more virtual tapes. You write data to the virtual tapes and then archive the tapes. This operation is only supported in the tape gateway type.</p> <note> <p>Cache storage must be allocated to the gateway before you can create virtual tapes. Use the <a>AddCache</a> operation to add cache storage to a gateway.</p> </note>"
},
"DeleteAutomaticTapeCreationPolicy":{
"name":"DeleteAutomaticTapeCreationPolicy",
@ -264,7 +264,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Deletes the automatic tape creation policy of a gateway. If you delete this policy, new virtual tapes must be created manually. Use the Amazon Resource Name (ARN) of the gateway in your request to remove the policy. </p>"
"documentation":"<p>Deletes the automatic tape creation policy of a gateway. If you delete this policy, new virtual tapes must be created manually. Use the Amazon Resource Name (ARN) of the gateway in your request to remove the policy.</p>"
},
"DeleteBandwidthRateLimit":{
"name":"DeleteBandwidthRateLimit",
@ -320,7 +320,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Deletes a gateway. To specify which gateway to delete, use the Amazon Resource Name (ARN) of the gateway in your request. The operation deletes the gateway; however, it does not delete the gateway virtual machine (VM) from your host computer.</p> <p>After you delete a gateway, you cannot reactivate it. Completed snapshots of the gateway volumes are not deleted upon deleting the gateway, however, pending snapshots will not complete. After you delete a gateway, your next step is to remove it from your environment.</p> <important> <p>You no longer pay software charges after the gateway is deleted; however, your existing Amazon EBS snapshots persist and you will continue to be billed for these snapshots. You can choose to remove all remaining Amazon EBS snapshots by canceling your Amazon EC2 subscription.  If you prefer not to cancel your Amazon EC2 subscription, you can delete your snapshots using the Amazon EC2 console. For more information, see the <a href=\"http://aws.amazon.com/storagegateway\"> AWS Storage Gateway Detail Page</a>. </p> </important>"
"documentation":"<p>Deletes a gateway. To specify which gateway to delete, use the Amazon Resource Name (ARN) of the gateway in your request. The operation deletes the gateway; however, it does not delete the gateway virtual machine (VM) from your host computer.</p> <p>After you delete a gateway, you cannot reactivate it. Completed snapshots of the gateway volumes are not deleted upon deleting the gateway, however, pending snapshots will not complete. After you delete a gateway, your next step is to remove it from your environment.</p> <important> <p>You no longer pay software charges after the gateway is deleted; however, your existing Amazon EBS snapshots persist and you will continue to be billed for these snapshots. You can choose to remove all remaining Amazon EBS snapshots by canceling your Amazon EC2 subscription.  If you prefer not to cancel your Amazon EC2 subscription, you can delete your snapshots using the Amazon EC2 console. For more information, see the <a href=\"http://aws.amazon.com/storagegateway\">AWS Storage Gateway detail page</a>.</p> </important>"
},
"DeleteSnapshotSchedule":{
"name":"DeleteSnapshotSchedule",
@ -334,7 +334,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Deletes a snapshot of a volume.</p> <p>You can take snapshots of your gateway volumes on a scheduled or ad hoc basis. This API action enables you to delete a snapshot schedule for a volume. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/WorkingWithSnapshots.html\">Working with Snapshots</a>. In the <code>DeleteSnapshotSchedule</code> request, you identify the volume by providing its Amazon Resource Name (ARN). This operation is only supported in stored and cached volume gateway types.</p> <note> <p>To list or delete a snapshot, you must use the Amazon EC2 API. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p> </note>"
"documentation":"<p>Deletes a snapshot of a volume.</p> <p>You can take snapshots of your gateway volumes on a scheduled or ad hoc basis. This API action enables you to delete a snapshot schedule for a volume. For more information, see <a href=\"https://docs.aws.amazon.com/storagegatewaylatest/userguide/backing-up-volumes.html\">Backing up your volumes</a>. In the <code>DeleteSnapshotSchedule</code> request, you identify the volume by providing its Amazon Resource Name (ARN). This operation is only supported in stored and cached volume gateway types.</p> <note> <p>To list or delete a snapshot, you must use the Amazon EC2 API. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p> </note>"
},
"DeleteTape":{
"name":"DeleteTape",
@ -376,7 +376,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Deletes the specified storage volume that you previously created using the <a>CreateCachediSCSIVolume</a> or <a>CreateStorediSCSIVolume</a> API. This operation is only supported in the cached volume and stored volume types. For stored volume gateways, the local disk that was configured as the storage volume is not deleted. You can reuse the local disk to create another storage volume. </p> <p>Before you delete a volume, make sure there are no iSCSI connections to the volume you are deleting. You should also make sure there is no snapshot in progress. You can use the Amazon Elastic Compute Cloud (Amazon EC2) API to query snapshots on the volume you are deleting and check the snapshot status. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p> <p>In the request, you must provide the Amazon Resource Name (ARN) of the storage volume you want to delete.</p>"
"documentation":"<p>Deletes the specified storage volume that you previously created using the <a>CreateCachediSCSIVolume</a> or <a>CreateStorediSCSIVolume</a> API. This operation is only supported in the cached volume and stored volume types. For stored volume gateways, the local disk that was configured as the storage volume is not deleted. You can reuse the local disk to create another storage volume.</p> <p>Before you delete a volume, make sure there are no iSCSI connections to the volume you are deleting. You should also make sure there is no snapshot in progress. You can use the Amazon Elastic Compute Cloud (Amazon EC2) API to query snapshots on the volume you are deleting and check the snapshot status. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p> <p>In the request, you must provide the Amazon Resource Name (ARN) of the storage volume you want to delete.</p>"
},
"DescribeAvailabilityMonitorTest":{
"name":"DescribeAvailabilityMonitorTest",
@ -404,7 +404,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Returns the bandwidth rate limits of a gateway. By default, these limits are not set, which means no bandwidth rate limiting is in effect. This operation is supported for the stored volume, cached volume and tape gateway types.'</p> <p>This operation only returns a value for a bandwidth rate limit only if the limit is set. If no limits are set for the gateway, then this operation returns only the gateway ARN in the response body. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
"documentation":"<p>Returns the bandwidth rate limits of a gateway. By default, these limits are not set, which means no bandwidth rate limiting is in effect. This operation is supported for the stored volume, cached volume and tape gateway types.</p> <p>This operation only returns a value for a bandwidth rate limit only if the limit is set. If no limits are set for the gateway, then this operation returns only the gateway ARN in the response body. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
},
"DescribeCache":{
"name":"DescribeCache",
@ -544,7 +544,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Returns the description of the gateway volumes specified in the request. The list of gateway volumes in the request must be from one gateway. In the response AWS Storage Gateway returns volume information sorted by volume ARNs. This operation is only supported in stored volume gateway type.</p>"
"documentation":"<p>Returns the description of the gateway volumes specified in the request. The list of gateway volumes in the request must be from one gateway. In the response, AWS Storage Gateway returns volume information sorted by volume ARNs. This operation is only supported in stored volume gateway type.</p>"
},
"DescribeTapeArchives":{
"name":"DescribeTapeArchives",
@ -600,7 +600,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Returns information about the upload buffer of a gateway. This operation is supported for the stored volume, cached volume and tape gateway types.</p> <p>The response includes disk IDs that are configured as upload buffer space, and it includes the amount of upload buffer space allocated and used.</p>"
"documentation":"<p>Returns information about the upload buffer of a gateway. This operation is supported for the stored volume, cached volume, and tape gateway types.</p> <p>The response includes disk IDs that are configured as upload buffer space, and it includes the amount of upload buffer space allocated and used.</p>"
},
"DescribeVTLDevices":{
"name":"DescribeVTLDevices",
@ -684,7 +684,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Lists the automatic tape creation policies for a gateway. If there are no automatic tape creation policies for the gateway, it returns an empty list. </p> <p>This operation is only supported for tape gateways.</p>"
"documentation":"<p>Lists the automatic tape creation policies for a gateway. If there are no automatic tape creation policies for the gateway, it returns an empty list.</p> <p>This operation is only supported for tape gateways.</p>"
},
"ListFileShares":{
"name":"ListFileShares",
@ -810,7 +810,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Sends you notification through CloudWatch Events when all files written to your file share have been uploaded to Amazon S3.</p> <p>AWS Storage Gateway can send a notification through Amazon CloudWatch Events when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through an Amazon CloudWatch Event. You can configure CloudWatch Events to send the notification through event targets such as Amazon SNS or AWS Lambda function. This operation is only supported for file gateways.</p> <p>For more information, see Getting File Upload Notification in the Storage Gateway User Guide (https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-upload-notification). </p>"
"documentation":"<p>Sends you notification through CloudWatch Events when all files written to your file share have been uploaded to Amazon S3.</p> <p>AWS Storage Gateway can send a notification through Amazon CloudWatch Events when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through an Amazon CloudWatch Event. You can configure CloudWatch Events to send the notification through event targets such as Amazon SNS or AWS Lambda function. This operation is only supported for file gateways.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-upload-notification\">Getting file upload notification</a> in the <i>AWS Storage Gateway User Guide</i>.</p>"
},
"RefreshCache":{
"name":"RefreshCache",
@ -824,7 +824,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Refreshes the cache for the specified file share. This operation finds objects in the Amazon S3 bucket that were added, removed or replaced since the gateway last listed the bucket's contents and cached the results. This operation is only supported in the file gateway type. You can subscribe to be notified through an Amazon CloudWatch event when your RefreshCache operation completes. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification\">Getting Notified About File Operations</a>.</p> <p>When this API is called, it only initiates the refresh operation. When the API call completes and returns a success code, it doesn't necessarily mean that the file refresh has completed. You should use the refresh-complete notification to determine that the operation has completed before you check for new files on the gateway file share. You can subscribe to be notified through an CloudWatch event when your <code>RefreshCache</code> operation completes. </p> <p>Throttle limit: This API is asynchronous so the gateway will accept no more than two refreshes at any time. We recommend using the refresh-complete CloudWatch event notification before issuing additional requests. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification\">Getting Notified About File Operations</a>.</p> <p>If you invoke the RefreshCache API when two requests are already being processed, any new request will cause an <code>InvalidGatewayRequestException</code> error because too many requests were sent to the server.</p> <p>For more information, see \"https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification\".</p>"
"documentation":"<p>Refreshes the cache for the specified file share. This operation finds objects in the Amazon S3 bucket that were added, removed or replaced since the gateway last listed the bucket's contents and cached the results. This operation is only supported in the file gateway type. You can subscribe to be notified through an Amazon CloudWatch event when your RefreshCache operation completes. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification\">Getting notified about file operations</a> in the <i>AWS Storage Gateway User Guide</i>.</p> <p>When this API is called, it only initiates the refresh operation. When the API call completes and returns a success code, it doesn't necessarily mean that the file refresh has completed. You should use the refresh-complete notification to determine that the operation has completed before you check for new files on the gateway file share. You can subscribe to be notified through an CloudWatch event when your <code>RefreshCache</code> operation completes.</p> <p>Throttle limit: This API is asynchronous so the gateway will accept no more than two refreshes at any time. We recommend using the refresh-complete CloudWatch event notification before issuing additional requests. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification\">Getting notified about file operations</a> in the <i>AWS Storage Gateway User Guide</i>.</p> <p>If you invoke the RefreshCache API when two requests are already being processed, any new request will cause an <code>InvalidGatewayRequestException</code> error because too many requests were sent to the server.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification\">Getting notified about file operations</a> in the <i>AWS Storage Gateway User Guide</i>.</p>"
},
"RemoveTagsFromResource":{
"name":"RemoveTagsFromResource",
@ -922,7 +922,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Shuts down a gateway. To specify which gateway to shut down, use the Amazon Resource Name (ARN) of the gateway in the body of your request.</p> <p>The operation shuts down the gateway service component running in the gateway's virtual machine (VM) and not the host VM.</p> <note> <p>If you want to shut down the VM, it is recommended that you first shut down the gateway component in the VM to avoid unpredictable conditions.</p> </note> <p>After the gateway is shutdown, you cannot call any other API except <a>StartGateway</a>, <a>DescribeGatewayInformation</a> and <a>ListGateways</a>. For more information, see <a>ActivateGateway</a>. Your applications cannot read from or write to the gateway's storage volumes, and there are no snapshots taken.</p> <note> <p>When you make a shutdown request, you will get a <code>200 OK</code> success response immediately. However, it might take some time for the gateway to shut down. You can call the <a>DescribeGatewayInformation</a> API to check the status. For more information, see <a>ActivateGateway</a>.</p> </note> <p>If do not intend to use the gateway again, you must delete the gateway (using <a>DeleteGateway</a>) to no longer pay software charges associated with the gateway.</p>"
"documentation":"<p>Shuts down a gateway. To specify which gateway to shut down, use the Amazon Resource Name (ARN) of the gateway in the body of your request.</p> <p>The operation shuts down the gateway service component running in the gateway's virtual machine (VM) and not the host VM.</p> <note> <p>If you want to shut down the VM, it is recommended that you first shut down the gateway component in the VM to avoid unpredictable conditions.</p> </note> <p>After the gateway is shutdown, you cannot call any other API except <a>StartGateway</a>, <a>DescribeGatewayInformation</a>, and <a>ListGateways</a>. For more information, see <a>ActivateGateway</a>. Your applications cannot read from or write to the gateway's storage volumes, and there are no snapshots taken.</p> <note> <p>When you make a shutdown request, you will get a <code>200 OK</code> success response immediately. However, it might take some time for the gateway to shut down. You can call the <a>DescribeGatewayInformation</a> API to check the status. For more information, see <a>ActivateGateway</a>.</p> </note> <p>If do not intend to use the gateway again, you must delete the gateway (using <a>DeleteGateway</a>) to no longer pay software charges associated with the gateway.</p>"
},
"StartAvailabilityMonitorTest":{
"name":"StartAvailabilityMonitorTest",
@ -936,7 +936,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Start a test that verifies that the specified gateway is configured for High Availability monitoring in your host environment. This request only initiates the test and that a successful response only indicates that the test was started. It doesn't indicate that the test passed. For the status of the test, invoke the <code>DescribeAvailabilityMonitorTest</code> API. </p> <note> <p>Starting this test will cause your gateway to go offline for a brief period.</p> </note>"
"documentation":"<p>Start a test that verifies that the specified gateway is configured for High Availability monitoring in your host environment. This request only initiates the test and that a successful response only indicates that the test was started. It doesn't indicate that the test passed. For the status of the test, invoke the <code>DescribeAvailabilityMonitorTest</code> API.</p> <note> <p>Starting this test will cause your gateway to go offline for a brief period.</p> </note>"
},
"StartGateway":{
"name":"StartGateway",
@ -978,7 +978,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Updates the bandwidth rate limits of a gateway. You can update both the upload and download bandwidth rate limit or specify only one of the two. If you don't set a bandwidth rate limit, the existing rate limit remains. This operation is supported for the stored volume, cached volume and tape gateway types.'</p> <p>By default, a gateway's bandwidth rate limits are not set. If you don't set any limit, the gateway does not have any limitations on its bandwidth usage and could potentially use the maximum available bandwidth.</p> <p>To specify which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
"documentation":"<p>Updates the bandwidth rate limits of a gateway. You can update both the upload and download bandwidth rate limit or specify only one of the two. If you don't set a bandwidth rate limit, the existing rate limit remains. This operation is supported for the stored volume, cached volume, and tape gateway types.</p> <p>By default, a gateway's bandwidth rate limits are not set. If you don't set any limit, the gateway does not have any limitations on its bandwidth usage and could potentially use the maximum available bandwidth.</p> <p>To specify which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
},
"UpdateChapCredentials":{
"name":"UpdateChapCredentials",
@ -1020,7 +1020,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Updates the gateway virtual machine (VM) software. The request immediately triggers the software update.</p> <note> <p>When you make this request, you get a <code>200 OK</code> success response immediately. However, it might take some time for the update to complete. You can call <a>DescribeGatewayInformation</a> to verify the gateway is in the <code>STATE_RUNNING</code> state.</p> </note> <important> <p>A software update forces a system restart of your gateway. You can minimize the chance of any disruption to your applications by increasing your iSCSI Initiators' timeouts. For more information about increasing iSCSI Initiator timeouts for Windows and Linux, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/ConfiguringiSCSIClientInitiatorWindowsClient.html#CustomizeWindowsiSCSISettings\">Customizing Your Windows iSCSI Settings</a> and <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/ConfiguringiSCSIClientInitiatorRedHatClient.html#CustomizeLinuxiSCSISettings\">Customizing Your Linux iSCSI Settings</a>, respectively.</p> </important>"
"documentation":"<p>Updates the gateway virtual machine (VM) software. The request immediately triggers the software update.</p> <note> <p>When you make this request, you get a <code>200 OK</code> success response immediately. However, it might take some time for the update to complete. You can call <a>DescribeGatewayInformation</a> to verify the gateway is in the <code>STATE_RUNNING</code> state.</p> </note> <important> <p>A software update forces a system restart of your gateway. You can minimize the chance of any disruption to your applications by increasing your iSCSI Initiators' timeouts. For more information about increasing iSCSI Initiator timeouts for Windows and Linux, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/ConfiguringiSCSIClientInitiatorWindowsClient.html#CustomizeWindowsiSCSISettings\">Customizing your Windows iSCSI settings</a> and <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/ConfiguringiSCSIClientInitiatorRedHatClient.html#CustomizeLinuxiSCSISettings\">Customizing your Linux iSCSI settings</a>, respectively.</p> </important>"
},
"UpdateMaintenanceStartTime":{
"name":"UpdateMaintenanceStartTime",
@ -1062,7 +1062,7 @@
{"shape":"InvalidGatewayRequestException"},
{"shape":"InternalServerError"}
],
"documentation":"<p>Updates a Server Message Block (SMB) file share.</p> <note> <p>To leave a file share field unchanged, set the corresponding input field to null. This operation is only supported for file gateways.</p> </note> <important> <p>File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\">Activating and Deactivating AWS STS in an AWS Region</a> in the <i>AWS Identity and Access Management User Guide.</i> </p> <p>File gateways don't support creating hard or symbolic links on a file share.</p> </important>"
"documentation":"<p>Updates a Server Message Block (SMB) file share.</p> <note> <p>To leave a file share field unchanged, set the corresponding input field to null. This operation is only supported for file gateways.</p> </note> <important> <p>File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\">Activating and deactivating AWS STS in an AWS Region</a> in the <i>AWS Identity and Access Management User Guide</i>.</p> <p>File gateways don't support creating hard or symbolic links on a file share.</p> </important>"
},
"UpdateSMBSecurityStrategy":{
"name":"UpdateSMBSecurityStrategy",
@ -1119,7 +1119,7 @@
"members":{
"ActivationKey":{
"shape":"ActivationKey",
"documentation":"<p>Your gateway activation key. You can obtain the activation key by sending an HTTP GET request with redirects enabled to the gateway IP address (port 80). The redirect URL returned in the response provides you the activation key for your gateway in the query string parameter <code>activationKey</code>. It may also include other activation-related parameters, however, these are merely defaults -- the arguments you pass to the <code>ActivateGateway</code> API call determine the actual configuration of your gateway. </p> <p>For more information, see https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html in the Storage Gateway User Guide.</p>"
"documentation":"<p>Your gateway activation key. You can obtain the activation key by sending an HTTP GET request with redirects enabled to the gateway IP address (port 80). The redirect URL returned in the response provides you the activation key for your gateway in the query string parameter <code>activationKey</code>. It may also include other activation-related parameters, however, these are merely defaults -- the arguments you pass to the <code>ActivateGateway</code> API call determine the actual configuration of your gateway.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html\">Getting activation key</a> in the <i>AWS Storage Gateway User Guide</i>.</p>"
},
"GatewayName":{
"shape":"GatewayName",
@ -1131,26 +1131,26 @@
},
"GatewayRegion":{
"shape":"RegionId",
"documentation":"<p>A value that indicates the AWS Region where you want to store your data. The gateway AWS Region specified must be the same AWS Region as the AWS Region in your <code>Host</code> header in the request. For more information about available AWS Regions and endpoints for AWS Storage Gateway, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#sg_region\">Regions and Endpoints</a> in the <i>Amazon Web Services Glossary</i>.</p> <p> Valid Values: See <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#sg_region\">AWS Storage Gateway Regions and Endpoints</a> in the AWS General Reference. </p>"
"documentation":"<p>A value that indicates the AWS Region where you want to store your data. The gateway AWS Region specified must be the same AWS Region as the AWS Region in your <code>Host</code> header in the request. For more information about available AWS Regions and endpoints for AWS Storage Gateway, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/sg.html\">AWS Storage Gateway endpoints and quotas</a> in the <i>AWS General Reference</i>.</p> <p>Valid Values: See <a href=\"https://docs.aws.amazon.com/general/latest/gr/sg.html\">AWS Storage Gateway endpoints and quotas</a> in the <i>AWS General Reference</i>. </p>"
},
"GatewayType":{
"shape":"GatewayType",
"documentation":"<p>A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is <code>CACHED</code>. </p> <p> Valid Values: \"STORED\", \"CACHED\", \"VTL\", \"FILE_S3\"</p>"
"documentation":"<p>A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is <code>CACHED</code>.</p> <p>Valid Values: <code>STORED</code> | <code>CACHED</code> | <code>VTL</code> | <code>FILE_S3</code> </p>"
},
"TapeDriveType":{
"shape":"TapeDriveType",
"documentation":"<p>The value that indicates the type of tape drive to use for tape gateway. This field is optional.</p> <p> Valid Values: \"IBM-ULT3580-TD5\" </p>"
"documentation":"<p>The value that indicates the type of tape drive to use for tape gateway. This field is optional.</p> <p>Valid Values: <code>IBM-ULT3580-TD5</code> </p>"
},
"MediumChangerType":{
"shape":"MediumChangerType",
"documentation":"<p>The value that indicates the type of medium changer to use for tape gateway. This field is optional.</p> <p> Valid Values: \"STK-L700\", \"AWS-Gateway-VTL\"</p>"
"documentation":"<p>The value that indicates the type of medium changer to use for tape gateway. This field is optional.</p> <p>Valid Values: <code>STK-L700</code> | <code>AWS-Gateway-VTL</code> </p>"
},
"Tags":{
"shape":"Tags",
"documentation":"<p>A list of up to 50 tags that you can assign to the gateway. Each tag is a key-value pair.</p> <note> <p>Valid characters for key and value are letters, spaces, and numbers that can be represented in UTF-8 format, and the following special characters: + - = . _ : / @. The maximum length of a tag's key is 128 characters, and the maximum length for a tag's value is 256 characters.</p> </note>"
}
},
"documentation":"<p>A JSON object containing one or more of the following fields:</p> <ul> <li> <p> <a>ActivateGatewayInput$ActivationKey</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayName</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayRegion</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayTimezone</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayType</a> </p> </li> <li> <p> <a>ActivateGatewayInput$TapeDriveType</a> </p> </li> <li> <p> <a>ActivateGatewayInput$MediumChangerType</a> </p> </li> </ul>"
"documentation":"<p>A JSON object containing one or more of the following fields:</p> <ul> <li> <p> <a>ActivateGatewayInput$ActivationKey</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayName</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayRegion</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayTimezone</a> </p> </li> <li> <p> <a>ActivateGatewayInput$GatewayType</a> </p> </li> <li> <p> <a>ActivateGatewayInput$MediumChangerType</a> </p> </li> <li> <p> <a>ActivateGatewayInput$TapeDriveType</a> </p> </li> </ul>"
},
"ActivateGatewayOutput":{
"type":"structure",
@ -1279,7 +1279,7 @@
},
"PoolId":{
"shape":"PoolId",
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
}
}
},
@ -1314,7 +1314,7 @@
},
"NetworkInterfaceId":{
"shape":"NetworkInterfaceId",
"documentation":"<p>The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use <a>DescribeGatewayInformation</a> to get a list of the network interfaces available on a gateway.</p> <p> Valid Values: A valid IP address.</p>"
"documentation":"<p>The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use <a>DescribeGatewayInformation</a> to get a list of the network interfaces available on a gateway.</p> <p>Valid Values: A valid IP address.</p>"
},
"DiskId":{
"shape":"DiskId",
@ -1343,7 +1343,7 @@
},
"Authentication":{
"type":"string",
"documentation":"<p>The authentication method of the file share.</p> <p>Valid values are <code>ActiveDirectory</code> or <code>GuestAccess</code>. The default is <code>ActiveDirectory</code>.</p>",
"documentation":"<p>The authentication method of the file share. The default is <code>ActiveDirectory</code>.</p> <p>Valid Values: <code>ActiveDirectory</code> | <code>GuestAccess</code> </p>",
"max":15,
"min":5
},
@ -1377,7 +1377,7 @@
},
"PoolId":{
"shape":"PoolId",
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the Amazon S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the Amazon S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
},
"TapeSizeInBytes":{
"shape":"TapeSize",
@ -1439,7 +1439,7 @@
},
"VolumeAttachmentStatus":{
"shape":"VolumeAttachmentStatus",
"documentation":"<p>A value that indicates whether a storage volume is attached to or detached from a gateway. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-volumes.html#attach-detach-volume\">Moving Your Volumes to a Different Gateway</a>.</p>"
"documentation":"<p>A value that indicates whether a storage volume is attached to or detached from a gateway. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-volumes.html#attach-detach-volume\">Moving your volumes to a different gateway</a>.</p>"
},
"VolumeSizeInBytes":{
"shape":"long",
@ -1536,7 +1536,7 @@
"members":{
"TargetARN":{
"shape":"TargetARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the volume.</p> <p> Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the volume.</p> <p>Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
},
"SecretToAuthenticateInitiator":{
"shape":"ChapSecret",
@ -1585,7 +1585,7 @@
},
"SnapshotId":{
"shape":"SnapshotId",
"documentation":"<p>The snapshot ID (e.g. \"snap-1122aabb\") of the snapshot to restore as the new cached volume. Specify this field if you want to create the iSCSI storage volume from a snapshot otherwise do not include this field. To list snapshots for your account use <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p>"
"documentation":"<p>The snapshot ID (e.g. \"snap-1122aabb\") of the snapshot to restore as the new cached volume. Specify this field if you want to create the iSCSI storage volume from a snapshot; otherwise, do not include this field. To list snapshots for your account use <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p>"
},
"TargetName":{
"shape":"TargetName",
@ -1597,7 +1597,7 @@
},
"NetworkInterfaceId":{
"shape":"NetworkInterfaceId",
"documentation":"<p>The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use <a>DescribeGatewayInformation</a> to get a list of the network interfaces available on a gateway.</p> <p> Valid Values: A valid IP address.</p>"
"documentation":"<p>The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use <a>DescribeGatewayInformation</a> to get a list of the network interfaces available on a gateway.</p> <p>Valid Values: A valid IP address.</p>"
},
"ClientToken":{
"shape":"ClientToken",
@ -1605,11 +1605,11 @@
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.</p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"Tags":{
"shape":"Tags",
@ -1653,47 +1653,47 @@
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.</p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"Role":{
"shape":"Role",
"documentation":"<p>The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage. </p>"
"documentation":"<p>The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.</p>"
},
"LocationARN":{
"shape":"LocationARN",
"documentation":"<p>The ARN of the backed storage used for storing file data. </p>"
"documentation":"<p>The ARN of the backed storage used for storing file data.</p>"
},
"DefaultStorageClass":{
"shape":"StorageClass",
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. Possible values are <code>S3_STANDARD</code>, <code>S3_STANDARD_IA</code>, or <code>S3_ONEZONE_IA</code>. If this field is not populated, the default value <code>S3_STANDARD</code> is used. Optional.</p>"
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is <code>S3_INTELLIGENT_TIERING</code>. Optional.</p> <p>Valid Values: <code>S3_STANDARD</code> | <code>S3_INTELLIGENT_TIERING</code> | <code>S3_STANDARD_IA</code> | <code>S3_ONEZONE_IA</code> </p>"
},
"ObjectACL":{
"shape":"ObjectACL",
"documentation":"<p>A value that sets the access control list permission for objects in the S3 bucket that a file gateway puts objects into. The default value is \"private\".</p>"
"documentation":"<p>A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is <code>private</code>.</p>"
},
"ClientList":{
"shape":"FileShareClientList",
"documentation":"<p>The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks. </p>"
"documentation":"<p>The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.</p>"
},
"Squash":{
"shape":"Squash",
"documentation":"<p>A value that maps a user to anonymous user. Valid options are the following: </p> <ul> <li> <p> <code>RootSquash</code> - Only root is mapped to anonymous user.</p> </li> <li> <p> <code>NoSquash</code> - No one is mapped to anonymous user</p> </li> <li> <p> <code>AllSquash</code> - Everyone is mapped to anonymous user.</p> </li> </ul>"
"documentation":"<p>A value that maps a user to anonymous user.</p> <p>Valid values are the following:</p> <ul> <li> <p> <code>RootSquash</code>: Only root is mapped to anonymous user.</p> </li> <li> <p> <code>NoSquash</code>: No one is mapped to anonymous user.</p> </li> <li> <p> <code>AllSquash</code>: Everyone is mapped to anonymous user.</p> </li> </ul>"
},
"ReadOnly":{
"shape":"Boolean",
"documentation":"<p>A value that sets the write status of a file share. This value is true if the write status is read-only, and otherwise false.</p>"
"documentation":"<p>A value that sets the write status of a file share. Set this value to <code>true</code> to set the write status to read-only, otherwise set to <code>false</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"GuessMIMETypeEnabled":{
"shape":"Boolean",
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, and otherwise to false. The default value is true.</p>"
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to <code>true</code> to enable MIME type guessing, otherwise set to <code>false</code>. The default value is <code>true</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"RequesterPays":{
"shape":"Boolean",
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs. Otherwise the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note>"
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to <code>true</code>, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"Tags":{
"shape":"Tags",
@ -1707,7 +1707,7 @@
"members":{
"FileShareARN":{
"shape":"FileShareARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the newly created file share. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the newly created file share.</p>"
}
},
"documentation":"<p>CreateNFSFileShareOutput</p>"
@ -1731,51 +1731,51 @@
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.</p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"Role":{
"shape":"Role",
"documentation":"<p>The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage. </p>"
"documentation":"<p>The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.</p>"
},
"LocationARN":{
"shape":"LocationARN",
"documentation":"<p>The ARN of the backed storage used for storing file data. </p>"
"documentation":"<p>The ARN of the backed storage used for storing file data.</p>"
},
"DefaultStorageClass":{
"shape":"StorageClass",
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. Possible values are <code>S3_STANDARD</code>, <code>S3_STANDARD_IA</code>, or <code>S3_ONEZONE_IA</code>. If this field is not populated, the default value <code>S3_STANDARD</code> is used. Optional.</p>"
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is <code>S3_INTELLIGENT_TIERING</code>. Optional.</p> <p>Valid Values: <code>S3_STANDARD</code> | <code>S3_INTELLIGENT_TIERING</code> | <code>S3_STANDARD_IA</code> | <code>S3_ONEZONE_IA</code> </p>"
},
"ObjectACL":{
"shape":"ObjectACL",
"documentation":"<p>A value that sets the access control list permission for objects in the S3 bucket that a file gateway puts objects into. The default value is \"private\".</p>"
"documentation":"<p>A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is <code>private</code>.</p>"
},
"ReadOnly":{
"shape":"Boolean",
"documentation":"<p>A value that sets the write status of a file share. This value is true if the write status is read-only, and otherwise false.</p>"
"documentation":"<p>A value that sets the write status of a file share. Set this value to <code>true</code> to set the write status to read-only, otherwise set to <code>false</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"GuessMIMETypeEnabled":{
"shape":"Boolean",
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, and otherwise to false. The default value is true.</p>"
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to <code>true</code> to enable MIME type guessing, otherwise set to <code>false</code>. The default value is <code>true</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"RequesterPays":{
"shape":"Boolean",
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs. Otherwise the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note>"
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to <code>true</code>, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"SMBACLEnabled":{
"shape":"Boolean",
"documentation":"<p>Set this value to \"true to enable ACL (access control list) on the SMB file share. Set it to \"false\" to map file and directory permissions to the POSIX permissions.</p> <p>For more information, see https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html in the Storage Gateway User Guide.</p>"
"documentation":"<p>Set this value to <code>true</code> to enable access control list (ACL) on the SMB file share. Set it to <code>false</code> to map file and directory permissions to the POSIX permissions.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html\">Using Microsoft Windows ACLs to control access to an SMB file share</a> in the <i>AWS Storage Gateway User Guide</i>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"AdminUserList":{
"shape":"FileShareUserList",
"documentation":"<p>A list of users in the Active Directory that will be granted administrator privileges on the file share. These users can do all file operations as the super-user. </p> <important> <p>Use this option very carefully, because any user in this list can do anything they like on the file share, regardless of file permissions.</p> </important>"
"documentation":"<p>A list of users in the Active Directory that will be granted administrator privileges on the file share. These users can do all file operations as the super-user.</p> <important> <p>Use this option very carefully, because any user in this list can do anything they like on the file share, regardless of file permissions.</p> </important>"
},
"ValidUserList":{
"shape":"FileShareUserList",
"documentation":"<p>A list of users or groups in the Active Directory that are allowed to access the file share. A group must be prefixed with the @ character. For example <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
"documentation":"<p>A list of users or groups in the Active Directory that are allowed to access the file share. A group must be prefixed with the @ character. For example, <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
},
"InvalidUserList":{
"shape":"FileShareUserList",
@ -1787,7 +1787,7 @@
},
"Authentication":{
"shape":"Authentication",
"documentation":"<p>The authentication method that users use to access the file share.</p> <p>Valid values are <code>ActiveDirectory</code> or <code>GuestAccess</code>. The default is <code>ActiveDirectory</code>.</p>"
"documentation":"<p>The authentication method that users use to access the file share. The default is <code>ActiveDirectory</code>.</p> <p>Valid Values: <code>ActiveDirectory</code> | <code>GuestAccess</code> </p>"
},
"Tags":{
"shape":"Tags",
@ -1801,7 +1801,7 @@
"members":{
"FileShareARN":{
"shape":"FileShareARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the newly created file share. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the newly created file share.</p>"
}
},
"documentation":"<p>CreateSMBFileShareOutput</p>"
@ -1819,7 +1819,7 @@
},
"SnapshotDescription":{
"shape":"SnapshotDescription",
"documentation":"<p>Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the <b>Description</b> field, and in the AWS Storage Gateway snapshot <b>Details</b> pane, <b>Description</b> field</p>"
"documentation":"<p>Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the <b>Description</b> field, and in the AWS Storage Gateway snapshot <b>Details</b> pane, <b>Description</b> field.</p>"
},
"Tags":{
"shape":"Tags",
@ -1857,7 +1857,7 @@
},
"SnapshotDescription":{
"shape":"SnapshotDescription",
"documentation":"<p>Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the <b>Description</b> field, and in the AWS Storage Gateway snapshot <b>Details</b> pane, <b>Description</b> field</p>"
"documentation":"<p>Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the <b>Description</b> field, and in the AWS Storage Gateway snapshot <b>Details</b> pane, <b>Description</b> field.</p>"
},
"Tags":{
"shape":"Tags",
@ -1897,11 +1897,11 @@
},
"SnapshotId":{
"shape":"SnapshotId",
"documentation":"<p>The snapshot ID (e.g. \"snap-1122aabb\") of the snapshot to restore as the new stored volume. Specify this field if you want to create the iSCSI storage volume from a snapshot otherwise do not include this field. To list snapshots for your account use <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p>"
"documentation":"<p>The snapshot ID (e.g. \"snap-1122aabb\") of the snapshot to restore as the new stored volume. Specify this field if you want to create the iSCSI storage volume from a snapshot; otherwise, do not include this field. To list snapshots for your account use <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeSnapshots.html\">DescribeSnapshots</a> in the <i>Amazon Elastic Compute Cloud API Reference</i>.</p>"
},
"PreserveExistingData":{
"shape":"boolean",
"documentation":"<p>Specify this field as true if you want to preserve the data on the local disk. Otherwise, specifying this field as false creates an empty volume.</p> <p> Valid Values: true, false</p>"
"documentation":"<p>Set to true <code>true</code> if you want to preserve the data on the local disk. Otherwise, set to <code>false</code> to create an empty volume.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"TargetName":{
"shape":"TargetName",
@ -1909,15 +1909,15 @@
},
"NetworkInterfaceId":{
"shape":"NetworkInterfaceId",
"documentation":"<p>The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use <a>DescribeGatewayInformation</a> to get a list of the network interfaces available on a gateway.</p> <p> Valid Values: A valid IP address.</p>"
"documentation":"<p>The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use <a>DescribeGatewayInformation</a> to get a list of the network interfaces available on a gateway.</p> <p>Valid Values: A valid IP address.</p>"
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.</p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) of the KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"Tags":{
"shape":"Tags",
@ -1966,15 +1966,15 @@
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.</p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"PoolId":{
"shape":"PoolId",
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Deep Archive) that corresponds to the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
},
"Tags":{
"shape":"Tags",
@ -2025,15 +2025,15 @@
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.</p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"PoolId":{
"shape":"PoolId",
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
},
"Tags":{
"shape":"Tags",
@ -2086,7 +2086,7 @@
"GatewayARN":{"shape":"GatewayARN"},
"BandwidthType":{
"shape":"BandwidthType",
"documentation":"<p>One of the BandwidthType values that indicates the gateway bandwidth rate limit to delete.</p> <p>Valid Values: <code>Upload</code>, <code>Download</code>, <code>All</code>.</p>"
"documentation":"<p>One of the BandwidthType values that indicates the gateway bandwidth rate limit to delete.</p> <p>Valid Values: <code>Upload</code> | <code>Download</code> | <code>All</code> </p>"
}
},
"documentation":"<p>A JSON object containing the following fields:</p> <ul> <li> <p> <a>DeleteBandwidthRateLimitInput$BandwidthType</a> </p> </li> </ul>"
@ -2136,11 +2136,11 @@
"members":{
"FileShareARN":{
"shape":"FileShareARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the file share to be deleted. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the file share to be deleted.</p>"
},
"ForceDelete":{
"shape":"boolean",
"documentation":"<p>If this value is set to true, the operation deletes a file share immediately and aborts all data uploads to AWS. Otherwise, the file share is not deleted until all data is uploaded to AWS. This process aborts the data upload process, and the file share enters the FORCE_DELETING status.</p>"
"documentation":"<p>If this value is set to <code>true</code>, the operation deletes a file share immediately and aborts all data uploads to AWS. Otherwise, the file share is not deleted until all data is uploaded to AWS. This process aborts the data upload process, and the file share enters the <code>FORCE_DELETING</code> status.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
}
},
"documentation":"<p>DeleteFileShareInput</p>"
@ -2150,7 +2150,7 @@
"members":{
"FileShareARN":{
"shape":"FileShareARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the deleted file share. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the deleted file share.</p>"
}
},
"documentation":"<p>DeleteFileShareOutput</p>"
@ -2257,7 +2257,7 @@
"documentation":"<p>The Amazon Resource Name (ARN) of the storage volume that was deleted. It is the same ARN you provided in the request.</p>"
}
},
"documentation":"<p>A JSON object containing the Amazon Resource Name (ARN) of the storage volume that was deleted</p>"
"documentation":"<p>A JSON object containing the Amazon Resource Name (ARN) of the storage volume that was deleted.</p>"
},
"DescribeAvailabilityMonitorTestInput":{
"type":"structure",
@ -2379,7 +2379,7 @@
"documentation":"<p>An array of <a>ChapInfo</a> objects that represent CHAP credentials. Each object in the array contains CHAP credential information for one target-initiator pair. If no CHAP credentials are set, an empty array is returned. CHAP credential information is provided in a JSON object with the following fields:</p> <ul> <li> <p> <b>InitiatorName</b>: The iSCSI initiator that connects to the target.</p> </li> <li> <p> <b>SecretToAuthenticateInitiator</b>: The secret key that the initiator (for example, the Windows client) must provide to participate in mutual CHAP with the target.</p> </li> <li> <p> <b>SecretToAuthenticateTarget</b>: The secret key that the target must provide to participate in mutual CHAP with the initiator (e.g. Windows client).</p> </li> <li> <p> <b>TargetARN</b>: The Amazon Resource Name (ARN) of the storage volume.</p> </li> </ul>"
}
},
"documentation":"<p>A JSON object containing a .</p>"
"documentation":"<p>A JSON object containing the following fields:</p>"
},
"DescribeGatewayInformationInput":{
"type":"structure",
@ -2439,7 +2439,7 @@
},
"VPCEndpoint":{
"shape":"string",
"documentation":"<p>The configuration settings for the virtual private cloud (VPC) endpoint for your gateway. </p>"
"documentation":"<p>The configuration settings for the virtual private cloud (VPC) endpoint for your gateway.</p>"
},
"CloudWatchLogGroupARN":{
"shape":"CloudWatchLogGroupARN",
@ -2448,6 +2448,10 @@
"HostEnvironment":{
"shape":"HostEnvironment",
"documentation":"<p>The type of hypervisor environment used by the host.</p>"
},
"EndpointType":{
"shape":"EndpointType",
"documentation":"<p>The type of endpoint for your gateway.</p> <p>Valid Values: <code>STANDARD</code> | <code>FIPS</code> </p>"
}
},
"documentation":"<p>A JSON object containing the following fields:</p>"
@ -2478,7 +2482,7 @@
},
"DayOfMonth":{
"shape":"DayOfMonth",
"documentation":"<p>The day of the month component of the maintenance start time represented as an ordinal number from 1 to 28, where 1 represents the first day of the month and 28 represents the last day of the month.</p> <note> <p>This value is only available for tape and volume gateways.</p> </note>"
"documentation":"<p>The day of the month component of the maintenance start time represented as an ordinal number from 1 to 28, where 1 represents the first day of the month and 28 represents the last day of the month.</p>"
},
"Timezone":{
"shape":"GatewayTimezone",
@ -2493,7 +2497,7 @@
"members":{
"FileShareARNList":{
"shape":"FileShareARNList",
"documentation":"<p>An array containing the Amazon Resource Name (ARN) of each file share to be described. </p>"
"documentation":"<p>An array containing the Amazon Resource Name (ARN) of each file share to be described.</p>"
}
},
"documentation":"<p>DescribeNFSFileSharesInput</p>"
@ -2503,7 +2507,7 @@
"members":{
"NFSFileShareInfoList":{
"shape":"NFSFileShareInfoList",
"documentation":"<p>An array containing a description for each requested file share. </p>"
"documentation":"<p>An array containing a description for each requested file share.</p>"
}
},
"documentation":"<p>DescribeNFSFileSharesOutput</p>"
@ -2514,7 +2518,7 @@
"members":{
"FileShareARNList":{
"shape":"FileShareARNList",
"documentation":"<p>An array containing the Amazon Resource Name (ARN) of each file share to be described. </p>"
"documentation":"<p>An array containing the Amazon Resource Name (ARN) of each file share to be described.</p>"
}
},
"documentation":"<p>DescribeSMBFileSharesInput</p>"
@ -2524,7 +2528,7 @@
"members":{
"SMBFileShareInfoList":{
"shape":"SMBFileShareInfoList",
"documentation":"<p>An array containing a description for each requested file share. </p>"
"documentation":"<p>An array containing a description for each requested file share.</p>"
}
},
"documentation":"<p>DescribeSMBFileSharesOutput</p>"
@ -2546,15 +2550,15 @@
},
"ActiveDirectoryStatus":{
"shape":"ActiveDirectoryStatus",
"documentation":"<p>Indicates the status of a gateway that is a member of the Active Directory domain.</p> <ul> <li> <p>ACCESS_DENIED: Indicates that the <code>JoinDomain</code> operation failed due to an authentication error.</p> </li> <li> <p>DETACHED: Indicates that gateway is not joined to a domain.</p> </li> <li> <p>JOINED: Indicates that the gateway has successfully joined a domain.</p> </li> <li> <p>JOINING: Indicates that a <code>JoinDomain</code> operation is in progress.</p> </li> <li> <p>NETWORK_ERROR: Indicates that <code>JoinDomain</code> operation failed due to a network or connectivity error.</p> </li> <li> <p>TIMEOUT: Indicates that the <code>JoinDomain</code> operation failed because the operation didn't complete within the allotted time.</p> </li> <li> <p>UNKNOWN_ERROR: Indicates that the <code>JoinDomain</code> operation failed due to another type of error.</p> </li> </ul>"
"documentation":"<p>Indicates the status of a gateway that is a member of the Active Directory domain.</p> <ul> <li> <p> <code>ACCESS_DENIED</code>: Indicates that the <code>JoinDomain</code> operation failed due to an authentication error.</p> </li> <li> <p> <code>DETACHED</code>: Indicates that gateway is not joined to a domain.</p> </li> <li> <p> <code>JOINED</code>: Indicates that the gateway has successfully joined a domain.</p> </li> <li> <p> <code>JOINING</code>: Indicates that a <code>JoinDomain</code> operation is in progress.</p> </li> <li> <p> <code>NETWORK_ERROR</code>: Indicates that <code>JoinDomain</code> operation failed due to a network or connectivity error.</p> </li> <li> <p> <code>TIMEOUT</code>: Indicates that the <code>JoinDomain</code> operation failed because the operation didn't complete within the allotted time.</p> </li> <li> <p> <code>UNKNOWN_ERROR</code>: Indicates that the <code>JoinDomain</code> operation failed due to another type of error.</p> </li> </ul>"
},
"SMBGuestPasswordSet":{
"shape":"Boolean",
"documentation":"<p>This value is true if a password for the guest user “smbguest” is set, and otherwise false.</p>"
"documentation":"<p>This value is <code>true</code> if a password for the guest user <code>smbguest</code> is set, otherwise <code>false</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"SMBSecurityStrategy":{
"shape":"SMBSecurityStrategy",
"documentation":"<p>The type of security strategy that was specified for file gateway.</p> <p>ClientSpecified: if you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment. </p> <p>MandatorySigning: if you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer. </p> <p>MandatoryEncryption: if you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer. </p>"
"documentation":"<p>The type of security strategy that was specified for file gateway.</p> <ul> <li> <p> <code>ClientSpecified</code>: If you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment.</p> </li> <li> <p> <code>MandatorySigning</code>: If you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.</p> </li> <li> <p> <code>MandatoryEncryption</code>: If you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.</p> </li> </ul>"
}
}
},
@ -2614,7 +2618,7 @@
"members":{
"StorediSCSIVolumes":{
"shape":"StorediSCSIVolumes",
"documentation":"<p>Describes a single unit of output from <a>DescribeStorediSCSIVolumes</a>. The following fields are returned:</p> <ul> <li> <p> <b>ChapEnabled</b>: Indicates whether mutual CHAP is enabled for the iSCSI target.</p> </li> <li> <p> <b>LunNumber</b>: The logical disk number.</p> </li> <li> <p> <b>NetworkInterfaceId</b>: The network interface ID of the stored volume that initiator use to map the stored volume as an iSCSI target.</p> </li> <li> <p> <b>NetworkInterfacePort</b>: The port used to communicate with iSCSI targets.</p> </li> <li> <p> <b>PreservedExistingData</b>: Indicates if when the stored volume was created, existing data on the underlying local disk was preserved.</p> </li> <li> <p> <b>SourceSnapshotId</b>: If the stored volume was created from a snapshot, this field contains the snapshot ID used, e.g. snap-1122aabb. Otherwise, this field is not included.</p> </li> <li> <p> <b>StorediSCSIVolumes</b>: An array of StorediSCSIVolume objects where each object contains metadata about one stored volume.</p> </li> <li> <p> <b>TargetARN</b>: The Amazon Resource Name (ARN) of the volume target.</p> </li> <li> <p> <b>VolumeARN</b>: The Amazon Resource Name (ARN) of the stored volume.</p> </li> <li> <p> <b>VolumeDiskId</b>: The disk ID of the local disk that was specified in the <a>CreateStorediSCSIVolume</a> operation.</p> </li> <li> <p> <b>VolumeId</b>: The unique identifier of the storage volume, e.g. vol-1122AABB.</p> </li> <li> <p> <b>VolumeiSCSIAttributes</b>: An <a>VolumeiSCSIAttributes</a> object that represents a collection of iSCSI attributes for one stored volume.</p> </li> <li> <p> <b>VolumeProgress</b>: Represents the percentage complete if the volume is restoring or bootstrapping that represents the percent of data transferred. This field does not appear in the response if the stored volume is not restoring or bootstrapping.</p> </li> <li> <p> <b>VolumeSizeInBytes</b>: The size of the volume in bytes.</p> </li> <li> <p> <b>VolumeStatus</b>: One of the <code>VolumeStatus</code> values that indicates the state of the volume.</p> </li> <li> <p> <b>VolumeType</b>: One of the enumeration values describing the type of the volume. Currently, on STORED volumes are supported.</p> </li> </ul>"
"documentation":"<p>Describes a single unit of output from <a>DescribeStorediSCSIVolumes</a>. The following fields are returned:</p> <ul> <li> <p> <code>ChapEnabled</code>: Indicates whether mutual CHAP is enabled for the iSCSI target.</p> </li> <li> <p> <code>LunNumber</code>: The logical disk number.</p> </li> <li> <p> <code>NetworkInterfaceId</code>: The network interface ID of the stored volume that initiator use to map the stored volume as an iSCSI target.</p> </li> <li> <p> <code>NetworkInterfacePort</code>: The port used to communicate with iSCSI targets.</p> </li> <li> <p> <code>PreservedExistingData</code>: Indicates when the stored volume was created, existing data on the underlying local disk was preserved.</p> </li> <li> <p> <code>SourceSnapshotId</code>: If the stored volume was created from a snapshot, this field contains the snapshot ID used, e.g. <code>snap-1122aabb</code>. Otherwise, this field is not included.</p> </li> <li> <p> <code>StorediSCSIVolumes</code>: An array of StorediSCSIVolume objects where each object contains metadata about one stored volume.</p> </li> <li> <p> <code>TargetARN</code>: The Amazon Resource Name (ARN) of the volume target.</p> </li> <li> <p> <code>VolumeARN</code>: The Amazon Resource Name (ARN) of the stored volume.</p> </li> <li> <p> <code>VolumeDiskId</code>: The disk ID of the local disk that was specified in the <a>CreateStorediSCSIVolume</a> operation.</p> </li> <li> <p> <code>VolumeId</code>: The unique identifier of the storage volume, e.g. <code>vol-1122AABB</code>.</p> </li> <li> <p> <code>VolumeiSCSIAttributes</code>: An <a>VolumeiSCSIAttributes</a> object that represents a collection of iSCSI attributes for one stored volume.</p> </li> <li> <p> <code>VolumeProgress</code>: Represents the percentage complete if the volume is restoring or bootstrapping that represents the percent of data transferred. This field does not appear in the response if the stored volume is not restoring or bootstrapping.</p> </li> <li> <p> <code>VolumeSizeInBytes</code>: The size of the volume in bytes.</p> </li> <li> <p> <code>VolumeStatus</code>: One of the <code>VolumeStatus</code> values that indicates the state of the volume.</p> </li> <li> <p> <code>VolumeType</code>: One of the enumeration values describing the type of the volume. Currently, only <code>STORED</code> volumes are supported.</p> </li> </ul>"
}
}
},
@ -2641,7 +2645,7 @@
"members":{
"TapeArchives":{
"shape":"TapeArchives",
"documentation":"<p>An array of virtual tape objects in the virtual tape shelf (VTS). The description includes of the Amazon Resource Name (ARN) of the virtual tapes. The information returned includes the Amazon Resource Names (ARNs) of the tapes, size of the tapes, status of the tapes, progress of the description and tape barcode.</p>"
"documentation":"<p>An array of virtual tape objects in the virtual tape shelf (VTS). The description includes of the Amazon Resource Name (ARN) of the virtual tapes. The information returned includes the Amazon Resource Names (ARNs) of the tapes, size of the tapes, status of the tapes, progress of the description, and tape barcode.</p>"
},
"Marker":{
"shape":"Marker",
@ -2692,7 +2696,7 @@
},
"Marker":{
"shape":"Marker",
"documentation":"<p>A marker value, obtained in a previous call to <code>DescribeTapes</code>. This marker indicates which page of results to retrieve. </p> <p>If not specified, the first page of results is retrieved.</p>"
"documentation":"<p>A marker value, obtained in a previous call to <code>DescribeTapes</code>. This marker indicates which page of results to retrieve.</p> <p>If not specified, the first page of results is retrieved.</p>"
},
"Limit":{
"shape":"PositiveIntObject",
@ -2817,7 +2821,7 @@
},
"ForceDetach":{
"shape":"Boolean",
"documentation":"<p>Set to <code>true</code> to forcibly remove the iSCSI connection of the target volume and detach the volume. The default is <code>false</code>. If this value is set to <code>false</code>, you must manually disconnect the iSCSI connection from the target volume.</p>"
"documentation":"<p>Set to <code>true</code> to forcibly remove the iSCSI connection of the target volume and detach the volume. The default is <code>false</code>. If this value is set to <code>false</code>, you must manually disconnect the iSCSI connection from the target volume.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
}
},
"documentation":"<p>AttachVolumeInput</p>"
@ -2903,7 +2907,7 @@
"DiskAllocationType":{"shape":"DiskAllocationType"},
"DiskAllocationResource":{
"shape":"string",
"documentation":"<p>The iSCSI qualified name (IQN) that is defined for a disk. This field is not included in the response if the local disk is not defined as an iSCSI target. The format of this field is <i>targetIqn::LUNNumber::region-volumeId</i>. </p>"
"documentation":"<p>The iSCSI qualified name (IQN) that is defined for a disk. This field is not included in the response if the local disk is not defined as an iSCSI target. The format of this field is <i>targetIqn::LUNNumber::region-volumeId</i>.</p>"
},
"DiskAttributeList":{"shape":"DiskAttributeList"}
},
@ -2911,7 +2915,7 @@
},
"DiskAllocationType":{
"type":"string",
"documentation":"<p>One of the <code>DiskAllocationType</code> enumeration values that identifies how a local disk is used. Valid values: <code>UPLOAD_BUFFER</code>, <code>CACHE_STORAGE</code> </p>",
"documentation":"<p>One of the <code>DiskAllocationType</code> enumeration values that identifies how a local disk is used.</p> <p>Valid Values: <code>UPLOAD_BUFFER</code> | <code>CACHE_STORAGE</code> </p>",
"max":100,
"min":3
},
@ -2962,6 +2966,11 @@
"DoubleObject":{"type":"double"},
"Ec2InstanceId":{"type":"string"},
"Ec2InstanceRegion":{"type":"string"},
"EndpointType":{
"type":"string",
"max":8,
"min":4
},
"ErrorCode":{
"type":"string",
"enum":[
@ -3031,7 +3040,7 @@
},
"FileShareARN":{
"type":"string",
"documentation":"<p>The Amazon Resource Name (ARN) of the file share. </p>",
"documentation":"<p>The Amazon Resource Name (ARN) of the file share.</p>",
"max":500,
"min":50
},
@ -3044,13 +3053,13 @@
"FileShareClientList":{
"type":"list",
"member":{"shape":"IPV4AddressCIDR"},
"documentation":"<p>The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks. </p>",
"documentation":"<p>The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.</p>",
"max":100,
"min":1
},
"FileShareId":{
"type":"string",
"documentation":"<p>The ID of the file share. </p>",
"documentation":"<p>The ID of the file share.</p>",
"max":30,
"min":12
},
@ -3071,7 +3080,7 @@
},
"FileShareStatus":{
"type":"string",
"documentation":"<p>The status of the file share. Possible values are <code>CREATING</code>, <code>UPDATING</code>, <code>AVAILABLE</code> and <code>DELETING</code>. </p>",
"documentation":"<p>The status of the file share.</p> <p>Valid Values: <code>CREATING</code> | <code>UPDATING</code> | <code>AVAILABLE</code> | <code>DELETING</code> </p>",
"max":50,
"min":3
},
@ -3133,7 +3142,7 @@
},
"GatewayOperationalState":{
"shape":"GatewayOperationalState",
"documentation":"<p>The state of the gateway.</p> <p>Valid Values: DISABLED or ACTIVE</p>"
"documentation":"<p>The state of the gateway.</p> <p>Valid Values: <code>DISABLED</code> | <code>ACTIVE</code> </p>"
},
"GatewayName":{
"shape":"string",
@ -3306,14 +3315,14 @@
},
"ActiveDirectoryStatus":{
"shape":"ActiveDirectoryStatus",
"documentation":"<p>Indicates the status of the gateway as a member of the Active Directory domain.</p> <ul> <li> <p>ACCESS_DENIED: Indicates that the <code>JoinDomain</code> operation failed due to an authentication error.</p> </li> <li> <p>DETACHED: Indicates that gateway is not joined to a domain.</p> </li> <li> <p>JOINED: Indicates that the gateway has successfully joined a domain.</p> </li> <li> <p>JOINING: Indicates that a <code>JoinDomain</code> operation is in progress.</p> </li> <li> <p>NETWORK_ERROR: Indicates that <code>JoinDomain</code> operation failed due to a network or connectivity error.</p> </li> <li> <p>TIMEOUT: Indicates that the <code>JoinDomain</code> operation failed because the operation didn't complete within the allotted time.</p> </li> <li> <p>UNKNOWN_ERROR: Indicates that the <code>JoinDomain</code> operation failed due to another type of error.</p> </li> </ul>"
"documentation":"<p>Indicates the status of the gateway as a member of the Active Directory domain.</p> <ul> <li> <p> <code>ACCESS_DENIED</code>: Indicates that the <code>JoinDomain</code> operation failed due to an authentication error.</p> </li> <li> <p> <code>DETACHED</code>: Indicates that gateway is not joined to a domain.</p> </li> <li> <p> <code>JOINED</code>: Indicates that the gateway has successfully joined a domain.</p> </li> <li> <p> <code>JOINING</code>: Indicates that a <code>JoinDomain</code> operation is in progress.</p> </li> <li> <p> <code>NETWORK_ERROR</code>: Indicates that <code>JoinDomain</code> operation failed due to a network or connectivity error.</p> </li> <li> <p> <code>TIMEOUT</code>: Indicates that the <code>JoinDomain</code> operation failed because the operation didn't complete within the allotted time.</p> </li> <li> <p> <code>UNKNOWN_ERROR</code>: Indicates that the <code>JoinDomain</code> operation failed due to another type of error.</p> </li> </ul>"
}
},
"documentation":"<p>JoinDomainOutput</p>"
},
"KMSKey":{
"type":"string",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>",
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>",
"max":2048,
"min":7
},
@ -3360,15 +3369,15 @@
"members":{
"Marker":{
"shape":"Marker",
"documentation":"<p>If the request includes <code>Marker</code>, the response returns that value in this field. </p>"
"documentation":"<p>If the request includes <code>Marker</code>, the response returns that value in this field.</p>"
},
"NextMarker":{
"shape":"Marker",
"documentation":"<p>If a value is present, there are more file shares to return. In a subsequent request, use <code>NextMarker</code> as the value for <code>Marker</code> to retrieve the next set of file shares. </p>"
"documentation":"<p>If a value is present, there are more file shares to return. In a subsequent request, use <code>NextMarker</code> as the value for <code>Marker</code> to retrieve the next set of file shares.</p>"
},
"FileShareInfoList":{
"shape":"FileShareInfoList",
"documentation":"<p>An array of information about the file gateway's file shares. </p>"
"documentation":"<p>An array of information about the file gateway's file shares.</p>"
}
},
"documentation":"<p>ListFileShareOutput</p>"
@ -3558,7 +3567,7 @@
},
"LocationARN":{
"type":"string",
"documentation":"<p>The ARN of the backend storage used for storing file data. </p>",
"documentation":"<p>The ARN of the backend storage used for storing file data.</p>",
"max":310,
"min":16
},
@ -3587,19 +3596,19 @@
"members":{
"FileMode":{
"shape":"PermissionMode",
"documentation":"<p>The Unix file mode in the form \"nnnn\". For example, \"0666\" represents the default file mode inside the file share. The default value is 0666. </p>"
"documentation":"<p>The Unix file mode in the form \"nnnn\". For example, <code>0666</code> represents the default file mode inside the file share. The default value is <code>0666</code>.</p>"
},
"DirectoryMode":{
"shape":"PermissionMode",
"documentation":"<p>The Unix directory mode in the form \"nnnn\". For example, \"0666\" represents the default access mode for all directories inside the file share. The default value is 0777.</p>"
"documentation":"<p>The Unix directory mode in the form \"nnnn\". For example, <code>0666</code> represents the default access mode for all directories inside the file share. The default value is <code>0777</code>.</p>"
},
"GroupId":{
"shape":"PermissionId",
"documentation":"<p>The default group ID for the file share (unless the files have another group ID specified). The default value is nfsnobody. </p>"
"documentation":"<p>The default group ID for the file share (unless the files have another group ID specified). The default value is <code>nfsnobody</code>.</p>"
},
"OwnerId":{
"shape":"PermissionId",
"documentation":"<p>The default owner ID for files in the file share (unless the files have another owner ID specified). The default value is nfsnobody. </p>"
"documentation":"<p>The default owner ID for files in the file share (unless the files have another owner ID specified). The default value is <code>nfsnobody</code>.</p>"
}
},
"documentation":"<p>Describes Network File System (NFS) file share default values. Files and folders stored as Amazon S3 objects in S3 buckets don't, by default, have Unix file permissions assigned to them. Upon discovery in an S3 bucket by Storage Gateway, the S3 objects that represent files and folders are assigned these default Unix permissions. This operation is only supported for file gateways.</p>"
@ -3614,7 +3623,7 @@
"GatewayARN":{"shape":"GatewayARN"},
"KMSEncrypted":{
"shape":"boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional. </p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{"shape":"KMSKey"},
"Path":{"shape":"Path"},
@ -3622,22 +3631,22 @@
"LocationARN":{"shape":"LocationARN"},
"DefaultStorageClass":{
"shape":"StorageClass",
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. Possible values are <code>S3_STANDARD</code>, <code>S3_STANDARD_IA</code>, or <code>S3_ONEZONE_IA</code>. If this field is not populated, the default value <code>S3_STANDARD</code> is used. Optional.</p>"
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is <code>S3_INTELLIGENT_TIERING</code>. Optional.</p> <p>Valid Values: <code>S3_STANDARD</code> | <code>S3_INTELLIGENT_TIERING</code> | <code>S3_STANDARD_IA</code> | <code>S3_ONEZONE_IA</code> </p>"
},
"ObjectACL":{"shape":"ObjectACL"},
"ClientList":{"shape":"FileShareClientList"},
"Squash":{"shape":"Squash"},
"ReadOnly":{
"shape":"Boolean",
"documentation":"<p>A value that sets the write status of a file share. This value is true if the write status is read-only, and otherwise false.</p>"
"documentation":"<p>A value that sets the write status of a file share. Set this value to <code>true</code> to set the write status to read-only, otherwise set to <code>false</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"GuessMIMETypeEnabled":{
"shape":"Boolean",
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, and otherwise to false. The default value is true.</p>"
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to <code>true</code> to enable MIME type guessing, otherwise set to <code>false</code>. The default value is <code>true</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"RequesterPays":{
"shape":"Boolean",
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs. Otherwise the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note>"
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to <code>true</code>, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"Tags":{
"shape":"Tags",
@ -3704,7 +3713,7 @@
},
"ObjectACL":{
"type":"string",
"documentation":"<p>A value that sets the access control list permission for objects in the S3 bucket that a file gateway puts objects into. The default value is \"private\".</p>",
"documentation":"<p>A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is <code>private</code>.</p>",
"enum":[
"private",
"public-read",
@ -3722,7 +3731,7 @@
},
"Path":{
"type":"string",
"documentation":"<p>The file share path used by the NFS client to identify the mount point. </p>"
"documentation":"<p>The file share path used by the NFS client to identify the mount point.</p>"
},
"PermissionId":{
"type":"long",
@ -3759,11 +3768,11 @@
},
"FolderList":{
"shape":"FolderList",
"documentation":"<p>A comma-separated list of the paths of folders to refresh in the cache. The default is [<code>\"/\"</code>]. The default refreshes objects and folders at the root of the Amazon S3 bucket. If <code>Recursive</code> is set to \"true\", the entire S3 bucket that the file share has access to is refreshed.</p>"
"documentation":"<p>A comma-separated list of the paths of folders to refresh in the cache. The default is [<code>\"/\"</code>]. The default refreshes objects and folders at the root of the Amazon S3 bucket. If <code>Recursive</code> is set to <code>true</code>, the entire S3 bucket that the file share has access to is refreshed.</p>"
},
"Recursive":{
"shape":"Boolean",
"documentation":"<p>A value that specifies whether to recursively refresh folders in the cache. The refresh includes folders that were in the cache the last time the gateway listed the folder's contents. If this value set to \"true\", each folder that is listed in <code>FolderList</code> is recursively updated. Otherwise, subfolders listed in <code>FolderList</code> are not refreshed. Only objects that are in folders listed directly under <code>FolderList</code> are found and used for the update. The default is \"true\".</p>"
"documentation":"<p>A value that specifies whether to recursively refresh folders in the cache. The refresh includes folders that were in the cache the last time the gateway listed the folder's contents. If this value set to <code>true</code>, each folder that is listed in <code>FolderList</code> is recursively updated. Otherwise, subfolders listed in <code>FolderList</code> are not refreshed. Only objects that are in folders listed directly under <code>FolderList</code> are found and used for the update. The default is <code>true</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
}
},
"documentation":"<p>RefreshCacheInput</p>"
@ -3882,7 +3891,7 @@
},
"Role":{
"type":"string",
"documentation":"<p>The ARN of the IAM role that file gateway assumes when it accesses the underlying storage. </p>",
"documentation":"<p>The ARN of the IAM role that file gateway assumes when it accesses the underlying storage.</p>",
"max":2048,
"min":20
},
@ -3895,7 +3904,7 @@
"GatewayARN":{"shape":"GatewayARN"},
"KMSEncrypted":{
"shape":"boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional. </p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{"shape":"KMSKey"},
"Path":{
@ -3906,24 +3915,24 @@
"LocationARN":{"shape":"LocationARN"},
"DefaultStorageClass":{
"shape":"StorageClass",
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. Possible values are <code>S3_STANDARD</code>, <code>S3_STANDARD_IA</code>, or <code>S3_ONEZONE_IA</code>. If this field is not populated, the default value <code>S3_STANDARD</code> is used. Optional.</p>"
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is <code>S3_INTELLIGENT_TIERING</code>. Optional.</p> <p>Valid Values: <code>S3_STANDARD</code> | <code>S3_INTELLIGENT_TIERING</code> | <code>S3_STANDARD_IA</code> | <code>S3_ONEZONE_IA</code> </p>"
},
"ObjectACL":{"shape":"ObjectACL"},
"ReadOnly":{
"shape":"Boolean",
"documentation":"<p>A value that sets the write status of a file share. This value is true if the write status is read-only, and otherwise false.</p>"
"documentation":"<p>A value that sets the write status of a file share. Set this value to <code>true</code> to set the write status to read-only, otherwise set to <code>false</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"GuessMIMETypeEnabled":{
"shape":"Boolean",
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, and otherwise to false. The default value is true.</p>"
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to <code>true</code> to enable MIME type guessing, otherwise set to <code>false</code>. The default value is <code>true</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"RequesterPays":{
"shape":"Boolean",
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs. Otherwise the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note>"
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to <code>true</code>, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"SMBACLEnabled":{
"shape":"Boolean",
"documentation":"<p>If this value is set to \"true\", indicates that ACL (access control list) is enabled on the SMB file share. If it is set to \"false\", it indicates that file and directory permissions are mapped to the POSIX permission.</p> <p>For more information, see https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html in the Storage Gateway User Guide.</p>"
"documentation":"<p>If this value is set to <code>true</code>, it indicates that access control list (ACL) is enabled on the SMB file share. If it is set to <code>false</code>, it indicates that file and directory permissions are mapped to the POSIX permission.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html\">Using Microsoft Windows ACLs to control access to an SMB file share</a> in the <i>AWS Storage Gateway User Guide</i>.</p>"
},
"AdminUserList":{
"shape":"FileShareUserList",
@ -3931,7 +3940,7 @@
},
"ValidUserList":{
"shape":"FileShareUserList",
"documentation":"<p>A list of users or groups in the Active Directory that are allowed to access the file share. A group must be prefixed with the @ character. For example <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
"documentation":"<p>A list of users or groups in the Active Directory that are allowed to access the file share. A group must be prefixed with the @ character. For example, <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
},
"InvalidUserList":{
"shape":"FileShareUserList",
@ -4017,7 +4026,7 @@
},
"Password":{
"shape":"SMBGuestPassword",
"documentation":"<p>The password that you want to set for your SMB Server.</p>"
"documentation":"<p>The password that you want to set for your SMB server.</p>"
}
},
"documentation":"<p>SetSMBGuestPasswordInput</p>"
@ -4054,7 +4063,7 @@
},
"Squash":{
"type":"string",
"documentation":"<p>The user mapped to anonymous user. Valid options are the following: </p> <ul> <li> <p> <code>RootSquash</code> - Only root is mapped to anonymous user.</p> </li> <li> <p> <code>NoSquash</code> - No one is mapped to anonymous user</p> </li> <li> <p> <code>AllSquash</code> - Everyone is mapped to anonymous user.</p> </li> </ul>",
"documentation":"<p>The user mapped to anonymous user. Valid options are the following:</p> <ul> <li> <p> <code>RootSquash</code>: Only root is mapped to anonymous user.</p> </li> <li> <p> <code>NoSquash</code>: No one is mapped to anonymous user.</p> </li> <li> <p> <code>AllSquash</code>: Everyone is mapped to anonymous user.</p> </li> </ul>",
"max":15,
"min":5
},
@ -4127,7 +4136,7 @@
},
"VolumeAttachmentStatus":{
"shape":"VolumeAttachmentStatus",
"documentation":"<p>A value that indicates whether a storage volume is attached to, detached from, or is in the process of detaching from a gateway. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-volumes.html#attach-detach-volume\">Moving Your Volumes to a Different Gateway</a>.</p>"
"documentation":"<p>A value that indicates whether a storage volume is attached to, detached from, or is in the process of detaching from a gateway. For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-volumes.html#attach-detach-volume\">Moving your volumes to a different gateway</a>.</p>"
},
"VolumeSizeInBytes":{
"shape":"long",
@ -4147,7 +4156,7 @@
},
"PreservedExistingData":{
"shape":"boolean",
"documentation":"<p>Indicates if when the stored volume was created, existing data on the underlying local disk was preserved.</p> <p> Valid Values: true, false</p>"
"documentation":"<p>Indicates if when the stored volume was created, existing data on the underlying local disk was preserved.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"VolumeiSCSIAttributes":{
"shape":"VolumeiSCSIAttributes",
@ -4182,14 +4191,14 @@
"members":{
"Key":{
"shape":"TagKey",
"documentation":"<p>Tag key (String). The key can't start with aws:. </p>"
"documentation":"<p>Tag key. The key can't start with aws:.</p>"
},
"Value":{
"shape":"TagValue",
"documentation":"<p>Value of the tag key.</p>"
}
},
"documentation":"<p>A key-value pair that helps you manage, filter, and search for your resource. Allowed characters: letters, white space, and numbers, representable in UTF-8, and the following characters: + - = . _ : /</p>"
"documentation":"<p>A key-value pair that helps you manage, filter, and search for your resource. Allowed characters: letters, white space, and numbers, representable in UTF-8, and the following characters: + - = . _ : /.</p>"
},
"TagKey":{
"type":"string",
@ -4247,7 +4256,7 @@
"KMSKey":{"shape":"KMSKey"},
"PoolId":{
"shape":"PoolId",
"documentation":"<p>The ID of the pool that contains tapes that will be archived. The tapes in this pool are archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S# Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>The ID of the pool that contains tapes that will be archived. The tapes in this pool are archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
}
},
"documentation":"<p>Describes a virtual tape object.</p>"
@ -4301,7 +4310,7 @@
"KMSKey":{"shape":"KMSKey"},
"PoolId":{
"shape":"PoolId",
"documentation":"<p>The ID of the pool that was used to archive the tape. The tapes in this pool are archived in the S3 storage class that is associated with the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>The ID of the pool that was used to archive the tape. The tapes in this pool are archived in the S3 storage class that is associated with the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
}
},
"documentation":"<p>Represents a virtual tape that is archived in the virtual tape shelf (VTS).</p>"
@ -4353,7 +4362,7 @@
},
"PoolId":{
"shape":"PoolId",
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid values: \"GLACIER\", \"DEEP_ARCHIVE\"</p>"
"documentation":"<p>The ID of the pool that you want to add your tape to for archiving. The tape in this pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.</p> <p>Valid Values: <code>GLACIER</code> | <code>DEEP_ARCHIVE</code> </p>"
}
},
"documentation":"<p>Describes a virtual tape.</p>"
@ -4423,7 +4432,7 @@
"members":{
"AutomaticTapeCreationRules":{
"shape":"AutomaticTapeCreationRules",
"documentation":"<p> An automatic tape creation policy consists of a list of automatic tape creation rules. The rules determine when and how to automatically create new tapes. </p>"
"documentation":"<p>An automatic tape creation policy consists of a list of automatic tape creation rules. The rules determine when and how to automatically create new tapes.</p>"
},
"GatewayARN":{"shape":"GatewayARN"}
}
@ -4510,7 +4519,7 @@
},
"CloudWatchLogGroupARN":{
"shape":"CloudWatchLogGroupARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the Amazon CloudWatch log group that you want to use to monitor and log events in the gateway. </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html\">What Is Amazon CloudWatch Logs?</a>.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the Amazon CloudWatch log group that you want to use to monitor and log events in the gateway.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html\">What is Amazon CloudWatch logs?</a>.</p>"
}
}
},
@ -4523,7 +4532,7 @@
"documentation":"<p>The name you configured for your gateway.</p>"
}
},
"documentation":"<p>A JSON object containing the ARN of the gateway that was updated.</p>"
"documentation":"<p>A JSON object containing the Amazon Resource Name (ARN) of the gateway that was updated.</p>"
},
"UpdateGatewaySoftwareNowInput":{
"type":"structure",
@ -4563,7 +4572,7 @@
},
"DayOfMonth":{
"shape":"DayOfMonth",
"documentation":"<p>The day of the month component of the maintenance start time represented as an ordinal number from 1 to 28, where 1 represents the first day of the month and 28 represents the last day of the month.</p> <note> <p>This value is only available for tape and volume gateways.</p> </note>"
"documentation":"<p>The day of the month component of the maintenance start time represented as an ordinal number from 1 to 28, where 1 represents the first day of the month and 28 represents the last day of the month.</p>"
}
},
"documentation":"<p>A JSON object containing the following fields:</p> <ul> <li> <p> <a>UpdateMaintenanceStartTimeInput$DayOfMonth</a> </p> </li> <li> <p> <a>UpdateMaintenanceStartTimeInput$DayOfWeek</a> </p> </li> <li> <p> <a>UpdateMaintenanceStartTimeInput$HourOfDay</a> </p> </li> <li> <p> <a>UpdateMaintenanceStartTimeInput$MinuteOfHour</a> </p> </li> </ul>"
@ -4581,15 +4590,15 @@
"members":{
"FileShareARN":{
"shape":"FileShareARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the file share to be updated. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the file share to be updated.</p>"
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional. </p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"NFSFileShareDefaults":{
"shape":"NFSFileShareDefaults",
@ -4597,11 +4606,11 @@
},
"DefaultStorageClass":{
"shape":"StorageClass",
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. Possible values are <code>S3_STANDARD</code>, <code>S3_STANDARD_IA</code>, or <code>S3_ONEZONE_IA</code>. If this field is not populated, the default value <code>S3_STANDARD</code> is used. Optional.</p>"
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is <code>S3_INTELLIGENT_TIERING</code>. Optional.</p> <p>Valid Values: <code>S3_STANDARD</code> | <code>S3_INTELLIGENT_TIERING</code> | <code>S3_STANDARD_IA</code> | <code>S3_ONEZONE_IA</code> </p>"
},
"ObjectACL":{
"shape":"ObjectACL",
"documentation":"<p>A value that sets the access control list permission for objects in the S3 bucket that a file gateway puts objects into. The default value is \"private\".</p>"
"documentation":"<p>A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is <code>private</code>.</p>"
},
"ClientList":{
"shape":"FileShareClientList",
@ -4609,19 +4618,19 @@
},
"Squash":{
"shape":"Squash",
"documentation":"<p>The user mapped to anonymous user. Valid options are the following:</p> <ul> <li> <p> <code>RootSquash</code> - Only root is mapped to anonymous user.</p> </li> <li> <p> <code>NoSquash</code> - No one is mapped to anonymous user</p> </li> <li> <p> <code>AllSquash</code> - Everyone is mapped to anonymous user.</p> </li> </ul>"
"documentation":"<p>The user mapped to anonymous user.</p> <p>Valid values are the following:</p> <ul> <li> <p> <code>RootSquash</code>: Only root is mapped to anonymous user.</p> </li> <li> <p> <code>NoSquash</code>: No one is mapped to anonymous user.</p> </li> <li> <p> <code>AllSquash</code>: Everyone is mapped to anonymous user.</p> </li> </ul>"
},
"ReadOnly":{
"shape":"Boolean",
"documentation":"<p>A value that sets the write status of a file share. This value is true if the write status is read-only, and otherwise false.</p>"
"documentation":"<p>A value that sets the write status of a file share. Set this value to <code>true</code> to set the write status to read-only, otherwise set to <code>false</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"GuessMIMETypeEnabled":{
"shape":"Boolean",
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, and otherwise to false. The default value is true.</p>"
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to <code>true</code> to enable MIME type guessing, otherwise set to <code>false</code>. The default value is <code>true</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"RequesterPays":{
"shape":"Boolean",
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs. Otherwise the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note>"
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to <code>true</code>, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
}
},
"documentation":"<p>UpdateNFSFileShareInput</p>"
@ -4631,7 +4640,7 @@
"members":{
"FileShareARN":{
"shape":"FileShareARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the updated file share. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the updated file share.</p>"
}
},
"documentation":"<p>UpdateNFSFileShareOutput</p>"
@ -4646,43 +4655,43 @@
},
"KMSEncrypted":{
"shape":"Boolean",
"documentation":"<p>True to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.</p>"
"documentation":"<p>Set to <code>true</code> to use Amazon S3 server-side encryption with your own AWS KMS key, or <code>false</code> to use a key managed by Amazon S3. Optional.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"KMSKey":{
"shape":"KMSKey",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server-side encryption. This value can only be set when KMSEncrypted is true. Optional.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when <code>KMSEncrypted</code> is <code>true</code>. Optional.</p>"
},
"DefaultStorageClass":{
"shape":"StorageClass",
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. Possible values are <code>S3_STANDARD</code>, <code>S3_STANDARD_IA</code>, or <code>S3_ONEZONE_IA</code>. If this field is not populated, the default value <code>S3_STANDARD</code> is used. Optional.</p>"
"documentation":"<p>The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is <code>S3_INTELLIGENT_TIERING</code>. Optional.</p> <p>Valid Values: <code>S3_STANDARD</code> | <code>S3_INTELLIGENT_TIERING</code> | <code>S3_STANDARD_IA</code> | <code>S3_ONEZONE_IA</code> </p>"
},
"ObjectACL":{
"shape":"ObjectACL",
"documentation":"<p>A value that sets the access control list permission for objects in the S3 bucket that a file gateway puts objects into. The default value is \"private\".</p>"
"documentation":"<p>A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is <code>private</code>.</p>"
},
"ReadOnly":{
"shape":"Boolean",
"documentation":"<p>A value that sets the write status of a file share. This value is true if the write status is read-only, and otherwise false.</p>"
"documentation":"<p>A value that sets the write status of a file share. Set this value to <code>true</code> to set write status to read-only, otherwise set to <code>false</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"GuessMIMETypeEnabled":{
"shape":"Boolean",
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, and otherwise to false. The default value is true.</p>"
"documentation":"<p>A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to <code>true</code> to enable MIME type guessing, otherwise set to <code>false</code>. The default value is <code>true</code>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"RequesterPays":{
"shape":"Boolean",
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs. Otherwise the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note>"
"documentation":"<p>A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to <code>true</code>, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.</p> <note> <p> <code>RequesterPays</code> is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.</p> </note> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"SMBACLEnabled":{
"shape":"Boolean",
"documentation":"<p>Set this value to \"true to enable ACL (access control list) on the SMB file share. Set it to \"false\" to map file and directory permissions to the POSIX permissions.</p> <p>For more information, see https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.htmlin the Storage Gateway User Guide.</p>"
"documentation":"<p>Set this value to <code>true</code> to enable access control list (ACL) on the SMB file share. Set it to <code>false</code> to map file and directory permissions to the POSIX permissions.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html\">Using Microsoft Windows ACLs to control access to an SMB file share</a> in the <i>AWS Storage Gateway User Guide</i>.</p> <p>Valid Values: <code>true</code> | <code>false</code> </p>"
},
"AdminUserList":{
"shape":"FileShareUserList",
"documentation":"<p>A list of users in the Active Directory that have administrator rights to the file share. A group must be prefixed with the @ character. For example <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
"documentation":"<p>A list of users in the Active Directory that have administrator rights to the file share. A group must be prefixed with the @ character. For example, <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
},
"ValidUserList":{
"shape":"FileShareUserList",
"documentation":"<p>A list of users or groups in the Active Directory that are allowed to access the file share. A group must be prefixed with the @ character. For example <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
"documentation":"<p>A list of users or groups in the Active Directory that are allowed to access the file share. A group must be prefixed with the @ character. For example, <code>@group1</code>. Can only be set if Authentication is set to <code>ActiveDirectory</code>.</p>"
},
"InvalidUserList":{
"shape":"FileShareUserList",
@ -4700,7 +4709,7 @@
"members":{
"FileShareARN":{
"shape":"FileShareARN",
"documentation":"<p>The Amazon Resource Name (ARN) of the updated SMB file share. </p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the updated SMB file share.</p>"
}
},
"documentation":"<p>UpdateSMBFileShareOutput</p>"
@ -4715,7 +4724,7 @@
"GatewayARN":{"shape":"GatewayARN"},
"SMBSecurityStrategy":{
"shape":"SMBSecurityStrategy",
"documentation":"<p>Specifies the type of security strategy.</p> <p>ClientSpecified: if you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment. </p> <p>MandatorySigning: if you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer. </p> <p>MandatoryEncryption: if you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer. </p>"
"documentation":"<p>Specifies the type of security strategy.</p> <p>ClientSpecified: if you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment.</p> <p>MandatorySigning: if you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.</p> <p>MandatoryEncryption: if you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.</p>"
}
}
},
@ -4779,7 +4788,7 @@
},
"DeviceType":{
"shape":"DeviceType",
"documentation":"<p>The type of medium changer you want to select.</p> <p> Valid Values: \"STK-L700\", \"AWS-Gateway-VTL\"</p>"
"documentation":"<p>The type of medium changer you want to select.</p> <p>Valid Values: <code>STK-L700</code> | <code>AWS-Gateway-VTL</code> </p>"
}
}
},
@ -4859,16 +4868,16 @@
"members":{
"VolumeARN":{
"shape":"VolumeARN",
"documentation":"<p>The Amazon Resource Name (ARN) for the storage volume. For example, the following is a valid ARN:</p> <p> <code>arn:aws:storagegateway:us-east-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABB</code> </p> <p> Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
"documentation":"<p>The Amazon Resource Name (ARN) for the storage volume. For example, the following is a valid ARN:</p> <p> <code>arn:aws:storagegateway:us-east-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABB</code> </p> <p>Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
},
"VolumeId":{
"shape":"VolumeId",
"documentation":"<p>The unique identifier assigned to the volume. This ID becomes part of the volume Amazon Resource Name (ARN), which you use as input for other operations.</p> <p> Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
"documentation":"<p>The unique identifier assigned to the volume. This ID becomes part of the volume Amazon Resource Name (ARN), which you use as input for other operations.</p> <p>Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
},
"GatewayARN":{"shape":"GatewayARN"},
"GatewayId":{
"shape":"GatewayId",
"documentation":"<p>The unique identifier assigned to your gateway during activation. This ID becomes part of the gateway Amazon Resource Name (ARN), which you use as input for other operations.</p> <p> Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
"documentation":"<p>The unique identifier assigned to your gateway during activation. This ID becomes part of the gateway Amazon Resource Name (ARN), which you use as input for other operations.</p> <p>Valid Values: 50 to 500 lowercase letters, numbers, periods (.), and hyphens (-).</p>"
},
"VolumeType":{
"shape":"VolumeType",
@ -4880,7 +4889,7 @@
},
"VolumeAttachmentStatus":{
"shape":"VolumeAttachmentStatus",
"documentation":"<p>One of the VolumeStatus values that indicates the state of the storage volume. </p>"
"documentation":"<p>One of the VolumeStatus values that indicates the state of the storage volume.</p>"
}
},
"documentation":"<p>Describes a storage volume object.</p>"
@ -4963,5 +4972,5 @@
"long":{"type":"long"},
"string":{"type":"string"}
},
"documentation":"<fullname>AWS Storage Gateway Service</fullname> <p>AWS Storage Gateway is the service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and the AWS storage infrastructure. The service enables you to securely upload data to the AWS Cloud for cost effective backup and rapid disaster recovery.</p> <p>Use the following links to get started using the <i>AWS Storage Gateway Service API Reference</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#AWSStorageGatewayHTTPRequestsHeaders\">AWS Storage Gateway Required Request Headers</a>: Describes the required headers that you must send with every POST request to AWS Storage Gateway.</p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#AWSStorageGatewaySigningRequests\">Signing Requests</a>: AWS Storage Gateway requires that you authenticate every request you send; this topic describes how sign such a request.</p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#APIErrorResponses\">Error Responses</a>: Provides reference information about AWS Storage Gateway errors.</p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_Operations.html\">Operations in AWS Storage Gateway</a>: Contains detailed descriptions of all AWS Storage Gateway operations, their request parameters, response elements, possible errors, and examples of requests and responses.</p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/general/latest/gr/rande.html#sg_region\">AWS Storage Gateway Regions and Endpoints:</a> Provides a list of each AWS Region and the endpoints available for use with AWS Storage Gateway. </p> </li> </ul> <note> <p>AWS Storage Gateway resource IDs are in uppercase. When you use these resource IDs with the Amazon EC2 API, EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be <code>vol-AA22BB012345DAF670</code>. When you use this ID with the EC2 API, you must change it to <code>vol-aa22bb012345daf670</code>. Otherwise, the EC2 API might not behave as expected.</p> </note> <important> <p>IDs for Storage Gateway volumes and Amazon EBS snapshots created from gateway volumes are changing to a longer format. Starting in December 2016, all new volumes and snapshots will be created with a 17-character string. Starting in April 2016, you will be able to use these longer IDs so you can test your systems with the new format. For more information, see <a href=\"https://aws.amazon.com/ec2/faqs/#longer-ids\">Longer EC2 and EBS Resource IDs</a>. </p> <p> For example, a volume Amazon Resource Name (ARN) with the longer volume ID format looks like the following:</p> <p> <code>arn:aws:storagegateway:us-west-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABBCCDDEEFFG</code>.</p> <p>A snapshot ID with the longer ID format looks like the following: <code>snap-78e226633445566ee</code>.</p> <p>For more information, see <a href=\"https://forums.aws.amazon.com/ann.jspa?annID=3557\">Announcement: Heads-up Longer AWS Storage Gateway volume and snapshot IDs coming in 2016</a>.</p> </important>"
"documentation":"<fullname>AWS Storage Gateway Service</fullname> <p>AWS Storage Gateway is the service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and the AWS storage infrastructure. The service enables you to securely upload data to the AWS Cloud for cost effective backup and rapid disaster recovery.</p> <p>Use the following links to get started using the <i>AWS Storage Gateway Service API Reference</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#AWSStorageGatewayHTTPRequestsHeaders\">AWS Storage Gateway required request headers</a>: Describes the required headers that you must send with every POST request to AWS Storage Gateway.</p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#AWSStorageGatewaySigningRequests\">Signing requests</a>: AWS Storage Gateway requires that you authenticate every request you send; this topic describes how sign such a request.</p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#APIErrorResponses\">Error responses</a>: Provides reference information about AWS Storage Gateway errors.</p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_Operations.html\">Operations in AWS Storage Gateway</a>: Contains detailed descriptions of all AWS Storage Gateway operations, their request parameters, response elements, possible errors, and examples of requests and responses.</p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/general/latest/gr/sg.html\">AWS Storage Gateway endpoints and quotas:</a> Provides a list of each AWS Region and the endpoints available for use with AWS Storage Gateway.</p> </li> </ul> <note> <p>AWS Storage Gateway resource IDs are in uppercase. When you use these resource IDs with the Amazon EC2 API, EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be <code>vol-AA22BB012345DAF670</code>. When you use this ID with the EC2 API, you must change it to <code>vol-aa22bb012345daf670</code>. Otherwise, the EC2 API might not behave as expected.</p> </note> <important> <p>IDs for Storage Gateway volumes and Amazon EBS snapshots created from gateway volumes are changing to a longer format. Starting in December 2016, all new volumes and snapshots will be created with a 17-character string. Starting in April 2016, you will be able to use these longer IDs so you can test your systems with the new format. For more information, see <a href=\"http://aws.amazon.com/ec2/faqs/#longer-ids\">Longer EC2 and EBS resource IDs</a>.</p> <p>For example, a volume Amazon Resource Name (ARN) with the longer volume ID format looks like the following:</p> <p> <code>arn:aws:storagegateway:us-west-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABBCCDDEEFFG</code>.</p> <p>A snapshot ID with the longer ID format looks like the following: <code>snap-78e226633445566ee</code>.</p> <p>For more information, see <a href=\"http://forums.aws.amazon.com/ann.jspa?annID=3557\">Announcement: Heads-up Longer AWS Storage Gateway volume and snapshot IDs coming in 2016</a>.</p> </important>"
}

119
botocore/data/transfer/2018-11-05/service-2.json
View file

@ -350,7 +350,7 @@
"members":{
"Certificate":{
"shape":"Certificate",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p> <p>To request a new public certificate, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html\">Request a public certificate</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>To import an existing certificate into ACM, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html\">Importing certificates into ACM</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>To request a private certificate to use FTPS through private IP addresses, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html\">Request a private certificate</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>Certificates with the following cryptographic algorithms and key sizes are supported:</p> <ul> <li> <p>2048-bit RSA (RSA_2048)</p> </li> <li> <p>4096-bit RSA (RSA_4096)</p> </li> <li> <p>Elliptic Prime Curve 256 bit (EC_prime256v1)</p> </li> <li> <p>Elliptic Prime Curve 384 bit (EC_secp384r1)</p> </li> <li> <p>Elliptic Prime Curve 521 bit (EC_secp521r1)</p> </li> </ul> <note> <p>The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.</p> </note>"
},
"EndpointDetails":{
"shape":"EndpointDetails",
@ -358,11 +358,11 @@
},
"EndpointType":{
"shape":"EndpointType",
"documentation":"<p>The type of VPC endpoint that you want your file transfer protocol-enabled server to connect to. You can choose to connect to the public internet or a virtual private cloud (VPC) endpoint. With a VPC endpoint, you can restrict access to your server and resources only within your VPC.</p>"
"documentation":"<p>The type of VPC endpoint that you want your file transfer protocol-enabled server to connect to. You can choose to connect to the public internet or a VPC endpoint. With a VPC endpoint, you can restrict access to your server and resources only within your VPC.</p> <note> <p>It is recommended that you use <code>VPC</code> as the <code>EndpointType</code>. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with <code>EndpointType</code> set to <code>VPC_ENDPOINT</code>.</p> </note>"
},
"HostKey":{
"shape":"HostKey",
"documentation":"<p>The RSA private key as generated by the <code>ssh-keygen -N \"\" -f my-new-server-key</code> command.</p> <important> <p>If you aren't planning to migrate existing users from an existing SFTP-enabled server to a new server, don't update the host key. Accidentally changing a server's host key can be disruptive.</p> </important> <p>For more information, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key\">Changing the Host Key for Your AWS Transfer Family Server</a> in the <i>AWS Transfer Family User Guide</i>.</p>"
"documentation":"<p>The RSA private key as generated by the <code>ssh-keygen -N \"\" -m PEM -f my-new-server-key</code> command.</p> <important> <p>If you aren't planning to migrate existing users from an existing SFTP-enabled server to a new server, don't update the host key. Accidentally changing a server's host key can be disruptive.</p> </important> <p>For more information, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key\">Change the host key for your SFTP-enabled server</a> in the <i>AWS Transfer Family User Guide</i>.</p>"
},
"IdentityProviderDetails":{
"shape":"IdentityProviderDetails",
@ -378,7 +378,7 @@
},
"Protocols":{
"shape":"Protocols",
"documentation":"<p>Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:</p> <ul> <li> <p>Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over SSH</p> </li> <li> <p>File Transfer Protocol Secure (FTPS): File transfer with TLS encryption</p> </li> <li> <p>File Transfer Protocol (FTP): Unencrypted file transfer</p> </li> </ul>"
"documentation":"<p>Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:</p> <ul> <li> <p> <code>SFTP</code> (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH</p> </li> <li> <p> <code>FTPS</code> (File Transfer Protocol Secure): File transfer with TLS encryption</p> </li> <li> <p> <code>FTP</code> (File Transfer Protocol): Unencrypted file transfer</p> </li> </ul> <note> <p>If you select <code>FTPS</code>, you must choose a certificate stored in AWS Certificate Manager (ACM) which will be used to identify your server when clients connect to it over FTPS.</p> <p>If <code>Protocol</code> includes either <code>FTP</code> or <code>FTPS</code>, then the <code>EndpointType</code> must be <code>VPC</code> and the <code>IdentityProviderType</code> must be <code>API_GATEWAY</code>.</p> <p>If <code>Protocol</code> includes <code>FTP</code>, then <code>AddressAllocationIds</code> cannot be associated.</p> <p>If <code>Protocol</code> is set only to <code>SFTP</code>, the <code>EndpointType</code> can be set to <code>PUBLIC</code> and the <code>IdentityProviderType</code> can be set to <code>SERVICE_MANAGED</code>.</p> </note>"
},
"Tags":{
"shape":"Tags",
@ -406,7 +406,7 @@
"members":{
"HomeDirectory":{
"shape":"HomeDirectory",
"documentation":"<p>The landing directory (folder) for a user when they log in to the file transfer protocol-enabled server using the client.</p> <p>An example is <code>your-Amazon-S3-bucket-name&gt;/home/username</code>.</p>"
"documentation":"<p>The landing directory (folder) for a user when they log in to the file transfer protocol-enabled server using the client.</p> <p>An example is <i> <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.</p>"
},
"HomeDirectoryType":{
"shape":"HomeDirectoryType",
@ -414,11 +414,11 @@
},
"HomeDirectoryMappings":{
"shape":"HomeDirectoryMappings",
"documentation":"<p>Logical directory mappings that specify what Amazon S3 paths and keys should be visible to your user and how you want to make them visible. You will need to specify the \"<code>Entry</code>\" and \"<code>Target</code>\" pair, where <code>Entry</code> shows how the path is made visible and <code>Target</code> is the actual Amazon S3 path. If you only specify a target, it will be displayed as is. You will need to also make sure that your AWS IAM Role provides access to paths in <code>Target</code>. The following is an example.</p> <p> <code>'[ \"/bucket2/documentation\", { \"Entry\": \"your-personal-report.pdf\", \"Target\": \"/bucket3/customized-reports/${transfer:UserName}.pdf\" } ]'</code> </p> <p>In most cases, you can use this value instead of the scope-down policy to lock your user down to the designated home directory (\"chroot\"). To do this, you can set <code>Entry</code> to '/' and set <code>Target</code> to the HomeDirectory parameter value.</p> <note> <p>If the target of a logical directory entry does not exist in Amazon S3, the entry will be ignored. As a workaround, you can use the Amazon S3 api to create 0 byte objects as place holders for your directory. If using the CLI, use the <code>s3api</code> call instead of <code>s3</code> so you can use the put-object operation. For example, you use the following: <code>aws s3api put-object --bucket bucketname --key path/to/folder/</code>. Make sure that the end of the key name ends in a '/' for it to be considered a folder.</p> </note>"
"documentation":"<p>Logical directory mappings that specify what Amazon S3 paths and keys should be visible to your user and how you want to make them visible. You will need to specify the \"<code>Entry</code>\" and \"<code>Target</code>\" pair, where <code>Entry</code> shows how the path is made visible and <code>Target</code> is the actual Amazon S3 path. If you only specify a target, it will be displayed as is. You will need to also make sure that your IAM role provides access to paths in <code>Target</code>. The following is an example.</p> <p> <code>'[ \"/bucket2/documentation\", { \"Entry\": \"your-personal-report.pdf\", \"Target\": \"/bucket3/customized-reports/${transfer:UserName}.pdf\" } ]'</code> </p> <p>In most cases, you can use this value instead of the scope-down policy to lock your user down to the designated home directory (\"chroot\"). To do this, you can set <code>Entry</code> to '/' and set <code>Target</code> to the HomeDirectory parameter value.</p> <note> <p>If the target of a logical directory entry does not exist in Amazon S3, the entry will be ignored. As a workaround, you can use the Amazon S3 api to create 0 byte objects as place holders for your directory. If using the CLI, use the <code>s3api</code> call instead of <code>s3</code> so you can use the put-object operation. For example, you use the following: <code>aws s3api put-object --bucket bucketname --key path/to/folder/</code>. Make sure that the end of the key name ends in a '/' for it to be considered a folder.</p> </note>"
},
"Policy":{
"shape":"Policy",
"documentation":"<p>A scope-down policy for your user so you can use the same IAM role across multiple users. This policy scopes down user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include <code>${Transfer:UserName}</code>, <code>${Transfer:HomeDirectory}</code>, and <code>${Transfer:HomeBucket}</code>.</p> <note> <p>For scope-down policies, AWS Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the <code>Policy</code> argument.</p> <p>For an example of a scope-down policy, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/users.html#users-policies-scope-down\">Creating a Scope-Down Policy</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html\">AssumeRole</a> in the <i>AWS Security Token Service API Reference</i>.</p> </note>"
"documentation":"<p>A scope-down policy for your user so you can use the same IAM role across multiple users. This policy scopes down user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include <code>${Transfer:UserName}</code>, <code>${Transfer:HomeDirectory}</code>, and <code>${Transfer:HomeBucket}</code>.</p> <note> <p>For scope-down policies, AWS Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the <code>Policy</code> argument.</p> <p>For an example of a scope-down policy, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/users.html#users-policies-scope-down\">Creating a scope-down policy</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html\">AssumeRole</a> in the <i>AWS Security Token Service API Reference</i>.</p> </note>"
},
"Role":{
"shape":"Role",
@ -573,19 +573,19 @@
},
"Certificate":{
"shape":"Certificate",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p>"
"documentation":"<p>Specifies the ARN of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p>"
},
"EndpointDetails":{
"shape":"EndpointDetails",
"documentation":"<p>The virtual private cloud (VPC) endpoint settings that you configured for your file transfer protocol-enabled server.</p>"
"documentation":"<p>Specifies the virtual private cloud (VPC) endpoint settings that you configured for your file transfer protocol-enabled server.</p>"
},
"EndpointType":{
"shape":"EndpointType",
"documentation":"<p>The type of endpoint that your file transfer protocol-enabled server is connected to. If your server is connected to a VPC endpoint, your server isn't accessible over the public internet.</p>"
"documentation":"<p>Defines the type of endpoint that your file transfer protocol-enabled server is connected to. If your server is connected to a VPC endpoint, your server isn't accessible over the public internet.</p>"
},
"HostKeyFingerprint":{
"shape":"HostKeyFingerprint",
"documentation":"<p>Contains the message-digest algorithm (MD5) hash of a file transfer protocol-enabled server's host key. This value is equivalent to the output of the <code>ssh-keygen -l -E md5 -f my-new-server-key</code> command.</p>"
"documentation":"<p>Specifies the Base64-encoded SHA256 fingerprint of the server's host key. This value is equivalent to the output of the <code>ssh-keygen -l -f my-new-server-key</code> command.</p>"
},
"IdentityProviderDetails":{
"shape":"IdentityProviderDetails",
@ -593,34 +593,34 @@
},
"IdentityProviderType":{
"shape":"IdentityProviderType",
"documentation":"<p>Defines the mode of authentication method enabled for this service. A value of <code>SERVICE_MANAGED</code> means that you are using this file transfer protocol-enabled server to store and access user credentials within the service. A value of <code>API_GATEWAY</code> indicates that you have integrated an API Gateway endpoint that will be invoked for authenticating your user into the service.</p>"
"documentation":"<p>Specifies the mode of authentication method enabled for this service. A value of <code>SERVICE_MANAGED</code> means that you are using this file transfer protocol-enabled server to store and access user credentials within the service. A value of <code>API_GATEWAY</code> indicates that you have integrated an API Gateway endpoint that will be invoked for authenticating your user into the service.</p>"
},
"LoggingRole":{
"shape":"Role",
"documentation":"<p>An AWS Identity and Access Management (IAM) entity that allows a file transfer protocol-enabled server to turn on Amazon CloudWatch logging for Amazon S3 events. When set, user activity can be viewed in your CloudWatch logs.</p>"
"documentation":"<p>Specifies the AWS Identity and Access Management (IAM) role that allows a file transfer protocol-enabled server to turn on Amazon CloudWatch logging for Amazon S3 events. When set, user activity can be viewed in your CloudWatch logs.</p>"
},
"Protocols":{
"shape":"Protocols",
"documentation":"<p>Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:</p> <ul> <li> <p>Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over SSH</p> </li> <li> <p>File Transfer Protocol Secure (FTPS): File transfer with TLS encryption</p> </li> <li> <p>File Transfer Protocol (FTP): Unencrypted file transfer</p> </li> </ul>"
"documentation":"<p>Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:</p> <ul> <li> <p> <code>SFTP</code> (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH</p> </li> <li> <p> <code>FTPS</code> (File Transfer Protocol Secure): File transfer with TLS encryption</p> </li> <li> <p> <code>FTP</code> (File Transfer Protocol): Unencrypted file transfer</p> </li> </ul>"
},
"ServerId":{
"shape":"ServerId",
"documentation":"<p>Unique system-assigned identifier for a file transfer protocol-enabled server that you instantiate.</p>"
"documentation":"<p>Specifies the unique system-assigned identifier for a file transfer protocol-enabled server that you instantiate.</p>"
},
"State":{
"shape":"State",
"documentation":"<p>The condition of a file transfer protocol-enabled server for the server that was described. A value of <code>ONLINE</code> indicates that the server can accept jobs and transfer files. A <code>State</code> value of <code>OFFLINE</code> means that the server cannot perform file transfer operations.</p> <p>The states of <code>STARTING</code> and <code>STOPPING</code> indicate that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of <code>START_FAILED</code> or <code>STOP_FAILED</code> can indicate an error condition.</p>"
"documentation":"<p>Specifies the condition of a file transfer protocol-enabled server for the server that was described. A value of <code>ONLINE</code> indicates that the server can accept jobs and transfer files. A <code>State</code> value of <code>OFFLINE</code> means that the server cannot perform file transfer operations.</p> <p>The states of <code>STARTING</code> and <code>STOPPING</code> indicate that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of <code>START_FAILED</code> or <code>STOP_FAILED</code> can indicate an error condition.</p>"
},
"Tags":{
"shape":"Tags",
"documentation":"<p>Contains the key-value pairs that you can use to search for and group file transfer protocol-enabled servers that were assigned to the server that was described.</p>"
"documentation":"<p>Specifies the key-value pairs that you can use to search for and group file transfer protocol-enabled servers that were assigned to the server that was described.</p>"
},
"UserCount":{
"shape":"UserCount",
"documentation":"<p>The number of users that are assigned to a file transfer protocol-enabled server you specified with the <code>ServerId</code>.</p>"
"documentation":"<p>Specifies the number of users that are assigned to a file transfer protocol-enabled server you specified with the <code>ServerId</code>.</p>"
}
},
"documentation":"<p>Describes the properties of a file transfer protocol-enabled server that was specified. Information returned includes the following: the server Amazon Resource Name (ARN), the authentication configuration and type, the logging role, the server ID and state, and assigned tags or metadata.</p>"
"documentation":"<p>Describes the properties of a file transfer protocol-enabled server that was specified. Information returned includes the following: the server Amazon Resource Name (ARN), the certificate ARN (if the FTPS protocol was selected), the endpoint type and details, the authentication configuration and type, the logging role, the file transfer protocol or protocols, the server ID and state, and assigned tags or metadata.</p>"
},
"DescribedUser":{
"type":"structure",
@ -628,19 +628,19 @@
"members":{
"Arn":{
"shape":"Arn",
"documentation":"<p>Contains the unique Amazon Resource Name (ARN) for the user that was requested to be described.</p>"
"documentation":"<p>Specifies the unique Amazon Resource Name (ARN) for the user that was requested to be described.</p>"
},
"HomeDirectory":{
"shape":"HomeDirectory",
"documentation":"<p>Specifies the landing directory (or folder), which is the location that files are written to or read from in an Amazon S3 bucket for the described user. An example is <code>/<i>your s3 bucket name</i>/home/<i>username</i> </code>.</p>"
"documentation":"<p>Specifies the landing directory (or folder), which is the location that files are written to or read from in an Amazon S3 bucket, for the described user. An example is <i> <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.</p>"
},
"HomeDirectoryMappings":{
"shape":"HomeDirectoryMappings",
"documentation":"<p>Logical directory mappings that you specified for what Amazon S3 paths and keys should be visible to your user and how you want to make them visible. You will need to specify the \"<code>Entry</code>\" and \"<code>Target</code>\" pair, where <code>Entry</code> shows how the path is made visible and <code>Target</code> is the actual Amazon S3 path. If you only specify a target, it will be displayed as is. You will need to also make sure that your AWS IAM Role provides access to paths in <code>Target</code>.</p> <p>In most cases, you can use this value instead of the scope-down policy to lock your user down to the designated home directory (\"chroot\"). To do this, you can set <code>Entry</code> to '/' and set <code>Target</code> to the HomeDirectory parameter value.</p>"
"documentation":"<p>Specifies the logical directory mappings that specify what Amazon S3 paths and keys should be visible to your user and how you want to make them visible. You will need to specify the \"<code>Entry</code>\" and \"<code>Target</code>\" pair, where <code>Entry</code> shows how the path is made visible and <code>Target</code> is the actual Amazon S3 path. If you only specify a target, it will be displayed as is. You will need to also make sure that your AWS Identity and Access Management (IAM) role provides access to paths in <code>Target</code>.</p> <p>In most cases, you can use this value instead of the scope-down policy to lock your user down to the designated home directory (\"chroot\"). To do this, you can set <code>Entry</code> to '/' and set <code>Target</code> to the HomeDirectory parameter value.</p>"
},
"HomeDirectoryType":{
"shape":"HomeDirectoryType",
"documentation":"<p>The type of landing directory (folder) you mapped for your users to see when they log into the file transfer protocol-enabled server. If you set it to <code>PATH</code>, the user will see the absolute Amazon S3 bucket paths as is in their file transfer protocol clients. If you set it <code>LOGICAL</code>, you will need to provide mappings in the <code>HomeDirectoryMappings</code> for how you want to make Amazon S3 paths visible to your users.</p>"
"documentation":"<p>Specifies the type of landing directory (folder) you mapped for your users to see when they log into the file transfer protocol-enabled server. If you set it to <code>PATH</code>, the user will see the absolute Amazon S3 bucket paths as is in their file transfer protocol clients. If you set it <code>LOGICAL</code>, you will need to provide mappings in the <code>HomeDirectoryMappings</code> for how you want to make Amazon S3 paths visible to your users.</p>"
},
"Policy":{
"shape":"Policy",
@ -652,15 +652,15 @@
},
"SshPublicKeys":{
"shape":"SshPublicKeys",
"documentation":"<p>Contains the public key portion of the Secure Shell (SSH) keys stored for the described user.</p>"
"documentation":"<p>Specifies the public key portion of the Secure Shell (SSH) keys stored for the described user.</p>"
},
"Tags":{
"shape":"Tags",
"documentation":"<p>Contains the key-value pairs for the user requested. Tag can be used to search for and group users for a variety of purposes.</p>"
"documentation":"<p>Specifies the key-value pairs for the user requested. Tag can be used to search for and group users for a variety of purposes.</p>"
},
"UserName":{
"shape":"UserName",
"documentation":"<p>The name of the user that was requested to be described. User names are used for authentication purposes. This is the string that will be used by your user when they log in to your file transfer protocol-enabled server.</p>"
"documentation":"<p>Specifies the name of the user that was requested to be described. User names are used for authentication purposes. This is the string that will be used by your user when they log in to your file transfer protocol-enabled server.</p>"
}
},
"documentation":"<p>Returns properties of the user that you want to describe.</p>"
@ -674,15 +674,15 @@
},
"SubnetIds":{
"shape":"SubnetIds",
"documentation":"<p>A list of subnet IDs that are required to host your file transfer protocol-enabled server endpoint in your VPC.</p>"
"documentation":"<p>A list of subnet IDs that are required to host your file transfer protocol-enabled server endpoint in your VPC.</p> <note> <p>This property can only be used when <code>EndpointType</code> is set to <code>VPC</code>.</p> </note>"
},
"VpcEndpointId":{
"shape":"VpcEndpointId",
"documentation":"<p>The ID of the VPC endpoint.</p>"
"documentation":"<p>The ID of the VPC endpoint.</p> <note> <p>This property can only be used when <code>EndpointType</code> is set to <code>VPC_ENDPOINT</code>.</p> </note>"
},
"VpcId":{
"shape":"VpcId",
"documentation":"<p>The VPC ID of the VPC in which a file transfer protocol-enabled server's endpoint will be hosted.</p>"
"documentation":"<p>The VPC ID of the VPC in which a file transfer protocol-enabled server's endpoint will be hosted.</p> <note> <p>This property can only be used when <code>EndpointType</code> is set to <code>VPC</code>.</p> </note>"
}
},
"documentation":"<p>The virtual private cloud (VPC) endpoint settings that are configured for your file transfer protocol-enabled server. With a VPC endpoint, you can restrict access to your server and resources only within your VPC. To control incoming internet traffic, invoke the <code>UpdateServer</code> API and attach an Elastic IP to your server's endpoint.</p>"
@ -742,7 +742,7 @@
"members":{
"Url":{
"shape":"Url",
"documentation":"<p>Contains the location of the service endpoint used to authenticate users.</p>"
"documentation":"<p>Provides the location of the service endpoint used to authenticate users.</p>"
},
"InvocationRole":{
"shape":"Role",
@ -939,31 +939,31 @@
"members":{
"Arn":{
"shape":"Arn",
"documentation":"<p>The unique Amazon Resource Name (ARN) for a file transfer protocol-enabled server to be listed.</p>"
"documentation":"<p>Specifies the unique Amazon Resource Name (ARN) for a file transfer protocol-enabled server to be listed.</p>"
},
"IdentityProviderType":{
"shape":"IdentityProviderType",
"documentation":"<p>The authentication method used to validate a user for a file transfer protocol-enabled server that was specified. This can include Secure Shell (SSH), user name and password combinations, or your own custom authentication method. Valid values include <code>SERVICE_MANAGED</code> or <code>API_GATEWAY</code>.</p>"
"documentation":"<p>Specifies the authentication method used to validate a user for a file transfer protocol-enabled server that was specified. This can include Secure Shell (SSH), user name and password combinations, or your own custom authentication method. Valid values include <code>SERVICE_MANAGED</code> or <code>API_GATEWAY</code>.</p>"
},
"EndpointType":{
"shape":"EndpointType",
"documentation":"<p>The type of VPC endpoint that your file transfer protocol-enabled server is connected to. If your server is connected to a VPC endpoint, your server isn't accessible over the public internet.</p>"
"documentation":"<p>Specifies the type of VPC endpoint that your file transfer protocol-enabled server is connected to. If your server is connected to a VPC endpoint, your server isn't accessible over the public internet.</p>"
},
"LoggingRole":{
"shape":"Role",
"documentation":"<p>The AWS Identity and Access Management (IAM) entity that allows a file transfer protocol-enabled server to turn on Amazon CloudWatch logging.</p>"
"documentation":"<p>Specifies the AWS Identity and Access Management (IAM) role that allows a file transfer protocol-enabled server to turn on Amazon CloudWatch logging.</p>"
},
"ServerId":{
"shape":"ServerId",
"documentation":"<p>The unique system assigned identifier for a file transfer protocol-enabled servers that were listed.</p>"
"documentation":"<p>Specifies the unique system assigned identifier for a file transfer protocol-enabled servers that were listed.</p>"
},
"State":{
"shape":"State",
"documentation":"<p>Describes the condition of a file transfer protocol-enabled server for the server that was described. A value of <code>ONLINE</code> indicates that the server can accept jobs and transfer files. A <code>State</code> value of <code>OFFLINE</code> means that the server cannot perform file transfer operations.</p> <p>The states of <code>STARTING</code> and <code>STOPPING</code> indicate that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of <code>START_FAILED</code> or <code>STOP_FAILED</code> can indicate an error condition.</p>"
"documentation":"<p>Specifies the condition of a file transfer protocol-enabled server for the server that was described. A value of <code>ONLINE</code> indicates that the server can accept jobs and transfer files. A <code>State</code> value of <code>OFFLINE</code> means that the server cannot perform file transfer operations.</p> <p>The states of <code>STARTING</code> and <code>STOPPING</code> indicate that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of <code>START_FAILED</code> or <code>STOP_FAILED</code> can indicate an error condition.</p>"
},
"UserCount":{
"shape":"UserCount",
"documentation":"<p>A numeric value that indicates the number of users that are assigned to a file transfer protocol-enabled server you specified with the <code>ServerId</code>.</p>"
"documentation":"<p>Specifies the number of users that are assigned to a file transfer protocol-enabled server you specified with the <code>ServerId</code>.</p>"
}
},
"documentation":"<p>Returns properties of a file transfer protocol-enabled server that was specified.</p>"
@ -978,7 +978,7 @@
"members":{
"Arn":{
"shape":"Arn",
"documentation":"<p>The unique Amazon Resource Name (ARN) for the user that you want to learn about.</p>"
"documentation":"<p>Provides the unique Amazon Resource Name (ARN) for the user that you want to learn about.</p>"
},
"HomeDirectory":{
"shape":"HomeDirectory",
@ -986,19 +986,19 @@
},
"HomeDirectoryType":{
"shape":"HomeDirectoryType",
"documentation":"<p>The type of landing directory (folder) you mapped for your users' home directory. If you set it to <code>PATH</code>, the user will see the absolute Amazon S3 bucket paths as is in their file transfer protocol clients. If you set it <code>LOGICAL</code>, you will need to provide mappings in the <code>HomeDirectoryMappings</code> for how you want to make Amazon S3 paths visible to your users.</p>"
"documentation":"<p>Specifies the type of landing directory (folder) you mapped for your users' home directory. If you set it to <code>PATH</code>, the user will see the absolute Amazon S3 bucket paths as is in their file transfer protocol clients. If you set it <code>LOGICAL</code>, you will need to provide mappings in the <code>HomeDirectoryMappings</code> for how you want to make Amazon S3 paths visible to your users.</p>"
},
"Role":{
"shape":"Role",
"documentation":"<p>The role in use by this user. A <i>role</i> is an AWS Identity and Access Management (IAM) entity that, in this case, allows a file transfer protocol-enabled server to act on a user's behalf. It allows the server to inherit the trust relationship that enables that user to perform file operations to their Amazon S3 bucket.</p>"
"documentation":"<p>Specifies the role that is in use by this user. A <i>role</i> is an AWS Identity and Access Management (IAM) entity that, in this case, allows a file transfer protocol-enabled server to act on a user's behalf. It allows the server to inherit the trust relationship that enables that user to perform file operations to their Amazon S3 bucket.</p>"
},
"SshPublicKeyCount":{
"shape":"SshPublicKeyCount",
"documentation":"<p>The number of SSH public keys stored for the user you specified.</p>"
"documentation":"<p>Specifies the number of SSH public keys stored for the user you specified.</p>"
},
"UserName":{
"shape":"UserName",
"documentation":"<p>The name of the user whose ARN was specified. User names are used for authentication purposes.</p>"
"documentation":"<p>Specifies the name of the user whose ARN was specified. User names are used for authentication purposes.</p>"
}
},
"documentation":"<p>Returns properties of the user that you specify.</p>"
@ -1108,6 +1108,11 @@
"fault":true,
"synthetic":true
},
"SourceIp":{
"type":"string",
"max":32,
"pattern":"^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$"
},
"SshPublicKey":{
"type":"structure",
"required":[
@ -1118,15 +1123,15 @@
"members":{
"DateImported":{
"shape":"DateImported",
"documentation":"<p>The date that the public key was added to the user account.</p>"
"documentation":"<p>Specifies the date that the public key was added to the user account.</p>"
},
"SshPublicKeyBody":{
"shape":"SshPublicKeyBody",
"documentation":"<p>The content of the SSH public key as specified by the <code>PublicKeyId</code>.</p>"
"documentation":"<p>Specifies the content of the SSH public key as specified by the <code>PublicKeyId</code>.</p>"
},
"SshPublicKeyId":{
"shape":"SshPublicKeyId",
"documentation":"<p>The <code>SshPublicKeyId</code> parameter contains the identifier of the public key.</p>"
"documentation":"<p>Specifies the <code>SshPublicKeyId</code> parameter contains the identifier of the public key.</p>"
}
},
"documentation":"<p>Provides information about the public Secure Shell (SSH) key that is associated with a user account for the specific file transfer protocol-enabled server (as identified by <code>ServerId</code>). The information returned includes the date the key was imported, the public key contents, and the public key ID. A user can store more than one SSH public key associated with their user name on a specific server.</p>"
@ -1252,6 +1257,14 @@
"shape":"ServerId",
"documentation":"<p>A system-assigned identifier for a specific file transfer protocol-enabled server. That server's user authentication method is tested with a user name and password.</p>"
},
"ServerProtocol":{
"shape":"Protocol",
"documentation":"<p>The type of file transfer protocol to be tested.</p> <p>The available protocols are:</p> <ul> <li> <p>Secure Shell (SSH) File Transfer Protocol (SFTP)</p> </li> <li> <p>File Transfer Protocol Secure (FTPS)</p> </li> <li> <p>File Transfer Protocol (FTP)</p> </li> </ul>"
},
"SourceIp":{
"shape":"SourceIp",
"documentation":"<p>The source IP address of the user account to be tested.</p>"
},
"UserName":{
"shape":"UserName",
"documentation":"<p>The name of the user account to be tested.</p>"
@ -1259,10 +1272,6 @@
"UserPassword":{
"shape":"UserPassword",
"documentation":"<p>The password of the user account to be tested.</p>"
},
"ServerProtocol":{
"shape":"Protocol",
"documentation":"<p>The type of file transfer protocol to be tested.</p> <p>The available protocols are:</p> <ul> <li> <p>Secure Shell (SSH) File Transfer Protocol (SFTP)</p> </li> <li> <p>File Transfer Protocol Secure (FTPS)</p> </li> <li> <p>File Transfer Protocol (FTP)</p> </li> </ul>"
}
}
},
@ -1322,7 +1331,7 @@
"members":{
"Certificate":{
"shape":"Certificate",
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p> <p>To request a new public certificate, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html\">Request a public certificate</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>To import an existing certificate into ACM, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html\">Importing certificates into ACM</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>To request a private certificate to use FTPS through private IP addresses, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html\">Request a private certificate</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>Certificates with the following cryptographic algorithms and key sizes are supported:</p> <ul> <li> <p>2048-bit RSA (RSA_2048)</p> </li> <li> <p>4096-bit RSA (RSA_4096)</p> </li> <li> <p>Elliptic Prime Curve 256 bit (EC_prime256v1)</p> </li> <li> <p>Elliptic Prime Curve 384 bit (EC_secp384r1)</p> </li> <li> <p>Elliptic Prime Curve 521 bit (EC_secp521r1)</p> </li> </ul> <note> <p>The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.</p> </note>"
},
"EndpointDetails":{
"shape":"EndpointDetails",
@ -1330,11 +1339,11 @@
},
"EndpointType":{
"shape":"EndpointType",
"documentation":"<p>The type of endpoint that you want your file transfer protocol-enabled server to connect to. You can choose to connect to the public internet or a VPC endpoint. With a VPC endpoint, your server isn't accessible over the public internet.</p>"
"documentation":"<p>The type of endpoint that you want your file transfer protocol-enabled server to connect to. You can choose to connect to the public internet or a VPC endpoint. With a VPC endpoint, you can restrict access to your server and resources only within your VPC.</p> <note> <p>It is recommended that you use <code>VPC</code> as the <code>EndpointType</code>. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with <code>EndpointType</code> set to <code>VPC_ENDPOINT</code>.</p> </note>"
},
"HostKey":{
"shape":"HostKey",
"documentation":"<p>The RSA private key as generated by <code>ssh-keygen -N \"\" -f my-new-server-key</code>.</p> <important> <p>If you aren't planning to migrate existing users from an existing file transfer protocol-enabled server to a new server, don't update the host key. Accidentally changing a server's host key can be disruptive.</p> </important> <p>For more information, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key\">Changing the Host Key for Your AWS Transfer Family Server</a> in the <i>AWS Transfer Family User Guide</i>.</p>"
"documentation":"<p>The RSA private key as generated by <code>ssh-keygen -N \"\" -m PEM -f my-new-server-key</code>.</p> <important> <p>If you aren't planning to migrate existing users from an existing file transfer protocol-enabled server to a new server, don't update the host key. Accidentally changing a server's host key can be disruptive.</p> </important> <p>For more information, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key\">Change the host key for your SFTP-enabled server</a> in the <i>AWS Transfer Family User Guide</i>.</p>"
},
"IdentityProviderDetails":{
"shape":"IdentityProviderDetails",
@ -1346,7 +1355,7 @@
},
"Protocols":{
"shape":"Protocols",
"documentation":"<p>Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:</p> <ul> <li> <p>Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over SSH</p> </li> <li> <p>File Transfer Protocol Secure (FTPS): File transfer with TLS encryption</p> </li> <li> <p>File Transfer Protocol (FTP): Unencrypted file transfer</p> </li> </ul>"
"documentation":"<p>Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:</p> <ul> <li> <p>Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over SSH</p> </li> <li> <p>File Transfer Protocol Secure (FTPS): File transfer with TLS encryption</p> </li> <li> <p>File Transfer Protocol (FTP): Unencrypted file transfer</p> </li> </ul> <note> <p>If you select <code>FTPS</code>, you must choose a certificate stored in AWS Certificate Manager (ACM) which will be used to identify your server when clients connect to it over FTPS.</p> <p>If <code>Protocol</code> includes either <code>FTP</code> or <code>FTPS</code>, then the <code>EndpointType</code> must be <code>VPC</code> and the <code>IdentityProviderType</code> must be <code>API_GATEWAY</code>.</p> <p>If <code>Protocol</code> includes <code>FTP</code>, then <code>AddressAllocationIds</code> cannot be associated.</p> <p>If <code>Protocol</code> is set only to <code>SFTP</code>, the <code>EndpointType</code> can be set to <code>PUBLIC</code> and the <code>IdentityProviderType</code> can be set to <code>SERVICE_MANAGED</code>.</p> </note>"
},
"ServerId":{
"shape":"ServerId",
@ -1381,11 +1390,11 @@
},
"HomeDirectoryMappings":{
"shape":"HomeDirectoryMappings",
"documentation":"<p>Logical directory mappings that specify what Amazon S3 paths and keys should be visible to your user and how you want to make them visible. You will need to specify the \"<code>Entry</code>\" and \"<code>Target</code>\" pair, where <code>Entry</code> shows how the path is made visible and <code>Target</code> is the actual Amazon S3 path. If you only specify a target, it will be displayed as is. You will need to also make sure that your AWS IAM Role provides access to paths in <code>Target</code>. The following is an example.</p> <p> <code>'[ \"/bucket2/documentation\", { \"Entry\": \"your-personal-report.pdf\", \"Target\": \"/bucket3/customized-reports/${transfer:UserName}.pdf\" } ]'</code> </p> <p>In most cases, you can use this value instead of the scope-down policy to lock your user down to the designated home directory (\"chroot\"). To do this, you can set <code>Entry</code> to '/' and set <code>Target</code> to the HomeDirectory parameter value.</p> <note> <p>If the target of a logical directory entry does not exist in Amazon S3, the entry will be ignored. As a workaround, you can use the Amazon S3 api to create 0 byte objects as place holders for your directory. If using the CLI, use the <code>s3api</code> call instead of <code>s3</code> so you can use the put-object operation. For example, you use the following: <code>aws s3api put-object --bucket bucketname --key path/to/folder/</code>. Make sure that the end of the key name ends in a / for it to be considered a folder.</p> </note>"
"documentation":"<p>Logical directory mappings that specify what Amazon S3 paths and keys should be visible to your user and how you want to make them visible. You will need to specify the \"<code>Entry</code>\" and \"<code>Target</code>\" pair, where <code>Entry</code> shows how the path is made visible and <code>Target</code> is the actual Amazon S3 path. If you only specify a target, it will be displayed as is. You will need to also make sure that your IAM role provides access to paths in <code>Target</code>. The following is an example.</p> <p> <code>'[ \"/bucket2/documentation\", { \"Entry\": \"your-personal-report.pdf\", \"Target\": \"/bucket3/customized-reports/${transfer:UserName}.pdf\" } ]'</code> </p> <p>In most cases, you can use this value instead of the scope-down policy to lock your user down to the designated home directory (\"chroot\"). To do this, you can set <code>Entry</code> to '/' and set <code>Target</code> to the HomeDirectory parameter value.</p> <note> <p>If the target of a logical directory entry does not exist in Amazon S3, the entry will be ignored. As a workaround, you can use the Amazon S3 api to create 0 byte objects as place holders for your directory. If using the CLI, use the <code>s3api</code> call instead of <code>s3</code> so you can use the put-object operation. For example, you use the following: <code>aws s3api put-object --bucket bucketname --key path/to/folder/</code>. Make sure that the end of the key name ends in a / for it to be considered a folder.</p> </note>"
},
"Policy":{
"shape":"Policy",
"documentation":"<p>Allows you to supply a scope-down policy for your user so you can use the same AWS Identity and Access Management (IAM) role across multiple users. The policy scopes down user access to portions of your Amazon S3 bucket. Variables you can use inside this policy include <code>${Transfer:UserName}</code>, <code>${Transfer:HomeDirectory}</code>, and <code>${Transfer:HomeBucket}</code>.</p> <note> <p>For scope-down policies, AWS Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the <code>Policy</code> argument.</p> <p>For an example of a scope-down policy, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/users.html#users-policies-scope-down\">Creating a Scope-Down Policy</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html\">AssumeRole</a> in the <i>AWS Security Token Service API Reference</i>.</p> </note>"
"documentation":"<p>Allows you to supply a scope-down policy for your user so you can use the same IAM role across multiple users. The policy scopes down user access to portions of your Amazon S3 bucket. Variables you can use inside this policy include <code>${Transfer:UserName}</code>, <code>${Transfer:HomeDirectory}</code>, and <code>${Transfer:HomeBucket}</code>.</p> <note> <p>For scope-down policies, AWS Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the <code>Policy</code> argument.</p> <p>For an example of a scope-down policy, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/users.html#users-policies-scope-down\">Creating a scope-down policy</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html\">AssumeRole</a> in the <i>AWS Security Token Service API Reference</i>.</p> </note>"
},
"Role":{
"shape":"Role",

161
botocore/data/worklink/2018-09-25/service-2.json
View file

@ -319,6 +319,7 @@
{"shape":"UnauthorizedException"},
{"shape":"InternalServerErrorException"},
{"shape":"InvalidRequestException"},
{"shape":"ResourceNotFoundException"},
{"shape":"TooManyRequestsException"}
],
"documentation":"<p>Retrieves a list of domains associated to a specified fleet.</p>"
@ -339,6 +340,19 @@
],
"documentation":"<p>Retrieves a list of fleets for the current account and Region.</p>"
},
"ListTagsForResource":{
"name":"ListTagsForResource",
"http":{
"method":"GET",
"requestUri":"/tags/{ResourceArn}"
},
"input":{"shape":"ListTagsForResourceRequest"},
"output":{"shape":"ListTagsForResourceResponse"},
"errors":[
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Retrieves a list of tags for the specified resource.</p>"
},
"ListWebsiteAuthorizationProviders":{
"name":"ListWebsiteAuthorizationProviders",
"http":{
@ -423,6 +437,32 @@
],
"documentation":"<p>Signs the user out from all of their devices. The user can sign in again if they have valid credentials.</p>"
},
"TagResource":{
"name":"TagResource",
"http":{
"method":"POST",
"requestUri":"/tags/{ResourceArn}"
},
"input":{"shape":"TagResourceRequest"},
"output":{"shape":"TagResourceResponse"},
"errors":[
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Adds or overwrites one or more tags for the specified resource, such as a fleet. Each tag consists of a key and an optional value. If a resource already has a tag with the same key, this operation updates its value.</p>"
},
"UntagResource":{
"name":"UntagResource",
"http":{
"method":"DELETE",
"requestUri":"/tags/{ResourceArn}"
},
"input":{"shape":"UntagResourceRequest"},
"output":{"shape":"UntagResourceResponse"},
"errors":[
{"shape":"InvalidRequestException"}
],
"documentation":"<p>Removes one or more tags from the specified resource.</p>"
},
"UpdateAuditStreamConfiguration":{
"name":"UpdateAuditStreamConfiguration",
"http":{
@ -622,7 +662,10 @@
}
}
},
"AuditStreamArn":{"type":"string"},
"AuditStreamArn":{
"type":"string",
"pattern":"^arn:aws:kinesis:.+:[0-9]{12}:stream/AmazonWorkLink-.*$"
},
"AuthorizationProviderType":{
"type":"string",
"enum":["SAML"]
@ -660,6 +703,10 @@
"OptimizeForEndUserLocation":{
"shape":"Boolean",
"documentation":"<p>The option to optimize for better performance by routing traffic through the closest AWS Region to users, which may be outside of your home Region.</p>"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p> The tags to add to the resource. A tag is a key-value pair.</p>"
}
}
},
@ -668,7 +715,7 @@
"members":{
"FleetArn":{
"shape":"FleetArn",
"documentation":"<p>The ARN of the fleet.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>"
}
}
},
@ -859,7 +906,7 @@
"members":{
"FleetArn":{
"shape":"FleetArn",
"documentation":"<p>The ARN of the fleet.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>"
}
}
},
@ -893,6 +940,10 @@
"FleetStatus":{
"shape":"FleetStatus",
"documentation":"<p>The current state of the fleet.</p>"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags attached to the resource. A tag is a key-value pair.</p>"
}
}
},
@ -1155,7 +1206,7 @@
"members":{
"FleetArn":{
"shape":"FleetArn",
"documentation":"<p>The ARN of the fleet.</p>"
"documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>"
},
"CreatedTime":{
"shape":"DateTime",
@ -1171,7 +1222,7 @@
},
"DisplayName":{
"shape":"DisplayName",
"documentation":"<p>The name to display.</p>"
"documentation":"<p>The name of the fleet to display.</p>"
},
"CompanyCode":{
"shape":"CompanyCode",
@ -1180,6 +1231,10 @@
"FleetStatus":{
"shape":"FleetStatus",
"documentation":"<p>The status of the fleet.</p>"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags attached to the resource. A tag is a key-value pair.</p>"
}
},
"documentation":"<p>The summary of the fleet.</p>"
@ -1303,6 +1358,27 @@
}
}
},
"ListTagsForResourceRequest":{
"type":"structure",
"required":["ResourceArn"],
"members":{
"ResourceArn":{
"shape":"FleetArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>",
"location":"uri",
"locationName":"ResourceArn"
}
}
},
"ListTagsForResourceResponse":{
"type":"structure",
"members":{
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags attached to the resource. A tag is a key-value pair.</p>"
}
}
},
"ListWebsiteAuthorizationProvidersRequest":{
"type":"structure",
"required":["FleetArn"],
@ -1481,6 +1557,53 @@
"type":"list",
"member":{"shape":"SubnetId"}
},
"TagKey":{
"type":"string",
"max":128,
"min":1,
"pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$"
},
"TagKeyList":{
"type":"list",
"member":{"shape":"TagKey"},
"max":50,
"min":1
},
"TagMap":{
"type":"map",
"key":{"shape":"TagKey"},
"value":{"shape":"TagValue"},
"max":50,
"min":1
},
"TagResourceRequest":{
"type":"structure",
"required":[
"ResourceArn",
"Tags"
],
"members":{
"ResourceArn":{
"shape":"FleetArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>",
"location":"uri",
"locationName":"ResourceArn"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags to add to the resource. A tag is a key-value pair.</p>"
}
}
},
"TagResourceResponse":{
"type":"structure",
"members":{
}
},
"TagValue":{
"type":"string",
"max":256
},
"TooManyRequestsException":{
"type":"structure",
"members":{
@ -1499,6 +1622,32 @@
"error":{"httpStatusCode":403},
"exception":true
},
"UntagResourceRequest":{
"type":"structure",
"required":[
"ResourceArn",
"TagKeys"
],
"members":{
"ResourceArn":{
"shape":"FleetArn",
"documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>",
"location":"uri",
"locationName":"ResourceArn"
},
"TagKeys":{
"shape":"TagKeyList",
"documentation":"<p>The list of tag keys to remove from the resource.</p>",
"location":"querystring",
"locationName":"tagKeys"
}
}
},
"UntagResourceResponse":{
"type":"structure",
"members":{
}
},
"UpdateAuditStreamConfigurationRequest":{
"type":"structure",
"required":["FleetArn"],
@ -1703,5 +1852,5 @@
"member":{"shape":"WebsiteCaSummary"}
}
},
"documentation":"<p>Amazon WorkLink is a cloud-based service that provides secure access to internal websites and web apps from iOS phones. In a single step, your users, such as employees, can access internal websites as efficiently as they access any other public website. They enter a URL in their web browser, or choose a link to an internal website in an email. Amazon WorkLink authenticates the user's access and securely renders authorized internal web content in a secure rendering service in the AWS cloud. Amazon WorkLink doesn't download or store any internal web content on mobile devices.</p>"
"documentation":"<p>Amazon WorkLink is a cloud-based service that provides secure access to internal websites and web apps from iOS and Android phones. In a single step, your users, such as employees, can access internal websites as efficiently as they access any other public website. They enter a URL in their web browser, or choose a link to an internal website in an email. Amazon WorkLink authenticates the user's access and securely renders authorized internal web content in a secure rendering service in the AWS cloud. Amazon WorkLink doesn't download or store any internal web content on mobile devices.</p>"
}

16
botocore/exceptions.py
View file

@ -559,6 +559,22 @@ class MissingServiceIdError(UndefinedModelAttributeError):
self.kwargs = kwargs
class SSOError(BotoCoreError):
fmt = "An unspecified error happened when resolving SSO credentials"
class SSOTokenLoadError(SSOError):
fmt = "Error loading SSO Token: {error_msg}"
class UnauthorizedSSOTokenError(SSOError):
fmt = (
"The SSO session associated with this profile has expired or is "
"otherwise invalid. To refresh this SSO session run aws sso login "
"with the corresponding profile."
)
class CapacityNotAvailableError(BotoCoreError):
fmt = (
'Insufficient request capacity available.'

55
botocore/handlers.py
View file

@ -41,6 +41,7 @@ from botocore.exceptions import MissingServiceIdError
from botocore.utils import percent_encode, SAFE_CHARS
from botocore.utils import switch_host_with_param
from botocore.utils import hyphenize_service_id
from botocore.utils import conditionally_calculate_md5
from botocore import retryhandler
from botocore import utils
@ -192,38 +193,6 @@ def json_decode_template_body(parsed, **kwargs):
logger.debug('error loading JSON', exc_info=True)
def calculate_md5(params, **kwargs):
request_dict = params
if request_dict['body'] and 'Content-MD5' not in params['headers']:
body = request_dict['body']
if isinstance(body, (bytes, bytearray)):
binary_md5 = _calculate_md5_from_bytes(body)
else:
binary_md5 = _calculate_md5_from_file(body)
base64_md5 = base64.b64encode(binary_md5).decode('ascii')
params['headers']['Content-MD5'] = base64_md5
def _calculate_md5_from_bytes(body_bytes):
md5 = get_md5(body_bytes)
return md5.digest()
def _calculate_md5_from_file(fileobj):
start_position = fileobj.tell()
md5 = get_md5()
for chunk in iter(lambda: fileobj.read(1024 * 1024), b''):
md5.update(chunk)
fileobj.seek(start_position)
return md5.digest()
def conditionally_calculate_md5(params, context, request_signer, **kwargs):
"""Only add a Content-MD5 if the system supports it."""
if MD5_AVAILABLE:
calculate_md5(params, **kwargs)
def validate_bucket_name(params, **kwargs):
if 'Bucket' not in params:
return
@ -949,26 +918,6 @@ BUILTIN_HANDLERS = [
set_list_objects_encoding_type_url),
('before-parameter-build.s3.ListObjectVersions',
set_list_objects_encoding_type_url),
('before-call.s3.PutBucketTagging', calculate_md5),
('before-call.s3.PutBucketLifecycle', calculate_md5),
('before-call.s3.PutBucketLifecycleConfiguration', calculate_md5),
('before-call.s3.PutBucketCors', calculate_md5),
('before-call.s3.DeleteObjects', calculate_md5),
('before-call.s3.PutBucketReplication', calculate_md5),
('before-call.s3.PutObject', conditionally_calculate_md5),
('before-call.s3.UploadPart', conditionally_calculate_md5),
('before-call.s3.PutBucketAcl', conditionally_calculate_md5),
('before-call.s3.PutBucketLogging', conditionally_calculate_md5),
('before-call.s3.PutBucketNotification', conditionally_calculate_md5),
('before-call.s3.PutBucketPolicy', conditionally_calculate_md5),
('before-call.s3.PutBucketRequestPayment', conditionally_calculate_md5),
('before-call.s3.PutBucketVersioning', conditionally_calculate_md5),
('before-call.s3.PutBucketWebsite', conditionally_calculate_md5),
('before-call.s3.PutObjectAcl', conditionally_calculate_md5),
('before-call.s3.PutObjectLegalHold', calculate_md5),
('before-call.s3.PutObjectRetention', calculate_md5),
('before-call.s3.PutObjectLockConfiguration', calculate_md5),
('before-parameter-build.s3.CopyObject',
handle_copy_source_param),
('before-parameter-build.s3.UploadPartCopy',
@ -983,6 +932,8 @@ BUILTIN_HANDLERS = [
('before-call.s3', add_expect_header),
('before-call.glacier', add_glacier_version),
('before-call.apigateway', add_accept_header),
('before-call.s3.PutObject', conditionally_calculate_md5),
('before-call.s3.UploadPart', conditionally_calculate_md5),
('before-call.glacier.UploadArchive', add_glacier_checksums),
('before-call.glacier.UploadMultipartPart', add_glacier_checksums),
('before-call.ec2.CopySnapshot', inject_presigned_url_ec2),

4
botocore/model.py
View file

@ -519,6 +519,10 @@ class OperationModel(object):
def endpoint(self):
return self._operation_model.get('endpoint')
@CachedProperty
def http_checksum_required(self):
return self._operation_model.get('httpChecksumRequired', False)
@CachedProperty
def has_event_stream_input(self):
return self.get_event_stream_input() is not None

13
botocore/serialize.py
View file

@ -49,6 +49,7 @@ from botocore.compat import json, formatdate
from botocore.utils import parse_to_aware_datetime
from botocore.utils import percent_encode
from botocore.utils import is_json_value_header
from botocore.utils import conditionally_calculate_md5
from botocore import validate
@ -184,6 +185,12 @@ class Serializer(object):
return host_prefix_expression.format(**format_kwargs)
def _prepare_additional_traits(self, request, operation_model):
"""Determine if additional traits are required for given model"""
if operation_model.http_checksum_required:
conditionally_calculate_md5(request)
return request
class QuerySerializer(Serializer):
@ -210,6 +217,8 @@ class QuerySerializer(Serializer):
if host_prefix is not None:
serialized['host_prefix'] = host_prefix
serialized = self._prepare_additional_traits(serialized,
operation_model)
return serialized
def _serialize(self, serialized, value, shape, prefix=''):
@ -343,6 +352,8 @@ class JSONSerializer(Serializer):
if host_prefix is not None:
serialized['host_prefix'] = host_prefix
serialized = self._prepare_additional_traits(serialized,
operation_model)
return serialized
def _serialize(self, serialized, value, shape, key=None):
@ -460,6 +471,8 @@ class BaseRestSerializer(Serializer):
if host_prefix is not None:
serialized['host_prefix'] = host_prefix
serialized = self._prepare_additional_traits(serialized,
operation_model)
return serialized
def _render_uri_template(self, uri_template, params):

2
botocore/session.py
View file

@ -438,7 +438,7 @@ class Session(object):
Where:
- agent_name is the value of the `user_agent_name` attribute
of the session object (`Boto` by default).
of the session object (`Botocore` by default).
- agent_version is the value of the `user_agent_version`
attribute of the session object (the botocore version by default).
by default.

2
botocore/signers.py
View file

@ -674,6 +674,8 @@ def generate_presigned_post(self, Bucket, Key, Fields=None, Conditions=None,
if fields is None:
fields = {}
else:
fields = fields.copy()
if conditions is None:
conditions = []

63
botocore/utils.py
View file

@ -10,6 +10,7 @@
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
import base64
import re
import time
import logging
@ -29,14 +30,16 @@ from dateutil.tz import tzutc
import botocore
import botocore.awsrequest
import botocore.httpsession
from botocore.compat import json, quote, zip_longest, urlsplit, urlunsplit
from botocore.compat import OrderedDict, six, urlparse, get_tzinfo_options
from botocore.compat import (
json, quote, zip_longest, urlsplit, urlunsplit, OrderedDict,
six, urlparse, get_tzinfo_options, get_md5, MD5_AVAILABLE
)
from botocore.vendored.six.moves.urllib.request import getproxies, proxy_bypass
from botocore.exceptions import (
InvalidExpressionError, ConfigNotFound, InvalidDNSNameError, ClientError,
MetadataRetrievalError, EndpointConnectionError, ReadTimeoutError,
ConnectionClosedError, ConnectTimeoutError, UnsupportedS3ArnError,
UnsupportedS3AccesspointConfigurationError
UnsupportedS3AccesspointConfigurationError, SSOTokenLoadError,
)
logger = logging.getLogger(__name__)
@ -1725,6 +1728,37 @@ def get_encoding_from_headers(headers, default='ISO-8859-1'):
return default
def calculate_md5(body, **kwargs):
if isinstance(body, (bytes, bytearray)):
binary_md5 = _calculate_md5_from_bytes(body)
else:
binary_md5 = _calculate_md5_from_file(body)
return base64.b64encode(binary_md5).decode('ascii')
def _calculate_md5_from_bytes(body_bytes):
md5 = get_md5(body_bytes)
return md5.digest()
def _calculate_md5_from_file(fileobj):
start_position = fileobj.tell()
md5 = get_md5()
for chunk in iter(lambda: fileobj.read(1024 * 1024), b''):
md5.update(chunk)
fileobj.seek(start_position)
return md5.digest()
def conditionally_calculate_md5(params, **kwargs):
"""Only add a Content-MD5 if the system supports it."""
headers = params['headers']
body = params['body']
if MD5_AVAILABLE and body and 'Content-MD5' not in headers:
md5_digest = calculate_md5(body, **kwargs)
params['headers']['Content-MD5'] = md5_digest
class FileWebIdentityTokenLoader(object):
def __init__(self, web_identity_token_path, _open=open):
self._web_identity_token_path = web_identity_token_path
@ -1733,3 +1767,26 @@ class FileWebIdentityTokenLoader(object):
def __call__(self):
with self._open(self._web_identity_token_path) as token_file:
return token_file.read()
class SSOTokenLoader(object):
def __init__(self, cache=None):
if cache is None:
cache = {}
self._cache = cache
def _generate_cache_key(self, start_url):
return hashlib.sha1(start_url.encode('utf-8')).hexdigest()
def __call__(self, start_url):
cache_key = self._generate_cache_key(start_url)
try:
token = self._cache[cache_key]
return token['accessToken']
except KeyError:
logger.debug('Failed to load SSO token:', exc_info=True)
error_msg = (
'The SSO access token has either expired or is otherwise '
'invalid.'
)
raise SSOTokenLoadError(error_msg=error_msg)

4
docs/source/conf.py
View file

@ -52,9 +52,9 @@ copyright = u'2013, Mitch Garnaat'
# built documents.
#
# The short X.Y version.
version = '1.16.'
version = '1.17'
# The full version, including alpha/beta/rc tags.
release = '1.16.19'
release = '1.17.5'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.

4
tests/__init__.py
View file

@ -514,9 +514,9 @@ class StubbedSession(botocore.session.Session):
self._client_stubs[service_name] = stubber
return client
def stub(self, service_name):
def stub(self, service_name, *args, **kwargs):
if service_name not in self._client_stubs:
self.create_client(service_name)
self.create_client(service_name, *args, **kwargs)
return self._client_stubs[service_name]
def activate_stubs(self):

4
tests/functional/retries/test_bucket.py
View file

@ -105,5 +105,5 @@ class TestTokenBucketThreading(unittest.TestCase):
# thread acquisition(), e.g. must be with a 2 stddev range, but we
# can sanity check that our implementation isn't drastically
# starving a thread. So we'll arbitrarily say that a thread
# can't have less than 30% of the mean allocations per thread.
self.assertTrue(not any(x < (0.3 * mean) for x in distribution))
# can't have less than 20% of the mean allocations per thread.
self.assertTrue(not any(x < (0.2 * mean) for x in distribution))

70
tests/functional/test_credentials.py
View file

@ -26,6 +26,7 @@ from botocore.exceptions import CredentialRetrievalError
from tests import unittest, IntegerRefresher, BaseEnvVar, random_chars
from tests import temporary_file, StubbedSession, SessionHTTPStubber
from botocore import UNSIGNED
from botocore.credentials import EnvProvider, ContainerProvider
from botocore.credentials import InstanceMetadataProvider
from botocore.credentials import Credentials, ReadOnlyCredentials
@ -33,10 +34,13 @@ from botocore.credentials import AssumeRoleProvider, ProfileProviderBuilder
from botocore.credentials import CanonicalNameCredentialSourcer
from botocore.credentials import DeferredRefreshableCredentials
from botocore.credentials import create_credential_resolver
from botocore.credentials import JSONFileCache
from botocore.credentials import SSOProvider
from botocore.config import Config
from botocore.session import Session
from botocore.exceptions import InvalidConfigError, InfiniteLoopConfigError
from botocore.stub import Stubber
from botocore.awsrequest import AWSResponse
from botocore.utils import datetime2timestamp
class TestCredentialRefreshRaces(unittest.TestCase):
@ -245,7 +249,10 @@ class TestAssumeRole(BaseAssumeRoleTest):
self.env_provider, self.container_provider,
self.metadata_provider
]),
profile_provider_builder=ProfileProviderBuilder(session),
profile_provider_builder=ProfileProviderBuilder(
session,
sso_token_cache=JSONFileCache(self.tempdir),
),
)
stubber = session.stub('sts')
stubber.activate()
@ -540,6 +547,65 @@ class TestAssumeRole(BaseAssumeRoleTest):
with self.assertRaises(InvalidConfigError):
session.get_credentials()
def test_sso_source_profile(self):
token_cache_key = 'f395038c92f1828cbb3991d2d6152d326b895606'
cached_token = {
'accessToken': 'a.token',
'expiresAt': self.some_future_time(),
}
temp_cache = JSONFileCache(self.tempdir)
temp_cache[token_cache_key] = cached_token
config = (
'[profile A]\n'
'role_arn = arn:aws:iam::123456789:role/RoleA\n'
'source_profile = B\n'
'[profile B]\n'
'sso_region = us-east-1\n'
'sso_start_url = https://test.url/start\n'
'sso_role_name = SSORole\n'
'sso_account_id = 1234567890\n'
)
self.write_config(config)
session, sts_stubber = self.create_session(profile='A')
client_config = Config(
region_name='us-east-1',
signature_version=UNSIGNED,
)
sso_stubber = session.stub('sso', config=client_config)
sso_stubber.activate()
# The expiration needs to be in milliseconds
expiration = datetime2timestamp(self.some_future_time()) * 1000
sso_role_creds = self.create_random_credentials()
sso_role_response = {
'roleCredentials': {
'accessKeyId': sso_role_creds.access_key,
'secretAccessKey': sso_role_creds.secret_key,
'sessionToken': sso_role_creds.token,
'expiration': int(expiration),
}
}
sso_stubber.add_response('get_role_credentials', sso_role_response)
expected_creds = self.create_random_credentials()
assume_role_response = self.create_assume_role_response(expected_creds)
sts_stubber.add_response('assume_role', assume_role_response)
actual_creds = session.get_credentials()
self.assert_creds_equal(actual_creds, expected_creds)
sts_stubber.assert_no_pending_responses()
# Assert that the client was created with the credentials from the
# SSO get role credentials response
self.assertEqual(self.mock_client_creator.call_count, 1)
_, kwargs = self.mock_client_creator.call_args_list[0]
expected_kwargs = {
'aws_access_key_id': sso_role_creds.access_key,
'aws_secret_access_key': sso_role_creds.secret_key,
'aws_session_token': sso_role_creds.token,
}
self.assertEqual(kwargs, expected_kwargs)
def test_web_identity_credential_source_ignores_env_vars(self):
token_path = os.path.join(self.tempdir, 'token')
with open(token_path, 'w') as token_file:

73
tests/functional/test_s3.py
View file

@ -771,7 +771,7 @@ class TestS3SigV4(BaseS3OperationTest):
def test_content_sha256_set_if_md5_is_unavailable(self):
with mock.patch('botocore.auth.MD5_AVAILABLE', False):
with mock.patch('botocore.handlers.MD5_AVAILABLE', False):
with mock.patch('botocore.utils.MD5_AVAILABLE', False):
with self.http_stubber:
self.client.put_object(Bucket='foo', Key='bar', Body='baz')
sent_headers = self.get_sent_headers()
@ -1106,6 +1106,65 @@ class TestGeneratePresigned(BaseS3OperationTest):
'get_object', {'Bucket': 'mybucket', 'Key': 'mykey'})
self.assert_is_v2_presigned_url(url)
def test_checksums_included_in_expected_operations():
"""Validate expected calls include Content-MD5 header"""
t = S3ChecksumCases(_verify_checksum_in_headers)
yield t.case('put_bucket_tagging',
{"Bucket": "foo", "Tagging":{"TagSet":[]}})
yield t.case('put_bucket_lifecycle',
{"Bucket": "foo", "LifecycleConfiguration":{"Rules":[]}})
yield t.case('put_bucket_lifecycle_configuration',
{"Bucket": "foo", "LifecycleConfiguration":{"Rules":[]}})
yield t.case('put_bucket_cors',
{"Bucket": "foo", "CORSConfiguration":{"CORSRules": []}})
yield t.case('delete_objects',
{"Bucket": "foo", "Delete": {"Objects": [{"Key": "bar"}]}})
yield t.case('put_bucket_replication',
{"Bucket": "foo",
"ReplicationConfiguration": {"Role":"", "Rules": []}})
yield t.case('put_bucket_acl',
{"Bucket": "foo", "AccessControlPolicy":{}})
yield t.case('put_bucket_logging',
{"Bucket": "foo",
"BucketLoggingStatus":{}})
yield t.case('put_bucket_notification',
{"Bucket": "foo", "NotificationConfiguration":{}})
yield t.case('put_bucket_policy',
{"Bucket": "foo", "Policy": "<bucket-policy>"})
yield t.case('put_bucket_request_payment',
{"Bucket": "foo", "RequestPaymentConfiguration":{"Payer": ""}})
yield t.case('put_bucket_versioning',
{"Bucket": "foo", "VersioningConfiguration":{}})
yield t.case('put_bucket_website',
{"Bucket": "foo",
"WebsiteConfiguration":{}})
yield t.case('put_object_acl',
{"Bucket": "foo", "Key": "bar", "AccessControlPolicy":{}})
yield t.case('put_object_legal_hold',
{"Bucket": "foo", "Key": "bar", "LegalHold":{"Status": "ON"}})
yield t.case('put_object_retention',
{"Bucket": "foo", "Key": "bar",
"Retention":{"RetainUntilDate":"2020-11-05"}})
yield t.case('put_object_lock_configuration',
{"Bucket": "foo", "ObjectLockConfiguration":{}})
def _verify_checksum_in_headers(operation, operation_kwargs):
environ = {}
with mock.patch('os.environ', environ):
environ['AWS_ACCESS_KEY_ID'] = 'access_key'
environ['AWS_SECRET_ACCESS_KEY'] = 'secret_key'
environ['AWS_CONFIG_FILE'] = 'no-exist-foo'
session = create_session()
session.config_filename = 'no-exist-foo'
client = session.create_client('s3')
with ClientHTTPStubber(client) as stub:
stub.add_response()
call = getattr(client, operation)
call(**operation_kwargs)
assert 'Content-MD5' in stub.requests[-1].headers
def test_correct_url_used_for_s3():
# Test that given various sets of config options and bucket names,
@ -1759,10 +1818,15 @@ def test_correct_url_used_for_s3():
'https://bucket.s3.unknown.amazonaws.com/key'))
class S3AddressingCases(object):
class BaseTestCase:
def __init__(self, verify_function):
self._verify = verify_function
def case(self, **kwargs):
return self._verify, kwargs
class S3AddressingCases(BaseTestCase):
def case(self, region=None, bucket='bucket', key='key',
s3_config=None, is_secure=True, customer_provided_endpoint=None,
expected_url=None, signature_version=None):
@ -1772,6 +1836,11 @@ class S3AddressingCases(object):
)
class S3ChecksumCases(BaseTestCase):
def case(self, operation, operation_args):
return self._verify, operation, operation_args
def _verify_expected_endpoint_url(region, bucket, key, s3_config,
is_secure=True,
customer_provided_endpoint=None,

199
tests/unit/test_credentials.py
View file

@ -26,13 +26,16 @@ from botocore import credentials
from botocore.utils import ContainerMetadataFetcher
from botocore.compat import json, six
from botocore.session import Session
from botocore.utils import FileWebIdentityTokenLoader
from botocore.stub import Stubber
from botocore.utils import datetime2timestamp
from botocore.utils import FileWebIdentityTokenLoader, SSOTokenLoader
from botocore.credentials import EnvProvider, create_assume_role_refresher
from botocore.credentials import CredentialProvider, AssumeRoleProvider
from botocore.credentials import ConfigProvider, SharedCredentialProvider
from botocore.credentials import ProcessProvider
from botocore.credentials import AssumeRoleWithWebIdentityProvider
from botocore.credentials import Credentials, ProfileProviderBuilder
from botocore.credentials import SSOCredentialFetcher, SSOProvider
from botocore.configprovider import ConfigValueStore
import botocore.exceptions
import botocore.session
@ -3206,6 +3209,7 @@ class TestProfileProviderBuilder(unittest.TestCase):
providers = self.builder.providers('some-profile')
expected_providers = [
AssumeRoleWithWebIdentityProvider,
SSOProvider,
SharedCredentialProvider,
ProcessProvider,
ConfigProvider,
@ -3214,3 +3218,196 @@ class TestProfileProviderBuilder(unittest.TestCase):
zipped_providers = six.moves.zip(providers, expected_providers)
for provider, expected_type in zipped_providers:
self.assertTrue(isinstance(provider, expected_type))
class TestSSOCredentialFetcher(unittest.TestCase):
def setUp(self):
self.sso = Session().create_client('sso', region_name='us-east-1')
self.stubber = Stubber(self.sso)
self.mock_session = mock.Mock(spec=Session)
self.mock_session.create_client.return_value = self.sso
self.cache = {}
self.sso_region = 'us-east-1'
self.start_url = 'https://d-92671207e4.awsapps.com/start'
self.role_name = 'test-role'
self.account_id = '1234567890'
self.access_token = 'some.sso.token'
# This is just an arbitrary point in time we can pin to
self.now = datetime(2008, 9, 23, 12, 26, 40, tzinfo=tzutc())
# The SSO endpoint uses ms whereas the OIDC endpoint uses seconds
self.now_timestamp = 1222172800000
self.loader = mock.Mock(spec=SSOTokenLoader)
self.loader.return_value = self.access_token
self.fetcher = SSOCredentialFetcher(
self.start_url, self.sso_region, self.role_name, self.account_id,
self.mock_session.create_client, token_loader=self.loader,
cache=self.cache,
)
def test_can_fetch_credentials(self):
expected_params = {
'roleName': self.role_name,
'accountId': self.account_id,
'accessToken': self.access_token,
}
expected_response = {
'roleCredentials': {
'accessKeyId': 'foo',
'secretAccessKey': 'bar',
'sessionToken': 'baz',
'expiration': self.now_timestamp + 1000000,
}
}
self.stubber.add_response(
'get_role_credentials',
expected_response,
expected_params=expected_params,
)
with self.stubber:
credentials = self.fetcher.fetch_credentials()
self.assertEqual(credentials['access_key'], 'foo')
self.assertEqual(credentials['secret_key'], 'bar')
self.assertEqual(credentials['token'], 'baz')
self.assertEqual(credentials['expiry_time'], '2008-09-23T12:43:20UTC')
cache_key = '048db75bbe50955c16af7aba6ff9c41a3131bb7e'
expected_cached_credentials = {
'ProviderType': 'sso',
'Credentials': {
'AccessKeyId': 'foo',
'SecretAccessKey': 'bar',
'SessionToken': 'baz',
'Expiration': '2008-09-23T12:43:20UTC',
}
}
self.assertEqual(self.cache[cache_key], expected_cached_credentials)
def test_raises_helpful_message_on_unauthorized_exception(self):
expected_params = {
'roleName': self.role_name,
'accountId': self.account_id,
'accessToken': self.access_token,
}
self.stubber.add_client_error(
'get_role_credentials',
service_error_code='UnauthorizedException',
expected_params=expected_params,
)
with self.assertRaises(botocore.exceptions.UnauthorizedSSOTokenError):
with self.stubber:
credentials = self.fetcher.fetch_credentials()
class TestSSOProvider(unittest.TestCase):
def setUp(self):
self.sso = Session().create_client('sso', region_name='us-east-1')
self.stubber = Stubber(self.sso)
self.mock_session = mock.Mock(spec=Session)
self.mock_session.create_client.return_value = self.sso
self.sso_region = 'us-east-1'
self.start_url = 'https://d-92671207e4.awsapps.com/start'
self.role_name = 'test-role'
self.account_id = '1234567890'
self.access_token = 'some.sso.token'
self.profile_name = 'sso-profile'
self.config = {
'sso_region': self.sso_region,
'sso_start_url': self.start_url,
'sso_role_name': self.role_name,
'sso_account_id': self.account_id,
}
self.expires_at = datetime.now(tzlocal()) + timedelta(hours=24)
self.cached_creds_key = '048db75bbe50955c16af7aba6ff9c41a3131bb7e'
self.cached_token_key = '13f9d35043871d073ab260e020f0ffde092cb14b'
self.cache = {
self.cached_token_key: {
'accessToken': self.access_token,
'expiresAt': self.expires_at.strftime('%Y-%m-%dT%H:%M:%S%Z'),
}
}
self.provider = SSOProvider(
load_config=self._mock_load_config,
client_creator=self.mock_session.create_client,
profile_name=self.profile_name,
cache=self.cache,
token_cache=self.cache,
)
self.expected_get_role_credentials_params = {
'roleName': self.role_name,
'accountId': self.account_id,
'accessToken': self.access_token,
}
expiration = datetime2timestamp(self.expires_at)
self.expected_get_role_credentials_response = {
'roleCredentials': {
'accessKeyId': 'foo',
'secretAccessKey': 'bar',
'sessionToken': 'baz',
'expiration': int(expiration * 1000),
}
}
def _mock_load_config(self):
return {
'profiles': {
self.profile_name: self.config,
}
}
def _add_get_role_credentials_response(self):
self.stubber.add_response(
'get_role_credentials',
self.expected_get_role_credentials_response,
self.expected_get_role_credentials_params,
)
def test_load_sso_credentials_without_cache(self):
self._add_get_role_credentials_response()
with self.stubber:
credentials = self.provider.load()
self.assertEqual(credentials.access_key, 'foo')
self.assertEqual(credentials.secret_key, 'bar')
self.assertEqual(credentials.token, 'baz')
def test_load_sso_credentials_with_cache(self):
cached_creds = {
'Credentials': {
'AccessKeyId': 'cached-akid',
'SecretAccessKey': 'cached-sak',
'SessionToken': 'cached-st',
'Expiration': self.expires_at.strftime('%Y-%m-%dT%H:%M:%S%Z'),
}
}
self.cache[self.cached_creds_key] = cached_creds
credentials = self.provider.load()
self.assertEqual(credentials.access_key, 'cached-akid')
self.assertEqual(credentials.secret_key, 'cached-sak')
self.assertEqual(credentials.token, 'cached-st')
def test_load_sso_credentials_with_cache_expired(self):
cached_creds = {
'Credentials': {
'AccessKeyId': 'expired-akid',
'SecretAccessKey': 'expired-sak',
'SessionToken': 'expired-st',
'Expiration': '2002-10-22T20:52:11UTC',
}
}
self.cache[self.cached_creds_key] = cached_creds
self._add_get_role_credentials_response()
with self.stubber:
credentials = self.provider.load()
self.assertEqual(credentials.access_key, 'foo')
self.assertEqual(credentials.secret_key, 'bar')
self.assertEqual(credentials.token, 'baz')
def test_required_config_not_set(self):
del self.config['sso_start_url']
# If any required configuration is missing we should get an error
with self.assertRaises(botocore.exceptions.InvalidConfigError):
self.provider.load()

19
tests/unit/test_handlers.py
View file

@ -38,6 +38,7 @@ from botocore.model import DenormalizedStructureBuilder
from botocore.session import Session
from botocore.signers import RequestSigner
from botocore.credentials import Credentials
from botocore.utils import conditionally_calculate_md5
from botocore import handlers
@ -1124,7 +1125,7 @@ class TestAddMD5(BaseMD5Test):
'method': 'PUT',
'headers': {}}
context = self.get_context()
handlers.conditionally_calculate_md5(
conditionally_calculate_md5(
request_dict, request_signer=request_signer, context=context)
self.assertTrue('Content-MD5' in request_dict['headers'])
@ -1138,7 +1139,7 @@ class TestAddMD5(BaseMD5Test):
'method': 'PUT',
'headers': {}}
context = self.get_context({'payload_signing_enabled': False})
handlers.conditionally_calculate_md5(
conditionally_calculate_md5(
request_dict, request_signer=request_signer, context=context)
self.assertTrue('Content-MD5' in request_dict['headers'])
@ -1153,8 +1154,8 @@ class TestAddMD5(BaseMD5Test):
context = self.get_context()
self.set_md5_available(False)
with mock.patch('botocore.handlers.MD5_AVAILABLE', False):
handlers.conditionally_calculate_md5(
with mock.patch('botocore.utils.MD5_AVAILABLE', False):
conditionally_calculate_md5(
request_dict, request_signer=request_signer, context=context)
self.assertFalse('Content-MD5' in request_dict['headers'])
@ -1169,7 +1170,7 @@ class TestAddMD5(BaseMD5Test):
self.set_md5_available(False)
with self.assertRaises(MD5UnavailableError):
handlers.calculate_md5(
conditionally_calculate_md5(
request_dict, request_signer=request_signer)
def test_adds_md5_when_s3v2(self):
@ -1181,7 +1182,7 @@ class TestAddMD5(BaseMD5Test):
'method': 'PUT',
'headers': {}}
context = self.get_context()
handlers.conditionally_calculate_md5(
conditionally_calculate_md5(
request_dict, request_signer=request_signer, context=context)
self.assertTrue('Content-MD5' in request_dict['headers'])
@ -1191,7 +1192,7 @@ class TestAddMD5(BaseMD5Test):
'headers': {}
}
self.md5_digest.return_value = b'8X\xf6"0\xac<\x91_0\x0cfC\x12\xc6?'
handlers.calculate_md5(request_dict)
conditionally_calculate_md5(request_dict)
self.assertEqual(request_dict['headers']['Content-MD5'],
'OFj2IjCsPJFfMAxmQxLGPw==')
@ -1201,7 +1202,7 @@ class TestAddMD5(BaseMD5Test):
'headers': {}
}
self.md5_digest.return_value = b'8X\xf6"0\xac<\x91_0\x0cfC\x12\xc6?'
handlers.calculate_md5(request_dict)
conditionally_calculate_md5(request_dict)
self.assertEqual(
request_dict['headers']['Content-MD5'],
'OFj2IjCsPJFfMAxmQxLGPw==')
@ -1212,7 +1213,7 @@ class TestAddMD5(BaseMD5Test):
'headers': {}
}
self.md5_digest.return_value = b'8X\xf6"0\xac<\x91_0\x0cfC\x12\xc6?'
handlers.calculate_md5(request_dict)
conditionally_calculate_md5(request_dict)
self.assertEqual(
request_dict['headers']['Content-MD5'],
'OFj2IjCsPJFfMAxmQxLGPw==')

2
tests/unit/test_signers.py
View file

@ -923,6 +923,8 @@ class TestGeneratePresignedPost(unittest.TestCase):
self.client.generate_presigned_post(
self.bucket, self.key, Fields=fields, Conditions=conditions)
self.assertEqual(fields, {'acl': 'public-read'})
_, post_kwargs = self.presign_post_mock.call_args
request_dict = post_kwargs['request_dict']
fields = post_kwargs['fields']

30
tests/unit/test_utils.py
View file

@ -66,6 +66,8 @@ from botocore.utils import S3ArnParamHandler
from botocore.utils import S3EndpointSetter
from botocore.utils import ContainerMetadataFetcher
from botocore.utils import InstanceMetadataFetcher
from botocore.utils import SSOTokenLoader
from botocore.exceptions import SSOTokenLoadError
from botocore.utils import IMDSFetcher
from botocore.utils import BadIMDSRequestError
from botocore.model import DenormalizedStructureBuilder
@ -2428,3 +2430,31 @@ class TestInstanceMetadataFetcher(unittest.TestCase):
result = InstanceMetadataFetcher(
user_agent=user_agent).retrieve_iam_role_credentials()
self.assertEqual(result, {})
class TestSSOTokenLoader(unittest.TestCase):
def setUp(self):
super(TestSSOTokenLoader, self).setUp()
self.start_url = 'https://d-abc123.awsapps.com/start'
self.cache_key = '40a89917e3175433e361b710a9d43528d7f1890a'
self.access_token = 'totally.a.token'
self.cached_token = {
'accessToken': self.access_token,
'expiresAt': '2002-10-18T03:52:38UTC'
}
self.cache = {}
self.loader = SSOTokenLoader(cache=self.cache)
def test_can_load_token_exists(self):
self.cache[self.cache_key] = self.cached_token
access_token = self.loader(self.start_url)
self.assertEqual(self.access_token, access_token)
def test_can_handle_does_not_exist(self):
with self.assertRaises(SSOTokenLoadError):
access_token = self.loader(self.start_url)
def test_can_handle_invalid_cache(self):
self.cache[self.cache_key] = {}
with self.assertRaises(SSOTokenLoadError):
access_token = self.loader(self.start_url)