Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
" + "documentation":"Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
" }, "CancelHandshake":{ "name":"CancelHandshake", @@ -381,7 +381,7 @@ {"shape":"InvalidInputException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to policy types other than service control policies (SCPs).
For more information about policy inheritance, see Understanding management policy inheritance in the Organizations User Guide.
This operation can be called from any account in the organization.
" + "documentation":"Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to management policies. It does not apply to authorization policies: service control policies (SCPs) and resource control policies (RCPs).
For more information about policy inheritance, see Understanding management policy inheritance in the Organizations User Guide.
This operation can be called from any account in the organization.
" }, "DescribeHandshake":{ "name":"DescribeHandshake", @@ -1661,7 +1661,7 @@ }, "Type":{ "shape":"PolicyType", - "documentation":"The type of policy to create. You can specify one of the following values:
The type of policy to create. You can specify one of the following values:
The type of policy that you want information about. You can specify one of the following values:
" + "documentation":"The type of policy that you want information about. You can specify one of the following values:
" }, "TargetId":{ "shape":"PolicyTargetId", @@ -1978,7 +1978,7 @@ }, "PolicyType":{ "shape":"PolicyType", - "documentation":"The policy type that you want to disable in this root. You can specify one of the following values:
The policy type that you want to disable in this root. You can specify one of the following values:
The policy type that you want to enable. You can specify one of the following values:
The policy type that you want to enable. You can specify one of the following values:
The type of policy that you want to include in the returned list. You must specify one of the following values:
The type of policy that you want to include in the returned list. You must specify one of the following values:
Specifies the type of policy that you want to include in the response. You must specify one of the following values:
Specifies the type of policy that you want to include in the response. You must specify one of the following values:
Creates a user and associates them with an existing file transfer protocol-enabled server. You can only create and associate users with servers that have the IdentityProviderType set to SERVICE_MANAGED. Using parameters for CreateUser, you can specify the user name, set the home directory, store the user's public key, and assign the user's Identity and Access Management (IAM) role. You can also optionally add a session policy, and assign metadata with tags that can be used to group and search for users.
Creates a web app based on specified parameters, and returns the ID for the new web app.
" + }, "CreateWorkflow":{ "name":"CreateWorkflow", "http":{ @@ -285,6 +302,41 @@ "documentation":"Deletes the user belonging to a file transfer protocol-enabled server you specify.
No response returns from this operation.
When you delete a user from a server, the user's information is lost.
Deletes the specified web app.
", + "idempotent":true + }, + "DeleteWebAppCustomization":{ + "name":"DeleteWebAppCustomization", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteWebAppCustomizationRequest"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceError"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Deletes the WebAppCustomization object that corresponds to the web app ID specified.
Describes the user assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property.
The response from this call returns the properties of the user associated with the ServerId value that was specified.
Describes the web app that's identified by WebAppId.
Describes the web app customization object that's identified by WebAppId.
Lists the users for a file transfer protocol-enabled server that you specify by passing the ServerId parameter.
Lists all web apps associated with your Amazon Web Services account for your current region.
" + }, "ListWorkflows":{ "name":"ListWorkflows", "http":{ @@ -1033,6 +1135,42 @@ {"shape":"ServiceUnavailableException"} ], "documentation":"Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName and ServerId you specify.
The response returns the ServerId and the UserName for the updated user.
In the console, you can select Restricted when you create or update a user. This ensures that the user can't access anything outside of their home directory. The programmatic way to configure this behavior is to update the user. Set their HomeDirectoryType to LOGICAL, and specify HomeDirectoryMappings with Entry as root (/) and Target as their home directory.
For example, if the user's home directory is /test/admin-user, the following command updates the user so that their configuration in the console shows the Restricted flag as selected.
aws transfer update-user --server-id <server-id> --user-name admin-user --home-directory-type LOGICAL --home-directory-mappings \"[{\\\"Entry\\\":\\\"/\\\", \\\"Target\\\":\\\"/test/admin-user\\\"}]\"
Assigns new properties to a web app. You can modify the access point, identity provider details, and the web app units.
" + }, + "UpdateWebAppCustomization":{ + "name":"UpdateWebAppCustomization", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateWebAppCustomizationRequest"}, + "output":{"shape":"UpdateWebAppCustomizationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceError"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Assigns new customization properties to a web app. You can modify the icon file, logo file, and title.
" } }, "shapes":{ @@ -1495,7 +1633,7 @@ }, "IdentityProviderDetails":{ "shape":"IdentityProviderDetails", - "documentation":"Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, Amazon Web Services_LAMBDA or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when IdentityProviderType is set to SERVICE_MANAGED.
Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, Amazon Web Services_LAMBDA or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when IdentityProviderType is set to SERVICE_MANAGED.
You can provide a structure that contains the details for the identity provider to use with your web app.
" + }, + "AccessEndpoint":{ + "shape":"WebAppAccessEndpoint", + "documentation":"The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.
A union that contains the value for number of concurrent connections or the user sessions on your web app.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"Key-value pairs that can be used to group and search for web apps.
" + } + } + }, + "CreateWebAppResponse":{ + "type":"structure", + "required":["WebAppId"], + "members":{ + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Returns a unique identifier for the web app.
" + } + } + }, "CreateWorkflowRequest":{ "type":"structure", "required":["Steps"], @@ -1868,6 +2038,26 @@ } } }, + "DeleteWebAppCustomizationRequest":{ + "type":"structure", + "required":["WebAppId"], + "members":{ + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Provide the unique identifier for the web app that contains the customizations that you are deleting.
" + } + } + }, + "DeleteWebAppRequest":{ + "type":"structure", + "required":["WebAppId"], + "members":{ + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Provide the unique identifier for the web app that you are deleting.
" + } + } + }, "DeleteWorkflowRequest":{ "type":"structure", "required":["WorkflowId"], @@ -2134,6 +2324,46 @@ } } }, + "DescribeWebAppCustomizationRequest":{ + "type":"structure", + "required":["WebAppId"], + "members":{ + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Provide the unique identifier for the web app.
" + } + } + }, + "DescribeWebAppCustomizationResponse":{ + "type":"structure", + "required":["WebAppCustomization"], + "members":{ + "WebAppCustomization":{ + "shape":"DescribedWebAppCustomization", + "documentation":"Returns a structure that contains the details of the web app customizations.
" + } + } + }, + "DescribeWebAppRequest":{ + "type":"structure", + "required":["WebAppId"], + "members":{ + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Provide the unique identifier for the web app.
" + } + } + }, + "DescribeWebAppResponse":{ + "type":"structure", + "required":["WebApp"], + "members":{ + "WebApp":{ + "shape":"DescribedWebApp", + "documentation":"Returns a structure that contains the details of the web app.
" + } + } + }, "DescribeWorkflowRequest":{ "type":"structure", "required":["WorkflowId"], @@ -2412,6 +2642,24 @@ }, "documentation":"The details for a server host key.
" }, + "DescribedIdentityCenterConfig":{ + "type":"structure", + "members":{ + "ApplicationArn":{ + "shape":"IdentityCenterApplicationArn", + "documentation":"The Amazon Resource Name (ARN) for the IAM Identity Center application: this value is set automatically when you create your web app.
" + }, + "InstanceArn":{ + "shape":"IdentityCenterInstanceArn", + "documentation":"The Amazon Resource Name (ARN) for the IAM Identity Center used for the web app.
" + }, + "Role":{ + "shape":"Role", + "documentation":"The IAM role in IAM Identity Center used for the web app.
" + } + }, + "documentation":"A structure that contains the details of the IAM Identity Center used for your web app. Returned during a call to DescribeWebApp.
Describes the properties of a user that was specified.
" }, + "DescribedWebApp":{ + "type":"structure", + "required":[ + "Arn", + "WebAppId" + ], + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the web app.
" + }, + "WebAppId":{ + "shape":"WebAppId", + "documentation":"The unique identifier for the web app.
" + }, + "DescribedIdentityProviderDetails":{ + "shape":"DescribedWebAppIdentityProviderDetails", + "documentation":"A structure that contains the details for the identity provider used by the web app.
" + }, + "AccessEndpoint":{ + "shape":"WebAppAccessEndpoint", + "documentation":"The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.
The WebAppEndpoint is the unique URL for your Transfer Family web app. This is the value that you use when you configure Origins on CloudFront.
A union that contains the value for number of concurrent connections or the user sessions on your web app.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"Key-value pairs that can be used to group and search for web apps. Tags are metadata attached to web apps for any purpose.
" + } + }, + "documentation":"A structure that describes the parameters for the web app, as identified by the WebAppId.
Returns the Amazon Resource Name (ARN) for the web app.
" + }, + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Returns the unique identifier for your web app.
" + }, + "Title":{ + "shape":"WebAppTitle", + "documentation":"Returns the page title that you defined for your web app.
" + }, + "LogoFile":{ + "shape":"WebAppLogoFile", + "documentation":"Returns a logo file data string (in base64 encoding).
" + }, + "FaviconFile":{ + "shape":"WebAppFaviconFile", + "documentation":"Returns a icon file data string (in base64 encoding).
" + } + }, + "documentation":"A structure that contains the customization fields for the web app. You can provide a title, logo, and icon to customize the appearance of your web app.
" + }, + "DescribedWebAppIdentityProviderDetails":{ + "type":"structure", + "members":{ + "IdentityCenterConfig":{ + "shape":"DescribedIdentityCenterConfig", + "documentation":"Returns a structure for your identity provider details. This structure contains the instance ARN and role being used for the web app.
" + } + }, + "documentation":"Returns a structure that contains the identity provider details for your web app.
", + "union":true + }, "DescribedWorkflow":{ "type":"structure", "required":["Arn"], @@ -2949,6 +3276,32 @@ "pattern":"hostkey-[0-9a-f]{17}" }, "HostKeyType":{"type":"string"}, + "IdentityCenterApplicationArn":{ + "type":"string", + "max":1224, + "min":10, + "pattern":"arn:[\\w-]+:sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}" + }, + "IdentityCenterConfig":{ + "type":"structure", + "members":{ + "InstanceArn":{ + "shape":"IdentityCenterInstanceArn", + "documentation":"The Amazon Resource Name (ARN) for the IAM Identity Center used for the web app.
" + }, + "Role":{ + "shape":"Role", + "documentation":"The IAM role in IAM Identity Center used for the web app.
" + } + }, + "documentation":"A structure that describes the values to use for the IAM Identity Center settings when you create or update a web app.
" + }, + "IdentityCenterInstanceArn":{ + "type":"string", + "max":1224, + "min":10, + "pattern":"arn:[\\w-]+:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" + }, "IdentityProviderDetails":{ "type":"structure", "members":{ @@ -3171,7 +3524,7 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"Specifies the maximum number of access SIDs to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3210,7 +3563,7 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of agreements to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3241,7 +3594,7 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of certificates to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3268,7 +3621,7 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of connectors to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3296,7 +3649,7 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"Specifies the maximum number of executions to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3374,7 +3727,7 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of host keys to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3412,7 +3765,7 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of profiles to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3566,12 +3919,39 @@ } } }, + "ListWebAppsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of items to return.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"Returns the NextToken parameter in the output. You can then pass the NextToken parameter in a subsequent command to continue listing additional web apps.
Provide this value for the NextToken parameter in a subsequent command to continue listing additional web apps.
Returns, for each listed web app, a structure that contains details for the web app.
" + } + } + }, "ListWorkflowsRequest":{ "type":"structure", "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"Specifies the maximum number of workflows to return.
" + "documentation":"The maximum number of items to return.
" }, "NextToken":{ "shape":"NextToken", @@ -3886,6 +4266,36 @@ "type":"list", "member":{"shape":"ListedUser"} }, + "ListedWebApp":{ + "type":"structure", + "required":[ + "Arn", + "WebAppId" + ], + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) for the web app.
" + }, + "WebAppId":{ + "shape":"WebAppId", + "documentation":"The unique identifier for the web app.
" + }, + "AccessEndpoint":{ + "shape":"WebAppAccessEndpoint", + "documentation":"The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.
The WebAppEndpoint is the unique URL for your Transfer Family web app. This is the value that you use when you configure Origins on CloudFront.
a structure that contains details for the web app.
" + }, + "ListedWebApps":{ + "type":"list", + "member":{"shape":"ListedWebApp"} + }, "ListedWorkflow":{ "type":"structure", "members":{ @@ -5234,6 +5644,91 @@ }, "documentation":" UpdateUserResponse returns the user name and identifier for the request to update a user's properties.
Provide the identifier of the web app that you are updating.
" + }, + "Title":{ + "shape":"WebAppTitle", + "documentation":"Provide an updated title.
" + }, + "LogoFile":{ + "shape":"WebAppLogoFile", + "documentation":"Specify logo file data string (in base64 encoding).
" + }, + "FaviconFile":{ + "shape":"WebAppFaviconFile", + "documentation":"Specify icon file data string (in base64 encoding).
" + } + } + }, + "UpdateWebAppCustomizationResponse":{ + "type":"structure", + "required":["WebAppId"], + "members":{ + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Returns the unique identifier for the web app being updated.
" + } + } + }, + "UpdateWebAppIdentityCenterConfig":{ + "type":"structure", + "members":{ + "Role":{ + "shape":"Role", + "documentation":"The IAM role used to access IAM Identity Center.
" + } + }, + "documentation":"A structure that describes the values to use for the IAM Identity Center settings when you update a web app.
" + }, + "UpdateWebAppIdentityProviderDetails":{ + "type":"structure", + "members":{ + "IdentityCenterConfig":{ + "shape":"UpdateWebAppIdentityCenterConfig", + "documentation":"A structure that describes the values to use for the IAM Identity Center settings when you update a web app.
" + } + }, + "documentation":"A union that contains the UpdateWebAppIdentityCenterConfig object.
Provide the identifier of the web app that you are updating.
" + }, + "IdentityProviderDetails":{ + "shape":"UpdateWebAppIdentityProviderDetails", + "documentation":"Provide updated identity provider values in a WebAppIdentityProviderDetails object.
The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.
A union that contains the value for number of concurrent connections or the user sessions on your web app.
" + } + } + }, + "UpdateWebAppResponse":{ + "type":"structure", + "required":["WebAppId"], + "members":{ + "WebAppId":{ + "shape":"WebAppId", + "documentation":"Returns the unique identifier for the web app being updated.
" + } + } + }, "Url":{ "type":"string", "max":255, @@ -5284,6 +5779,66 @@ "pattern":"vpce-[0-9a-f]{17}" }, "VpcId":{"type":"string"}, + "WebAppAccessEndpoint":{ + "type":"string", + "max":1024, + "min":1 + }, + "WebAppEndpoint":{ + "type":"string", + "max":1024, + "min":1 + }, + "WebAppFaviconFile":{ + "type":"blob", + "max":20960, + "min":1, + "sensitive":true + }, + "WebAppId":{ + "type":"string", + "max":24, + "min":24, + "pattern":"webapp-[0-9a-f]{17}" + }, + "WebAppIdentityProviderDetails":{ + "type":"structure", + "members":{ + "IdentityCenterConfig":{ + "shape":"IdentityCenterConfig", + "documentation":"A structure that describes the values to use for the IAM Identity Center settings when you create a web app.
" + } + }, + "documentation":"A union that contains the IdentityCenterConfig object.
An integer that represents the number of units for your desired number of concurrent connections, or the number of user sessions on your web app at the same time.
Each increment allows an additional 250 concurrent sessions: a value of 1 sets the number of concurrent sessions to 250; 2 sets a value of 500, and so on.
Contains an integer value that represents the value for number of concurrent connections or the user sessions on your web app.
", + "union":true + }, "WorkflowDescription":{ "type":"string", "max":256, From 9a2b17a1b4371cf5097dbe9da1f544d4e9e54795 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:03 +0000 Subject: [PATCH 07/35] Amazon OpenSearch Service Update: This feature introduces support for CRUDL APIs, enabling the creation and management of Connected data sources. --- ...ature-AmazonOpenSearchService-afd5c96.json | 6 + .../codegen-resources/service-2.json | 337 +++++++++++++++++- 2 files changed, 334 insertions(+), 9 deletions(-) create mode 100644 .changes/next-release/feature-AmazonOpenSearchService-afd5c96.json diff --git a/.changes/next-release/feature-AmazonOpenSearchService-afd5c96.json b/.changes/next-release/feature-AmazonOpenSearchService-afd5c96.json new file mode 100644 index 00000000000..a7f3c1dfdbe --- /dev/null +++ b/.changes/next-release/feature-AmazonOpenSearchService-afd5c96.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon OpenSearch Service", + "contributor": "", + "description": "This feature introduces support for CRUDL APIs, enabling the creation and management of Connected data sources." +} diff --git a/services/opensearch/src/main/resources/codegen-resources/service-2.json b/services/opensearch/src/main/resources/codegen-resources/service-2.json index 400f99658b3..9b4bb37247c 100644 --- a/services/opensearch/src/main/resources/codegen-resources/service-2.json +++ b/services/opensearch/src/main/resources/codegen-resources/service-2.json @@ -46,6 +46,24 @@ ], "documentation":"Creates a new direct-query data source to the specified domain. For more information, see Creating Amazon OpenSearch Service data source integrations with Amazon S3.
" }, + "AddDirectQueryDataSource":{ + "name":"AddDirectQueryDataSource", + "http":{ + "method":"POST", + "requestUri":"/2021-01-01/opensearch/directQueryDataSource" + }, + "input":{"shape":"AddDirectQueryDataSourceRequest"}, + "output":{"shape":"AddDirectQueryDataSourceResponse"}, + "errors":[ + {"shape":"BaseException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"} + ], + "documentation":"Adds a new data source in Amazon OpenSearch Service so that you can perform direct queries on external data.
" + }, "AddTags":{ "name":"AddTags", "http":{ @@ -59,7 +77,7 @@ {"shape":"ValidationException"}, {"shape":"InternalException"} ], - "documentation":"Attaches tags to an existing Amazon OpenSearch Service domain. Tags are a set of case-sensitive key-value pairs. A domain can have up to 10 tags. For more information, see Tagging Amazon OpenSearch Service domains.
" + "documentation":"Attaches tags to an existing Amazon OpenSearch Service domain, data source, or application.
Tags are a set of case-sensitive key-value pairs. A domain, data source, or application can have up to 10 tags. For more information, see Tagging Amazon OpenSearch Service resources.
" }, "AssociatePackage":{ "name":"AssociatePackage", @@ -277,6 +295,22 @@ ], "documentation":"Deletes a direct-query data source. For more information, see Deleting an Amazon OpenSearch Service data source with Amazon S3.
" }, + "DeleteDirectQueryDataSource":{ + "name":"DeleteDirectQueryDataSource", + "http":{ + "method":"DELETE", + "requestUri":"/2021-01-01/opensearch/directQueryDataSource/{DataSourceName}" + }, + "input":{"shape":"DeleteDirectQueryDataSourceRequest"}, + "errors":[ + {"shape":"BaseException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"DisabledOperationException"} + ], + "documentation":"Deletes a previously configured direct query data source from Amazon OpenSearch Service.
" + }, "DeleteDomain":{ "name":"DeleteDomain", "http":{ @@ -687,6 +721,23 @@ ], "documentation":"Retrieves information about a direct query data source.
" }, + "GetDirectQueryDataSource":{ + "name":"GetDirectQueryDataSource", + "http":{ + "method":"GET", + "requestUri":"/2021-01-01/opensearch/directQueryDataSource/{DataSourceName}" + }, + "input":{"shape":"GetDirectQueryDataSourceRequest"}, + "output":{"shape":"GetDirectQueryDataSourceResponse"}, + "errors":[ + {"shape":"BaseException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"DisabledOperationException"} + ], + "documentation":"Returns detailed configuration information for a specific direct query data source in Amazon OpenSearch Service.
" + }, "GetDomainMaintenanceStatus":{ "name":"GetDomainMaintenanceStatus", "http":{ @@ -792,6 +843,23 @@ ], "documentation":"Lists direct-query data sources for a specific domain. For more information, see For more information, see Working with Amazon OpenSearch Service direct queries with Amazon S3.
" }, + "ListDirectQueryDataSources":{ + "name":"ListDirectQueryDataSources", + "http":{ + "method":"GET", + "requestUri":"/2021-01-01/opensearch/directQueryDataSource" + }, + "input":{"shape":"ListDirectQueryDataSourcesRequest"}, + "output":{"shape":"ListDirectQueryDataSourcesResponse"}, + "errors":[ + {"shape":"BaseException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"DisabledOperationException"} + ], + "documentation":"Lists an inventory of all the direct query data sources that you have configured within Amazon OpenSearch Service.
" + }, "ListDomainMaintenances":{ "name":"ListDomainMaintenances", "http":{ @@ -904,7 +972,7 @@ {"shape":"ValidationException"}, {"shape":"InternalException"} ], - "documentation":"Returns all resource tags for an Amazon OpenSearch Service domain. For more information, see Tagging Amazon OpenSearch Service domains.
" + "documentation":"Returns all resource tags for an Amazon OpenSearch Service domain, data source, or application. For more information, see Tagging Amazon OpenSearch Service resources.
" }, "ListVersions":{ "name":"ListVersions", @@ -1013,7 +1081,7 @@ {"shape":"ValidationException"}, {"shape":"InternalException"} ], - "documentation":"Removes the specified set of tags from an Amazon OpenSearch Service domain. For more information, see Tagging Amazon OpenSearch Service domains.
" + "documentation":"Removes the specified set of tags from an Amazon OpenSearch Service domain, data source, or application. For more information, see Tagging Amazon OpenSearch Service resources.
" }, "RevokeVpcEndpointAccess":{ "name":"RevokeVpcEndpointAccess", @@ -1103,6 +1171,23 @@ ], "documentation":"Updates a direct-query data source. For more information, see Working with Amazon OpenSearch Service data source integrations with Amazon S3.
" }, + "UpdateDirectQueryDataSource":{ + "name":"UpdateDirectQueryDataSource", + "http":{ + "method":"PUT", + "requestUri":"/2021-01-01/opensearch/directQueryDataSource/{DataSourceName}" + }, + "input":{"shape":"UpdateDirectQueryDataSourceRequest"}, + "output":{"shape":"UpdateDirectQueryDataSourceResponse"}, + "errors":[ + {"shape":"BaseException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"DisabledOperationException"} + ], + "documentation":"Updates the configuration or properties of an existing direct query data source in Amazon OpenSearch Service.
" + }, "UpdateDomainConfig":{ "name":"UpdateDomainConfig", "http":{ @@ -1393,6 +1478,42 @@ }, "documentation":"The result of an AddDataSource operation.
A unique, user-defined label to identify the data source within your OpenSearch Service environment.
" + }, + "DataSourceType":{ + "shape":"DirectQueryDataSourceType", + "documentation":"The supported Amazon Web Services service that you want to use as the source for direct queries in OpenSearch Service.
" + }, + "Description":{ + "shape":"DirectQueryDataSourceDescription", + "documentation":"An optional text field for providing additional context and details about the data source.
" + }, + "OpenSearchArns":{ + "shape":"DirectQueryOpenSearchARNList", + "documentation":"A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source.
" + }, + "TagList":{"shape":"TagList"} + } + }, + "AddDirectQueryDataSourceResponse":{ + "type":"structure", + "members":{ + "DataSourceArn":{ + "shape":"String", + "documentation":"The unique, system-generated identifier that represents the data source.
" + } + } + }, "AddTagsRequest":{ "type":"structure", "required":[ @@ -1402,14 +1523,14 @@ "members":{ "ARN":{ "shape":"ARN", - "documentation":"Amazon Resource Name (ARN) for the OpenSearch Service domain to which you want to attach resource tags.
" + "documentation":"Amazon Resource Name (ARN) for the OpenSearch Service domain, data source, or application to which you want to attach resource tags.
" }, "TagList":{ "shape":"TagList", "documentation":"List of resource tags.
" } }, - "documentation":"Container for the parameters to the AddTags operation. Specifies the tags to attach to the domain.
Container for the parameters to the AddTags operation. Specifies the tags to attach to the domain, data source, or application.
The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
" + } + }, + "documentation":"Configuration details for a CloudWatch Logs data source that can be used for direct queries.
" + }, "CloudWatchLogsLogGroupArn":{ "type":"string", "documentation":"ARN of the Cloudwatch log group to publish logs to.
", @@ -2821,6 +2953,18 @@ }, "documentation":"The result of a GetDataSource operation.
A unique, user-defined label to identify the data source within your OpenSearch Service environment.
", + "location":"uri", + "locationName":"DataSourceName" + } + } + }, "DeleteDomainRequest":{ "type":"structure", "required":["DomainName"], @@ -3505,6 +3649,76 @@ } }, "Description":{"type":"string"}, + "DirectQueryDataSource":{ + "type":"structure", + "members":{ + "DataSourceName":{ + "shape":"DirectQueryDataSourceName", + "documentation":"A unique, user-defined label to identify the data source within your OpenSearch Service environment.
" + }, + "DataSourceType":{ + "shape":"DirectQueryDataSourceType", + "documentation":"The supported Amazon Web Services service that is used as the source for direct queries in OpenSearch Service.
" + }, + "Description":{ + "shape":"DirectQueryDataSourceDescription", + "documentation":"A description that provides additional context and details about the data source.
" + }, + "OpenSearchArns":{ + "shape":"DirectQueryOpenSearchARNList", + "documentation":"A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source.
" + }, + "DataSourceArn":{ + "shape":"String", + "documentation":"The unique, system-generated identifier that represents the data source.
" + }, + "TagList":{ + "shape":"TagList", + "documentation":"A list of tags attached to a direct query data source.
" + } + }, + "documentation":"The configuration details for a data source that can be directly queried.
" + }, + "DirectQueryDataSourceDescription":{ + "type":"string", + "max":1000, + "pattern":"^([a-zA-Z0-9_])*[\\\\a-zA-Z0-9_@#%*+=:?./!\\s-]*$" + }, + "DirectQueryDataSourceList":{ + "type":"list", + "member":{"shape":"DirectQueryDataSource"} + }, + "DirectQueryDataSourceName":{ + "type":"string", + "max":80, + "min":3, + "pattern":"[a-z][a-z0-9_]+" + }, + "DirectQueryDataSourceRoleArn":{ + "type":"string", + "max":200, + "min":32, + "pattern":"^arn:aws[a-zA-Z-]*:iam::\\d{12}:role(\\/service-role)?\\/[A-Za-z0-9+=,.@\\-_]{1,64}$" + }, + "DirectQueryDataSourceType":{ + "type":"structure", + "members":{ + "CloudWatchLog":{ + "shape":"CloudWatchDirectQueryDataSource", + "documentation":"Specifies CloudWatch Logs as a type of data source for direct queries.
" + }, + "SecurityLake":{ + "shape":"SecurityLakeDirectQueryDataSource", + "documentation":"Specifies Security Lake as a type of data source for direct queries.
" + } + }, + "documentation":"The type of data source that is used for direct queries. This is a supported Amazon Web Services service, such as CloudWatch Logs or Security Lake.
", + "union":true + }, + "DirectQueryOpenSearchARNList":{ + "type":"list", + "member":{"shape":"ARN"} + }, "DisableTimestamp":{"type":"timestamp"}, "DisabledOperationException":{ "type":"structure", @@ -4442,6 +4656,43 @@ }, "documentation":"The result of a GetDataSource operation.
A unique, user-defined label that identifies the data source within your OpenSearch Service environment.
", + "location":"uri", + "locationName":"DataSourceName" + } + } + }, + "GetDirectQueryDataSourceResponse":{ + "type":"structure", + "members":{ + "DataSourceName":{ + "shape":"DirectQueryDataSourceName", + "documentation":"A unique, user-defined label to identify the data source within your OpenSearch Service environment.
" + }, + "DataSourceType":{ + "shape":"DirectQueryDataSourceType", + "documentation":"The supported Amazon Web Services service that is used as the source for direct queries in OpenSearch Service.
" + }, + "Description":{ + "shape":"DirectQueryDataSourceDescription", + "documentation":"A description that provides additional context and details about the data source.
" + }, + "OpenSearchArns":{ + "shape":"DirectQueryOpenSearchARNList", + "documentation":"A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source.
" + }, + "DataSourceArn":{ + "shape":"String", + "documentation":"The unique, system-generated identifier that represents the data source.
" + } + } + }, "GetDomainMaintenanceStatusRequest":{ "type":"structure", "required":[ @@ -5099,6 +5350,26 @@ }, "documentation":"The result of a ListDataSources operation.
A list of the direct query data sources that are returned by the ListDirectQueryDataSources API operation.
Amazon Resource Name (ARN) for the domain to view tags for.
", + "documentation":"Amazon Resource Name (ARN) for the domain, data source, or application to view tags for.
", "location":"querystring", "locationName":"arn" } @@ -5360,7 +5631,7 @@ "members":{ "TagList":{ "shape":"TagList", - "documentation":"List of resource tags associated with the specified domain.
" + "documentation":"List of resource tags associated with the specified domain, data source, or application.
" } }, "documentation":"The results of a ListTags operation.
The Amazon Resource Name (ARN) of the domain from which you want to delete the specified tags.
" + "documentation":"The Amazon Resource Name (ARN) of the domain, data source, or application from which you want to delete the specified tags.
" }, "TagKeys":{ "shape":"StringList", - "documentation":"The list of tag keys to remove from the domain.
" + "documentation":"The list of tag keys to remove from the domain, data source, or application.
" } }, "documentation":"Container for the request parameters to the RemoveTags operation.
The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
" + } + }, + "documentation":"Configuration details for a Security Lake data source that can be used for direct queries.
" + }, "ServiceSoftwareOptions":{ "type":"structure", "members":{ @@ -7337,6 +7619,43 @@ }, "documentation":"The result of an UpdateDataSource operation.
A unique, user-defined label to identify the data source within your OpenSearch Service environment.
", + "location":"uri", + "locationName":"DataSourceName" + }, + "DataSourceType":{ + "shape":"DirectQueryDataSourceType", + "documentation":"The supported Amazon Web Services service that you want to use as the source for direct queries in OpenSearch Service.
" + }, + "Description":{ + "shape":"DirectQueryDataSourceDescription", + "documentation":"An optional text field for providing additional context and details about the data source.
" + }, + "OpenSearchArns":{ + "shape":"DirectQueryOpenSearchARNList", + "documentation":"A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source.
" + } + } + }, + "UpdateDirectQueryDataSourceResponse":{ + "type":"structure", + "members":{ + "DataSourceArn":{ + "shape":"String", + "documentation":"The unique, system-generated identifier that represents the data source.
" + } + } + }, "UpdateDomainConfigRequest":{ "type":"structure", "required":["DomainName"], From 5fa3e3cc82776e7f7045dff02233537bad1079a5 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:06 +0000 Subject: [PATCH 08/35] Amazon Q Connect Update: This release adds following capabilities: Configuring safeguards via AIGuardrails for Q in Connect inferencing, and APIs to support Q&A self-service use cases --- .../feature-AmazonQConnect-4057b7d.json | 6 + .../codegen-resources/paginators-1.json | 18 + .../codegen-resources/service-2.json | 1822 +++++++++++++++-- 3 files changed, 1681 insertions(+), 165 deletions(-) create mode 100644 .changes/next-release/feature-AmazonQConnect-4057b7d.json diff --git a/.changes/next-release/feature-AmazonQConnect-4057b7d.json b/.changes/next-release/feature-AmazonQConnect-4057b7d.json new file mode 100644 index 00000000000..26f62ed5ed9 --- /dev/null +++ b/.changes/next-release/feature-AmazonQConnect-4057b7d.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Q Connect", + "contributor": "", + "description": "This release adds following capabilities: Configuring safeguards via AIGuardrails for Q in Connect inferencing, and APIs to support Q&A self-service use cases" +} diff --git a/services/qconnect/src/main/resources/codegen-resources/paginators-1.json b/services/qconnect/src/main/resources/codegen-resources/paginators-1.json index 39620f59867..52c8260d046 100644 --- a/services/qconnect/src/main/resources/codegen-resources/paginators-1.json +++ b/services/qconnect/src/main/resources/codegen-resources/paginators-1.json @@ -12,6 +12,18 @@ "limit_key": "maxResults", "result_key": "aiAgentSummaries" }, + "ListAIGuardrailVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "aiGuardrailVersionSummaries" + }, + "ListAIGuardrails": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "aiGuardrailSummaries" + }, "ListAIPromptVersions": { "input_token": "nextToken", "output_token": "nextToken", @@ -72,6 +84,12 @@ "limit_key": "maxResults", "result_key": "messageTemplateSummaries" }, + "ListMessages": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "messages" + }, "ListQuickResponses": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/services/qconnect/src/main/resources/codegen-resources/service-2.json b/services/qconnect/src/main/resources/codegen-resources/service-2.json index fd6d528ee8d..60806587475 100644 --- a/services/qconnect/src/main/resources/codegen-resources/service-2.json +++ b/services/qconnect/src/main/resources/codegen-resources/service-2.json @@ -72,6 +72,46 @@ "documentation":"Creates and Amazon Q in Connect AI Agent version.
", "idempotent":true }, + "CreateAIGuardrail":{ + "name":"CreateAIGuardrail", + "http":{ + "method":"POST", + "requestUri":"/assistants/{assistantId}/aiguardrails", + "responseCode":200 + }, + "input":{"shape":"CreateAIGuardrailRequest"}, + "output":{"shape":"CreateAIGuardrailResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates an Amazon Q in Connect AI Guardrail.
", + "idempotent":true + }, + "CreateAIGuardrailVersion":{ + "name":"CreateAIGuardrailVersion", + "http":{ + "method":"POST", + "requestUri":"/assistants/{assistantId}/aiguardrails/{aiGuardrailId}/versions", + "responseCode":200 + }, + "input":{"shape":"CreateAIGuardrailVersionRequest"}, + "output":{"shape":"CreateAIGuardrailVersionResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates an Amazon Q in Connect AI Guardrail version.
", + "idempotent":true + }, "CreateAIPrompt":{ "name":"CreateAIPrompt", "http":{ @@ -356,6 +396,44 @@ "documentation":"Deletes an Amazon Q in Connect AI Agent Version.
", "idempotent":true }, + "DeleteAIGuardrail":{ + "name":"DeleteAIGuardrail", + "http":{ + "method":"DELETE", + "requestUri":"/assistants/{assistantId}/aiguardrails/{aiGuardrailId}", + "responseCode":202 + }, + "input":{"shape":"DeleteAIGuardrailRequest"}, + "output":{"shape":"DeleteAIGuardrailResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Deletes an Amazon Q in Connect AI Guardrail.
", + "idempotent":true + }, + "DeleteAIGuardrailVersion":{ + "name":"DeleteAIGuardrailVersion", + "http":{ + "method":"DELETE", + "requestUri":"/assistants/{assistantId}/aiguardrails/{aiGuardrailId}/versions/{versionNumber}", + "responseCode":202 + }, + "input":{"shape":"DeleteAIGuardrailVersionRequest"}, + "output":{"shape":"DeleteAIGuardrailVersionResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Delete and Amazon Q in Connect AI Guardrail version.
", + "idempotent":true + }, "DeleteAIPrompt":{ "name":"DeleteAIPrompt", "http":{ @@ -569,6 +647,23 @@ ], "documentation":"Gets an Amazon Q in Connect AI Agent.
" }, + "GetAIGuardrail":{ + "name":"GetAIGuardrail", + "http":{ + "method":"GET", + "requestUri":"/assistants/{assistantId}/aiguardrails/{aiGuardrailId}", + "responseCode":200 + }, + "input":{"shape":"GetAIGuardrailRequest"}, + "output":{"shape":"GetAIGuardrailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Gets the Amazon Q in Connect AI Guardrail.
" + }, "GetAIPrompt":{ "name":"GetAIPrompt", "http":{ @@ -715,6 +810,22 @@ ], "documentation":"Retrieves the Amazon Q in Connect message template. The message template identifier can contain an optional qualifier, for example, <message-template-id>:<qualifier>, which is either an actual version number or an Amazon Q Connect managed qualifier $ACTIVE_VERSION | $LATEST. If it is not supplied, then $LATEST is assumed implicitly.
Retrieves next message on an Amazon Q in Connect session.
" + }, "GetQuickResponse":{ "name":"GetQuickResponse", "http":{ @@ -799,6 +910,40 @@ ], "documentation":"Lists AI Agents.
" }, + "ListAIGuardrailVersions":{ + "name":"ListAIGuardrailVersions", + "http":{ + "method":"GET", + "requestUri":"/assistants/{assistantId}/aiguardrails/{aiGuardrailId}/versions", + "responseCode":200 + }, + "input":{"shape":"ListAIGuardrailVersionsRequest"}, + "output":{"shape":"ListAIGuardrailVersionsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Lists AI Guardrail versions.
" + }, + "ListAIGuardrails":{ + "name":"ListAIGuardrails", + "http":{ + "method":"GET", + "requestUri":"/assistants/{assistantId}/aiguardrails", + "responseCode":200 + }, + "input":{"shape":"ListAIGuardrailsRequest"}, + "output":{"shape":"ListAIGuardrailsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Lists the AI Guardrails available on the Amazon Q in Connect assistant.
" + }, "ListAIPromptVersions":{ "name":"ListAIPromptVersions", "http":{ @@ -960,6 +1105,22 @@ ], "documentation":"Lists all the available Amazon Q in Connect message templates for the specified knowledge base.
" }, + "ListMessages":{ + "name":"ListMessages", + "http":{ + "method":"GET", + "requestUri":"/assistants/{assistantId}/sessions/{sessionId}/messages", + "responseCode":200 + }, + "input":{"shape":"ListMessagesRequest"}, + "output":{"shape":"ListMessagesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Lists messages on an Amazon Q in Connect session.
" + }, "ListQuickResponses":{ "name":"ListQuickResponses", "http":{ @@ -1160,6 +1321,26 @@ ], "documentation":"Searches for sessions.
" }, + "SendMessage":{ + "name":"SendMessage", + "http":{ + "method":"POST", + "requestUri":"/assistants/{assistantId}/sessions/{sessionId}/message", + "responseCode":200 + }, + "input":{"shape":"SendMessageRequest"}, + "output":{"shape":"SendMessageResponse"}, + "errors":[ + {"shape":"RequestTimeoutException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Submits a message to the Amazon Q in Connect session.
", + "idempotent":true + }, "StartContentUpload":{ "name":"StartContentUpload", "http":{ @@ -1245,6 +1426,25 @@ "documentation":"Updates an AI Agent.
", "idempotent":true }, + "UpdateAIGuardrail":{ + "name":"UpdateAIGuardrail", + "http":{ + "method":"POST", + "requestUri":"/assistants/{assistantId}/aiguardrails/{aiGuardrailId}", + "responseCode":200 + }, + "input":{"shape":"UpdateAIGuardrailRequest"}, + "output":{"shape":"UpdateAIGuardrailResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Updates an AI Guardrail.
", + "idempotent":true + }, "UpdateAIPrompt":{ "name":"UpdateAIPrompt", "http":{ @@ -1416,6 +1616,10 @@ "manualSearchAIAgentConfiguration":{ "shape":"ManualSearchAIAgentConfiguration", "documentation":"The configuration for AI Agents of type MANUAL_SEARCH.
The configuration for AI Agents of type SELF_SERVICE.
" } }, "documentation":"A typed union that specifies the configuration based on the type of AI Agent.
", @@ -1580,7 +1784,8 @@ "type":"string", "enum":[ "MANUAL_SEARCH", - "ANSWER_RECOMMENDATION" + "ANSWER_RECOMMENDATION", + "SELF_SERVICE" ] }, "AIAgentVersionSummariesList":{ @@ -1601,40 +1806,55 @@ }, "documentation":"The summary of the AI Agent version.
" }, - "AIPromptAPIFormat":{ + "AIGuardrailBlockedMessaging":{ "type":"string", - "enum":[ - "ANTHROPIC_CLAUDE_MESSAGES", - "ANTHROPIC_CLAUDE_TEXT_COMPLETIONS" - ] + "documentation":"Messaging for when violations are detected in text
", + "max":500, + "min":1, + "sensitive":true }, - "AIPromptData":{ + "AIGuardrailContentPolicyConfig":{ + "type":"structure", + "required":["filtersConfig"], + "members":{ + "filtersConfig":{ + "shape":"GuardrailContentFiltersConfig", + "documentation":"Contains the type of the content filter and how strongly it should apply to prompts and model responses.
" + } + }, + "documentation":"Contains details about how to handle harmful content.
" + }, + "AIGuardrailContextualGroundingPolicyConfig":{ + "type":"structure", + "required":["filtersConfig"], + "members":{ + "filtersConfig":{ + "shape":"GuardrailContextualGroundingFiltersConfig", + "documentation":"The filter configuration details for the AI Guardrails contextual grounding policy.
" + } + }, + "documentation":"The policy configuration details for the AI Guardrail's contextual grounding policy.
" + }, + "AIGuardrailData":{ "type":"structure", "required":[ - "aiPromptArn", - "aiPromptId", - "apiFormat", + "aiGuardrailArn", + "aiGuardrailId", "assistantArn", "assistantId", - "modelId", + "blockedInputMessaging", + "blockedOutputsMessaging", "name", - "templateConfiguration", - "templateType", - "type", "visibilityStatus" ], "members":{ - "aiPromptArn":{ + "aiGuardrailArn":{ "shape":"Arn", - "documentation":"The Amazon Resource Name (ARN) of the AI Prompt.
" + "documentation":"The Amazon Resource Name (ARN) of the AI Guardrail.
" }, - "aiPromptId":{ + "aiGuardrailId":{ "shape":"Uuid", - "documentation":"The identifier of the Amazon Q in Connect AI prompt.
" - }, - "apiFormat":{ - "shape":"AIPromptAPIFormat", - "documentation":"The API format used for this AI Prompt.
" + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail.
" }, "assistantArn":{ "shape":"Arn", @@ -1644,84 +1864,104 @@ "shape":"Uuid", "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
" }, - "description":{ - "shape":"Description", - "documentation":"The description of the AI Prompt.
" + "blockedInputMessaging":{ + "shape":"AIGuardrailBlockedMessaging", + "documentation":"The message to return when the AI Guardrail blocks a prompt.
" }, - "modelId":{ - "shape":"AIPromptModelIdentifier", - "documentation":"The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1.
The message to return when the AI Guardrail blocks a model response.
" + }, + "contentPolicyConfig":{ + "shape":"AIGuardrailContentPolicyConfig", + "documentation":"Contains details about how to handle harmful content.
" + }, + "contextualGroundingPolicyConfig":{ + "shape":"AIGuardrailContextualGroundingPolicyConfig", + "documentation":"The policy configuration details for the AI Guardrail's contextual grounding policy.
" + }, + "description":{ + "shape":"AIGuardrailDescription", + "documentation":"A description of the AI Guardrail.
" }, "modifiedTime":{ "shape":"Timestamp", - "documentation":"The time the AI Prompt was last modified.
" + "documentation":"The time the AI Guardrail was last modified.
" }, "name":{ "shape":"Name", - "documentation":"The name of the AI Prompt
" + "documentation":"The name of the AI Guardrail.
" }, - "origin":{ - "shape":"Origin", - "documentation":"The origin of the AI Prompt. SYSTEM for a default AI Prompt created by Q in Connect or CUSTOMER for an AI Prompt created by calling AI Prompt creation APIs.
Contains details about PII entities and regular expressions to configure for the AI Guardrail.
" }, "status":{ "shape":"Status", - "documentation":"The status of the AI Prompt.
" + "documentation":"The status of the AI Guardrail.
" }, "tags":{ "shape":"Tags", "documentation":"The tags used to organize, track, or control access for this resource.
" }, - "templateConfiguration":{ - "shape":"AIPromptTemplateConfiguration", - "documentation":"The configuration of the prompt template for this AI Prompt.
" - }, - "templateType":{ - "shape":"AIPromptTemplateType", - "documentation":"The type of the prompt template for this AI Prompt.
" - }, - "type":{ - "shape":"AIPromptType", - "documentation":"The type of this AI Prompt.
" + "topicPolicyConfig":{ + "shape":"AIGuardrailTopicPolicyConfig", + "documentation":"Contains details about topics that the AI Guardrail should identify and deny.
" }, "visibilityStatus":{ "shape":"VisibilityStatus", - "documentation":"The visibility status of the AI Prompt.
" + "documentation":"The visibility status of the AI Guardrail.
" + }, + "wordPolicyConfig":{ + "shape":"AIGuardrailWordPolicyConfig", + "documentation":"Contains details about the word policy to configured for the AI Guardrail.
" } }, - "documentation":"The data for the AI Prompt
" + "documentation":"The data for the AI Guardrail
" }, - "AIPromptModelIdentifier":{ + "AIGuardrailDescription":{ "type":"string", - "max":2048, - "min":1 + "documentation":"Description of the guardrail or its version
", + "max":200, + "min":1, + "sensitive":true }, - "AIPromptSummary":{ + "AIGuardrailSensitiveInformationPolicyConfig":{ + "type":"structure", + "members":{ + "piiEntitiesConfig":{ + "shape":"GuardrailPiiEntitiesConfig", + "documentation":"A list of PII entities to configure to the AI Guardrail.
" + }, + "regexesConfig":{ + "shape":"GuardrailRegexesConfig", + "documentation":"A list of regular expressions to configure to the AI Guardrail.
" + } + }, + "documentation":"Contains details about PII entities and regular expressions to configure for the AI Guardrail.
" + }, + "AIGuardrailSummariesList":{ + "type":"list", + "member":{"shape":"AIGuardrailSummary"} + }, + "AIGuardrailSummary":{ "type":"structure", "required":[ - "aiPromptArn", - "aiPromptId", - "apiFormat", + "aiGuardrailArn", + "aiGuardrailId", "assistantArn", "assistantId", - "modelId", "name", - "templateType", - "type", "visibilityStatus" ], "members":{ - "aiPromptArn":{ + "aiGuardrailArn":{ "shape":"Arn", - "documentation":"The Amazon Resource Name (ARN) of the AI Prompt.
" + "documentation":"The Amazon Resource Name (ARN) of the AI Guardrail.
" }, - "aiPromptId":{ + "aiGuardrailId":{ "shape":"Uuid", - "documentation":"The identifier of the Amazon Q in Connect AI prompt.
" - }, - "apiFormat":{ - "shape":"AIPromptAPIFormat", - "documentation":"The API format used for this AI Prompt.
" + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail.
" }, "assistantArn":{ "shape":"Arn", @@ -1732,61 +1972,261 @@ "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
" }, "description":{ - "shape":"Description", - "documentation":"The description of the AI Prompt.
" - }, - "modelId":{ - "shape":"AIPromptModelIdentifier", - "documentation":"The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1.
A description of the AI Guardrail.
" }, "modifiedTime":{ "shape":"Timestamp", - "documentation":"The time the AI Prompt was last modified.
" + "documentation":"The time the AI Guardrail was last modified.
" }, "name":{ "shape":"Name", - "documentation":"The name of the AI Prompt.
" - }, - "origin":{ - "shape":"Origin", - "documentation":"The origin of the AI Prompt. SYSTEM for a default AI Prompt created by Q in Connect or CUSTOMER for an AI Prompt created by calling AI Prompt creation APIs.
The name of the AI Guardrail.
" }, "status":{ "shape":"Status", - "documentation":"The status of the AI Prompt.
" + "documentation":"The status of the AI Guardrail.
" }, "tags":{ "shape":"Tags", "documentation":"The tags used to organize, track, or control access for this resource.
" }, - "templateType":{ - "shape":"AIPromptTemplateType", - "documentation":"The type of the prompt template for this AI Prompt.
" - }, - "type":{ - "shape":"AIPromptType", - "documentation":"The type of this AI Prompt.
" - }, "visibilityStatus":{ "shape":"VisibilityStatus", - "documentation":"The visibility status of the AI Prompt.
" + "documentation":"The visibility status of the AI Guardrail.
" } }, - "documentation":"The summary of the AI Prompt.
" - }, - "AIPromptSummaryList":{ - "type":"list", - "member":{"shape":"AIPromptSummary"} + "documentation":"The summary of the AI Guardrail.
" }, - "AIPromptTemplateConfiguration":{ + "AIGuardrailTopicPolicyConfig":{ "type":"structure", + "required":["topicsConfig"], "members":{ - "textFullAIPromptEditTemplateConfiguration":{ - "shape":"TextFullAIPromptEditTemplateConfiguration", - "documentation":"The configuration for a prompt template that supports full textual prompt configuration using a YAML prompt.
" + "topicsConfig":{ + "shape":"GuardrailTopicsConfig", + "documentation":"A list of policies related to topics that the AI Guardrail should deny.
" } }, - "documentation":"A typed union that specifies the configuration for a prompt template based on its type.
", + "documentation":"Contains details about topics that the AI Guardrail should identify and deny.
" + }, + "AIGuardrailVersionSummariesList":{ + "type":"list", + "member":{"shape":"AIGuardrailVersionSummary"} + }, + "AIGuardrailVersionSummary":{ + "type":"structure", + "members":{ + "aiGuardrailSummary":{ + "shape":"AIGuardrailSummary", + "documentation":"The data for the summary of the AI Guardrail version.
" + }, + "versionNumber":{ + "shape":"Version", + "documentation":"The version number for this AI Guardrail version.
" + } + }, + "documentation":"The summary of the AI Guardrail version.
" + }, + "AIGuardrailWordPolicyConfig":{ + "type":"structure", + "members":{ + "managedWordListsConfig":{ + "shape":"GuardrailManagedWordListsConfig", + "documentation":"A list of managed words to configure for the AI Guardrail.
" + }, + "wordsConfig":{ + "shape":"GuardrailWordsConfig", + "documentation":"A list of words to configure for the AI Guardrail.
" + } + }, + "documentation":"Contains details about the word policy to configured for the AI Guardrail.
" + }, + "AIPromptAPIFormat":{ + "type":"string", + "enum":[ + "ANTHROPIC_CLAUDE_MESSAGES", + "ANTHROPIC_CLAUDE_TEXT_COMPLETIONS" + ] + }, + "AIPromptData":{ + "type":"structure", + "required":[ + "aiPromptArn", + "aiPromptId", + "apiFormat", + "assistantArn", + "assistantId", + "modelId", + "name", + "templateConfiguration", + "templateType", + "type", + "visibilityStatus" + ], + "members":{ + "aiPromptArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the AI Prompt.
" + }, + "aiPromptId":{ + "shape":"Uuid", + "documentation":"The identifier of the Amazon Q in Connect AI prompt.
" + }, + "apiFormat":{ + "shape":"AIPromptAPIFormat", + "documentation":"The API format used for this AI Prompt.
" + }, + "assistantArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.
" + }, + "assistantId":{ + "shape":"Uuid", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
" + }, + "description":{ + "shape":"Description", + "documentation":"The description of the AI Prompt.
" + }, + "modelId":{ + "shape":"AIPromptModelIdentifier", + "documentation":"The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1.
The time the AI Prompt was last modified.
" + }, + "name":{ + "shape":"Name", + "documentation":"The name of the AI Prompt
" + }, + "origin":{ + "shape":"Origin", + "documentation":"The origin of the AI Prompt. SYSTEM for a default AI Prompt created by Q in Connect or CUSTOMER for an AI Prompt created by calling AI Prompt creation APIs.
The status of the AI Prompt.
" + }, + "tags":{ + "shape":"Tags", + "documentation":"The tags used to organize, track, or control access for this resource.
" + }, + "templateConfiguration":{ + "shape":"AIPromptTemplateConfiguration", + "documentation":"The configuration of the prompt template for this AI Prompt.
" + }, + "templateType":{ + "shape":"AIPromptTemplateType", + "documentation":"The type of the prompt template for this AI Prompt.
" + }, + "type":{ + "shape":"AIPromptType", + "documentation":"The type of this AI Prompt.
" + }, + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"The visibility status of the AI Prompt.
" + } + }, + "documentation":"The data for the AI Prompt
" + }, + "AIPromptModelIdentifier":{ + "type":"string", + "max":2048, + "min":1 + }, + "AIPromptSummary":{ + "type":"structure", + "required":[ + "aiPromptArn", + "aiPromptId", + "apiFormat", + "assistantArn", + "assistantId", + "modelId", + "name", + "templateType", + "type", + "visibilityStatus" + ], + "members":{ + "aiPromptArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the AI Prompt.
" + }, + "aiPromptId":{ + "shape":"Uuid", + "documentation":"The identifier of the Amazon Q in Connect AI prompt.
" + }, + "apiFormat":{ + "shape":"AIPromptAPIFormat", + "documentation":"The API format used for this AI Prompt.
" + }, + "assistantArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.
" + }, + "assistantId":{ + "shape":"Uuid", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
" + }, + "description":{ + "shape":"Description", + "documentation":"The description of the AI Prompt.
" + }, + "modelId":{ + "shape":"AIPromptModelIdentifier", + "documentation":"The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1.
The time the AI Prompt was last modified.
" + }, + "name":{ + "shape":"Name", + "documentation":"The name of the AI Prompt.
" + }, + "origin":{ + "shape":"Origin", + "documentation":"The origin of the AI Prompt. SYSTEM for a default AI Prompt created by Q in Connect or CUSTOMER for an AI Prompt created by calling AI Prompt creation APIs.
The status of the AI Prompt.
" + }, + "tags":{ + "shape":"Tags", + "documentation":"The tags used to organize, track, or control access for this resource.
" + }, + "templateType":{ + "shape":"AIPromptTemplateType", + "documentation":"The type of the prompt template for this AI Prompt.
" + }, + "type":{ + "shape":"AIPromptType", + "documentation":"The type of this AI Prompt.
" + }, + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"The visibility status of the AI Prompt.
" + } + }, + "documentation":"The summary of the AI Prompt.
" + }, + "AIPromptSummaryList":{ + "type":"list", + "member":{"shape":"AIPromptSummary"} + }, + "AIPromptTemplateConfiguration":{ + "type":"structure", + "members":{ + "textFullAIPromptEditTemplateConfiguration":{ + "shape":"TextFullAIPromptEditTemplateConfiguration", + "documentation":"The configuration for a prompt template that supports full textual prompt configuration using a YAML prompt.
" + } + }, + "documentation":"A typed union that specifies the configuration for a prompt template based on its type.
", "union":true }, "AIPromptTemplateType":{ @@ -1798,7 +2238,9 @@ "enum":[ "ANSWER_GENERATION", "INTENT_LABELING_GENERATION", - "QUERY_REFORMULATION" + "QUERY_REFORMULATION", + "SELF_SERVICE_PRE_PROCESSING", + "SELF_SERVICE_ANSWER_GENERATION" ] }, "AIPromptVersionSummariesList":{ @@ -1910,6 +2352,10 @@ "AnswerRecommendationAIAgentConfiguration":{ "type":"structure", "members":{ + "answerGenerationAIGuardrailId":{ + "shape":"UuidWithQualifier", + "documentation":"The AI Guardrail identifier for the Answer Generation Guardrail used by the ANSWER_RECOMMENDATION AI Agent.
The AI Prompt identifier for the Answer Generation prompt used by the ANSWER_RECOMMENDATION AI Agent.
The self service conversation history before the Amazon Q in Connect session.
" + } + }, + "documentation":"The conversation context to include in SendMessage.
" + }, + "ConversationState":{ + "type":"structure", + "required":["status"], + "members":{ + "reason":{ + "shape":"ConversationStatusReason", + "documentation":"The reason of the conversation state.
" + }, + "status":{ + "shape":"ConversationStatus", + "documentation":"The status of the conversation state.
" + } + }, + "documentation":"The conversation state associated to a message.
" + }, + "ConversationStatus":{ + "type":"string", + "enum":[ + "CLOSED", + "READY", + "PROCESSING" + ] + }, + "ConversationStatusReason":{ + "type":"string", + "enum":[ + "SUCCESS", + "FAILED", + "REJECTED" + ] + }, "CreateAIAgentRequest":{ "type":"structure", "required":[ @@ -2861,57 +3349,176 @@ } } }, - "CreateAIPromptRequest":{ + "CreateAIGuardrailRequest":{ "type":"structure", "required":[ - "apiFormat", "assistantId", - "modelId", + "blockedInputMessaging", + "blockedOutputsMessaging", "name", - "templateConfiguration", - "templateType", - "type", "visibilityStatus" ], "members":{ - "apiFormat":{ - "shape":"AIPromptAPIFormat", - "documentation":"The API Format of the AI Prompt.
" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", "location":"uri", "locationName":"assistantId" }, + "blockedInputMessaging":{ + "shape":"AIGuardrailBlockedMessaging", + "documentation":"The message to return when the AI Guardrail blocks a prompt.
" + }, + "blockedOutputsMessaging":{ + "shape":"AIGuardrailBlockedMessaging", + "documentation":"The message to return when the AI Guardrail blocks a model response.
" + }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..
", "idempotencyToken":true }, - "description":{ - "shape":"Description", - "documentation":"The description of the AI Prompt.
" + "contentPolicyConfig":{ + "shape":"AIGuardrailContentPolicyConfig", + "documentation":"The content filter policies to configure for the AI Guardrail.
" }, - "modelId":{ - "shape":"AIPromptModelIdentifier", - "documentation":"The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1
The contextual grounding policy configuration used to create an AI Guardrail.
" + }, + "description":{ + "shape":"AIGuardrailDescription", + "documentation":"A description of the AI Guardrail.
" }, "name":{ "shape":"Name", - "documentation":"The name of the AI Prompt.
" + "documentation":"The name of the AI Guardrail.
" + }, + "sensitiveInformationPolicyConfig":{ + "shape":"AIGuardrailSensitiveInformationPolicyConfig", + "documentation":"The sensitive information policy to configure for the AI Guardrail.
" }, "tags":{ "shape":"Tags", "documentation":"The tags used to organize, track, or control access for this resource.
" }, - "templateConfiguration":{ - "shape":"AIPromptTemplateConfiguration", - "documentation":"The configuration of the prompt template for this AI Prompt.
" + "topicPolicyConfig":{ + "shape":"AIGuardrailTopicPolicyConfig", + "documentation":"The topic policies to configure for the AI Guardrail.
" }, - "templateType":{ - "shape":"AIPromptTemplateType", - "documentation":"The type of the prompt template for this AI Prompt.
" + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"The visibility status of the AI Guardrail.
" + }, + "wordPolicyConfig":{ + "shape":"AIGuardrailWordPolicyConfig", + "documentation":"The word policy you configure for the AI Guardrail.
" + } + } + }, + "CreateAIGuardrailResponse":{ + "type":"structure", + "members":{ + "aiGuardrail":{ + "shape":"AIGuardrailData", + "documentation":"The data of the AI Guardrail.
" + } + } + }, + "CreateAIGuardrailVersionRequest":{ + "type":"structure", + "required":[ + "aiGuardrailId", + "assistantId" + ], + "members":{ + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail.
", + "location":"uri", + "locationName":"aiGuardrailId" + }, + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..
", + "idempotencyToken":true + }, + "modifiedTime":{ + "shape":"Timestamp", + "documentation":"The time the AI Guardrail was last modified.
" + } + } + }, + "CreateAIGuardrailVersionResponse":{ + "type":"structure", + "members":{ + "aiGuardrail":{ + "shape":"AIGuardrailData", + "documentation":"The data of the AI Guardrail version.
" + }, + "versionNumber":{ + "shape":"Version", + "documentation":"The version number of the AI Guardrail version.
" + } + } + }, + "CreateAIPromptRequest":{ + "type":"structure", + "required":[ + "apiFormat", + "assistantId", + "modelId", + "name", + "templateConfiguration", + "templateType", + "type", + "visibilityStatus" + ], + "members":{ + "apiFormat":{ + "shape":"AIPromptAPIFormat", + "documentation":"The API Format of the AI Prompt.
" + }, + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..
", + "idempotencyToken":true + }, + "description":{ + "shape":"Description", + "documentation":"The description of the AI Prompt.
" + }, + "modelId":{ + "shape":"AIPromptModelIdentifier", + "documentation":"The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1
The name of the AI Prompt.
" + }, + "tags":{ + "shape":"Tags", + "documentation":"The tags used to organize, track, or control access for this resource.
" + }, + "templateConfiguration":{ + "shape":"AIPromptTemplateConfiguration", + "documentation":"The configuration of the prompt template for this AI Prompt.
" + }, + "templateType":{ + "shape":"AIPromptTemplateType", + "documentation":"The type of the prompt template for this AI Prompt.
" }, "type":{ "shape":"AIPromptType", @@ -3888,6 +4495,65 @@ "members":{ } }, + "DeleteAIGuardrailRequest":{ + "type":"structure", + "required":[ + "aiGuardrailId", + "assistantId" + ], + "members":{ + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"aiGuardrailId" + }, + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + } + } + }, + "DeleteAIGuardrailResponse":{ + "type":"structure", + "members":{ + } + }, + "DeleteAIGuardrailVersionRequest":{ + "type":"structure", + "required":[ + "aiGuardrailId", + "assistantId", + "versionNumber" + ], + "members":{ + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail.
", + "location":"uri", + "locationName":"aiGuardrailId" + }, + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + }, + "versionNumber":{ + "shape":"Version", + "documentation":"The version number of the AI Guardrail version to be deleted.
", + "location":"uri", + "locationName":"versionNumber" + } + } + }, + "DeleteAIGuardrailVersionResponse":{ + "type":"structure", + "members":{ + } + }, "DeleteAIPromptRequest":{ "type":"structure", "required":[ @@ -4555,6 +5221,40 @@ } } }, + "GetAIGuardrailRequest":{ + "type":"structure", + "required":[ + "aiGuardrailId", + "assistantId" + ], + "members":{ + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail.
", + "location":"uri", + "locationName":"aiGuardrailId" + }, + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + } + } + }, + "GetAIGuardrailResponse":{ + "type":"structure", + "members":{ + "aiGuardrail":{ + "shape":"AIGuardrailData", + "documentation":"The data of the AI Guardrail.
" + }, + "versionNumber":{ + "shape":"Version", + "documentation":"The version number of the AI Guardrail version (returned if an AI Guardrail version was specified via use of a qualifier for the aiGuardrailId on the request).
The identifier of the Amazon Q in Connect assistant.
", + "location":"uri", + "locationName":"assistantId" + }, + "nextMessageToken":{ + "shape":"NextToken", + "documentation":"The token for the next message. Use the value returned in the SendMessage or previous response in the next request to retrieve the next message.
", + "location":"querystring", + "locationName":"nextMessageToken" + }, + "sessionId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect session.
", + "location":"uri", + "locationName":"sessionId" + } + } + }, + "GetNextMessageResponse":{ + "type":"structure", + "required":[ + "conversationState", + "requestMessageId", + "response", + "type" + ], + "members":{ + "conversationSessionData":{ + "shape":"RuntimeSessionDataList", + "documentation":"The conversation data stored on an Amazon Q in Connect Session.
" + }, + "conversationState":{ + "shape":"ConversationState", + "documentation":"The state of current conversation.
" + }, + "nextMessageToken":{ + "shape":"NextToken", + "documentation":"The token for the next message.
" + }, + "requestMessageId":{ + "shape":"Uuid", + "documentation":"The identifier of the submitted message.
" + }, + "response":{ + "shape":"MessageOutput", + "documentation":"The message response to the requested message.
" + }, + "type":{ + "shape":"MessageType", + "documentation":"The type of message response.
" + } + } + }, "GetQuickResponseRequest":{ "type":"structure", "required":[ @@ -4955,6 +5718,335 @@ "type":"list", "member":{"shape":"GroupingValue"} }, + "GuardrailContentFilterConfig":{ + "type":"structure", + "required":[ + "inputStrength", + "outputStrength", + "type" + ], + "members":{ + "inputStrength":{ + "shape":"GuardrailFilterStrength", + "documentation":"The strength of the content filter to apply to prompts. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces.
" + }, + "outputStrength":{ + "shape":"GuardrailFilterStrength", + "documentation":"The strength of the content filter to apply to model responses. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces.
" + }, + "type":{ + "shape":"GuardrailContentFilterType", + "documentation":"The harmful category that the content filter is applied to.
" + } + }, + "documentation":"Contains filter strengths for harmful content. AI Guardrail's support the following content filters to detect and filter harmful user inputs and FM-generated outputs.
Hate: Describes input prompts and model responses that discriminate, criticize, insult, denounce, or dehumanize a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin).
Insults: Describes input prompts and model responses that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying.
Sexual: Describes input prompts and model responses that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex.
Violence: Describes input prompts and model responses that includes glorification of, or threats to inflict physical pain, hurt, or injury toward a person, group, or thing.
Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as Hate with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as Hate with HIGH confidence, Insults with LOW confidence, Sexual with NONE confidence, and Violence with MEDIUM confidence.
" + }, + "GuardrailContentFilterType":{ + "type":"string", + "documentation":"Type of text to text filter in content policy
", + "enum":[ + "SEXUAL", + "VIOLENCE", + "HATE", + "INSULTS", + "MISCONDUCT", + "PROMPT_ATTACK" + ], + "sensitive":true + }, + "GuardrailContentFiltersConfig":{ + "type":"list", + "member":{"shape":"GuardrailContentFilterConfig"}, + "documentation":"List of content filter configs in content policy.
", + "max":6, + "min":1 + }, + "GuardrailContextualGroundingFilterConfig":{ + "type":"structure", + "required":[ + "threshold", + "type" + ], + "members":{ + "threshold":{ + "shape":"GuardrailContextualGroundingFilterThreshold", + "documentation":"The threshold details for the AI Guardrail's contextual grounding filter.
" + }, + "type":{ + "shape":"GuardrailContextualGroundingFilterType", + "documentation":"The filter type for the AI Guardrail's contextual grounding filter.
" + } + }, + "documentation":"The filter configuration details for the AI Guardrail's contextual grounding filter.
" + }, + "GuardrailContextualGroundingFilterThreshold":{ + "type":"double", + "documentation":"The threshold for this filter.
", + "min":0, + "sensitive":true + }, + "GuardrailContextualGroundingFilterType":{ + "type":"string", + "documentation":"Type of contextual grounding filter
", + "enum":[ + "GROUNDING", + "RELEVANCE" + ], + "sensitive":true + }, + "GuardrailContextualGroundingFiltersConfig":{ + "type":"list", + "member":{"shape":"GuardrailContextualGroundingFilterConfig"}, + "documentation":"List of contextual grounding filter configs.
", + "min":1 + }, + "GuardrailFilterStrength":{ + "type":"string", + "documentation":"Strength for filters
", + "enum":[ + "NONE", + "LOW", + "MEDIUM", + "HIGH" + ], + "sensitive":true + }, + "GuardrailManagedWordListsConfig":{ + "type":"list", + "member":{"shape":"GuardrailManagedWordsConfig"}, + "documentation":"A config for the list of managed words.
" + }, + "GuardrailManagedWordsConfig":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"GuardrailManagedWordsType", + "documentation":"The managed word type to configure for the AI Guardrail.
" + } + }, + "documentation":"The managed word list to configure for the AI Guardrail.
" + }, + "GuardrailManagedWordsType":{ + "type":"string", + "documentation":"Options for managed words.
", + "enum":["PROFANITY"], + "sensitive":true + }, + "GuardrailPiiEntitiesConfig":{ + "type":"list", + "member":{"shape":"GuardrailPiiEntityConfig"}, + "documentation":"List of entities.
", + "min":1 + }, + "GuardrailPiiEntityConfig":{ + "type":"structure", + "required":[ + "action", + "type" + ], + "members":{ + "action":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"Configure AI Guardrail's action when the PII entity is detected.
" + }, + "type":{ + "shape":"GuardrailPiiEntityType", + "documentation":"Configure AI Guardrail type when the PII entity is detected.
The following PIIs are used to block or mask sensitive information:
General
ADDRESS
A physical address, such as \"100 Main Street, Anytown, USA\" or \"Suite #12, Building 123\". An address can include information such as the street, building, location, city, state, country, county, zip code, precinct, and neighborhood.
AGE
An individual's age, including the quantity and unit of time. For example, in the phrase \"I am 40 years old,\" Guarrails recognizes \"40 years\" as an age.
NAME
An individual's name. This entity type does not include titles, such as Dr., Mr., Mrs., or Miss. AI Guardrail doesn't apply this entity type to names that are part of organizations or addresses. For example, AI Guardrail recognizes the \"John Doe Organization\" as an organization, and it recognizes \"Jane Doe Street\" as an address.
An email address, such as marymajor@email.com.
PHONE
A phone number. This entity type also includes fax and pager numbers.
USERNAME
A user name that identifies an account, such as a login name, screen name, nick name, or handle.
PASSWORD
An alphanumeric string that is used as a password, such as \"* very20special#pass*\".
DRIVER_ID
The number assigned to a driver's license, which is an official document permitting an individual to operate one or more motorized vehicles on a public road. A driver's license number consists of alphanumeric characters.
LICENSE_PLATE
A license plate for a vehicle is issued by the state or country where the vehicle is registered. The format for passenger vehicles is typically five to eight digits, consisting of upper-case letters and numbers. The format varies depending on the location of the issuing state or country.
VEHICLE_IDENTIFICATION_NUMBER
A Vehicle Identification Number (VIN) uniquely identifies a vehicle. VIN content and format are defined in the ISO 3779 specification. Each country has specific codes and formats for VINs.
Finance
REDIT_DEBIT_CARD_CVV
A three-digit card verification code (CVV) that is present on VISA, MasterCard, and Discover credit and debit cards. For American Express credit or debit cards, the CVV is a four-digit numeric code.
CREDIT_DEBIT_CARD_EXPIRY
The expiration date for a credit or debit card. This number is usually four digits long and is often formatted as month/year or MM/YY. AI Guardrail recognizes expiration dates such as 01/21, 01/2021, and Jan 2021.
CREDIT_DEBIT_CARD_NUMBER
The number for a credit or debit card. These numbers can vary from 13 to 16 digits in length. However, Amazon Comprehend also recognizes credit or debit card numbers when only the last four digits are present.
PIN
A four-digit personal identification number (PIN) with which you can access your bank account.
INTERNATIONAL_BANK_ACCOUNT_NUMBER
An International Bank Account Number has specific formats in each country. For more information, see www.iban.com/structure.
SWIFT_CODE
A SWIFT code is a standard format of Bank Identifier Code (BIC) used to specify a particular bank or branch. Banks use these codes for money transfers such as international wire transfers.
SWIFT codes consist of eight or 11 characters. The 11-digit codes refer to specific branches, while eight-digit codes (or 11-digit codes ending in 'XXX') refer to the head or primary office.
IT
IP_ADDRESS
An IPv4 address, such as 198.51.100.0.
MAC_ADDRESS
A media access control (MAC) address is a unique identifier assigned to a network interface controller (NIC).
URL
A web address, such as www.example.com.
AWS_ACCESS_KEY
A unique identifier that's associated with a secret access key; you use the access key ID and secret access key to sign programmatic Amazon Web Services requests cryptographically.
AWS_SECRET_KEY
A unique identifier that's associated with an access key. You use the access key ID and secret access key to sign programmatic Amazon Web Services requests cryptographically.
USA specific
US_BANK_ACCOUNT_NUMBER
A US bank account number, which is typically 10 to 12 digits long.
US_BANK_ROUTING_NUMBER
A US bank account routing number. These are typically nine digits long,
US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER
A US Individual Taxpayer Identification Number (ITIN) is a nine-digit number that starts with a \"9\" and contain a \"7\" or \"8\" as the fourth digit. An ITIN can be formatted with a space or a dash after the third and forth digits.
US_PASSPORT_NUMBER
A US passport number. Passport numbers range from six to nine alphanumeric characters.
US_SOCIAL_SECURITY_NUMBER
A US Social Security Number (SSN) is a nine-digit number that is issued to US citizens, permanent residents, and temporary working residents.
Canada specific
CA_HEALTH_NUMBER
A Canadian Health Service Number is a 10-digit unique identifier, required for individuals to access healthcare benefits.
CA_SOCIAL_INSURANCE_NUMBER
A Canadian Social Insurance Number (SIN) is a nine-digit unique identifier, required for individuals to access government programs and benefits.
The SIN is formatted as three groups of three digits, such as 123-456-789. A SIN can be validated through a simple check-digit process called the Luhn algorithm .
UK Specific
UK_NATIONAL_HEALTH_SERVICE_NUMBER
A UK National Health Service Number is a 10-17 digit number, such as 485 555 3456. The current system formats the 10-digit number with spaces after the third and sixth digits. The final digit is an error-detecting checksum.
UK_NATIONAL_INSURANCE_NUMBER
A UK National Insurance Number (NINO) provides individuals with access to National Insurance (social security) benefits. It is also used for some purposes in the UK tax system.
The number is nine digits long and starts with two letters, followed by six numbers and one letter. A NINO can be formatted with a space or a dash after the two letters and after the second, forth, and sixth digits.
UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER
A UK Unique Taxpayer Reference (UTR) is a 10-digit number that identifies a taxpayer or a business.
Custom
Regex filter - You can use a regular expressions to define patterns for an AI Guardrail to recognize and act upon such as serial number, booking ID etc..
The PII entity to configure for the AI Guardrail.
" + }, + "GuardrailPiiEntityType":{ + "type":"string", + "documentation":"The currently supported PII entities
", + "enum":[ + "ADDRESS", + "AGE", + "AWS_ACCESS_KEY", + "AWS_SECRET_KEY", + "CA_HEALTH_NUMBER", + "CA_SOCIAL_INSURANCE_NUMBER", + "CREDIT_DEBIT_CARD_CVV", + "CREDIT_DEBIT_CARD_EXPIRY", + "CREDIT_DEBIT_CARD_NUMBER", + "DRIVER_ID", + "EMAIL", + "INTERNATIONAL_BANK_ACCOUNT_NUMBER", + "IP_ADDRESS", + "LICENSE_PLATE", + "MAC_ADDRESS", + "NAME", + "PASSWORD", + "PHONE", + "PIN", + "SWIFT_CODE", + "UK_NATIONAL_HEALTH_SERVICE_NUMBER", + "UK_NATIONAL_INSURANCE_NUMBER", + "UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER", + "URL", + "USERNAME", + "US_BANK_ACCOUNT_NUMBER", + "US_BANK_ROUTING_NUMBER", + "US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER", + "US_PASSPORT_NUMBER", + "US_SOCIAL_SECURITY_NUMBER", + "VEHICLE_IDENTIFICATION_NUMBER" + ], + "sensitive":true + }, + "GuardrailRegexConfig":{ + "type":"structure", + "required":[ + "action", + "name", + "pattern" + ], + "members":{ + "action":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"The AI Guardrail action to configure when matching regular expression is detected.
" + }, + "description":{ + "shape":"GuardrailRegexDescription", + "documentation":"The description of the regular expression to configure for the AI Guardrail.
" + }, + "name":{ + "shape":"GuardrailRegexName", + "documentation":"The name of the regular expression to configure for the AI Guardrail.
" + }, + "pattern":{ + "shape":"GuardrailRegexPattern", + "documentation":"The regular expression pattern to configure for the AI Guardrail.
" + } + }, + "documentation":"The regular expression to configure for the AI Guardrail.
" + }, + "GuardrailRegexDescription":{ + "type":"string", + "documentation":"The regex description.
", + "max":1000, + "min":1, + "sensitive":true + }, + "GuardrailRegexName":{ + "type":"string", + "documentation":"The regex name.
", + "max":100, + "min":1, + "sensitive":true + }, + "GuardrailRegexPattern":{ + "type":"string", + "documentation":"The regex pattern.
", + "min":1, + "sensitive":true + }, + "GuardrailRegexesConfig":{ + "type":"list", + "member":{"shape":"GuardrailRegexConfig"}, + "documentation":"List of regex.
", + "min":1 + }, + "GuardrailSensitiveInformationAction":{ + "type":"string", + "documentation":"Options for sensitive information action.
", + "enum":[ + "BLOCK", + "ANONYMIZE" + ], + "sensitive":true + }, + "GuardrailTopicConfig":{ + "type":"structure", + "required":[ + "definition", + "name", + "type" + ], + "members":{ + "definition":{ + "shape":"GuardrailTopicDefinition", + "documentation":"A definition of the topic to deny.
" + }, + "examples":{ + "shape":"GuardrailTopicExamples", + "documentation":"A list of prompts, each of which is an example of a prompt that can be categorized as belonging to the topic.
" + }, + "name":{ + "shape":"GuardrailTopicName", + "documentation":"The name of the topic to deny.
" + }, + "type":{ + "shape":"GuardrailTopicType", + "documentation":"Specifies to deny the topic.
" + } + }, + "documentation":"Details about topics for the AI Guardrail to identify and deny.
" + }, + "GuardrailTopicDefinition":{ + "type":"string", + "documentation":"Definition of topic in topic policy
", + "max":200, + "min":1, + "sensitive":true + }, + "GuardrailTopicExample":{ + "type":"string", + "documentation":"Text example in topic policy
", + "max":100, + "min":1, + "sensitive":true + }, + "GuardrailTopicExamples":{ + "type":"list", + "member":{"shape":"GuardrailTopicExample"}, + "documentation":"List of text examples
", + "min":0 + }, + "GuardrailTopicName":{ + "type":"string", + "documentation":"Name of topic in topic policy
", + "max":100, + "min":1, + "pattern":"^[0-9a-zA-Z-_ !?.]+$", + "sensitive":true + }, + "GuardrailTopicType":{ + "type":"string", + "documentation":"Type of topic in a policy
", + "enum":["DENY"], + "sensitive":true + }, + "GuardrailTopicsConfig":{ + "type":"list", + "member":{"shape":"GuardrailTopicConfig"}, + "documentation":"List of topic configs in topic policy.
", + "min":1 + }, + "GuardrailWordConfig":{ + "type":"structure", + "required":["text"], + "members":{ + "text":{ + "shape":"GuardrailWordText", + "documentation":"Text of the word configured for the AI Guardrail to block.
" + } + }, + "documentation":"A word to configure for the AI Guardrail.
" + }, + "GuardrailWordText":{ + "type":"string", + "documentation":"The custom word text.
", + "min":1, + "sensitive":true + }, + "GuardrailWordsConfig":{ + "type":"list", + "member":{"shape":"GuardrailWordConfig"}, + "documentation":"List of custom word configs.
", + "min":1 + }, "Headers":{ "type":"map", "key":{"shape":"NonEmptyString"}, @@ -5167,6 +6259,10 @@ "type":"string", "enum":["QUICK_RESPONSES"] }, + "Integer":{ + "type":"integer", + "box":true + }, "IntentDetectedDataDetails":{ "type":"structure", "required":[ @@ -5370,36 +6466,133 @@ "shape":"VectorIngestionConfiguration", "documentation":"Contains details about how to ingest the documents in a data source.
" } - }, - "documentation":"Summary information about the knowledge base.
" - }, - "KnowledgeBaseType":{ - "type":"string", - "enum":[ - "EXTERNAL", - "CUSTOM", - "QUICK_RESPONSES", - "MESSAGE_TEMPLATES", - "MANAGED" - ] + }, + "documentation":"Summary information about the knowledge base.
" + }, + "KnowledgeBaseType":{ + "type":"string", + "enum":[ + "EXTERNAL", + "CUSTOM", + "QUICK_RESPONSES", + "MESSAGE_TEMPLATES", + "MANAGED" + ] + }, + "LanguageCode":{ + "type":"string", + "max":5, + "min":2 + }, + "ListAIAgentVersionsRequest":{ + "type":"structure", + "required":[ + "aiAgentId", + "assistantId" + ], + "members":{ + "aiAgentId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"The identifier of the Amazon Q in Connect AI Agent for which versions are to be listed.
", + "location":"uri", + "locationName":"aiAgentId" + }, + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of results to return per page.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "origin":{ + "shape":"Origin", + "documentation":"The origin of the AI Agent versions to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.
The summaries of AI Agent versions.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
" + } + } + }, + "ListAIAgentsRequest":{ + "type":"structure", + "required":["assistantId"], + "members":{ + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of results to return per page.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "origin":{ + "shape":"Origin", + "documentation":"The origin of the AI Agents to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.
The summaries of AI Agents.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
" + } + } }, - "ListAIAgentVersionsRequest":{ + "ListAIGuardrailVersionsRequest":{ "type":"structure", "required":[ - "aiAgentId", + "aiGuardrailId", "assistantId" ], "members":{ - "aiAgentId":{ + "aiGuardrailId":{ "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"The identifier of the Amazon Q in Connect AI Agent for which versions are to be listed.
", + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail for which versions are to be listed.
", "location":"uri", - "locationName":"aiAgentId" + "locationName":"aiGuardrailId" }, "assistantId":{ "shape":"UuidOrArn", @@ -5418,22 +6611,16 @@ "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", "location":"querystring", "locationName":"nextToken" - }, - "origin":{ - "shape":"Origin", - "documentation":"The origin of the AI Agent versions to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.
The summaries of AI Agent versions.
" + "aiGuardrailVersionSummaries":{ + "shape":"AIGuardrailVersionSummariesList", + "documentation":"The summaries of the AI Guardrail versions.
" }, "nextToken":{ "shape":"NextToken", @@ -5441,7 +6628,7 @@ } } }, - "ListAIAgentsRequest":{ + "ListAIGuardrailsRequest":{ "type":"structure", "required":["assistantId"], "members":{ @@ -5462,22 +6649,16 @@ "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", "location":"querystring", "locationName":"nextToken" - }, - "origin":{ - "shape":"Origin", - "documentation":"The origin of the AI Agents to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.
The summaries of AI Agents.
" + "aiGuardrailSummaries":{ + "shape":"AIGuardrailSummariesList", + "documentation":"The summaries of the AI Guardrails.
" }, "nextToken":{ "shape":"NextToken", @@ -5890,6 +7071,53 @@ } } }, + "ListMessagesRequest":{ + "type":"structure", + "required":[ + "assistantId", + "sessionId" + ], + "members":{ + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant.
", + "location":"uri", + "locationName":"assistantId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of results to return per page.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "sessionId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect session.
", + "location":"uri", + "locationName":"sessionId" + } + } + }, + "ListMessagesResponse":{ + "type":"structure", + "required":["messages"], + "members":{ + "messages":{ + "shape":"MessageList", + "documentation":"The message information.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
" + } + } + }, "ListQuickResponsesRequest":{ "type":"structure", "required":["knowledgeBaseId"], @@ -5968,6 +7196,10 @@ "ManualSearchAIAgentConfiguration":{ "type":"structure", "members":{ + "answerGenerationAIGuardrailId":{ + "shape":"UuidWithQualifier", + "documentation":"The AI Guardrail identifier for the Answer Generation guardrail used by the MANUAL_SEARCH AI Agent.
" + }, "answerGenerationAIPromptId":{ "shape":"UuidWithQualifier", "documentation":"The AI Prompt identifier for the Answer Generation prompt used by the MANUAL_SEARCH AI Agent.
" @@ -5985,6 +7217,60 @@ "max":100, "min":1 }, + "MessageData":{ + "type":"structure", + "members":{ + "text":{ + "shape":"TextMessage", + "documentation":"The message data in text type.
" + } + }, + "documentation":"The message data.
", + "union":true + }, + "MessageInput":{ + "type":"structure", + "required":["value"], + "members":{ + "value":{ + "shape":"MessageData", + "documentation":"The message input value.
" + } + }, + "documentation":"The message input.
" + }, + "MessageList":{ + "type":"list", + "member":{"shape":"MessageOutput"} + }, + "MessageOutput":{ + "type":"structure", + "required":[ + "messageId", + "participant", + "timestamp", + "value" + ], + "members":{ + "messageId":{ + "shape":"Uuid", + "documentation":"The identifier of a message.
" + }, + "participant":{ + "shape":"Participant", + "documentation":"The participant of a message.
" + }, + "timestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp of a message.
" + }, + "value":{ + "shape":"MessageData", + "documentation":"The value of a message data.
" + } + }, + "documentation":"The message output.
" + }, "MessageTemplateAttachment":{ "type":"structure", "required":[ @@ -6531,6 +7817,10 @@ "type":"list", "member":{"shape":"MessageTemplateVersionSummary"} }, + "MessageType":{ + "type":"string", + "enum":["TEXT"] + }, "Name":{ "type":"string", "max":255, @@ -6690,6 +7980,14 @@ "type":"string", "enum":["BEDROCK_FOUNDATION_MODEL"] }, + "Participant":{ + "type":"string", + "enum":[ + "CUSTOMER", + "AGENT", + "BOT" + ] + }, "PreconditionFailedException":{ "type":"structure", "members":{ @@ -7974,6 +9272,53 @@ "max":100, "min":1 }, + "SelfServiceAIAgentConfiguration":{ + "type":"structure", + "members":{ + "associationConfigurations":{ + "shape":"AssociationConfigurationList", + "documentation":"The association configurations for overriding behavior on this AI Agent.
" + }, + "selfServiceAIGuardrailId":{ + "shape":"UuidWithQualifier", + "documentation":"The AI Guardrail identifier used by the SELF_SERVICE AI Agent.
" + }, + "selfServiceAnswerGenerationAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"The AI Prompt identifier for the Self Service Answer Generation prompt used by the SELF_SERVICE AI Agent
" + }, + "selfServicePreProcessingAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"The AI Prompt identifier for the Self Service Pre-Processing prompt used by the SELF_SERVICE AI Agent
" + } + }, + "documentation":"The configuration for AI Agents of type SELF_SERVICE.
" + }, + "SelfServiceConversationHistory":{ + "type":"structure", + "required":["turnNumber"], + "members":{ + "botResponse":{ + "shape":"SensitiveString", + "documentation":"The bot response of the conversation history data.
" + }, + "inputTranscript":{ + "shape":"SensitiveString", + "documentation":"The input transcript of the conversation history data.
" + }, + "turnNumber":{ + "shape":"Integer", + "documentation":"The number of turn of the conversation history data.
" + } + }, + "documentation":"The conversation history data to included in conversation context data before the the Amazon Q in Connect session..
" + }, + "SelfServiceConversationHistoryList":{ + "type":"list", + "member":{"shape":"SelfServiceConversationHistory"}, + "max":10, + "min":0 + }, "SemanticChunkingConfiguration":{ "type":"structure", "required":[ @@ -8014,6 +9359,63 @@ "box":true, "min":1 }, + "SendMessageRequest":{ + "type":"structure", + "required":[ + "assistantId", + "message", + "sessionId", + "type" + ], + "members":{ + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant.
", + "location":"uri", + "locationName":"assistantId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the AWS SDK populates this field.For more information about idempotency, see Making retries safe with idempotent APIs.
", + "idempotencyToken":true + }, + "conversationContext":{ + "shape":"ConversationContext", + "documentation":"The conversation context before the Amazon Q in Connect session.
" + }, + "message":{ + "shape":"MessageInput", + "documentation":"The message data to submit to the Amazon Q in Connect session.
" + }, + "sessionId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect session.
", + "location":"uri", + "locationName":"sessionId" + }, + "type":{ + "shape":"MessageType", + "documentation":"The message type.
" + } + } + }, + "SendMessageResponse":{ + "type":"structure", + "required":[ + "nextMessageToken", + "requestMessageId" + ], + "members":{ + "nextMessageToken":{ + "shape":"NextToken", + "documentation":"The token for the next message, used by GetNextMessage.
" + }, + "requestMessageId":{ + "shape":"Uuid", + "documentation":"The identifier of the submitted message.
" + } + } + }, "SensitiveString":{ "type":"string", "sensitive":true @@ -8450,6 +9852,22 @@ }, "documentation":"The configuration for a prompt template that supports full textual prompt configuration using a YAML prompt.
" }, + "TextMessage":{ + "type":"structure", + "members":{ + "value":{ + "shape":"TextMessageValueString", + "documentation":"The value of the message data in text type.
" + } + }, + "documentation":"The message data in text type.
" + }, + "TextMessageValueString":{ + "type":"string", + "max":1024, + "min":1, + "sensitive":true + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -8561,6 +9979,80 @@ } } }, + "UpdateAIGuardrailRequest":{ + "type":"structure", + "required":[ + "aiGuardrailId", + "assistantId", + "blockedInputMessaging", + "blockedOutputsMessaging", + "visibilityStatus" + ], + "members":{ + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"The identifier of the Amazon Q in Connect AI Guardrail.
", + "location":"uri", + "locationName":"aiGuardrailId" + }, + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.
", + "location":"uri", + "locationName":"assistantId" + }, + "blockedInputMessaging":{ + "shape":"AIGuardrailBlockedMessaging", + "documentation":"The message to return when the AI Guardrail blocks a prompt.
" + }, + "blockedOutputsMessaging":{ + "shape":"AIGuardrailBlockedMessaging", + "documentation":"The message to return when the AI Guardrail blocks a model response.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..
", + "idempotencyToken":true + }, + "contentPolicyConfig":{ + "shape":"AIGuardrailContentPolicyConfig", + "documentation":"The content filter policies to configure for the AI Guardrail.
" + }, + "contextualGroundingPolicyConfig":{ + "shape":"AIGuardrailContextualGroundingPolicyConfig", + "documentation":"The contextual grounding policy configuration used to create an AI Guardrail.
" + }, + "description":{ + "shape":"AIGuardrailDescription", + "documentation":"A description of the AI Guardrail.
" + }, + "sensitiveInformationPolicyConfig":{ + "shape":"AIGuardrailSensitiveInformationPolicyConfig", + "documentation":"The sensitive information policy to configure for the AI Guardrail.
" + }, + "topicPolicyConfig":{ + "shape":"AIGuardrailTopicPolicyConfig", + "documentation":"The topic policies to configure for the AI Guardrail.
" + }, + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"The visibility status of the Amazon Q in Connect AI Guardrail.
" + }, + "wordPolicyConfig":{ + "shape":"AIGuardrailWordPolicyConfig", + "documentation":"The word policy you configure for the AI Guardrail.
" + } + } + }, + "UpdateAIGuardrailResponse":{ + "type":"structure", + "members":{ + "aiGuardrail":{ + "shape":"AIGuardrailData", + "documentation":"The data of the updated Amazon Q in Connect AI Guardrail.
" + } + } + }, "UpdateAIPromptRequest":{ "type":"structure", "required":[ From 38811287e05cdc83eedae67f2952ef5162e6c327 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:04 +0000 Subject: [PATCH 09/35] QBusiness Update: Amazon Q Business now supports capabilities to extract insights and answer questions from visual elements embedded within documents, a browser extension for Google Chrome, Mozilla Firefox, and Microsoft Edge, and attachments across conversations. --- .../feature-QBusiness-05a6cee.json | 6 + .../codegen-resources/paginators-1.json | 6 + .../codegen-resources/service-2.json | 458 ++++++++++++++++-- 3 files changed, 418 insertions(+), 52 deletions(-) create mode 100644 .changes/next-release/feature-QBusiness-05a6cee.json diff --git a/.changes/next-release/feature-QBusiness-05a6cee.json b/.changes/next-release/feature-QBusiness-05a6cee.json new file mode 100644 index 00000000000..2d461e0fb7d --- /dev/null +++ b/.changes/next-release/feature-QBusiness-05a6cee.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "QBusiness", + "contributor": "", + "description": "Amazon Q Business now supports capabilities to extract insights and answer questions from visual elements embedded within documents, a browser extension for Google Chrome, Mozilla Firefox, and Microsoft Edge, and attachments across conversations." +} diff --git a/services/qbusiness/src/main/resources/codegen-resources/paginators-1.json b/services/qbusiness/src/main/resources/codegen-resources/paginators-1.json index d9de477c925..0c634ca8f9f 100644 --- a/services/qbusiness/src/main/resources/codegen-resources/paginators-1.json +++ b/services/qbusiness/src/main/resources/codegen-resources/paginators-1.json @@ -12,6 +12,12 @@ "limit_key": "maxResults", "result_key": "applications" }, + "ListAttachments": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "attachments" + }, "ListConversations": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/services/qbusiness/src/main/resources/codegen-resources/service-2.json b/services/qbusiness/src/main/resources/codegen-resources/service-2.json index 532272576cd..cec3f1be592 100644 --- a/services/qbusiness/src/main/resources/codegen-resources/service-2.json +++ b/services/qbusiness/src/main/resources/codegen-resources/service-2.json @@ -67,6 +67,7 @@ {"shape":"InternalServerException"}, {"shape":"LicenseNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ExternalResourceException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -87,6 +88,7 @@ {"shape":"InternalServerException"}, {"shape":"LicenseNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ExternalResourceException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -111,7 +113,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"Creates an Amazon Q Business application.
There are new tiers for Amazon Q Business. Not all features in Amazon Q Business Pro are also available in Amazon Q Business Lite. For information on what's included in Amazon Q Business Lite and what's included in Amazon Q Business Pro, see Amazon Q Business tiers. You must use the Amazon Q Business console to assign subscription tiers to users.
A Amazon Q Apps service linked role will be created if it's absent in the Amazon Web Services account when the QAppsConfiguration is enabled in the request. For more information, see Using service-linked roles for Q Apps
Creates an Amazon Q Business application.
There are new tiers for Amazon Q Business. Not all features in Amazon Q Business Pro are also available in Amazon Q Business Lite. For information on what's included in Amazon Q Business Lite and what's included in Amazon Q Business Pro, see Amazon Q Business tiers. You must use the Amazon Q Business console to assign subscription tiers to users.
An Amazon Q Apps service linked role will be created if it's absent in the Amazon Web Services account when QAppsConfiguration is enabled in the request. For more information, see Using service-linked roles for Q Apps.
When you create an application, Amazon Q Business may securely transmit data for processing from your selected Amazon Web Services region, but within your geography. For more information, see Cross region inference in Amazon Q Business.
Gets information about an existing Amazon Q Business index.
" }, + "GetMedia":{ + "name":"GetMedia", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/conversations/{conversationId}/messages/{messageId}/media/{mediaId}", + "responseCode":200 + }, + "input":{"shape":"GetMediaRequest"}, + "output":{"shape":"GetMediaResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"LicenseNotFoundException"}, + {"shape":"MediaTooLargeException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Returns the image bytes corresponding to a media object. If you have implemented your own application with the Chat and ChatSync APIs, and have enabled content extraction from visual data in Amazon Q Business, you use the GetMedia API operation to download the images so you can show them in your UI with responses.
For more information, see Extracting semantic meaning from images and visuals.
" + }, "GetPlugin":{ "name":"GetPlugin", "http":{ @@ -615,7 +637,26 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Lists Amazon Q Business applications.
" + "documentation":"Lists Amazon Q Business applications.
Amazon Q Business applications may securely transmit data for processing across Amazon Web Services Regions within your geography. For more information, see Cross region inference in Amazon Q Business.
Gets a list of attachments associated with an Amazon Q Business web experience or a list of attachements associated with a specific Amazon Q Business conversation.
" }, "ListConversations":{ "name":"ListConversations", @@ -648,6 +689,7 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -888,6 +930,7 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -950,7 +993,7 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Updates an existing Amazon Q Business application.
A Amazon Q Apps service-linked role will be created if it's absent in the Amazon Web Services account when the QAppsConfiguration is enabled in the request. For more information, see Using service-linked roles for Q Apps
Updates an existing Amazon Q Business application.
Amazon Q Business applications may securely transmit data for processing across Amazon Web Services Regions within your geography. For more information, see Cross region inference in Amazon Q Business.
An Amazon Q Apps service-linked role will be created if it's absent in the Amazon Web Services account when QAppsConfiguration is enabled in the request. For more information, see Using service-linked roles for Q Apps.
The creator mode specific admin controls configured for an Amazon Q Business application. Determines whether an end user can generate LLM-only responses when they use the web experience.
For more information, see Admin controls and guardrails and Conversation settings.
" }, - "AttachmentInput":{ + "Attachment":{ "type":"structure", - "required":[ - "name", - "data" - ], "members":{ + "attachmentId":{ + "shape":"AttachmentId", + "documentation":"The identifier of the Amazon Q Business attachment.
" + }, + "conversationId":{ + "shape":"ConversationId", + "documentation":"The identifier of the Amazon Q Business conversation the attachment is associated with.
" + }, "name":{ "shape":"AttachmentName", - "documentation":"The name of the file.
" + "documentation":"Filename of the Amazon Q Business attachment.
" }, + "copyFrom":{ + "shape":"CopyFromSource", + "documentation":"A CopyFromSource containing a reference to the original source of the Amazon Q Business attachment.
" + }, + "fileType":{ + "shape":"String", + "documentation":"Filetype of the Amazon Q Business attachment.
" + }, + "fileSize":{ + "shape":"Integer", + "documentation":"Size in bytes of the Amazon Q Business attachment.
" + }, + "md5chksum":{ + "shape":"String", + "documentation":"MD5 checksum of the Amazon Q Business attachment contents.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp when the Amazon Q Business attachment was created.
" + }, + "status":{ + "shape":"AttachmentStatus", + "documentation":"AttachmentStatus of the Amazon Q Business attachment.
" + }, + "error":{ + "shape":"ErrorDetail", + "documentation":"ErrorDetail providing information about a Amazon Q Business attachment error.
" + } + }, + "documentation":"An attachment in an Amazon Q Business conversation.
" + }, + "AttachmentId":{ + "type":"string", + "pattern":"[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}" + }, + "AttachmentInput":{ + "type":"structure", + "members":{ "data":{ "shape":"Blob", - "documentation":"The data contained within the uploaded file.
" + "documentation":"The contents of the attachment.
" + }, + "name":{ + "shape":"AttachmentName", + "documentation":"The filename of the attachment.
" + }, + "copyFrom":{ + "shape":"CopyFromSource", + "documentation":"A reference to an existing attachment.
" } }, - "documentation":"A file directly uploaded into a web experience chat.
" + "documentation":"This is either a file directly uploaded into a web experience chat or a reference to an existing attachment that is part of a web experience chat.
" }, "AttachmentInputEvent":{ "type":"structure", @@ -1494,6 +1587,10 @@ "documentation":"A file input event activated by a end user request to upload files into their web experience chat.
", "event":true }, + "AttachmentList":{ + "type":"list", + "member":{"shape":"Attachment"} + }, "AttachmentName":{ "type":"string", "max":1000, @@ -1514,6 +1611,14 @@ "error":{ "shape":"ErrorDetail", "documentation":"An error associated with a file uploaded during chat.
" + }, + "attachmentId":{ + "shape":"AttachmentId", + "documentation":"The unique identifier of the Amazon Q Business attachment.
" + }, + "conversationId":{ + "shape":"ConversationId", + "documentation":"The unique identifier of the Amazon Q Business conversation.
" } }, "documentation":"The details of a file uploaded during chat.
" @@ -1522,7 +1627,7 @@ "type":"string", "enum":[ "FAILED", - "SUCCEEDED" + "SUCCESS" ] }, "AttachmentsConfiguration":{ @@ -1807,9 +1912,7 @@ }, "BlockedPhrases":{ "type":"list", - "member":{"shape":"BlockedPhrase"}, - "max":5, - "min":0 + "member":{"shape":"BlockedPhrase"} }, "BlockedPhrasesConfiguration":{ "type":"structure", @@ -1853,6 +1956,30 @@ "max":999999999, "min":0 }, + "BrowserExtension":{ + "type":"string", + "enum":[ + "FIREFOX", + "CHROME" + ] + }, + "BrowserExtensionConfiguration":{ + "type":"structure", + "required":["enabledBrowserExtensions"], + "members":{ + "enabledBrowserExtensions":{ + "shape":"BrowserExtensionList", + "documentation":"Specify the browser extensions allowed for your Amazon Q web experience.
CHROME — Enables the extension for Chromium-based browsers (Google Chrome, Microsoft Edge, Opera, etc.).
FIREFOX — Enables the extension for Mozilla Firefox.
CHROME and FIREFOX — Enable the extension for Chromium-based browsers and Mozilla Firefox.
The container for browser extension configuration for an Amazon Q Business web experience.
" + }, + "BrowserExtensionList":{ + "type":"list", + "member":{"shape":"BrowserExtension"}, + "max":2, + "min":0 + }, "ChatInput":{ "type":"structure", "required":["applicationId"], @@ -2040,7 +2167,7 @@ }, "chatMode":{ "shape":"ChatMode", - "documentation":"The chat modes available to an Amazon Q Business end user.
RETRIEVAL_MODE - The default chat mode for an Amazon Q Business application. When this mode is enabled, Amazon Q Business generates responses only from data sources connected to an Amazon Q Business application.
CREATOR_MODE - By selecting this mode, users can choose to generate responses only from the LLM knowledge, without consulting connected data sources, for a chat request.
PLUGIN_MODE - By selecting this mode, users can choose to use plugins in chat.
For more information, see Admin controls and guardrails, Plugins, and Conversation settings.
" + "documentation":"The chatMode parameter determines the chat modes available to Amazon Q Business users:
RETRIEVAL_MODE - If you choose this mode, Amazon Q generates responses solely from the data sources connected and indexed by the application. If an answer is not found in the data sources or there are no data sources available, Amazon Q will respond with a \"No Answer Found\" message, unless LLM knowledge has been enabled. In that case, Amazon Q will generate a response from the LLM knowledge
CREATOR_MODE - By selecting this mode, you can choose to generate responses only from the LLM knowledge. You can also attach files and have Amazon Q generate a response based on the data in those files. If the attached files do not contain an answer for the query, Amazon Q will automatically fall back to generating a response from the LLM knowledge.
PLUGIN_MODE - By selecting this mode, users can choose to use plugins in chat to get their responses.
If none of the modes are selected, Amazon Q will only respond using the information from the attached files.
For more information, see Admin controls and guardrails, Plugins, and Response sources.
" }, "chatModeConfiguration":{ "shape":"ChatModeConfiguration", @@ -2093,7 +2220,8 @@ "ClientIdForOIDC":{ "type":"string", "max":255, - "min":1 + "min":1, + "pattern":"[a-zA-Z0-9_.:/()*?=-]*" }, "ClientIdsForOIDC":{ "type":"list", @@ -2138,7 +2266,7 @@ "documentation":"The type of the resource affected.
" } }, - "documentation":"You are trying to perform an action that conflicts with the current status of your resource. Fix any inconsistences with your resources and try again.
", + "documentation":"You are trying to perform an action that conflicts with the current status of your resource. Fix any inconsistencies with your resources and try again.
", "error":{ "httpStatusCode":409, "senderFault":true @@ -2206,11 +2334,40 @@ "min":36, "pattern":"[a-zA-Z0-9][a-zA-Z0-9-]{35}" }, + "ConversationSource":{ + "type":"structure", + "required":[ + "conversationId", + "attachmentId" + ], + "members":{ + "conversationId":{ + "shape":"ConversationId", + "documentation":"The unique identifier of the Amazon Q Business conversation.
" + }, + "attachmentId":{ + "shape":"AttachmentId", + "documentation":"The unique identifier of the Amazon Q Business attachment.
" + } + }, + "documentation":"The source reference for an existing attachment in an existing conversation.
" + }, "ConversationTitle":{"type":"string"}, "Conversations":{ "type":"list", "member":{"shape":"Conversation"} }, + "CopyFromSource":{ + "type":"structure", + "members":{ + "conversation":{ + "shape":"ConversationSource", + "documentation":"A reference to an attachment in an existing conversation.
" + } + }, + "documentation":"The source reference for an existing attachment.
", + "union":true + }, "CreateApplicationRequest":{ "type":"structure", "required":["displayName"], @@ -2228,7 +2385,7 @@ "documentation":"The authentication type being used by a Amazon Q Business application.
" }, "iamIdentityProviderArn":{ - "shape":"IamIdentityProviderArn", + "shape":"IAMIdentityProviderArn", "documentation":"The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.
" }, "identityCenterInstanceArn":{ @@ -2337,7 +2494,11 @@ "documentation":"A token you provide to identify a request to create a data source connector. Multiple calls to the CreateDataSource API with the same client token will create only one data source connector.
The configuration for extracting information from media in documents during ingestion.
" + } } }, "CreateDataSourceResponse":{ @@ -2370,14 +2531,14 @@ "shape":"IndexName", "documentation":"A name for the Amazon Q Business index.
" }, - "type":{ - "shape":"IndexType", - "documentation":"The index type that's suitable for your needs. For more information on what's included in each type of index, see Amazon Q Business tiers.
" - }, "description":{ "shape":"Description", "documentation":"A description for the Amazon Q Business index.
" }, + "type":{ + "shape":"IndexType", + "documentation":"The index type that's suitable for your needs. For more information on what's included in each type of index, see Amazon Q Business tiers.
" + }, "tags":{ "shape":"Tags", "documentation":"A list of key-value pairs that identify or categorize the index. You can also use tags to help control access to the index. Tag keys and values can consist of Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @.
" @@ -2603,6 +2764,10 @@ "identityProviderConfiguration":{ "shape":"IdentityProviderConfiguration", "documentation":"Information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
" + }, + "browserExtensionConfiguration":{ + "shape":"BrowserExtensionConfiguration", + "documentation":"The browser extension configuration for an Amazon Q Business web experience.
For Amazon Q Business application using external OIDC-compliant identity providers (IdPs). The IdP administrator must add the browser extension sign-in redirect URLs to the IdP application. For more information, see Configure external OIDC identity provider for your browser extensions..
The configuration information for altering document metadata and content during the document ingestion process.
" + }, + "mediaExtractionConfiguration":{ + "shape":"MediaExtractionConfiguration", + "documentation":"The configuration for extracting information from media in the document.
" } }, "documentation":"A document in an Amazon Q Business application.
" @@ -3494,20 +3663,20 @@ "members":{ "errorMessage":{ "shape":"ErrorMessage", - "documentation":"The message explaining the data source sync error.
" + "documentation":"The message explaining the Amazon Q Business request error.
" }, "errorCode":{ "shape":"ErrorCode", - "documentation":"The code associated with the data source sync error.
" + "documentation":"The code associated with the Amazon Q Business request error.
" } }, - "documentation":"Provides information about a data source sync error.
" + "documentation":"Provides information about a Amazon Q Business request error.
" }, "ErrorMessage":{ "type":"string", "max":2048, "min":1, - "pattern":"\\P{C}*" + "pattern":"[\\s\\S]*" }, "ExampleChatMessage":{ "type":"string", @@ -3527,6 +3696,19 @@ "min":36, "pattern":"[a-zA-Z0-9][a-zA-Z0-9-]{35}" }, + "ExternalResourceException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"An external resource that you configured with your application is returning errors and preventing this operation from succeeding. Fix those errors and try again.
", + "error":{ + "httpStatusCode":424, + "senderFault":true + }, + "exception":true + }, "FailedAttachmentEvent":{ "type":"structure", "members":{ @@ -3601,7 +3783,7 @@ "documentation":"The authentication type being used by a Amazon Q Business application.
" }, "iamIdentityProviderArn":{ - "shape":"IamIdentityProviderArn", + "shape":"IAMIdentityProviderArn", "documentation":"The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.
" }, "identityCenterApplicationArn":{ @@ -3798,7 +3980,11 @@ "shape":"ErrorDetail", "documentation":"When the Status field value is FAILED, the ErrorMessage field contains a description of the error that caused the data source connector to fail.
The configuration for extracting information from media in documents for the data source.
" + } } }, "GetGroupRequest":{ @@ -3884,10 +4070,6 @@ "shape":"IndexName", "documentation":"The name of the Amazon Q Business index.
" }, - "type":{ - "shape":"IndexType", - "documentation":"The type of index attached to your Amazon Q Business application.
" - }, "indexArn":{ "shape":"IndexArn", "documentation":"The Amazon Resource Name (ARN) of the Amazon Q Business index.
" @@ -3896,6 +4078,10 @@ "shape":"IndexStatus", "documentation":"The current status of the index. When the value is ACTIVE, the index is ready for use. If the Status field value is FAILED, the ErrorMessage field contains a message that explains why.
The type of index attached to your Amazon Q Business application.
" + }, "description":{ "shape":"Description", "documentation":"The description for the Amazon Q Business index.
" @@ -3926,6 +4112,54 @@ } } }, + "GetMediaRequest":{ + "type":"structure", + "required":[ + "applicationId", + "conversationId", + "messageId", + "mediaId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"The identifier of the Amazon Q Business which contains the media object.
", + "location":"uri", + "locationName":"applicationId" + }, + "conversationId":{ + "shape":"ConversationId", + "documentation":"The identifier of the Amazon Q Business conversation.
", + "location":"uri", + "locationName":"conversationId" + }, + "messageId":{ + "shape":"MessageId", + "documentation":"The identifier of the Amazon Q Business message.
", + "location":"uri", + "locationName":"messageId" + }, + "mediaId":{ + "shape":"MediaId", + "documentation":"The identifier of the media object. You can find this in the sourceAttributions returned by the Chat, ChatSync, and ListMessages API responses.
The base64-encoded bytes of the media object.
" + }, + "mediaMimeType":{ + "shape":"String", + "documentation":"The MIME type of the media object (image/png).
" + } + } + }, "GetPluginRequest":{ "type":"structure", "required":[ @@ -4179,6 +4413,10 @@ "error":{ "shape":"ErrorDetail", "documentation":"When the Status field value is FAILED, the ErrorMessage field contains a description of the error that caused the data source connector to fail.
The browser extension configuration for an Amazon Q Business web experience.
" } } }, @@ -4271,7 +4509,7 @@ }, "documentation":"Provides the configuration information for invoking a Lambda function in Lambda to alter document metadata and content when ingesting documents into Amazon Q Business.
You can configure your Lambda function using the PreExtractionHookConfiguration parameter if you want to apply advanced alterations on the original or raw documents.
If you want to apply advanced alterations on the Amazon Q Business structured documents, you must configure your Lambda function using PostExtractionHookConfiguration.
You can only invoke one Lambda function. However, this function can invoke other functions it requires.
For more information, see Custom document enrichment.
" }, - "IamIdentityProviderArn":{ + "IAMIdentityProviderArn":{ "type":"string", "max":2048, "min":20, @@ -4300,6 +4538,24 @@ "AWS_IAM_IDC" ] }, + "ImageExtractionConfiguration":{ + "type":"structure", + "required":["imageExtractionStatus"], + "members":{ + "imageExtractionStatus":{ + "shape":"ImageExtractionStatus", + "documentation":"Specify whether to extract semantic meaning from images and visuals from documents.
" + } + }, + "documentation":"The configuration for extracting semantic meaning from images in documents. For more information, see Extracting semantic meaning from images and visuals.
" + }, + "ImageExtractionStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "Index":{ "type":"structure", "members":{ @@ -4511,6 +4767,55 @@ } } }, + "ListAttachmentsRequest":{ + "type":"structure", + "required":["applicationId"], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"The unique identifier for the Amazon Q Business application.
", + "location":"uri", + "locationName":"applicationId" + }, + "conversationId":{ + "shape":"ConversationId", + "documentation":"The unique identifier of the Amazon Q Business web experience conversation.
", + "location":"querystring", + "locationName":"conversationId" + }, + "userId":{ + "shape":"UserId", + "documentation":"The unique identifier of the user involved in the Amazon Q Business web experience conversation.
", + "location":"querystring", + "locationName":"userId" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If the number of attachments returned exceeds maxResults, Amazon Q Business returns a next token as a pagination token to retrieve the next set of attachments.
The maximum number of attachements to return.
", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListAttachmentsResponse":{ + "type":"structure", + "members":{ + "attachments":{ + "shape":"AttachmentList", + "documentation":"An array of information on one or more attachments.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If the response is truncated, Amazon Q Business returns this token, which you can use in a later request to list the next set of attachments.
" + } + } + }, "ListConversationsRequest":{ "type":"structure", "required":["applicationId"], @@ -4846,7 +5151,7 @@ }, "nextToken":{ "shape":"NextToken", - "documentation":"If the number of retrievers returned exceeds maxResults, Amazon Q Business returns a next token as a pagination token to retrieve the next set of messages.
If the number of messages returned exceeds maxResults, Amazon Q Business returns a next token as a pagination token to retrieve the next set of messages.
The configuration for extracting semantic meaning from images in documents. For more information, see Extracting semantic meaning from images and visuals.
" + } + }, + "documentation":"The configuration for extracting information from media in documents.
" + }, + "MediaId":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-]{35}" + }, + "MediaTooLargeException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"The requested media object is too large to be returned.
", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "MemberGroup":{ "type":"structure", "required":["groupName"], @@ -5096,9 +5436,7 @@ }, "MemberGroups":{ "type":"list", - "member":{"shape":"MemberGroup"}, - "max":1000, - "min":1 + "member":{"shape":"MemberGroup"} }, "MemberRelation":{ "type":"string", @@ -5124,9 +5462,7 @@ }, "MemberUsers":{ "type":"list", - "member":{"shape":"MemberUser"}, - "max":1000, - "min":1 + "member":{"shape":"MemberUser"} }, "MembershipType":{ "type":"string", @@ -6021,6 +6357,12 @@ }, "documentation":"The documents used to generate an Amazon Q Business web experience response.
" }, + "SourceAttributionMediaId":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-]{35}" + }, "SourceAttributions":{ "type":"list", "member":{"shape":"SourceAttribution"} @@ -6170,7 +6512,7 @@ "type":"string", "max":998, "min":0, - "pattern":"\\P{C}*" + "pattern":"[\\s\\S]*" }, "SystemMessageId":{ "type":"string", @@ -6311,6 +6653,14 @@ "snippetExcerpt":{ "shape":"SnippetExcerpt", "documentation":"The relevant text excerpt from a source that was used to generate a citation text segment in an Amazon Q Business chat response.
" + }, + "mediaId":{ + "shape":"SourceAttributionMediaId", + "documentation":"The identifier of the media object associated with the text segment in the source attribution.
" + }, + "mediaMimeType":{ + "shape":"String", + "documentation":"The MIME type (image/png) of the media object associated with the text segment in the source attribution.
" } }, "documentation":"Provides information about a text extract in a chat response that can be attributed to a source document.
" @@ -6543,7 +6893,11 @@ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of an IAM role with permission to access the data source and required resources.
" }, - "documentEnrichmentConfiguration":{"shape":"DocumentEnrichmentConfiguration"} + "documentEnrichmentConfiguration":{"shape":"DocumentEnrichmentConfiguration"}, + "mediaExtractionConfiguration":{ + "shape":"MediaExtractionConfiguration", + "documentation":"The configuration for extracting information from media in documents for your data source.
" + } } }, "UpdateDataSourceResponse":{ @@ -6772,6 +7126,10 @@ "origins":{ "shape":"WebExperienceOrigins", "documentation":"Updates the website domain origins that are allowed to embed the Amazon Q Business web experience.
The <i>domain origin</i> refers to the <i>base URL</i> for accessing a website including the protocol (<code>http/https</code>), the domain name, and the port number (if specified).</p> <note> <ul> <li> <p>Any values except <code>null</code> submitted as part of this update will replace all previous values.</p> </li> <li> <p>You must only submit a <i>base URL</i> and not a full path. For example, <code>https://docs.aws.amazon.com</code>.</p> </li> </ul> </note> The browser extension configuration for an Amazon Q Business web experience.
For Amazon Q Business application using external OIDC-compliant identity providers (IdPs). The IdP administrator must add the browser extension sign-in redirect URLs to the IdP application. For more information, see Configure external OIDC identity provider for your browser extensions..
Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.
You must have the s3:ListCallerAccessGrants permission to use this operation.
Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants. The caller (grantee) can be an Identity and Access Management (IAM) identity or Amazon Web Services Identity Center corporate directory identity. You must pass the Amazon Web Services account of the S3 data owner (grantor) in the request. You can, optionally, narrow the results by GrantScope, using a fragment of the data's S3 path, and S3 Access Grants will return only the grants with a path that contains the path fragment. You can also pass the AllowedByApplication filter in the request, which returns only the grants authorized for applications, whether the application is the caller's Identity Center application or any other application (ALL). For more information, see List the caller's access grants in the Amazon S3 User Guide.
You must have the s3:ListCallerAccessGrants permission to use this operation.
The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.
" + "documentation":"The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.
" }, "Report":{ "shape":"JobReport", @@ -7407,7 +7407,7 @@ "members":{ "TargetResource":{ "shape":"S3RegionalOrS3ExpressBucketArnString", - "documentation":"Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.
General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.
Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.
Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.
General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.
Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3. A directory bucket as a destination bucket can be in Availability Zone or Local Zone.
Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.
This functionality is not supported by directory buckets.
Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.
Directory buckets - If you specify SSEAlgorithm with KMS, you must specify the SSEAwsKmsKeyId parameter with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. The key alias format of the KMS key isn't supported. To encrypt new object copies in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). The Amazon Web Services managed key (aws/s3) isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS as the bucket default encryption, you can't override the customer managed key for the bucket's SSE-KMS configuration. Then, when you specify server-side encryption settings for new object copies with SSE-KMS, you must make sure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration.
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.
This functionality is not supported by directory buckets.
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an Copy action doesn’t affect bucket-level settings for S3 Bucket Key.
Directory buckets - S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through the Copy operation in Batch Operations. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
For directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
The server-side encryption algorithm used when storing objects in Amazon S3.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (KMS). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For the Copy operation in Batch Operations, see S3CopyObjectOperation.
The workgroup of the Athena table reference.
" + }, + "outputLocation":{ + "shape":"AthenaOutputLocation", + "documentation":"The output location for the Athena table.
" + }, + "databaseName":{ + "shape":"AthenaDatabaseName", + "documentation":"The database name.
" + }, + "tableName":{ + "shape":"AthenaTableName", + "documentation":"The table reference.
" + } + }, + "documentation":"A reference to a table within Athena.
" + }, + "AthenaWorkGroup":{ + "type":"string", + "max":128, + "min":1, + "pattern":"([a-zA-Z0-9._-])*" + }, "BatchGetCollaborationAnalysisTemplateError":{ "type":"structure", "required":[ @@ -3109,7 +3160,7 @@ "documentation":"The type of the column.
" } }, - "documentation":"A column within a schema relation, derived from the underlying Glue table.
" + "documentation":"A column within a schema relation, derived from the underlying table.
" }, "ColumnList":{ "type":"list", @@ -3338,7 +3389,7 @@ }, "tableReference":{ "shape":"TableReference", - "documentation":"The Glue table that this configured table represents.
" + "documentation":"The table that this configured table represents.
" }, "createTime":{ "shape":"Timestamp", @@ -4097,7 +4148,7 @@ }, "tableReference":{ "shape":"TableReference", - "documentation":"A reference to the Glue table being configured.
" + "documentation":"A reference to the table being configured.
" }, "allowedColumns":{ "shape":"AllowedColumnList", @@ -8296,6 +8347,12 @@ "documentation":"Information about the schema type properties.
", "union":true }, + "SecretsManagerArn":{ + "type":"string", + "max":256, + "min":0, + "pattern":"arn:aws:secretsmanager:[a-z]{2}-[a-z]+-[0-9]:\\d{12}:secret:.*" + }, "ServiceQuotaExceededException":{ "type":"structure", "required":[ @@ -8321,6 +8378,103 @@ }, "exception":true }, + "SnowflakeAccountIdentifier":{ + "type":"string", + "max":256, + "min":3, + "pattern":"[\\p{L}\\p{M}\\p{N}\\p{Pc}\\p{Pd}\\p{Zs}.]+" + }, + "SnowflakeDatabaseName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}\\p{M}\\p{N}\\p{Pc}\\p{Pd}\\p{Zs}]+" + }, + "SnowflakeSchemaName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}\\p{M}\\p{N}\\p{Pc}\\p{Pd}\\p{Zs}]+" + }, + "SnowflakeTableName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}\\p{M}\\p{N}\\p{Pc}\\p{Pd}\\p{Zs}]+" + }, + "SnowflakeTableReference":{ + "type":"structure", + "required":[ + "secretArn", + "accountIdentifier", + "databaseName", + "tableName", + "schemaName", + "tableSchema" + ], + "members":{ + "secretArn":{ + "shape":"SecretsManagerArn", + "documentation":"The secret ARN of the Snowflake table reference.
" + }, + "accountIdentifier":{ + "shape":"SnowflakeAccountIdentifier", + "documentation":"The account identifier for the Snowflake table reference.
" + }, + "databaseName":{ + "shape":"SnowflakeDatabaseName", + "documentation":"The name of the database the Snowflake table belongs to.
" + }, + "tableName":{ + "shape":"SnowflakeTableName", + "documentation":"The name of the Snowflake table.
" + }, + "schemaName":{ + "shape":"SnowflakeSchemaName", + "documentation":"The schema name of the Snowflake table reference.
" + }, + "tableSchema":{ + "shape":"SnowflakeTableSchema", + "documentation":"The schema of the Snowflake table.
" + } + }, + "documentation":"A reference to a table within Snowflake.
" + }, + "SnowflakeTableSchema":{ + "type":"structure", + "members":{ + "v1":{ + "shape":"SnowflakeTableSchemaList", + "documentation":"The schema of a Snowflake table.
" + } + }, + "documentation":"The schema of a Snowflake table.
", + "union":true + }, + "SnowflakeTableSchemaList":{ + "type":"list", + "member":{"shape":"SnowflakeTableSchemaV1"}, + "max":250, + "min":1 + }, + "SnowflakeTableSchemaV1":{ + "type":"structure", + "required":[ + "columnName", + "columnType" + ], + "members":{ + "columnName":{ + "shape":"ColumnName", + "documentation":"The column name.
" + }, + "columnType":{ + "shape":"ColumnTypeString", + "documentation":" The column's data type. Supported data types: ARRAY, BIGINT, BOOLEAN, CHAR, DATE, DECIMAL, DOUBLE, DOUBLE PRECISION, FLOAT, FLOAT4, INT, INTEGER, MAP, NUMERIC, NUMBER, REAL, SMALLINT, STRING, TIMESTAMP, TIMESTAMP_LTZ, TIMESTAMP_NTZ, DATETIME, TINYINT, VARCHAR, TEXT, CHARACTER.
The Snowflake table schema.
" + }, "StartProtectedQueryInput":{ "type":"structure", "required":[ @@ -8388,9 +8542,17 @@ "glue":{ "shape":"GlueTableReference", "documentation":"If present, a reference to the Glue table referred to by this table reference.
" + }, + "snowflake":{ + "shape":"SnowflakeTableReference", + "documentation":"If present, a reference to the Snowflake table referred to by this table reference.
" + }, + "athena":{ + "shape":"AthenaTableReference", + "documentation":"If present, a reference to the Athena table referred to by this table reference.
" } }, - "documentation":"A pointer to the dataset that underlies this table. Currently, this can only be an Glue table.
", + "documentation":"A pointer to the dataset that underlies this table.
", "union":true }, "TagKey":{ From 4eabef8a475fd69db23734902e56b5fc99969ab1 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:07 +0000 Subject: [PATCH 12/35] Agents for Amazon Bedrock Update: This release introduces APIs to upload documents directly into a Knowledge Base --- ...eature-AgentsforAmazonBedrock-35d36fc.json | 6 + .../codegen-resources/paginators-1.json | 6 + .../codegen-resources/service-2.json | 632 +++++++++++++++++- 3 files changed, 641 insertions(+), 3 deletions(-) create mode 100644 .changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json diff --git a/.changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json b/.changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json new file mode 100644 index 00000000000..0cf4314aba3 --- /dev/null +++ b/.changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Agents for Amazon Bedrock", + "contributor": "", + "description": "This release introduces APIs to upload documents directly into a Knowledge Base" +} diff --git a/services/bedrockagent/src/main/resources/codegen-resources/paginators-1.json b/services/bedrockagent/src/main/resources/codegen-resources/paginators-1.json index 97af0b0e426..308e81d46b6 100644 --- a/services/bedrockagent/src/main/resources/codegen-resources/paginators-1.json +++ b/services/bedrockagent/src/main/resources/codegen-resources/paginators-1.json @@ -60,6 +60,12 @@ "limit_key": "maxResults", "result_key": "ingestionJobSummaries" }, + "ListKnowledgeBaseDocuments": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "documentDetails" + }, "ListKnowledgeBases": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/services/bedrockagent/src/main/resources/codegen-resources/service-2.json b/services/bedrockagent/src/main/resources/codegen-resources/service-2.json index b25133c33ef..a4d165a1866 100644 --- a/services/bedrockagent/src/main/resources/codegen-resources/service-2.json +++ b/services/bedrockagent/src/main/resources/codegen-resources/service-2.json @@ -115,7 +115,7 @@ {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"Creates a data source connector for a knowledge base.
You can't change the chunkingConfiguration after you create the data source connector.
Connects a knowledge base to a data source. You specify the configuration for the specific data source service in the dataSourceConfiguration field.
You can't change the chunkingConfiguration after you create the data source connector.
Deletes a knowledge base. Before deleting a knowledge base, you should disassociate the knowledge base from any agents that it is associated with by making a DisassociateAgentKnowledgeBase request.
", "idempotent":true }, + "DeleteKnowledgeBaseDocuments":{ + "name":"DeleteKnowledgeBaseDocuments", + "http":{ + "method":"POST", + "requestUri":"/knowledgebases/{knowledgeBaseId}/datasources/{dataSourceId}/documents/deleteDocuments", + "responseCode":202 + }, + "input":{"shape":"DeleteKnowledgeBaseDocumentsRequest"}, + "output":{"shape":"DeleteKnowledgeBaseDocumentsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Deletes documents from a data source and syncs the changes to the knowledge base that is connected to it. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.
", + "idempotent":true + }, "DeletePrompt":{ "name":"DeletePrompt", "http":{ @@ -658,6 +678,25 @@ ], "documentation":"Gets information about a knoweldge base.
" }, + "GetKnowledgeBaseDocuments":{ + "name":"GetKnowledgeBaseDocuments", + "http":{ + "method":"POST", + "requestUri":"/knowledgebases/{knowledgeBaseId}/datasources/{dataSourceId}/documents/getDocuments", + "responseCode":200 + }, + "input":{"shape":"GetKnowledgeBaseDocumentsRequest"}, + "output":{"shape":"GetKnowledgeBaseDocumentsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Retrieves specific documents from a data source that is connected to a knowledge base. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.
" + }, "GetPrompt":{ "name":"GetPrompt", "http":{ @@ -676,6 +715,26 @@ ], "documentation":"Retrieves information about the working draft (DRAFT version) of a prompt or a version of it, depending on whether you include the promptVersion field or not. For more information, see View information about prompts using Prompt management and View information about a version of your prompt in the Amazon Bedrock User Guide.
Ingests documents directly into the knowledge base that is connected to the data source. The dataSourceType specified in the content for each document must match the type of the data source that you specify in the header. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.
Lists the data ingestion jobs for a data source. The list also includes information about each job.
" }, + "ListKnowledgeBaseDocuments":{ + "name":"ListKnowledgeBaseDocuments", + "http":{ + "method":"POST", + "requestUri":"/knowledgebases/{knowledgeBaseId}/datasources/{dataSourceId}/documents", + "responseCode":200 + }, + "input":{"shape":"ListKnowledgeBaseDocumentsRequest"}, + "output":{"shape":"ListKnowledgeBaseDocumentsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Retrieves all the documents contained in a data source that is connected to a knowledge base. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.
" + }, "ListKnowledgeBases":{ "name":"ListKnowledgeBases", "http":{ @@ -2082,6 +2160,34 @@ "min":12, "pattern":"^[0-9]{12}$" }, + "ByteContentBlob":{ + "type":"blob", + "max":5242880, + "min":1, + "sensitive":true + }, + "ByteContentDoc":{ + "type":"structure", + "required":[ + "data", + "mimeType" + ], + "members":{ + "data":{ + "shape":"ByteContentBlob", + "documentation":"The base64-encoded string of the content.
" + }, + "mimeType":{ + "shape":"ByteContentDocMimeTypeString", + "documentation":"The MIME type of the content. For a list of MIME types, see Media Types. The following MIME types are supported:
text/plain
text/html
text/csv
text/vtt
message/rfc822
application/xhtml+xml
application/pdf
application/msword
application/vnd.ms-word.document.macroenabled.12
application/vnd.ms-word.template.macroenabled.12
application/vnd.ms-excel
application/vnd.ms-excel.addin.macroenabled.12
application/vnd.ms-excel.sheet.macroenabled.12
application/vnd.ms-excel.template.macroenabled.12
application/vnd.ms-excel.sheet.binary.macroenabled.12
application/vnd.ms-spreadsheetml
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.openxmlformats-officedocument.spreadsheetml.template
application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/vnd.openxmlformats-officedocument.wordprocessingml.template
Contains information about content defined inline in bytes.
" + }, + "ByteContentDocMimeTypeString":{ + "type":"string", + "pattern":"[a-z]{1,20}/.{1,20}" + }, "ChatPromptTemplateConfiguration":{ "type":"structure", "required":["messages"], @@ -2259,6 +2365,13 @@ "type":"list", "member":{"shape":"ContentBlock"} }, + "ContentDataSourceType":{ + "type":"string", + "enum":[ + "CUSTOM", + "S3" + ] + }, "ConversationRole":{ "type":"string", "enum":[ @@ -3002,10 +3115,52 @@ "OVERRIDDEN" ] }, + "CustomContent":{ + "type":"structure", + "required":[ + "customDocumentIdentifier", + "sourceType" + ], + "members":{ + "customDocumentIdentifier":{ + "shape":"CustomDocumentIdentifier", + "documentation":"A unique identifier for the document.
" + }, + "inlineContent":{ + "shape":"InlineContent", + "documentation":"Contains information about content defined inline to ingest into a knowledge base.
" + }, + "s3Location":{ + "shape":"CustomS3Location", + "documentation":"Contains information about the Amazon S3 location of the file from which to ingest data.
" + }, + "sourceType":{ + "shape":"CustomSourceType", + "documentation":"The source of the data to ingest.
" + } + }, + "documentation":"Contains information about the content to ingest into a knowledge base connected to a custom data source. Choose a sourceType and include the field that corresponds to it.
The identifier of the document to ingest into a custom data source.
" + } + }, + "documentation":"Contains information about the identifier of the document to ingest into a custom data source.
" + }, + "CustomDocumentIdentifierIdString":{ + "type":"string", + "max":2048, + "min":1 + }, "CustomOrchestration":{ "type":"structure", "members":{ @@ -3016,6 +3171,28 @@ }, "documentation":"Details of custom orchestration.
" }, + "CustomS3Location":{ + "type":"structure", + "required":["uri"], + "members":{ + "bucketOwnerAccountId":{ + "shape":"BucketOwnerAccountId", + "documentation":"The identifier of the Amazon Web Services account that owns the S3 bucket containing the content to ingest.
" + }, + "uri":{ + "shape":"S3ObjectUri", + "documentation":"The S3 URI of the file containing the content to ingest.
" + } + }, + "documentation":"Contains information about the Amazon S3 location of the file containing the content to ingest into a knowledge base connected to a custom data source.
" + }, + "CustomSourceType":{ + "type":"string", + "enum":[ + "IN_LINE", + "S3_LOCATION" + ] + }, "CustomTransformationConfiguration":{ "type":"structure", "required":[ @@ -3045,6 +3222,12 @@ }, "documentation":"Details about a cyclic connection detected in the flow.
" }, + "Data":{ + "type":"string", + "max":5242880, + "min":1, + "sensitive":true + }, "DataDeletionPolicy":{ "type":"string", "enum":[ @@ -3202,7 +3385,8 @@ "WEB", "CONFLUENCE", "SALESFORCE", - "SHAREPOINT" + "SHAREPOINT", + "CUSTOM" ] }, "DateTimestamp":{ @@ -3528,6 +3712,46 @@ } } }, + "DeleteKnowledgeBaseDocumentsRequest":{ + "type":"structure", + "required":[ + "dataSourceId", + "documentIdentifiers", + "knowledgeBaseId" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.
", + "idempotencyToken":true + }, + "dataSourceId":{ + "shape":"Id", + "documentation":"The unique identifier of the data source that contains the documents.
", + "location":"uri", + "locationName":"dataSourceId" + }, + "documentIdentifiers":{ + "shape":"DocumentIdentifiers", + "documentation":"A list of objects, each of which contains information to identify a document to delete.
" + }, + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"The unique identifier of the knowledge base that is connected to the data source.
", + "location":"uri", + "locationName":"knowledgeBaseId" + } + } + }, + "DeleteKnowledgeBaseDocumentsResponse":{ + "type":"structure", + "members":{ + "documentDetails":{ + "shape":"KnowledgeBaseDocumentDetails", + "documentation":"A list of objects, each of which contains information about the documents that were deleted.
" + } + } + }, "DeleteKnowledgeBaseRequest":{ "type":"structure", "required":["knowledgeBaseId"], @@ -3639,6 +3863,92 @@ }, "document":true }, + "DocumentContent":{ + "type":"structure", + "required":["dataSourceType"], + "members":{ + "custom":{ + "shape":"CustomContent", + "documentation":"Contains information about the content to ingest into a knowledge base connected to a custom data source.
" + }, + "dataSourceType":{ + "shape":"ContentDataSourceType", + "documentation":"The type of data source that is connected to the knowledge base to which to ingest this document.
" + }, + "s3":{ + "shape":"S3Content", + "documentation":"Contains information about the content to ingest into a knowledge base connected to an Amazon S3 data source
" + } + }, + "documentation":"Contains information about the content of a document. Choose a dataSourceType and include the field that corresponds to it.
Contains information that identifies the document in a custom data source.
" + }, + "dataSourceType":{ + "shape":"ContentDataSourceType", + "documentation":"The type of data source connected to the knowledge base that contains the document.
" + }, + "s3":{ + "shape":"S3Location", + "documentation":"Contains information that identifies the document in an S3 data source.
" + } + }, + "documentation":"Contains information that identifies the document.
" + }, + "DocumentIdentifiers":{ + "type":"list", + "member":{"shape":"DocumentIdentifier"}, + "max":10, + "min":1 + }, + "DocumentMetadata":{ + "type":"structure", + "required":["type"], + "members":{ + "inlineAttributes":{ + "shape":"DocumentMetadataInlineAttributesList", + "documentation":"An array of objects, each of which defines a metadata attribute to associate with the content to ingest. You define the attributes inline.
" + }, + "s3Location":{ + "shape":"CustomS3Location", + "documentation":"The Amazon S3 location of the file containing metadata to associate with the content to ingest.
" + }, + "type":{ + "shape":"MetadataSourceType", + "documentation":"The type of the source source from which to add metadata.
" + } + }, + "documentation":"Contains information about the metadata associate with the content to ingest into a knowledge base. Choose a type and include the field that corresponds to it.
Bedrock models embedding data type. Can be either float32 or binary
", "enum":[ "FLOAT32", "BINARY" @@ -4977,6 +5286,41 @@ } } }, + "GetKnowledgeBaseDocumentsRequest":{ + "type":"structure", + "required":[ + "dataSourceId", + "documentIdentifiers", + "knowledgeBaseId" + ], + "members":{ + "dataSourceId":{ + "shape":"Id", + "documentation":"The unique identifier of the data source that contains the documents.
", + "location":"uri", + "locationName":"dataSourceId" + }, + "documentIdentifiers":{ + "shape":"DocumentIdentifiers", + "documentation":"A list of objects, each of which contains information to identify a document for which to retrieve information.
" + }, + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"The unique identifier of the knowledge base that is connected to the data source.
", + "location":"uri", + "locationName":"knowledgeBaseId" + } + } + }, + "GetKnowledgeBaseDocumentsResponse":{ + "type":"structure", + "members":{ + "documentDetails":{ + "shape":"KnowledgeBaseDocumentDetails", + "documentation":"A list of objects, each of which contains information about the documents that were retrieved.
" + } + } + }, "GetKnowledgeBaseRequest":{ "type":"structure", "required":["knowledgeBaseId"], @@ -5185,6 +5529,46 @@ }, "documentation":"Contains inference parameters to use when the agent invokes a foundation model in the part of the agent sequence defined by the promptType. For more information, see Inference parameters for foundation models.
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.
", + "idempotencyToken":true + }, + "dataSourceId":{ + "shape":"Id", + "documentation":"The unique identifier of the data source connected to the knowledge base that you're adding documents to.
", + "location":"uri", + "locationName":"dataSourceId" + }, + "documents":{ + "shape":"KnowledgeBaseDocuments", + "documentation":"A list of objects, each of which contains information about the documents to add.
" + }, + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"The unique identifier of the knowledge base to ingest the documents into.
", + "location":"uri", + "locationName":"knowledgeBaseId" + } + } + }, + "IngestKnowledgeBaseDocumentsResponse":{ + "type":"structure", + "members":{ + "documentDetails":{ + "shape":"KnowledgeBaseDocumentDetails", + "documentation":"A list of objects, each of which contains information about the documents that were ingested.
" + } + } + }, "IngestionJob":{ "type":"structure", "required":[ @@ -5404,6 +5788,32 @@ }, "documentation":"Contains details about a data ingestion job.
" }, + "InlineContent":{ + "type":"structure", + "required":["type"], + "members":{ + "byteContent":{ + "shape":"ByteContentDoc", + "documentation":"Contains information about content defined inline in bytes.
" + }, + "textContent":{ + "shape":"TextContentDoc", + "documentation":"Contains information about content defined inline in text.
" + }, + "type":{ + "shape":"InlineContentType", + "documentation":"The type of inline content to define.
" + } + }, + "documentation":"Contains information about content defined inline to ingest into a data source. Choose a type and include the field that corresponds to it.
Contains configurations for an iterator node in a flow. Takes an input that is an array and iteratively sends each item of the array as an output to the following node. The size of the array is also returned in the output.
The output flow node at the end of the flow iteration will return a response for each member of the array. To return only one response, you can include a collector node downstream from the iterator node.
" }, + "Key":{ + "type":"string", + "max":200, + "min":1, + "sensitive":true + }, "KmsKeyArn":{ "type":"string", "max":2048, @@ -5531,6 +5947,67 @@ }, "documentation":"Contains details about the vector embeddings configuration of the knowledge base.
" }, + "KnowledgeBaseDocument":{ + "type":"structure", + "required":["content"], + "members":{ + "content":{ + "shape":"DocumentContent", + "documentation":"Contains the content of the document.
" + }, + "metadata":{ + "shape":"DocumentMetadata", + "documentation":"Contains the metadata to associate with the document.
" + } + }, + "documentation":"Contains information about a document to ingest into a knowledge base and metadata to associate with it.
" + }, + "KnowledgeBaseDocumentDetail":{ + "type":"structure", + "required":[ + "dataSourceId", + "identifier", + "knowledgeBaseId", + "status" + ], + "members":{ + "dataSourceId":{ + "shape":"Id", + "documentation":"The identifier of the data source connected to the knowledge base that the document was ingested into or deleted from.
" + }, + "identifier":{ + "shape":"DocumentIdentifier", + "documentation":"Contains information that identifies the document.
" + }, + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"The identifier of the knowledge base that the document was ingested into or deleted from.
" + }, + "status":{ + "shape":"DocumentStatus", + "documentation":"The ingestion status of the document. The following statuses are possible:
STARTED – You submitted the ingestion job containing the document.
PENDING – The document is waiting to be ingested.
IN_PROGRESS – The document is being ingested.
INDEXED – The document was successfully indexed.
PARTIALLY_INDEXED – The document was partially indexed.
METADATA_PARTIALLY_INDEXED – You submitted metadata for an existing document and it was partially indexed.
METADATA_UPDATE_FAILED – You submitted a metadata update for an existing document but it failed.
FAILED – The document failed to be ingested.
NOT_FOUND – The document wasn't found.
IGNORED – The document was ignored during ingestion.
DELETING – You submitted the delete job containing the document.
DELETE_IN_PROGRESS – The document is being deleted.
The reason for the status. Appears alongside the status IGNORED.
The date and time at which the document was last updated.
" + } + }, + "documentation":"Contains the details for a document that was ingested or deleted.
" + }, + "KnowledgeBaseDocumentDetails":{ + "type":"list", + "member":{"shape":"KnowledgeBaseDocumentDetail"} + }, + "KnowledgeBaseDocuments":{ + "type":"list", + "member":{"shape":"KnowledgeBaseDocument"}, + "max":10, + "min":1 + }, "KnowledgeBaseFlowNodeConfiguration":{ "type":"structure", "required":["knowledgeBaseId"], @@ -6055,6 +6532,49 @@ } } }, + "ListKnowledgeBaseDocumentsRequest":{ + "type":"structure", + "required":[ + "dataSourceId", + "knowledgeBaseId" + ], + "members":{ + "dataSourceId":{ + "shape":"Id", + "documentation":"The unique identifier of the data source that contains the documents.
", + "location":"uri", + "locationName":"dataSourceId" + }, + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"The unique identifier of the knowledge base that is connected to the data source.
", + "location":"uri", + "locationName":"knowledgeBaseId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
A list of objects, each of which contains information about the documents that were retrieved.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The key of the metadata attribute.
" + }, + "value":{ + "shape":"MetadataAttributeValue", + "documentation":"Contains the value of the metadata attribute.
" + } + }, + "documentation":"Contains information about a metadata attribute.
" + }, + "MetadataAttributeValue":{ + "type":"structure", + "required":["type"], + "members":{ + "booleanValue":{ + "shape":"Boolean", + "documentation":"The value of the Boolean metadata attribute.
" + }, + "numberValue":{ + "shape":"NumberValue", + "documentation":"The value of the numeric metadata attribute.
" + }, + "stringListValue":{ + "shape":"MetadataAttributeValueStringListValueList", + "documentation":"An array of strings that define the value of the metadata attribute.
" + }, + "stringValue":{ + "shape":"StringValue", + "documentation":"The value of the string metadata attribute.
" + }, + "type":{ + "shape":"MetadataValueType", + "documentation":"The type of the metadata attribute.
" + } + }, + "documentation":"Contains the value of the metadata attribute. Choose a type and include the field that corresponds to it.
The S3 location of the file containing the content to ingest.
" + } + }, + "documentation":"Contains information about the content to ingest into a knowledge base connected to an Amazon S3 data source.
" + }, "S3DataSourceConfiguration":{ "type":"structure", "required":["bucketArn"], @@ -7514,6 +8117,12 @@ "min":1, "pattern":"^[\\.\\-\\!\\*\\_\\'\\(\\)a-zA-Z0-9][\\.\\-\\!\\*\\_\\'\\(\\)\\/a-zA-Z0-9]*$" }, + "S3ObjectUri":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^s3://[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]/.{1,1024}$" + }, "S3Prefix":{ "type":"string", "max":300, @@ -7924,6 +8533,12 @@ "union":true }, "String":{"type":"string"}, + "StringValue":{ + "type":"string", + "max":2048, + "min":1, + "sensitive":true + }, "SystemContentBlock":{ "type":"structure", "members":{ @@ -7999,6 +8614,17 @@ "max":1, "min":0 }, + "TextContentDoc":{ + "type":"structure", + "required":["data"], + "members":{ + "data":{ + "shape":"Data", + "documentation":"The text of the content.
" + } + }, + "documentation":"Contains information about content defined inline in text.
" + }, "TextPrompt":{ "type":"string", "max":200000, From b7997ca87989e5af8093e1d5c80eae643975429c Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:05 +0000 Subject: [PATCH 13/35] Amazon Chime SDK Voice Update: This release adds supports for enterprises to integrate Amazon Connect with other voice systems. It supports directly transferring voice calls and metadata without using the public telephone network. It also supports real-time and post-call analytics. --- .../feature-AmazonChimeSDKVoice-59cfe26.json | 6 + .../codegen-resources/service-2.json | 180 ++++++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 .changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json diff --git a/.changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json b/.changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json new file mode 100644 index 00000000000..a70956b6d01 --- /dev/null +++ b/.changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Chime SDK Voice", + "contributor": "", + "description": "This release adds supports for enterprises to integrate Amazon Connect with other voice systems. It supports directly transferring voice calls and metadata without using the public telephone network. It also supports real-time and post-call analytics." +} diff --git a/services/chimesdkvoice/src/main/resources/codegen-resources/service-2.json b/services/chimesdkvoice/src/main/resources/codegen-resources/service-2.json index 688027c055a..e5e884a9cab 100644 --- a/services/chimesdkvoice/src/main/resources/codegen-resources/service-2.json +++ b/services/chimesdkvoice/src/main/resources/codegen-resources/service-2.json @@ -406,6 +406,26 @@ ], "documentation":"Deletes the emergency calling details from the specified Amazon Chime SDK Voice Connector.
" }, + "DeleteVoiceConnectorExternalSystemsConfiguration":{ + "name":"DeleteVoiceConnectorExternalSystemsConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/voice-connectors/{voiceConnectorId}/external-systems-configuration", + "responseCode":204 + }, + "input":{"shape":"DeleteVoiceConnectorExternalSystemsConfigurationRequest"}, + "errors":[ + {"shape":"UnauthorizedClientException"}, + {"shape":"NotFoundException"}, + {"shape":"ForbiddenException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Deletes the external systems configuration for a Voice Connector.
", + "idempotent":true + }, "DeleteVoiceConnectorGroup":{ "name":"DeleteVoiceConnectorGroup", "http":{ @@ -842,6 +862,26 @@ ], "documentation":"Retrieves the emergency calling configuration details for the specified Voice Connector.
" }, + "GetVoiceConnectorExternalSystemsConfiguration":{ + "name":"GetVoiceConnectorExternalSystemsConfiguration", + "http":{ + "method":"GET", + "requestUri":"/voice-connectors/{voiceConnectorId}/external-systems-configuration", + "responseCode":200 + }, + "input":{"shape":"GetVoiceConnectorExternalSystemsConfigurationRequest"}, + "output":{"shape":"GetVoiceConnectorExternalSystemsConfigurationResponse"}, + "errors":[ + {"shape":"UnauthorizedClientException"}, + {"shape":"NotFoundException"}, + {"shape":"ForbiddenException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Gets information about an external systems configuration for a Voice Connector.
" + }, "GetVoiceConnectorGroup":{ "name":"GetVoiceConnectorGroup", "http":{ @@ -1358,6 +1398,28 @@ ], "documentation":"Updates a Voice Connector's emergency calling configuration.
" }, + "PutVoiceConnectorExternalSystemsConfiguration":{ + "name":"PutVoiceConnectorExternalSystemsConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/voice-connectors/{voiceConnectorId}/external-systems-configuration", + "responseCode":200 + }, + "input":{"shape":"PutVoiceConnectorExternalSystemsConfigurationRequest"}, + "output":{"shape":"PutVoiceConnectorExternalSystemsConfigurationResponse"}, + "errors":[ + {"shape":"UnauthorizedClientException"}, + {"shape":"NotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Adds an external systems configuration to a Voice Connector.
", + "idempotent":true + }, "PutVoiceConnectorLoggingConfiguration":{ "name":"PutVoiceConnectorLoggingConfiguration", "http":{ @@ -2206,6 +2268,19 @@ "error":{"httpStatusCode":409}, "exception":true }, + "ContactCenterSystemType":{ + "type":"string", + "enum":[ + "GENESYS_ENGAGE_ON_PREMISES", + "AVAYA_AURA_CALL_CENTER_ELITE", + "AVAYA_AURA_CONTACT_CENTER", + "CISCO_UNIFIED_CONTACT_CENTER_ENTERPRISE" + ] + }, + "ContactCenterSystemTypeList":{ + "type":"list", + "member":{"shape":"ContactCenterSystemType"} + }, "Country":{ "type":"string", "pattern":"^$|^[A-Z]{2,2}$" @@ -2463,6 +2538,10 @@ "Tags":{ "shape":"TagList", "documentation":"The tags assigned to the Voice Connector.
" + }, + "IntegrationType":{ + "shape":"VoiceConnectorIntegrationType", + "documentation":"The connectors for use with Amazon Connect.
The following options are available:
CONNECT_CALL_TRANSFER_CONNECTOR - Enables enterprises to integrate Amazon Connect with other voice systems to directly transfer voice calls and metadata without using the public telephone network. They can use Amazon Connect telephony and Interactive Voice Response (IVR) with their existing voice systems to modernize the IVR experience of their existing contact center and their enterprise and branch voice systems. Additionally, enterprises migrating their contact center to Amazon Connect can start with Connect telephony and IVR for immediate modernization ahead of agent migration.
CONNECT_ANALYTICS_CONNECTOR - Enables enterprises to integrate Amazon Connect with other voice systems for real-time and post-call analytics. They can use Amazon Connect Contact Lens with their existing voice systems to provides call recordings, conversational analytics (including contact transcript, sensitive data redaction, content categorization, theme detection, sentiment analysis, real-time alerts, and post-contact summary), and agent performance evaluations (including evaluation forms, automated evaluation, supervisor review) with a rich user experience to display, search and filter customer interactions, and programmatic access to data streams and the data lake. Additionally, enterprises migrating their contact center to Amazon Connect can start with Contact Lens analytics and performance insights ahead of agent migration.
The ID of the Voice Connector for which to delete the external system configuration.
", + "location":"uri", + "locationName":"voiceConnectorId" + } + } + }, "DeleteVoiceConnectorGroupRequest":{ "type":"structure", "required":["VoiceConnectorGroupId"], @@ -2860,6 +2951,20 @@ "Gone" ] }, + "ExternalSystemsConfiguration":{ + "type":"structure", + "members":{ + "SessionBorderControllerTypes":{ + "shape":"SessionBorderControllerTypeList", + "documentation":"The session border controllers.
" + }, + "ContactCenterSystemTypes":{ + "shape":"ContactCenterSystemTypeList", + "documentation":"The contact center system.
" + } + }, + "documentation":"Contains information about an external systems configuration for a Voice Connector.
" + }, "ForbiddenException":{ "type":"structure", "members":{ @@ -3128,6 +3233,27 @@ } } }, + "GetVoiceConnectorExternalSystemsConfigurationRequest":{ + "type":"structure", + "required":["VoiceConnectorId"], + "members":{ + "VoiceConnectorId":{ + "shape":"NonEmptyString", + "documentation":"The ID of the Voice Connector for which to return information about the external system configuration.
", + "location":"uri", + "locationName":"voiceConnectorId" + } + } + }, + "GetVoiceConnectorExternalSystemsConfigurationResponse":{ + "type":"structure", + "members":{ + "ExternalSystemsConfiguration":{ + "shape":"ExternalSystemsConfiguration", + "documentation":"An object that contains information about an external systems configuration for a Voice Connector.
" + } + } + }, "GetVoiceConnectorGroupRequest":{ "type":"structure", "required":["VoiceConnectorGroupId"], @@ -4437,6 +4563,35 @@ } } }, + "PutVoiceConnectorExternalSystemsConfigurationRequest":{ + "type":"structure", + "required":["VoiceConnectorId"], + "members":{ + "VoiceConnectorId":{ + "shape":"NonEmptyString128", + "documentation":"The ID of the Voice Connector for which to add the external system configuration.
", + "location":"uri", + "locationName":"voiceConnectorId" + }, + "SessionBorderControllerTypes":{ + "shape":"SessionBorderControllerTypeList", + "documentation":"The session border controllers to use.
" + }, + "ContactCenterSystemTypes":{ + "shape":"ContactCenterSystemTypeList", + "documentation":"The contact center system to use.
" + } + } + }, + "PutVoiceConnectorExternalSystemsConfigurationResponse":{ + "type":"structure", + "members":{ + "ExternalSystemsConfiguration":{ + "shape":"ExternalSystemsConfiguration", + "documentation":"An object that contains information about an external systems configuration for a Voice Connector.
" + } + } + }, "PutVoiceConnectorLoggingConfigurationRequest":{ "type":"structure", "required":[ @@ -4762,6 +4917,20 @@ "exception":true, "fault":true }, + "SessionBorderControllerType":{ + "type":"string", + "enum":[ + "RIBBON_SBC", + "ORACLE_ACME_PACKET_SBC", + "AVAYA_SBCE", + "CISCO_UNIFIED_BORDER_ELEMENT", + "AUDIOCODES_MEDIANT_SBC" + ] + }, + "SessionBorderControllerTypeList":{ + "type":"list", + "member":{"shape":"SessionBorderControllerType"} + }, "SipApplicationPriority":{ "type":"integer", "min":1 @@ -5780,6 +5949,10 @@ "VoiceConnectorArn":{ "shape":"NonEmptyString", "documentation":"The ARN of the Voice Connector.
" + }, + "IntegrationType":{ + "shape":"VoiceConnectorIntegrationType", + "documentation":"The connectors for use with Amazon Connect.
" } }, "documentation":"The Amazon Chime SDK Voice Connector configuration, including outbound host name and encryption settings.
" @@ -5843,6 +6016,13 @@ "min":1, "pattern":"[a-zA-Z0-9 _.-]+" }, + "VoiceConnectorIntegrationType":{ + "type":"string", + "enum":[ + "CONNECT_CALL_TRANSFER_CONNECTOR", + "CONNECT_ANALYTICS_CONNECTOR" + ] + }, "VoiceConnectorItem":{ "type":"structure", "required":[ From 5140fd5ed5eddf1f5eb9b2538cb01c19bc4826ec Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:08 +0000 Subject: [PATCH 14/35] Amazon VPC Lattice Update: Lattice APIs that allow sharing and access of VPC resources across accounts. --- .../feature-AmazonVPCLattice-e1068cd.json | 6 + .../codegen-resources/paginators-1.json | 30 + .../codegen-resources/service-2.json | 2136 +++++++++++++++-- 3 files changed, 2007 insertions(+), 165 deletions(-) create mode 100644 .changes/next-release/feature-AmazonVPCLattice-e1068cd.json diff --git a/.changes/next-release/feature-AmazonVPCLattice-e1068cd.json b/.changes/next-release/feature-AmazonVPCLattice-e1068cd.json new file mode 100644 index 00000000000..44aa0914c3c --- /dev/null +++ b/.changes/next-release/feature-AmazonVPCLattice-e1068cd.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon VPC Lattice", + "contributor": "", + "description": "Lattice APIs that allow sharing and access of VPC resources across accounts." +} diff --git a/services/vpclattice/src/main/resources/codegen-resources/paginators-1.json b/services/vpclattice/src/main/resources/codegen-resources/paginators-1.json index 3727cc35f0b..7aa4fb1dbd2 100644 --- a/services/vpclattice/src/main/resources/codegen-resources/paginators-1.json +++ b/services/vpclattice/src/main/resources/codegen-resources/paginators-1.json @@ -12,12 +12,36 @@ "limit_key": "maxResults", "result_key": "items" }, + "ListResourceConfigurations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListResourceEndpointAssociations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListResourceGateways": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, "ListRules": { "input_token": "nextToken", "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" }, + "ListServiceNetworkResourceAssociations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, "ListServiceNetworkServiceAssociations": { "input_token": "nextToken", "output_token": "nextToken", @@ -30,6 +54,12 @@ "limit_key": "maxResults", "result_key": "items" }, + "ListServiceNetworkVpcEndpointAssociations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, "ListServiceNetworks": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/services/vpclattice/src/main/resources/codegen-resources/service-2.json b/services/vpclattice/src/main/resources/codegen-resources/service-2.json index 28db837d08d..45c9fa76b5e 100644 --- a/services/vpclattice/src/main/resources/codegen-resources/service-2.json +++ b/services/vpclattice/src/main/resources/codegen-resources/service-2.json @@ -5,11 +5,13 @@ "endpointPrefix":"vpc-lattice", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon VPC Lattice", "serviceId":"VPC Lattice", "signatureVersion":"v4", "signingName":"vpc-lattice", - "uid":"vpc-lattice-2022-11-30" + "uid":"vpc-lattice-2022-11-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchUpdateRule":{ @@ -73,6 +75,48 @@ "documentation":"Creates a listener for a service. Before you start using your Amazon VPC Lattice service, you must add one or more listeners. A listener is a process that checks for connection requests to your services. For more information, see Listeners in the Amazon VPC Lattice User Guide.
", "idempotent":true }, + "CreateResourceConfiguration":{ + "name":"CreateResourceConfiguration", + "http":{ + "method":"POST", + "requestUri":"/resourceconfigurations", + "responseCode":201 + }, + "input":{"shape":"CreateResourceConfigurationRequest"}, + "output":{"shape":"CreateResourceConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Creates a resource configuration. A resource configuration defines a specific resource. You can associate a resource configuration with a service network or a VPC endpoint.
", + "idempotent":true + }, + "CreateResourceGateway":{ + "name":"CreateResourceGateway", + "http":{ + "method":"POST", + "requestUri":"/resourcegateways", + "responseCode":201 + }, + "input":{"shape":"CreateResourceGatewayRequest"}, + "output":{"shape":"CreateResourceGatewayResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Creates a resource gateway.
", + "idempotent":true + }, "CreateRule":{ "name":"CreateRule", "http":{ @@ -136,6 +180,27 @@ "documentation":"Creates a service network. A service network is a logical boundary for a collection of services. You can associate services and VPCs with a service network.
For more information, see Service networks in the Amazon VPC Lattice User Guide.
", "idempotent":true }, + "CreateServiceNetworkResourceAssociation":{ + "name":"CreateServiceNetworkResourceAssociation", + "http":{ + "method":"POST", + "requestUri":"/servicenetworkresourceassociations", + "responseCode":201 + }, + "input":{"shape":"CreateServiceNetworkResourceAssociationRequest"}, + "output":{"shape":"CreateServiceNetworkResourceAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Associates the specified service network with the specified resource configuration. This allows the resource configuration to receive connections through the service network, including through a service network VPC endpoint.
", + "idempotent":true + }, "CreateServiceNetworkServiceAssociation":{ "name":"CreateServiceNetworkServiceAssociation", "http":{ @@ -154,7 +219,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], - "documentation":"Associates a service with a service network. For more information, see Manage service associations in the Amazon VPC Lattice User Guide.
You can't use this operation if the service and service network are already associated or if there is a disassociation or deletion in progress. If the association fails, you can retry the operation by deleting the association and recreating it.
You cannot associate a service and service network that are shared with a caller. The caller must own either the service or the service network.
As a result of this operation, the association is created in the service network account and the association owner account.
", + "documentation":"Associates the specified service with the specified service network. For more information, see Manage service associations in the Amazon VPC Lattice User Guide.
You can't use this operation if the service and service network are already associated or if there is a disassociation or deletion in progress. If the association fails, you can retry the operation by deleting the association and recreating it.
You cannot associate a service and service network that are shared with a caller. The caller must own either the service or the service network.
As a result of this operation, the association is created in the service network account and the association owner account.
", "idempotent":true }, "CreateServiceNetworkVpcAssociation":{ @@ -257,6 +322,65 @@ "documentation":"Deletes the specified listener.
", "idempotent":true }, + "DeleteResourceConfiguration":{ + "name":"DeleteResourceConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/resourceconfigurations/{resourceConfigurationIdentifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteResourceConfigurationRequest"}, + "output":{"shape":"DeleteResourceConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Deletes the specified resource configuration.
", + "idempotent":true + }, + "DeleteResourceEndpointAssociation":{ + "name":"DeleteResourceEndpointAssociation", + "http":{ + "method":"DELETE", + "requestUri":"/resourceendpointassociations/{resourceEndpointAssociationIdentifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteResourceEndpointAssociationRequest"}, + "output":{"shape":"DeleteResourceEndpointAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Disassociates the resource configuration from the resource VPC endpoint.
", + "idempotent":true + }, + "DeleteResourceGateway":{ + "name":"DeleteResourceGateway", + "http":{ + "method":"DELETE", + "requestUri":"/resourcegateways/{resourceGatewayIdentifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteResourceGatewayRequest"}, + "output":{"shape":"DeleteResourceGatewayResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Deletes the specified resource gateway.
", + "idempotent":true + }, "DeleteResourcePolicy":{ "name":"DeleteResourcePolicy", "http":{ @@ -336,6 +460,26 @@ "documentation":"Deletes a service network. You can only delete the service network if there is no service or VPC associated with it. If you delete a service network, all resources related to the service network, such as the resource policy, auth policy, and access log subscriptions, are also deleted. For more information, see Delete a service network in the Amazon VPC Lattice User Guide.
", "idempotent":true }, + "DeleteServiceNetworkResourceAssociation":{ + "name":"DeleteServiceNetworkResourceAssociation", + "http":{ + "method":"DELETE", + "requestUri":"/servicenetworkresourceassociations/{serviceNetworkResourceAssociationIdentifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteServiceNetworkResourceAssociationRequest"}, + "output":{"shape":"DeleteServiceNetworkResourceAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Deletes the association between a service network and a resource configuration.
", + "idempotent":true + }, "DeleteServiceNetworkServiceAssociation":{ "name":"DeleteServiceNetworkServiceAssociation", "http":{ @@ -353,7 +497,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"Deletes the association between a specified service and the specific service network. This operation fails if an association is still in progress.
", + "documentation":"Deletes the association between a service and a service network. This operation fails if an association is still in progress.
", "idempotent":true }, "DeleteServiceNetworkVpcAssociation":{ @@ -469,6 +613,42 @@ ], "documentation":"Retrieves information about the specified listener for the specified service.
" }, + "GetResourceConfiguration":{ + "name":"GetResourceConfiguration", + "http":{ + "method":"GET", + "requestUri":"/resourceconfigurations/{resourceConfigurationIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetResourceConfigurationRequest"}, + "output":{"shape":"GetResourceConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Retrieves information about the specified resource configuration.
" + }, + "GetResourceGateway":{ + "name":"GetResourceGateway", + "http":{ + "method":"GET", + "requestUri":"/resourcegateways/{resourceGatewayIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetResourceGatewayRequest"}, + "output":{"shape":"GetResourceGatewayResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Retrieves information about the specified resource gateway.
" + }, "GetResourcePolicy":{ "name":"GetResourcePolicy", "http":{ @@ -485,7 +665,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Retrieves information about the resource policy. The resource policy is an IAM policy created on behalf of the resource owner when they share a resource.
" + "documentation":"Retrieves information about the specified resource policy. The resource policy is an IAM policy created on behalf of the resource owner when they share a resource.
" }, "GetRule":{ "name":"GetRule", @@ -503,7 +683,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Retrieves information about listener rules. You can also retrieve information about the default listener rule. For more information, see Listener rules in the Amazon VPC Lattice User Guide.
" + "documentation":"Retrieves information about the specified listener rules. You can also retrieve information about the default listener rule. For more information, see Listener rules in the Amazon VPC Lattice User Guide.
" }, "GetService":{ "name":"GetService", @@ -541,6 +721,24 @@ ], "documentation":"Retrieves information about the specified service network.
" }, + "GetServiceNetworkResourceAssociation":{ + "name":"GetServiceNetworkResourceAssociation", + "http":{ + "method":"GET", + "requestUri":"/servicenetworkresourceassociations/{serviceNetworkResourceAssociationIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetServiceNetworkResourceAssociationRequest"}, + "output":{"shape":"GetServiceNetworkResourceAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Retrieves information about the specified association between a service network and a resource configuration.
" + }, "GetServiceNetworkServiceAssociation":{ "name":"GetServiceNetworkServiceAssociation", "http":{ @@ -575,7 +773,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Retrieves information about the association between a service network and a VPC.
" + "documentation":"Retrieves information about the specified association between a service network and a VPC.
" }, "GetTargetGroup":{ "name":"GetTargetGroup", @@ -610,7 +808,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Lists all access log subscriptions for the specified service network or service.
" + "documentation":"Lists the access log subscriptions for the specified service network or service.
" }, "ListListeners":{ "name":"ListListeners", @@ -630,6 +828,57 @@ ], "documentation":"Lists the listeners for the specified service.
" }, + "ListResourceConfigurations":{ + "name":"ListResourceConfigurations", + "http":{ + "method":"GET", + "requestUri":"/resourceconfigurations", + "responseCode":200 + }, + "input":{"shape":"ListResourceConfigurationsRequest"}, + "output":{"shape":"ListResourceConfigurationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists the resource configurations owned by or shared with this account.
" + }, + "ListResourceEndpointAssociations":{ + "name":"ListResourceEndpointAssociations", + "http":{ + "method":"GET", + "requestUri":"/resourceendpointassociations", + "responseCode":200 + }, + "input":{"shape":"ListResourceEndpointAssociationsRequest"}, + "output":{"shape":"ListResourceEndpointAssociationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists the associations for the specified VPC endpoint.
" + }, + "ListResourceGateways":{ + "name":"ListResourceGateways", + "http":{ + "method":"GET", + "requestUri":"/resourcegateways", + "responseCode":200 + }, + "input":{"shape":"ListResourceGatewaysRequest"}, + "output":{"shape":"ListResourceGatewaysResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists the resource gateways that you own or that were shared with you.
" + }, "ListRules":{ "name":"ListRules", "http":{ @@ -646,7 +895,24 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Lists the rules for the listener.
" + "documentation":"Lists the rules for the specified listener.
" + }, + "ListServiceNetworkResourceAssociations":{ + "name":"ListServiceNetworkResourceAssociations", + "http":{ + "method":"GET", + "requestUri":"/servicenetworkresourceassociations", + "responseCode":200 + }, + "input":{"shape":"ListServiceNetworkResourceAssociationsRequest"}, + "output":{"shape":"ListServiceNetworkResourceAssociationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists the associations between a service network and a resource configuration.
" }, "ListServiceNetworkServiceAssociations":{ "name":"ListServiceNetworkServiceAssociations", @@ -663,7 +929,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Lists the associations between the service network and the service. You can filter the list either by service or service network. You must provide either the service network identifier or the service identifier.
Every association in Amazon VPC Lattice is given a unique Amazon Resource Name (ARN), such as when a service network is associated with a VPC or when a service is associated with a service network. If the association is for a resource that is shared with another account, the association includes the local account ID as the prefix in the ARN for each account the resource is shared with.
" + "documentation":"Lists the associations between a service network and a service. You can filter the list either by service or service network. You must provide either the service network identifier or the service identifier.
Every association in Amazon VPC Lattice has a unique Amazon Resource Name (ARN), such as when a service network is associated with a VPC or when a service is associated with a service network. If the association is for a resource is shared with another account, the association includes the local account ID as the prefix in the ARN.
" }, "ListServiceNetworkVpcAssociations":{ "name":"ListServiceNetworkVpcAssociations", @@ -680,7 +946,24 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Lists the service network and VPC associations. You can filter the list either by VPC or service network. You must provide either the service network identifier or the VPC identifier.
" + "documentation":"Lists the associations between a service network and a VPC. You can filter the list either by VPC or service network. You must provide either the ID of the service network identifier or the ID of the VPC.
" + }, + "ListServiceNetworkVpcEndpointAssociations":{ + "name":"ListServiceNetworkVpcEndpointAssociations", + "http":{ + "method":"GET", + "requestUri":"/servicenetworkvpcendpointassociations", + "responseCode":200 + }, + "input":{"shape":"ListServiceNetworkVpcEndpointAssociationsRequest"}, + "output":{"shape":"ListServiceNetworkVpcEndpointAssociationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists the associations between a service network and a VPC endpoint.
" }, "ListServiceNetworks":{ "name":"ListServiceNetworks", @@ -697,7 +980,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Lists the service networks owned by the caller account or shared with the caller account. Also includes the account ID in the ARN to show which account owns the service network.
" + "documentation":"Lists the service networks owned by or shared with this account. The account ID in the ARN shows which account owns the service network.
" }, "ListServices":{ "name":"ListServices", @@ -896,11 +1179,49 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], "documentation":"Updates the specified listener for the specified service.
", "idempotent":true }, + "UpdateResourceConfiguration":{ + "name":"UpdateResourceConfiguration", + "http":{ + "method":"PATCH", + "requestUri":"/resourceconfigurations/{resourceConfigurationIdentifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateResourceConfigurationRequest"}, + "output":{"shape":"UpdateResourceConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Updates the specified resource configuration.
" + }, + "UpdateResourceGateway":{ + "name":"UpdateResourceGateway", + "http":{ + "method":"PATCH", + "requestUri":"/resourcegateways/{resourceGatewayIdentifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateResourceGatewayRequest"}, + "output":{"shape":"UpdateResourceGatewayResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Updates the specified resource gateway.
" + }, "UpdateRule":{ "name":"UpdateRule", "http":{ @@ -916,9 +1237,10 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], - "documentation":"Updates a rule for the listener. You can't modify a default listener rule. To modify a default listener rule, use UpdateListener.
Updates a specified rule for the listener. You can't modify a default listener rule. To modify a default listener rule, use UpdateListener.
Updates the specified service.
" @@ -977,7 +1300,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"Updates the service network and VPC association. If you add a security group to the service network and VPC association, the association must continue to always have at least one security group. You can add or edit security groups at any time. However, to remove all security groups, you must first delete the association and recreate it without security groups.
", + "documentation":"Updates the service network and VPC association. If you add a security group to the service network and VPC association, the association must continue to have at least one security group. You can add or edit security groups at any time. However, to remove all security groups, you must first delete the association and then recreate it without security groups.
", "idempotent":true }, "UpdateTargetGroup":{ @@ -995,6 +1318,7 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], "documentation":"Updates the specified target group.
", @@ -1061,7 +1385,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the access log subscription was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the access log subscription was created, in ISO-8601 format.
" }, "destinationArn":{ "shape":"AccessLogDestinationArn", @@ -1073,7 +1397,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the access log subscription was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the access log subscription was last updated, in ISO-8601 format.
" }, "resourceArn":{ "shape":"ResourceArn", @@ -1082,6 +1406,10 @@ "resourceId":{ "shape":"ResourceId", "documentation":"The ID of the service or service network.
" + }, + "serviceNetworkLogType":{ + "shape":"ServiceNetworkLogType", + "documentation":"Log type of the service network.
" } }, "documentation":"Summary information about an access log subscription.
" @@ -1098,6 +1426,16 @@ "min":0, "pattern":"^arn:[a-z0-9][-.a-z0-9]{0,62}:vpc-lattice:([a-z0-9][-.a-z0-9]{0,62})?:\\d{12}?:[^/].{0,1023}$" }, + "ArnResource":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"WildcardArn", + "documentation":"The Amazon Resource Name (ARN) of the resource.
" + } + }, + "documentation":"The Amazon Resource Name (ARN) of the resource.
" + }, "AuthPolicyState":{ "type":"string", "enum":[ @@ -1127,7 +1465,7 @@ "members":{ "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, @@ -1137,7 +1475,7 @@ }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -1215,7 +1553,11 @@ }, "resourceIdentifier":{ "shape":"ResourceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network or service.
" + "documentation":"The ID or ARN of the service network or service.
" + }, + "serviceNetworkLogType":{ + "shape":"ServiceNetworkLogType", + "documentation":"The type of log that monitors your Amazon VPC Lattice service networks.
" }, "tags":{ "shape":"TagMap", @@ -1252,6 +1594,10 @@ "resourceId":{ "shape":"ResourceId", "documentation":"The ID of the service network or service.
" + }, + "serviceNetworkLogType":{ + "shape":"ServiceNetworkLogType", + "documentation":"The type of log that monitors your Amazon VPC Lattice service networks.
" } } }, @@ -1287,7 +1633,7 @@ }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" }, @@ -1334,47 +1680,236 @@ } } }, - "CreateRuleRequest":{ + "CreateResourceConfigurationRequest":{ "type":"structure", "required":[ - "action", - "listenerIdentifier", - "match", "name", - "priority", - "serviceIdentifier" + "type" ], "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"The action for the default rule.
" + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"(SINGLE, GROUP, ARN) Specifies whether the resource configuration can be associated with a sharable service network. The default is false.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.
", "idempotencyToken":true }, - "listenerIdentifier":{ - "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", - "location":"uri", - "locationName":"listenerIdentifier" + "name":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration. The name must be unique within the account. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.
" }, - "match":{ - "shape":"RuleMatch", - "documentation":"The rule match.
" + "portRanges":{ + "shape":"PortRangeList", + "documentation":"(SINGLE, GROUP, CHILD) The TCP port ranges that a consumer can use to access a resource configuration (for example: 1-65535). You can separate port ranges using commas (for example: 1,2,22-30).
" }, - "name":{ - "shape":"RuleName", - "documentation":"The name of the rule. The name must be unique within the listener. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.
" + "protocol":{ + "shape":"ProtocolType", + "documentation":"(SINGLE, GROUP) The protocol accepted by the resource configuration.
" }, - "priority":{ - "shape":"RulePriority", - "documentation":"The priority assigned to the rule. Each rule for a specific listener must have a unique priority. The lower the priority number the higher the priority.
" + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"(SINGLE, CHILD, ARN) The resource configuration.
" }, - "serviceIdentifier":{ + "resourceConfigurationGroupIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"(CHILD) The ID or ARN of the parent resource configuration (type is GROUP). This is used to associate a child resource configuration with a group resource configuration.
(SINGLE, GROUP, ARN) The ID or ARN of the resource gateway used to connect to the resource configuration. For a child resource configuration, this value is inherited from the parent resource configuration.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for the resource configuration.
" + }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"The type of resource configuration.
SINGLE - A single resource.
GROUP - A group of resources. You must create a group resource configuration before you create a child resource configuration.
CHILD - A single resource that is part of a group resource configuration.
ARN - An Amazon Web Services resource.
Specifies whether the resource configuration can be associated with a sharable service network.
" + }, + "arn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the resource configuration was created, in ISO-8601 format.
" + }, + "failureReason":{ + "shape":"String", + "documentation":"The reason that the request failed.
" + }, + "id":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration.
" + }, + "name":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration.
" + }, + "portRanges":{ + "shape":"PortRangeList", + "documentation":"The port range.
" + }, + "protocol":{ + "shape":"ProtocolType", + "documentation":"The protocol.
" + }, + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"The resource configuration.
" + }, + "resourceConfigurationGroupId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the parent resource configuration (type is GROUP).
" + }, + "resourceGatewayId":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway associated with the resource configuration.
" + }, + "status":{ + "shape":"ResourceConfigurationStatus", + "documentation":"The current status of the resource configuration.
" + }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"The type of resource configuration.
" + } + } + }, + "CreateResourceGatewayRequest":{ + "type":"structure", + "required":[ + "name", + "subnetIds", + "vpcIdentifier" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.
", + "idempotencyToken":true + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"The type of IP address used by the resource gateway.
" + }, + "name":{ + "shape":"ResourceGatewayName", + "documentation":"The name of the resource gateway.
" + }, + "securityGroupIds":{ + "shape":"CreateResourceGatewayRequestSecurityGroupIdsList", + "documentation":"The IDs of the security groups to apply to the resource gateway. The security groups must be in the same VPC.
" + }, + "subnetIds":{ + "shape":"SubnetList", + "documentation":"The IDs of the VPC subnets in which to create the resource gateway.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for the resource gateway.
" + }, + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"The ID of the VPC for the resource gateway.
" + } + } + }, + "CreateResourceGatewayRequestSecurityGroupIdsList":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "max":5, + "min":0 + }, + "CreateResourceGatewayResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"The Amazon Resource Name (ARN) of the resource gateway.
" + }, + "id":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway.
" + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"The type of IP address for the resource gateway.
" + }, + "name":{ + "shape":"ResourceGatewayName", + "documentation":"The name of the resource gateway.
" + }, + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"The IDs of the security groups for the resource gateway.
" + }, + "status":{ + "shape":"ResourceGatewayStatus", + "documentation":"The status of the resource gateway.
" + }, + "subnetIds":{ + "shape":"SubnetList", + "documentation":"The IDs of the resource gateway subnets.
" + }, + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"The ID of the VPC.
" + } + } + }, + "CreateRuleRequest":{ + "type":"structure", + "required":[ + "action", + "listenerIdentifier", + "match", + "name", + "priority", + "serviceIdentifier" + ], + "members":{ + "action":{ + "shape":"RuleAction", + "documentation":"The action for the default rule.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.
", + "idempotencyToken":true + }, + "listenerIdentifier":{ + "shape":"ListenerIdentifier", + "documentation":"The ID or ARN of the listener.
", + "location":"uri", + "locationName":"listenerIdentifier" + }, + "match":{ + "shape":"RuleMatch", + "documentation":"The rule match.
" + }, + "name":{ + "shape":"RuleName", + "documentation":"The name of the rule. The name must be unique within the listener. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.
" + }, + "priority":{ + "shape":"RulePriority", + "documentation":"The priority assigned to the rule. Each rule for a specific listener must have a unique priority. The lower the priority number the higher the priority.
" + }, + "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" }, @@ -1430,12 +1965,63 @@ "shape":"ServiceNetworkName", "documentation":"The name of the service network. The name must be unique to the account. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.
" }, + "sharingConfig":{ + "shape":"SharingConfig", + "documentation":"Specify if the service network should be enabled for sharing.
" + }, "tags":{ "shape":"TagMap", "documentation":"The tags for the service network.
" } } }, + "CreateServiceNetworkResourceAssociationRequest":{ + "type":"structure", + "required":[ + "resourceConfigurationIdentifier", + "serviceNetworkIdentifier" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.
", + "idempotencyToken":true + }, + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"The ID of the resource configuration to associate with the service network.
" + }, + "serviceNetworkIdentifier":{ + "shape":"ServiceNetworkIdentifierWithoutRegex", + "documentation":"The ID of the service network to associate with the resource configuration.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for the association.
" + } + } + }, + "CreateServiceNetworkResourceAssociationResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ServiceNetworkResourceAssociationArn", + "documentation":"The Amazon Resource Name (ARN) of the association.
" + }, + "createdBy":{ + "shape":"AccountId", + "documentation":"The ID of the account that created the association.
" + }, + "id":{ + "shape":"ServiceNetworkResourceAssociationId", + "documentation":"The ID of the association.
" + }, + "status":{ + "shape":"ServiceNetworkResourceAssociationStatus", + "documentation":"The status of the association.
" + } + } + }, "CreateServiceNetworkResponse":{ "type":"structure", "members":{ @@ -1454,6 +2040,10 @@ "name":{ "shape":"ServiceNetworkName", "documentation":"The name of the service network.
" + }, + "sharingConfig":{ + "shape":"SharingConfig", + "documentation":"Specifies if the service network is enabled for sharing.
" } } }, @@ -1471,11 +2061,11 @@ }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
" + "documentation":"The ID or ARN of the service.
" }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network. You must use the ARN if the resources specified in the operation are in different accounts.
" + "documentation":"The ID or ARN of the service network. You must use an ARN if the resources are in different accounts.
" }, "tags":{ "shape":"TagMap", @@ -1530,7 +2120,7 @@ }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network. You must use the ARN when the resources specified in the operation are in different accounts.
" + "documentation":"The ID or ARN of the service network. You must use an ARN if the resources are in different accounts.
" }, "tags":{ "shape":"TagMap", @@ -1706,7 +2296,7 @@ "members":{ "accessLogSubscriptionIdentifier":{ "shape":"AccessLogSubscriptionIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the access log subscription.
", + "documentation":"The ID or ARN of the access log subscription.
", "location":"uri", "locationName":"accessLogSubscriptionIdentifier" } @@ -1723,7 +2313,7 @@ "members":{ "resourceIdentifier":{ "shape":"ResourceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the resource.
", + "documentation":"The ID or ARN of the resource.
", "location":"uri", "locationName":"resourceIdentifier" } @@ -1743,13 +2333,13 @@ "members":{ "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -1760,6 +2350,93 @@ "members":{ } }, + "DeleteResourceConfigurationRequest":{ + "type":"structure", + "required":["resourceConfigurationIdentifier"], + "members":{ + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"The ID or ARN of the resource configuration.
", + "location":"uri", + "locationName":"resourceConfigurationIdentifier" + } + } + }, + "DeleteResourceConfigurationResponse":{ + "type":"structure", + "members":{ + } + }, + "DeleteResourceEndpointAssociationRequest":{ + "type":"structure", + "required":["resourceEndpointAssociationIdentifier"], + "members":{ + "resourceEndpointAssociationIdentifier":{ + "shape":"ResourceEndpointAssociationIdentifier", + "documentation":"The ID or ARN of the association.
", + "location":"uri", + "locationName":"resourceEndpointAssociationIdentifier" + } + } + }, + "DeleteResourceEndpointAssociationResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ResourceEndpointAssociationArn", + "documentation":"The Amazon Resource Name (ARN) of the association.
" + }, + "id":{ + "shape":"ResourceEndpointAssociationId", + "documentation":"The ID of the association.
" + }, + "resourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration associated with the VPC endpoint of type resource.
" + }, + "resourceConfigurationId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration.
" + }, + "vpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"The ID of the resource VPC endpoint that is associated with the resource configuration.
" + } + } + }, + "DeleteResourceGatewayRequest":{ + "type":"structure", + "required":["resourceGatewayIdentifier"], + "members":{ + "resourceGatewayIdentifier":{ + "shape":"ResourceGatewayIdentifier", + "documentation":"The ID or ARN of the resource gateway.
", + "location":"uri", + "locationName":"resourceGatewayIdentifier" + } + } + }, + "DeleteResourceGatewayResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"The Amazon Resource Name (ARN) of the resource gateway.
" + }, + "id":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway.
" + }, + "name":{ + "shape":"ResourceGatewayName", + "documentation":"The name of the resource gateway.
" + }, + "status":{ + "shape":"ResourceGatewayStatus", + "documentation":"The status of the resource gateway.
" + } + } + }, "DeleteResourcePolicyRequest":{ "type":"structure", "required":["resourceArn"], @@ -1787,19 +2464,19 @@ "members":{ "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, "ruleIdentifier":{ "shape":"RuleIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the rule.
", + "documentation":"The ID or ARN of the rule.
", "location":"uri", "locationName":"ruleIdentifier" }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -1816,12 +2493,41 @@ "members":{ "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", - "documentation":"The Amazon Resource Name (ARN) or ID of the service network.
", + "documentation":"The ID or ARN of the service network.
", "location":"uri", "locationName":"serviceNetworkIdentifier" } } }, + "DeleteServiceNetworkResourceAssociationRequest":{ + "type":"structure", + "required":["serviceNetworkResourceAssociationIdentifier"], + "members":{ + "serviceNetworkResourceAssociationIdentifier":{ + "shape":"ServiceNetworkResourceAssociationIdentifier", + "documentation":"The ID of the association.
", + "location":"uri", + "locationName":"serviceNetworkResourceAssociationIdentifier" + } + } + }, + "DeleteServiceNetworkResourceAssociationResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ServiceNetworkResourceAssociationArn", + "documentation":"The Amazon Resource Name (ARN) of the association.
" + }, + "id":{ + "shape":"ServiceNetworkResourceAssociationId", + "documentation":"The ID of the association.
" + }, + "status":{ + "shape":"ServiceNetworkResourceAssociationStatus", + "documentation":"The status of the association.
" + } + } + }, "DeleteServiceNetworkResponse":{ "type":"structure", "members":{ @@ -1833,7 +2539,7 @@ "members":{ "serviceNetworkServiceAssociationIdentifier":{ "shape":"ServiceNetworkServiceAssociationIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the association.
", + "documentation":"The ID or ARN of the association.
", "location":"uri", "locationName":"serviceNetworkServiceAssociationIdentifier" } @@ -1862,7 +2568,7 @@ "members":{ "serviceNetworkVpcAssociationIdentifier":{ "shape":"ServiceNetworkVpcAssociationIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the association.
", + "documentation":"The ID or ARN of the association.
", "location":"uri", "locationName":"serviceNetworkVpcAssociationIdentifier" } @@ -1891,7 +2597,7 @@ "members":{ "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -1924,7 +2630,7 @@ "members":{ "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the target group.
", + "documentation":"The ID or ARN of the target group.
", "location":"uri", "locationName":"targetGroupIdentifier" } @@ -1956,7 +2662,7 @@ "members":{ "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the target group.
", + "documentation":"The ID or ARN of the target group.
", "location":"uri", "locationName":"targetGroupIdentifier" }, @@ -1999,6 +2705,25 @@ }, "documentation":"Describes the DNS information of a service.
" }, + "DnsResource":{ + "type":"structure", + "members":{ + "domainName":{ + "shape":"DomainName", + "documentation":"The domain name of the resource.
" + }, + "ipAddressType":{ + "shape":"ResourceConfigurationIpAddressType", + "documentation":"The type of IP address.
" + } + }, + "documentation":"The DNS name of the resource.
" + }, + "DomainName":{ + "type":"string", + "max":255, + "min":3 + }, "FailureCode":{"type":"string"}, "FailureMessage":{"type":"string"}, "FixedResponseAction":{ @@ -2029,7 +2754,7 @@ "members":{ "accessLogSubscriptionIdentifier":{ "shape":"AccessLogSubscriptionIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the access log subscription.
", + "documentation":"The ID or ARN of the access log subscription.
", "location":"uri", "locationName":"accessLogSubscriptionIdentifier" } @@ -2053,7 +2778,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the access log subscription was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the access log subscription was created, in ISO-8601 format.
" }, "destinationArn":{ "shape":"AccessLogDestinationArn", @@ -2065,7 +2790,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the access log subscription was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the access log subscription was last updated, in ISO-8601 format.
" }, "resourceArn":{ "shape":"ResourceArn", @@ -2074,6 +2799,10 @@ "resourceId":{ "shape":"ResourceId", "documentation":"The ID of the service network or service.
" + }, + "serviceNetworkLogType":{ + "shape":"ServiceNetworkLogType", + "documentation":"The log type for the service network.
" } } }, @@ -2083,7 +2812,7 @@ "members":{ "resourceIdentifier":{ "shape":"ResourceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network or service.
", + "documentation":"The ID or ARN of the service network or service.
", "location":"uri", "locationName":"resourceIdentifier" } @@ -2094,11 +2823,11 @@ "members":{ "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the auth policy was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the auth policy was created, in ISO-8601 format.
" }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the auth policy was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the auth policy was last updated, in ISO-8601 format.
" }, "policy":{ "shape":"AuthPolicyString", @@ -2119,13 +2848,13 @@ "members":{ "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -2140,7 +2869,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener was created, in ISO-8601 format.
" }, "defaultAction":{ "shape":"RuleAction", @@ -2152,7 +2881,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener was last updated, in ISO-8601 format.
" }, "name":{ "shape":"ListenerName", @@ -2176,27 +2905,165 @@ } } }, - "GetResourcePolicyRequest":{ + "GetResourceConfigurationRequest":{ "type":"structure", - "required":["resourceArn"], + "required":["resourceConfigurationIdentifier"], "members":{ - "resourceArn":{ - "shape":"ResourceArn", - "documentation":"The Amazon Resource Name (ARN) of the service network or service.
", + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"The ID of the resource configuration.
", "location":"uri", - "locationName":"resourceArn" + "locationName":"resourceConfigurationIdentifier" } } }, - "GetResourcePolicyResponse":{ + "GetResourceConfigurationResponse":{ "type":"structure", "members":{ - "policy":{ - "shape":"PolicyString", - "documentation":"An IAM policy.
" - } - } - }, + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"Specifies whether the resource configuration is associated with a sharable service network.
" + }, + "amazonManaged":{ + "shape":"Boolean", + "documentation":"Indicates whether the resource configuration was created and is managed by Amazon.
" + }, + "arn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the resource configuration was created, in ISO-8601 format.
" + }, + "customDomainName":{ + "shape":"DomainName", + "documentation":"The custom domain name of the resource configuration.
" + }, + "failureReason":{ + "shape":"String", + "documentation":"The reason the create-resource-configuration request failed.
" + }, + "id":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration.
" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"The most recent date and time that the resource configuration was updated, in ISO-8601 format.
" + }, + "name":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration.
" + }, + "portRanges":{ + "shape":"PortRangeList", + "documentation":"The TCP port ranges that a consumer can use to access a resource configuration. You can separate port ranges with a comma. Example: 1-65535 or 1,2,22-30
" + }, + "protocol":{ + "shape":"ProtocolType", + "documentation":"The TCP protocol accepted by the specified resource configuration.
" + }, + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"The resource configuration.
" + }, + "resourceConfigurationGroupId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the group resource configuration.
" + }, + "resourceGatewayId":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway used to connect to the resource configuration in a given VPC. You can specify the resource gateway identifier only for resource configurations with type SINGLE, GROUP, or ARN.
" + }, + "status":{ + "shape":"ResourceConfigurationStatus", + "documentation":"The status of the resource configuration.
" + }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"The type of resource configuration.
SINGLE - A single resource.
GROUP - A group of resources.
CHILD - A single resource that is part of a group resource configuration.
ARN - An Amazon Web Services resource.
The ID of the resource gateway.
", + "location":"uri", + "locationName":"resourceGatewayIdentifier" + } + } + }, + "GetResourceGatewayResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"The Amazon Resource Name (ARN) of the resource gateway.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the resource gateway was created, in ISO-8601 format.
" + }, + "id":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway.
" + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"The type of IP address for the resource gateway.
" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the resource gateway was last updated, in ISO-8601 format.
" + }, + "name":{ + "shape":"ResourceGatewayName", + "documentation":"The name of the resource gateway.
" + }, + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"The security group IDs associated with the resource gateway.
" + }, + "status":{ + "shape":"ResourceGatewayStatus", + "documentation":"The status for the resource gateway.
" + }, + "subnetIds":{ + "shape":"SubnetList", + "documentation":"The IDs of the VPC subnets for resource gateway.
" + }, + "vpcId":{ + "shape":"VpcId", + "documentation":"The ID of the VPC for the resource gateway.
" + } + } + }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the service network or service.
", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "GetResourcePolicyResponse":{ + "type":"structure", + "members":{ + "policy":{ + "shape":"PolicyString", + "documentation":"An IAM policy.
" + } + } + }, "GetRuleRequest":{ "type":"structure", "required":[ @@ -2207,19 +3074,19 @@ "members":{ "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, "ruleIdentifier":{ "shape":"RuleIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener rule.
", + "documentation":"The ID or ARN of the listener rule.
", "location":"uri", "locationName":"ruleIdentifier" }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -2238,7 +3105,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener rule was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener rule was created, in ISO-8601 format.
" }, "id":{ "shape":"RuleId", @@ -2250,7 +3117,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener rule was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener rule was last updated, in ISO-8601 format.
" }, "match":{ "shape":"RuleMatch", @@ -2272,12 +3139,97 @@ "members":{ "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network.
", + "documentation":"The ID or ARN of the service network.
", "location":"uri", "locationName":"serviceNetworkIdentifier" } } }, + "GetServiceNetworkResourceAssociationRequest":{ + "type":"structure", + "required":["serviceNetworkResourceAssociationIdentifier"], + "members":{ + "serviceNetworkResourceAssociationIdentifier":{ + "shape":"ServiceNetworkResourceAssociationIdentifier", + "documentation":"The ID of the association.
", + "location":"uri", + "locationName":"serviceNetworkResourceAssociationIdentifier" + } + } + }, + "GetServiceNetworkResourceAssociationResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ServiceNetworkResourceAssociationArn", + "documentation":"The Amazon Resource Name (ARN) of the association.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the association was created, in ISO-8601 format.
" + }, + "createdBy":{ + "shape":"AccountId", + "documentation":"The account that created the association.
" + }, + "dnsEntry":{ + "shape":"DnsEntry", + "documentation":"The DNS entry for the service.
" + }, + "failureCode":{ + "shape":"String", + "documentation":"The failure code.
" + }, + "failureReason":{ + "shape":"String", + "documentation":"The reason the association request failed.
" + }, + "id":{ + "shape":"ServiceNetworkResourceAssociationId", + "documentation":"The ID of the association.
" + }, + "isManagedAssociation":{ + "shape":"Boolean", + "documentation":"Indicates whether the association is managed by Amazon.
" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"The most recent date and time that the association was updated, in ISO-8601 format.
" + }, + "privateDnsEntry":{ + "shape":"DnsEntry", + "documentation":"The private DNS entry for the service.
" + }, + "resourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the association.
" + }, + "resourceConfigurationId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration that is associated with the service network.
" + }, + "resourceConfigurationName":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration that is associated with the service network.
" + }, + "serviceNetworkArn":{ + "shape":"ServiceNetworkIdentifierWithoutRegex", + "documentation":"The Amazon Resource Name (ARN) of the service network that is associated with the resource configuration.
" + }, + "serviceNetworkId":{ + "shape":"ServiceNetworkIdentifierWithoutRegex", + "documentation":"The ID of the service network that is associated with the resource configuration.
" + }, + "serviceNetworkName":{ + "shape":"ServiceNetworkNameWithoutRegex", + "documentation":"The name of the service network that is associated with the resource configuration.
" + }, + "status":{ + "shape":"ServiceNetworkResourceAssociationStatus", + "documentation":"The status of the association.
" + } + } + }, "GetServiceNetworkResponse":{ "type":"structure", "members":{ @@ -2291,7 +3243,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the service network was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the service network was created, in ISO-8601 format.
" }, "id":{ "shape":"ServiceNetworkId", @@ -2299,7 +3251,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time of the last update, specified in ISO-8601 format.
" + "documentation":"The date and time of the last update, in ISO-8601 format.
" }, "name":{ "shape":"ServiceNetworkName", @@ -2312,6 +3264,10 @@ "numberOfAssociatedVPCs":{ "shape":"Long", "documentation":"The number of VPCs associated with the service network.
" + }, + "sharingConfig":{ + "shape":"SharingConfig", + "documentation":"Specifies if the service network is enabled for sharing.
" } } }, @@ -2321,7 +3277,7 @@ "members":{ "serviceNetworkServiceAssociationIdentifier":{ "shape":"ServiceNetworkServiceAssociationIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the association.
", + "documentation":"The ID or ARN of the association.
", "location":"uri", "locationName":"serviceNetworkServiceAssociationIdentifier" } @@ -2336,7 +3292,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the association was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the association was created, in ISO-8601 format.
" }, "createdBy":{ "shape":"AccountId", @@ -2398,7 +3354,7 @@ "members":{ "serviceNetworkVpcAssociationIdentifier":{ "shape":"ServiceNetworkVpcAssociationIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the association.
", + "documentation":"The ID or ARN of the association.
", "location":"uri", "locationName":"serviceNetworkVpcAssociationIdentifier" } @@ -2413,7 +3369,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the association was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the association was created, in ISO-8601 format.
" }, "createdBy":{ "shape":"AccountId", @@ -2429,11 +3385,11 @@ }, "id":{ "shape":"ServiceNetworkVpcAssociationId", - "documentation":"The ID of the specified association between the service network and the VPC.
" + "documentation":"The ID of the association.
" }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the association was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the association was last updated, in ISO-8601 format.
" }, "securityGroupIds":{ "shape":"SecurityGroupList", @@ -2467,7 +3423,7 @@ "members":{ "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -2490,7 +3446,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the service was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the service was created, in ISO-8601 format.
" }, "customDomainName":{ "shape":"ServiceCustomDomainName", @@ -2514,7 +3470,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the service was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the service was last updated, in ISO-8601 format.
" }, "name":{ "shape":"ServiceName", @@ -2532,7 +3488,7 @@ "members":{ "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the target group.
", + "documentation":"The ID or ARN of the target group.
", "location":"uri", "locationName":"targetGroupIdentifier" } @@ -2551,7 +3507,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the target group was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the target group was created, in ISO-8601 format.
" }, "failureCode":{ "shape":"String", @@ -2567,7 +3523,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the target group was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the target group was last updated, in ISO-8601 format.
" }, "name":{ "shape":"TargetGroupName", @@ -2794,6 +3750,11 @@ "fault":true, "retryable":{"throttling":false} }, + "IpAddress":{ + "type":"string", + "max":39, + "min":4 + }, "IpAddressType":{ "type":"string", "enum":[ @@ -2801,6 +3762,16 @@ "IPV6" ] }, + "IpResource":{ + "type":"structure", + "members":{ + "ipAddress":{ + "shape":"IpAddress", + "documentation":"The IP address of the IP resource.
" + } + }, + "documentation":"Describes an IP resource.
" + }, "LambdaEventStructureVersion":{ "type":"string", "enum":[ @@ -2826,7 +3797,7 @@ }, "resourceIdentifier":{ "shape":"ResourceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network or service.
", + "documentation":"The ID or ARN of the service network or service.
", "location":"querystring", "locationName":"resourceIdentifier" } @@ -2864,7 +3835,7 @@ }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -2884,6 +3855,134 @@ } } }, + "ListResourceConfigurationsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum page size.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A pagination token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "resourceConfigurationGroupIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"The ID of the group resource configuration.
", + "location":"querystring", + "locationName":"resourceConfigurationGroupIdentifier" + }, + "resourceGatewayIdentifier":{ + "shape":"ResourceGatewayIdentifier", + "documentation":"The ID of the resource gateway for the resource configuration.
", + "location":"querystring", + "locationName":"resourceGatewayIdentifier" + } + } + }, + "ListResourceConfigurationsResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"ResourceConfigurationSummaryList", + "documentation":"Information about the resource configurations.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
" + } + } + }, + "ListResourceEndpointAssociationsRequest":{ + "type":"structure", + "required":["resourceConfigurationIdentifier"], + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum page size.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A pagination token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"The ID for the resource configuration associated with the VPC endpoint.
", + "location":"querystring", + "locationName":"resourceConfigurationIdentifier" + }, + "resourceEndpointAssociationIdentifier":{ + "shape":"ResourceEndpointAssociationIdentifier", + "documentation":"The ID of the association.
", + "location":"querystring", + "locationName":"resourceEndpointAssociationIdentifier" + }, + "vpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"The ID of the VPC endpoint in the association.
", + "location":"querystring", + "locationName":"vpcEndpointId" + }, + "vpcEndpointOwner":{ + "shape":"VpcEndpointOwner", + "documentation":"The owner of the VPC endpoint in the association.
", + "location":"querystring", + "locationName":"vpcEndpointOwner" + } + } + }, + "ListResourceEndpointAssociationsResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"ResourceEndpointAssociationList", + "documentation":"Information about the VPC endpoint associations.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
" + } + } + }, + "ListResourceGatewaysRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum page size.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListResourceGatewaysResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"ResourceGatewayList", + "documentation":"Information about the resource gateways.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
" + } + } + }, "ListRulesRequest":{ "type":"structure", "required":[ @@ -2893,7 +3992,7 @@ "members":{ "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, @@ -2911,7 +4010,7 @@ }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -2931,6 +4030,49 @@ } } }, + "ListServiceNetworkResourceAssociationsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum page size.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"The ID of the resource configurationk.
", + "location":"querystring", + "locationName":"resourceConfigurationIdentifier" + }, + "serviceNetworkIdentifier":{ + "shape":"ServiceNetworkIdentifier", + "documentation":"The ID of the service network.
", + "location":"querystring", + "locationName":"serviceNetworkIdentifier" + } + } + }, + "ListServiceNetworkResourceAssociationsResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"ServiceNetworkResourceAssociationList", + "documentation":"Information about the associations.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
" + } + } + }, "ListServiceNetworkServiceAssociationsRequest":{ "type":"structure", "members":{ @@ -2948,13 +4090,13 @@ }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"querystring", "locationName":"serviceIdentifier" }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network.
", + "documentation":"The ID or ARN of the service network.
", "location":"querystring", "locationName":"serviceNetworkIdentifier" } @@ -2991,13 +4133,13 @@ }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network.
", + "documentation":"The ID or ARN of the service network.
", "location":"querystring", "locationName":"serviceNetworkIdentifier" }, "vpcIdentifier":{ "shape":"VpcId", - "documentation":"The ID or Amazon Resource Name (ARN) of the VPC.
", + "documentation":"The ID or ARN of the VPC.
", "location":"querystring", "locationName":"vpcIdentifier" } @@ -3017,6 +4159,44 @@ } } }, + "ListServiceNetworkVpcEndpointAssociationsRequest":{ + "type":"structure", + "required":["serviceNetworkIdentifier"], + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum page size.
", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "serviceNetworkIdentifier":{ + "shape":"ServiceNetworkIdentifier", + "documentation":"The ID of the service network associated with the VPC endpoint.
", + "location":"querystring", + "locationName":"serviceNetworkIdentifier" + } + } + }, + "ListServiceNetworkVpcEndpointAssociationsResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"ServiceNetworkVpcEndpointAssociationList", + "documentation":"Information about the association between the VPC endpoint and service network.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, a pagination token for the next page of results.
" + } + } + }, "ListServiceNetworksRequest":{ "type":"structure", "members":{ @@ -3122,7 +4302,7 @@ }, "vpcIdentifier":{ "shape":"VpcId", - "documentation":"The ID or Amazon Resource Name (ARN) of the VPC.
", + "documentation":"The ID or ARN of the VPC.
", "location":"querystring", "locationName":"vpcIdentifier" } @@ -3159,7 +4339,7 @@ }, "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the target group.
", + "documentation":"The ID or ARN of the target group.
", "location":"uri", "locationName":"targetGroupIdentifier" }, @@ -3230,7 +4410,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener was created, in ISO-8601 format.
" }, "id":{ "shape":"ListenerId", @@ -3238,7 +4418,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener was last updated, in ISO-8601 format.
" }, "name":{ "shape":"ListenerName", @@ -3339,6 +4519,20 @@ "max":65535, "min":1 }, + "PortRange":{ + "type":"string", + "max":11, + "min":1, + "pattern":"^((\\d{1,5}\\-\\d{1,5})|(\\d+))$" + }, + "PortRangeList":{ + "type":"list", + "member":{"shape":"PortRange"} + }, + "ProtocolType":{ + "type":"string", + "enum":["TCP"] + }, "PutAuthPolicyRequest":{ "type":"structure", "required":[ @@ -3352,7 +4546,7 @@ }, "resourceIdentifier":{ "shape":"ResourceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
", + "documentation":"The ID or ARN of the service network or service for which the policy is created.
", "location":"uri", "locationName":"resourceIdentifier" } @@ -3384,7 +4578,7 @@ }, "resourceArn":{ "shape":"ResourceArn", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
", + "documentation":"The ID or ARN of the service network or service for which the policy is created.
", "location":"uri", "locationName":"resourceArn" } @@ -3404,7 +4598,7 @@ "members":{ "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the target group.
", + "documentation":"The ID or ARN of the target group.
", "location":"uri", "locationName":"targetGroupIdentifier" }, @@ -3414,30 +4608,310 @@ } } }, - "RegisterTargetsRequestTargetsList":{ + "RegisterTargetsRequestTargetsList":{ + "type":"list", + "member":{"shape":"Target"}, + "max":100, + "min":1 + }, + "RegisterTargetsResponse":{ + "type":"structure", + "members":{ + "successful":{ + "shape":"TargetList", + "documentation":"The targets that were successfully registered.
" + }, + "unsuccessful":{ + "shape":"TargetFailureList", + "documentation":"The targets that were not registered.
" + } + } + }, + "ResourceArn":{ + "type":"string", + "max":200, + "min":20, + "pattern":"^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc)|(resourceconfiguration/rcfg))-[0-9a-z]{17}$" + }, + "ResourceConfigurationArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^arn:[a-z0-9f\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$" + }, + "ResourceConfigurationDefinition":{ + "type":"structure", + "members":{ + "arnResource":{ + "shape":"ArnResource", + "documentation":"The Amazon Resource Name (ARN) of the resource.
" + }, + "dnsResource":{ + "shape":"DnsResource", + "documentation":"The DNS name of the resource.
" + }, + "ipResource":{ + "shape":"IpResource", + "documentation":"The IP resource.
" + } + }, + "documentation":"Describes a resource configuration.
", + "union":true + }, + "ResourceConfigurationId":{ + "type":"string", + "max":22, + "min":22, + "pattern":"^rcfg-[0-9a-z]{17}$" + }, + "ResourceConfigurationIdentifier":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^((rcfg-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}))$" + }, + "ResourceConfigurationIpAddressType":{ + "type":"string", + "enum":[ + "IPV4", + "IPV6", + "DUALSTACK" + ] + }, + "ResourceConfigurationName":{ + "type":"string", + "max":40, + "min":3, + "pattern":"^(?!rcfg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + }, + "ResourceConfigurationStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "CREATE_IN_PROGRESS", + "UPDATE_IN_PROGRESS", + "DELETE_IN_PROGRESS", + "CREATE_FAILED", + "UPDATE_FAILED", + "DELETE_FAILED" + ] + }, + "ResourceConfigurationSummary":{ + "type":"structure", + "members":{ + "amazonManaged":{ + "shape":"Boolean", + "documentation":"Indicates whether the resource configuration was created and is managed by Amazon.
" + }, + "arn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the resource configuration was created, in ISO-8601 format.
" + }, + "id":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration.
" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"The most recent date and time that the resource configuration was updated, in ISO-8601 format.
" + }, + "name":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration.
" + }, + "resourceConfigurationGroupId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the group resource configuration.
" + }, + "resourceGatewayId":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway.
" + }, + "status":{ + "shape":"ResourceConfigurationStatus", + "documentation":"The status of the resource configuration.
" + }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"The type of resource configuration.
SINGLE - A single resource.
GROUP - A group of resources.
CHILD - A single resource that is part of a group resource configuration.
ARN - An Amazon Web Services resource.
Summary information about a resource configuration.
" + }, + "ResourceConfigurationSummaryList":{ + "type":"list", + "member":{"shape":"ResourceConfigurationSummary"} + }, + "ResourceConfigurationType":{ + "type":"string", + "enum":[ + "GROUP", + "CHILD", + "SINGLE", + "ARN" + ] + }, + "ResourceEndpointAssociationArn":{ + "type":"string", + "max":2048, + "min":21, + "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceendpointassociation/rea-[0-9a-f]{17}$" + }, + "ResourceEndpointAssociationId":{ + "type":"string", + "max":21, + "min":21, + "pattern":"^rea-[0-9a-f]{17}$" + }, + "ResourceEndpointAssociationIdentifier":{ + "type":"string", + "max":2048, + "min":21, + "pattern":"^((rea-[0-9a-f]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceendpointassociation/rea-[0-9a-f]{17}))$" + }, + "ResourceEndpointAssociationList":{ + "type":"list", + "member":{"shape":"ResourceEndpointAssociationSummary"} + }, + "ResourceEndpointAssociationSummary":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ResourceEndpointAssociationArn", + "documentation":"The Amazon Resource Name (ARN) of the VPC endpoint association.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the VPC endpoint association was created, in ISO-8601 format.
" + }, + "createdBy":{ + "shape":"AccountId", + "documentation":"The account that created the association.
" + }, + "id":{ + "shape":"ResourceEndpointAssociationId", + "documentation":"The ID of the VPC endpoint association.
" + }, + "resourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration.
" + }, + "resourceConfigurationId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration.
" + }, + "resourceConfigurationName":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration.
" + }, + "vpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"The ID of the VPC endpoint.
" + }, + "vpcEndpointOwner":{ + "shape":"VpcEndpointOwner", + "documentation":"The owner of the VPC endpoint.
" + } + }, + "documentation":"Summary information about a VPC endpoint association.
" + }, + "ResourceGatewayArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}$" + }, + "ResourceGatewayId":{ + "type":"string", + "max":21, + "min":21, + "pattern":"^rgw-[0-9a-z]{17}$" + }, + "ResourceGatewayIdentifier":{ + "type":"string", + "max":2048, + "min":17, + "pattern":"^((rgw-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}))$" + }, + "ResourceGatewayIpAddressType":{ + "type":"string", + "enum":[ + "IPV4", + "IPV6", + "DUALSTACK" + ] + }, + "ResourceGatewayList":{ "type":"list", - "member":{"shape":"Target"}, - "max":100, - "min":1 + "member":{"shape":"ResourceGatewaySummary"} }, - "RegisterTargetsResponse":{ + "ResourceGatewayName":{ + "type":"string", + "max":40, + "min":3, + "pattern":"^(?!rgw-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + }, + "ResourceGatewayStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "CREATE_IN_PROGRESS", + "UPDATE_IN_PROGRESS", + "DELETE_IN_PROGRESS", + "CREATE_FAILED", + "UPDATE_FAILED", + "DELETE_FAILED" + ] + }, + "ResourceGatewaySummary":{ "type":"structure", "members":{ - "successful":{ - "shape":"TargetList", - "documentation":"The targets that were successfully registered.
" + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"The Amazon Resource Name (ARN) of the resource gateway.
" }, - "unsuccessful":{ - "shape":"TargetFailureList", - "documentation":"The targets that were not registered.
" + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the VPC endpoint association was created, in ISO-8601 format.
" + }, + "id":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway.
" + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"The type of IP address used by the resource gateway.
" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"The most recent date and time that the resource gateway was updated, in ISO-8601 format.
" + }, + "name":{ + "shape":"ResourceGatewayName", + "documentation":"The name of the resource gateway.
" + }, + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"The IDs of the security groups applied to the resource gateway.
" + }, + "status":{ + "shape":"ResourceGatewayStatus", + "documentation":"The name of the resource gateway.
" + }, + "subnetIds":{ + "shape":"SubnetList", + "documentation":"The IDs of the VPC subnets for the resource gateway.
" + }, + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"The ID of the VPC for the resource gateway.
" } - } - }, - "ResourceArn":{ - "type":"string", - "max":200, - "min":20, - "pattern":"^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}$" + }, + "documentation":"Summary information about a resource gateway.
" }, "ResourceId":{ "type":"string", @@ -3449,7 +4923,7 @@ "type":"string", "max":200, "min":17, - "pattern":"^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$" + "pattern":"^((((sn)|(svc)|(rcfg))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(resourceconfiguration/rcfg)|(service/svc))-[0-9a-z]{17}))$" }, "ResourceNotFoundException":{ "type":"structure", @@ -3541,7 +5015,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener rule was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener rule was created, in ISO-8601 format.
" }, "id":{ "shape":"RuleId", @@ -3553,7 +5027,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the listener rule was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the listener rule was last updated, in ISO-8601 format.
" }, "name":{ "shape":"RuleName", @@ -3564,7 +5038,7 @@ "documentation":"The priority of the rule.
" } }, - "documentation":"Summary information about the listener rule.
" + "documentation":"Summary information about a listener rule.
" }, "RuleSummaryList":{ "type":"list", @@ -3588,7 +5062,7 @@ }, "ruleIdentifier":{ "shape":"RuleIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the rule.
" + "documentation":"The ID or ARN of the rule.
" } }, "documentation":"Describes a rule update.
" @@ -3606,7 +5080,7 @@ }, "ruleIdentifier":{ "shape":"RuleIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the rule.
" + "documentation":"The ID or ARN of the rule.
" } }, "documentation":"Describes a rule update that failed.
" @@ -3712,10 +5186,49 @@ "min":32, "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetwork/sn-[0-9a-z]{17}$" }, + "ServiceNetworkArnWithoutRegex":{ + "type":"string", + "max":2048, + "min":10 + }, + "ServiceNetworkEndpointAssociation":{ + "type":"structure", + "members":{ + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the association was created, in ISO-8601 format.
" + }, + "id":{ + "shape":"String", + "documentation":"The ID of the association.
" + }, + "serviceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"The Amazon Resource Name (ARN) of the service network.
" + }, + "state":{ + "shape":"String", + "documentation":"The state of the association.
" + }, + "vpcEndpointId":{ + "shape":"String", + "documentation":"The ID of the VPC endpoint associated with the service network.
" + }, + "vpcEndpointOwnerId":{ + "shape":"String", + "documentation":"The owner of the VPC endpoint associated with the service network.
" + }, + "vpcId":{ + "shape":"String", + "documentation":"The ID of the VPC for the association.
" + } + }, + "documentation":"Describes the association between a service network and a VPC endpoint.
" + }, "ServiceNetworkId":{ "type":"string", - "max":32, - "min":32, + "max":20, + "min":20, "pattern":"^sn-[0-9a-z]{17}$" }, "ServiceNetworkIdentifier":{ @@ -3724,16 +5237,132 @@ "min":3, "pattern":"^((sn-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetwork/sn-[0-9a-z]{17}))$" }, + "ServiceNetworkIdentifierWithoutRegex":{ + "type":"string", + "max":2048, + "min":3 + }, "ServiceNetworkList":{ "type":"list", "member":{"shape":"ServiceNetworkSummary"} }, + "ServiceNetworkLogType":{ + "type":"string", + "enum":[ + "SERVICE", + "RESOURCE" + ] + }, "ServiceNetworkName":{ "type":"string", "max":63, "min":3, "pattern":"^(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" }, + "ServiceNetworkNameWithoutRegex":{ + "type":"string", + "max":100, + "min":3 + }, + "ServiceNetworkResourceAssociationArn":{ + "type":"string", + "max":2048, + "min":22, + "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}$" + }, + "ServiceNetworkResourceAssociationId":{ + "type":"string", + "max":22, + "min":22, + "pattern":"^snra-[0-9a-f]{17}$" + }, + "ServiceNetworkResourceAssociationIdentifier":{ + "type":"string", + "max":2048, + "min":22, + "pattern":"^((snra-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}))$" + }, + "ServiceNetworkResourceAssociationList":{ + "type":"list", + "member":{"shape":"ServiceNetworkResourceAssociationSummary"} + }, + "ServiceNetworkResourceAssociationStatus":{ + "type":"string", + "enum":[ + "CREATE_IN_PROGRESS", + "ACTIVE", + "PARTIAL", + "DELETE_IN_PROGRESS", + "CREATE_FAILED", + "DELETE_FAILED" + ] + }, + "ServiceNetworkResourceAssociationSummary":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ServiceNetworkResourceAssociationArn", + "documentation":"The Amazon Resource Name (ARN) of the association.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The date and time that the association was created, in ISO-8601 format.
" + }, + "createdBy":{ + "shape":"AccountId", + "documentation":"The account that created the association.
" + }, + "dnsEntry":{ + "shape":"DnsEntry", + "documentation":"The DNS entry for the service.
" + }, + "failureCode":{ + "shape":"String", + "documentation":"The failure code.
" + }, + "id":{ + "shape":"ServiceNetworkResourceAssociationId", + "documentation":"The ID of the association between the service network and resource configuration.
" + }, + "isManagedAssociation":{ + "shape":"Boolean", + "documentation":"Specifies whether the association is managed by Amazon.
" + }, + "privateDnsEntry":{ + "shape":"DnsEntry", + "documentation":"The private DNS entry for the service.
" + }, + "resourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the association.
" + }, + "resourceConfigurationId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration associated with the service network.
" + }, + "resourceConfigurationName":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration associated with the service network.
" + }, + "serviceNetworkArn":{ + "shape":"ServiceNetworkArnWithoutRegex", + "documentation":"The Amazon Resource Name (ARN) of the service network associated with the resource configuration.
" + }, + "serviceNetworkId":{ + "shape":"ServiceNetworkIdentifierWithoutRegex", + "documentation":"The ID of the service network associated with the resource configuration.
" + }, + "serviceNetworkName":{ + "shape":"ServiceNetworkNameWithoutRegex", + "documentation":"The name of the service network associated with the resource configuration.
" + }, + "status":{ + "shape":"ServiceNetworkResourceAssociationStatus", + "documentation":"The status of the service network associated with the resource configuration.
" + } + }, + "documentation":"Summary information about an association between a service network and a resource configuration.
" + }, "ServiceNetworkServiceAssociationArn":{ "type":"string", "max":2048, @@ -3769,7 +5398,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the association was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the association was created, in ISO-8601 format.
" }, "createdBy":{ "shape":"AccountId", @@ -3816,7 +5445,7 @@ "documentation":"The status. If the deletion fails, try to delete again.
" } }, - "documentation":"Summary information about the association between a service network and a service.
" + "documentation":"Summary information about an association between a service network and a service.
" }, "ServiceNetworkSummary":{ "type":"structure", @@ -3827,7 +5456,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the service network was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the service network was created, in ISO-8601 format.
" }, "id":{ "shape":"ServiceNetworkId", @@ -3835,12 +5464,16 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the service network was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the service network was last updated, in ISO-8601 format.
" }, "name":{ "shape":"ServiceNetworkName", "documentation":"The name of the service network.
" }, + "numberOfAssociatedResourceConfigurations":{ + "shape":"Long", + "documentation":"The number of resource configurations associated with a service network.
" + }, "numberOfAssociatedServices":{ "shape":"Long", "documentation":"The number of services associated with the service network.
" @@ -3895,7 +5528,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the association was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the association was created, in ISO-8601 format.
" }, "createdBy":{ "shape":"AccountId", @@ -3907,7 +5540,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the association was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the association was last updated, in ISO-8601 format.
" }, "serviceNetworkArn":{ "shape":"ServiceNetworkArn", @@ -3932,6 +5565,10 @@ }, "documentation":"Summary information about an association between a service network and a VPC.
" }, + "ServiceNetworkVpcEndpointAssociationList":{ + "type":"list", + "member":{"shape":"ServiceNetworkEndpointAssociation"} + }, "ServiceQuotaExceededException":{ "type":"structure", "required":[ @@ -3985,7 +5622,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the service was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the service was created, in ISO-8601 format.
" }, "customDomainName":{ "shape":"ServiceCustomDomainName", @@ -4001,7 +5638,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the service was last updated. The format is ISO-8601.
" + "documentation":"The date and time that the service was last updated, in ISO-8601 format.
" }, "name":{ "shape":"ServiceName", @@ -4014,7 +5651,26 @@ }, "documentation":"Summary information about a service.
" }, + "SharingConfig":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"Boolean", + "documentation":"Specifies if the service network is enabled for sharing.
" + } + }, + "documentation":"Specifies if the service network should be enabled for sharing.
" + }, "String":{"type":"string"}, + "SubnetId":{ + "type":"string", + "max":200, + "min":5 + }, + "SubnetList":{ + "type":"list", + "member":{"shape":"SubnetId"} + }, "TagKey":{ "type":"string", "max":128, @@ -4206,7 +5862,7 @@ }, "createdAt":{ "shape":"Timestamp", - "documentation":"The date and time that the target group was created, specified in ISO-8601 format.
" + "documentation":"The date and time that the target group was created, in ISO-8601 format.
" }, "id":{ "shape":"TargetGroupId", @@ -4222,7 +5878,7 @@ }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"The date and time that the target group was last updated, specified in ISO-8601 format.
" + "documentation":"The date and time that the target group was last updated, in ISO-8601 format.
" }, "name":{ "shape":"TargetGroupName", @@ -4389,7 +6045,7 @@ "members":{ "accessLogSubscriptionIdentifier":{ "shape":"AccessLogSubscriptionIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the access log subscription.
", + "documentation":"The ID or ARN of the access log subscription.
", "location":"uri", "locationName":"accessLogSubscriptionIdentifier" }, @@ -4445,13 +6101,13 @@ }, "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -4494,6 +6150,138 @@ } } }, + "UpdateResourceConfigurationRequest":{ + "type":"structure", + "required":["resourceConfigurationIdentifier"], + "members":{ + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"Indicates whether to add the resource configuration to service networks that are shared with other accounts.
" + }, + "portRanges":{ + "shape":"PortRangeList", + "documentation":"The TCP port ranges that a consumer can use to access a resource configuration. You can separate port ranges with a comma. Example: 1-65535 or 1,2,22-30
" + }, + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"The resource configuration.
" + }, + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"The ID of the resource configuration.
", + "location":"uri", + "locationName":"resourceConfigurationIdentifier" + } + } + }, + "UpdateResourceConfigurationResponse":{ + "type":"structure", + "members":{ + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"Indicates whether to add the resource configuration to service networks that are shared with other accounts.
" + }, + "arn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration.
" + }, + "id":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the resource configuration.
" + }, + "name":{ + "shape":"ResourceConfigurationName", + "documentation":"The name of the resource configuration.
" + }, + "portRanges":{ + "shape":"PortRangeList", + "documentation":"The TCP port ranges that a consumer can use to access a resource configuration. You can separate port ranges with a comma. Example: 1-65535 or 1,2,22-30
" + }, + "protocol":{ + "shape":"ProtocolType", + "documentation":"The TCP protocol accepted by the specified resource configuration.
" + }, + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"The resource configuration.
" + }, + "resourceConfigurationGroupId":{ + "shape":"ResourceConfigurationId", + "documentation":"The ID of the group resource configuration.
" + }, + "resourceGatewayId":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway associated with the resource configuration.
" + }, + "status":{ + "shape":"ResourceConfigurationStatus", + "documentation":"The status of the resource configuration.
" + }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"The type of resource configuration.
SINGLE - A single resource.
GROUP - A group of resources.
CHILD - A single resource that is part of a group resource configuration.
ARN - An Amazon Web Services resource.
The ID or ARN of the resource gateway.
", + "location":"uri", + "locationName":"resourceGatewayIdentifier" + }, + "securityGroupIds":{ + "shape":"UpdateResourceGatewayRequestSecurityGroupIdsList", + "documentation":"The IDs of the security groups associated with the resource gateway.
" + } + } + }, + "UpdateResourceGatewayRequestSecurityGroupIdsList":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "max":5, + "min":0 + }, + "UpdateResourceGatewayResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"The Amazon Resource Name (ARN) of the resource gateway.
" + }, + "id":{ + "shape":"ResourceGatewayId", + "documentation":"The ID of the resource gateway.
" + }, + "ipAddressType":{ + "shape":"IpAddressType", + "documentation":"The type of IP address used by the resource gateway.
" + }, + "name":{ + "shape":"ResourceGatewayName", + "documentation":"The name of the resource gateway.
" + }, + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"The IDs of the security groups associated with the resource gateway.
" + }, + "status":{ + "shape":"ResourceGatewayStatus", + "documentation":"The status of the resource gateway.
" + }, + "subnetIds":{ + "shape":"SubnetList", + "documentation":"The IDs of the VPC subnets for the resource gateway.
" + }, + "vpcId":{ + "shape":"VpcId", + "documentation":"The ID of the VPC for the resource gateway.
" + } + } + }, "UpdateRuleRequest":{ "type":"structure", "required":[ @@ -4508,7 +6296,7 @@ }, "listenerIdentifier":{ "shape":"ListenerIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the listener.
", + "documentation":"The ID or ARN of the listener.
", "location":"uri", "locationName":"listenerIdentifier" }, @@ -4522,13 +6310,13 @@ }, "ruleIdentifier":{ "shape":"RuleIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the rule.
", + "documentation":"The ID or ARN of the rule.
", "location":"uri", "locationName":"ruleIdentifier" }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -4580,7 +6368,7 @@ }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service network.
", + "documentation":"The ID or ARN of the service network.
", "location":"uri", "locationName":"serviceNetworkIdentifier" } @@ -4620,7 +6408,7 @@ }, "serviceNetworkVpcAssociationIdentifier":{ "shape":"ServiceNetworkVpcAssociationIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the association.
", + "documentation":"The ID or ARN of the association.
", "location":"uri", "locationName":"serviceNetworkVpcAssociationIdentifier" } @@ -4671,7 +6459,7 @@ }, "serviceIdentifier":{ "shape":"ServiceIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the service.
", + "documentation":"The ID or ARN of the service.
", "location":"uri", "locationName":"serviceIdentifier" } @@ -4719,7 +6507,7 @@ }, "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the target group.
", + "documentation":"The ID or ARN of the target group.
", "location":"uri", "locationName":"targetGroupIdentifier" } @@ -4809,6 +6597,18 @@ "other" ] }, + "VpcEndpointId":{ + "type":"string", + "max":22, + "min":22, + "pattern":"^vpce-[0-9a-f]{17}$" + }, + "VpcEndpointOwner":{ + "type":"string", + "max":12, + "min":12, + "pattern":"^\\d{12}$" + }, "VpcId":{ "type":"string", "max":50, @@ -4821,7 +6621,7 @@ "members":{ "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", - "documentation":"The ID or Amazon Resource Name (ARN) of the target group.
" + "documentation":"The ID or ARN of the target group.
" }, "weight":{ "shape":"TargetGroupWeight", @@ -4835,6 +6635,12 @@ "member":{"shape":"WeightedTargetGroup"}, "max":10, "min":1 + }, + "WildcardArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^arn:[a-z0-9][-.a-z0-9]{0,62}:[a-z0-9][-.a-z0-9]{0,62}:([a-z0-9][-.a-z0-9]{0,62})?:\\d{12}?:[^/].{0,1023}$" } }, "documentation":"Amazon VPC Lattice is a fully managed application networking service that you use to connect, secure, and monitor all of your services across multiple accounts and virtual private clouds (VPCs). Amazon VPC Lattice interconnects your microservices and legacy services within a logical boundary, so that you can discover and manage them more efficiently. For more information, see the Amazon VPC Lattice User Guide
" From 79939bd6f984788851745d5a5b34246d84a8c659 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:08 +0000 Subject: [PATCH 15/35] Amazon Bedrock Update: Add support for Knowledge Base Evaluations & LLM as a judge --- .../feature-AmazonBedrock-4b0d7bd.json | 6 + .../codegen-resources/service-2.json | 788 ++++++++++++++++-- 2 files changed, 720 insertions(+), 74 deletions(-) create mode 100644 .changes/next-release/feature-AmazonBedrock-4b0d7bd.json diff --git a/.changes/next-release/feature-AmazonBedrock-4b0d7bd.json b/.changes/next-release/feature-AmazonBedrock-4b0d7bd.json new file mode 100644 index 00000000000..c7f9f3a165f --- /dev/null +++ b/.changes/next-release/feature-AmazonBedrock-4b0d7bd.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Bedrock", + "contributor": "", + "description": "Add support for Knowledge Base Evaluations & LLM as a judge" +} diff --git a/services/bedrock/src/main/resources/codegen-resources/service-2.json b/services/bedrock/src/main/resources/codegen-resources/service-2.json index 0d2dadc2806..ff967634642 100644 --- a/services/bedrock/src/main/resources/codegen-resources/service-2.json +++ b/services/bedrock/src/main/resources/codegen-resources/service-2.json @@ -30,7 +30,7 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"Creates a batch deletion job. A model evaluation job can only be deleted if it has following status FAILED, COMPLETED, and STOPPED. You can request up to 25 model evaluation jobs be deleted in a single request.
Deletes a batch of evaluation jobs. An evaluation job can only be deleted if it has following status FAILED, COMPLETED, and STOPPED. You can request up to 25 model evaluation jobs be deleted in a single request.
API operation for creating and managing Amazon Bedrock automatic model evaluation jobs and model evaluation jobs that use human workers. To learn more about the requirements for creating a model evaluation job see, Model evaluation.
", + "documentation":"Creates an evaluation job.
", "idempotent":true }, "CreateGuardrail":{ @@ -371,7 +371,7 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves the properties associated with a model evaluation job, including the status of the job. For more information, see Model evaluation.
" + "documentation":"Gets information about an evaluation job, such as the status of the job.
" }, "GetFoundationModel":{ "name":"GetFoundationModel", @@ -583,7 +583,7 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists model evaluation jobs.
" + "documentation":"Lists all existing evaluation jobs.
" }, "ListFoundationModels":{ "name":"ListFoundationModels", @@ -793,7 +793,7 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"Stops an in progress model evaluation job.
" + "documentation":"Stops an evaluation job that is current being created or running.
" }, "StopModelCustomizationJob":{ "name":"StopModelCustomizationJob", @@ -929,16 +929,43 @@ "type":"string", "pattern":"[0-9]{12}" }, + "AdditionalModelRequestFields":{ + "type":"map", + "key":{"shape":"AdditionalModelRequestFieldsKey"}, + "value":{"shape":"AdditionalModelRequestFieldsValue"} + }, + "AdditionalModelRequestFieldsKey":{ + "type":"string", + "max":100, + "min":1 + }, + "AdditionalModelRequestFieldsValue":{ + "type":"structure", + "members":{ + }, + "document":true + }, + "ApplicationType":{ + "type":"string", + "enum":[ + "ModelEvaluation", + "RagEvaluation" + ] + }, "AutomatedEvaluationConfig":{ "type":"structure", "required":["datasetMetricConfigs"], "members":{ "datasetMetricConfigs":{ "shape":"EvaluationDatasetMetricConfigs", - "documentation":"Specifies the required elements for an automatic model evaluation job.
" + "documentation":"Configuration details of the prompt datasets and metrics you want to use for your evaluation job.
" + }, + "evaluatorModelConfig":{ + "shape":"EvaluatorModelConfig", + "documentation":"Contains the evaluator model configuration details. EvaluatorModelConfig is required for evaluation jobs that use a knowledge base or in model evaluation job that use a model as judge. This model computes all evaluation related metrics.
Use to specify a automatic model evaluation job. The EvaluationDatasetMetricConfig object is used to specify the prompt datasets, task type, and metric names.
The configuration details of an automated evaluation job. The EvaluationDatasetMetricConfig object is used to specify the prompt datasets, task type, and metric names.
The ARN of the model evaluation job being deleted.
" + "documentation":"The ARN of the evaluation job being deleted.
" }, "code":{ "shape":"String", - "documentation":"A HTTP status code of the model evaluation job being deleted.
" + "documentation":"A HTTP status code of the evaluation job being deleted.
" }, "message":{ "shape":"String", - "documentation":"A status message about the model evaluation job deletion.
" + "documentation":"A status message about the evaluation job deletion.
" } }, - "documentation":"A JSON array that provides the status of the model evaluation jobs being deleted.
" + "documentation":"A JSON array that provides the status of the evaluation jobs being deleted.
" }, "BatchDeleteEvaluationJobErrors":{ "type":"list", @@ -983,14 +1010,14 @@ "members":{ "jobIdentifier":{ "shape":"EvaluationJobIdentifier", - "documentation":"The ARN of model evaluation job to be deleted.
" + "documentation":"The Amazon Resource Name (ARN) of the evaluation job for deletion.
" }, "jobStatus":{ "shape":"EvaluationJobStatus", - "documentation":"The status of the job's deletion.
" + "documentation":"The status of the evaluation job for deletion.
" } }, - "documentation":"An array of model evaluation jobs to be deleted, and their associated statuses.
" + "documentation":"An evaluation job for deletion, and it’s current status.
" }, "BatchDeleteEvaluationJobItems":{ "type":"list", @@ -1002,7 +1029,7 @@ "members":{ "jobIdentifiers":{ "shape":"EvaluationJobIdentifiers", - "documentation":"An array of model evaluation job ARNs to be deleted.
" + "documentation":"A list of one or more evaluation job Amazon Resource Names (ARNs) you want to delete.
" } } }, @@ -1015,14 +1042,37 @@ "members":{ "errors":{ "shape":"BatchDeleteEvaluationJobErrors", - "documentation":"A JSON object containing the HTTP status codes and the ARNs of model evaluation jobs that failed to be deleted.
" + "documentation":"A JSON object containing the HTTP status codes and the ARNs of evaluation jobs that failed to be deleted.
" }, "evaluationJobs":{ "shape":"BatchDeleteEvaluationJobItems", - "documentation":"The list of model evaluation jobs to be deleted.
" + "documentation":"The list of evaluation jobs for deletion.
" } } }, + "BedrockEvaluatorModel":{ + "type":"structure", + "required":["modelIdentifier"], + "members":{ + "modelIdentifier":{ + "shape":"EvaluatorModelIdentifier", + "documentation":"The Amazon Resource Name (ARN) of the evaluator model used used in knowledge base evaluation job or in model evaluation job that use a model as judge.
" + } + }, + "documentation":"The evaluator model used in knowledge base evaluation job or in model evaluation job that use a model as judge. This model computes all evaluation related metrics.
" + }, + "BedrockEvaluatorModels":{ + "type":"list", + "member":{"shape":"BedrockEvaluatorModel"}, + "max":1, + "min":1 + }, + "BedrockModelArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))))|(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{1,20}):(|[0-9]{12}):inference-profile/[a-zA-Z0-9-:.]+)|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)" + }, "BedrockModelId":{ "type":"string", "max":140, @@ -1044,6 +1094,35 @@ "max":63, "min":3 }, + "ByteContentBlob":{ + "type":"blob", + "max":10485760, + "min":1, + "sensitive":true + }, + "ByteContentDoc":{ + "type":"structure", + "required":[ + "identifier", + "contentType", + "data" + ], + "members":{ + "identifier":{ + "shape":"Identifier", + "documentation":"The file name of the document contained in the wrapper object.
" + }, + "contentType":{ + "shape":"ContentType", + "documentation":"The MIME type of the document contained in the wrapper object.
" + }, + "data":{ + "shape":"ByteContentBlob", + "documentation":"The byte value of the file to upload, encoded as a Base-64 string.
" + } + }, + "documentation":"Contains the document contained in the wrapper object, along with its attributes/fields.
" + }, "CloudWatchConfig":{ "type":"structure", "required":[ @@ -1085,6 +1164,10 @@ }, "exception":true }, + "ContentType":{ + "type":"string", + "pattern":".*[a-z]{1,20}/.{1,20}.*" + }, "CreateEvaluationJobRequest":{ "type":"structure", "required":[ @@ -1097,11 +1180,11 @@ "members":{ "jobName":{ "shape":"EvaluationJobName", - "documentation":"The name of the model evaluation job. Model evaluation job names must unique with your AWS account, and your account's AWS region.
" + "documentation":"A name for the evaluation job. Names must unique with your Amazon Web Services account, and your account's Amazon Web Services region.
" }, "jobDescription":{ "shape":"EvaluationJobDescription", - "documentation":"A description of the model evaluation job.
" + "documentation":"A description of the evaluation job.
" }, "clientRequestToken":{ "shape":"IdempotencyToken", @@ -1110,27 +1193,31 @@ }, "roleArn":{ "shape":"RoleArn", - "documentation":"The Amazon Resource Name (ARN) of an IAM service role that Amazon Bedrock can assume to perform tasks on your behalf. The service role must have Amazon Bedrock as the service principal, and provide access to any Amazon S3 buckets specified in the EvaluationConfig object. To pass this role to Amazon Bedrock, the caller of this API must have the iam:PassRole permission. To learn more about the required permissions, see Required permissions.
The Amazon Resource Name (ARN) of an IAM service role that Amazon Bedrock can assume to perform tasks on your behalf. To learn more about the required permissions, see Required permissions for model evaluations.
" }, "customerEncryptionKeyId":{ "shape":"KmsKeyId", - "documentation":"Specify your customer managed key ARN that will be used to encrypt your model evaluation job.
" + "documentation":"Specify your customer managed encryption key Amazon Resource Name (ARN) that will be used to encrypt your evaluation job.
" }, "jobTags":{ "shape":"TagList", "documentation":"Tags to attach to the model evaluation job.
" }, + "applicationType":{ + "shape":"ApplicationType", + "documentation":"Specifies whether the evaluation job is for evaluating a model or evaluating a knowledge base (retrieval and response generation).
" + }, "evaluationConfig":{ "shape":"EvaluationConfig", - "documentation":"Specifies whether the model evaluation job is automatic or uses human worker.
" + "documentation":"Contains the configuration details of either an automated or human-based evaluation job.
" }, "inferenceConfig":{ "shape":"EvaluationInferenceConfig", - "documentation":"Specify the models you want to use in your model evaluation job. Automatic model evaluation jobs support a single model or inference profile, and model evaluation job that use human workers support two models or inference profiles.
" + "documentation":"Contains the configuration details of the inference model for the evaluation job.
For model evaluation jobs, automated jobs support a single model or inference profile, and jobs that use human workers support two models or inference profiles.
" }, "outputDataConfig":{ "shape":"EvaluationOutputDataConfig", - "documentation":"An object that defines where the results of model evaluation job will be saved in Amazon S3.
" + "documentation":"Contains the configuration details of the Amazon S3 bucket for storing the results of the evaluation job.
" } } }, @@ -1140,7 +1227,7 @@ "members":{ "jobArn":{ "shape":"EvaluationJobArn", - "documentation":"The ARN of the model evaluation job.
" + "documentation":"The Amazon Resource Name (ARN) of the evaluation job.
" } } }, @@ -1772,10 +1859,7 @@ }, "EvaluationBedrockModel":{ "type":"structure", - "required":[ - "modelIdentifier", - "inferenceParams" - ], + "required":["modelIdentifier"], "members":{ "modelIdentifier":{ "shape":"EvaluationModelIdentifier", @@ -1786,21 +1870,21 @@ "documentation":"Each Amazon Bedrock support different inference parameters that change how the model behaves during inference.
" } }, - "documentation":"Contains the ARN of the Amazon Bedrock model or inference profile specified in your model evaluation job. Each Amazon Bedrock model supports different inferenceParams. To learn more about supported inference parameters for Amazon Bedrock models, see Inference parameters for foundation models.
The inferenceParams are specified using JSON. To successfully insert JSON as string make sure that all quotations are properly escaped. For example, \"temperature\":\"0.25\" key value pair would need to be formatted as \\\"temperature\\\":\\\"0.25\\\" to successfully accepted in the request.
Contains the ARN of the Amazon Bedrock model or inference profile specified in your evaluation job. Each Amazon Bedrock model supports different inferenceParams. To learn more about supported inference parameters for Amazon Bedrock models, see Inference parameters for foundation models.
The inferenceParams are specified using JSON. To successfully insert JSON as string make sure that all quotations are properly escaped. For example, \"temperature\":\"0.25\" key value pair would need to be formatted as \\\"temperature\\\":\\\"0.25\\\" to successfully accepted in the request.
Used to specify an automated model evaluation job. See AutomatedEvaluationConfig to view the required parameters.
Contains the configuration details of an automated evaluation job that computes metrics.
" }, "human":{ "shape":"HumanEvaluationConfig", - "documentation":"Used to specify a model evaluation job that uses human workers.See HumanEvaluationConfig to view the required parameters.
Contains the configuration details of an evaluation job that uses human workers.
" } }, - "documentation":"Used to specify either a AutomatedEvaluationConfig or HumanEvaluationConfig object.
The configuration details of either an automated or human-based evaluation job.
", "union":true }, "EvaluationDataset":{ @@ -1839,7 +1923,7 @@ "members":{ "taskType":{ "shape":"EvaluationTaskType", - "documentation":"The task type you want the model to carry out.
" + "documentation":"The the type of task you want to evaluate for your evaluation job. This applies only to model evaluation jobs and is ignored for knowledge base evaluation jobs.
" }, "dataset":{ "shape":"EvaluationDataset", @@ -1847,10 +1931,10 @@ }, "metricNames":{ "shape":"EvaluationMetricNames", - "documentation":"The names of the metrics used. For automated model evaluation jobs valid values are \"Builtin.Accuracy\", \"Builtin.Robustness\", and \"Builtin.Toxicity\". In human-based model evaluation jobs the array of strings must match the name parameter specified in HumanEvaluationCustomMetric.
The names of the metrics you want to use for your evaluation job.
For knowledge base evaluation jobs that evaluate retrieval only, valid values are \"Builtin.ContextRelevance\", \"Builtin.ContextConverage\".
For knowledge base evaluation jobs that evaluate retrieval with response generation, valid values are \"Builtin.Correctness\", \"Builtin.Completeness\", \"Builtin.Helpfulness\", \"Builtin.LogicalCoherence\", \"Builtin.Faithfulness\", \"Builtin.Harmfulness\", \"Builtin.Stereotyping\", \"Builtin.Refusal\".
For automated model evaluation jobs, valid values are \"Builtin.Accuracy\", \"Builtin.Robustness\", and \"Builtin.Toxicity\". In model evaluation jobs that use a LLM as judge you can specify \"Builtin.Correctness\", \"Builtin.Completeness\", \"Builtin.Faithfulness\", \"Builtin.Helpfulness\", \"Builtin.Coherence\", \"Builtin.Relevance\", \"Builtin.FollowingInstructions\", \"Builtin.ProfessionalStyleAndTone\", You can also specify the following responsible AI related metrics only for model evaluation job that use a LLM as judge \"Builtin.Harmfulness\", \"Builtin.Stereotyping\", and \"Builtin.Refusal\".
For human-based model evaluation jobs, the list of strings must match the name parameter specified in HumanEvaluationCustomMetric.
Defines the built-in prompt datasets, built-in metric names and custom metric names, and the task type.
" + "documentation":"Defines the prompt datasets, built-in metric names and custom metric names, and the task type.
" }, "EvaluationDatasetMetricConfigs":{ "type":"list", @@ -1870,10 +1954,14 @@ "members":{ "models":{ "shape":"EvaluationModelConfigs", - "documentation":"Used to specify the models.
" + "documentation":"Specifies the inference models.
" + }, + "ragConfigs":{ + "shape":"RagConfigs", + "documentation":"Contains the configuration details of the inference for a knowledge base evaluation job, including either the retrieval only configuration or the retrieval with response generation configuration.
" } }, - "documentation":"Used to define the models you want used in your model evaluation job. Automated model evaluation jobs support only a single model. In a human-based model evaluation job, your annotator can compare the responses for up to two different models.
", + "documentation":"The configuration details of the inference model for an evaluation job.
For automated model evaluation jobs, only a single model is supported.
For human-based model evaluation jobs, your annotator can compare the responses for up to two different models.
", "union":true }, "EvaluationJobArn":{ @@ -1943,7 +2031,7 @@ "EvaluationMetricNames":{ "type":"list", "member":{"shape":"EvaluationMetricName"}, - "max":10, + "max":15, "min":1 }, "EvaluationModelConfig":{ @@ -1973,7 +2061,7 @@ "type":"list", "member":{"shape":"EvaluationModelIdentifier"}, "max":2, - "min":1 + "min":0 }, "EvaluationModelInferenceParams":{ "type":"string", @@ -1987,10 +2075,10 @@ "members":{ "s3Uri":{ "shape":"S3Uri", - "documentation":"The Amazon S3 URI where the results of model evaluation job are saved.
" + "documentation":"The Amazon S3 URI where the results of the evaluation job are saved.
" } }, - "documentation":"The Amazon S3 location where the results of your model evaluation job are saved.
" + "documentation":"The Amazon S3 location where the results of your evaluation job are saved.
" }, "EvaluationRatingMethod":{ "type":"string", @@ -2012,40 +2100,51 @@ "status", "creationTime", "jobType", - "evaluationTaskTypes", - "modelIdentifiers" + "evaluationTaskTypes" ], "members":{ "jobArn":{ "shape":"EvaluationJobArn", - "documentation":"The Amazon Resource Name (ARN) of the model evaluation job.
" + "documentation":"The Amazon Resource Name (ARN) of the evaluation job.
" }, "jobName":{ "shape":"EvaluationJobName", - "documentation":"The name of the model evaluation job.
" + "documentation":"The name for the evaluation job.
" }, "status":{ "shape":"EvaluationJobStatus", - "documentation":"The current status of the model evaluation job.
" + "documentation":"The current status of the evaluation job.
" }, "creationTime":{ "shape":"Timestamp", - "documentation":"When the model evaluation job was created.
" + "documentation":"The time the evaluation job was created.
" }, "jobType":{ "shape":"EvaluationJobType", - "documentation":"The type, either human or automatic, of model evaluation job.
" + "documentation":"Specifies whether the evaluation job is automated or human-based.
" }, "evaluationTaskTypes":{ "shape":"EvaluationTaskTypes", - "documentation":"What task type was used in the model evaluation job.
" + "documentation":"The type of task for model evaluation.
" }, "modelIdentifiers":{ "shape":"EvaluationModelIdentifiers", - "documentation":"The Amazon Resource Names (ARNs) of the model(s) used in the model evaluation job.
" + "documentation":"The Amazon Resource Names (ARNs) of the model(s) used for the evaluation job.
" + }, + "ragIdentifiers":{ + "shape":"RAGIdentifiers", + "documentation":"The Amazon Resource Names (ARNs) of the knowledge base resources used for a knowledge base evaluation job.
" + }, + "evaluatorModelIdentifiers":{ + "shape":"EvaluatorModelIdentifiers", + "documentation":"The Amazon Resource Names (ARNs) of the models used to compute the metrics for a knowledge base evaluation job.
" + }, + "applicationType":{ + "shape":"ApplicationType", + "documentation":"Specifies whether the evaluation job is for evaluating a model or evaluating a knowledge base (retrieval and response generation).
" } }, - "documentation":"A summary of the model evaluation job.
" + "documentation":"Summary information of an evaluation job.
" }, "EvaluationTaskType":{ "type":"string", @@ -2066,6 +2165,134 @@ "max":5, "min":1 }, + "EvaluatorModelConfig":{ + "type":"structure", + "members":{ + "bedrockEvaluatorModels":{ + "shape":"BedrockEvaluatorModels", + "documentation":"The evaluator model used in knowledge base evaluation job or in model evaluation job that use a model as judge. This model computes all evaluation related metrics.
" + } + }, + "documentation":"Specifies the model configuration for the evaluator model. EvaluatorModelConfig is required for evaluation jobs that use a knowledge base or in model evaluation job that use a model as judge. This model computes all evaluation related metrics.
The source type of the external source wrapper object.
" + }, + "s3Location":{ + "shape":"S3ObjectDoc", + "documentation":"The S3 location of the external source wrapper object.
" + }, + "byteContent":{ + "shape":"ByteContentDoc", + "documentation":"The identifier, content type, and data of the external source wrapper object.
" + } + }, + "documentation":"The unique external source of the content contained in the wrapper object.
" + }, + "ExternalSourceType":{ + "type":"string", + "enum":[ + "S3", + "BYTE_CONTENT" + ] + }, + "ExternalSources":{ + "type":"list", + "member":{"shape":"ExternalSource"}, + "max":1, + "min":1 + }, + "ExternalSourcesGenerationConfiguration":{ + "type":"structure", + "members":{ + "promptTemplate":{ + "shape":"PromptTemplate", + "documentation":"Contains the template for the prompt for the external source wrapper object.
" + }, + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"Configuration details for the guardrail.
" + }, + "kbInferenceConfig":{ + "shape":"KbInferenceConfig", + "documentation":"Configuration details for inference when using RetrieveAndGenerate to generate responses while using an external source.
Additional model parameters and their corresponding values not included in the text inference configuration for an external source. Takes in custom model parameters specific to the language model being used.
" + } + }, + "documentation":"The response generation configuration of the external source wrapper object.
" + }, + "ExternalSourcesRetrieveAndGenerateConfiguration":{ + "type":"structure", + "required":[ + "modelArn", + "sources" + ], + "members":{ + "modelArn":{ + "shape":"BedrockModelArn", + "documentation":"The Amazon Resource Name (ARN) of the foundation model or inference profile used to generate responses.
" + }, + "sources":{ + "shape":"ExternalSources", + "documentation":"The document for the external source wrapper object in the retrieveAndGenerate function.
Contains configurations details for response generation based on retrieved text chunks.
" + } + }, + "documentation":"The configuration of the external source wrapper object in the retrieveAndGenerate function.
The name of metadata attribute/field, which must match the name in your data source/document metadata.
" + }, + "value":{ + "shape":"FilterValue", + "documentation":"The value of the metadata attribute/field.
" + } + }, + "documentation":"Specifies the name of the metadata attribute/field to apply filters. You must match the name of the attribute/field in your data source/document metadata.
" + }, + "FilterKey":{ + "type":"string", + "max":100, + "min":1 + }, + "FilterValue":{ + "type":"structure", + "members":{ + }, + "document":true + }, "FineTuningJobStatus":{ "type":"string", "enum":[ @@ -2202,6 +2429,28 @@ "type":"list", "member":{"shape":"FoundationModelSummary"} }, + "GenerationConfiguration":{ + "type":"structure", + "members":{ + "promptTemplate":{ + "shape":"PromptTemplate", + "documentation":"Contains the template for the prompt that's sent to the model for response generation.
" + }, + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"Contains configuration details for the guardrail.
" + }, + "kbInferenceConfig":{ + "shape":"KbInferenceConfig", + "documentation":"Contains configuration details for inference for knowledge base retrieval and response generation.
" + }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"Additional model parameters and corresponding values not included in the textInferenceConfig structure for a knowledge base. This allows you to provide custom model parameters specific to the language model being used.
The configuration details for response generation based on retrieved text chunks.
" + }, "GetCustomModelRequest":{ "type":"structure", "required":["modelIdentifier"], @@ -2290,7 +2539,7 @@ "members":{ "jobIdentifier":{ "shape":"EvaluationJobIdentifier", - "documentation":"The Amazon Resource Name (ARN) of the model evaluation job.
", + "documentation":"The Amazon Resource Name (ARN) of the evaluation job you want get information on.
", "location":"uri", "locationName":"jobIdentifier" } @@ -2312,55 +2561,59 @@ "members":{ "jobName":{ "shape":"EvaluationJobName", - "documentation":"The name of the model evaluation job.
" + "documentation":"The name for the evaluation job.
" }, "status":{ "shape":"EvaluationJobStatus", - "documentation":"The status of the model evaluation job.
" + "documentation":"The current status of the evaluation job.
" }, "jobArn":{ "shape":"EvaluationJobArn", - "documentation":"The Amazon Resource Name (ARN) of the model evaluation job.
" + "documentation":"The Amazon Resource Name (ARN) of the evaluation job.
" }, "jobDescription":{ "shape":"EvaluationJobDescription", - "documentation":"The description of the model evaluation job.
" + "documentation":"The description of the evaluation job.
" }, "roleArn":{ "shape":"RoleArn", - "documentation":"The Amazon Resource Name (ARN) of the IAM service role used in the model evaluation job.
" + "documentation":"The Amazon Resource Name (ARN) of the IAM service role used in the evaluation job.
" }, "customerEncryptionKeyId":{ "shape":"KmsKeyId", - "documentation":"The Amazon Resource Name (ARN) of the customer managed key specified when the model evaluation job was created.
" + "documentation":"The Amazon Resource Name (ARN) of the customer managed encryption key specified when the evaluation job was created.
" }, "jobType":{ "shape":"EvaluationJobType", - "documentation":"The type of model evaluation job.
" + "documentation":"Specifies whether the evaluation job is automated or human-based.
" + }, + "applicationType":{ + "shape":"ApplicationType", + "documentation":"Specifies whether the evaluation job is for evaluating a model or evaluating a knowledge base (retrieval and response generation).
" }, "evaluationConfig":{ "shape":"EvaluationConfig", - "documentation":"Contains details about the type of model evaluation job, the metrics used, the task type selected, the datasets used, and any custom metrics you defined.
" + "documentation":"Contains the configuration details of either an automated or human-based evaluation job.
" }, "inferenceConfig":{ "shape":"EvaluationInferenceConfig", - "documentation":"Details about the models you specified in your model evaluation job.
" + "documentation":"Contains the configuration details of the inference model used for the evaluation job.
" }, "outputDataConfig":{ "shape":"EvaluationOutputDataConfig", - "documentation":"Amazon S3 location for where output data is saved.
" + "documentation":"Contains the configuration details of the Amazon S3 bucket for storing the results of the evaluation job.
" }, "creationTime":{ "shape":"Timestamp", - "documentation":"When the model evaluation job was created.
" + "documentation":"The time the evaluation job was created.
" }, "lastModifiedTime":{ "shape":"Timestamp", - "documentation":"When the model evaluation job was last modified.
" + "documentation":"The time the evaluation job was last modified.
" }, "failureMessages":{ "shape":"ErrorMessages", - "documentation":"An array of strings the specify why the model evaluation job has failed.
" + "documentation":"A list of strings that specify why the evaluation job failed to create.
" } } }, @@ -3048,6 +3301,36 @@ "min":1, "sensitive":true }, + "GuardrailConfiguration":{ + "type":"structure", + "required":[ + "guardrailId", + "guardrailVersion" + ], + "members":{ + "guardrailId":{ + "shape":"GuardrailConfigurationGuardrailIdString", + "documentation":"The unique identifier for the guardrail.
" + }, + "guardrailVersion":{ + "shape":"GuardrailConfigurationGuardrailVersionString", + "documentation":"The version of the guardrail.
" + } + }, + "documentation":"The configuration details for the guardrail.
" + }, + "GuardrailConfigurationGuardrailIdString":{ + "type":"string", + "max":64, + "min":0, + "pattern":"[a-z0-9]+" + }, + "GuardrailConfigurationGuardrailVersionString":{ + "type":"string", + "max":5, + "min":1, + "pattern":"(([1-9][0-9]{0,7})|(DRAFT))" + }, "GuardrailContentFilter":{ "type":"structure", "required":[ @@ -3867,6 +4150,12 @@ "min":1, "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, + "Identifier":{ + "type":"string", + "max":1024, + "min":1, + "sensitive":true + }, "ImportedModelArn":{ "type":"string", "max":1011, @@ -4080,6 +4369,16 @@ "min":1, "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9\\+\\-\\.])*" }, + "KbInferenceConfig":{ + "type":"structure", + "members":{ + "textInferenceConfig":{ + "shape":"TextInferenceConfig", + "documentation":"Contains configuration details for text generation using a language model via the RetrieveAndGenerate function.
Contains configuration details of the inference for knowledge base retrieval and response generation.
" + }, "KeyPrefix":{ "type":"string", "max":1024, @@ -4097,6 +4396,92 @@ "min":1, "pattern":"(arn:aws(-[^:]+)?:kms:[a-zA-Z0-9-]*:[0-9]{12}:((key/[a-zA-Z0-9-]{36})|(alias/[a-zA-Z0-9-_/]+)))|([a-zA-Z0-9-]{36})|(alias/[a-zA-Z0-9-_/]+)" }, + "KnowledgeBaseConfig":{ + "type":"structure", + "members":{ + "retrieveConfig":{ + "shape":"RetrieveConfig", + "documentation":"Contains configuration details for retrieving information from a knowledge base.
" + }, + "retrieveAndGenerateConfig":{ + "shape":"RetrieveAndGenerateConfiguration", + "documentation":"Contains configuration details for retrieving information from a knowledge base and generating responses.
" + } + }, + "documentation":"The configuration details for retrieving information from a knowledge base and generating responses.
", + "union":true + }, + "KnowledgeBaseId":{ + "type":"string", + "max":10, + "min":0, + "pattern":"[0-9a-zA-Z]+" + }, + "KnowledgeBaseRetrievalConfiguration":{ + "type":"structure", + "required":["vectorSearchConfiguration"], + "members":{ + "vectorSearchConfiguration":{ + "shape":"KnowledgeBaseVectorSearchConfiguration", + "documentation":"Contains configuration details for returning the results from the vector search.
" + } + }, + "documentation":"Contains configuration details for retrieving information from a knowledge base.
" + }, + "KnowledgeBaseRetrieveAndGenerateConfiguration":{ + "type":"structure", + "required":[ + "knowledgeBaseId", + "modelArn" + ], + "members":{ + "knowledgeBaseId":{ + "shape":"KnowledgeBaseId", + "documentation":"The unique identifier of the knowledge base.
" + }, + "modelArn":{ + "shape":"BedrockModelArn", + "documentation":"The Amazon Resource Name (ARN) of the foundation model or inference profile used to generate responses.
" + }, + "retrievalConfiguration":{ + "shape":"KnowledgeBaseRetrievalConfiguration", + "documentation":"Contains configuration details for retrieving text chunks.
" + }, + "generationConfiguration":{ + "shape":"GenerationConfiguration", + "documentation":"Contains configurations details for response generation based on retrieved text chunks.
" + }, + "orchestrationConfiguration":{ + "shape":"OrchestrationConfiguration", + "documentation":"Contains configuration details for the model to process the prompt prior to retrieval and response generation.
" + } + }, + "documentation":"Contains configuration details for retrieving information from a knowledge base and generating responses.
" + }, + "KnowledgeBaseVectorSearchConfiguration":{ + "type":"structure", + "members":{ + "numberOfResults":{ + "shape":"KnowledgeBaseVectorSearchConfigurationNumberOfResultsInteger", + "documentation":"The number of text chunks to retrieve; the number of results to return.
" + }, + "overrideSearchType":{ + "shape":"SearchType", + "documentation":"By default, Amazon Bedrock decides a search strategy for you. If you're using an Amazon OpenSearch Serverless vector store that contains a filterable text field, you can specify whether to query the knowledge base with a HYBRID search using both vector embeddings and raw text, or SEMANTIC search using only vector embeddings. For other vector store configurations, only SEMANTIC search is available.
Specifies the filters to use on the metadata fields in the knowledge base data sources before returning results.
" + } + }, + "documentation":"The configuration details for returning the results from the knowledge base vector search.
" + }, + "KnowledgeBaseVectorSearchConfigurationNumberOfResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, "ListCustomModelsRequest":{ "type":"structure", "members":{ @@ -4180,25 +4565,31 @@ "members":{ "creationTimeAfter":{ "shape":"Timestamp", - "documentation":"A filter that includes model evaluation jobs created after the time specified.
", + "documentation":"A filter to only list evaluation jobs created after a specified time.
", "location":"querystring", "locationName":"creationTimeAfter" }, "creationTimeBefore":{ "shape":"Timestamp", - "documentation":"A filter that includes model evaluation jobs created prior to the time specified.
", + "documentation":"A filter to only list evaluation jobs created before a specified time.
", "location":"querystring", "locationName":"creationTimeBefore" }, "statusEquals":{ "shape":"EvaluationJobStatus", - "documentation":"Only return jobs where the status condition is met.
", + "documentation":"A filter to only list evaluation jobs that are of a certain status.
", "location":"querystring", "locationName":"statusEquals" }, + "applicationTypeEquals":{ + "shape":"ApplicationType", + "documentation":"A filter to only list evaluation jobs that are either model evaluations or knowledge base evaluations.
", + "location":"querystring", + "locationName":"applicationTypeEquals" + }, "nameContains":{ "shape":"EvaluationJobName", - "documentation":"Query parameter string for model evaluation job names.
", + "documentation":"A filter to only list evaluation jobs that contain a specified string in the job name.
", "location":"querystring", "locationName":"nameContains" }, @@ -4216,13 +4607,13 @@ }, "sortBy":{ "shape":"SortJobsBy", - "documentation":"Allows you to sort model evaluation jobs by when they were created.
", + "documentation":"Specifies a creation time to sort the list of evaluation jobs by when they were created.
", "location":"querystring", "locationName":"sortBy" }, "sortOrder":{ "shape":"SortOrder", - "documentation":"How you want the order of jobs sorted.
", + "documentation":"Specifies whether to sort the list of evaluation jobs by either ascending or descending order.
", "location":"querystring", "locationName":"sortOrder" } @@ -4237,7 +4628,7 @@ }, "jobSummaries":{ "shape":"EvaluationSummaries", - "documentation":"A summary of the model evaluation jobs.
" + "documentation":"A list of summaries of the evaluation jobs.
" } } }, @@ -4816,6 +5207,12 @@ "max":1000, "min":1 }, + "MaxTokens":{ + "type":"integer", + "box":true, + "max":65536, + "min":0 + }, "Message":{ "type":"string", "max":2048, @@ -5301,6 +5698,17 @@ "type":"string", "pattern":"[\\s\\S]*" }, + "OrchestrationConfiguration":{ + "type":"structure", + "required":["queryTransformationConfiguration"], + "members":{ + "queryTransformationConfiguration":{ + "shape":"QueryTransformationConfiguration", + "documentation":"Contains configuration details for transforming the prompt.
" + } + }, + "documentation":"The configuration details for the model to process the prompt prior to retrieval and response generation.
" + }, "OutputDataConfig":{ "type":"structure", "required":["s3Uri"], @@ -5323,6 +5731,16 @@ "box":true, "min":1 }, + "PromptTemplate":{ + "type":"structure", + "members":{ + "textPromptTemplate":{ + "shape":"TextPromptTemplate", + "documentation":"The template for the prompt that's sent to the model for response generation. You can include prompt placeholders, which become replaced before the prompt is sent to the model to provide instructions and context to the model. In addition, you can include XML tags to delineate meaningful sections of the prompt template.
For more information, see Knowledge base prompt template and Use XML tags with Anthropic Claude models.
" + } + }, + "documentation":"The template for the prompt that's sent to the model for response generation.
" + }, "Provider":{ "type":"string", "pattern":"[A-Za-z0-9- ]{1,63}" @@ -5435,6 +5853,55 @@ "members":{ } }, + "QueryTransformationConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"QueryTransformationType", + "documentation":"The type of transformation to apply to the prompt.
" + } + }, + "documentation":"The configuration details for transforming the prompt.
" + }, + "QueryTransformationType":{ + "type":"string", + "enum":["QUERY_DECOMPOSITION"] + }, + "RAGConfig":{ + "type":"structure", + "members":{ + "knowledgeBaseConfig":{ + "shape":"KnowledgeBaseConfig", + "documentation":"Contains configuration details for knowledge base retrieval and response generation.
" + } + }, + "documentation":"Contains configuration details for retrieval of information and response generation.
", + "union":true + }, + "RAGIdentifiers":{ + "type":"list", + "member":{"shape":"KnowledgeBaseId"}, + "max":1, + "min":0 + }, + "RAGStopSequences":{ + "type":"list", + "member":{"shape":"RAGStopSequencesMemberString"}, + "max":4, + "min":0 + }, + "RAGStopSequencesMemberString":{ + "type":"string", + "max":1000, + "min":1 + }, + "RagConfigs":{ + "type":"list", + "member":{"shape":"RAGConfig"}, + "max":1, + "min":1 + }, "ResourceNotFoundException":{ "type":"structure", "members":{ @@ -5447,6 +5914,115 @@ }, "exception":true }, + "RetrievalFilter":{ + "type":"structure", + "members":{ + "equals":{ + "shape":"FilterAttribute", + "documentation":"Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value matches the value in this object.
The following example would return data sources with an animal attribute whose value is 'cat': \"equals\": { \"key\": \"animal\", \"value\": \"cat\" }
Knowledge base data sources that contain a metadata attribute whose name matches the key and whose value doesn't match the value in this object are returned.
The following example would return data sources that don't contain an animal attribute whose value is 'cat': \"notEquals\": { \"key\": \"animal\", \"value\": \"cat\" }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is greater than the value in this object.
The following example would return data sources with an year attribute whose value is greater than '1989': \"greaterThan\": { \"key\": \"year\", \"value\": 1989 }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is greater than or equal to the value in this object.
The following example would return data sources with an year attribute whose value is greater than or equal to '1989': \"greaterThanOrEquals\": { \"key\": \"year\", \"value\": 1989 }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is less than the value in this object.
The following example would return data sources with an year attribute whose value is less than to '1989': \"lessThan\": { \"key\": \"year\", \"value\": 1989 }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is less than or equal to the value in this object.
The following example would return data sources with an year attribute whose value is less than or equal to '1989': \"lessThanOrEquals\": { \"key\": \"year\", \"value\": 1989 }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is in the list specified in the value in this object.
The following example would return data sources with an animal attribute that is either 'cat' or 'dog': \"in\": { \"key\": \"animal\", \"value\": [\"cat\", \"dog\"] }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value isn't in the list specified in the value in this object.
The following example would return data sources whose animal attribute is neither 'cat' nor 'dog': \"notIn\": { \"key\": \"animal\", \"value\": [\"cat\", \"dog\"] }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value starts with the value in this object. This filter is currently only supported for Amazon OpenSearch Serverless vector stores.
The following example would return data sources with an animal attribute starts with 'ca' (for example, 'cat' or 'camel'). \"startsWith\": { \"key\": \"animal\", \"value\": \"ca\" }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is a list that contains the value as one of its members.
The following example would return data sources with an animals attribute that is a list containing a cat member (for example, [\"dog\", \"cat\"]): \"listContains\": { \"key\": \"animals\", \"value\": \"cat\" }
Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is one of the following:
A string that contains the value as a substring. The following example would return data sources with an animal attribute that contains the substring at (for example, 'cat'): \"stringContains\": { \"key\": \"animal\", \"value\": \"at\" }
A list with a member that contains the value as a substring. The following example would return data sources with an animals attribute that is a list containing a member that contains the substring at (for example, [\"dog\", \"cat\"]): \"stringContains\": { \"key\": \"animals\", \"value\": \"at\" }
Knowledge base data sources are returned if their metadata attributes fulfill all the filter conditions inside this list.
" + }, + "orAll":{ + "shape":"RetrievalFilterList", + "documentation":"Knowledge base data sources are returned if their metadata attributes fulfill at least one of the filter conditions inside this list.
" + } + }, + "documentation":"Specifies the filters to use on the metadata attributes/fields in the knowledge base data sources before returning results.
", + "sensitive":true, + "union":true + }, + "RetrievalFilterList":{ + "type":"list", + "member":{"shape":"RetrievalFilter"}, + "min":2 + }, + "RetrieveAndGenerateConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"RetrieveAndGenerateType", + "documentation":"The type of resource that contains your data for retrieving information and generating responses.
If you choose to use EXTERNAL_SOURCES, then currently only Claude 3 Sonnet models for knowledge bases are supported.
Contains configuration details for the knowledge base retrieval and response generation.
" + }, + "externalSourcesConfiguration":{ + "shape":"ExternalSourcesRetrieveAndGenerateConfiguration", + "documentation":"The configuration for the external source wrapper object in the retrieveAndGenerate function.
Contains configuration details for a knowledge base retrieval and response generation.
" + }, + "RetrieveAndGenerateType":{ + "type":"string", + "enum":[ + "KNOWLEDGE_BASE", + "EXTERNAL_SOURCES" + ] + }, + "RetrieveConfig":{ + "type":"structure", + "required":[ + "knowledgeBaseId", + "knowledgeBaseRetrievalConfiguration" + ], + "members":{ + "knowledgeBaseId":{ + "shape":"KnowledgeBaseId", + "documentation":"The unique identifier of the knowledge base.
" + }, + "knowledgeBaseRetrievalConfiguration":{ + "shape":"KnowledgeBaseRetrievalConfiguration", + "documentation":"Contains configuration details for knowledge base retrieval.
" + } + }, + "documentation":"The configuration details for retrieving information from a knowledge base.
" + }, "RoleArn":{ "type":"string", "documentation":"ARN of a IAM role
", @@ -5484,6 +6060,17 @@ "type":"string", "enum":["JSONL"] }, + "S3ObjectDoc":{ + "type":"structure", + "required":["uri"], + "members":{ + "uri":{ + "shape":"kBS3Uri", + "documentation":"The S3 URI location for the wrapper object of the document.
" + } + }, + "documentation":"The unique wrapper object of the document from the S3 location.
" + }, "S3Uri":{ "type":"string", "max":1024, @@ -5496,6 +6083,13 @@ "min":0, "pattern":"arn:aws(-[^:]+)?:sagemaker:[a-z0-9-]{1,20}:[0-9]{12}:flow-definition/.*" }, + "SearchType":{ + "type":"string", + "enum":[ + "HYBRID", + "SEMANTIC" + ] + }, "SecurityGroupId":{ "type":"string", "max":32, @@ -5545,7 +6139,7 @@ "members":{ "jobIdentifier":{ "shape":"EvaluationJobIdentifier", - "documentation":"The ARN of the model evaluation job you want to stop.
", + "documentation":"The Amazon Resource Name (ARN) of the evaluation job you want to stop.
", "location":"uri", "locationName":"jobIdentifier" } @@ -5673,6 +6267,40 @@ "min":20, "pattern":".*(^[a-zA-Z0-9][a-zA-Z0-9\\-]*$)|(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:([0-9]{12}|)((:(fine-tuning-job|model-customization-job|custom-model)/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}(/[a-z0-9]{12})$)|(:guardrail/[a-z0-9]+$)|(:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+$)|(:(provisioned-model|model-invocation-job|model-evaluation-job|evaluation-job|model-import-job|imported-model)/[a-z0-9]{12}$))).*" }, + "Temperature":{ + "type":"float", + "box":true, + "max":1, + "min":0 + }, + "TextInferenceConfig":{ + "type":"structure", + "members":{ + "temperature":{ + "shape":"Temperature", + "documentation":"Controls the random-ness of text generated by the language model, influencing how much the model sticks to the most predictable next words versus exploring more surprising options. A lower temperature value (e.g. 0.2 or 0.3) makes model outputs more deterministic or predictable, while a higher temperature (e.g. 0.8 or 0.9) makes the outputs more creative or unpredictable.
" + }, + "topP":{ + "shape":"TopP", + "documentation":"A probability distribution threshold which controls what the model considers for the set of possible next tokens. The model will only consider the top p% of the probability distribution when generating the next token.
" + }, + "maxTokens":{ + "shape":"MaxTokens", + "documentation":"The maximum number of tokens to generate in the output text. Do not use the minimum of 0 or the maximum of 65536. The limit values described here are arbitrary values, for actual values consult the limits defined by your specific model.
" + }, + "stopSequences":{ + "shape":"RAGStopSequences", + "documentation":"A list of sequences of characters that, if generated, will cause the model to stop generating further tokens. Do not use a minimum length of 1 or a maximum length of 1000. The limit values described here are arbitrary values, for actual values consult the limits defined by your specific model.
" + } + }, + "documentation":"The configuration details for text generation using a language model via the RetrieveAndGenerate function.
The configuration of a virtual private cloud (VPC). For more information, see Protect your data using Amazon Virtual Private Cloud and Amazon Web Services PrivateLink.
" + }, + "kBS3Uri":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"s3://[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]/.{1,1024}" } }, "documentation":"Describes the API operations for creating, managing, fine-turning, and evaluating Amazon Bedrock models.
" From 0bbe4b073f3221d9cced6b2e9f75af8379ffaf7a Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:11 +0000 Subject: [PATCH 16/35] EC2 Image Builder Update: Added support for EC2 Image Builder's integration with AWS Marketplace for Marketplace components. --- .../feature-EC2ImageBuilder-0b74f6d.json | 6 + .../codegen-resources/service-2.json | 133 ++++++++++++++++-- 2 files changed, 130 insertions(+), 9 deletions(-) create mode 100644 .changes/next-release/feature-EC2ImageBuilder-0b74f6d.json diff --git a/.changes/next-release/feature-EC2ImageBuilder-0b74f6d.json b/.changes/next-release/feature-EC2ImageBuilder-0b74f6d.json new file mode 100644 index 00000000000..34cee33e36d --- /dev/null +++ b/.changes/next-release/feature-EC2ImageBuilder-0b74f6d.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "EC2 Image Builder", + "contributor": "", + "description": "Added support for EC2 Image Builder's integration with AWS Marketplace for Marketplace components." +} diff --git a/services/imagebuilder/src/main/resources/codegen-resources/service-2.json b/services/imagebuilder/src/main/resources/codegen-resources/service-2.json index 55b1830ebfe..2e25d3e1d5e 100644 --- a/services/imagebuilder/src/main/resources/codegen-resources/service-2.json +++ b/services/imagebuilder/src/main/resources/codegen-resources/service-2.json @@ -662,6 +662,24 @@ ], "documentation":"Get details for the specified image lifecycle policy.
" }, + "GetMarketplaceResource":{ + "name":"GetMarketplaceResource", + "http":{ + "method":"POST", + "requestUri":"/GetMarketplaceResource" + }, + "input":{"shape":"GetMarketplaceResourceRequest"}, + "output":{"shape":"GetMarketplaceResourceResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"CallRateLimitExceededException"} + ], + "documentation":"Verify the subscription and perform resource dependency checks on the requested Amazon Web Services Marketplace resource. For Amazon Web Services Marketplace components, the response contains fields to download the components and their artifacts.
" + }, "GetWorkflow":{ "name":"GetWorkflow", "http":{ @@ -1664,7 +1682,7 @@ }, "state":{ "shape":"ComponentState", - "documentation":"Describes the current status of the component. This is used for components that are no longer active.
" + "documentation":"Describes the current status of the component.
" }, "parameters":{ "shape":"ComponentParameterDetailList", @@ -1701,6 +1719,10 @@ "obfuscate":{ "shape":"Boolean", "documentation":"Indicates whether component source is hidden from view in the console, and from component detail results for API, CLI, or SDK operations.
" + }, + "productCodes":{ + "shape":"ProductCodeList", + "documentation":"Contains product codes that are used for billing purposes for Amazon Web Services Marketplace components.
" } }, "documentation":"A detailed view of a component.
" @@ -1830,7 +1852,11 @@ }, "ComponentStatus":{ "type":"string", - "enum":["DEPRECATED"] + "enum":[ + "DEPRECATED", + "DISABLED", + "ACTIVE" + ] }, "ComponentSummary":{ "type":"structure", @@ -1943,6 +1969,14 @@ "dateCreated":{ "shape":"DateTime", "documentation":"The date that the component was created.
" + }, + "status":{ + "shape":"ComponentStatus", + "documentation":"Describes the current status of the component version.
" + }, + "productCodes":{ + "shape":"ProductCodeList", + "documentation":"Contains product codes that are used for billing purposes for Amazon Web Services Marketplace components.
" } }, "documentation":"The defining characteristics of a specific version of an Amazon Web Services TOE component.
" @@ -3385,7 +3419,7 @@ }, "FilterValue":{ "type":"string", - "pattern":"^[0-9a-zA-Z./_ :-]{1,1024}$" + "pattern":"^[0-9a-zA-Z./_ :,{}\"-]{1,1024}$" }, "FilterValues":{ "type":"list", @@ -3721,6 +3755,44 @@ } } }, + "GetMarketplaceResourceRequest":{ + "type":"structure", + "required":[ + "resourceType", + "resourceArn" + ], + "members":{ + "resourceType":{ + "shape":"MarketplaceResourceType", + "documentation":"Specifies which type of Amazon Web Services Marketplace resource Image Builder retrieves.
" + }, + "resourceArn":{ + "shape":"ImageBuilderArn", + "documentation":"The Amazon Resource Name (ARN) that uniquely identifies an Amazon Web Services Marketplace resource.
" + }, + "resourceLocation":{ + "shape":"MarketplaceResourceLocation", + "documentation":"The bucket path that you can specify to download the resource from Amazon S3.
" + } + } + }, + "GetMarketplaceResourceResponse":{ + "type":"structure", + "members":{ + "resourceArn":{ + "shape":"ImageBuilderArn", + "documentation":"The Amazon Resource Name (ARN) for the Amazon Web Services Marketplace resource that was requested.
" + }, + "url":{ + "shape":"NonEmptyString", + "documentation":"The obfuscated S3 URL to download the component artifact from.
" + }, + "data":{ + "shape":"NonEmptyString", + "documentation":"Returns obfuscated data that contains the YAML content of the component.
" + } + } + }, "GetWorkflowExecutionRequest":{ "type":"structure", "required":["workflowExecutionId"], @@ -4060,14 +4132,14 @@ "members":{ "packageName":{ "shape":"NonEmptyString", - "documentation":"The name of the package as reported to the operating system package manager.
" + "documentation":"The name of the package that's reported to the operating system package manager.
" }, "packageVersion":{ "shape":"NonEmptyString", - "documentation":"The version of the package as reported to the operating system package manager.
" + "documentation":"The version of the package that's reported to the operating system package manager.
" } }, - "documentation":"Represents a package installed on an Image Builder image.
" + "documentation":"A software package that's installed on top of the base image to create a customized image.
" }, "ImagePackageList":{ "type":"list", @@ -4563,7 +4635,7 @@ }, "timeoutMinutes":{ "shape":"ImageTestsTimeoutMinutes", - "documentation":"The maximum time in minutes that tests are permitted to run.
The timeoutMinutes attribute is not currently active. This value is ignored.
The maximum time in minutes that tests are permitted to run.
The timeout attribute is not currently active. This value is ignored.
Configure image tests for your pipeline build. Tests run after building the image, to verify that the AMI or container image is valid before distributing it.
" @@ -6466,6 +6538,18 @@ }, "documentation":"Logging configuration defines where Image Builder uploads your logs.
" }, + "MarketplaceResourceLocation":{ + "type":"string", + "max":1024, + "pattern":"^s3://[^/]+/.+[^/]$" + }, + "MarketplaceResourceType":{ + "type":"string", + "enum":[ + "COMPONENT_DATA", + "COMPONENT_ARTIFACT" + ] + }, "MaxParallelLaunches":{ "type":"integer", "min":1 @@ -6542,7 +6626,8 @@ "Self", "Shared", "Amazon", - "ThirdParty" + "ThirdParty", + "AWSMarketplace" ] }, "PackageArchitecture":{"type":"string"}, @@ -6649,6 +6734,36 @@ "macOS" ] }, + "ProductCodeId":{ + "type":"string", + "pattern":"^[A-Za-z0-9]{1,25}$" + }, + "ProductCodeList":{ + "type":"list", + "member":{"shape":"ProductCodeListItem"} + }, + "ProductCodeListItem":{ + "type":"structure", + "required":[ + "productCodeId", + "productCodeType" + ], + "members":{ + "productCodeId":{ + "shape":"ProductCodeId", + "documentation":"For Amazon Web Services Marketplace components, this contains the product code ID that can be stamped onto an EC2 AMI to ensure that components are billed correctly. If this property is empty, it might mean that the component is not published.
" + }, + "productCodeType":{ + "shape":"ProductCodeType", + "documentation":"The owner of the product code that's billed. If this property is empty, it might mean that the component is not published.
" + } + }, + "documentation":"Information about a single product code.
" + }, + "ProductCodeType":{ + "type":"string", + "enum":["marketplace"] + }, "PutComponentPolicyRequest":{ "type":"structure", "required":[ @@ -7232,7 +7347,7 @@ }, "repositoryName":{ "shape":"NonEmptyString", - "documentation":"The name of the container repository where the output container image is stored. This name is prefixed by the repository location.
" + "documentation":"The name of the container repository where the output container image is stored. This name is prefixed by the repository location. For example, <repository location url>/repository_name.
The container repository where the output container image is stored.
" From c972ccee285d02e229e60b9cdf69994c52df8db9 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:27 +0000 Subject: [PATCH 17/35] Network Flow Monitor Update: This release adds documentation for a new feature in Amazon CloudWatch called Network Flow Monitor. You can use Network Flow Monitor to get near real-time metrics, including retransmissions and data transferred, for your actual workloads. --- .../feature-NetworkFlowMonitor-28a0b5a.json | 6 + services/networkflowmonitor/pom.xml | 60 + .../codegen-resources/endpoint-rule-set.json | 137 ++ .../codegen-resources/endpoint-tests.json | 201 ++ .../codegen-resources/paginators-1.json | 34 + .../codegen-resources/service-2.json | 2185 +++++++++++++++++ .../codegen-resources/waiters-2.json | 5 + 7 files changed, 2628 insertions(+) create mode 100644 .changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json create mode 100644 services/networkflowmonitor/pom.xml create mode 100644 services/networkflowmonitor/src/main/resources/codegen-resources/endpoint-rule-set.json create mode 100644 services/networkflowmonitor/src/main/resources/codegen-resources/endpoint-tests.json create mode 100644 services/networkflowmonitor/src/main/resources/codegen-resources/paginators-1.json create mode 100644 services/networkflowmonitor/src/main/resources/codegen-resources/service-2.json create mode 100644 services/networkflowmonitor/src/main/resources/codegen-resources/waiters-2.json diff --git a/.changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json b/.changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json new file mode 100644 index 00000000000..eccd37c6033 --- /dev/null +++ b/.changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Network Flow Monitor", + "contributor": "", + "description": "This release adds documentation for a new feature in Amazon CloudWatch called Network Flow Monitor. You can use Network Flow Monitor to get near real-time metrics, including retransmissions and data transferred, for your actual workloads." +} diff --git a/services/networkflowmonitor/pom.xml b/services/networkflowmonitor/pom.xml new file mode 100644 index 00000000000..ec88b0119a1 --- /dev/null +++ b/services/networkflowmonitor/pom.xml @@ -0,0 +1,60 @@ + +Create a monitor for specific network flows between local and remote resources, so that you can monitor network performance for one or several of your workloads. For each monitor, Network Flow Monitor publishes detailed end-to-end performance metrics and a network health indicators (NHI) that informs you whether there were Amazon Web Services network issues for one or more of the network flows tracked by a monitor, during a time period that you choose.
", + "idempotent":true + }, + "CreateScope":{ + "name":"CreateScope", + "http":{ + "method":"POST", + "requestUri":"/scopes", + "responseCode":200 + }, + "input":{"shape":"CreateScopeInput"}, + "output":{"shape":"CreateScopeOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Create a scope of resources that you want to be available for Network Flow Monitor to generate metrics for, when you have active agents on those resources sending metrics reports to the Network Flow Monitor backend. This call returns a scope ID to identify the scope.
When you create a scope, you enable permissions for Network Flow Monitor. The scope is set to the resources for the Amazon Web Services that enables the feature.
", + "idempotent":true + }, + "DeleteMonitor":{ + "name":"DeleteMonitor", + "http":{ + "method":"DELETE", + "requestUri":"/monitors/{monitorName}", + "responseCode":200 + }, + "input":{"shape":"DeleteMonitorInput"}, + "output":{"shape":"DeleteMonitorOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Deletes a monitor in Network Flow Monitor.
", + "idempotent":true + }, + "DeleteScope":{ + "name":"DeleteScope", + "http":{ + "method":"DELETE", + "requestUri":"/scopes/{scopeId}", + "responseCode":200 + }, + "input":{"shape":"DeleteScopeInput"}, + "output":{"shape":"DeleteScopeOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Deletes a scope that has been defined.
", + "idempotent":true + }, + "GetMonitor":{ + "name":"GetMonitor", + "http":{ + "method":"GET", + "requestUri":"/monitors/{monitorName}", + "responseCode":200 + }, + "input":{"shape":"GetMonitorInput"}, + "output":{"shape":"GetMonitorOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Gets information about a monitor in Network Flow Monitor based on a monitor name. The information returned includes the Amazon Resource Name (ARN), create time, modified time, resources included in the monitor, and status information.
" + }, + "GetQueryResultsMonitorTopContributors":{ + "name":"GetQueryResultsMonitorTopContributors", + "http":{ + "method":"GET", + "requestUri":"/monitors/{monitorName}/topContributorsQueries/{queryId}/results", + "responseCode":200 + }, + "input":{"shape":"GetQueryResultsMonitorTopContributorsInput"}, + "output":{"shape":"GetQueryResultsMonitorTopContributorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Create a query ID for this call by calling the corresponding API call to start the query, StartQueryMonitorTopContributors. Use the scope ID that was returned for your account by CreateScope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
" + }, + "GetQueryResultsWorkloadInsightsTopContributors":{ + "name":"GetQueryResultsWorkloadInsightsTopContributors", + "http":{ + "method":"GET", + "requestUri":"/workloadInsights/{scopeId}/topContributorsQueries/{queryId}/results", + "responseCode":200 + }, + "input":{"shape":"GetQueryResultsWorkloadInsightsTopContributorsInput"}, + "output":{"shape":"GetQueryResultsWorkloadInsightsTopContributorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors. Use the scope ID that was returned for your account by CreateScope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
" + }, + "GetQueryResultsWorkloadInsightsTopContributorsData":{ + "name":"GetQueryResultsWorkloadInsightsTopContributorsData", + "http":{ + "method":"GET", + "requestUri":"/workloadInsights/{scopeId}/topContributorsDataQueries/{queryId}/results", + "responseCode":200 + }, + "input":{"shape":"GetQueryResultsWorkloadInsightsTopContributorsDataInput"}, + "output":{"shape":"GetQueryResultsWorkloadInsightsTopContributorsDataOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.
Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData. Use the scope ID that was returned for your account by CreateScope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
" + }, + "GetQueryStatusMonitorTopContributors":{ + "name":"GetQueryStatusMonitorTopContributors", + "http":{ + "method":"GET", + "requestUri":"/monitors/{monitorName}/topContributorsQueries/{queryId}/status", + "responseCode":200 + }, + "input":{"shape":"GetQueryStatusMonitorTopContributorsInput"}, + "output":{"shape":"GetQueryStatusMonitorTopContributorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors for a monitor.
When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryMonitorTopContributors.
When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.
Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for workload insights.
When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
" + }, + "GetQueryStatusWorkloadInsightsTopContributorsData":{ + "name":"GetQueryStatusWorkloadInsightsTopContributorsData", + "http":{ + "method":"GET", + "requestUri":"/workloadInsights/{scopeId}/topContributorsDataQueries/{queryId}/status", + "responseCode":200 + }, + "input":{"shape":"GetQueryStatusWorkloadInsightsTopContributorsDataInput"}, + "output":{"shape":"GetQueryStatusWorkloadInsightsTopContributorsDataOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors data for workload insights.
When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
" + }, + "GetScope":{ + "name":"GetScope", + "http":{ + "method":"GET", + "requestUri":"/scopes/{scopeId}", + "responseCode":200 + }, + "input":{"shape":"GetScopeInput"}, + "output":{"shape":"GetScopeOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Gets information about a scope, including the name, status, tags, and target details. The scope in Network Flow Monitor is an account.
" + }, + "ListMonitors":{ + "name":"ListMonitors", + "http":{ + "method":"GET", + "requestUri":"/monitors", + "responseCode":200 + }, + "input":{"shape":"ListMonitorsInput"}, + "output":{"shape":"ListMonitorsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"List all monitors in an account. Optionally, you can list only monitors that have a specific status, by using the STATUS parameter.
List all the scopes for an account.
" + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceInput"}, + "output":{"shape":"ListTagsForResourceOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Returns all the tags for a resource.
" + }, + "StartQueryMonitorTopContributors":{ + "name":"StartQueryMonitorTopContributors", + "http":{ + "method":"POST", + "requestUri":"/monitors/{monitorName}/topContributorsQueries", + "responseCode":200 + }, + "input":{"shape":"StartQueryMonitorTopContributorsInput"}, + "output":{"shape":"StartQueryMonitorTopContributorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Start a query to return the data with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
" + }, + "StartQueryWorkloadInsightsTopContributors":{ + "name":"StartQueryWorkloadInsightsTopContributors", + "http":{ + "method":"POST", + "requestUri":"/workloadInsights/{scopeId}/topContributorsQueries", + "responseCode":200 + }, + "input":{"shape":"StartQueryWorkloadInsightsTopContributorsInput"}, + "output":{"shape":"StartQueryWorkloadInsightsTopContributorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Start a query to return the data with the Network Flow Monitor query interface. Specify the query that you want to start by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
" + }, + "StartQueryWorkloadInsightsTopContributorsData":{ + "name":"StartQueryWorkloadInsightsTopContributorsData", + "http":{ + "method":"POST", + "requestUri":"/workloadInsights/{scopeId}/topContributorsDataQueries", + "responseCode":200 + }, + "input":{"shape":"StartQueryWorkloadInsightsTopContributorsDataInput"}, + "output":{"shape":"StartQueryWorkloadInsightsTopContributorsDataOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.
A query ID is returned from an API call to start a query of a specific type; for example
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
" + }, + "StopQueryMonitorTopContributors":{ + "name":"StopQueryMonitorTopContributors", + "http":{ + "method":"DELETE", + "requestUri":"/monitors/{monitorName}/topContributorsQueries/{queryId}", + "responseCode":200 + }, + "input":{"shape":"StopQueryMonitorTopContributorsInput"}, + "output":{"shape":"StopQueryMonitorTopContributorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Stop a query with the Network Flow Monitor query interface. Specify the query that you want to stop by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
", + "idempotent":true + }, + "StopQueryWorkloadInsightsTopContributors":{ + "name":"StopQueryWorkloadInsightsTopContributors", + "http":{ + "method":"DELETE", + "requestUri":"/workloadInsights/{scopeId}/topContributorsQueries/{queryId}", + "responseCode":200 + }, + "input":{"shape":"StopQueryWorkloadInsightsTopContributorsInput"}, + "output":{"shape":"StopQueryWorkloadInsightsTopContributorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Stop a query with the Network Flow Monitor query interface. Specify the query that you want to stop by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
" + }, + "StopQueryWorkloadInsightsTopContributorsData":{ + "name":"StopQueryWorkloadInsightsTopContributorsData", + "http":{ + "method":"DELETE", + "requestUri":"/workloadInsights/{scopeId}/topContributorsDataQueries/{queryId}", + "responseCode":200 + }, + "input":{"shape":"StopQueryWorkloadInsightsTopContributorsDataInput"}, + "output":{"shape":"StopQueryWorkloadInsightsTopContributorsDataOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"TagResourceInput"}, + "output":{"shape":"TagResourceOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Adds a tag to a resource.
", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"UntagResourceInput"}, + "output":{"shape":"UntagResourceOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Removes a tag from a resource.
", + "idempotent":true + }, + "UpdateMonitor":{ + "name":"UpdateMonitor", + "http":{ + "method":"PATCH", + "requestUri":"/monitors/{monitorName}", + "responseCode":200 + }, + "input":{"shape":"UpdateMonitorInput"}, + "output":{"shape":"UpdateMonitorOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Update a monitor to add or remove local or remote resources.
", + "idempotent":true + }, + "UpdateScope":{ + "name":"UpdateScope", + "http":{ + "method":"PATCH", + "requestUri":"/scopes/{scopeId}", + "responseCode":200 + }, + "input":{"shape":"UpdateScopeInput"}, + "output":{"shape":"UpdateScopeOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Update a scope to add or remove resources that you want to be available for Network Flow Monitor to generate metrics for, when you have active agents on those resources sending metrics reports to the Network Flow Monitor backend.
", + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"You don't have sufficient permission to perform this action.
", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AccountId":{ + "type":"string", + "max":12, + "min":1, + "pattern":"[0-9]{12}" + }, + "Arn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:.*" + }, + "AvailabilityZone":{"type":"string"}, + "AwsRegion":{"type":"string"}, + "Component":{"type":"string"}, + "ComponentType":{"type":"string"}, + "ConflictException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The requested resource is in use.
", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "CreateMonitorInput":{ + "type":"structure", + "required":[ + "monitorName", + "localResources", + "scopeArn" + ], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
" + }, + "localResources":{ + "shape":"CreateMonitorInputLocalResourcesList", + "documentation":"The local resources to monitor. A local resource, in a bi-directional flow of a workload, is the host where the agent is installed. For example, if a workload consists of an interaction between a web service and a backend database (for example, Amazon Relational Database Service (RDS)), the EC2 instance hosting the web service, which also runs the agent, is the local resource.
" + }, + "remoteResources":{ + "shape":"MonitorRemoteResources", + "documentation":"The remote resources to monitor. A remote resource is the other endpoint in the bi-directional flow of a workload, with a local resource. For example, Amazon Relational Database Service (RDS) can be a remote resource.
" + }, + "scopeArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the scope for the monitor.
" + }, + "clientToken":{ + "shape":"String", + "documentation":"A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.
", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a monitor. You can add a maximum of 200 tags.
" + } + } + }, + "CreateMonitorInputLocalResourcesList":{ + "type":"list", + "member":{"shape":"MonitorLocalResource"}, + "min":1 + }, + "CreateMonitorOutput":{ + "type":"structure", + "required":[ + "monitorArn", + "monitorName", + "monitorStatus", + "localResources", + "remoteResources", + "createdAt", + "modifiedAt" + ], + "members":{ + "monitorArn":{ + "shape":"MonitorArn", + "documentation":"The Amazon Resource Name (ARN) of the monitor.
" + }, + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
" + }, + "monitorStatus":{ + "shape":"MonitorStatus", + "documentation":"The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
The local resources to monitor. A local resource, in a bi-directional flow of a workload, is the host where the agent is installed.
" + }, + "remoteResources":{ + "shape":"MonitorRemoteResources", + "documentation":"The remote resources to monitor. A remote resource is the other endpoint in the bi-directional flow of a workload, with a local resource. For example, Amazon Relational Database Service (RDS) can be a remote resource. The remote resource is identified by its ARN or an identifier.
" + }, + "createdAt":{ + "shape":"Iso8601Timestamp", + "documentation":"The date and time when the monitor was created.
" + }, + "modifiedAt":{ + "shape":"Iso8601Timestamp", + "documentation":"The last date and time that the monitor was modified.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a monitor.
" + } + } + }, + "CreateScopeInput":{ + "type":"structure", + "required":["targets"], + "members":{ + "targets":{ + "shape":"CreateScopeInputTargetsList", + "documentation":"The targets to define the scope to be monitored. Currently, a target is an Amazon Web Services account.
" + }, + "clientToken":{ + "shape":"String", + "documentation":"A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.
", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a scope. You can add a maximum of 200 tags.
" + } + } + }, + "CreateScopeInputTargetsList":{ + "type":"list", + "member":{"shape":"TargetResource"}, + "max":100, + "min":1 + }, + "CreateScopeOutput":{ + "type":"structure", + "required":[ + "scopeId", + "status", + "scopeArn" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get metrics for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
" + }, + "status":{ + "shape":"ScopeStatus", + "documentation":"The status for a call to create a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.
The Amazon Resource Name (ARN) of the scope.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a scope.
" + } + } + }, + "DeleteMonitorInput":{ + "type":"structure", + "required":["monitorName"], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor to delete.
", + "location":"uri", + "locationName":"monitorName" + } + } + }, + "DeleteMonitorOutput":{ + "type":"structure", + "members":{ + } + }, + "DeleteScopeInput":{ + "type":"structure", + "required":["scopeId"], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + } + } + }, + "DeleteScopeOutput":{ + "type":"structure", + "members":{ + } + }, + "DestinationCategory":{ + "type":"string", + "enum":[ + "INTRA_AZ", + "INTER_AZ", + "INTER_VPC", + "UNCLASSIFIED", + "AMAZON_S3", + "AMAZON_DYNAMODB" + ] + }, + "Double":{ + "type":"double", + "box":true + }, + "GetMonitorInput":{ + "type":"structure", + "required":["monitorName"], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
", + "location":"uri", + "locationName":"monitorName" + } + } + }, + "GetMonitorOutput":{ + "type":"structure", + "required":[ + "monitorArn", + "monitorName", + "monitorStatus", + "localResources", + "remoteResources", + "createdAt", + "modifiedAt" + ], + "members":{ + "monitorArn":{ + "shape":"MonitorArn", + "documentation":"The Amazon Resource Name (ARN) of the monitor.
" + }, + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
" + }, + "monitorStatus":{ + "shape":"MonitorStatus", + "documentation":"The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
The local resources for this monitor.
" + }, + "remoteResources":{ + "shape":"MonitorRemoteResources", + "documentation":"The remote resources for this monitor.
" + }, + "createdAt":{ + "shape":"Iso8601Timestamp", + "documentation":"The date and time when the monitor was created.
" + }, + "modifiedAt":{ + "shape":"Iso8601Timestamp", + "documentation":"The date and time when the monitor was last modified.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a monitor.
" + } + } + }, + "GetQueryResultsMonitorTopContributorsInput":{ + "type":"structure", + "required":[ + "monitorName", + "queryId" + ], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
", + "location":"uri", + "locationName":"monitorName" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"The number of query results that you want to return with this call.
", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "GetQueryResultsMonitorTopContributorsOutput":{ + "type":"structure", + "members":{ + "unit":{ + "shape":"MetricUnit", + "documentation":"The units for a metric returned by the query.
" + }, + "topContributors":{ + "shape":"MonitorTopContributorsRowList", + "documentation":"The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
" + } + } + }, + "GetQueryResultsWorkloadInsightsTopContributorsDataInput":{ + "type":"structure", + "required":[ + "scopeId", + "queryId" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"The number of query results that you want to return with this call.
", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "GetQueryResultsWorkloadInsightsTopContributorsDataOutput":{ + "type":"structure", + "required":[ + "unit", + "datapoints" + ], + "members":{ + "unit":{ + "shape":"MetricUnit", + "documentation":"The units for a metric returned by the query.
" + }, + "datapoints":{ + "shape":"WorkloadInsightsTopContributorsDataPoints", + "documentation":"The datapoints returned by the query.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
" + } + } + }, + "GetQueryResultsWorkloadInsightsTopContributorsInput":{ + "type":"structure", + "required":[ + "scopeId", + "queryId" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"The number of query results that you want to return with this call.
", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "GetQueryResultsWorkloadInsightsTopContributorsOutput":{ + "type":"structure", + "members":{ + "topContributors":{ + "shape":"WorkloadInsightsTopContributorsRowList", + "documentation":"The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
" + } + } + }, + "GetQueryStatusMonitorTopContributorsInput":{ + "type":"structure", + "required":[ + "monitorName", + "queryId" + ], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
", + "location":"uri", + "locationName":"monitorName" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + } + } + }, + "GetQueryStatusMonitorTopContributorsOutput":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"QueryStatus", + "documentation":"When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.
QUEUED: The query is scheduled to run.
RUNNING: The query is in progress but not complete.
SUCCEEDED: The query completed sucessfully.
FAILED: The query failed due to an error.
CANCELED: The query was canceled.
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + } + } + }, + "GetQueryStatusWorkloadInsightsTopContributorsDataOutput":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"QueryStatus", + "documentation":"The status of a query for top contributors data.
QUEUED: The query is scheduled to run.
RUNNING: The query is in progress but not complete.
SUCCEEDED: The query completed sucessfully.
FAILED: The query failed due to an error.
CANCELED: The query was canceled.
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + } + } + }, + "GetQueryStatusWorkloadInsightsTopContributorsOutput":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"QueryStatus", + "documentation":"When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.
QUEUED: The query is scheduled to run.
RUNNING: The query is in progress but not complete.
SUCCEEDED: The query completed sucessfully.
FAILED: The query failed due to an error.
CANCELED: The query was canceled.
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
The status of a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.
The Amazon Resource Name (ARN) of the scope.
" + }, + "targets":{ + "shape":"TargetResourceList", + "documentation":"The targets for a scope
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a scope.
" + } + } + }, + "InstanceArn":{"type":"string"}, + "InstanceId":{ + "type":"string", + "pattern":"i-[a-zA-Z0-9]{8,32}" + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"An internal error occurred.
", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "Iso8601Timestamp":{"type":"timestamp"}, + "KubernetesMetadata":{ + "type":"structure", + "members":{ + "localServiceName":{ + "shape":"String", + "documentation":"The service name for a local resource.
" + }, + "localPodName":{ + "shape":"String", + "documentation":"The name of the pod for a local resource.
" + }, + "localPodNamespace":{ + "shape":"String", + "documentation":"The namespace of the pod for a local resource.
" + }, + "remoteServiceName":{ + "shape":"String", + "documentation":"The service name for a remote resource.
" + }, + "remotePodName":{ + "shape":"String", + "documentation":"The name of the pod for a remote resource.
" + }, + "remotePodNamespace":{ + "shape":"String", + "documentation":"The namespace of the pod for a remote resource.
" + } + }, + "documentation":"Meta data about Kubernetes resources.
" + }, + "Limit":{ + "type":"integer", + "box":true, + "max":500, + "min":1 + }, + "ListMonitorsInput":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"The number of query results that you want to return with this call.
", + "location":"querystring", + "locationName":"maxResults" + }, + "monitorStatus":{ + "shape":"MonitorStatus", + "documentation":"The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
The monitors that are in an account.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
" + } + } + }, + "ListScopesInput":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"The number of query results that you want to return with this call.
", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListScopesOutput":{ + "type":"structure", + "required":["scopes"], + "members":{ + "scopes":{ + "shape":"ScopeSummaryList", + "documentation":"The scopes returned by the call.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token for the next set of results. You receive this token from a previous call.
" + } + } + }, + "ListTagsForResourceInput":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the resource.
", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceOutput":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a resource.
" + } + } + }, + "Long":{ + "type":"long", + "box":true + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "MetricUnit":{ + "type":"string", + "enum":[ + "Seconds", + "Microseconds", + "Milliseconds", + "Bytes", + "Kilobytes", + "Megabytes", + "Gigabytes", + "Terabytes", + "Bits", + "Kilobits", + "Megabits", + "Gigabits", + "Terabits", + "Percent", + "Count", + "Bytes/Second", + "Kilobytes/Second", + "Megabytes/Second", + "Gigabytes/Second", + "Terabytes/Second", + "Bits/Second", + "Kilobits/Second", + "Megabits/Second", + "Gigabits/Second", + "Terabits/Second", + "Count/Second", + "None" + ] + }, + "MonitorArn":{ + "type":"string", + "max":512, + "min":20, + "pattern":"arn:.*" + }, + "MonitorList":{ + "type":"list", + "member":{"shape":"MonitorSummary"} + }, + "MonitorLocalResource":{ + "type":"structure", + "required":[ + "type", + "identifier" + ], + "members":{ + "type":{ + "shape":"MonitorLocalResourceType", + "documentation":"The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.
The identifier of the local resource, such as an ARN.
" + } + }, + "documentation":"A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.
" + }, + "MonitorLocalResourceType":{ + "type":"string", + "enum":[ + "AWS::EC2::VPC", + "AWS::AvailabilityZone", + "AWS::EC2::Subnet" + ] + }, + "MonitorLocalResources":{ + "type":"list", + "member":{"shape":"MonitorLocalResource"} + }, + "MonitorMetric":{ + "type":"string", + "enum":[ + "ROUND_TRIP_TIME", + "TIMEOUTS", + "RETRANSMISSIONS", + "DATA_TRANSFERRED" + ] + }, + "MonitorRemoteResource":{ + "type":"structure", + "required":[ + "type", + "identifier" + ], + "members":{ + "type":{ + "shape":"MonitorRemoteResourceType", + "documentation":"The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.
The identifier of the remote resource, such as an ARN.
" + } + }, + "documentation":"A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
" + }, + "MonitorRemoteResourceType":{ + "type":"string", + "enum":[ + "AWS::EC2::VPC", + "AWS::AvailabilityZone", + "AWS::EC2::Subnet", + "AWS::AWSService" + ] + }, + "MonitorRemoteResources":{ + "type":"list", + "member":{"shape":"MonitorRemoteResource"} + }, + "MonitorStatus":{ + "type":"string", + "enum":[ + "PENDING", + "ACTIVE", + "INACTIVE", + "ERROR", + "DELETING" + ] + }, + "MonitorSummary":{ + "type":"structure", + "required":[ + "monitorArn", + "monitorName", + "monitorStatus" + ], + "members":{ + "monitorArn":{ + "shape":"MonitorArn", + "documentation":"The Amazon Resource Name (ARN) of the monitor.
" + }, + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
" + }, + "monitorStatus":{ + "shape":"MonitorStatus", + "documentation":"The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
A summary of information about a monitor, includ the ARN, the name, and the status.
" + }, + "MonitorTopContributorsRow":{ + "type":"structure", + "members":{ + "localIp":{ + "shape":"String", + "documentation":"The IP address of the local resource for a top contributor network flow.
" + }, + "snatIp":{ + "shape":"String", + "documentation":"The secure network address translation (SNAT) IP address for a top contributor network flow.
" + }, + "localInstanceId":{ + "shape":"InstanceId", + "documentation":"The instance identifier for the local resource for a top contributor network flow.
" + }, + "localVpcId":{ + "shape":"VpcId", + "documentation":"The VPC ID for a top contributor network flow for the local resource.
" + }, + "localRegion":{ + "shape":"AwsRegion", + "documentation":"The Amazon Web Services Region for the local resource for a top contributor network flow.
" + }, + "localAz":{ + "shape":"AvailabilityZone", + "documentation":"The Availability Zone for the local resource for a top contributor network flow.
" + }, + "localSubnetId":{ + "shape":"SubnetId", + "documentation":"The subnet ID for the local resource for a top contributor network flow.
" + }, + "targetPort":{ + "shape":"Integer", + "documentation":"The target port.
" + }, + "destinationCategory":{ + "shape":"DestinationCategory", + "documentation":"The destination category for a top contributors row. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
The VPC ID for a top contributor network flow for the remote resource.
" + }, + "remoteRegion":{ + "shape":"AwsRegion", + "documentation":"The Amazon Web Services Region for the remote resource for a top contributor network flow.
" + }, + "remoteAz":{ + "shape":"AvailabilityZone", + "documentation":"The Availability Zone for the remote resource for a top contributor network flow.
" + }, + "remoteSubnetId":{ + "shape":"SubnetId", + "documentation":"The subnet ID for the remote resource for a top contributor network flow.
" + }, + "remoteInstanceId":{ + "shape":"InstanceId", + "documentation":"The instance identifier for the remote resource for a top contributor network flow.
" + }, + "remoteIp":{ + "shape":"String", + "documentation":"The IP address of the remote resource for a top contributor network flow.
" + }, + "dnatIp":{ + "shape":"String", + "documentation":"The destination network address translation (DNAT) IP address for a top contributor network flow.
" + }, + "value":{ + "shape":"Long", + "documentation":"The value of the metric for a top contributor network flow.
" + }, + "traversedConstructs":{ + "shape":"TraversedConstructsList", + "documentation":"The constructs traversed by a network flow.
" + }, + "kubernetesMetadata":{ + "shape":"KubernetesMetadata", + "documentation":"Meta data about Kubernetes resources.
" + }, + "localInstanceArn":{ + "shape":"InstanceArn", + "documentation":"The Amazon Resource Name (ARN) of a local resource.
" + }, + "localSubnetArn":{ + "shape":"SubnetArn", + "documentation":"The Amazon Resource Name (ARN) of a local subnet.
" + }, + "localVpcArn":{ + "shape":"VpcArn", + "documentation":"The Amazon Resource Name (ARN) of a local VPC.
" + }, + "remoteInstanceArn":{ + "shape":"InstanceArn", + "documentation":"The Amazon Resource Name (ARN) of a remote resource.
" + }, + "remoteSubnetArn":{ + "shape":"SubnetArn", + "documentation":"The Amazon Resource Name (ARN) of a remote subnet.
" + }, + "remoteVpcArn":{ + "shape":"VpcArn", + "documentation":"The Amazon Resource Name (ARN) of a remote VPC.
" + } + }, + "documentation":"A set of information for a top contributor network flow in a monitor. In a monitor, Network Flow Monitor returns information about the network flows for top contributors for each metric. Top contributors are network flows with the top values for each metric type.
" + }, + "MonitorTopContributorsRowList":{ + "type":"list", + "member":{"shape":"MonitorTopContributorsRow"} + }, + "QueryStatus":{ + "type":"string", + "enum":[ + "QUEUED", + "RUNNING", + "SUCCEEDED", + "FAILED", + "CANCELED" + ] + }, + "ResourceName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_.-]+" + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The request specifies a resource that doesn't exist.
", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "ScopeId":{"type":"string"}, + "ScopeStatus":{ + "type":"string", + "enum":[ + "SUCCEEDED", + "IN_PROGRESS", + "FAILED" + ] + }, + "ScopeSummary":{ + "type":"structure", + "required":[ + "scopeId", + "status", + "scopeArn" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
" + }, + "status":{ + "shape":"ScopeStatus", + "documentation":"The status of a scope. The status can be one of the following, depending on the state of scope creation: SUCCEEDED, IN_PROGRESS, or FAILED.
The Amazon Resource Name (ARN) of the scope.
" + } + }, + "documentation":"A summary of information about a scope, including the ARN, target ID, and Amazon Web Services Region.
" + }, + "ScopeSummaryList":{ + "type":"list", + "member":{"shape":"ScopeSummary"} + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The request exceeded a service quota.
", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "StartQueryMonitorTopContributorsInput":{ + "type":"structure", + "required":[ + "monitorName", + "startTime", + "endTime", + "metricName", + "destinationCategory" + ], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
", + "location":"uri", + "locationName":"monitorName" + }, + "startTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.
" + }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp that is the date and time end of the period that you want to retrieve results for with your query.
" + }, + "metricName":{ + "shape":"MonitorMetric", + "documentation":"The metric that you want to query top contributors for. That is, you can specify this metric to return the top contributor network flows, for this type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.
" + }, + "destinationCategory":{ + "shape":"DestinationCategory", + "documentation":"The category that you want to query top contributors for, for a specific monitor. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
The maximum number of top contributors to return.
" + } + } + }, + "StartQueryMonitorTopContributorsOutput":{ + "type":"structure", + "required":["queryId"], + "members":{ + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
" + } + } + }, + "StartQueryWorkloadInsightsTopContributorsDataInput":{ + "type":"structure", + "required":[ + "scopeId", + "startTime", + "endTime", + "metricName", + "destinationCategory" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + }, + "startTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.
" + }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp that is the date and time end of the period that you want to retrieve results for with your query.
" + }, + "metricName":{ + "shape":"WorkloadInsightsMetric", + "documentation":"The metric that you want to query top contributors for. That is, you can specify this metric to return the top contributor network flows, for this type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.
" + }, + "destinationCategory":{ + "shape":"DestinationCategory", + "documentation":"The destination category for a top contributors. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
" + } + } + }, + "StartQueryWorkloadInsightsTopContributorsInput":{ + "type":"structure", + "required":[ + "scopeId", + "startTime", + "endTime", + "metricName", + "destinationCategory" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.
" + }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp that is the date and time end of the period that you want to retrieve results for with your query.
" + }, + "metricName":{ + "shape":"WorkloadInsightsMetric", + "documentation":"The metric that you want to query top contributors for. That is, you can specify this metric to return the top contributor network flows, for this type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.
" + }, + "destinationCategory":{ + "shape":"DestinationCategory", + "documentation":"The destination category for a top contributors row. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
The maximum number of top contributors to return.
" + } + } + }, + "StartQueryWorkloadInsightsTopContributorsOutput":{ + "type":"structure", + "required":["queryId"], + "members":{ + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
" + } + } + }, + "StopQueryMonitorTopContributorsInput":{ + "type":"structure", + "required":[ + "monitorName", + "queryId" + ], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
", + "location":"uri", + "locationName":"monitorName" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + } + } + }, + "StopQueryMonitorTopContributorsOutput":{ + "type":"structure", + "members":{ + } + }, + "StopQueryWorkloadInsightsTopContributorsDataInput":{ + "type":"structure", + "required":[ + "scopeId", + "queryId" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + } + } + }, + "StopQueryWorkloadInsightsTopContributorsDataOutput":{ + "type":"structure", + "members":{ + } + }, + "StopQueryWorkloadInsightsTopContributorsInput":{ + "type":"structure", + "required":[ + "scopeId", + "queryId" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + }, + "queryId":{ + "shape":"String", + "documentation":"The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
", + "location":"uri", + "locationName":"queryId" + } + } + }, + "StopQueryWorkloadInsightsTopContributorsOutput":{ + "type":"structure", + "members":{ + } + }, + "String":{"type":"string"}, + "SubnetArn":{"type":"string"}, + "SubnetId":{ + "type":"string", + "pattern":"subnet-[a-zA-Z0-9]{8,32}" + }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":0 + }, + "TagMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":200, + "min":0 + }, + "TagResourceInput":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the resource.
", + "location":"uri", + "locationName":"resourceArn" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a resource.
" + } + } + }, + "TagResourceOutput":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "TargetId":{ + "type":"structure", + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"The identifier for the account for a target.
" + } + }, + "documentation":"A target ID is an internally-generated identifier for a target. A target allows you to identify all the resources in a Network Flow Monitor scope. Currently, a target is always an Amazon Web Services account.
", + "union":true + }, + "TargetIdentifier":{ + "type":"structure", + "required":[ + "targetId", + "targetType" + ], + "members":{ + "targetId":{ + "shape":"TargetId", + "documentation":"The identifier for a target.
" + }, + "targetType":{ + "shape":"TargetType", + "documentation":"The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
" + }, + "TargetResource":{ + "type":"structure", + "required":[ + "targetIdentifier", + "region" + ], + "members":{ + "targetIdentifier":{ + "shape":"TargetIdentifier", + "documentation":"A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
" + }, + "region":{ + "shape":"AwsRegion", + "documentation":"The Amazon Web Services Region where the target resource is located.
" + } + }, + "documentation":"A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
" + }, + "TargetResourceList":{ + "type":"list", + "member":{"shape":"TargetResource"} + }, + "TargetType":{ + "type":"string", + "enum":["ACCOUNT"] + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The request was denied due to request throttling.
", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":true} + }, + "TraversedComponent":{ + "type":"structure", + "members":{ + "componentId":{ + "shape":"Component", + "documentation":"The identifier for the traversed component.
" + }, + "componentType":{ + "shape":"ComponentType", + "documentation":"The type of component that was traversed.
" + }, + "componentArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of a tranversed component.
" + }, + "serviceName":{ + "shape":"String", + "documentation":"The service name for the traversed component.
" + } + }, + "documentation":"A section of the network that a network flow has traveled through.
" + }, + "TraversedConstructsList":{ + "type":"list", + "member":{"shape":"TraversedComponent"} + }, + "UntagResourceInput":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the resource.
", + "location":"uri", + "locationName":"resourceArn" + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"Keys that you specified when you tagged a resource.
", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceOutput":{ + "type":"structure", + "members":{ + } + }, + "UpdateMonitorInput":{ + "type":"structure", + "required":["monitorName"], + "members":{ + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
", + "location":"uri", + "locationName":"monitorName" + }, + "localResourcesToAdd":{ + "shape":"MonitorLocalResources", + "documentation":"The local resources to add, as an array of resources with identifiers and types.
" + }, + "localResourcesToRemove":{ + "shape":"MonitorLocalResources", + "documentation":"The local resources to remove, as an array of resources with identifiers and types.
" + }, + "remoteResourcesToAdd":{ + "shape":"MonitorRemoteResources", + "documentation":"The remove resources to add, as an array of resources with identifiers and types.
" + }, + "remoteResourcesToRemove":{ + "shape":"MonitorRemoteResources", + "documentation":"The remove resources to remove, as an array of resources with identifiers and types.
" + }, + "clientToken":{ + "shape":"String", + "documentation":"A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.
", + "idempotencyToken":true + } + } + }, + "UpdateMonitorOutput":{ + "type":"structure", + "required":[ + "monitorArn", + "monitorName", + "monitorStatus", + "localResources", + "remoteResources", + "createdAt", + "modifiedAt" + ], + "members":{ + "monitorArn":{ + "shape":"MonitorArn", + "documentation":"The Amazon Resource Name (ARN) of the monitor.
" + }, + "monitorName":{ + "shape":"ResourceName", + "documentation":"The name of the monitor.
" + }, + "monitorStatus":{ + "shape":"MonitorStatus", + "documentation":"The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
The local resources updated for a monitor, as an array of resources with identifiers and types.
" + }, + "remoteResources":{ + "shape":"MonitorRemoteResources", + "documentation":"The remote resources updated for a monitor, as an array of resources with identifiers and types.
" + }, + "createdAt":{ + "shape":"Iso8601Timestamp", + "documentation":"The date and time when the monitor was created.
" + }, + "modifiedAt":{ + "shape":"Iso8601Timestamp", + "documentation":"The last date and time that the monitor was modified.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a monitor.
" + } + } + }, + "UpdateScopeInput":{ + "type":"structure", + "required":["scopeId"], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
", + "location":"uri", + "locationName":"scopeId" + }, + "resourcesToAdd":{ + "shape":"UpdateScopeInputResourcesToAddList", + "documentation":"A list of resources to add to a scope.
" + }, + "resourcesToDelete":{ + "shape":"UpdateScopeInputResourcesToDeleteList", + "documentation":"A list of resources to delete from a scope.
" + } + } + }, + "UpdateScopeInputResourcesToAddList":{ + "type":"list", + "member":{"shape":"TargetResource"}, + "max":99, + "min":1 + }, + "UpdateScopeInputResourcesToDeleteList":{ + "type":"list", + "member":{"shape":"TargetResource"}, + "max":99, + "min":1 + }, + "UpdateScopeOutput":{ + "type":"structure", + "required":[ + "scopeId", + "status", + "scopeArn" + ], + "members":{ + "scopeId":{ + "shape":"ScopeId", + "documentation":"The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
" + }, + "status":{ + "shape":"ScopeStatus", + "documentation":"The status for a call to update a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.
The Amazon Resource Name (ARN) of the scope.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags for a scope.
" + } + } + }, + "ValidationException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"Invalid request.
", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "VpcArn":{"type":"string"}, + "VpcId":{ + "type":"string", + "pattern":"vpc-[a-zA-Z0-9]{8,32}" + }, + "WorkloadInsightsMetric":{ + "type":"string", + "enum":[ + "TIMEOUTS", + "RETRANSMISSIONS", + "DATA_TRANSFERRED" + ] + }, + "WorkloadInsightsTopContributorsDataPoint":{ + "type":"structure", + "required":[ + "timestamps", + "values", + "label" + ], + "members":{ + "timestamps":{ + "shape":"WorkloadInsightsTopContributorsTimestampsList", + "documentation":"An array of the timestamps for the data point.
" + }, + "values":{ + "shape":"WorkloadInsightsTopContributorsValuesList", + "documentation":"The values for the data point.
" + }, + "label":{ + "shape":"String", + "documentation":"The label identifying the data point.
" + } + }, + "documentation":"A data point for a top contributor network flow in a scope. Network Flow Monitor returns information about the network flows with the top values for each metric type, which are called top contributors.
" + }, + "WorkloadInsightsTopContributorsDataPoints":{ + "type":"list", + "member":{"shape":"WorkloadInsightsTopContributorsDataPoint"} + }, + "WorkloadInsightsTopContributorsRow":{ + "type":"structure", + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"The account ID for a specific row of data.
" + }, + "localSubnetId":{ + "shape":"SubnetId", + "documentation":"The subnet identifier for the local resource.
" + }, + "localAz":{ + "shape":"AvailabilityZone", + "documentation":"The identifier for the Availability Zone where the local resource is located.
" + }, + "localVpcId":{ + "shape":"VpcId", + "documentation":"The identifier for the VPC for the local resource.
" + }, + "localRegion":{ + "shape":"AwsRegion", + "documentation":"The Amazon Web Services Region where the local resource is located.
" + }, + "remoteIdentifier":{ + "shape":"String", + "documentation":"The identifier of a remote resource.
" + }, + "value":{ + "shape":"Long", + "documentation":"The value for a metric.
" + }, + "localSubnetArn":{ + "shape":"SubnetArn", + "documentation":"The Amazon Resource Name (ARN) of a local subnet.
" + }, + "localVpcArn":{ + "shape":"VpcArn", + "documentation":"The Amazon Resource Name (ARN) of a local VPC.
" + } + }, + "documentation":"A row for a top contributor for a scope.
" + }, + "WorkloadInsightsTopContributorsRowList":{ + "type":"list", + "member":{"shape":"WorkloadInsightsTopContributorsRow"} + }, + "WorkloadInsightsTopContributorsTimestampsList":{ + "type":"list", + "member":{"shape":"SyntheticTimestamp_date_time"} + }, + "WorkloadInsightsTopContributorsValuesList":{ + "type":"list", + "member":{"shape":"Double"} + } + }, + "documentation":"Network Flow Monitor is a feature of Amazon CloudWatch Network Monitoring that provides visibility into the performance of network flows for your Amazon Web Services workloads, between instances in subnets, as well as to and from Amazon Web Services. Lightweight agents that you install on the instances capture performance metrics for your network flows, such as packet loss and latency, and send them to the Network Flow Monitor backend. Then, you can view and analyze metrics from the top contributors for each metric type, to help troubleshoot issues.
In addition, when you create a monitor, Network Flow Monitor provides a network health indicator (NHI) that informs you whether there were Amazon Web Services network issues for one or more of the network flows tracked by a monitor, during a time period that you choose. By using this value, you can independently determine if the Amazon Web Services network is impacting your workload during a specific time frame, to help you focus troubleshooting efforts.
To learn more about Network Flow Monitor, see the Network Flow Monitor User Guide in the Amazon CloudWatch User Guide.
" +} diff --git a/services/networkflowmonitor/src/main/resources/codegen-resources/waiters-2.json b/services/networkflowmonitor/src/main/resources/codegen-resources/waiters-2.json new file mode 100644 index 00000000000..13f60ee66be --- /dev/null +++ b/services/networkflowmonitor/src/main/resources/codegen-resources/waiters-2.json @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} From a7c4a7d38cd606b0d00dea3fa8e08f7619fdc5b3 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:12 +0000 Subject: [PATCH 18/35] Amazon EventBridge Update: Call private APIs by configuring Connections with VPC connectivity through PrivateLink and VPC Lattice --- .../feature-AmazonEventBridge-300044d.json | 6 + .../codegen-resources/service-2.json | 240 +++++++++++++----- 2 files changed, 180 insertions(+), 66 deletions(-) create mode 100644 .changes/next-release/feature-AmazonEventBridge-300044d.json diff --git a/.changes/next-release/feature-AmazonEventBridge-300044d.json b/.changes/next-release/feature-AmazonEventBridge-300044d.json new file mode 100644 index 00000000000..89ec407cacc --- /dev/null +++ b/.changes/next-release/feature-AmazonEventBridge-300044d.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon EventBridge", + "contributor": "", + "description": "Call private APIs by configuring Connections with VPC connectivity through PrivateLink and VPC Lattice" +} diff --git a/services/eventbridge/src/main/resources/codegen-resources/service-2.json b/services/eventbridge/src/main/resources/codegen-resources/service-2.json index 2e828947dd7..91fe61a02d7 100644 --- a/services/eventbridge/src/main/resources/codegen-resources/service-2.json +++ b/services/eventbridge/src/main/resources/codegen-resources/service-2.json @@ -91,9 +91,12 @@ "errors":[ {"shape":"ResourceAlreadyExistsException"}, {"shape":"LimitExceededException"}, - {"shape":"InternalException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"Creates a connection. A connection defines the authorization type and credentials to use for authorization with an API destination HTTP endpoint.
" + "documentation":"Creates a connection. A connection defines the authorization type and credentials to use for authorization with an API destination HTTP endpoint.
For more information, see Connections for endpoint targets in the Amazon EventBridge User Guide.
" }, "CreateEndpoint":{ "name":"CreateEndpoint", @@ -627,7 +630,7 @@ "errors":[ {"shape":"InternalException"} ], - "documentation":"Sends custom events to Amazon EventBridge so that they can be matched to rules.
The maximum size for a PutEvents event entry is 256 KB. Entry size is calculated including the event and any necessary characters and keys of the JSON representation of the event. To learn more, see Calculating PutEvents event entry size in the Amazon EventBridge User Guide
PutEvents accepts the data in JSON format. For the JSON number (integer) data type, the constraints are: a minimum value of -9,223,372,036,854,775,808 and a maximum value of 9,223,372,036,854,775,807.
PutEvents will only process nested JSON up to 1100 levels deep.
Sends custom events to Amazon EventBridge so that they can be matched to rules.
The maximum size for a PutEvents event entry is 256 KB. Entry size is calculated including the event and any necessary characters and keys of the JSON representation of the event. To learn more, see Calculating PutEvents event entry size in the Amazon EventBridge User Guide
PutEvents accepts the data in JSON format. For the JSON number (integer) data type, the constraints are: a minimum value of -9,223,372,036,854,775,808 and a maximum value of 9,223,372,036,854,775,807.
PutEvents will only process nested JSON up to 1000 levels deep.
Running PutPermission permits the specified Amazon Web Services account or Amazon Web Services organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple Amazon Web Services accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same Amazon Web Services organization, you can run PutPermission once specifying Principal as \"*\" and specifying the Amazon Web Services organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
The permission policy on the event bus cannot exceed 10 KB in size.
" + "documentation":"Running PutPermission permits the specified Amazon Web Services account or Amazon Web Services organization to put events to the specified event bus. Amazon EventBridge rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple Amazon Web Services accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same Amazon Web Services organization, you can run PutPermission once specifying Principal as \"*\" and specifying the Amazon Web Services organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
The permission policy on the event bus cannot exceed 10 KB in size.
" }, "PutRule":{ "name":"PutRule", @@ -675,7 +678,7 @@ {"shape":"InternalException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by Amazon Web Services services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command. If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in Amazon Web Services treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly. For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
" + "documentation":"Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by Amazon Web Services services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command. If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in Amazon Web Services treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly. For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
To create a rule that filters for management events from Amazon Web Services services, see Receiving read-only management events from Amazon Web Services services in the EventBridge User Guide.
" }, "PutTargets":{ "name":"PutTargets", @@ -786,7 +789,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"ManagedRuleException"} ], - "documentation":"Removes one or more tags from the specified EventBridge resource. In Amazon EventBridge (CloudWatch Events), rules and event buses can be tagged.
" + "documentation":"Removes one or more tags from the specified EventBridge resource. In Amazon EventBridge, rules and event buses can be tagged.
" }, "UpdateApiDestination":{ "name":"UpdateApiDestination", @@ -833,7 +836,9 @@ {"shape":"ConcurrentModificationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalException"}, - {"shape":"LimitExceededException"} + {"shape":"LimitExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], "documentation":"Updates settings for a connection.
" }, @@ -870,6 +875,13 @@ } }, "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + }, + "documentation":"You do not have the necessary permissons for this action.
", + "exception":true + }, "AccountId":{ "type":"string", "max":12, @@ -1322,9 +1334,13 @@ "InvocationHttpParameters":{ "shape":"ConnectionHttpParameters", "documentation":"Additional parameters for the connection that are passed through with every invocation to the HTTP endpoint.
" + }, + "ConnectivityParameters":{ + "shape":"DescribeConnectionConnectivityParameters", + "documentation":"For private OAuth authentication endpoints. The parameters EventBridge uses to authenticate against the endpoint.
For more information, see Authorization methods for connections in the Amazon EventBridge User Guide .
" } }, - "documentation":"Contains the authorization parameters to use for the connection.
" + "documentation":"Tthe authorization parameters to use for the connection.
" }, "ConnectionAuthorizationType":{ "type":"string", @@ -1342,7 +1358,7 @@ "documentation":"The user name to use for Basic authorization.
" } }, - "documentation":"Contains the authorization parameters for the connection if Basic is specified as the authorization type.
" + "documentation":"The authorization parameters for the connection if Basic is specified as the authorization type.
" }, "ConnectionBodyParameter":{ "type":"structure", @@ -1357,7 +1373,7 @@ }, "IsValueSecret":{ "shape":"Boolean", - "documentation":"Specified whether the value is secret.
" + "documentation":"Specifies whether the value is secret.
" } }, "documentation":"Additional parameter included in the body. You can include up to 100 additional body parameters per request. An event payload cannot exceed 64 KB.
" @@ -1386,7 +1402,7 @@ }, "IsValueSecret":{ "shape":"Boolean", - "documentation":"Specified whether the value is a secret.
" + "documentation":"Specifies whether the value is a secret.
" } }, "documentation":"Additional parameter included in the header. You can include up to 100 additional header parameters per request. An event payload cannot exceed 64 KB.
" @@ -1402,18 +1418,18 @@ "members":{ "HeaderParameters":{ "shape":"ConnectionHeaderParametersList", - "documentation":"Contains additional header parameters for the connection.
" + "documentation":"Any additional header parameters for the connection.
" }, "QueryStringParameters":{ "shape":"ConnectionQueryStringParametersList", - "documentation":"Contains additional query string parameters for the connection.
" + "documentation":"Any additional query string parameters for the connection.
" }, "BodyParameters":{ "shape":"ConnectionBodyParametersList", - "documentation":"Contains additional body string parameters for the connection.
" + "documentation":"Any additional body string parameters for the connection.
" } }, - "documentation":"Contains additional parameters for the connection.
" + "documentation":"Any additional parameters for the connection.
" }, "ConnectionName":{ "type":"string", @@ -1429,7 +1445,7 @@ "documentation":"The client ID associated with the response to the connection request.
" } }, - "documentation":"Contains the client response parameters for the connection when OAuth is specified as the authorization type.
" + "documentation":"The client response parameters for the connection when OAuth is specified as the authorization type.
" }, "ConnectionOAuthHttpMethod":{ "type":"string", @@ -1444,7 +1460,7 @@ "members":{ "ClientParameters":{ "shape":"ConnectionOAuthClientResponseParameters", - "documentation":"A ConnectionOAuthClientResponseParameters object that contains details about the client parameters returned when OAuth is specified as the authorization type.
Details about the client parameters returned when OAuth is specified as the authorization type.
" }, "AuthorizationEndpoint":{ "shape":"HttpsEndpoint", @@ -1459,7 +1475,7 @@ "documentation":"The additional HTTP parameters used for the OAuth authorization request.
" } }, - "documentation":"Contains the response parameters when OAuth is specified as the authorization type.
" + "documentation":"The response parameters when OAuth is specified as the authorization type.
" }, "ConnectionQueryStringParameter":{ "type":"structure", @@ -1477,7 +1493,7 @@ "documentation":"Specifies whether the value is secret.
" } }, - "documentation":"Additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.
" + "documentation":"Any additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.
" }, "ConnectionQueryStringParametersList":{ "type":"list", @@ -1498,7 +1514,9 @@ "AUTHORIZED", "DEAUTHORIZED", "AUTHORIZING", - "DEAUTHORIZING" + "DEAUTHORIZING", + "ACTIVE", + "FAILED_CONNECTIVITY" ] }, "ConnectionStateReason":{ @@ -1506,6 +1524,28 @@ "max":512, "pattern":".*" }, + "ConnectivityResourceConfigurationArn":{ + "type":"structure", + "required":["ResourceConfigurationArn"], + "members":{ + "ResourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration for the resource endpoint.
" + } + }, + "documentation":"The Amazon Resource Name (ARN) of the resource configuration for the resource endpoint.
" + }, + "ConnectivityResourceParameters":{ + "type":"structure", + "required":["ResourceParameters"], + "members":{ + "ResourceParameters":{ + "shape":"ConnectivityResourceConfigurationArn", + "documentation":"The parameters for EventBridge to use when invoking the resource endpoint.
" + } + }, + "documentation":"The parameters for EventBridge to use when invoking the resource endpoint.
" + }, "CreateApiDestinationRequest":{ "type":"structure", "required":[ @@ -1628,29 +1668,33 @@ "documentation":"The value for the API key to use for authorization.
" } }, - "documentation":"Contains the API key authorization parameters for the connection.
" + "documentation":"The API key authorization parameters for the connection.
" }, "CreateConnectionAuthRequestParameters":{ "type":"structure", "members":{ "BasicAuthParameters":{ "shape":"CreateConnectionBasicAuthRequestParameters", - "documentation":"A CreateConnectionBasicAuthRequestParameters object that contains the Basic authorization parameters to use for the connection.
The Basic authorization parameters to use for the connection.
" }, "OAuthParameters":{ "shape":"CreateConnectionOAuthRequestParameters", - "documentation":"A CreateConnectionOAuthRequestParameters object that contains the OAuth authorization parameters to use for the connection.
The OAuth authorization parameters to use for the connection.
" }, "ApiKeyAuthParameters":{ "shape":"CreateConnectionApiKeyAuthRequestParameters", - "documentation":"A CreateConnectionApiKeyAuthRequestParameters object that contains the API key authorization parameters to use for the connection.
The API key authorization parameters to use for the connection.
" }, "InvocationHttpParameters":{ "shape":"ConnectionHttpParameters", - "documentation":"A ConnectionHttpParameters object that contains the API key authorization parameters to use for the connection. Note that if you include additional parameters for the target of a rule via HttpParameters, including query strings, the parameters added for the connection take precedence.
The API key authorization parameters to use for the connection. Note that if you include additional parameters for the target of a rule via HttpParameters, including query strings, the parameters added for the connection take precedence.
If you specify a private OAuth endpoint, the parameters for EventBridge to use when authenticating against the endpoint.
For more information, see Authorization methods for connections in the Amazon EventBridge User Guide .
" } }, - "documentation":"Contains the authorization parameters for the connection.
" + "documentation":"The authorization parameters for the connection.
You must include only authorization parameters for the AuthorizationType you specify.
The client secret associated with the client ID to use for OAuth authorization for the connection.
" } }, - "documentation":"Contains the Basic authorization parameters to use for the connection.
" + "documentation":"The Basic authorization parameters to use for the connection.
" }, "CreateConnectionOAuthRequestParameters":{ "type":"structure", @@ -1698,7 +1742,7 @@ "members":{ "ClientParameters":{ "shape":"CreateConnectionOAuthClientRequestParameters", - "documentation":"A CreateConnectionOAuthClientRequestParameters object that contains the client parameters for OAuth authorization.
The client parameters for OAuth authorization.
" }, "AuthorizationEndpoint":{ "shape":"HttpsEndpoint", @@ -1710,7 +1754,7 @@ }, "OAuthHttpParameters":{ "shape":"ConnectionHttpParameters", - "documentation":"A ConnectionHttpParameters object that contains details about the additional parameters to use for the connection.
Details about the additional parameters to use for the connection.
" } }, "documentation":"Contains the OAuth authorization parameters to use for the connection.
" @@ -1737,7 +1781,11 @@ }, "AuthParameters":{ "shape":"CreateConnectionAuthRequestParameters", - "documentation":"A CreateConnectionAuthRequestParameters object that contains the authorization parameters to use to authorize with the endpoint.
The authorization parameters to use to authorize with the endpoint.
You must include only authorization parameters for the AuthorizationType you specify.
For connections to private resource endpoints, the parameters to use for invoking the resource endpoint.
For more information, see Connecting to private resources in the Amazon EventBridge User Guide .
" } } }, @@ -1935,7 +1983,7 @@ "documentation":"The ARN of the SQS queue specified as the target for the dead-letter queue.
" } }, - "documentation":"Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
For more information, see Event retry policy and using dead-letter queues in the EventBridge User Guide.
" + "documentation":"Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
For more information, see Using dead-letter queues to process undelivered events in the EventBridge User Guide.
" }, "DeauthorizeConnectionRequest":{ "type":"structure", @@ -2211,6 +2259,17 @@ } } }, + "DescribeConnectionConnectivityParameters":{ + "type":"structure", + "required":["ResourceParameters"], + "members":{ + "ResourceParameters":{ + "shape":"DescribeConnectionResourceParameters", + "documentation":"The parameters for EventBridge to use when invoking the resource endpoint.
" + } + }, + "documentation":"If the connection uses a private OAuth endpoint, the parameters for EventBridge to use when authenticating against the endpoint.
For more information, see Authorization methods for connections in the Amazon EventBridge User Guide .
" + }, "DescribeConnectionRequest":{ "type":"structure", "required":["Name"], @@ -2221,6 +2280,24 @@ } } }, + "DescribeConnectionResourceParameters":{ + "type":"structure", + "required":[ + "ResourceConfigurationArn", + "ResourceAssociationArn" + ], + "members":{ + "ResourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration for the private API.
" + }, + "ResourceAssociationArn":{ + "shape":"ResourceAssociationArn", + "documentation":"For connections to private APIs, the Amazon Resource Name (ARN) of the resource association EventBridge created between the connection and the private API's resource configuration.
" + } + }, + "documentation":"The parameters for EventBridge to use when invoking the resource endpoint.
" + }, "DescribeConnectionResponse":{ "type":"structure", "members":{ @@ -2236,6 +2313,10 @@ "shape":"ConnectionDescription", "documentation":"The description for the connection retrieved.
" }, + "InvocationConnectivityParameters":{ + "shape":"DescribeConnectionConnectivityParameters", + "documentation":"For connections to private resource endpoints. The parameters EventBridge uses to invoke the resource endpoint.
For more information, see Connecting to private resources in the Amazon EventBridge User Guide .
" + }, "ConnectionState":{ "shape":"ConnectionState", "documentation":"The state of the connection retrieved.
" @@ -3098,7 +3179,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
An array of ApiDestination objects that include information about an API destination.
An array that includes information about each API destination.
" }, "NextToken":{ "shape":"NextToken", - "documentation":"A token you can use in a subsequent request to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
A token you can use in a subsequent request to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
A token you can use in a subsequent operation to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
A token you can use in a subsequent operation to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to this operation. Specifying this retrieves the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
A token you can use in a subsequent operation to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to this operation. Specifying this retrieves the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
A token you can use in a subsequent operation to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
Indicates whether there are additional results to retrieve. If there are no more results, the value is null.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
Indicates whether there are additional results to retrieve. If there are no more results, the value is null.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The token returned by a previous call to retrieve the next set of results.
" + "documentation":"The token returned by a previous call, which you can use to retrieve the next set of results.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
Indicates whether there are additional results to retrieve. If there are no more results, the value is null.
" + "documentation":"A token indicating there are more results available. If there are no more results, no token is included in the response.
The value of nextToken is a unique pagination token for each page. To retrieve the next page of results, make the call again using the returned token. Keep all other arguments unchanged.
Using an expired pagination token results in an HTTP 400 InvalidToken error.
The RetryPolicy object that contains the retry policy configuration to use for the dead-letter queue.
The retry policy configuration to use for the dead-letter queue.
" }, "AppSyncParameters":{ "shape":"AppSyncParameters", @@ -4829,6 +4922,13 @@ } } }, + "ThrottlingException":{ + "type":"structure", + "members":{ + }, + "documentation":"This request cannot be completed due to throttling issues.
", + "exception":true + }, "Timestamp":{"type":"timestamp"}, "TraceHeader":{ "type":"string", @@ -4971,7 +5071,7 @@ }, "ApiKeyValue":{ "shape":"AuthHeaderParametersSensitive", - "documentation":"The value associated with teh API key to use for authorization.
" + "documentation":"The value associated with the API key to use for authorization.
" } }, "documentation":"Contains the API key authorization parameters to use to update the connection.
" @@ -4981,19 +5081,23 @@ "members":{ "BasicAuthParameters":{ "shape":"UpdateConnectionBasicAuthRequestParameters", - "documentation":"A UpdateConnectionBasicAuthRequestParameters object that contains the authorization parameters for Basic authorization.
The authorization parameters for Basic authorization.
" }, "OAuthParameters":{ "shape":"UpdateConnectionOAuthRequestParameters", - "documentation":"A UpdateConnectionOAuthRequestParameters object that contains the authorization parameters for OAuth authorization.
The authorization parameters for OAuth authorization.
" }, "ApiKeyAuthParameters":{ "shape":"UpdateConnectionApiKeyAuthRequestParameters", - "documentation":"A UpdateConnectionApiKeyAuthRequestParameters object that contains the authorization parameters for API key authorization.
The authorization parameters for API key authorization.
" }, "InvocationHttpParameters":{ "shape":"ConnectionHttpParameters", - "documentation":"A ConnectionHttpParameters object that contains the additional parameters to use for the connection.
The additional parameters to use for the connection.
" + }, + "ConnectivityParameters":{ + "shape":"ConnectivityResourceParameters", + "documentation":"If you specify a private OAuth endpoint, the parameters for EventBridge to use when authenticating against the endpoint.
For more information, see Authorization methods for connections in the Amazon EventBridge User Guide .
" } }, "documentation":"Contains the additional parameters to use for the connection.
" @@ -5010,7 +5114,7 @@ "documentation":"The password associated with the user name to use for Basic authorization.
" } }, - "documentation":"Contains the Basic authorization parameters for the connection.
" + "documentation":"The Basic authorization parameters for the connection.
" }, "UpdateConnectionOAuthClientRequestParameters":{ "type":"structure", @@ -5024,14 +5128,14 @@ "documentation":"The client secret assciated with the client ID to use for OAuth authorization.
" } }, - "documentation":"Contains the OAuth authorization parameters to use for the connection.
" + "documentation":"The OAuth authorization parameters to use for the connection.
" }, "UpdateConnectionOAuthRequestParameters":{ "type":"structure", "members":{ "ClientParameters":{ "shape":"UpdateConnectionOAuthClientRequestParameters", - "documentation":"A UpdateConnectionOAuthClientRequestParameters object that contains the client parameters to use for the connection when OAuth is specified as the authorization type.
The client parameters to use for the connection when OAuth is specified as the authorization type.
" }, "AuthorizationEndpoint":{ "shape":"HttpsEndpoint", @@ -5046,7 +5150,7 @@ "documentation":"The additional HTTP parameters used for the OAuth authorization request.
" } }, - "documentation":"Contains the OAuth request parameters to use for the connection.
" + "documentation":"The OAuth request parameters to use for the connection.
" }, "UpdateConnectionRequest":{ "type":"structure", @@ -5067,6 +5171,10 @@ "AuthParameters":{ "shape":"UpdateConnectionAuthRequestParameters", "documentation":"The authorization parameters to use for the connection.
" + }, + "InvocationConnectivityParameters":{ + "shape":"ConnectivityResourceParameters", + "documentation":"For connections to private resource endpoints, the parameters to use for invoking the resource endpoint.
For more information, see Connecting to private resources in the Amazon EventBridge User Guide .
" } } }, From f3bc5ad44b920c776637c656f7f3cd8feaddc656 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:15 +0000 Subject: [PATCH 19/35] AmazonConnectCampaignServiceV2 Update: Amazon Connect Outbound Campaigns V2 / Features : Adds support for Event-Triggered Campaigns. --- ...mazonConnectCampaignServiceV2-d4badfa.json | 6 + .../codegen-resources/service-2.json | 129 +++++++++++++++++- 2 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 .changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json diff --git a/.changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json b/.changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json new file mode 100644 index 00000000000..59642837e4f --- /dev/null +++ b/.changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "AmazonConnectCampaignServiceV2", + "contributor": "", + "description": "Amazon Connect Outbound Campaigns V2 / Features : Adds support for Event-Triggered Campaigns." +} diff --git a/services/connectcampaignsv2/src/main/resources/codegen-resources/service-2.json b/services/connectcampaignsv2/src/main/resources/codegen-resources/service-2.json index baf7d34cb25..d1a02e3c219 100644 --- a/services/connectcampaignsv2/src/main/resources/codegen-resources/service-2.json +++ b/services/connectcampaignsv2/src/main/resources/codegen-resources/service-2.json @@ -359,6 +359,27 @@ "documentation":"Creates outbound requests for the specified campaign Amazon Connect account. This API is idempotent.
", "idempotent":true }, + "PutProfileOutboundRequestBatch":{ + "name":"PutProfileOutboundRequestBatch", + "http":{ + "method":"PUT", + "requestUri":"/v2/campaigns/{id}/profile-outbound-requests", + "responseCode":200 + }, + "input":{"shape":"PutProfileOutboundRequestBatchRequest"}, + "output":{"shape":"PutProfileOutboundRequestBatchResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidCampaignStateException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Takes in a list of profile outbound requests to be placed as part of an outbound campaign. This API is idempotent.
", + "idempotent":true + }, "ResumeCampaign":{ "name":"ResumeCampaign", "http":{ @@ -1251,6 +1272,13 @@ "documentation":"Server-side encryption type.
", "enum":["KMS"] }, + "EventTrigger":{ + "type":"structure", + "members":{ + "customerProfilesDomainArn":{"shape":"Arn"} + }, + "documentation":"Event trigger of the campaign
" + }, "EventType":{ "type":"string", "documentation":"Enumeration of Customer Profiles event type
", @@ -1276,6 +1304,22 @@ "max":25, "min":0 }, + "FailedProfileOutboundRequest":{ + "type":"structure", + "members":{ + "clientToken":{"shape":"ClientToken"}, + "id":{"shape":"ProfileOutboundRequestId"}, + "failureCode":{"shape":"ProfileOutboundRequestFailureCode"} + }, + "documentation":"Failure details for a profile outbound request
" + }, + "FailedProfileOutboundRequestList":{ + "type":"list", + "member":{"shape":"FailedProfileOutboundRequest"}, + "documentation":"List of failed profile outbound requests
", + "max":20, + "min":0 + }, "FailedRequest":{ "type":"structure", "members":{ @@ -1729,6 +1773,49 @@ }, "documentation":"Predictive config
" }, + "ProfileId":{ + "type":"string", + "documentation":"Identifier of the customer profile
", + "pattern":"[a-f0-9]{32}" + }, + "ProfileOutboundRequest":{ + "type":"structure", + "required":[ + "clientToken", + "profileId" + ], + "members":{ + "clientToken":{"shape":"ClientToken"}, + "profileId":{"shape":"ProfileId"}, + "expirationTime":{"shape":"TimeStamp"} + }, + "documentation":"Information about a profile outbound request
" + }, + "ProfileOutboundRequestFailureCode":{ + "type":"string", + "documentation":"Predefined code indicating the error that caused the failure
", + "enum":[ + "UnknownError", + "ResourceNotFound", + "Conflict", + "RequestThrottled", + "InvalidInput" + ] + }, + "ProfileOutboundRequestId":{ + "type":"string", + "documentation":"Identifier of the profile outbound request
", + "max":256, + "min":0, + "pattern":"[a-zA-Z0-9_\\-.]*" + }, + "ProfileOutboundRequestList":{ + "type":"list", + "member":{"shape":"ProfileOutboundRequest"}, + "documentation":"List of profile outbound requests
", + "max":20, + "min":1 + }, "ProgressiveConfig":{ "type":"structure", "required":["bandwidthAllocation"], @@ -1777,6 +1864,30 @@ }, "documentation":"The response for PutOutboundRequestBatch API.
" }, + "PutProfileOutboundRequestBatchRequest":{ + "type":"structure", + "required":[ + "id", + "profileOutboundRequests" + ], + "members":{ + "id":{ + "shape":"CampaignId", + "location":"uri", + "locationName":"id" + }, + "profileOutboundRequests":{"shape":"ProfileOutboundRequestList"} + }, + "documentation":"The request for PutProfileOutboundRequestBatch API
" + }, + "PutProfileOutboundRequestBatchResponse":{ + "type":"structure", + "members":{ + "successfulRequests":{"shape":"SuccessfulProfileOutboundRequestList"}, + "failedRequests":{"shape":"FailedProfileOutboundRequestList"} + }, + "documentation":"The response for PutProfileOutboundRequestBatch API
" + }, "QConnectIntegrationConfig":{ "type":"structure", "required":["knowledgeBaseArn"], @@ -1956,7 +2067,8 @@ "Source":{ "type":"structure", "members":{ - "customerProfilesSegmentArn":{"shape":"Arn"} + "customerProfilesSegmentArn":{"shape":"Arn"}, + "eventTrigger":{"shape":"EventTrigger"} }, "documentation":"Source of the campaign
", "union":true @@ -2030,6 +2142,21 @@ "max":25, "min":0 }, + "SuccessfulProfileOutboundRequest":{ + "type":"structure", + "members":{ + "clientToken":{"shape":"ClientToken"}, + "id":{"shape":"ProfileOutboundRequestId"} + }, + "documentation":"Success details for a profile outbound request
" + }, + "SuccessfulProfileOutboundRequestList":{ + "type":"list", + "member":{"shape":"SuccessfulProfileOutboundRequest"}, + "documentation":"List of successful profile outbound requests
", + "max":20, + "min":0 + }, "SuccessfulRequest":{ "type":"structure", "members":{ From db80920027fc5f92c42b08e91cdbb33297232b62 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:16 +0000 Subject: [PATCH 20/35] Amazon MemoryDB Update: Amazon MemoryDB SDK now supports all APIs for Multi-Region. Please refer to the updated Amazon MemoryDB public documentation for detailed information on API usage. --- .../feature-AmazonMemoryDB-d74846d.json | 6 + .../codegen-resources/paginators-1.json | 6 + .../codegen-resources/service-2.json | 509 ++++++++++++++++-- 3 files changed, 465 insertions(+), 56 deletions(-) create mode 100644 .changes/next-release/feature-AmazonMemoryDB-d74846d.json diff --git a/.changes/next-release/feature-AmazonMemoryDB-d74846d.json b/.changes/next-release/feature-AmazonMemoryDB-d74846d.json new file mode 100644 index 00000000000..a3310f28732 --- /dev/null +++ b/.changes/next-release/feature-AmazonMemoryDB-d74846d.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon MemoryDB", + "contributor": "", + "description": "Amazon MemoryDB SDK now supports all APIs for Multi-Region. Please refer to the updated Amazon MemoryDB public documentation for detailed information on API usage." +} diff --git a/services/memorydb/src/main/resources/codegen-resources/paginators-1.json b/services/memorydb/src/main/resources/codegen-resources/paginators-1.json index 06c1b769a69..038bcb221a8 100644 --- a/services/memorydb/src/main/resources/codegen-resources/paginators-1.json +++ b/services/memorydb/src/main/resources/codegen-resources/paginators-1.json @@ -24,6 +24,12 @@ "output_token": "NextToken", "result_key": "Events" }, + "DescribeMultiRegionClusters": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "MultiRegionClusters" + }, "DescribeParameterGroups": { "input_token": "NextToken", "limit_key": "MaxResults", diff --git a/services/memorydb/src/main/resources/codegen-resources/service-2.json b/services/memorydb/src/main/resources/codegen-resources/service-2.json index cea8d96bc70..91448f18a38 100644 --- a/services/memorydb/src/main/resources/codegen-resources/service-2.json +++ b/services/memorydb/src/main/resources/codegen-resources/service-2.json @@ -93,10 +93,30 @@ {"shape":"InvalidCredentialsException"}, {"shape":"TagQuotaPerResourceExceeded"}, {"shape":"ACLNotFoundFault"}, - {"shape":"InvalidACLStateFault"} + {"shape":"InvalidACLStateFault"}, + {"shape":"MultiRegionClusterNotFoundFault"}, + {"shape":"InvalidMultiRegionClusterStateFault"} ], "documentation":"Creates a cluster. All nodes in the cluster run the same protocol-compliant engine software.
" }, + "CreateMultiRegionCluster":{ + "name":"CreateMultiRegionCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateMultiRegionClusterRequest"}, + "output":{"shape":"CreateMultiRegionClusterResponse"}, + "errors":[ + {"shape":"MultiRegionClusterAlreadyExistsFault"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"MultiRegionParameterGroupNotFoundFault"}, + {"shape":"ClusterQuotaForCustomerExceededFault"}, + {"shape":"TagQuotaPerResourceExceeded"} + ], + "documentation":"Creates a new multi-Region cluster.
" + }, "CreateParameterGroup":{ "name":"CreateParameterGroup", "http":{ @@ -204,7 +224,22 @@ {"shape":"InvalidParameterValueException"}, {"shape":"InvalidParameterCombinationException"} ], - "documentation":"Deletes a cluster. It also deletes all associated nodes and node endpoints
" + "documentation":"Deletes a cluster. It also deletes all associated nodes and node endpoints.
CreateSnapshot permission is required to create a final snapshot. Without this permission, the API call will fail with an Access Denied exception.
Deletes an existing multi-Region cluster.
" }, "DeleteParameterGroup":{ "name":"DeleteParameterGroup", @@ -282,7 +317,7 @@ {"shape":"ACLNotFoundFault"}, {"shape":"InvalidParameterCombinationException"} ], - "documentation":"Returns a list of ACLs
" + "documentation":"Returns a list of ACLs.
" }, "DescribeClusters":{ "name":"DescribeClusters", @@ -313,7 +348,7 @@ {"shape":"InvalidParameterValueException"}, {"shape":"InvalidParameterCombinationException"} ], - "documentation":"Returns a list of the available engine versions.
" + "documentation":"Returns a list of the available Redis OSS engine versions.
" }, "DescribeEvents":{ "name":"DescribeEvents", @@ -330,6 +365,22 @@ ], "documentation":"Returns events related to clusters, security groups, and parameter groups. You can obtain events specific to a particular cluster, security group, or parameter group by providing the name as a parameter. By default, only the events occurring within the last hour are returned; however, you can retrieve up to 14 days' worth of events if necessary.
" }, + "DescribeMultiRegionClusters":{ + "name":"DescribeMultiRegionClusters", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMultiRegionClustersRequest"}, + "output":{"shape":"DescribeMultiRegionClustersResponse"}, + "errors":[ + {"shape":"ClusterNotFoundFault"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"MultiRegionClusterNotFoundFault"} + ], + "documentation":"Returns details about one or more multi-Region clusters.
" + }, "DescribeParameterGroups":{ "name":"DescribeParameterGroups", "http":{ @@ -406,7 +457,7 @@ {"shape":"InvalidParameterValueException"}, {"shape":"InvalidParameterCombinationException"} ], - "documentation":"Returns details of the service updates
" + "documentation":"Returns details of the service updates.
" }, "DescribeSnapshots":{ "name":"DescribeSnapshots", @@ -472,6 +523,21 @@ ], "documentation":"Used to failover a shard. This API is designed for testing the behavior of your application in case of MemoryDB failover. It is not designed to be used as a production-level tool for initiating a failover to overcome a problem you may have with the cluster. Moreover, in certain conditions such as large scale operational events, Amazon may block this API.
" }, + "ListAllowedMultiRegionClusterUpdates":{ + "name":"ListAllowedMultiRegionClusterUpdates", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAllowedMultiRegionClusterUpdatesRequest"}, + "output":{"shape":"ListAllowedMultiRegionClusterUpdatesResponse"}, + "errors":[ + {"shape":"MultiRegionClusterNotFoundFault"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"InvalidParameterValueException"} + ], + "documentation":"Lists the allowed updates for a multi-Region cluster.
" + }, "ListAllowedNodeTypeUpdates":{ "name":"ListAllowedNodeTypeUpdates", "http":{ @@ -505,9 +571,11 @@ {"shape":"InvalidARNFault"}, {"shape":"ServiceLinkedRoleNotFoundFault"}, {"shape":"UserNotFoundFault"}, - {"shape":"ACLNotFoundFault"} + {"shape":"ACLNotFoundFault"}, + {"shape":"MultiRegionClusterNotFoundFault"}, + {"shape":"MultiRegionParameterGroupNotFoundFault"} ], - "documentation":"Lists all tags currently on a named resource. A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track your MemoryDB resources. For more information, see Tagging your MemoryDB resources
" + "documentation":"Lists all tags currently on a named resource. A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track your MemoryDB resources. For more information, see Tagging your MemoryDB resources.
" }, "PurchaseReservedNodesOffering":{ "name":"PurchaseReservedNodesOffering", @@ -561,9 +629,12 @@ {"shape":"SnapshotNotFoundFault"}, {"shape":"UserNotFoundFault"}, {"shape":"ACLNotFoundFault"}, + {"shape":"MultiRegionClusterNotFoundFault"}, + {"shape":"MultiRegionParameterGroupNotFoundFault"}, {"shape":"TagQuotaPerResourceExceeded"}, {"shape":"InvalidARNFault"}, - {"shape":"ServiceLinkedRoleNotFoundFault"} + {"shape":"ServiceLinkedRoleNotFoundFault"}, + {"shape":"InvalidParameterValueException"} ], "documentation":"A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track all your MemoryDB resources. When you add or remove tags on clusters, those actions will be replicated to all nodes in the cluster. For more information, see Resource-level permissions.
For example, you can use cost-allocation tags to your MemoryDB resources, Amazon generates a cost allocation report as a comma-separated value (CSV) file with your usage and costs aggregated by your tags. You can apply tags that represent business categories (such as cost centers, application names, or owners) to organize your costs across multiple services. For more information, see Using Cost Allocation Tags.
" }, @@ -585,9 +656,12 @@ {"shape":"TagNotFoundFault"}, {"shape":"ServiceLinkedRoleNotFoundFault"}, {"shape":"UserNotFoundFault"}, - {"shape":"ACLNotFoundFault"} + {"shape":"ACLNotFoundFault"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"MultiRegionClusterNotFoundFault"}, + {"shape":"MultiRegionParameterGroupNotFoundFault"} ], - "documentation":"Use this operation to remove tags on a resource
" + "documentation":"Use this operation to remove tags on a resource.
" }, "UpdateACL":{ "name":"UpdateACL", @@ -636,6 +710,23 @@ ], "documentation":"Modifies the settings for a cluster. You can use this operation to change one or more cluster configuration settings by specifying the settings and the new values.
" }, + "UpdateMultiRegionCluster":{ + "name":"UpdateMultiRegionCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateMultiRegionClusterRequest"}, + "output":{"shape":"UpdateMultiRegionClusterResponse"}, + "errors":[ + {"shape":"MultiRegionClusterNotFoundFault"}, + {"shape":"MultiRegionParameterGroupNotFoundFault"}, + {"shape":"InvalidMultiRegionClusterStateFault"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"InvalidParameterValueException"} + ], + "documentation":"Updates the configuration of an existing multi-Region cluster.
" + }, "UpdateParameterGroup":{ "name":"UpdateParameterGroup", "http":{ @@ -898,6 +989,10 @@ "shape":"ClusterPendingUpdates", "documentation":"A group of settings that are currently being applied.
" }, + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of the multi-Region cluster that this cluster belongs to.
" + }, "NumberOfShards":{ "shape":"IntegerOptional", "documentation":"The number of shards in the cluster
" @@ -920,15 +1015,15 @@ }, "Engine":{ "shape":"String", - "documentation":"The Redis OSS or Valkey engine used by the cluster.
" + "documentation":"The name of the engine used by the cluster.
" }, "EngineVersion":{ "shape":"String", - "documentation":"The Redis engine version used by the cluster
" + "documentation":"The Redis OSS engine version used by the cluster
" }, "EnginePatchVersion":{ "shape":"String", - "documentation":"The engine patch version used by the cluster
" + "documentation":"The Redis OSS engine patch version used by the cluster
" }, "ParameterGroupName":{ "shape":"String", @@ -1017,11 +1112,11 @@ }, "Engine":{ "shape":"String", - "documentation":"The configuration for the Redis OSS or Valkey engine used by the cluster.
" + "documentation":"The name of the engine used by the cluster configuration.
" }, "EngineVersion":{ "shape":"String", - "documentation":"The engine version used by the cluster
" + "documentation":"The Redis OSS engine version used by the cluster
" }, "MaintenanceWindow":{ "shape":"String", @@ -1062,6 +1157,14 @@ "Shards":{ "shape":"ShardDetails", "documentation":"The list of shards in the cluster
" + }, + "MultiRegionParameterGroupName":{ + "shape":"String", + "documentation":"The name of the multi-Region parameter group associated with the cluster configuration.
" + }, + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name for the multi-Region cluster associated with the cluster configuration.
" } }, "documentation":"A list of cluster configuration options.
" @@ -1188,6 +1291,10 @@ "shape":"String", "documentation":"The compute and memory capacity of the nodes in the cluster.
" }, + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of the multi-Region cluster to be created.
" + }, "ParameterGroupName":{ "shape":"String", "documentation":"The name of the parameter group associated with the cluster.
" @@ -1258,11 +1365,11 @@ }, "Engine":{ "shape":"String", - "documentation":"The name of the engine to be used for the nodes in this cluster. The value must be set to either Redis or Valkey.
" + "documentation":"The name of the engine to be used for the cluster.
" }, "EngineVersion":{ "shape":"String", - "documentation":"The version number of the engine to be used for the cluster.
" + "documentation":"The version number of the Redis OSS engine to be used for the cluster.
" }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", @@ -1283,6 +1390,60 @@ } } }, + "CreateMultiRegionClusterRequest":{ + "type":"structure", + "required":[ + "MultiRegionClusterNameSuffix", + "NodeType" + ], + "members":{ + "MultiRegionClusterNameSuffix":{ + "shape":"String", + "documentation":"A suffix to be added to the multi-Region cluster name.
" + }, + "Description":{ + "shape":"String", + "documentation":"A description for the multi-Region cluster.
" + }, + "Engine":{ + "shape":"String", + "documentation":"The name of the engine to be used for the multi-Region cluster.
" + }, + "EngineVersion":{ + "shape":"String", + "documentation":"The version of the engine to be used for the multi-Region cluster.
" + }, + "NodeType":{ + "shape":"String", + "documentation":"The node type to be used for the multi-Region cluster.
" + }, + "MultiRegionParameterGroupName":{ + "shape":"String", + "documentation":"The name of the multi-Region parameter group to be associated with the cluster.
" + }, + "NumShards":{ + "shape":"IntegerOptional", + "documentation":"The number of shards for the multi-Region cluster.
" + }, + "TLSEnabled":{ + "shape":"BooleanOptional", + "documentation":"Whether to enable TLS encryption for the multi-Region cluster.
" + }, + "Tags":{ + "shape":"TagList", + "documentation":"A list of tags to be applied to the multi-Region cluster.
" + } + } + }, + "CreateMultiRegionClusterResponse":{ + "type":"structure", + "members":{ + "MultiRegionCluster":{ + "shape":"MultiRegionCluster", + "documentation":"Details about the newly created multi-Region cluster.
" + } + } + }, "CreateParameterGroupRequest":{ "type":"structure", "required":[ @@ -1381,7 +1542,7 @@ "members":{ "SubnetGroup":{ "shape":"SubnetGroup", - "documentation":"The newly-created subnet group
" + "documentation":"The newly-created subnet group.
" } } }, @@ -1440,7 +1601,7 @@ "members":{ "ACLName":{ "shape":"String", - "documentation":"The name of the Access Control List to delete
" + "documentation":"The name of the Access Control List to delete.
" } } }, @@ -1461,6 +1622,10 @@ "shape":"String", "documentation":"The name of the cluster to be deleted
" }, + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of the multi-Region cluster to be deleted.
" + }, "FinalSnapshotName":{ "shape":"String", "documentation":"The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward.
" @@ -1472,7 +1637,26 @@ "members":{ "Cluster":{ "shape":"Cluster", - "documentation":"The cluster object that has been deleted
" + "documentation":"The cluster object that has been deleted.
" + } + } + }, + "DeleteMultiRegionClusterRequest":{ + "type":"structure", + "required":["MultiRegionClusterName"], + "members":{ + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of the multi-Region cluster to be deleted.
" + } + } + }, + "DeleteMultiRegionClusterResponse":{ + "type":"structure", + "members":{ + "MultiRegionCluster":{ + "shape":"MultiRegionCluster", + "documentation":"Details about the deleted multi-Region cluster.
" } } }, @@ -1501,7 +1685,7 @@ "members":{ "SnapshotName":{ "shape":"String", - "documentation":"The name of the snapshot to delete
" + "documentation":"The name of the snapshot to delete.
" } } }, @@ -1520,7 +1704,7 @@ "members":{ "SubnetGroupName":{ "shape":"String", - "documentation":"The name of the subnet group to delete
" + "documentation":"The name of the subnet group to delete.
" } } }, @@ -1557,7 +1741,7 @@ "members":{ "ACLName":{ "shape":"String", - "documentation":"The name of the ACL
" + "documentation":"The name of the ACL.
" }, "MaxResults":{ "shape":"IntegerOptional", @@ -1574,7 +1758,7 @@ "members":{ "ACLs":{ "shape":"ACLList", - "documentation":"The list of ACLs
" + "documentation":"The list of ACLs.
" }, "NextToken":{ "shape":"String", @@ -1587,7 +1771,7 @@ "members":{ "ClusterName":{ "shape":"String", - "documentation":"The name of the cluster
" + "documentation":"The name of the cluster.
" }, "MaxResults":{ "shape":"IntegerOptional", @@ -1621,11 +1805,11 @@ "members":{ "Engine":{ "shape":"String", - "documentation":"The engine version to return. Valid values are either valkey or redis.
" + "documentation":"The name of the engine for which to list available versions.
" }, "EngineVersion":{ "shape":"String", - "documentation":"The engine version.
" + "documentation":"The Redis OSS engine version
" }, "ParameterGroupFamily":{ "shape":"String", @@ -1704,6 +1888,40 @@ } } }, + "DescribeMultiRegionClustersRequest":{ + "type":"structure", + "members":{ + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of a specific multi-Region cluster to describe.
" + }, + "MaxResults":{ + "shape":"IntegerOptional", + "documentation":"The maximum number of results to return.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"A token to specify where to start paginating.
" + }, + "ShowClusterDetails":{ + "shape":"BooleanOptional", + "documentation":"Details about the multi-Region cluster.
" + } + } + }, + "DescribeMultiRegionClustersResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"A token to use to retrieve the next page of results.
" + }, + "MultiRegionClusters":{ + "shape":"MultiRegionClusterList", + "documentation":"A list of multi-Region clusters.
" + } + } + }, "DescribeParameterGroupsRequest":{ "type":"structure", "members":{ @@ -1862,11 +2080,11 @@ }, "ClusterNames":{ "shape":"ClusterNameList", - "documentation":"The list of cluster names to identify service updates to apply
" + "documentation":"The list of cluster names to identify service updates to apply.
" }, "Status":{ "shape":"ServiceUpdateStatusList", - "documentation":"The status(es) of the service updates to filter on
" + "documentation":"The status(es) of the service updates to filter on.
" }, "MaxResults":{ "shape":"IntegerOptional", @@ -1968,7 +2186,7 @@ "members":{ "UserName":{ "shape":"UserName", - "documentation":"The name of the user
" + "documentation":"The name of the user.
" }, "Filters":{ "shape":"FilterList", @@ -2024,7 +2242,7 @@ "members":{ "Engine":{ "shape":"String", - "documentation":"The version of the Redis OSS or Valkey engine used by the cluster.
" + "documentation":"The name of the engine for which version information is provided.
" }, "EngineVersion":{ "shape":"String", @@ -2039,7 +2257,7 @@ "documentation":"Specifies the name of the parameter group family to which the engine default parameters apply.
" } }, - "documentation":"Provides details of the engine version.
" + "documentation":"Provides details of the Redis OSS engine version
" }, "EngineVersionInfoList":{ "type":"list", @@ -2080,11 +2298,11 @@ "members":{ "ClusterName":{ "shape":"String", - "documentation":"The cluster being failed over
" + "documentation":"The cluster being failed over.
" }, "ShardName":{ "shape":"String", - "documentation":"The name of the shard
" + "documentation":"The name of the shard.
" } } }, @@ -2093,7 +2311,7 @@ "members":{ "Cluster":{ "shape":"Cluster", - "documentation":"The cluster being failed over
" + "documentation":"The cluster being failed over.
" } } }, @@ -2183,6 +2401,13 @@ "documentation":"", "exception":true }, + "InvalidMultiRegionClusterStateFault":{ + "type":"structure", + "members":{ + }, + "documentation":"The requested operation cannot be performed on the multi-Region cluster in its current state.
", + "exception":true + }, "InvalidNodeStateFault":{ "type":"structure", "members":{ @@ -2251,6 +2476,29 @@ "type":"string", "max":2048 }, + "ListAllowedMultiRegionClusterUpdatesRequest":{ + "type":"structure", + "required":["MultiRegionClusterName"], + "members":{ + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of the multi-Region cluster.
" + } + } + }, + "ListAllowedMultiRegionClusterUpdatesResponse":{ + "type":"structure", + "members":{ + "ScaleUpNodeTypes":{ + "shape":"NodeTypeList", + "documentation":"The node types that the cluster can be scaled up to.
" + }, + "ScaleDownNodeTypes":{ + "shape":"NodeTypeList", + "documentation":"The node types that the cluster can be scaled down to.
" + } + } + }, "ListAllowedNodeTypeUpdatesRequest":{ "type":"structure", "required":["ClusterName"], @@ -2280,7 +2528,7 @@ "members":{ "ResourceArn":{ "shape":"String", - "documentation":"The Amazon Resource Name (ARN) of the resource for which you want the list of tags
" + "documentation":"The Amazon Resource Name (ARN) of the resource for which you want the list of tags.
" } } }, @@ -2293,6 +2541,81 @@ } } }, + "MultiRegionCluster":{ + "type":"structure", + "members":{ + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of the multi-Region cluster.
" + }, + "Description":{ + "shape":"String", + "documentation":"The description of the multi-Region cluster.
" + }, + "Status":{ + "shape":"String", + "documentation":"The current status of the multi-Region cluster.
" + }, + "NodeType":{ + "shape":"String", + "documentation":"The node type used by the multi-Region cluster.
" + }, + "Engine":{ + "shape":"String", + "documentation":"The name of the engine used by the multi-Region cluster.
" + }, + "EngineVersion":{ + "shape":"String", + "documentation":"The version of the engine used by the multi-Region cluster.
" + }, + "NumberOfShards":{ + "shape":"IntegerOptional", + "documentation":"The number of shards in the multi-Region cluster.
" + }, + "Clusters":{ + "shape":"RegionalClusterList", + "documentation":"The clusters in this multi-Region cluster.
" + }, + "MultiRegionParameterGroupName":{ + "shape":"String", + "documentation":"The name of the multi-Region parameter group associated with the cluster.
" + }, + "TLSEnabled":{ + "shape":"BooleanOptional", + "documentation":"Indiciates if the multi-Region cluster is TLS enabled.
" + }, + "ARN":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the multi-Region cluster.
" + } + }, + "documentation":"Represents a multi-Region cluster.
" + }, + "MultiRegionClusterAlreadyExistsFault":{ + "type":"structure", + "members":{ + }, + "documentation":"A multi-Region cluster with the specified name already exists.
", + "exception":true + }, + "MultiRegionClusterList":{ + "type":"list", + "member":{"shape":"MultiRegionCluster"} + }, + "MultiRegionClusterNotFoundFault":{ + "type":"structure", + "members":{ + }, + "documentation":"The specified multi-Region cluster does not exist.
", + "exception":true + }, + "MultiRegionParameterGroupNotFoundFault":{ + "type":"structure", + "members":{ + }, + "documentation":"The specified multi-Region parameter group does not exist.
", + "exception":true + }, "NoOperationFault":{ "type":"structure", "members":{ @@ -2523,6 +2846,33 @@ "type":"list", "member":{"shape":"RecurringCharge"} }, + "RegionalCluster":{ + "type":"structure", + "members":{ + "ClusterName":{ + "shape":"String", + "documentation":"The name of the Regional cluster
" + }, + "Region":{ + "shape":"String", + "documentation":"The Region the current Regional cluster is assigned to.
" + }, + "Status":{ + "shape":"String", + "documentation":"The status of the Regional cluster.
" + }, + "ARN":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) the Regional cluster
" + } + }, + "documentation":"Represents a Regional cluster
", + "wrapper":true + }, + "RegionalClusterList":{ + "type":"list", + "member":{"shape":"RegionalCluster"} + }, "ReplicaConfigurationRequest":{ "type":"structure", "members":{ @@ -2744,7 +3094,7 @@ }, "Engine":{ "shape":"String", - "documentation":"The MemoryDB engine to which the update applies. The values are either Redis or Valkey.
" + "documentation":"The name of the engine for which a service update is available.
" }, "NodesUpdated":{ "shape":"String", @@ -3119,7 +3469,7 @@ "members":{ "ResourceArn":{ "shape":"String", - "documentation":"The Amazon Resource Name (ARN) of the resource to which the tags are to be added
" + "documentation":"The Amazon Resource Name (ARN) of the resource to which the tags are to be added.
" }, "Tags":{ "shape":"TagList", @@ -3179,11 +3529,11 @@ "members":{ "ResourceArn":{ "shape":"String", - "documentation":"The Amazon Resource Name (ARN) of the resource to which the tags are to be removed
" + "documentation":"The Amazon Resource Name (ARN) of the resource to which the tags are to be removed.
" }, "TagKeys":{ "shape":"KeyList", - "documentation":"The list of keys of the tags that are to be removed
" + "documentation":"The list of keys of the tags that are to be removed.
" } } }, @@ -3192,7 +3542,7 @@ "members":{ "TagList":{ "shape":"TagList", - "documentation":"The list of tags removed
" + "documentation":"The list of tags removed.
" } } }, @@ -3202,15 +3552,15 @@ "members":{ "ACLName":{ "shape":"String", - "documentation":"The name of the Access Control List
" + "documentation":"The name of the Access Control List.
" }, "UserNamesToAdd":{ "shape":"UserNameListInput", - "documentation":"The list of users to add to the Access Control List
" + "documentation":"The list of users to add to the Access Control List.
" }, "UserNamesToRemove":{ "shape":"UserNameListInput", - "documentation":"The list of users to remove from the Access Control List
" + "documentation":"The list of users to remove from the Access Control List.
" } } }, @@ -3219,7 +3569,7 @@ "members":{ "ACL":{ "shape":"ACL", - "documentation":"The updated Access Control List
" + "documentation":"The updated Access Control List.
" } } }, @@ -3229,15 +3579,15 @@ "members":{ "ClusterName":{ "shape":"String", - "documentation":"The name of the cluster to update
" + "documentation":"The name of the cluster to update.
" }, "Description":{ "shape":"String", - "documentation":"The description of the cluster to update
" + "documentation":"The description of the cluster to update.
" }, "SecurityGroupIds":{ "shape":"SecurityGroupIdsList", - "documentation":"The SecurityGroupIds to update
" + "documentation":"The SecurityGroupIds to update.
" }, "MaintenanceWindow":{ "shape":"String", @@ -3245,7 +3595,7 @@ }, "SnsTopicArn":{ "shape":"String", - "documentation":"The SNS topic ARN to update
" + "documentation":"The SNS topic ARN to update.
" }, "SnsTopicStatus":{ "shape":"String", @@ -3253,7 +3603,7 @@ }, "ParameterGroupName":{ "shape":"String", - "documentation":"The name of the parameter group to update
" + "documentation":"The name of the parameter group to update.
" }, "SnapshotWindow":{ "shape":"String", @@ -3269,7 +3619,7 @@ }, "Engine":{ "shape":"String", - "documentation":"The name of the engine to be used for the nodes in this cluster. The value must be set to either Redis or Valkey.
" + "documentation":"The name of the engine to be used for the cluster.
" }, "EngineVersion":{ "shape":"String", @@ -3277,15 +3627,15 @@ }, "ReplicaConfiguration":{ "shape":"ReplicaConfigurationRequest", - "documentation":"The number of replicas that will reside in each shard
" + "documentation":"The number of replicas that will reside in each shard.
" }, "ShardConfiguration":{ "shape":"ShardConfigurationRequest", - "documentation":"The number of shards in the cluster
" + "documentation":"The number of shards in the cluster.
" }, "ACLName":{ "shape":"ACLName", - "documentation":"The Access Control List that is associated with the cluster
" + "documentation":"The Access Control List that is associated with the cluster.
" } } }, @@ -3294,7 +3644,47 @@ "members":{ "Cluster":{ "shape":"Cluster", - "documentation":"The updated cluster
" + "documentation":"The updated cluster.
" + } + } + }, + "UpdateMultiRegionClusterRequest":{ + "type":"structure", + "required":["MultiRegionClusterName"], + "members":{ + "MultiRegionClusterName":{ + "shape":"String", + "documentation":"The name of the multi-Region cluster to be updated.
" + }, + "NodeType":{ + "shape":"String", + "documentation":"The new node type to be used for the multi-Region cluster.
" + }, + "Description":{ + "shape":"String", + "documentation":"A new description for the multi-Region cluster.
" + }, + "EngineVersion":{ + "shape":"String", + "documentation":"The new engine version to be used for the multi-Region cluster.
" + }, + "ShardConfiguration":{"shape":"ShardConfigurationRequest"}, + "MultiRegionParameterGroupName":{ + "shape":"String", + "documentation":"The new multi-Region parameter group to be associated with the cluster.
" + }, + "UpdateStrategy":{ + "shape":"UpdateStrategy", + "documentation":"Whether to force the update even if it may cause data loss.
" + } + } + }, + "UpdateMultiRegionClusterResponse":{ + "type":"structure", + "members":{ + "MultiRegionCluster":{ + "shape":"MultiRegionCluster", + "documentation":"The status of updating the multi-Region cluster.
" } } }, @@ -3324,6 +3714,13 @@ } } }, + "UpdateStrategy":{ + "type":"string", + "enum":[ + "coordinated", + "uncoordinated" + ] + }, "UpdateSubnetGroupRequest":{ "type":"structure", "required":["SubnetGroupName"], @@ -3452,5 +3849,5 @@ "exception":true } }, - "documentation":"MemoryDB for Redis is a fully managed, Redis-compatible, in-memory database that delivers ultra-fast performance and Multi-AZ durability for modern applications built using microservices architectures. MemoryDB stores the entire database in-memory, enabling low latency and high throughput data access. It is compatible with Redis, a popular open source data store, enabling you to leverage Redis’ flexible and friendly data structures, APIs, and commands.
" + "documentation":"MemoryDB is a fully managed, Redis OSS-compatible, in-memory database that delivers ultra-fast performance and Multi-AZ durability for modern applications built using microservices architectures. MemoryDB stores the entire database in-memory, enabling low latency and high throughput data access. It is compatible with Redis OSS, a popular open source data store, enabling you to leverage Redis OSS’ flexible and friendly data structures, APIs, and commands.
" } From 57c7e9c80dd538d5e0f6e1596995ff0ec55565c0 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:25 +0000 Subject: [PATCH 21/35] Amazon Connect Customer Profiles Update: This release introduces Event Trigger APIs as part of Amazon Connect Customer Profiles service. --- ...AmazonConnectCustomerProfiles-836a182.json | 6 + .../codegen-resources/paginators-1.json | 6 + .../codegen-resources/service-2.json | 622 ++++++++++++++++++ 3 files changed, 634 insertions(+) create mode 100644 .changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json diff --git a/.changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json b/.changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json new file mode 100644 index 00000000000..e27a8faa841 --- /dev/null +++ b/.changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Connect Customer Profiles", + "contributor": "", + "description": "This release introduces Event Trigger APIs as part of Amazon Connect Customer Profiles service." +} diff --git a/services/customerprofiles/src/main/resources/codegen-resources/paginators-1.json b/services/customerprofiles/src/main/resources/codegen-resources/paginators-1.json index 542db31d47d..ef6e528e567 100644 --- a/services/customerprofiles/src/main/resources/codegen-resources/paginators-1.json +++ b/services/customerprofiles/src/main/resources/codegen-resources/paginators-1.json @@ -12,6 +12,12 @@ "limit_key": "MaxResults", "result_key": "Items" }, + "ListEventTriggers": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, "ListObjectTypeAttributes": { "input_token": "NextToken", "output_token": "NextToken", diff --git a/services/customerprofiles/src/main/resources/codegen-resources/service-2.json b/services/customerprofiles/src/main/resources/codegen-resources/service-2.json index 845d0978102..00a74a1066b 100644 --- a/services/customerprofiles/src/main/resources/codegen-resources/service-2.json +++ b/services/customerprofiles/src/main/resources/codegen-resources/service-2.json @@ -117,6 +117,23 @@ ], "documentation":"Creates an event stream, which is a subscription to real-time events, such as when profiles are created and updated through Amazon Connect Customer Profiles.
Each event stream can be associated with only one Kinesis Data Stream destination in the same region and Amazon Web Services account as the customer profiles domain
" }, + "CreateEventTrigger":{ + "name":"CreateEventTrigger", + "http":{ + "method":"POST", + "requestUri":"/domains/{DomainName}/event-triggers/{EventTriggerName}" + }, + "input":{"shape":"CreateEventTriggerRequest"}, + "output":{"shape":"CreateEventTriggerResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Creates an event trigger, which specifies the rules when to perform action based on customer's ingested data.
Each event stream can be associated with only one integration in the same region and AWS account as the event stream.
" + }, "CreateIntegrationWorkflow":{ "name":"CreateIntegrationWorkflow", "http":{ @@ -256,6 +273,23 @@ "documentation":"Disables and deletes the specified event stream.
", "idempotent":true }, + "DeleteEventTrigger":{ + "name":"DeleteEventTrigger", + "http":{ + "method":"DELETE", + "requestUri":"/domains/{DomainName}/event-triggers/{EventTriggerName}" + }, + "input":{"shape":"DeleteEventTriggerRequest"}, + "output":{"shape":"DeleteEventTriggerResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Disable and deletes the Event Trigger.
You cannot delete an Event Trigger with an active Integration associated.
Returns information about the specified event stream in a specific domain.
" }, + "GetEventTrigger":{ + "name":"GetEventTrigger", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/event-triggers/{EventTriggerName}" + }, + "input":{"shape":"GetEventTriggerRequest"}, + "output":{"shape":"GetEventTriggerResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Get a specific Event Trigger from the domain.
" + }, "GetIdentityResolutionJob":{ "name":"GetIdentityResolutionJob", "http":{ @@ -771,6 +822,23 @@ ], "documentation":"Returns a list of all the event streams in a specific domain.
" }, + "ListEventTriggers":{ + "name":"ListEventTriggers", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/event-triggers" + }, + "input":{"shape":"ListEventTriggersRequest"}, + "output":{"shape":"ListEventTriggersResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"List all Event Triggers under a domain.
" + }, "ListIdentityResolutionJobs":{ "name":"ListIdentityResolutionJobs", "http":{ @@ -1105,6 +1173,23 @@ ], "documentation":"Updates the properties of a domain, including creating or selecting a dead letter queue or an encryption key.
After a domain is created, the name can’t be changed.
Use this API or CreateDomain to enable identity resolution: set Matching to true.
To prevent cross-service impersonation when you call this API, see Cross-service confused deputy prevention for sample policies that you should apply.
To add or remove tags on an existing Domain, see TagResource/UntagResource.
" }, + "UpdateEventTrigger":{ + "name":"UpdateEventTrigger", + "http":{ + "method":"PUT", + "requestUri":"/domains/{DomainName}/event-triggers/{EventTriggerName}" + }, + "input":{"shape":"UpdateEventTriggerRequest"}, + "output":{"shape":"UpdateEventTriggerResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Update the properties of an Event Trigger.
" + }, "UpdateProfile":{ "name":"UpdateProfile", "http":{ @@ -1808,6 +1893,26 @@ "key":{"shape":"typeName"}, "value":{"shape":"CalculatedAttributeDimension"} }, + "ComparisonOperator":{ + "type":"string", + "enum":[ + "INCLUSIVE", + "EXCLUSIVE", + "CONTAINS", + "BEGINS_WITH", + "ENDS_WITH", + "GREATER_THAN", + "LESS_THAN", + "GREATER_THAN_OR_EQUAL", + "LESS_THAN_OR_EQUAL", + "EQUAL", + "BEFORE", + "AFTER", + "ON", + "BETWEEN", + "NOT_BETWEEN" + ] + }, "ConditionOverrides":{ "type":"structure", "members":{ @@ -2128,6 +2233,94 @@ } } }, + "CreateEventTriggerRequest":{ + "type":"structure", + "required":[ + "DomainName", + "EventTriggerName", + "ObjectTypeName", + "EventTriggerConditions" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"The unique name of the domain.
", + "location":"uri", + "locationName":"DomainName" + }, + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
", + "location":"uri", + "locationName":"EventTriggerName" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"The unique name of the object type.
" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"The description of the event trigger.
" + }, + "EventTriggerConditions":{ + "shape":"EventTriggerConditions", + "documentation":"A list of conditions that determine when an event should trigger the destination.
" + }, + "SegmentFilter":{ + "shape":"name", + "documentation":"The destination is triggered only for profiles that meet the criteria of a segment definition.
" + }, + "EventTriggerLimits":{ + "shape":"EventTriggerLimits", + "documentation":"Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.
" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"An array of key-value pairs to apply to this resource.
" + } + } + }, + "CreateEventTriggerResponse":{ + "type":"structure", + "members":{ + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"The unique name of the object type.
" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"The description of the event trigger.
" + }, + "EventTriggerConditions":{ + "shape":"EventTriggerConditions", + "documentation":"A list of conditions that determine when an event should trigger the destination.
" + }, + "SegmentFilter":{ + "shape":"name", + "documentation":"The destination is triggered only for profiles that meet the criteria of a segment definition.
" + }, + "EventTriggerLimits":{ + "shape":"EventTriggerLimits", + "documentation":"Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.
" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was created.
" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was most recently updated.
" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"An array of key-value pairs to apply to this resource.
" + } + } + }, "CreateIntegrationWorkflowRequest":{ "type":"structure", "required":[ @@ -2593,6 +2786,37 @@ "members":{ } }, + "DeleteEventTriggerRequest":{ + "type":"structure", + "required":[ + "DomainName", + "EventTriggerName" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"The unique name of the domain.
", + "location":"uri", + "locationName":"DomainName" + }, + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
", + "location":"uri", + "locationName":"EventTriggerName" + } + } + }, + "DeleteEventTriggerResponse":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"message", + "documentation":"A message that indicates the delete request is done.
" + } + } + }, "DeleteIntegrationRequest":{ "type":"structure", "required":[ @@ -3047,6 +3271,117 @@ "type":"list", "member":{"shape":"EventStreamSummary"} }, + "EventTriggerCondition":{ + "type":"structure", + "required":[ + "EventTriggerDimensions", + "LogicalOperator" + ], + "members":{ + "EventTriggerDimensions":{ + "shape":"EventTriggerDimensions", + "documentation":"A list of dimensions to be evaluated for the event.
" + }, + "LogicalOperator":{ + "shape":"EventTriggerLogicalOperator", + "documentation":"The operator used to combine multiple dimensions.
" + } + }, + "documentation":"Specifies the circumstances under which the event should trigger the destination.
" + }, + "EventTriggerConditions":{ + "type":"list", + "member":{"shape":"EventTriggerCondition"}, + "max":5, + "min":1, + "sensitive":true + }, + "EventTriggerDimension":{ + "type":"structure", + "required":["ObjectAttributes"], + "members":{ + "ObjectAttributes":{ + "shape":"ObjectAttributes", + "documentation":"A list of object attributes to be evaluated.
" + } + }, + "documentation":"A specific event dimension to be assessed.
" + }, + "EventTriggerDimensions":{ + "type":"list", + "member":{"shape":"EventTriggerDimension"}, + "max":10, + "min":1 + }, + "EventTriggerLimits":{ + "type":"structure", + "members":{ + "EventExpiration":{ + "shape":"optionalLong", + "documentation":"In milliseconds. Specifies that an event will only trigger the destination if it is processed within a certain latency period.
" + }, + "Periods":{ + "shape":"Periods", + "documentation":"A list of time periods during which the limits apply.
" + } + }, + "documentation":"Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.
" + }, + "EventTriggerLogicalOperator":{ + "type":"string", + "enum":[ + "ANY", + "ALL", + "NONE" + ] + }, + "EventTriggerNames":{ + "type":"list", + "member":{"shape":"name"}, + "max":1, + "min":1 + }, + "EventTriggerSummaryItem":{ + "type":"structure", + "members":{ + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"The unique name of the object type.
" + }, + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
" + }, + "Description":{ + "shape":"text", + "documentation":"The description of the event trigger.
" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was created.
" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was most recently updated.
" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"An array of key-value pairs to apply to this resource.
" + } + }, + "documentation":"The summary of the event trigger.
" + }, + "EventTriggerSummaryList":{ + "type":"list", + "member":{"shape":"EventTriggerSummaryItem"}, + "sensitive":true + }, + "EventTriggerValues":{ + "type":"list", + "member":{"shape":"string1To255"}, + "max":10, + "min":1 + }, "ExportingConfig":{ "type":"structure", "members":{ @@ -3658,6 +3993,68 @@ } } }, + "GetEventTriggerRequest":{ + "type":"structure", + "required":[ + "DomainName", + "EventTriggerName" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"The unique name of the domain.
", + "location":"uri", + "locationName":"DomainName" + }, + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
", + "location":"uri", + "locationName":"EventTriggerName" + } + } + }, + "GetEventTriggerResponse":{ + "type":"structure", + "members":{ + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"The unique name of the object type.
" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"The description of the event trigger.
" + }, + "EventTriggerConditions":{ + "shape":"EventTriggerConditions", + "documentation":"A list of conditions that determine when an event should trigger the destination.
" + }, + "SegmentFilter":{ + "shape":"name", + "documentation":"The destination is triggered only for profiles that meet the criteria of a segment definition.
" + }, + "EventTriggerLimits":{ + "shape":"EventTriggerLimits", + "documentation":"Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.
" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was created.
" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was most recently updated.
" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"An array of key-value pairs to apply to this resource.
" + } + } + }, "GetIdentityResolutionJobRequest":{ "type":"structure", "required":[ @@ -3795,6 +4192,10 @@ "RoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" + }, + "EventTriggerNames":{ + "shape":"EventTriggerNames", + "documentation":"A list of unique names for active event triggers associated with the integration. This list would be empty if no Event Trigger is associated with the integration.
" } } }, @@ -4859,6 +5260,43 @@ } } }, + "ListEventTriggersRequest":{ + "type":"structure", + "required":["DomainName"], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"The unique name of the domain.
", + "location":"uri", + "locationName":"DomainName" + }, + "NextToken":{ + "shape":"token", + "documentation":"The pagination token to use with ListEventTriggers.
", + "location":"querystring", + "locationName":"next-token" + }, + "MaxResults":{ + "shape":"maxSize100", + "documentation":"The maximum number of results to return per page.
", + "location":"querystring", + "locationName":"max-results" + } + } + }, + "ListEventTriggersResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"EventTriggerSummaryList", + "documentation":"The list of Event Triggers.
" + }, + "NextToken":{ + "shape":"token", + "documentation":"The pagination token from the previous call to ListEventTriggers.
" + } + } + }, "ListIdentityResolutionJobsRequest":{ "type":"structure", "required":["DomainName"], @@ -4944,6 +5382,10 @@ "RoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" + }, + "EventTriggerNames":{ + "shape":"EventTriggerNames", + "documentation":"A list of unique names for active event triggers associated with the integration.
" } }, "documentation":"An integration in list of integrations.
" @@ -5644,6 +6086,38 @@ "max":512, "pattern":"\\S+" }, + "ObjectAttribute":{ + "type":"structure", + "required":[ + "ComparisonOperator", + "Values" + ], + "members":{ + "Source":{ + "shape":"text", + "documentation":"An attribute contained within a source object.
" + }, + "FieldName":{ + "shape":"fieldName", + "documentation":"A field defined within an object type.
" + }, + "ComparisonOperator":{ + "shape":"ComparisonOperator", + "documentation":"The operator used to compare an attribute against a list of values.
" + }, + "Values":{ + "shape":"EventTriggerValues", + "documentation":"A list of attribute values used for comparison.
" + } + }, + "documentation":"The criteria that a specific object attribute must meet to trigger the destination.
" + }, + "ObjectAttributes":{ + "type":"list", + "member":{"shape":"ObjectAttribute"}, + "max":10, + "min":1 + }, "ObjectCount":{ "type":"integer", "max":100, @@ -5753,6 +6227,47 @@ ], "sensitive":true }, + "Period":{ + "type":"structure", + "required":[ + "Unit", + "Value" + ], + "members":{ + "Unit":{ + "shape":"PeriodUnit", + "documentation":"The unit of time.
" + }, + "Value":{ + "shape":"maxSize24", + "documentation":"The amount of time of the specified unit.
" + }, + "MaxInvocationsPerProfile":{ + "shape":"maxSize1000", + "documentation":"The maximum allowed number of destination invocations per profile.
" + }, + "Unlimited":{ + "shape":"boolean", + "documentation":"If set to true, there is no limit on the number of destination invocations per profile. The default is false.
" + } + }, + "documentation":"Defines a limit and the time period during which it is enforced.
" + }, + "PeriodUnit":{ + "type":"string", + "enum":[ + "HOURS", + "DAYS", + "WEEKS", + "MONTHS" + ] + }, + "Periods":{ + "type":"list", + "member":{"shape":"Period"}, + "max":4, + "min":1 + }, "PhoneNumberList":{ "type":"list", "member":{"shape":"string1To255"}, @@ -6165,6 +6680,10 @@ "RoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" + }, + "EventTriggerNames":{ + "shape":"EventTriggerNames", + "documentation":"A list of unique names for active event triggers associated with the integration.
" } } }, @@ -6216,6 +6735,10 @@ "RoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" + }, + "EventTriggerNames":{ + "shape":"EventTriggerNames", + "documentation":"A list of unique names for active event triggers associated with the integration. This list would be empty if no Event Trigger is associated with the integration.
" } } }, @@ -7417,6 +7940,88 @@ } } }, + "UpdateEventTriggerRequest":{ + "type":"structure", + "required":[ + "DomainName", + "EventTriggerName" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"The unique name of the domain.
", + "location":"uri", + "locationName":"DomainName" + }, + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
", + "location":"uri", + "locationName":"EventTriggerName" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"The unique name of the object type.
" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"The description of the event trigger.
" + }, + "EventTriggerConditions":{ + "shape":"EventTriggerConditions", + "documentation":"A list of conditions that determine when an event should trigger the destination.
" + }, + "SegmentFilter":{ + "shape":"name", + "documentation":"The destination is triggered only for profiles that meet the criteria of a segment definition.
" + }, + "EventTriggerLimits":{ + "shape":"EventTriggerLimits", + "documentation":"Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.
" + } + } + }, + "UpdateEventTriggerResponse":{ + "type":"structure", + "members":{ + "EventTriggerName":{ + "shape":"name", + "documentation":"The unique name of the event trigger.
" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"The unique name of the object type.
" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"The description of the event trigger.
" + }, + "EventTriggerConditions":{ + "shape":"EventTriggerConditions", + "documentation":"A list of conditions that determine when an event should trigger the destination.
" + }, + "SegmentFilter":{ + "shape":"name", + "documentation":"The destination is triggered only for profiles that meet the criteria of a segment definition.
" + }, + "EventTriggerLimits":{ + "shape":"EventTriggerLimits", + "documentation":"Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.
" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was created.
" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"The timestamp of when the event trigger was most recently updated.
" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"An array of key-value pairs to apply to this resource.
" + } + } + }, "UpdateProfileRequest":{ "type":"structure", "required":[ @@ -7656,6 +8261,12 @@ "max":1098, "min":1 }, + "fieldName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[a-zA-Z0-9_.-]+$" + }, "foundByList":{ "type":"list", "member":{"shape":"FoundByKeyValue"}, @@ -7679,6 +8290,16 @@ "max":100, "min":1 }, + "maxSize1000":{ + "type":"integer", + "max":1000, + "min":1 + }, + "maxSize24":{ + "type":"integer", + "max":24, + "min":1 + }, "message":{"type":"string"}, "minSize0":{ "type":"integer", @@ -7689,6 +8310,7 @@ "min":1 }, "optionalBoolean":{"type":"boolean"}, + "optionalLong":{"type":"long"}, "requestValueList":{ "type":"list", "member":{"shape":"string1To255"} From 49141c1c7de29d1ad8c4ca97c89544a7b7a551e6 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:16 +0000 Subject: [PATCH 22/35] AWS Invoicing Update: AWS Invoice Configuration allows you to receive separate AWS invoices based on your organizational needs. You can use the AWS SDKs to manage Invoice Units and programmatically fetch the information of the invoice receiver. --- .../feature-AWSInvoicing-e5d5943.json | 6 + services/invoicing/pom.xml | 60 ++ .../codegen-resources/endpoint-rule-set.json | 151 ++++ .../codegen-resources/endpoint-tests.json | 313 +++++++ .../codegen-resources/paginators-1.json | 10 + .../codegen-resources/service-2.json | 798 ++++++++++++++++++ .../codegen-resources/waiters-2.json | 5 + 7 files changed, 1343 insertions(+) create mode 100644 .changes/next-release/feature-AWSInvoicing-e5d5943.json create mode 100644 services/invoicing/pom.xml create mode 100644 services/invoicing/src/main/resources/codegen-resources/endpoint-rule-set.json create mode 100644 services/invoicing/src/main/resources/codegen-resources/endpoint-tests.json create mode 100644 services/invoicing/src/main/resources/codegen-resources/paginators-1.json create mode 100644 services/invoicing/src/main/resources/codegen-resources/service-2.json create mode 100644 services/invoicing/src/main/resources/codegen-resources/waiters-2.json diff --git a/.changes/next-release/feature-AWSInvoicing-e5d5943.json b/.changes/next-release/feature-AWSInvoicing-e5d5943.json new file mode 100644 index 00000000000..351fd25f6c8 --- /dev/null +++ b/.changes/next-release/feature-AWSInvoicing-e5d5943.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "AWS Invoicing", + "contributor": "", + "description": "AWS Invoice Configuration allows you to receive separate AWS invoices based on your organizational needs. You can use the AWS SDKs to manage Invoice Units and programmatically fetch the information of the invoice receiver." +} diff --git a/services/invoicing/pom.xml b/services/invoicing/pom.xml new file mode 100644 index 00000000000..628a28e9fcb --- /dev/null +++ b/services/invoicing/pom.xml @@ -0,0 +1,60 @@ + +This gets the invoice profile associated with a set of accounts. The accounts must be linked accounts under the requester management account organization.
" + }, + "CreateInvoiceUnit":{ + "name":"CreateInvoiceUnit", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateInvoiceUnitRequest"}, + "output":{"shape":"CreateInvoiceUnitResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} + ], + "documentation":"This creates a new invoice unit with the provided definition.
" + }, + "DeleteInvoiceUnit":{ + "name":"DeleteInvoiceUnit", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteInvoiceUnitRequest"}, + "output":{"shape":"DeleteInvoiceUnitResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"This deletes an invoice unit with the provided invoice unit ARN.
" + }, + "GetInvoiceUnit":{ + "name":"GetInvoiceUnit", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetInvoiceUnitRequest"}, + "output":{"shape":"GetInvoiceUnitResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"This retrieves the invoice unit definition.
" + }, + "ListInvoiceUnits":{ + "name":"ListInvoiceUnits", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListInvoiceUnitsRequest"}, + "output":{"shape":"ListInvoiceUnitsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} + ], + "documentation":"This fetches a list of all invoice unit definitions for a given account, as of the provided AsOf date.
Lists the tags for a resource.
" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Adds a tag to a resource.
" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Removes a tag from a resource.
" + }, + "UpdateInvoiceUnit":{ + "name":"UpdateInvoiceUnit", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateInvoiceUnitRequest"}, + "output":{"shape":"UpdateInvoiceUnitResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"You can update the invoice unit configuration at any time, and Amazon Web Services will use the latest configuration at the end of the month.
" + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"BasicString"}, + "resourceName":{ + "shape":"InvoiceUnitArnString", + "documentation":"You don't have sufficient access to perform this action.
" + } + }, + "documentation":"You don't have sufficient access to perform this action.
", + "exception":true + }, + "AccountIdList":{ + "type":"list", + "member":{"shape":"AccountIdString"}, + "max":1000, + "min":1 + }, + "AccountIdString":{ + "type":"string", + "pattern":"\\d{12}" + }, + "AsOfTimestamp":{"type":"timestamp"}, + "BasicString":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"\\S+" + }, + "BatchGetInvoiceProfileRequest":{ + "type":"structure", + "required":["AccountIds"], + "members":{ + "AccountIds":{ + "shape":"AccountIdList", + "documentation":"Retrieves the corresponding invoice profile data for these account IDs.
" + } + } + }, + "BatchGetInvoiceProfileResponse":{ + "type":"structure", + "members":{ + "Profiles":{ + "shape":"ProfileList", + "documentation":"A list of invoice profiles corresponding to the requested accounts.
" + } + } + }, + "CreateInvoiceUnitRequest":{ + "type":"structure", + "required":[ + "Name", + "InvoiceReceiver", + "Rule" + ], + "members":{ + "Name":{ + "shape":"InvoiceUnitName", + "documentation":"The unique name of the invoice unit that is shown on the generated invoice. This can't be changed once it is set. To change this name, you must delete the invoice unit recreate.
" + }, + "InvoiceReceiver":{ + "shape":"AccountIdString", + "documentation":"The Amazon Web Services account ID chosen to be the receiver of an invoice unit. All invoices generated for that invoice unit will be sent to this account ID.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"The invoice unit's description. This can be changed at a later time.
" + }, + "TaxInheritanceDisabled":{ + "shape":"TaxInheritanceDisabledFlag", + "documentation":"Whether the invoice unit based tax inheritance is/ should be enabled or disabled.
" + }, + "Rule":{ + "shape":"InvoiceUnitRule", + "documentation":"The InvoiceUnitRule object used to create invoice units.
The tag structure that contains a tag key and value.
" + } + } + }, + "CreateInvoiceUnitResponse":{ + "type":"structure", + "members":{ + "InvoiceUnitArn":{ + "shape":"InvoiceUnitArnString", + "documentation":"The ARN to identify an invoice unit. This information can't be modified or deleted.
" + } + } + }, + "DeleteInvoiceUnitRequest":{ + "type":"structure", + "required":["InvoiceUnitArn"], + "members":{ + "InvoiceUnitArn":{ + "shape":"InvoiceUnitArnString", + "documentation":"The ARN to identify an invoice unit. This information can't be modified or deleted.
" + } + } + }, + "DeleteInvoiceUnitResponse":{ + "type":"structure", + "members":{ + "InvoiceUnitArn":{ + "shape":"InvoiceUnitArnString", + "documentation":"The ARN to identify an invoice unit. This information can't be modified or deleted.
" + } + } + }, + "DescriptionString":{ + "type":"string", + "max":500, + "min":0, + "pattern":"[\\S\\s]*" + }, + "Filters":{ + "type":"structure", + "members":{ + "Names":{ + "shape":"InvoiceUnitNames", + "documentation":" An optional input to the list API. You can specify a list of invoice unit names inside filters to return invoice units that match only the specified invoice unit names. If multiple names are provided, the result is an OR condition (match any) of the specified invoice unit names.
You can specify a list of Amazon Web Services account IDs inside filters to return invoice units that match only the specified accounts. If multiple accounts are provided, the result is an OR condition (match any) of the specified accounts. This filter only matches the specified accounts on the invoice receivers of the invoice units.
You can specify a list of Amazon Web Services account IDs inside filters to return invoice units that match only the specified accounts. If multiple accounts are provided, the result is an OR condition (match any) of the specified accounts. The specified account IDs are matched with either the receiver or the linked accounts in the rules.
An optional input to the list API. If multiple filters are specified, the returned list will be a configuration that match all of the provided filters. Supported filter types are InvoiceReceivers, Names, and Accounts.
The ARN to identify an invoice unit. This information can't be modified or deleted.
" + }, + "AsOf":{ + "shape":"AsOfTimestamp", + "documentation":" The state of an invoice unit at a specified time. You can see legacy invoice units that are currently deleted if the AsOf time is set to before it was deleted. If an AsOf is not provided, the default value is the current time.
The ARN to identify an invoice unit. This information can't be modified or deleted.
" + }, + "InvoiceReceiver":{ + "shape":"AccountIdString", + "documentation":"The Amazon Web Services account ID chosen to be the receiver of an invoice unit. All invoices generated for that invoice unit will be sent to this account ID.
" + }, + "Name":{ + "shape":"InvoiceUnitName", + "documentation":"The unique name of the invoice unit that is shown on the generated invoice.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"The assigned description for an invoice unit.
" + }, + "TaxInheritanceDisabled":{ + "shape":"TaxInheritanceDisabledFlag", + "documentation":"Whether the invoice unit based tax inheritance is/ should be enabled or disabled.
", + "box":true + }, + "Rule":{"shape":"InvoiceUnitRule"}, + "LastModified":{ + "shape":"LastModifiedTimestamp", + "documentation":"The most recent date the invoice unit response was updated.
" + } + } + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "retryAfterSeconds":{ + "shape":"Integer", + "documentation":"The processing request failed because of an unknown error, exception, or failure.
" + }, + "message":{"shape":"BasicString"} + }, + "documentation":"The processing request failed because of an unknown error, exception, or failure.
", + "exception":true, + "fault":true + }, + "InvoiceProfile":{ + "type":"structure", + "members":{ + "AccountId":{ + "shape":"AccountIdString", + "documentation":"The account ID the invoice profile is generated for.
" + }, + "ReceiverName":{ + "shape":"BasicString", + "documentation":"The name of the person receiving the invoice profile.
" + }, + "ReceiverAddress":{ + "shape":"ReceiverAddress", + "documentation":"The address of the receiver that will be printed on the invoice.
" + }, + "ReceiverEmail":{ + "shape":"SensitiveBasicString", + "documentation":"The email address for the invoice profile receiver.
" + }, + "Issuer":{ + "shape":"BasicString", + "documentation":"This specifies the issuing entity of the invoice.
" + }, + "TaxRegistrationNumber":{ + "shape":"SensitiveBasicString", + "documentation":"Your Tax Registration Number (TRN) information.
" + } + }, + "documentation":"Contains high-level information about the invoice receiver.
" + }, + "InvoiceUnit":{ + "type":"structure", + "members":{ + "InvoiceUnitArn":{ + "shape":"InvoiceUnitArnString", + "documentation":"ARN to identify an invoice unit. This information can't be modified or deleted.
" + }, + "InvoiceReceiver":{ + "shape":"AccountIdString", + "documentation":"The account that receives invoices related to the invoice unit.
" + }, + "Name":{ + "shape":"InvoiceUnitName", + "documentation":"A unique name that is distinctive within your Amazon Web Services.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"The assigned description for an invoice unit. This information can't be modified or deleted.
" + }, + "TaxInheritanceDisabled":{ + "shape":"TaxInheritanceDisabledFlag", + "documentation":"Whether the invoice unit based tax inheritance is/ should be enabled or disabled.
", + "box":true + }, + "Rule":{ + "shape":"InvoiceUnitRule", + "documentation":" An InvoiceUnitRule object used the categorize invoice units.
The last time the invoice unit was updated. This is important to determine the version of invoice unit configuration used to create the invoices. Any invoice created after this modified time will use this invoice unit configuration.
" + } + }, + "documentation":"An invoice unit is a set of mutually exclusive accounts that correspond to your business entity. Invoice units allow you separate Amazon Web Services account costs and configures your invoice for each business entity going forward.
" + }, + "InvoiceUnitArnString":{ + "type":"string", + "max":256, + "min":1, + "pattern":"arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+" + }, + "InvoiceUnitName":{ + "type":"string", + "max":50, + "min":1, + "pattern":"(?! )[\\p{L}\\p{N}\\p{Z}-_]*(?The list ofLINKED_ACCOUNT IDs where charges are included within the invoice unit. "
+ }
+ },
+ "documentation":" This is used to categorize the invoice unit. Values are Amazon Web Services account IDs. Currently, the only supported rule is LINKED_ACCOUNT.
An optional input to the list API. If multiple filters are specified, the returned list will be a configuration that match all of the provided filters. Supported filter types are InvoiceReceivers, Names, and Accounts.
The next token used to indicate where the returned list should start from.
" + }, + "MaxResults":{ + "shape":"MaxResultsInteger", + "documentation":"The maximum number of invoice units that can be returned.
" + }, + "AsOf":{ + "shape":"AsOfTimestamp", + "documentation":" The state of an invoice unit at a specified time. You can see legacy invoice units that are currently deleted if the AsOf time is set to before it was deleted. If an AsOf is not provided, the default value is the current time.
An invoice unit is a set of mutually exclusive accounts that correspond to your business entity.
" + }, + "NextToken":{ + "shape":"NextTokenString", + "documentation":"The next token used to indicate where the returned list should start from.
" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"TagrisArn", + "documentation":"The Amazon Resource Name (ARN) of tags to list.
" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "ResourceTags":{ + "shape":"ResourceTagList", + "documentation":"Adds a tag to a resource.
" + } + } + }, + "MaxResultsInteger":{ + "type":"integer", + "box":true, + "max":500, + "min":1 + }, + "NextTokenString":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"[\\S\\s]*" + }, + "ProfileList":{ + "type":"list", + "member":{"shape":"InvoiceProfile"} + }, + "ReceiverAddress":{ + "type":"structure", + "members":{ + "AddressLine1":{ + "shape":"BasicString", + "documentation":"The first line of the address.
" + }, + "AddressLine2":{ + "shape":"BasicString", + "documentation":"The second line of the address, if applicable.
" + }, + "AddressLine3":{ + "shape":"BasicString", + "documentation":"The third line of the address, if applicable.
" + }, + "DistrictOrCounty":{ + "shape":"BasicString", + "documentation":"The district or country the address is located in.
" + }, + "City":{ + "shape":"BasicString", + "documentation":"The city that the address is in.
" + }, + "StateOrRegion":{ + "shape":"BasicString", + "documentation":"The state, region, or province the address is located.
" + }, + "CountryCode":{ + "shape":"BasicString", + "documentation":"The country code for the country the address is in.
" + }, + "CompanyName":{ + "shape":"BasicString", + "documentation":"A unique company name.
" + }, + "PostalCode":{ + "shape":"BasicString", + "documentation":"The postal code associated with the address.
" + } + }, + "documentation":"The details of the address associated with the receiver.
", + "sensitive":true + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"BasicString"}, + "resourceName":{ + "shape":"InvoiceUnitArnString", + "documentation":"The resource could not be found.
" + } + }, + "documentation":"The resource could not be found.
", + "exception":true + }, + "ResourceTag":{ + "type":"structure", + "required":[ + "Key", + "Value" + ], + "members":{ + "Key":{ + "shape":"ResourceTagKey", + "documentation":"The object key of your of your resource tag.
" + }, + "Value":{ + "shape":"ResourceTagValue", + "documentation":"The specific value of the resource tag.
" + } + }, + "documentation":"The tag structure that contains a tag key and value.
" + }, + "ResourceTagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "ResourceTagKeyList":{ + "type":"list", + "member":{"shape":"ResourceTagKey"}, + "max":200, + "min":0 + }, + "ResourceTagList":{ + "type":"list", + "member":{"shape":"ResourceTag"}, + "max":200, + "min":0 + }, + "ResourceTagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "SensitiveBasicString":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"\\S+", + "sensitive":true + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"BasicString"} + }, + "documentation":"The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.
", + "exception":true + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "ResourceTags" + ], + "members":{ + "ResourceArn":{ + "shape":"TagrisArn", + "documentation":"The Amazon Resource Name (ARN) of the tags.
" + }, + "ResourceTags":{ + "shape":"ResourceTagList", + "documentation":"Adds a tag to a resource.
" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "TagrisArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+" + }, + "TaxInheritanceDisabledFlag":{"type":"boolean"}, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"BasicString"} + }, + "documentation":"The request was denied due to request throttling.
", + "exception":true + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "ResourceTagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"TagrisArn", + "documentation":"The Amazon Resource Name (ARN) to untag.
" + }, + "ResourceTagKeys":{ + "shape":"ResourceTagKeyList", + "documentation":"Keys for the tags to be removed.
" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateInvoiceUnitRequest":{ + "type":"structure", + "required":["InvoiceUnitArn"], + "members":{ + "InvoiceUnitArn":{ + "shape":"InvoiceUnitArnString", + "documentation":"The ARN to identify an invoice unit. This information can't be modified or deleted.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"The assigned description for an invoice unit. This information can't be modified or deleted.
" + }, + "TaxInheritanceDisabled":{ + "shape":"TaxInheritanceDisabledFlag", + "documentation":"Whether the invoice unit based tax inheritance is/ should be enabled or disabled.
", + "box":true + }, + "Rule":{ + "shape":"InvoiceUnitRule", + "documentation":"The InvoiceUnitRule object used to update invoice units.
The ARN to identify an invoice unit. This information can't be modified or deleted.
" + } + } + }, + "ValidationException":{ + "type":"structure", + "members":{ + "message":{"shape":"BasicString"}, + "resourceName":{ + "shape":"InvoiceUnitArnString", + "documentation":"You don't have sufficient access to perform this action.
" + }, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"You don't have sufficient access to perform this action.
" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
" + } + }, + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"BasicString", + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
" + }, + "message":{ + "shape":"BasicString", + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
" + } + }, + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "nonMemberPresent", + "maxAccountsExceeded", + "maxInvoiceUnitsExceeded", + "duplicateInvoiceUnit", + "mutualExclusionError", + "accountMembershipError", + "taxSettingsError", + "expiredNextToken", + "invalidNextToken", + "invalidInput", + "fieldValidationFailed", + "cannotParse", + "unknownOperation", + "other" + ] + } + }, + "documentation":"Amazon Web Services Invoice Configuration
You can use Amazon Web Services Invoice Configuration APIs to programmatically create, update, delete, get, and list invoice units. You can also programmatically fetch the information of the invoice receiver. For example, business legal name, address, and invoicing contacts.
You can use Amazon Web Services Invoice Configuration to receive separate Amazon Web Services invoices based your organizational needs. By using Amazon Web Services Invoice Configuration, you can configure invoice units that are groups of Amazon Web Services accounts that represent your business entities, and receive separate invoices for each business entity. You can also assign a unique member or payer account as the invoice receiver for each invoice unit. As you create new accounts within your Organizations using Amazon Web Services Invoice Configuration APIs, you can automate the creation of new invoice units and subsequently automate the addition of new accounts to your invoice units.
Service endpoint
You can use the following endpoints for Amazon Web Services Invoice Configuration:
https://invoicing.us-east-1.api.aws
Principal ID of the user.
", + "locationName":"principalId" + }, + "UserName":{ + "shape":"String", + "documentation":"Name of the user.
", + "locationName":"userName" + }, + "UserType":{ + "shape":"String", + "documentation":"Type of the user.
", + "locationName":"userType" + } + }, + "documentation":"Contains information about the access keys.
" + }, "AccessKeyDetails":{ "type":"structure", "members":{ @@ -1268,6 +1289,23 @@ }, "documentation":"Contains information about the access keys.
" }, + "Account":{ + "type":"structure", + "required":["Uid"], + "members":{ + "Uid":{ + "shape":"String", + "documentation":"ID of the member's Amazon Web Services account
", + "locationName":"uid" + }, + "Name":{ + "shape":"String", + "documentation":"Name of the member's Amazon Web Services account.
", + "locationName":"account" + } + }, + "documentation":"Contains information about the account.
" + }, "AccountDetail":{ "type":"structure", "required":[ @@ -1420,6 +1458,38 @@ }, "documentation":"Contains information about actions.
" }, + "Actor":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"String", + "documentation":"ID of the threat actor.
", + "locationName":"id" + }, + "User":{ + "shape":"User", + "documentation":"Contains information about the user credentials used by the threat actor.
", + "locationName":"user" + }, + "Session":{ + "shape":"Session", + "documentation":"Contains information about the user session where the activity initiated.
", + "locationName":"session" + } + }, + "documentation":"Information about the actors involved in an attack sequence.
" + }, + "ActorIds":{ + "type":"list", + "member":{"shape":"String"}, + "max":400 + }, + "Actors":{ + "type":"list", + "member":{"shape":"Actor"}, + "max":400 + }, "AddonDetails":{ "type":"structure", "members":{ @@ -1609,6 +1679,26 @@ "NONE" ] }, + "AutonomousSystem":{ + "type":"structure", + "required":[ + "Name", + "Number" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"Name associated with the Autonomous System (AS).
", + "locationName":"name" + }, + "Number":{ + "shape":"Integer", + "documentation":"The unique number that identifies the Autonomous System (AS).
", + "locationName":"number" + } + }, + "documentation":"Contains information about the Autonomous System (AS) associated with the network endpoints involved in an attack sequence.
" + }, "AwsApiCallAction":{ "type":"structure", "members":{ @@ -3287,6 +3377,11 @@ "shape":"Anomaly", "documentation":"The details about the anomalous activity that caused GuardDuty to generate the finding.
", "locationName":"anomaly" + }, + "Sequence":{ + "shape":"Sequence", + "documentation":"The details about the attack sequence.
", + "locationName":"sequence" } }, "documentation":"Contains information about the detected behavior.
" @@ -3641,6 +3736,93 @@ }, "documentation":"Describes the configuration of scanning EBS volumes as a data source.
" }, + "Ec2Instance":{ + "type":"structure", + "members":{ + "AvailabilityZone":{ + "shape":"String", + "documentation":"The availability zone of the Amazon EC2 instance. For more information, see Availability zones in the Amazon EC2 User Guide.
", + "locationName":"availabilityZone" + }, + "ImageDescription":{ + "shape":"String", + "documentation":"The image description of the Amazon EC2 instance.
", + "locationName":"imageDescription" + }, + "InstanceState":{ + "shape":"String", + "documentation":"The state of the Amazon EC2 instance. For more information, see Amazon EC2 instance state changes in the Amazon EC2 User Guide.
", + "locationName":"instanceState" + }, + "IamInstanceProfile":{"shape":"IamInstanceProfile"}, + "InstanceType":{ + "shape":"String", + "documentation":"Type of the Amazon EC2 instance.
", + "locationName":"instanceType" + }, + "OutpostArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. This shows applicable Amazon Web Services Outposts instances.
", + "locationName":"outpostArn" + }, + "Platform":{ + "shape":"String", + "documentation":"The platform of the Amazon EC2 instance.
", + "locationName":"platform" + }, + "ProductCodes":{ + "shape":"ProductCodes", + "documentation":"The product code of the Amazon EC2 instance.
", + "locationName":"productCodes" + }, + "Ec2NetworkInterfaceUids":{ + "shape":"Ec2NetworkInterfaceUids", + "documentation":"The ID of the network interface.
", + "locationName":"ec2NetworkInterfaceUids" + } + }, + "documentation":"Details about the potentially impacted Amazon EC2 instance resource.
" + }, + "Ec2NetworkInterface":{ + "type":"structure", + "members":{ + "Ipv6Addresses":{ + "shape":"Ipv6Addresses", + "documentation":"A list of IPv6 addresses for the Amazon EC2 instance.
", + "locationName":"ipv6Addresses" + }, + "PrivateIpAddresses":{ + "shape":"PrivateIpAddresses", + "documentation":"Other private IP address information of the Amazon EC2 instance.
", + "locationName":"privateIpAddresses" + }, + "PublicIp":{ + "shape":"String", + "documentation":"The public IP address of the Amazon EC2 instance.
", + "locationName":"publicIp" + }, + "SecurityGroups":{ + "shape":"SecurityGroups", + "documentation":"The security groups associated with the Amazon EC2 instance.
", + "locationName":"securityGroups" + }, + "SubNetId":{ + "shape":"String", + "documentation":"The subnet ID of the Amazon EC2 instance.
", + "locationName":"subNetId" + }, + "VpcId":{ + "shape":"String", + "documentation":"The VPC ID of the Amazon EC2 instance.
", + "locationName":"vpcId" + } + }, + "documentation":"Contains information about the elastic network interface of the Amazon EC2 instance.
" + }, + "Ec2NetworkInterfaceUids":{ + "type":"list", + "member":{"shape":"String"} + }, "EcsClusterDetails":{ "type":"structure", "members":{ @@ -3806,6 +3988,11 @@ "members":{ } }, + "EndpointIds":{ + "type":"list", + "member":{"shape":"String"}, + "max":400 + }, "Eq":{ "type":"list", "member":{"shape":"String"} @@ -4038,6 +4225,11 @@ "shape":"String", "documentation":"The time and date when the finding was last updated.
", "locationName":"updatedAt" + }, + "AssociatedAttackSequenceArn":{ + "shape":"String", + "documentation":"Amazon Resource Name (ARN) associated with the attack sequence finding.
", + "locationName":"associatedAttackSequenceArn" } }, "documentation":"Contains information about the finding that is generated when abnormal or suspicious activity is detected.
" @@ -4072,6 +4264,16 @@ "SIX_HOURS" ] }, + "FindingResourceType":{ + "type":"string", + "enum":[ + "EC2_INSTANCE", + "EC2_NETWORK_INTERFACE", + "S3_BUCKET", + "S3_OBJECT", + "ACCESS_KEY" + ] + }, "FindingStatisticType":{ "type":"string", "enum":["COUNT_BY_SEVERITY"] @@ -5017,6 +5219,64 @@ }, "documentation":"Contains information about the impersonated user.
" }, + "Indicator":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{ + "shape":"IndicatorType", + "documentation":"Specific indicator keys observed in the attack sequence.
", + "locationName":"key" + }, + "Values":{ + "shape":"IndicatorValues", + "documentation":"Values associated with each indicator key. For example, if the indicator key is SUSPICIOUS_NETWORK, then the value will be the name of the network. If the indicator key is ATTACK_TACTIC, then the value will be one of the MITRE tactics.
For more information about the values associated with the key, see GuardDuty Extended Threat Detection in the GuardDuty User Guide.
", + "locationName":"values" + }, + "Title":{ + "shape":"IndicatorTitle", + "documentation":"Title describing the indicator.
", + "locationName":"title" + } + }, + "documentation":"Contains information about the indicators that include a set of signals observed in an attack sequence.
" + }, + "IndicatorTitle":{ + "type":"string", + "max":256, + "min":1 + }, + "IndicatorType":{ + "type":"string", + "enum":[ + "SUSPICIOUS_USER_AGENT", + "SUSPICIOUS_NETWORK", + "MALICIOUS_IP", + "TOR_IP", + "ATTACK_TACTIC", + "HIGH_RISK_API", + "ATTACK_TECHNIQUE", + "UNUSUAL_API_FOR_ACCOUNT", + "UNUSUAL_ASN_FOR_ACCOUNT", + "UNUSUAL_ASN_FOR_USER" + ] + }, + "IndicatorValueString":{ + "type":"string", + "max":256, + "min":1 + }, + "IndicatorValues":{ + "type":"list", + "member":{"shape":"IndicatorValueString"}, + "max":400, + "min":1 + }, + "Indicators":{ + "type":"list", + "member":{"shape":"Indicator"}, + "max":400 + }, "InstanceArn":{ "type":"string", "pattern":"^arn:(aws|aws-cn|aws-us-gov):[a-z]+:[a-z]+(-[0-9]+|-[a-z]+)+:([0-9]{12}):[a-z\\-]+\\/[a-zA-Z0-9]*$" @@ -6543,6 +6803,13 @@ "type":"list", "member":{"shape":"String"} }, + "MfaStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "Name":{ "type":"string", "max":300, @@ -6552,6 +6819,18 @@ "type":"list", "member":{"shape":"String"} }, + "NetworkConnection":{ + "type":"structure", + "required":["Direction"], + "members":{ + "Direction":{ + "shape":"NetworkDirection", + "documentation":"The direction in which the network traffic is flowing.
", + "locationName":"direction" + } + }, + "documentation":"Contains information about the network connection.
" + }, "NetworkConnectionAction":{ "type":"structure", "members":{ @@ -6598,6 +6877,92 @@ }, "documentation":"Contains information about the NETWORK_CONNECTION action described in the finding.
" }, + "NetworkDirection":{ + "type":"string", + "enum":[ + "INBOUND", + "OUTBOUND" + ] + }, + "NetworkEndpoint":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"String", + "documentation":"The ID of the network endpoint.
", + "locationName":"id" + }, + "Ip":{ + "shape":"String", + "documentation":"The IP address associated with the network endpoint.
", + "locationName":"ip" + }, + "Domain":{ + "shape":"String", + "documentation":"The domain information for the network endpoint.
", + "locationName":"domain" + }, + "Port":{ + "shape":"Integer", + "documentation":"The port number associated with the network endpoint.
", + "locationName":"port" + }, + "Location":{ + "shape":"NetworkGeoLocation", + "documentation":"Information about the location of the network endpoint.
", + "locationName":"location" + }, + "AutonomousSystem":{ + "shape":"AutonomousSystem", + "documentation":"The Autonomous System (AS) of the network endpoint.
", + "locationName":"autonomousSystem" + }, + "Connection":{ + "shape":"NetworkConnection", + "documentation":"Information about the network connection.
", + "locationName":"connection" + } + }, + "documentation":"Contains information about network endpoints that were observed in the attack sequence.
" + }, + "NetworkEndpoints":{ + "type":"list", + "member":{"shape":"NetworkEndpoint"}, + "max":400 + }, + "NetworkGeoLocation":{ + "type":"structure", + "required":[ + "City", + "Country", + "Latitude", + "Longitude" + ], + "members":{ + "City":{ + "shape":"String", + "documentation":"The name of the city.
", + "locationName":"city" + }, + "Country":{ + "shape":"String", + "documentation":"The name of the country.
", + "locationName":"country" + }, + "Latitude":{ + "shape":"Double", + "documentation":"The latitude information of the endpoint location.
", + "locationName":"lat" + }, + "Longitude":{ + "shape":"Double", + "documentation":"The longitude information of the endpoint location.
", + "locationName":"lon" + } + }, + "documentation":"Contains information about network endpoint location.
" + }, "NetworkInterface":{ "type":"structure", "members":{ @@ -7318,6 +7683,53 @@ }, "documentation":"Describes the public access policies that apply to the S3 bucket.
" }, + "PublicAccessConfiguration":{ + "type":"structure", + "members":{ + "PublicAclAccess":{ + "shape":"PublicAccessStatus", + "documentation":"Indicates whether or not there is a setting that allows public access to the Amazon S3 buckets through access control lists (ACLs).
", + "locationName":"publicAclAccess" + }, + "PublicPolicyAccess":{ + "shape":"PublicAccessStatus", + "documentation":"Indicates whether or not there is a setting that allows public access to the Amazon S3 bucket policy.
", + "locationName":"publicPolicyAccess" + }, + "PublicAclIgnoreBehavior":{ + "shape":"PublicAclIgnoreBehavior", + "documentation":"Indicates whether or not there is a setting that ignores all public access control lists (ACLs) on the Amazon S3 bucket and the objects that it contains.
", + "locationName":"publicAclIgnoreBehavior" + }, + "PublicBucketRestrictBehavior":{ + "shape":"PublicBucketRestrictBehavior", + "documentation":"Indicates whether or not there is a setting that restricts access to the bucket with specified policies.
", + "locationName":"publicBucketRestrictBehavior" + } + }, + "documentation":"Describes public access policies that apply to the Amazon S3 bucket.
For information about each of the following settings, see Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.
" + }, + "PublicAccessStatus":{ + "type":"string", + "enum":[ + "BLOCKED", + "ALLOWED" + ] + }, + "PublicAclIgnoreBehavior":{ + "type":"string", + "enum":[ + "IGNORED", + "NOT_IGNORED" + ] + }, + "PublicBucketRestrictBehavior":{ + "type":"string", + "enum":[ + "RESTRICTED", + "NOT_RESTRICTED" + ] + }, "PublishingStatus":{ "type":"string", "enum":[ @@ -7431,7 +7843,7 @@ }, "Tags":{ "shape":"Tags", - "documentation":"Information about the tag-key value pair.
", + "documentation":"Information about the tag key-value pair.
", "locationName":"tags" } }, @@ -7593,6 +8005,37 @@ "type":"string", "pattern":"^arn:[A-Za-z-]+:[A-Za-z0-9]+:[A-Za-z0-9-]+:\\d+:(([A-Za-z0-9-]+)[:\\/])?[A-Za-z0-9-]*$" }, + "ResourceData":{ + "type":"structure", + "members":{ + "S3Bucket":{ + "shape":"S3Bucket", + "documentation":"Contains information about the Amazon S3 bucket.
", + "locationName":"s3Bucket" + }, + "Ec2Instance":{ + "shape":"Ec2Instance", + "documentation":"Contains information about the Amazon EC2 instance.
", + "locationName":"ec2Instance" + }, + "AccessKey":{ + "shape":"AccessKey", + "documentation":"Contains information about the IAM access key details of a user that involved in the GuardDuty finding.
", + "locationName":"accessKey" + }, + "Ec2NetworkInterface":{ + "shape":"Ec2NetworkInterface", + "documentation":"Contains information about the elastic network interface of the Amazon EC2 instance.
", + "locationName":"ec2NetworkInterface" + }, + "S3Object":{ + "shape":"S3Object", + "documentation":"Contains information about the Amazon S3 object.
", + "locationName":"s3Object" + } + }, + "documentation":"Contains information about the Amazon Web Services resource that is associated with the activity that prompted GuardDuty to generate a finding.
" + }, "ResourceDetails":{ "type":"structure", "members":{ @@ -7665,6 +8108,71 @@ "EC2" ] }, + "ResourceUids":{ + "type":"list", + "member":{"shape":"String"}, + "max":400 + }, + "ResourceV2":{ + "type":"structure", + "required":[ + "Uid", + "ResourceType" + ], + "members":{ + "Uid":{ + "shape":"String", + "documentation":"The unique identifier of the resource.
", + "locationName":"uid" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the resource.
", + "locationName":"name" + }, + "AccountId":{ + "shape":"String", + "documentation":"The Amazon Web Services account ID to which the resource belongs.
", + "locationName":"accountId" + }, + "ResourceType":{ + "shape":"FindingResourceType", + "documentation":"The type of the Amazon Web Services resource.
", + "locationName":"resourceType" + }, + "Region":{ + "shape":"String", + "documentation":"The Amazon Web Services Region where the resource belongs.
", + "locationName":"region" + }, + "Service":{ + "shape":"String", + "documentation":"The Amazon Web Services service of the resource.
", + "locationName":"service" + }, + "CloudPartition":{ + "shape":"String", + "documentation":"The cloud partition within the Amazon Web Services Region to which the resource belongs.
", + "locationName":"cloudPartition" + }, + "Tags":{ + "shape":"Tags", + "documentation":"Contains information about the tags associated with the resource.
", + "locationName":"tags" + }, + "Data":{ + "shape":"ResourceData", + "documentation":"Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.
", + "locationName":"data" + } + }, + "documentation":"Contains information about the Amazon Web Services resource that is associated with the GuardDuty finding.
" + }, + "Resources":{ + "type":"list", + "member":{"shape":"ResourceV2"}, + "max":400 + }, "RuntimeContext":{ "type":"structure", "members":{ @@ -7812,6 +8320,62 @@ }, "documentation":"Information about the process and any required context values for a specific finding.
" }, + "S3Bucket":{ + "type":"structure", + "members":{ + "OwnerId":{ + "shape":"String", + "documentation":"The owner ID of the associated S3Amazon S3bucket.
", + "locationName":"ownerId" + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"The timestamp at which the Amazon S3 bucket was created.
", + "locationName":"createdAt" + }, + "EncryptionType":{ + "shape":"String", + "documentation":"The type of encryption used for the Amazon S3 buckets and its objects. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
", + "locationName":"encryptionType" + }, + "EncryptionKeyArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the encryption key that is used to encrypt the Amazon S3 bucket and its objects.
", + "locationName":"encryptionKeyArn" + }, + "EffectivePermission":{ + "shape":"String", + "documentation":"Describes the effective permissions on this S3 bucket, after factoring all the attached policies.
", + "locationName":"effectivePermission" + }, + "PublicReadAccess":{ + "shape":"PublicAccessStatus", + "documentation":"Indicates whether or not the public read access is allowed for an Amazon S3 bucket.
", + "locationName":"publicReadAccess" + }, + "PublicWriteAccess":{ + "shape":"PublicAccessStatus", + "documentation":"Indicates whether or not the public write access is allowed for an Amazon S3 bucket.
", + "locationName":"publicWriteAccess" + }, + "AccountPublicAccess":{ + "shape":"PublicAccessConfiguration", + "documentation":"Contains information about the public access policies that apply to the Amazon S3 bucket at the account level.
", + "locationName":"accountPublicAccess" + }, + "BucketPublicAccess":{ + "shape":"PublicAccessConfiguration", + "documentation":"Contains information about public access policies that apply to the Amazon S3 bucket.
", + "locationName":"bucketPublicAccess" + }, + "S3ObjectUids":{ + "shape":"S3ObjectUids", + "documentation":"Represents a list of Amazon S3 object identifiers.
", + "locationName":"s3ObjectUids" + } + }, + "documentation":"Contains information about the Amazon S3 bucket policies and encryption.
" + }, "S3BucketDetail":{ "type":"structure", "members":{ @@ -7891,6 +8455,27 @@ }, "documentation":"Describes whether S3 data event logs will be enabled as a data source.
" }, + "S3Object":{ + "type":"structure", + "members":{ + "ETag":{ + "shape":"String", + "documentation":"The entity tag is a hash of the Amazon S3 object. The ETag reflects changes only to the contents of an object, and not its metadata.
", + "locationName":"eTag" + }, + "Key":{ + "shape":"String", + "documentation":"The key of the Amazon S3 object.
", + "locationName":"key" + }, + "VersionId":{ + "shape":"String", + "documentation":"The version Id of the Amazon S3 object.
", + "locationName":"versionId" + } + }, + "documentation":"Contains information about the Amazon S3 object.
" + }, "S3ObjectDetail":{ "type":"structure", "members":{ @@ -7926,6 +8511,10 @@ "type":"list", "member":{"shape":"S3ObjectDetail"} }, + "S3ObjectUids":{ + "type":"list", + "member":{"shape":"String"} + }, "Scan":{ "type":"structure", "members":{ @@ -8266,6 +8855,56 @@ "type":"string", "sensitive":true }, + "Sequence":{ + "type":"structure", + "required":[ + "Uid", + "Description", + "Signals" + ], + "members":{ + "Uid":{ + "shape":"String", + "documentation":"Unique identifier of the attack sequence.
", + "locationName":"uid" + }, + "Description":{ + "shape":"SequenceDescription", + "documentation":"Description of the attack sequence.
", + "locationName":"description" + }, + "Actors":{ + "shape":"Actors", + "documentation":"Contains information about the actors involved in the attack sequence.
", + "locationName":"actors" + }, + "Resources":{ + "shape":"Resources", + "documentation":"Contains information about the resources involved in the attack sequence.
", + "locationName":"resources" + }, + "Endpoints":{ + "shape":"NetworkEndpoints", + "documentation":"Contains information about the network endpoints that were used in the attack sequence.
", + "locationName":"endpoints" + }, + "Signals":{ + "shape":"Signals", + "documentation":"Contains information about the signals involved in the attack sequence.
", + "locationName":"signals" + }, + "SequenceIndicators":{ + "shape":"Indicators", + "documentation":"Contains information about the indicators observed in the attack sequence.
", + "locationName":"sequenceIndicators" + } + }, + "documentation":"Contains information about the GuardDuty attack sequence finding.
" + }, + "SequenceDescription":{ + "type":"string", + "max":4096 + }, "Service":{ "type":"structure", "members":{ @@ -8368,6 +9007,32 @@ }, "documentation":"Additional information about the generated finding.
" }, + "Session":{ + "type":"structure", + "members":{ + "Uid":{ + "shape":"String", + "documentation":"The unique identifier of the session.
", + "locationName":"uid" + }, + "MfaStatus":{ + "shape":"MfaStatus", + "documentation":"Indicates whether or not multi-factor authencation (MFA) was used during authentication.
In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.
The timestamp for when the session was created.
In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.attributes.creationDate.
Identifier of the session issuer.
In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.sessionIssuer.arn.
Contains information about the authenticated session.
" + }, "SessionNameList":{ "type":"list", "member":{"shape":"String"} @@ -8393,6 +9058,110 @@ }, "documentation":"Information about severity level for each finding type.
" }, + "Signal":{ + "type":"structure", + "required":[ + "Uid", + "Type", + "Name", + "CreatedAt", + "UpdatedAt", + "FirstSeenAt", + "LastSeenAt", + "Count" + ], + "members":{ + "Uid":{ + "shape":"String", + "documentation":"The unique identifier of the signal.
", + "locationName":"uid" + }, + "Type":{ + "shape":"SignalType", + "documentation":"The type of the signal used to identify an attack sequence.
Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For more information, see Foundational data sources in the GuardDuty User Guide.
A signal type can be one of the valid values listed in this API. Here are the related descriptions:
FINDING - Individually generated GuardDuty finding.
CLOUD_TRAIL - Activity observed from CloudTrail logs
S3_DATA_EVENTS - Activity observed from CloudTrail data events for S3. Activities associated with this type will show up only when you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and steps to enable it, see S3 Protection in the GuardDuty User Guide.
The description of the signal.
", + "locationName":"description" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the signal. For example, when signal type is FINDING, the signal name is the name of the finding.
The timestamp when the first finding or activity related to this signal was observed.
", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"The timestamp when this signal was last observed.
", + "locationName":"updatedAt" + }, + "FirstSeenAt":{ + "shape":"Timestamp", + "documentation":"The timestamp when the first finding or activity related to this signal was observed.
", + "locationName":"firstSeenAt" + }, + "LastSeenAt":{ + "shape":"Timestamp", + "documentation":"The timestamp when the last finding or activity related to this signal was observed.
", + "locationName":"lastSeenAt" + }, + "Severity":{ + "shape":"Double", + "documentation":"The severity associated with the signal. For more information about severity, see Findings severity levels in the GuardDuty User Guide.
", + "locationName":"severity" + }, + "Count":{ + "shape":"Integer", + "documentation":"The number of times this signal was observed.
", + "locationName":"count" + }, + "ResourceUids":{ + "shape":"ResourceUids", + "documentation":"Information about the unique identifiers of the resources involved in the signal.
", + "locationName":"resourceUids" + }, + "ActorIds":{ + "shape":"ActorIds", + "documentation":"Information about the IDs of the threat actors involved in the signal.
", + "locationName":"actorIds" + }, + "EndpointIds":{ + "shape":"EndpointIds", + "documentation":"Information about the endpoint IDs associated with this signal.
", + "locationName":"endpointIds" + }, + "SignalIndicators":{ + "shape":"Indicators", + "documentation":"Contains information about the indicators associated with the signals.
", + "locationName":"signalIndicators" + } + }, + "documentation":"Contains information about the signals involved in the attack sequence.
" + }, + "SignalDescription":{ + "type":"string", + "max":2000 + }, + "SignalType":{ + "type":"string", + "enum":[ + "FINDING", + "CLOUD_TRAIL", + "S3_DATA_EVENTS" + ] + }, + "Signals":{ + "type":"list", + "member":{"shape":"Signal"}, + "max":100, + "min":2 + }, "SortCriteria":{ "type":"structure", "members":{ @@ -9432,6 +10201,42 @@ "type":"list", "member":{"shape":"UsageTopAccountsResult"} }, + "User":{ + "type":"structure", + "required":[ + "Name", + "Uid", + "Type" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the user.
", + "locationName":"name" + }, + "Uid":{ + "shape":"String", + "documentation":"The unique identifier of the user.
", + "locationName":"uid" + }, + "Type":{ + "shape":"String", + "documentation":"The type of the user.
", + "locationName":"type" + }, + "CredentialUid":{ + "shape":"String", + "documentation":"The credentials of the user ID.
", + "locationName":"credentialUid" + }, + "Account":{ + "shape":"Account", + "documentation":"Contains information about the Amazon Web Services account.
", + "locationName":"account" + } + }, + "documentation":"Contains information about the user involved in the attack sequence.
" + }, "Volume":{ "type":"structure", "members":{ From 0968fc6660822a0619d68c079fb407f6c7cc8613 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:20 +0000 Subject: [PATCH 24/35] Amazon CloudWatch Logs Update: Adds PutIntegration, GetIntegration, ListIntegrations and DeleteIntegration APIs. Adds QueryLanguage support to StartQuery, GetQueryResults, DescribeQueries, DescribeQueryDefinitions, and PutQueryDefinition APIs. --- .../feature-AmazonCloudWatchLogs-dd286dc.json | 6 + .../codegen-resources/service-2.json | 551 +++++++++++++++++- 2 files changed, 552 insertions(+), 5 deletions(-) create mode 100644 .changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json diff --git a/.changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json b/.changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json new file mode 100644 index 00000000000..65a06e6052d --- /dev/null +++ b/.changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon CloudWatch Logs", + "contributor": "", + "description": "Adds PutIntegration, GetIntegration, ListIntegrations and DeleteIntegration APIs. Adds QueryLanguage support to StartQuery, GetQueryResults, DescribeQueries, DescribeQueryDefinitions, and PutQueryDefinition APIs." +} diff --git a/services/cloudwatchlogs/src/main/resources/codegen-resources/service-2.json b/services/cloudwatchlogs/src/main/resources/codegen-resources/service-2.json index 7e7a364a07f..6da54712c8d 100644 --- a/services/cloudwatchlogs/src/main/resources/codegen-resources/service-2.json +++ b/services/cloudwatchlogs/src/main/resources/codegen-resources/service-2.json @@ -257,6 +257,22 @@ ], "documentation":"Deletes a log-group level field index policy that was applied to a single log group. The indexing of the log events that happened before you delete the policy will still be used for as many as 30 days to improve CloudWatch Logs Insights queries.
You can't use this operation to delete an account-level index policy. Instead, use DeletAccountPolicy.
If you delete a log-group level field index policy and there is an account-level field index policy, in a few minutes the log group begins using that account-wide policy to index new incoming log events.
" }, + "DeleteIntegration":{ + "name":"DeleteIntegration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteIntegrationRequest"}, + "output":{"shape":"DeleteIntegrationResponse"}, + "errors":[ + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"} + ], + "documentation":"Deletes the integration between CloudWatch Logs and OpenSearch Service. If your integration has active vended logs dashboards, you must specify true for the force parameter, otherwise the operation will fail. If you delete the integration by setting force to true, all your vended logs dashboards powered by OpenSearch Service will be deleted and the data that was on them will no longer be accessible.
Retrieves complete information about one delivery source.
" }, + "GetIntegration":{ + "name":"GetIntegration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIntegrationRequest"}, + "output":{"shape":"GetIntegrationResponse"}, + "errors":[ + {"shape":"InvalidParameterException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Returns information about one integration between CloudWatch Logs and OpenSearch Service.
" + }, "GetLogAnomalyDetector":{ "name":"GetLogAnomalyDetector", "http":{ @@ -858,6 +889,20 @@ ], "documentation":"Returns a list of anomalies that log anomaly detectors have found. For details about the structure format of each anomaly object that is returned, see the example in this section.
" }, + "ListIntegrations":{ + "name":"ListIntegrations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListIntegrationsRequest"}, + "output":{"shape":"ListIntegrationsResponse"}, + "errors":[ + {"shape":"InvalidParameterException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Returns a list of integrations between CloudWatch Logs and other services in this account. Currently, only one integration can be created in an account, and this integration must be with OpenSearch Service.
" + }, "ListLogAnomalyDetectors":{ "name":"ListLogAnomalyDetectors", "http":{ @@ -1052,6 +1097,22 @@ ], "documentation":"Creates or updates a field index policy for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see Log classes.
You can use field index policies to create field indexes on fields found in log events in the log group. Creating field indexes speeds up and lowers the costs for CloudWatch Logs Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, userID, and instance IDs. For more information, see Create field indexes to improve query performance and reduce costs.
To find the fields that are in your log group events, use the GetLogGroupFields operation.
For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId IN [value, value, ...] will process fewer log events to reduce costs, and have improved performance.
Each index policy has the following quotas and restrictions:
As many as 20 fields can be included in the policy.
Each field name can include as many as 100 characters.
Matches of log events to the names of indexed fields are case-sensitive. For example, a field index of RequestId won't match a log event containing requestId.
Log group-level field index policies created with PutIndexPolicy override account-level field index policies created with PutAccountPolicy. If you use PutIndexPolicy to create a field index policy for a log group, that log group uses only that policy. The log group ignores any account-wide field index policy that you might have created.
Creates an integration between CloudWatch Logs and another service in this account. Currently, only integrations with OpenSearch Service are supported, and currently you can have only one integration in your account.
Integrating with OpenSearch Service makes it possible for you to create curated vended logs dashboards, powered by OpenSearch Service analytics. For more information, see Vended log dashboards powered by Amazon OpenSearch Service.
You can use this operation only to create a new integration. You can't modify an existing integration.
" + }, "PutLogEvents":{ "name":"PutLogEvents", "http":{ @@ -1709,6 +1770,11 @@ "min":36, "pattern":"\\S{36,128}" }, + "CollectionRetentionDays":{ + "type":"integer", + "max":30, + "min":1 + }, "Column":{ "type":"string", "max":128, @@ -2006,6 +2072,10 @@ } } }, + "DashboardViewerPrincipals":{ + "type":"list", + "member":{"shape":"Arn"} + }, "DataAlreadyAcceptedException":{ "type":"structure", "members":{ @@ -2160,6 +2230,25 @@ "members":{ } }, + "DeleteIntegrationRequest":{ + "type":"structure", + "required":["integrationName"], + "members":{ + "integrationName":{ + "shape":"IntegrationName", + "documentation":"The name of the integration to delete. To find the name of your integration, use ListIntegrations.
" + }, + "force":{ + "shape":"Force", + "documentation":"Specify true to force the deletion of the integration even if vended logs dashboards currently exist.
The default is false.
Limits the number of returned queries to the specified number.
" }, - "nextToken":{"shape":"NextToken"} + "nextToken":{"shape":"NextToken"}, + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"Limits the returned queries to only the queries that use the specified query language.
" + } } }, "DescribeQueriesResponse":{ @@ -2878,6 +2971,10 @@ "DescribeQueryDefinitionsRequest":{ "type":"structure", "members":{ + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"The query language used for this query. For more information about the query languages that CloudWatch Logs supports, see Supported query languages.
" + }, "queryDefinitionNamePrefix":{ "shape":"QueryDefinitionName", "documentation":"Use this parameter to filter your results to only the query definitions that have names that start with the prefix you specify.
" @@ -3411,6 +3508,7 @@ "last" ] }, + "Force":{"type":"boolean"}, "ForceUpdate":{"type":"boolean"}, "FromKey":{ "type":"string", @@ -3520,6 +3618,37 @@ } } }, + "GetIntegrationRequest":{ + "type":"structure", + "required":["integrationName"], + "members":{ + "integrationName":{ + "shape":"IntegrationName", + "documentation":"The name of the integration that you want to find information about. To find the name of your integration, use ListIntegrations
" + } + } + }, + "GetIntegrationResponse":{ + "type":"structure", + "members":{ + "integrationName":{ + "shape":"IntegrationName", + "documentation":"The name of the integration.
" + }, + "integrationType":{ + "shape":"IntegrationType", + "documentation":"The type of integration. Integrations with OpenSearch Service have the type OPENSEARCH.
The current status of this integration.
" + }, + "integrationDetails":{ + "shape":"IntegrationDetails", + "documentation":"A structure that contains information about the integration configuration. For an integration with OpenSearch Service, this includes information about OpenSearch Service resources such as the collection, the workspace, and policies.
" + } + } + }, "GetLogAnomalyDetectorRequest":{ "type":"structure", "required":["anomalyDetectorArn"], @@ -3689,6 +3818,10 @@ "GetQueryResultsResponse":{ "type":"structure", "members":{ + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"The query language used for this query. For more information about the query languages that CloudWatch Logs supports, see Supported query languages.
" + }, "results":{ "shape":"QueryResults", "documentation":"The log events that matched the query criteria during the most recent time it ran.
The results value is an array of arrays. Each log event is one object in the top-level array. Each of these log event objects is an array of field/value pairs.
This structure contains complete information about one integration between CloudWatch Logs and OpenSearch Service.
" + } + }, + "documentation":"This structure contains information about the integration configuration. For an integration with OpenSearch Service, this includes information about OpenSearch Service resources such as the collection, the workspace, and policies.
This structure is returned by a GetIntegration operation.
", + "union":true + }, + "IntegrationName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\.\\-_/#A-Za-z0-9]+" + }, + "IntegrationNamePrefix":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\.\\-_/#A-Za-z0-9]+" + }, + "IntegrationStatus":{ + "type":"string", + "enum":[ + "PROVISIONING", + "ACTIVE", + "FAILED" + ] + }, + "IntegrationStatusMessage":{ + "type":"string", + "min":1 + }, + "IntegrationSummaries":{ + "type":"list", + "member":{"shape":"IntegrationSummary"} + }, + "IntegrationSummary":{ + "type":"structure", + "members":{ + "integrationName":{ + "shape":"IntegrationName", + "documentation":"The name of this integration.
" + }, + "integrationType":{ + "shape":"IntegrationType", + "documentation":"The type of integration. Integrations with OpenSearch Service have the type OPENSEARCH.
The current status of this integration.
" + } + }, + "documentation":"This structure contains information about one CloudWatch Logs integration. This structure is returned by a ListIntegrations operation.
" + }, + "IntegrationType":{ + "type":"string", + "enum":["OPENSEARCH"] + }, "Interleaved":{"type":"boolean"}, "InvalidOperationException":{ "type":"structure", @@ -3927,6 +4121,32 @@ "nextToken":{"shape":"NextToken"} } }, + "ListIntegrationsRequest":{ + "type":"structure", + "members":{ + "integrationNamePrefix":{ + "shape":"IntegrationNamePrefix", + "documentation":"To limit the results to integrations that start with a certain name prefix, specify that name prefix here.
" + }, + "integrationType":{ + "shape":"IntegrationType", + "documentation":"To limit the results to integrations of a certain type, specify that type here.
" + }, + "integrationStatus":{ + "shape":"IntegrationStatus", + "documentation":"To limit the results to integrations with a certain status, specify that status here.
" + } + } + }, + "ListIntegrationsResponse":{ + "type":"structure", + "members":{ + "integrationSummaries":{ + "shape":"IntegrationSummaries", + "documentation":"An array, where each object in the array contains information about one CloudWatch Logs integration in this account.
" + } + } + }, "ListLogAnomalyDetectorsLimit":{ "type":"integer", "max":50, @@ -4547,6 +4767,257 @@ "max":128, "min":1 }, + "OpenSearchApplication":{ + "type":"structure", + "members":{ + "applicationEndpoint":{ + "shape":"OpenSearchApplicationEndpoint", + "documentation":"The endpoint of the application.
" + }, + "applicationArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the application.
" + }, + "applicationId":{ + "shape":"OpenSearchApplicationId", + "documentation":"The ID of the application.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of this OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service application used for this integration. An OpenSearch Service application is the web application created by the integration with CloudWatch Logs. It hosts the vended logs dashboards.
" + }, + "OpenSearchApplicationEndpoint":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^https://[\\.\\-_/#:A-Za-z0-9]+\\.com$" + }, + "OpenSearchApplicationId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\.\\-_/#A-Za-z0-9]+" + }, + "OpenSearchCollection":{ + "type":"structure", + "members":{ + "collectionEndpoint":{ + "shape":"OpenSearchCollectionEndpoint", + "documentation":"The endpoint of the collection.
" + }, + "collectionArn":{ + "shape":"Arn", + "documentation":"The ARN of the collection.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of this OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service collection used for this integration. An OpenSearch Service collection is a logical grouping of one or more indexes that represent an analytics workload. For more information, see Creating and managing OpenSearch Service Serverless collections.
" + }, + "OpenSearchCollectionEndpoint":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^https://[\\.\\-_/#:A-Za-z0-9]+\\.com$" + }, + "OpenSearchDataAccessPolicy":{ + "type":"structure", + "members":{ + "policyName":{ + "shape":"OpenSearchPolicyName", + "documentation":"The name of the data access policy.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of this OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service data access policy used for this integration. The access policy defines the access controls for the collection. This data access policy was automatically created as part of the integration setup. For more information about OpenSearch Service data access policies, see Data access control for Amazon OpenSearch Serverless in the OpenSearch Service Developer Guide.
" + }, + "OpenSearchDataSource":{ + "type":"structure", + "members":{ + "dataSourceName":{ + "shape":"OpenSearchDataSourceName", + "documentation":"The name of the OpenSearch Service data source.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of this OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service data source used for this integration. This data source was created as part of the integration setup. An OpenSearch Service data source defines the source and destination for OpenSearch Service queries. It includes the role required to execute queries and write to collections.
For more information about OpenSearch Service data sources , see Creating OpenSearch Service data source integrations with Amazon S3.
" + }, + "OpenSearchDataSourceName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\.\\-_/#A-Za-z0-9]+" + }, + "OpenSearchEncryptionPolicy":{ + "type":"structure", + "members":{ + "policyName":{ + "shape":"OpenSearchPolicyName", + "documentation":"The name of the encryption policy.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of this OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service encryption policy used for this integration. The encryption policy was created automatically when you created the integration. For more information, see Encryption policies in the OpenSearch Service Developer Guide.
" + }, + "OpenSearchIntegrationDetails":{ + "type":"structure", + "members":{ + "dataSource":{ + "shape":"OpenSearchDataSource", + "documentation":"This structure contains information about the OpenSearch Service data source used for this integration. This data source was created as part of the integration setup. An OpenSearch Service data source defines the source and destination for OpenSearch Service queries. It includes the role required to execute queries and write to collections.
For more information about OpenSearch Service data sources , see Creating OpenSearch Service data source integrations with Amazon S3.
" + }, + "application":{ + "shape":"OpenSearchApplication", + "documentation":"This structure contains information about the OpenSearch Service application used for this integration. An OpenSearch Service application is the web application that was created by the integration with CloudWatch Logs. It hosts the vended logs dashboards.
" + }, + "collection":{ + "shape":"OpenSearchCollection", + "documentation":"This structure contains information about the OpenSearch Service collection used for this integration. This collection was created as part of the integration setup. An OpenSearch Service collection is a logical grouping of one or more indexes that represent an analytics workload. For more information, see Creating and managing OpenSearch Service Serverless collections.
" + }, + "workspace":{ + "shape":"OpenSearchWorkspace", + "documentation":"This structure contains information about the OpenSearch Service workspace used for this integration. An OpenSearch Service workspace is the collection of dashboards along with other OpenSearch Service tools. This workspace was created automatically as part of the integration setup. For more information, see Centralized OpenSearch user interface (Dashboards) with OpenSearch Service.
" + }, + "encryptionPolicy":{ + "shape":"OpenSearchEncryptionPolicy", + "documentation":"This structure contains information about the OpenSearch Service encryption policy used for this integration. The encryption policy was created automatically when you created the integration. For more information, see Encryption policies in the OpenSearch Service Developer Guide.
" + }, + "networkPolicy":{ + "shape":"OpenSearchNetworkPolicy", + "documentation":"This structure contains information about the OpenSearch Service network policy used for this integration. The network policy assigns network access settings to collections. For more information, see Network policies in the OpenSearch Service Developer Guide.
" + }, + "accessPolicy":{ + "shape":"OpenSearchDataAccessPolicy", + "documentation":"This structure contains information about the OpenSearch Service data access policy used for this integration. The access policy defines the access controls for the collection. This data access policy was automatically created as part of the integration setup. For more information about OpenSearch Service data access policies, see Data access control for Amazon OpenSearch Serverless in the OpenSearch Service Developer Guide.
" + }, + "lifecyclePolicy":{ + "shape":"OpenSearchLifecyclePolicy", + "documentation":"This structure contains information about the OpenSearch Service data lifecycle policy used for this integration. The lifecycle policy determines the lifespan of the data in the collection. It was automatically created as part of the integration setup.
For more information, see Using data lifecycle policies with OpenSearch Service Serverless in the OpenSearch Service Developer Guide.
" + } + }, + "documentation":"This structure contains complete information about one CloudWatch Logs integration. This structure is returned by a GetIntegration operation.
" + }, + "OpenSearchLifecyclePolicy":{ + "type":"structure", + "members":{ + "policyName":{ + "shape":"OpenSearchPolicyName", + "documentation":"The name of the lifecycle policy.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of this OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service data lifecycle policy used for this integration. The lifecycle policy determines the lifespan of the data in the collection. It was automatically created as part of the integration setup.
For more information, see Using data lifecycle policies with OpenSearch Service Serverless in the OpenSearch Service Developer Guide.
" + }, + "OpenSearchNetworkPolicy":{ + "type":"structure", + "members":{ + "policyName":{ + "shape":"OpenSearchPolicyName", + "documentation":"The name of the network policy.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of this OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service network policy used for this integration. The network policy assigns network access settings to collections. For more information, see Network policies in the OpenSearch Service Developer Guide.
" + }, + "OpenSearchPolicyName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\.\\-_/#A-Za-z0-9]+" + }, + "OpenSearchResourceConfig":{ + "type":"structure", + "required":[ + "dataSourceRoleArn", + "dashboardViewerPrincipals", + "retentionDays" + ], + "members":{ + "kmsKeyArn":{ + "shape":"Arn", + "documentation":"To have the vended dashboard data encrypted with KMS instead of the CloudWatch Logs default encryption method, specify the ARN of the KMS key that you want to use.
" + }, + "dataSourceRoleArn":{ + "shape":"Arn", + "documentation":"Specify the ARN of an IAM role that CloudWatch Logs will use to create the integration. This role must have the permissions necessary to access the OpenSearch Service collection to be able to create the dashboards. For more information about the permissions needed, see Create an IAM role to access the OpenSearch Service collection in the CloudWatch Logs User Guide.
" + }, + "dashboardViewerPrincipals":{ + "shape":"DashboardViewerPrincipals", + "documentation":"Specify the ARNs of IAM roles and IAM users who you want to grant permission to for viewing the dashboards.
In addition to specifying these users here, you must also grant them the CloudWatchOpenSearchDashboardsAccess IAM policy. For more information, see
If you want to use an existing OpenSearch Service application for your integration with OpenSearch Service, specify it here. If you omit this, a new application will be created.
" + }, + "retentionDays":{ + "shape":"CollectionRetentionDays", + "documentation":"Specify how many days that you want the data derived by OpenSearch Service to be retained in the index that the dashboard refers to. This also sets the maximum time period that you can choose when viewing data in the dashboard. Choosing a longer time frame will incur additional costs.
" + } + }, + "documentation":"This structure contains configuration details about an integration between CloudWatch Logs and OpenSearch Service.
" + }, + "OpenSearchResourceStatus":{ + "type":"structure", + "members":{ + "status":{ + "shape":"OpenSearchResourceStatusType", + "documentation":"The current status of this resource.
" + }, + "statusMessage":{ + "shape":"IntegrationStatusMessage", + "documentation":"A message with additional information about the status of this resource.
" + } + }, + "documentation":"This structure contains information about the status of an OpenSearch Service resource.
" + }, + "OpenSearchResourceStatusType":{ + "type":"string", + "enum":[ + "ACTIVE", + "NOT_FOUND", + "ERROR" + ] + }, + "OpenSearchWorkspace":{ + "type":"structure", + "members":{ + "workspaceId":{ + "shape":"OpenSearchWorkspaceId", + "documentation":"The ID of this workspace.
" + }, + "status":{ + "shape":"OpenSearchResourceStatus", + "documentation":"This structure contains information about the status of an OpenSearch Service resource.
" + } + }, + "documentation":"This structure contains information about the OpenSearch Service workspace used for this integration. An OpenSearch Service workspace is the collection of dashboards along with other OpenSearch Service tools. This workspace was created automatically as part of the integration setup. For more information, see Centralized OpenSearch user interface (Dashboards) with OpenSearch Service.
" + }, + "OpenSearchWorkspaceId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\.\\-_/#A-Za-z0-9]+" + }, "OperationAbortedException":{ "type":"structure", "members":{ @@ -5128,6 +5599,41 @@ } } }, + "PutIntegrationRequest":{ + "type":"structure", + "required":[ + "integrationName", + "resourceConfig", + "integrationType" + ], + "members":{ + "integrationName":{ + "shape":"IntegrationName", + "documentation":"A name for the integration.
" + }, + "resourceConfig":{ + "shape":"ResourceConfig", + "documentation":"A structure that contains configuration information for the integration that you are creating.
" + }, + "integrationType":{ + "shape":"IntegrationType", + "documentation":"The type of integration. Currently, the only supported type is OPENSEARCH.
The name of the integration that you just created.
" + }, + "integrationStatus":{ + "shape":"IntegrationStatus", + "documentation":"The status of the integration that you just created.
After you create an integration, it takes a few minutes to complete. During this time, you'll see the status as PROVISIONING.
Specify the query language to use for this query. The options are Logs Insights QL, OpenSearch PPL, and OpenSearch SQL. For more information about the query languages that CloudWatch Logs supports, see Supported query languages.
" + }, "name":{ "shape":"QueryDefinitionName", "documentation":"A name for the query definition. If you are saving numerous query definitions, we recommend that you name them. This way, you can find the ones you want by using the first part of the name as a filter in the queryDefinitionNamePrefix parameter of DescribeQueryDefinitions.
Use this parameter to include specific log groups as part of your query definition.
If you are updating a query definition and you omit this parameter, then the updated definition will contain no log groups.
" + "documentation":"Use this parameter to include specific log groups as part of your query definition. If your query uses the OpenSearch Service query language, you specify the log group names inside the querystring instead of here.
If you are updating an existing query definition for the Logs Insights QL or OpenSearch Service PPL and you omit this parameter, then the updated definition will contain no log groups.
" }, "queryString":{ "shape":"QueryDefinitionString", @@ -5369,6 +5879,10 @@ "QueryDefinition":{ "type":"structure", "members":{ + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"The query language used for this query. For more information about the query languages that CloudWatch Logs supports, see Supported query languages.
" + }, "queryDefinitionId":{ "shape":"QueryId", "documentation":"The unique ID of the query definition.
" @@ -5414,6 +5928,10 @@ "QueryInfo":{ "type":"structure", "members":{ + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"The query language used for this query. For more information about the query languages that CloudWatch Logs supports, see Supported query languages.
" + }, "queryId":{ "shape":"QueryId", "documentation":"The unique ID number of this query.
" @@ -5441,6 +5959,14 @@ "type":"list", "member":{"shape":"QueryInfo"} }, + "QueryLanguage":{ + "type":"string", + "enum":[ + "CWLI", + "SQL", + "PPL" + ] + }, "QueryListMaxResults":{ "type":"integer", "max":1000, @@ -5611,6 +6137,17 @@ "type":"list", "member":{"shape":"Arn"} }, + "ResourceConfig":{ + "type":"structure", + "members":{ + "openSearchResourceConfig":{ + "shape":"OpenSearchResourceConfig", + "documentation":"This structure contains configuration details about an integration between CloudWatch Logs and OpenSearch Service.
" + } + }, + "documentation":"This structure contains configuration details about an integration between CloudWatch Logs and another entity.
", + "union":true + }, "ResourceIdentifier":{ "type":"string", "max":2048, @@ -5909,17 +6446,21 @@ "queryString" ], "members":{ + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"Specify the query language to use for this query. The options are Logs Insights QL, OpenSearch PPL, and OpenSearch SQL. For more information about the query languages that CloudWatch Logs supports, see Supported query languages.
" + }, "logGroupName":{ "shape":"LogGroupName", - "documentation":"The log group on which to perform the query.
" + "documentation":"The log group on which to perform the query.
A StartQuery operation must include exactly one of the following parameters: logGroupName, logGroupNames, or logGroupIdentifiers. The exception is queries using the OpenSearch Service SQL query language, where you specify the log group names inside the querystring instead of here.
The list of log groups to be queried. You can include up to 50 log groups.
" + "documentation":"The list of log groups to be queried. You can include up to 50 log groups.
A StartQuery operation must include exactly one of the following parameters: logGroupName, logGroupNames, or logGroupIdentifiers. The exception is queries using the OpenSearch Service SQL query language, where you specify the log group names inside the querystring instead of here.
The list of log groups to query. You can include up to 50 log groups.
You can specify them by the log group name or ARN. If a log group that you're querying is in a source account and you're using a monitoring account, you must specify the ARN of the log group here. The query definition must also be defined in the monitoring account.
If you specify an ARN, use the format arn:aws:logs:region:account-id:log-group:log_group_name Don't include an * at the end.
A StartQuery operation must include exactly one of the following parameters: logGroupName, logGroupNames, or logGroupIdentifiers.
The list of log groups to query. You can include up to 50 log groups.
You can specify them by the log group name or ARN. If a log group that you're querying is in a source account and you're using a monitoring account, you must specify the ARN of the log group here. The query definition must also be defined in the monitoring account.
If you specify an ARN, use the format arn:aws:logs:region:account-id:log-group:log_group_name Don't include an * at the end.
A StartQuery operation must include exactly one of the following parameters: logGroupName, logGroupNames, or logGroupIdentifiers. The exception is queries using the OpenSearch Service SQL query language, where you specify the log group names inside the querystring instead of here.
The ID of the threat actor.
" + }, + "User":{ + "shape":"ActorUser", + "documentation":"Contains information about the user credentials used by the threat actor.
" + }, + "Session":{ + "shape":"ActorSession", + "documentation":"Contains information about the user session where the activity initiated.
" + } + }, + "documentation":"Information about the threat actor identified in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, + "ActorSession":{ + "type":"structure", + "members":{ + "Uid":{ + "shape":"NonEmptyString", + "documentation":"Unique identifier of the session.
" + }, + "MfaStatus":{ + "shape":"ActorSessionMfaStatus", + "documentation":"Indicates whether multi-factor authentication (MFA) was used for authentication during the session.
In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.
The timestamp for when the session was created.
In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.creationDate.
The issuer of the session.
In CloudTrail, you can find this value as userIdentity.sessionContext.sessionIssuer.arn.
Contains information about the authenticated session used by the threat actor identified in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, + "ActorSessionMfaStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "ActorUser":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"NonEmptyString", + "documentation":"The name of the threat actor.
" + }, + "Uid":{ + "shape":"NonEmptyString", + "documentation":"The unique identifier of the threat actor.
" + }, + "Type":{ + "shape":"NonEmptyString", + "documentation":"The type of user.
" + }, + "CredentialUid":{ + "shape":"NonEmptyString", + "documentation":"Unique identifier of the threat actor’s user credentials.
" + }, + "Account":{ + "shape":"UserAccount", + "documentation":"The account of the threat actor.
" + } + }, + "documentation":"Contains information about the credentials used by the threat actor identified in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, + "ActorsList":{ + "type":"list", + "member":{"shape":"Actor"}, + "max":10, + "min":0 + }, "Adjustment":{ "type":"structure", "members":{ @@ -13878,6 +13957,10 @@ "AwsAccountName":{ "shape":"NonEmptyString", "documentation":"The name of the Amazon Web Services account from which a finding was generated.
Length Constraints: Minimum length of 1. Maximum length of 50.
" + }, + "Detection":{ + "shape":"Detection", + "documentation":"Provides details about an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" } }, "documentation":"Provides a consistent format for Security Hub findings. AwsSecurityFinding format allows you to share findings between Amazon Web Services security services and third-party solutions.
A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.
Provides details about an attack sequence.
" + } + }, + "documentation":"A top-level object field that provides details about an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, "DisableImportFindingsForProductRequest":{ "type":"structure", "required":["ProductSubscriptionArn"], @@ -17643,6 +17743,34 @@ "type":"list", "member":{"shape":"ImportFindingsError"} }, + "Indicator":{ + "type":"structure", + "members":{ + "Key":{ + "shape":"NonEmptyString", + "documentation":"The name of the indicator that’s present in the attack sequence finding.
" + }, + "Values":{ + "shape":"NonEmptyStringList", + "documentation":"Values associated with each indicator key. For example, if the indicator key is SUSPICIOUS_NETWORK, then the value will be the name of the network. If the indicator key is ATTACK_TACTIC, then the value will be one of the MITRE tactics.
The title describing the indicator.
" + }, + "Type":{ + "shape":"NonEmptyString", + "documentation":"The type of indicator.
" + } + }, + "documentation":"Contains information about the indicators observed in an Amazon GuardDuty Extended Threat Detection attack sequence. Indicators include a set of signals, which can be API activities or findings that GuardDuty uses to detect an attack sequence finding. GuardDuty generates an attack sequence finding when multiple signals align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, + "IndicatorsList":{ + "type":"list", + "member":{"shape":"Indicator"}, + "max":100, + "min":0 + }, "Insight":{ "type":"structure", "required":[ @@ -18476,6 +18604,30 @@ }, "documentation":"The details of network-related information about a finding.
" }, + "NetworkAutonomousSystem":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"NonEmptyString", + "documentation":"The name associated with the AS.
" + }, + "Number":{ + "shape":"Integer", + "documentation":"The unique number that identifies the AS.
" + } + }, + "documentation":"Contains information about the Autonomous System (AS) of the network endpoints involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, + "NetworkConnection":{ + "type":"structure", + "members":{ + "Direction":{ + "shape":"ConnectionDirection", + "documentation":"The direction in which the network traffic is flowing.
" + } + }, + "documentation":"Contains information about the network connection involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, "NetworkConnectionAction":{ "type":"structure", "members":{ @@ -18513,6 +18665,68 @@ "OUT" ] }, + "NetworkEndpoint":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"NonEmptyString", + "documentation":"The identifier of the network endpoint involved in the attack sequence.
" + }, + "Ip":{ + "shape":"NonEmptyString", + "documentation":"The IP address used in the network endpoint.
" + }, + "Domain":{ + "shape":"NonEmptyString", + "documentation":"The domain information for the network endpoint.
" + }, + "Port":{ + "shape":"Integer", + "documentation":"The port number associated with the network endpoint.
" + }, + "Location":{ + "shape":"NetworkGeoLocation", + "documentation":"Information about the location of the network endpoint.
" + }, + "AutonomousSystem":{ + "shape":"NetworkAutonomousSystem", + "documentation":"The Autonomous System Number (ASN) of the network endpoint.
" + }, + "Connection":{ + "shape":"NetworkConnection", + "documentation":"Information about the network connection.
" + } + }, + "documentation":"Contains information about network endpoints involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
This field can provide information about the network endpoints associated with the resource in the attack sequence finding, or about a specific network endpoint used for the attack.
" + }, + "NetworkEndpointsList":{ + "type":"list", + "member":{"shape":"NetworkEndpoint"}, + "max":10, + "min":0 + }, + "NetworkGeoLocation":{ + "type":"structure", + "members":{ + "City":{ + "shape":"NonEmptyString", + "documentation":"The name of the city.
" + }, + "Country":{ + "shape":"NonEmptyString", + "documentation":"The name of the country.
" + }, + "Lat":{ + "shape":"Double", + "documentation":"The latitude information of the endpoint location.
" + }, + "Lon":{ + "shape":"Double", + "documentation":"The longitude information of the endpoint location.
" + } + }, + "documentation":"Contains information about the location of a network endpoint involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, "NetworkHeader":{ "type":"structure", "members":{ @@ -20320,6 +20534,32 @@ "type":"list", "member":{"shape":"SensitiveDataResult"} }, + "Sequence":{ + "type":"structure", + "members":{ + "Uid":{ + "shape":"NonEmptyString", + "documentation":"Unique identifier of the attack sequence.
" + }, + "Actors":{ + "shape":"ActorsList", + "documentation":"Provides information about the actors involved in the attack sequence.
" + }, + "Endpoints":{ + "shape":"NetworkEndpointsList", + "documentation":"Contains information about the network endpoints that were used in the attack sequence.
" + }, + "Signals":{ + "shape":"SignalsList", + "documentation":"Contains information about the signals involved in the attack sequence.
" + }, + "SequenceIndicators":{ + "shape":"IndicatorsList", + "documentation":" Contains information about the indicators observed in the attack sequence. The values for SignalIndicators are a subset of the values for SequenceIndicators, but the values for these fields don't always match 1:1.
Contains information about an Amazon GuardDuty Extended Threat Detection attack sequence finding. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, "Severity":{ "type":"structure", "members":{ @@ -20379,6 +20619,78 @@ }, "documentation":"Updates to the severity information for a finding.
" }, + "Signal":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"NonEmptyString", + "documentation":"The type of the signal used to identify an attack sequence.
Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For more information, see GuardDuty foundational data sources in the Amazon GuardDuty User Guide.
A signal type can be one of the following values. Here are the related descriptions:
FINDING - Individually generated GuardDuty finding.
CLOUD_TRAIL - Activity observed from CloudTrail logs
S3_DATA_EVENTS - Activity observed from CloudTrail data events for Amazon Simple Storage Service (S3). Activities associated with this type will show up only when you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and the steps to enable it, see S3 Protection in the Amazon GuardDuty User Guide.
The identifier of the signal.
" + }, + "Title":{ + "shape":"NonEmptyString", + "documentation":"The description of the GuardDuty finding.
" + }, + "ProductArn":{ + "shape":"NonEmptyString", + "documentation":"The Amazon Resource Name (ARN) of the product that generated the signal.
" + }, + "ResourceIds":{ + "shape":"NonEmptyStringList", + "documentation":"The ARN or ID of the Amazon Web Services resource associated with the signal.
" + }, + "SignalIndicators":{ + "shape":"IndicatorsList", + "documentation":" Contains information about the indicators associated with the signals in this attack sequence finding. The values for SignalIndicators are a subset of the values for SequenceIndicators, but the values for these fields don't always match 1:1.
The name of the GuardDuty signal. For example, when signal type is FINDING, the signal name is the name of the finding.
The timestamp when the first finding or activity related to this signal was observed.
" + }, + "UpdatedAt":{ + "shape":"Long", + "documentation":"The timestamp when this signal was last observed.
" + }, + "FirstSeenAt":{ + "shape":"Long", + "documentation":"The timestamp when the first finding or activity related to this signal was observed.
" + }, + "LastSeenAt":{ + "shape":"Long", + "documentation":"The timestamp when the last finding or activity related to this signal was observed.
" + }, + "Severity":{ + "shape":"Double", + "documentation":"The severity associated with the signal. For more information about severity, see Findings severity levels in the Amazon GuardDuty User Guide.
" + }, + "Count":{ + "shape":"Integer", + "documentation":"The number of times this signal was observed.
" + }, + "ActorIds":{ + "shape":"NonEmptyStringList", + "documentation":"The IDs of the threat actors involved in the signal.
" + }, + "EndpointIds":{ + "shape":"NonEmptyStringList", + "documentation":"Information about the endpoint IDs associated with this signal.
" + } + }, + "documentation":"Contains information about the signals involved in an Amazon GuardDuty Extended Threat Detection attack sequence. An attack sequence is a type of threat detected by GuardDuty. GuardDuty generates an attack sequence finding when multiple events, or signals, align to a potentially suspicious activity. When GuardDuty and Security Hub are integrated, GuardDuty sends attack sequence findings to Security Hub.
A signal can be an API activity or a finding that GuardDuty uses to detect an attack sequence finding.
" + }, + "SignalsList":{ + "type":"list", + "member":{"shape":"Signal"}, + "max":100, + "min":1 + }, "SizeBytes":{"type":"long"}, "SoftwarePackage":{ "type":"structure", @@ -20916,7 +21228,7 @@ "members":{ "ReasonCode":{ "shape":"NonEmptyString", - "documentation":"A code that represents a reason for the control status. For the list of status reason codes and their meanings, see Standards-related information in the ASFF in the Security Hub User Guide.
" + "documentation":"A code that represents a reason for the control status. For the list of status reason codes and their meanings, see Compliance details for control findings in the Security Hub User Guide.
" }, "Description":{ "shape":"NonEmptyString", @@ -21656,6 +21968,20 @@ "UPDATING" ] }, + "UserAccount":{ + "type":"structure", + "members":{ + "Uid":{ + "shape":"NonEmptyString", + "documentation":"The unique identifier of the user account involved in the attack sequence.
" + }, + "Name":{ + "shape":"NonEmptyString", + "documentation":"The name of the user account involved in the attack sequence.
" + } + }, + "documentation":"Provides Amazon Web Services account information of the user involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
" + }, "VerificationState":{ "type":"string", "enum":[ From cad124262d0c01347ac681027e4f73124a61c1e0 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:17 +0000 Subject: [PATCH 26/35] Agents for Amazon Bedrock Runtime Update: This release introduces a new Rerank API to leverage reranking models (with integration into Knowledge Bases); APIs to upload documents directly into Knowledge Base; RetrieveAndGenerateStream API for streaming response; Guardrails on Retrieve API; and ability to automatically generate filters --- ...AgentsforAmazonBedrockRuntime-70183c9.json | 6 + .../codegen-resources/paginators-1.json | 5 + .../codegen-resources/service-2.json | 644 +++++++++++++++++- 3 files changed, 652 insertions(+), 3 deletions(-) create mode 100644 .changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json diff --git a/.changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json b/.changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json new file mode 100644 index 00000000000..c6fbb0457dc --- /dev/null +++ b/.changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Agents for Amazon Bedrock Runtime", + "contributor": "", + "description": "This release introduces a new Rerank API to leverage reranking models (with integration into Knowledge Bases); APIs to upload documents directly into Knowledge Base; RetrieveAndGenerateStream API for streaming response; Guardrails on Retrieve API; and ability to automatically generate filters" +} diff --git a/services/bedrockagentruntime/src/main/resources/codegen-resources/paginators-1.json b/services/bedrockagentruntime/src/main/resources/codegen-resources/paginators-1.json index 3b9d74ec369..2743a90d531 100644 --- a/services/bedrockagentruntime/src/main/resources/codegen-resources/paginators-1.json +++ b/services/bedrockagentruntime/src/main/resources/codegen-resources/paginators-1.json @@ -6,6 +6,11 @@ "limit_key": "maxItems", "result_key": "memoryContents" }, + "Rerank": { + "input_token": "nextToken", + "output_token": "nextToken", + "result_key": "results" + }, "Retrieve": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/services/bedrockagentruntime/src/main/resources/codegen-resources/service-2.json b/services/bedrockagentruntime/src/main/resources/codegen-resources/service-2.json index fc063540de7..aa4106dffc0 100644 --- a/services/bedrockagentruntime/src/main/resources/codegen-resources/service-2.json +++ b/services/bedrockagentruntime/src/main/resources/codegen-resources/service-2.json @@ -144,6 +144,28 @@ ], "documentation":"Optimizes a prompt for the task that you specify. For more information, see Optimize a prompt in the Amazon Bedrock User Guide.
" }, + "Rerank":{ + "name":"Rerank", + "http":{ + "method":"POST", + "requestUri":"/rerank", + "responseCode":200 + }, + "input":{"shape":"RerankRequest"}, + "output":{"shape":"RerankResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"DependencyFailedException"}, + {"shape":"BadGatewayException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Reranks the relevance of sources based on queries. For more information, see Improve the relevance of query responses with a reranker model.
" + }, "Retrieve":{ "name":"Retrieve", "http":{ @@ -187,6 +209,28 @@ {"shape":"ServiceQuotaExceededException"} ], "documentation":"Queries a knowledge base and generates responses based on the retrieved results and using the specified foundation model or inference profile. The response only cites sources that are relevant to the query.
" + }, + "RetrieveAndGenerateStream":{ + "name":"RetrieveAndGenerateStream", + "http":{ + "method":"POST", + "requestUri":"/retrieveAndGenerateStream", + "responseCode":200 + }, + "input":{"shape":"RetrieveAndGenerateStreamRequest"}, + "output":{"shape":"RetrieveAndGenerateStreamResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"DependencyFailedException"}, + {"shape":"BadGatewayException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Queries a knowledge base and generates responses based on the retrieved results, with output in streaming format.
The CLI doesn't support streaming operations in Amazon Bedrock, including InvokeModelWithResponseStream.
Contains information about the API operation that was called from the action group and the response body that was returned.
This data type is used in the following API operations:
In the returnControlInvocationResults of the InvokeAgent request
Contains configurations for a reranker model.
" + }, + "numberOfResults":{ + "shape":"BedrockRerankingConfigurationNumberOfResultsInteger", + "documentation":"The number of results to return after reranking.
" + } + }, + "documentation":"Contains configurations for an Amazon Bedrock reranker model.
" + }, + "BedrockRerankingConfigurationNumberOfResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "BedrockRerankingModelArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/(.*))?$" + }, + "BedrockRerankingModelConfiguration":{ + "type":"structure", + "required":["modelArn"], + "members":{ + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"A JSON object whose keys are request fields for the model and whose values are values for those fields.
" + }, + "modelArn":{ + "shape":"BedrockModelArn", + "documentation":"The ARN of the reranker model.
" + } + }, + "documentation":"Contains configurations for a reranker model.
" + }, "Boolean":{ "type":"boolean", "box":true @@ -592,6 +687,17 @@ }, "documentation":"An object containing a segment of the generated response that is based on a source in the knowledge base, alongside information about the source.
This data type is used in the following API operations:
InvokeAgent response – in the citations field
RetrieveAndGenerate response – in the citations field
The citation.
" + } + }, + "documentation":"A citation event.
", + "event":true + }, "Citations":{ "type":"list", "member":{"shape":"Citation"} @@ -686,7 +792,7 @@ "members":{ "event":{ "shape":"CustomOrchestrationTraceEvent", - "documentation":"The trace event details used with the custom orchestration.
" + "documentation":"The event details used with the custom orchestration.
" }, "traceId":{ "shape":"TraceId", @@ -704,7 +810,7 @@ "documentation":"The text that prompted the event at this step.
" } }, - "documentation":"The event in the custom orchestration sequence.
", + "documentation":"The event in the custom orchestration sequence. Events are the responses which the custom orchestration Lambda function sends as response to the agent.
", "sensitive":true }, "DateTimestamp":{ @@ -872,6 +978,29 @@ "documentation":"Contains information about the failure of the interaction.
", "sensitive":true }, + "FieldForReranking":{ + "type":"structure", + "required":["fieldName"], + "members":{ + "fieldName":{ + "shape":"FieldForRerankingFieldNameString", + "documentation":"The name of a metadata field to include in or exclude from consideration when reranking.
" + } + }, + "documentation":"Contains information for a metadata field to include in or exclude from consideration when reranking.
" + }, + "FieldForRerankingFieldNameString":{ + "type":"string", + "max":2000, + "min":1 + }, + "FieldsForReranking":{ + "type":"list", + "member":{"shape":"FieldForReranking"}, + "max":100, + "min":1, + "sensitive":true + }, "FileBody":{ "type":"blob", "max":1000000, @@ -969,6 +1098,10 @@ "type":"string", "sensitive":true }, + "Float":{ + "type":"float", + "box":true + }, "FlowAliasIdentifier":{ "type":"string", "max":2048, @@ -1704,6 +1837,17 @@ "member":{"shape":"GuardrailCustomWord"}, "sensitive":true }, + "GuardrailEvent":{ + "type":"structure", + "members":{ + "action":{ + "shape":"GuadrailAction", + "documentation":"The guardrail action.
" + } + }, + "documentation":"A guardrail event.
", + "event":true + }, "GuardrailIdentifierWithArn":{ "type":"string", "max":2048, @@ -1945,6 +2089,24 @@ "min":1, "sensitive":true }, + "ImplicitFilterConfiguration":{ + "type":"structure", + "required":[ + "metadataAttributes", + "modelArn" + ], + "members":{ + "metadataAttributes":{ + "shape":"MetadataAttributeSchemaList", + "documentation":"Metadata that can be used in a filter.
" + }, + "modelArn":{ + "shape":"BedrockModelArn", + "documentation":"The model that generates the filter.
" + } + }, + "documentation":"Settings for implicit filtering, where a model generates a metadata filter based on the prompt.
" + }, "InferenceConfig":{ "type":"structure", "members":{ @@ -2655,6 +2817,10 @@ "shape":"RetrievalFilter", "documentation":"Specifies the filters to use on the metadata in the knowledge base data sources before returning results. For more information, see Query configurations.
" }, + "implicitFilterConfiguration":{ + "shape":"ImplicitFilterConfiguration", + "documentation":"Settings for implicit filtering.
" + }, "numberOfResults":{ "shape":"KnowledgeBaseVectorSearchConfigurationNumberOfResultsInteger", "documentation":"The number of source chunks to retrieve.
", @@ -2663,6 +2829,10 @@ "overrideSearchType":{ "shape":"SearchType", "documentation":"By default, Amazon Bedrock decides a search strategy for you. If you're using an Amazon OpenSearch Serverless vector store that contains a filterable text field, you can specify whether to query the knowledge base with a HYBRID search using both vector embeddings and raw text, or SEMANTIC search using only vector embeddings. For other vector store configurations, only SEMANTIC search is available. For more information, see Test a knowledge base.
Contains configurations for reranking the retrieved results. For more information, see Improve the relevance of query responses with a reranker model.
" } }, "documentation":"Configurations for how to perform the search query and return results. For more information, see Query configurations.
This data type is used in the following API operations:
Retrieve request – in the vectorSearchConfiguration field
RetrieveAndGenerate request – in the vectorSearchConfiguration field
Provides details of the foundation model.
", "sensitive":true }, + "MetadataAttributeSchema":{ + "type":"structure", + "required":[ + "description", + "key", + "type" + ], + "members":{ + "description":{ + "shape":"MetadataAttributeSchemaDescriptionString", + "documentation":"The attribute's description.
" + }, + "key":{ + "shape":"MetadataAttributeSchemaKeyString", + "documentation":"The attribute's key.
" + }, + "type":{ + "shape":"AttributeType", + "documentation":"The attribute's type.
" + } + }, + "documentation":"Details about a metadata attribute.
", + "sensitive":true + }, + "MetadataAttributeSchemaDescriptionString":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^[\\s\\S]+$" + }, + "MetadataAttributeSchemaKeyString":{ + "type":"string", + "max":256, + "min":1, + "pattern":"^[\\s\\S]+$" + }, + "MetadataAttributeSchemaList":{ + "type":"list", + "member":{"shape":"MetadataAttributeSchema"}, + "max":25, + "min":1 + }, + "MetadataConfigurationForReranking":{ + "type":"structure", + "required":["selectionMode"], + "members":{ + "selectionMode":{ + "shape":"RerankingMetadataSelectionMode", + "documentation":"Specifies whether to consider all metadata when reranking, or only the metadata that you select. If you specify SELECTIVE, include the selectiveModeConfiguration field.
Contains configurations for the metadata fields to include or exclude when considering reranking.
" + } + }, + "documentation":"Contains configurations for the metadata to use in reranking.
" + }, "MimeType":{"type":"string"}, "ModelIdentifier":{ "type":"string", @@ -3455,6 +3682,225 @@ "DISABLED" ] }, + "RerankDocument":{ + "type":"structure", + "required":["type"], + "members":{ + "jsonDocument":{ + "shape":"Document", + "documentation":"Contains a JSON document to rerank.
" + }, + "textDocument":{ + "shape":"RerankTextDocument", + "documentation":"Contains information about a text document to rerank.
" + }, + "type":{ + "shape":"RerankDocumentType", + "documentation":"The type of document to rerank.
" + } + }, + "documentation":"Contains information about a document to rerank. Choose the type to define and include the field that corresponds to the type.
Contains information about a text query.
" + }, + "type":{ + "shape":"RerankQueryContentType", + "documentation":"The type of the query.
" + } + }, + "documentation":"Contains information about a query to submit to the reranker model.
", + "sensitive":true + }, + "RerankQueryContentType":{ + "type":"string", + "enum":["TEXT"] + }, + "RerankRequest":{ + "type":"structure", + "required":[ + "queries", + "rerankingConfiguration", + "sources" + ], + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"If the total number of results was greater than could fit in a response, a token is returned in the nextToken field. You can enter that token in this field to return the next batch of results.
An array of objects, each of which contains information about a query to submit to the reranker model.
" + }, + "rerankingConfiguration":{ + "shape":"RerankingConfiguration", + "documentation":"Contains configurations for reranking.
" + }, + "sources":{ + "shape":"RerankSourcesList", + "documentation":"An array of objects, each of which contains information about the sources to rerank.
" + } + } + }, + "RerankResponse":{ + "type":"structure", + "required":["results"], + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"If the total number of results is greater than can fit in the response, use this token in the nextToken field when making another request to return the next batch of results.
An array of objects, each of which contains information about the results of reranking.
" + } + } + }, + "RerankResult":{ + "type":"structure", + "required":[ + "index", + "relevanceScore" + ], + "members":{ + "document":{ + "shape":"RerankDocument", + "documentation":"Contains information about the document.
" + }, + "index":{ + "shape":"RerankResultIndexInteger", + "documentation":"The ranking of the document. The lower a number, the higher the document is ranked.
" + }, + "relevanceScore":{ + "shape":"Float", + "documentation":"The relevance score of the document.
" + } + }, + "documentation":"Contains information about a document that was reranked.
" + }, + "RerankResultIndexInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":0 + }, + "RerankResultsList":{ + "type":"list", + "member":{"shape":"RerankResult"} + }, + "RerankSource":{ + "type":"structure", + "required":[ + "inlineDocumentSource", + "type" + ], + "members":{ + "inlineDocumentSource":{ + "shape":"RerankDocument", + "documentation":"Contains an inline definition of a source for reranking.
" + }, + "type":{ + "shape":"RerankSourceType", + "documentation":"The type of the source.
" + } + }, + "documentation":"Contains information about a source for reranking.
", + "sensitive":true + }, + "RerankSourceType":{ + "type":"string", + "enum":["INLINE"] + }, + "RerankSourcesList":{ + "type":"list", + "member":{"shape":"RerankSource"}, + "max":1000, + "min":1, + "sensitive":true + }, + "RerankTextDocument":{ + "type":"structure", + "members":{ + "text":{ + "shape":"RerankTextDocumentTextString", + "documentation":"The text of the document.
" + } + }, + "documentation":"Contains information about a text document to rerank.
", + "sensitive":true + }, + "RerankTextDocumentTextString":{ + "type":"string", + "max":9000, + "min":1 + }, + "RerankingConfiguration":{ + "type":"structure", + "required":[ + "bedrockRerankingConfiguration", + "type" + ], + "members":{ + "bedrockRerankingConfiguration":{ + "shape":"BedrockRerankingConfiguration", + "documentation":"Contains configurations for an Amazon Bedrock reranker.
" + }, + "type":{ + "shape":"RerankingConfigurationType", + "documentation":"The type of reranker that the configurations apply to.
" + } + }, + "documentation":"Contains configurations for reranking.
" + }, + "RerankingConfigurationType":{ + "type":"string", + "enum":["BEDROCK_RERANKING_MODEL"] + }, + "RerankingMetadataSelectionMode":{ + "type":"string", + "enum":[ + "SELECTIVE", + "ALL" + ] + }, + "RerankingMetadataSelectiveModeConfiguration":{ + "type":"structure", + "members":{ + "fieldsToExclude":{ + "shape":"FieldsForReranking", + "documentation":"An array of objects, each of which specifies a metadata field to exclude from consideration when reranking.
" + }, + "fieldsToInclude":{ + "shape":"FieldsForReranking", + "documentation":"An array of objects, each of which specifies a metadata field to include in consideration when reranking. The remaining metadata fields are ignored.
" + } + }, + "documentation":"Contains configurations for the metadata fields to include or exclude when considering reranking. If you include the fieldsToExclude field, the reranker ignores all the metadata fields that you specify. If you include the fieldsToInclude field, the reranker uses only the metadata fields that you specify and ignores all others. You can include only one of these fields.
/ @documentation("Description of the using the resource.")
", @@ -3637,6 +4083,16 @@ "documentation":"Contains the cited text from the data source.
This data type is used in the following API operations:
Retrieve response – in the content field
RetrieveAndGenerate response – in the content field
InvokeAgent response – in the content field
The ID of the document.
" + } + }, + "documentation":"Contains information about the location of a document in a custom data source.
" + }, "RetrievalResultLocation":{ "type":"structure", "required":["type"], @@ -3645,6 +4101,10 @@ "shape":"RetrievalResultConfluenceLocation", "documentation":"The Confluence data source location.
" }, + "customDocumentLocation":{ + "shape":"RetrievalResultCustomDocumentLocation", + "documentation":"Specifies the location of a document in a custom data source.
" + }, "s3Location":{ "shape":"RetrievalResultS3Location", "documentation":"The S3 data source location.
" @@ -3676,7 +4136,8 @@ "WEB", "CONFLUENCE", "SALESFORCE", - "SHAREPOINT" + "SHAREPOINT", + "CUSTOM" ] }, "RetrievalResultMetadata":{ @@ -3785,6 +4246,19 @@ "documentation":"Contains the response generated from querying the knowledge base.
This data type is used in the following API operations:
RetrieveAndGenerate response – in the output field
A text response.
" + } + }, + "documentation":"A retrieve and generate output event.
", + "event":true, + "sensitive":true + }, "RetrieveAndGenerateRequest":{ "type":"structure", "required":["input"], @@ -3843,6 +4317,103 @@ }, "documentation":"Contains configuration about the session with the knowledge base.
This data type is used in the following API operations:
RetrieveAndGenerate request – in the sessionConfiguration field
Contains the query to be made to the knowledge base.
" + }, + "retrieveAndGenerateConfiguration":{ + "shape":"RetrieveAndGenerateConfiguration", + "documentation":"Contains configurations for the knowledge base query and retrieval process. For more information, see Query configurations.
" + }, + "sessionConfiguration":{ + "shape":"RetrieveAndGenerateSessionConfiguration", + "documentation":"Contains details about the session with the knowledge base.
" + }, + "sessionId":{ + "shape":"SessionId", + "documentation":"The unique identifier of the session. When you first make a RetrieveAndGenerate request, Amazon Bedrock automatically generates this value. You must reuse this value for all subsequent requests in the same conversational session. This value allows Amazon Bedrock to maintain context and knowledge from previous interactions. You can't explicitly set the sessionId yourself.
The session ID.
", + "location":"header", + "locationName":"x-amzn-bedrock-knowledge-base-session-id" + }, + "stream":{ + "shape":"RetrieveAndGenerateStreamResponseOutput", + "documentation":"A stream of events from the model.
" + } + }, + "payload":"stream" + }, + "RetrieveAndGenerateStreamResponseOutput":{ + "type":"structure", + "members":{ + "accessDeniedException":{ + "shape":"AccessDeniedException", + "documentation":"The request is denied because you do not have sufficient permissions to perform the requested action. For troubleshooting this error, see AccessDeniedException in the Amazon Bedrock User Guide.
" + }, + "badGatewayException":{ + "shape":"BadGatewayException", + "documentation":"The request failed due to a bad gateway error.
" + }, + "citation":{ + "shape":"CitationEvent", + "documentation":"A citation event.
" + }, + "conflictException":{ + "shape":"ConflictException", + "documentation":"Error occurred because of a conflict while performing an operation.
" + }, + "dependencyFailedException":{ + "shape":"DependencyFailedException", + "documentation":"The request failed due to a dependency error.
" + }, + "guardrail":{ + "shape":"GuardrailEvent", + "documentation":"A guardrail event.
" + }, + "internalServerException":{ + "shape":"InternalServerException", + "documentation":"An internal server error occurred. Retry your request.
" + }, + "output":{ + "shape":"RetrieveAndGenerateOutputEvent", + "documentation":"An output event.
" + }, + "resourceNotFoundException":{ + "shape":"ResourceNotFoundException", + "documentation":"The specified resource ARN was not found. For troubleshooting this error, see ResourceNotFound in the Amazon Bedrock User Guide.
" + }, + "serviceQuotaExceededException":{ + "shape":"ServiceQuotaExceededException", + "documentation":"Your request exceeds the service quota for your account. You can view your quotas at Viewing service quotas. You can resubmit your request later.
" + }, + "throttlingException":{ + "shape":"ThrottlingException", + "documentation":"Your request was denied due to exceeding the account quotas for Amazon Bedrock. For troubleshooting this error, see ThrottlingException in the Amazon Bedrock User Guide.
" + }, + "validationException":{ + "shape":"ValidationException", + "documentation":"The input fails to satisfy the constraints specified by Amazon Bedrock. For troubleshooting this error, see ValidationError in the Amazon Bedrock User Guide.
" + } + }, + "documentation":"A retrieve and generate stream response output.
", + "eventstream":true + }, "RetrieveAndGenerateType":{ "type":"string", "enum":[ @@ -3857,6 +4428,10 @@ "retrievalQuery" ], "members":{ + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"Guardrail settings.
" + }, "knowledgeBaseId":{ "shape":"KnowledgeBaseId", "documentation":"The unique identifier of the knowledge base to query.
", @@ -3881,6 +4456,10 @@ "type":"structure", "required":["retrievalResults"], "members":{ + "guardrailAction":{ + "shape":"GuadrailAction", + "documentation":"Specifies if there is a guardrail intervention in the response.
" + }, "nextToken":{ "shape":"NextToken", "documentation":"If there are more results than can fit in the response, the response returns a nextToken. Use this token in the nextToken field of another request to retrieve the next batch of results.
Contains configurations for the metadata to use in reranking.
" + }, + "modelConfiguration":{ + "shape":"VectorSearchBedrockRerankingModelConfiguration", + "documentation":"Contains configurations for the reranker model.
" + }, + "numberOfRerankedResults":{ + "shape":"VectorSearchBedrockRerankingConfigurationNumberOfRerankedResultsInteger", + "documentation":"The number of results to return after reranking.
" + } + }, + "documentation":"Contains configurations for reranking with an Amazon Bedrock reranker model.
" + }, + "VectorSearchBedrockRerankingConfigurationNumberOfRerankedResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "VectorSearchBedrockRerankingModelConfiguration":{ + "type":"structure", + "required":["modelArn"], + "members":{ + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"A JSON object whose keys are request fields for the model and whose values are values for those fields.
" + }, + "modelArn":{ + "shape":"BedrockRerankingModelArn", + "documentation":"The ARN of the reranker model to use.
" + } + }, + "documentation":"Contains configurations for an Amazon Bedrock reranker model.
" + }, + "VectorSearchRerankingConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "bedrockRerankingConfiguration":{ + "shape":"VectorSearchBedrockRerankingConfiguration", + "documentation":"Contains configurations for an Amazon Bedrock reranker model.
" + }, + "type":{ + "shape":"VectorSearchRerankingConfigurationType", + "documentation":"The type of reranker model.
" + } + }, + "documentation":"Contains configurations for reranking the retrieved results.
" + }, + "VectorSearchRerankingConfigurationType":{ + "type":"string", + "enum":["BEDROCK_RERANKING_MODEL"] + }, "Verb":{ "type":"string", "sensitive":true From d92c008805d59d5d5b500217fd82266aa358a7d0 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:27 +0000 Subject: [PATCH 27/35] Security Incident Response Update: AWS Security Incident Response is a purpose-built security incident solution designed to help customers prepare for, respond to, and recover from security incidents. --- ...ture-SecurityIncidentResponse-214853b.json | 6 + services/securityir/pom.xml | 60 + .../codegen-resources/endpoint-rule-set.json | 137 + .../codegen-resources/endpoint-tests.json | 201 ++ .../codegen-resources/paginators-1.json | 28 + .../codegen-resources/service-2.json | 2331 +++++++++++++++++ .../codegen-resources/waiters-2.json | 5 + 7 files changed, 2768 insertions(+) create mode 100644 .changes/next-release/feature-SecurityIncidentResponse-214853b.json create mode 100644 services/securityir/pom.xml create mode 100644 services/securityir/src/main/resources/codegen-resources/endpoint-rule-set.json create mode 100644 services/securityir/src/main/resources/codegen-resources/endpoint-tests.json create mode 100644 services/securityir/src/main/resources/codegen-resources/paginators-1.json create mode 100644 services/securityir/src/main/resources/codegen-resources/service-2.json create mode 100644 services/securityir/src/main/resources/codegen-resources/waiters-2.json diff --git a/.changes/next-release/feature-SecurityIncidentResponse-214853b.json b/.changes/next-release/feature-SecurityIncidentResponse-214853b.json new file mode 100644 index 00000000000..6455b3f59f1 --- /dev/null +++ b/.changes/next-release/feature-SecurityIncidentResponse-214853b.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Security Incident Response", + "contributor": "", + "description": "AWS Security Incident Response is a purpose-built security incident solution designed to help customers prepare for, respond to, and recover from security incidents." +} diff --git a/services/securityir/pom.xml b/services/securityir/pom.xml new file mode 100644 index 00000000000..dfb55f109a1 --- /dev/null +++ b/services/securityir/pom.xml @@ -0,0 +1,60 @@ + +Grants permission to view an existing membership.
" + }, + "CancelMembership":{ + "name":"CancelMembership", + "http":{ + "method":"PUT", + "requestUri":"/v1/membership/{membershipId}", + "responseCode":200 + }, + "input":{"shape":"CancelMembershipRequest"}, + "output":{"shape":"CancelMembershipResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permissions to cancel an existing membership.
", + "idempotent":true + }, + "CloseCase":{ + "name":"CloseCase", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/close-case", + "responseCode":200 + }, + "input":{"shape":"CloseCaseRequest"}, + "output":{"shape":"CloseCaseResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to close an existing case.
" + }, + "CreateCase":{ + "name":"CreateCase", + "http":{ + "method":"POST", + "requestUri":"/v1/create-case", + "responseCode":201 + }, + "input":{"shape":"CreateCaseRequest"}, + "output":{"shape":"CreateCaseResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to create a new case.
", + "idempotent":true + }, + "CreateCaseComment":{ + "name":"CreateCaseComment", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/create-comment", + "responseCode":201 + }, + "input":{"shape":"CreateCaseCommentRequest"}, + "output":{"shape":"CreateCaseCommentResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to add a comment to an existing case.
", + "idempotent":true + }, + "CreateMembership":{ + "name":"CreateMembership", + "http":{ + "method":"POST", + "requestUri":"/v1/membership", + "responseCode":201 + }, + "input":{"shape":"CreateMembershipRequest"}, + "output":{"shape":"CreateMembershipResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permissions to create a new membership.
", + "idempotent":true + }, + "GetCase":{ + "name":"GetCase", + "http":{ + "method":"GET", + "requestUri":"/v1/cases/{caseId}/get-case", + "responseCode":200 + }, + "input":{"shape":"GetCaseRequest"}, + "output":{"shape":"GetCaseResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grant permission to view a designated case.
" + }, + "GetCaseAttachmentDownloadUrl":{ + "name":"GetCaseAttachmentDownloadUrl", + "http":{ + "method":"GET", + "requestUri":"/v1/cases/{caseId}/get-presigned-url/{attachmentId}", + "responseCode":201 + }, + "input":{"shape":"GetCaseAttachmentDownloadUrlRequest"}, + "output":{"shape":"GetCaseAttachmentDownloadUrlResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to obtain an Amazon S3 presigned URL to download an attachment.
" + }, + "GetCaseAttachmentUploadUrl":{ + "name":"GetCaseAttachmentUploadUrl", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/get-presigned-url", + "responseCode":201 + }, + "input":{"shape":"GetCaseAttachmentUploadUrlRequest"}, + "output":{"shape":"GetCaseAttachmentUploadUrlResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to upload an attachment to a case.
", + "idempotent":true + }, + "GetMembership":{ + "name":"GetMembership", + "http":{ + "method":"GET", + "requestUri":"/v1/membership/{membershipId}", + "responseCode":200 + }, + "input":{"shape":"GetMembershipRequest"}, + "output":{"shape":"GetMembershipResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to get details of a designated service membership.
" + }, + "ListCaseEdits":{ + "name":"ListCaseEdits", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/list-case-edits", + "responseCode":200 + }, + "input":{"shape":"ListCaseEditsRequest"}, + "output":{"shape":"ListCaseEditsResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permissions to view the aidt log for edits made to a designated case.
" + }, + "ListCases":{ + "name":"ListCases", + "http":{ + "method":"POST", + "requestUri":"/v1/list-cases", + "responseCode":200 + }, + "input":{"shape":"ListCasesRequest"}, + "output":{"shape":"ListCasesResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to list all cases the requester has access to.
" + }, + "ListComments":{ + "name":"ListComments", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/list-comments", + "responseCode":200 + }, + "input":{"shape":"ListCommentsRequest"}, + "output":{"shape":"ListCommentsResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permissions to list and view comments for a designated case.
" + }, + "ListMemberships":{ + "name":"ListMemberships", + "http":{ + "method":"POST", + "requestUri":"/v1/memberships", + "responseCode":200 + }, + "input":{"shape":"ListMembershipsRequest"}, + "output":{"shape":"ListMembershipsResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to query the memberships a principal has access to.
" + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/v1/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceInput"}, + "output":{"shape":"ListTagsForResourceOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to view currently configured tags on a resource.
" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/v1/tags/{resourceArn}", + "responseCode":204 + }, + "input":{"shape":"TagResourceInput"}, + "output":{"shape":"TagResourceOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to add a tag(s) to a designated resource.
" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/v1/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"UntagResourceInput"}, + "output":{"shape":"UntagResourceOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to remove a tag(s) from a designate resource.
", + "idempotent":true + }, + "UpdateCase":{ + "name":"UpdateCase", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/update-case", + "responseCode":200 + }, + "input":{"shape":"UpdateCaseRequest"}, + "output":{"shape":"UpdateCaseResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to update an existing case.
" + }, + "UpdateCaseComment":{ + "name":"UpdateCaseComment", + "http":{ + "method":"PUT", + "requestUri":"/v1/cases/{caseId}/update-case-comment/{commentId}", + "responseCode":200 + }, + "input":{"shape":"UpdateCaseCommentRequest"}, + "output":{"shape":"UpdateCaseCommentResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to update an existing case comment.
", + "idempotent":true + }, + "UpdateCaseStatus":{ + "name":"UpdateCaseStatus", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/update-case-status", + "responseCode":201 + }, + "input":{"shape":"UpdateCaseStatusRequest"}, + "output":{"shape":"UpdateCaseStatusResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to update the status for a designated cases. Options include Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed.
Grants access to UpdateMembership to change membership configuration.
", + "idempotent":true + }, + "UpdateResolverType":{ + "name":"UpdateResolverType", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/update-resolver-type", + "responseCode":200 + }, + "input":{"shape":"UpdateResolverTypeRequest"}, + "output":{"shape":"UpdateResolverTypeResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Grants permission to update the resolver type for a case.
This is a one-way action and cannot be reversed.
Options include self-supported > AWS-supported.
" + } + }, + "shapes":{ + "AWSAccountId":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[0-9]{12}" + }, + "AWSAccountIds":{ + "type":"list", + "member":{"shape":"AWSAccountId"}, + "max":100, + "min":1 + }, + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "Arn":{ + "type":"string", + "max":1010, + "min":12, + "pattern":"arn:aws:security-ir:\\w+?-\\w+?-\\d+:[0-9]{12}:(membership/m-[a-z0-9]{10,32}|case/[0-9]{10})" + }, + "AttachmentId":{ + "type":"string", + "pattern":"[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}" + }, + "AwsRegion":{ + "type":"string", + "enum":[ + "af-south-1", + "ap-east-1", + "ap-northeast-1", + "ap-northeast-2", + "ap-northeast-3", + "ap-south-1", + "ap-south-2", + "ap-southeast-1", + "ap-southeast-2", + "ap-southeast-3", + "ap-southeast-4", + "ap-southeast-5", + "ca-central-1", + "ca-west-1", + "cn-north-1", + "cn-northwest-1", + "eu-central-1", + "eu-central-2", + "eu-north-1", + "eu-south-1", + "eu-south-2", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "il-central-1", + "me-central-1", + "me-south-1", + "sa-east-1", + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2" + ] + }, + "AwsService":{ + "type":"string", + "max":50, + "min":3, + "pattern":"[a-zA-Z0-9 -.():]+" + }, + "BatchGetMemberAccountDetailsRequest":{ + "type":"structure", + "required":[ + "membershipId", + "accountIds" + ], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"Required element used in combination with BatchGetMemberAccountDetails to identify the membership ID to query.
", + "location":"uri", + "locationName":"membershipId" + }, + "accountIds":{ + "shape":"AWSAccountIds", + "documentation":"Optional element to query the membership relationship status to a provided list of account IDs.
" + } + } + }, + "BatchGetMemberAccountDetailsResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"GetMembershipAccountDetailItems", + "documentation":"The response element providing responses for requests to GetMembershipAccountDetails.
" + }, + "errors":{ + "shape":"GetMembershipAccountDetailErrors", + "documentation":"The response element providing errors messages for requests to GetMembershipAccountDetails.
" + } + } + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CancelMembershipRequest":{ + "type":"structure", + "required":["membershipId"], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"Required element used in combination with CancelMembershipRequest to identify the membership ID to cancel.
", + "location":"uri", + "locationName":"membershipId" + } + } + }, + "CancelMembershipResponse":{ + "type":"structure", + "required":["membershipId"], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"The response element providing responses for requests to CancelMembershipRequest.
" + } + } + }, + "CaseArn":{ + "type":"string", + "max":80, + "min":12, + "pattern":"arn:aws:security-ir:\\w+?-\\w+?-\\d+:[0-9]{12}:case/[0-9]{10}" + }, + "CaseAttachmentAttributes":{ + "type":"structure", + "required":[ + "attachmentId", + "fileName", + "attachmentStatus", + "creator", + "createdDate" + ], + "members":{ + "attachmentId":{ + "shape":"AttachmentId", + "documentation":"" + }, + "fileName":{ + "shape":"FileName", + "documentation":"" + }, + "attachmentStatus":{ + "shape":"CaseAttachmentStatus", + "documentation":"" + }, + "creator":{ + "shape":"PrincipalId", + "documentation":"" + }, + "createdDate":{ + "shape":"Timestamp", + "documentation":"" + } + }, + "documentation":"" + }, + "CaseAttachmentStatus":{ + "type":"string", + "enum":[ + "Verified", + "Failed", + "Pending" + ] + }, + "CaseAttachmentsList":{ + "type":"list", + "member":{"shape":"CaseAttachmentAttributes"}, + "max":50, + "min":0 + }, + "CaseDescription":{ + "type":"string", + "max":8000, + "min":1, + "sensitive":true + }, + "CaseEditAction":{ + "type":"string", + "max":100, + "min":1 + }, + "CaseEditItem":{ + "type":"structure", + "members":{ + "eventTimestamp":{ + "shape":"Timestamp", + "documentation":"" + }, + "principal":{ + "shape":"String", + "documentation":"" + }, + "action":{ + "shape":"CaseEditAction", + "documentation":"" + }, + "message":{ + "shape":"CaseEditMessage", + "documentation":"" + } + }, + "documentation":"" + }, + "CaseEditItems":{ + "type":"list", + "member":{"shape":"CaseEditItem"} + }, + "CaseEditMessage":{ + "type":"string", + "max":4096, + "min":10 + }, + "CaseId":{ + "type":"string", + "max":32, + "min":10, + "pattern":"\\d{10,32}.*" + }, + "CaseStatus":{ + "type":"string", + "enum":[ + "Submitted", + "Acknowledged", + "Detection and Analysis", + "Containment, Eradication and Recovery", + "Post-incident Activities", + "Ready to Close", + "Closed" + ] + }, + "CaseTitle":{ + "type":"string", + "max":300, + "min":1, + "sensitive":true + }, + "CloseCaseRequest":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element used in combination with CloseCase to identify the case ID to close.
", + "location":"uri", + "locationName":"caseId" + } + } + }, + "CloseCaseResponse":{ + "type":"structure", + "members":{ + "caseStatus":{ + "shape":"CaseStatus", + "documentation":"A response element providing responses for requests to CloseCase. This element responds with the case status following the action.
" + }, + "closedDate":{ + "shape":"Timestamp", + "documentation":"A response element providing responses for requests to CloseCase. This element responds with the case closure date following the action.
" + } + } + }, + "ClosureCode":{ + "type":"string", + "enum":[ + "Investigation Completed", + "Not Resolved", + "False Positive", + "Duplicate" + ] + }, + "CommentBody":{ + "type":"string", + "max":12000, + "min":1, + "sensitive":true + }, + "CommentId":{ + "type":"string", + "max":6, + "min":6, + "pattern":"\\d{6}" + }, + "ConflictException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType" + ], + "members":{ + "message":{"shape":"String"}, + "resourceId":{ + "shape":"String", + "documentation":"Element providing the ID of the resource affected.
" + }, + "resourceType":{ + "shape":"String", + "documentation":"Element providing the type of the resource affected.
" + } + }, + "documentation":"", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "ContentLength":{ + "type":"long", + "box":true, + "max":104857600, + "min":1 + }, + "CreateCaseCommentRequest":{ + "type":"structure", + "required":[ + "caseId", + "body" + ], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element used in combination with CreateCaseComment to specify a case ID.
", + "location":"uri", + "locationName":"caseId" + }, + "clientToken":{ + "shape":"CreateCaseCommentRequestClientTokenString", + "documentation":"An optional element used in combination with CreateCaseComment.
", + "idempotencyToken":true + }, + "body":{ + "shape":"CommentBody", + "documentation":"Required element used in combination with CreateCaseComment to add content for the new comment.
" + } + } + }, + "CreateCaseCommentRequestClientTokenString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCaseCommentResponse":{ + "type":"structure", + "required":["commentId"], + "members":{ + "commentId":{ + "shape":"CommentId", + "documentation":"Response element indicating the new comment ID.
" + } + } + }, + "CreateCaseRequest":{ + "type":"structure", + "required":[ + "resolverType", + "title", + "description", + "engagementType", + "reportedIncidentStartDate", + "impactedAccounts", + "watchers" + ], + "members":{ + "clientToken":{ + "shape":"CreateCaseRequestClientTokenString", + "documentation":"Required element used in combination with CreateCase.
", + "idempotencyToken":true + }, + "resolverType":{ + "shape":"ResolverType", + "documentation":"Required element used in combination with CreateCase to identify the resolver type. Available resolvers include self-supported | aws-supported.
" + }, + "title":{ + "shape":"CaseTitle", + "documentation":"Required element used in combination with CreateCase to provide a title for the new case.
" + }, + "description":{ + "shape":"CaseDescription", + "documentation":"Required element used in combination with CreateCase to provide a description for the new case.
" + }, + "engagementType":{ + "shape":"EngagementType", + "documentation":"Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation
" + }, + "reportedIncidentStartDate":{ + "shape":"Timestamp", + "documentation":"Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.
" + }, + "impactedAccounts":{ + "shape":"ImpactedAccounts", + "documentation":"Required element used in combination with CreateCase to provide a list of impacted accounts.
" + }, + "watchers":{ + "shape":"Watchers", + "documentation":"Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.
" + }, + "threatActorIpAddresses":{ + "shape":"ThreatActorIpList", + "documentation":"An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.
" + }, + "impactedServices":{ + "shape":"ImpactedServicesList", + "documentation":"An optional element used in combination with CreateCase to provide a list of services impacted.
" + }, + "impactedAwsRegions":{ + "shape":"ImpactedAwsRegionList", + "documentation":"An optional element used in combination with CreateCase to provide a list of impacted regions.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"An optional element used in combination with CreateCase to add customer specified tags to a case.
" + } + } + }, + "CreateCaseRequestClientTokenString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCaseResponse":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"A response element providing responses for requests to CreateCase. This element responds with the case ID.
" + } + } + }, + "CreateMembershipRequest":{ + "type":"structure", + "required":[ + "membershipName", + "incidentResponseTeam" + ], + "members":{ + "clientToken":{ + "shape":"CreateMembershipRequestClientTokenString", + "documentation":"An optional element used in combination with CreateMembership.
", + "idempotencyToken":true + }, + "membershipName":{ + "shape":"MembershipName", + "documentation":"Required element use in combination with CreateMembership to create a name for the membership.
" + }, + "incidentResponseTeam":{ + "shape":"IncidentResponseTeam", + "documentation":"Required element use in combination with CreateMembership to add customer incident response team members and trusted partners to the membership.
" + }, + "optInFeatures":{ + "shape":"OptInFeatures", + "documentation":"Optional element to enable the monitoring and investigation opt-in features for the service.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"Optional element for customer configured tags.
" + } + } + }, + "CreateMembershipRequestClientTokenString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateMembershipResponse":{ + "type":"structure", + "required":["membershipId"], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"Response element for CreateMembership providing the newly created membership ID.
" + } + } + }, + "CustomerType":{ + "type":"string", + "enum":[ + "Standalone", + "Organization" + ] + }, + "EmailAddress":{ + "type":"string", + "max":254, + "min":6, + "pattern":"[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*", + "sensitive":true + }, + "EngagementType":{ + "type":"string", + "enum":[ + "Security Incident", + "Investigation" + ] + }, + "FileName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9._-]+", + "sensitive":true + }, + "GetCaseAttachmentDownloadUrlRequest":{ + "type":"structure", + "required":[ + "caseId", + "attachmentId" + ], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for GetCaseAttachmentDownloadUrl to identify the case ID for downloading an attachment from.
", + "location":"uri", + "locationName":"caseId" + }, + "attachmentId":{ + "shape":"AttachmentId", + "documentation":"Required element for GetCaseAttachmentDownloadUrl to identify the attachment ID for downloading an attachment.
", + "location":"uri", + "locationName":"attachmentId" + } + } + }, + "GetCaseAttachmentDownloadUrlResponse":{ + "type":"structure", + "required":["attachmentPresignedUrl"], + "members":{ + "attachmentPresignedUrl":{ + "shape":"Url", + "documentation":"Response element providing the Amazon S3 presigned URL to download an attachment.
" + } + } + }, + "GetCaseAttachmentUploadUrlRequest":{ + "type":"structure", + "required":[ + "caseId", + "fileName", + "contentLength" + ], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for GetCaseAttachmentUploadUrl to identify the case ID for uploading an attachment to.
", + "location":"uri", + "locationName":"caseId" + }, + "fileName":{ + "shape":"FileName", + "documentation":"Required element for GetCaseAttachmentUploadUrl to identify the file name of the attachment to upload.
" + }, + "contentLength":{ + "shape":"ContentLength", + "documentation":"Required element for GetCaseAttachmentUploadUrl to identify the size od the file attachment.
" + }, + "clientToken":{ + "shape":"GetCaseAttachmentUploadUrlRequestClientTokenString", + "documentation":"Optional element for customer provided token.
", + "idempotencyToken":true + } + } + }, + "GetCaseAttachmentUploadUrlRequestClientTokenString":{ + "type":"string", + "max":255, + "min":1 + }, + "GetCaseAttachmentUploadUrlResponse":{ + "type":"structure", + "required":["attachmentPresignedUrl"], + "members":{ + "attachmentPresignedUrl":{ + "shape":"Url", + "documentation":"Response element providing the Amazon S3 presigned UTL to upload the attachment.
" + } + } + }, + "GetCaseRequest":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for GetCase to identify the requested case ID.
", + "location":"uri", + "locationName":"caseId" + } + } + }, + "GetCaseResponse":{ + "type":"structure", + "members":{ + "title":{ + "shape":"CaseTitle", + "documentation":"Response element for GetCase that provides the case title.
" + }, + "caseArn":{ + "shape":"CaseArn", + "documentation":"Response element for GetCase that provides the case ARN
" + }, + "description":{ + "shape":"CaseDescription", + "documentation":"Response element for GetCase that provides contents of the case description.
" + }, + "caseStatus":{ + "shape":"CaseStatus", + "documentation":"Response element for GetCase that provides the case status. Options for statuses include Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed
Response element for GetCase that provides the engagement type. Options for engagement type include Active Security Event | Investigations
Response element for GetCase that provides the customer provided incident start date.
" + }, + "actualIncidentStartDate":{ + "shape":"Timestamp", + "documentation":"Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation.
" + }, + "impactedAwsRegions":{ + "shape":"ImpactedAwsRegionList", + "documentation":"Response element for GetCase that provides the impacted regions.
" + }, + "threatActorIpAddresses":{ + "shape":"ThreatActorIpList", + "documentation":"Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity.
" + }, + "pendingAction":{ + "shape":"PendingAction", + "documentation":"Response element for GetCase that provides identifies the case is waiting on customer input.
" + }, + "impactedAccounts":{ + "shape":"ImpactedAccounts", + "documentation":"Response element for GetCase that provides a list of impacted accounts.
" + }, + "watchers":{ + "shape":"Watchers", + "documentation":"Response element for GetCase that provides a list of Watchers added to the case.
" + }, + "createdDate":{ + "shape":"Timestamp", + "documentation":"Response element for GetCase that provides the date the case was created.
" + }, + "lastUpdatedDate":{ + "shape":"Timestamp", + "documentation":"Response element for GetCase that provides the date a case was last modified.
" + }, + "closureCode":{ + "shape":"ClosureCode", + "documentation":"Response element for GetCase that provides the summary code for why a case was closed.
" + }, + "resolverType":{ + "shape":"ResolverType", + "documentation":"Response element for GetCase that provides the current resolver types. Options include self-supported | AWS-supported.
Response element for GetCase that provides a list of impacted services.
" + }, + "caseAttachments":{ + "shape":"CaseAttachmentsList", + "documentation":"Response element for GetCase that provides a list of current case attachments.
" + }, + "closedDate":{ + "shape":"Timestamp", + "documentation":"Response element for GetCase that provides the date a specified case was closed.
" + } + } + }, + "GetMembershipAccountDetailError":{ + "type":"structure", + "required":[ + "accountId", + "error", + "message" + ], + "members":{ + "accountId":{ + "shape":"AWSAccountId", + "documentation":"" + }, + "error":{ + "shape":"String", + "documentation":"" + }, + "message":{ + "shape":"String", + "documentation":"" + } + }, + "documentation":"" + }, + "GetMembershipAccountDetailErrors":{ + "type":"list", + "member":{"shape":"GetMembershipAccountDetailError"}, + "max":100, + "min":0 + }, + "GetMembershipAccountDetailItem":{ + "type":"structure", + "members":{ + "accountId":{ + "shape":"AWSAccountId", + "documentation":"" + }, + "relationshipStatus":{ + "shape":"MembershipAccountRelationshipStatus", + "documentation":"" + }, + "relationshipType":{ + "shape":"MembershipAccountRelationshipType", + "documentation":"" + } + }, + "documentation":"" + }, + "GetMembershipAccountDetailItems":{ + "type":"list", + "member":{"shape":"GetMembershipAccountDetailItem"}, + "max":100, + "min":0 + }, + "GetMembershipRequest":{ + "type":"structure", + "required":["membershipId"], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"Required element for GetMembership to identify the membership ID to query.
", + "location":"uri", + "locationName":"membershipId" + } + } + }, + "GetMembershipResponse":{ + "type":"structure", + "required":["membershipId"], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"Response element for GetMembership that provides the queried membership ID.
" + }, + "accountId":{ + "shape":"AWSAccountId", + "documentation":"Response element for GetMembership that provides the configured account for managing the membership.
" + }, + "region":{ + "shape":"AwsRegion", + "documentation":"Response element for GetMembership that provides the configured region for managing the membership.
" + }, + "membershipName":{ + "shape":"MembershipName", + "documentation":"Response element for GetMembership that provides the configured membership name.
" + }, + "membershipArn":{ + "shape":"MembershipArn", + "documentation":"Response element for GetMembership that provides the membership ARN.
" + }, + "membershipStatus":{ + "shape":"MembershipStatus", + "documentation":"Response element for GetMembership that provides the current membership status.
" + }, + "membershipActivationTimestamp":{ + "shape":"Timestamp", + "documentation":"Response element for GetMembership that provides the configured membership activation timestamp.
" + }, + "membershipDeactivationTimestamp":{ + "shape":"Timestamp", + "documentation":"Response element for GetMembership that provides the configured membership name deactivation timestamp.
" + }, + "customerType":{ + "shape":"CustomerType", + "documentation":"Response element for GetMembership that provides the configured membership type. Options include Standalone | Organizations.
Response element for GetMembership that provides the number of accounts in the membership.
" + }, + "incidentResponseTeam":{ + "shape":"IncidentResponseTeam", + "documentation":"Response element for GetMembership that provides the configured membership incident response team members.
" + }, + "optInFeatures":{ + "shape":"OptInFeatures", + "documentation":"Response element for GetMembership that provides the if opt-in features have been enabled.
" + } + } + }, + "IPAddress":{ + "type":"string", + "pattern":"(?:(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))|(?:(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4})|(?:(?:[A-F0-9]{1,4}:){6}(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))", + "sensitive":true + }, + "ImpactedAccounts":{ + "type":"list", + "member":{"shape":"AWSAccountId"}, + "max":200, + "min":0 + }, + "ImpactedAwsRegion":{ + "type":"structure", + "required":["region"], + "members":{ + "region":{ + "shape":"AwsRegion", + "documentation":"" + } + }, + "documentation":"" + }, + "ImpactedAwsRegionList":{ + "type":"list", + "member":{"shape":"ImpactedAwsRegion"}, + "max":50, + "min":0 + }, + "ImpactedServicesList":{ + "type":"list", + "member":{"shape":"AwsService"}, + "max":600, + "min":0 + }, + "IncidentResponder":{ + "type":"structure", + "required":[ + "name", + "jobTitle", + "email" + ], + "members":{ + "name":{ + "shape":"IncidentResponderName", + "documentation":"" + }, + "jobTitle":{ + "shape":"JobTitle", + "documentation":"" + }, + "email":{ + "shape":"EmailAddress", + "documentation":"" + } + }, + "documentation":"" + }, + "IncidentResponderName":{ + "type":"string", + "max":50, + "min":3, + "sensitive":true + }, + "IncidentResponseTeam":{ + "type":"list", + "member":{"shape":"IncidentResponder"}, + "max":10, + "min":2 + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"}, + "retryAfterSeconds":{ + "shape":"Integer", + "documentation":"Element providing advice to clients on when the call can be safely retried.
", + "location":"header", + "locationName":"Retry-After" + } + }, + "documentation":"", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "InvalidTokenException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"", + "error":{ + "httpStatusCode":423, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":false} + }, + "JobTitle":{ + "type":"string", + "max":50, + "min":1, + "sensitive":true + }, + "ListCaseEditsRequest":{ + "type":"structure", + "required":["caseId"], + "members":{ + "nextToken":{ + "shape":"ListCaseEditsRequestNextTokenString", + "documentation":"Optional element for a customer provided token.
" + }, + "maxResults":{ + "shape":"ListCaseEditsRequestMaxResultsInteger", + "documentation":"Optional element to identify how many results to obtain. There is a maximum value of 25.
" + }, + "caseId":{ + "shape":"CaseId", + "documentation":"Required element used with ListCaseEdits to identify the case to query.
", + "location":"uri", + "locationName":"caseId" + } + } + }, + "ListCaseEditsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "ListCaseEditsRequestNextTokenString":{ + "type":"string", + "max":2000, + "min":0 + }, + "ListCaseEditsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"Optional element.
" + }, + "items":{ + "shape":"CaseEditItems", + "documentation":"Response element for ListCaseEdits that includes the action, eventtimestamp, message, and principal for the response.
" + }, + "total":{ + "shape":"Integer", + "documentation":"Response element for ListCaseEdits that identifies the total number of edits.
" + } + } + }, + "ListCasesItem":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"" + }, + "lastUpdatedDate":{ + "shape":"Timestamp", + "documentation":"" + }, + "title":{ + "shape":"CaseTitle", + "documentation":"" + }, + "caseArn":{ + "shape":"CaseArn", + "documentation":"" + }, + "engagementType":{ + "shape":"EngagementType", + "documentation":"" + }, + "caseStatus":{ + "shape":"CaseStatus", + "documentation":"" + }, + "createdDate":{ + "shape":"Timestamp", + "documentation":"" + }, + "closedDate":{ + "shape":"Timestamp", + "documentation":"" + }, + "resolverType":{ + "shape":"ResolverType", + "documentation":"" + }, + "pendingAction":{ + "shape":"PendingAction", + "documentation":"" + } + }, + "documentation":"" + }, + "ListCasesItems":{ + "type":"list", + "member":{"shape":"ListCasesItem"} + }, + "ListCasesRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"ListCasesRequestNextTokenString", + "documentation":"Optional element.
" + }, + "maxResults":{ + "shape":"ListCasesRequestMaxResultsInteger", + "documentation":"Optional element for ListCases to limit the number of responses.
" + } + } + }, + "ListCasesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "ListCasesRequestNextTokenString":{ + "type":"string", + "max":2000, + "min":0 + }, + "ListCasesResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"Optional element.
" + }, + "items":{ + "shape":"ListCasesItems", + "documentation":"Response element for ListCases that includes caseARN, caseID, caseStatus, closedDate, createdDate, engagementType, lastUpdatedDate, pendingAction, resolverType, and title for each response.
" + }, + "total":{ + "shape":"Long", + "documentation":"Response element for ListCases providing the total number of responses.
" + } + } + }, + "ListCommentsItem":{ + "type":"structure", + "required":["commentId"], + "members":{ + "commentId":{ + "shape":"CommentId", + "documentation":"" + }, + "createdDate":{ + "shape":"Timestamp", + "documentation":"" + }, + "lastUpdatedDate":{ + "shape":"Timestamp", + "documentation":"" + }, + "creator":{ + "shape":"PrincipalId", + "documentation":"" + }, + "lastUpdatedBy":{ + "shape":"PrincipalId", + "documentation":"" + }, + "body":{ + "shape":"CommentBody", + "documentation":"" + } + }, + "documentation":"" + }, + "ListCommentsItems":{ + "type":"list", + "member":{"shape":"ListCommentsItem"} + }, + "ListCommentsRequest":{ + "type":"structure", + "required":["caseId"], + "members":{ + "nextToken":{ + "shape":"ListCommentsRequestNextTokenString", + "documentation":"Optional element.
" + }, + "maxResults":{ + "shape":"ListCommentsRequestMaxResultsInteger", + "documentation":"Optional element for ListComments to limit the number of responses.
" + }, + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for ListComments to designate the case to query.
", + "location":"uri", + "locationName":"caseId" + } + } + }, + "ListCommentsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "ListCommentsRequestNextTokenString":{ + "type":"string", + "max":2000, + "min":0 + }, + "ListCommentsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"Optional request elements.
" + }, + "items":{ + "shape":"ListCommentsItems", + "documentation":"Response element for ListComments providing the body, commentID, createDate, creator, lastUpdatedBy and lastUpdatedDate for each response.
" + }, + "total":{ + "shape":"Integer", + "documentation":"Response element for ListComments identifying the number of responses.
" + } + } + }, + "ListMembershipItem":{ + "type":"structure", + "required":["membershipId"], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"" + }, + "accountId":{ + "shape":"AWSAccountId", + "documentation":"" + }, + "region":{ + "shape":"AwsRegion", + "documentation":"" + }, + "membershipArn":{ + "shape":"MembershipArn", + "documentation":"" + }, + "membershipStatus":{ + "shape":"MembershipStatus", + "documentation":"" + } + }, + "documentation":"" + }, + "ListMembershipItems":{ + "type":"list", + "member":{"shape":"ListMembershipItem"} + }, + "ListMembershipsRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"ListMembershipsRequestNextTokenString", + "documentation":"Optional element.
" + }, + "maxResults":{ + "shape":"ListMembershipsRequestMaxResultsInteger", + "documentation":"Request element for ListMemberships to limit the number of responses.
" + } + } + }, + "ListMembershipsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "ListMembershipsRequestNextTokenString":{ + "type":"string", + "max":2000, + "min":0 + }, + "ListMembershipsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"Optional element.
" + }, + "items":{ + "shape":"ListMembershipItems", + "documentation":"Request element for ListMemberships including the accountID, membershipARN, membershipID, membershipStatus, and region for each response.
" + } + } + }, + "ListTagsForResourceInput":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"Required element for ListTagsForResource to provide the ARN to identify a specific resource.
", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceOutput":{ + "type":"structure", + "required":["tags"], + "members":{ + "tags":{ + "shape":"TagMap", + "documentation":"Response element for ListTagsForResource providing content for each configured tag.
" + } + } + }, + "Long":{ + "type":"long", + "box":true + }, + "MembershipAccountRelationshipStatus":{ + "type":"string", + "enum":[ + "Associated", + "Disassociated" + ] + }, + "MembershipAccountRelationshipType":{ + "type":"string", + "enum":["Organization"] + }, + "MembershipArn":{ + "type":"string", + "max":80, + "min":12, + "pattern":"arn:aws:security-ir:\\w+?-\\w+?-\\d+:[0-9]{12}:membership/m-[a-z0-9]{10,32}" + }, + "MembershipId":{ + "type":"string", + "max":34, + "min":12, + "pattern":"m-[a-z0-9]{10,32}" + }, + "MembershipName":{ + "type":"string", + "max":50, + "min":3, + "sensitive":true + }, + "MembershipStatus":{ + "type":"string", + "enum":[ + "Active", + "Cancelled", + "Terminated" + ] + }, + "OptInFeature":{ + "type":"structure", + "required":[ + "featureName", + "isEnabled" + ], + "members":{ + "featureName":{ + "shape":"OptInFeatureName", + "documentation":"" + }, + "isEnabled":{ + "shape":"Boolean", + "documentation":"" + } + }, + "documentation":"" + }, + "OptInFeatureName":{ + "type":"string", + "enum":["Triage"] + }, + "OptInFeatures":{ + "type":"list", + "member":{"shape":"OptInFeature"}, + "max":2, + "min":1 + }, + "PendingAction":{ + "type":"string", + "enum":[ + "Customer", + "None" + ] + }, + "PersonName":{ + "type":"string", + "max":50, + "min":1, + "sensitive":true + }, + "PrincipalId":{ + "type":"string", + "pattern":".*(^internal:midway:([a-z]{3,8}|svc-mw-[0-9]{12}[a-zA-Z0-9-]{5,20})$)|(^external:aws:\\d{12}$).*" + }, + "ResolverType":{ + "type":"string", + "enum":[ + "AWS", + "Self" + ] + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "SecurityIncidentResponseNotActiveException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "SelfManagedCaseStatus":{ + "type":"string", + "enum":[ + "Submitted", + "Detection and Analysis", + "Containment, Eradication and Recovery", + "Post-incident Activities" + ] + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType", + "serviceCode", + "quotaCode" + ], + "members":{ + "message":{"shape":"String"}, + "resourceId":{ + "shape":"String", + "documentation":"Element that provides the ID of the resource affected.
" + }, + "resourceType":{ + "shape":"String", + "documentation":"Element that provides the type of the resource affected.
" + }, + "serviceCode":{ + "shape":"String", + "documentation":"Element that provides the originating service who made the call.
" + }, + "quotaCode":{ + "shape":"String", + "documentation":"Element that provides the quota that was exceeded.
" + } + }, + "documentation":"", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "String":{"type":"string"}, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeys":{ + "type":"list", + "member":{"shape":"TagKey"} + }, + "TagMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":200, + "min":0 + }, + "TagResourceInput":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"Required element for TagResource to identify the ARN for the resource to add a tag to.
", + "location":"uri", + "locationName":"resourceArn" + }, + "tags":{ + "shape":"TagMap", + "documentation":"Required element for ListTagsForResource to provide the content for a tag.
" + } + } + }, + "TagResourceOutput":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "ThreatActorIp":{ + "type":"structure", + "required":["ipAddress"], + "members":{ + "ipAddress":{ + "shape":"IPAddress", + "documentation":"" + }, + "userAgent":{ + "shape":"UserAgent", + "documentation":"" + } + }, + "documentation":"" + }, + "ThreatActorIpList":{ + "type":"list", + "member":{"shape":"ThreatActorIp"}, + "max":200, + "min":0 + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"}, + "serviceCode":{ + "shape":"String", + "documentation":"Element providing the service code of the originating service.
" + }, + "quotaCode":{ + "shape":"String", + "documentation":"Element providing the quota of the originating service.
" + }, + "retryAfterSeconds":{ + "shape":"Integer", + "documentation":"Element providing advice to clients on when the call can be safely retried.
", + "location":"header", + "locationName":"Retry-After" + } + }, + "documentation":"", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":true} + }, + "Timestamp":{"type":"timestamp"}, + "UntagResourceInput":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"Required element for UnTagResource to identify the ARN for the resource to remove a tag from.
", + "location":"uri", + "locationName":"resourceArn" + }, + "tagKeys":{ + "shape":"TagKeys", + "documentation":"Required element for UnTagResource to identify tag to remove.
", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceOutput":{ + "type":"structure", + "members":{ + } + }, + "UpdateCaseCommentRequest":{ + "type":"structure", + "required":[ + "caseId", + "commentId", + "body" + ], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for UpdateCaseComment to identify the case ID containing the comment to be updated.
", + "location":"uri", + "locationName":"caseId" + }, + "commentId":{ + "shape":"CommentId", + "documentation":"Required element for UpdateCaseComment to identify the case ID to be updated.
", + "location":"uri", + "locationName":"commentId" + }, + "body":{ + "shape":"CommentBody", + "documentation":"Required element for UpdateCaseComment to identify the content for the comment to be updated.
" + } + } + }, + "UpdateCaseCommentResponse":{ + "type":"structure", + "required":["commentId"], + "members":{ + "commentId":{ + "shape":"CommentId", + "documentation":"Response element for UpdateCaseComment providing the updated comment ID.
" + }, + "body":{ + "shape":"CommentBody", + "documentation":"Response element for UpdateCaseComment providing the updated comment content.
" + } + } + }, + "UpdateCaseRequest":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for UpdateCase to identify the case ID for updates.
", + "location":"uri", + "locationName":"caseId" + }, + "title":{ + "shape":"CaseTitle", + "documentation":"Optional element for UpdateCase to provide content for the title field.
" + }, + "description":{ + "shape":"CaseDescription", + "documentation":"Optional element for UpdateCase to provide content for the description field.
" + }, + "reportedIncidentStartDate":{ + "shape":"Timestamp", + "documentation":"Optional element for UpdateCase to provide content for the customer reported incident start date field.
" + }, + "actualIncidentStartDate":{ + "shape":"Timestamp", + "documentation":"Optional element for UpdateCase to provide content for the incident start date field.
" + }, + "engagementType":{ + "shape":"EngagementType", + "documentation":"Optional element for UpdateCase to provide content for the engagement type field. Available engagement types include Security Incident | Investigation.
Optional element for UpdateCase to provide content to add additional watchers to a case.
" + }, + "watchersToDelete":{ + "shape":"Watchers", + "documentation":"Optional element for UpdateCase to provide content to remove existing watchers from a case.
" + }, + "threatActorIpAddressesToAdd":{ + "shape":"ThreatActorIpList", + "documentation":"Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case.
" + }, + "threatActorIpAddressesToDelete":{ + "shape":"ThreatActorIpList", + "documentation":"Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case.
" + }, + "impactedServicesToAdd":{ + "shape":"ImpactedServicesList", + "documentation":"Optional element for UpdateCase to provide content to add services impacted.
" + }, + "impactedServicesToDelete":{ + "shape":"ImpactedServicesList", + "documentation":"Optional element for UpdateCase to provide content to remove services impacted.
" + }, + "impactedAwsRegionsToAdd":{ + "shape":"ImpactedAwsRegionList", + "documentation":"Optional element for UpdateCase to provide content to add regions impacted.
" + }, + "impactedAwsRegionsToDelete":{ + "shape":"ImpactedAwsRegionList", + "documentation":"Optional element for UpdateCase to provide content to remove regions impacted.
" + }, + "impactedAccountsToAdd":{ + "shape":"ImpactedAccounts", + "documentation":"Optional element for UpdateCase to provide content to add accounts impacted.
" + }, + "impactedAccountsToDelete":{ + "shape":"ImpactedAccounts", + "documentation":"Optional element for UpdateCase to provide content to add accounts impacted.
" + } + } + }, + "UpdateCaseResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateCaseStatusRequest":{ + "type":"structure", + "required":[ + "caseId", + "caseStatus" + ], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for UpdateCaseStatus to identify the case to update.
", + "location":"uri", + "locationName":"caseId" + }, + "caseStatus":{ + "shape":"SelfManagedCaseStatus", + "documentation":"Required element for UpdateCaseStatus to identify the status for a case. Options include Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities.
Response element for UpdateCaseStatus showing the newly configured status.
" + } + } + }, + "UpdateMembershipRequest":{ + "type":"structure", + "required":["membershipId"], + "members":{ + "membershipId":{ + "shape":"MembershipId", + "documentation":"Required element for UpdateMembership to identify the membership to update.
", + "location":"uri", + "locationName":"membershipId" + }, + "membershipName":{ + "shape":"MembershipName", + "documentation":"Optional element for UpdateMembership to update the membership name.
" + }, + "incidentResponseTeam":{ + "shape":"IncidentResponseTeam", + "documentation":"Optional element for UpdateMembership to update the membership name.
" + }, + "optInFeatures":{ + "shape":"OptInFeatures", + "documentation":"Optional element for UpdateMembership to enable or disable opt-in features for the service.
" + } + } + }, + "UpdateMembershipResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateResolverTypeRequest":{ + "type":"structure", + "required":[ + "caseId", + "resolverType" + ], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Required element for UpdateResolverType to identify the case to update.
", + "location":"uri", + "locationName":"caseId" + }, + "resolverType":{ + "shape":"ResolverType", + "documentation":"Required element for UpdateResolverType to identify the new resolver.
" + } + } + }, + "UpdateResolverTypeResponse":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Response element for UpdateResolver identifying the case ID being updated.
" + }, + "caseStatus":{ + "shape":"CaseStatus", + "documentation":"Response element for UpdateResolver identifying the current status of the case.
" + }, + "resolverType":{ + "shape":"ResolverType", + "documentation":"Response element for UpdateResolver identifying the current resolver of the case.
" + } + } + }, + "Url":{ + "type":"string", + "pattern":"https?://(?:www.)?[a-zA-Z0-9@:._+~#=-]{2,256}\\.[a-z]{2,6}\\b(?:[-a-zA-Z0-9@:%_+.~#?&/=]{0,2048})", + "sensitive":true + }, + "UserAgent":{ + "type":"string", + "max":500, + "min":0 + }, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{"shape":"String"}, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"Element that provides the reason the request failed validation.
" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"Element that provides the list of field(s) that caused the error, if applicable.
" + } + }, + "documentation":"", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"" + }, + "message":{ + "shape":"String", + "documentation":"" + } + }, + "documentation":"" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "UNKNOWN_OPERATION", + "CANNOT_PARSE", + "FIELD_VALIDATION_FAILED", + "OTHER" + ] + }, + "Watcher":{ + "type":"structure", + "required":["email"], + "members":{ + "email":{ + "shape":"EmailAddress", + "documentation":"" + }, + "name":{ + "shape":"PersonName", + "documentation":"" + }, + "jobTitle":{ + "shape":"JobTitle", + "documentation":"" + } + }, + "documentation":"" + }, + "Watchers":{ + "type":"list", + "member":{"shape":"Watcher"}, + "max":30, + "min":0 + } + }, + "documentation":"This guide provides documents the action and response elements for customer use of the service.
" +} diff --git a/services/securityir/src/main/resources/codegen-resources/waiters-2.json b/services/securityir/src/main/resources/codegen-resources/waiters-2.json new file mode 100644 index 00000000000..13f60ee66be --- /dev/null +++ b/services/securityir/src/main/resources/codegen-resources/waiters-2.json @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} From f410ee04e275ee503c6b28afb3f43f01127f0f2e Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:07 +0000 Subject: [PATCH 28/35] Amazon FSx Update: FSx API changes to support the public launch of the Amazon FSx Intelligent Tiering for OpenZFS storage class. --- .../feature-AmazonFSx-bef794e.json | 6 ++ .../codegen-resources/service-2.json | 56 ++++++++++++++++--- 2 files changed, 55 insertions(+), 7 deletions(-) create mode 100644 .changes/next-release/feature-AmazonFSx-bef794e.json diff --git a/.changes/next-release/feature-AmazonFSx-bef794e.json b/.changes/next-release/feature-AmazonFSx-bef794e.json new file mode 100644 index 00000000000..c74ac64fbad --- /dev/null +++ b/.changes/next-release/feature-AmazonFSx-bef794e.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon FSx", + "contributor": "", + "description": "FSx API changes to support the public launch of the Amazon FSx Intelligent Tiering for OpenZFS storage class." +} diff --git a/services/fsx/src/main/resources/codegen-resources/service-2.json b/services/fsx/src/main/resources/codegen-resources/service-2.json index 9236632067f..fc694300260 100644 --- a/services/fsx/src/main/resources/codegen-resources/service-2.json +++ b/services/fsx/src/main/resources/codegen-resources/service-2.json @@ -740,7 +740,7 @@ {"shape":"MissingFileSystemConfiguration"}, {"shape":"ServiceLimitExceeded"} ], - "documentation":"Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.
For FSx for Windows File Server file systems, you can update the following properties:
AuditLogConfiguration
AutomaticBackupRetentionDays
DailyAutomaticBackupStartTime
SelfManagedActiveDirectoryConfiguration
StorageCapacity
StorageType
ThroughputCapacity
DiskIopsConfiguration
WeeklyMaintenanceStartTime
For FSx for Lustre file systems, you can update the following properties:
AutoImportPolicy
AutomaticBackupRetentionDays
DailyAutomaticBackupStartTime
DataCompressionType
LogConfiguration
LustreRootSquashConfiguration
MetadataConfiguration
PerUnitStorageThroughput
StorageCapacity
WeeklyMaintenanceStartTime
For FSx for ONTAP file systems, you can update the following properties:
AddRouteTableIds
AutomaticBackupRetentionDays
DailyAutomaticBackupStartTime
DiskIopsConfiguration
FsxAdminPassword
HAPairs
RemoveRouteTableIds
StorageCapacity
ThroughputCapacity
ThroughputCapacityPerHAPair
WeeklyMaintenanceStartTime
For FSx for OpenZFS file systems, you can update the following properties:
AddRouteTableIds
AutomaticBackupRetentionDays
CopyTagsToBackups
CopyTagsToVolumes
DailyAutomaticBackupStartTime
DiskIopsConfiguration
RemoveRouteTableIds
StorageCapacity
ThroughputCapacity
WeeklyMaintenanceStartTime
Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.
For FSx for Windows File Server file systems, you can update the following properties:
AuditLogConfiguration
AutomaticBackupRetentionDays
DailyAutomaticBackupStartTime
SelfManagedActiveDirectoryConfiguration
StorageCapacity
StorageType
ThroughputCapacity
DiskIopsConfiguration
WeeklyMaintenanceStartTime
For FSx for Lustre file systems, you can update the following properties:
AutoImportPolicy
AutomaticBackupRetentionDays
DailyAutomaticBackupStartTime
DataCompressionType
LogConfiguration
LustreRootSquashConfiguration
MetadataConfiguration
PerUnitStorageThroughput
StorageCapacity
WeeklyMaintenanceStartTime
For FSx for ONTAP file systems, you can update the following properties:
AddRouteTableIds
AutomaticBackupRetentionDays
DailyAutomaticBackupStartTime
DiskIopsConfiguration
FsxAdminPassword
HAPairs
RemoveRouteTableIds
StorageCapacity
ThroughputCapacity
ThroughputCapacityPerHAPair
WeeklyMaintenanceStartTime
For FSx for OpenZFS file systems, you can update the following properties:
AddRouteTableIds
AutomaticBackupRetentionDays
CopyTagsToBackups
CopyTagsToVolumes
DailyAutomaticBackupStartTime
DiskIopsConfiguration
ReadCacheConfiguration
RemoveRouteTableIds
StorageCapacity
ThroughputCapacity
WeeklyMaintenanceStartTime
Specifies the resource type that's backed up.
" }, - "Volume":{"shape":"Volume"} + "Volume":{"shape":"Volume"}, + "SizeInBytes":{ + "shape":"SizeInBytes", + "documentation":"The size of the backup in bytes. This represents the amount of data that the file system would contain if you restore this backup.
" + } }, "documentation":"A backup of an Amazon FSx for Windows File Server, Amazon FSx for Lustre file system, Amazon FSx for NetApp ONTAP volume, or Amazon FSx for OpenZFS file system.
" }, @@ -1870,6 +1874,10 @@ "RouteTableIds":{ "shape":"RouteTableIds", "documentation":"(Multi-AZ only) Specifies the route tables in which Amazon FSx creates the rules for routing traffic to the correct file server. You should specify all virtual private cloud (VPC) route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.
" + }, + "ReadCacheConfiguration":{ + "shape":"OpenZFSReadCacheConfiguration", + "documentation":"Specifies the optional provisioned SSD read cache on file systems that use the Intelligent-Tiering storage class.
" } }, "documentation":"The Amazon FSx for OpenZFS configuration properties for the file system that you are creating.
" @@ -1878,7 +1886,6 @@ "type":"structure", "required":[ "FileSystemType", - "StorageCapacity", "SubnetIds" ], "members":{ @@ -1897,7 +1904,7 @@ }, "StorageType":{ "shape":"StorageType", - "documentation":"Sets the storage type for the file system that you're creating. Valid values are SSD and HDD.
Set to SSD to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types.
Set to HDD to use hard disk drive storage. HDD is supported on SINGLE_AZ_2 and MULTI_AZ_1 Windows file system deployment types, and on PERSISTENT_1 Lustre file system deployment types.
Default value is SSD. For more information, see Storage type options in the FSx for Windows File Server User Guide and Multiple storage options in the FSx for Lustre User Guide.
Sets the storage class for the file system that you're creating. Valid values are SSD, HDD, and INTELLIGENT_TIERING.
Set to SSD to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types.
Set to HDD to use hard disk drive storage. HDD is supported on SINGLE_AZ_2 and MULTI_AZ_1 Windows file system deployment types, and on PERSISTENT_1 Lustre file system deployment types.
Set to INTELLIGENT_TIERING to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type.
Default value is SSD. For more information, see Storage type options in the FSx for Windows File Server User Guide, Multiple storage options in the FSx for Lustre User Guide, and Working with Intelligent-Tiering in the Amazon FSx for OpenZFS User Guide.
Specifies the suggested block size for a volume in a ZFS dataset, in kibibytes (KiB). Valid values are 4, 8, 16, 32, 64, 128, 256, 512, or 1024 KiB. The default is 128 KiB. We recommend using the default setting for the majority of use cases. Generally, workloads that write in fixed small or large record sizes may benefit from setting a custom record size, like database workloads (small record size) or media streaming workloads (large record size). For additional guidance on when to set a custom record size, see ZFS Record size in the Amazon FSx for OpenZFS User Guide.
" + "documentation":"Specifies the suggested block size for a volume in a ZFS dataset, in kibibytes (KiB). For file systems using the Intelligent-Tiering storage class, valid values are 128, 256, 512, 1024, 2048, or 4096 KiB, with a default of 2048 KiB. For all other file systems, valid values are 4, 8, 16, 32, 64, 128, 256, 512, or 1024 KiB, with a default of 128 KiB. We recommend using the default setting for the majority of use cases. Generally, workloads that write in fixed small or large record sizes may benefit from setting a custom record size, like database workloads (small record size) or media streaming workloads (large record size). For additional guidance on when to set a custom record size, see ZFS Record size in the Amazon FSx for OpenZFS User Guide.
" }, "DataCompressionType":{ "shape":"OpenZFSDataCompressionType", @@ -3948,7 +3955,7 @@ }, "IntegerRecordSizeKiB":{ "type":"integer", - "max":1024, + "max":4096, "min":4 }, "InternalServerError":{ @@ -4642,6 +4649,10 @@ "EndpointIpAddress":{ "shape":"IpAddress", "documentation":"The IP address of the endpoint that is used to access data or to manage the file system.
" + }, + "ReadCacheConfiguration":{ + "shape":"OpenZFSReadCacheConfiguration", + "documentation":" Required when StorageType is set to INTELLIGENT_TIERING. Specifies the optional provisioned SSD read cache.
The configuration for the Amazon FSx for OpenZFS file system.
" @@ -4692,6 +4703,28 @@ "GROUP" ] }, + "OpenZFSReadCacheConfiguration":{ + "type":"structure", + "members":{ + "SizingMode":{ + "shape":"OpenZFSReadCacheSizingMode", + "documentation":"Specifies how the provisioned SSD read cache is sized, as follows:
Set to NO_CACHE if you do not want to use an SSD read cache with your Intelligent-Tiering file system.
Set to USER_PROVISIONED to specify the exact size of your SSD read cache.
Set to PROPORTIONAL_TO_THROUGHPUT_CAPACITY to have your SSD read cache automatically sized based on your throughput capacity.
Required if SizingMode is set to USER_PROVISIONED. Specifies the size of the file system's SSD read cache, in gibibytes (GiB).
The configuration for the optional provisioned SSD read cache on file systems that use the Intelligent-Tiering storage class.
" + }, + "OpenZFSReadCacheSizingMode":{ + "type":"string", + "enum":[ + "NO_CACHE", + "USER_PROVISIONED", + "PROPORTIONAL_TO_THROUGHPUT_CAPACITY" + ] + }, "OpenZFSUserAndGroupQuotas":{ "type":"list", "member":{"shape":"OpenZFSUserOrGroupQuota"}, @@ -5172,6 +5205,10 @@ "documentation":"An error indicating that a particular service limit was exceeded. You can increase some service limits by contacting Amazon Web Services Support.
", "exception":true }, + "SizeInBytes":{ + "type":"long", + "min":0 + }, "SnaplockConfiguration":{ "type":"structure", "members":{ @@ -5398,7 +5435,8 @@ "documentation":"Specifies the file system's storage type.
", "enum":[ "SSD", - "HDD" + "HDD", + "INTELLIGENT_TIERING" ] }, "StorageVirtualMachine":{ @@ -5943,6 +5981,10 @@ "RemoveRouteTableIds":{ "shape":"RouteTableIds", "documentation":"(Multi-AZ only) A list of IDs of existing virtual private cloud (VPC) route tables to disassociate (remove) from your Amazon FSx for OpenZFS file system. You can use the API operation to retrieve the list of VPC route table IDs for a file system.
" + }, + "ReadCacheConfiguration":{ + "shape":"OpenZFSReadCacheConfiguration", + "documentation":"The configuration for the optional provisioned SSD read cache on file systems that use the Intelligent-Tiering storage class.
" } }, "documentation":"The configuration updates for an Amazon FSx for OpenZFS file system.
" From 772b6938da657f0176ec9a2f51abe958f695effd Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:23 +0000 Subject: [PATCH 29/35] Amazon EC2 Container Service Update: This release adds support for Container Insights with Enhanced Observability for Amazon ECS. --- ...ure-AmazonEC2ContainerService-889d675.json | 6 +++++ .../codegen-resources/service-2.json | 24 +++++++++---------- 2 files changed, 18 insertions(+), 12 deletions(-) create mode 100644 .changes/next-release/feature-AmazonEC2ContainerService-889d675.json diff --git a/.changes/next-release/feature-AmazonEC2ContainerService-889d675.json b/.changes/next-release/feature-AmazonEC2ContainerService-889d675.json new file mode 100644 index 00000000000..de5346ab27c --- /dev/null +++ b/.changes/next-release/feature-AmazonEC2ContainerService-889d675.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon EC2 Container Service", + "contributor": "", + "description": "This release adds support for Container Insights with Enhanced Observability for Amazon ECS." +} diff --git a/services/ecs/src/main/resources/codegen-resources/service-2.json b/services/ecs/src/main/resources/codegen-resources/service-2.json index 955d7e80c18..4a7000b9d2d 100644 --- a/services/ecs/src/main/resources/codegen-resources/service-2.json +++ b/services/ecs/src/main/resources/codegen-resources/service-2.json @@ -135,7 +135,7 @@ {"shape":"ClientException"}, {"shape":"InvalidParameterException"} ], - "documentation":"Deletes the specified capacity provider.
The FARGATE and FARGATE_SPOT capacity providers are reserved and can't be deleted. You can disassociate them from a cluster using either PutCapacityProviderProviders or by deleting the cluster.
Prior to a capacity provider being deleted, the capacity provider must be removed from the capacity provider strategy from all services. The UpdateService API can be used to remove a capacity provider from a service's capacity provider strategy. When updating a service, the forceNewDeployment option can be used to ensure that any tasks using the Amazon EC2 instance capacity provided by the capacity provider are transitioned to use the capacity from the remaining capacity providers. Only capacity providers that aren't associated with a cluster can be deleted. To remove a capacity provider from a cluster, you can either use PutClusterCapacityProviders or delete the cluster.
Deletes the specified capacity provider.
The FARGATE and FARGATE_SPOT capacity providers are reserved and can't be deleted. You can disassociate them from a cluster using either PutClusterCapacityProviders or by deleting the cluster.
Prior to a capacity provider being deleted, the capacity provider must be removed from the capacity provider strategy from all services. The UpdateService API can be used to remove a capacity provider from a service's capacity provider strategy. When updating a service, the forceNewDeployment option can be used to ensure that any tasks using the Amazon EC2 instance capacity provided by the capacity provider are transitioned to use the capacity from the remaining capacity providers. Only capacity providers that aren't associated with a cluster can be deleted. To remove a capacity provider from a cluster, you can either use PutClusterCapacityProviders or delete the cluster.
Describes one or more of your clusters.
" + "documentation":"Describes one or more of your clusters.
For CLI examples, see describe-clusters.rst on GitHub.
" }, "DescribeContainerInstances":{ "name":"DescribeContainerInstances", @@ -1197,7 +1197,7 @@ }, "assignPublicIp":{ "shape":"AssignPublicIp", - "documentation":"Whether the task's elastic network interface receives a public IP address. The default value is DISABLED.
Whether the task's elastic network interface receives a public IP address. The default value is ENABLED.
An object representing the networking details for a task or service. For example awsVpcConfiguration={subnets=[\"subnet-12344321\"],securityGroups=[\"sg-12344321\"]}.
The value to set for the cluster setting. The supported values are enabled and disabled.
If you set name to containerInsights and value to enabled, CloudWatch Container Insights will be on for the cluster, otherwise it will be off unless the containerInsights account setting is turned on. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.
The value to set for the cluster setting. The supported values are enhanced, enabled, and disabled.
To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.
To use Container Insights, set the containerInsights account setting to enabled.
If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.
The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.
" + "documentation":"The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights with enhanced observability or CloudWatch Container Insights for a cluster.
Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.
For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.
" }, "ClusterSettingName":{ "type":"string", @@ -2989,7 +2989,7 @@ "members":{ "cluster":{ "shape":"String", - "documentation":"The short name or full Amazon Resource Name (ARN) of the cluster that hosts the task or tasks to describe. If you do not specify a cluster, the default cluster is assumed. This parameter is required if the task or tasks you are describing were launched in any cluster other than the default cluster.
" + "documentation":"The short name or full Amazon Resource Name (ARN) of the cluster that hosts the task or tasks to describe. If you do not specify a cluster, the default cluster is assumed. This parameter is required. If you do not specify a value, the default cluster is used.
The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 20 GiB and the maximum supported value is 200 GiB.
The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB.
The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see Using data volumes in tasks in the Amazon ECS Developer Guide;.
For tasks using the Fargate launch type, the task requires the following platforms:
Linux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.
The cluster that hosts the service. This can either be the cluster name or ARN. Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performanceIf you don't specify a cluster, deault is used.
The cluster that hosts the service. This can either be the cluster name or ARN. Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performanceIf you don't specify a cluster, default is used.
The resource name for which to modify the account setting.
The following are the valid values for the account setting name.
serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
containerInsights - When modified, the default setting indicating whether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If containerInsights is turned on, any new clusters that are created will have Container Insights turned on unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.
fargateFIPSMode - If you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected.
fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.
tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.
guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The resource name for which to modify the account setting.
The following are the valid values for the account setting name.
serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.
To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.
To use Container Insights, set the containerInsights account setting to enabled.
For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.
dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.
fargateFIPSMode - If you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected.
fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.
tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.
guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The account setting value for the specified principal ARN. Accepted values are enabled, disabled, on, and off.
When you specify fargateTaskRetirementWaitPeriod for the name, the following are the valid values:
0 - Amazon Web Services sends the notification, and immediately retires the affected tasks.
7 - Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.
14 - Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.
The account setting value for the specified principal ARN. Accepted values are enabled, disabled, on, enhanced, and off.
When you specify fargateTaskRetirementWaitPeriod for the name, the following are the valid values:
0 - Amazon Web Services sends the notification, and immediately retires the affected tasks.
7 - Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.
14 - Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.
The Amazon ECS account setting name to modify.
The following are the valid values for the account setting name.
serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
containerInsights - When modified, the default setting indicating whether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If containerInsights is turned on, any new clusters that are created will have Container Insights turned on unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.
fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.
tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.
guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The Amazon ECS account setting name to modify.
The following are the valid values for the account setting name.
serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.
To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.
To use Container Insights, set the containerInsights account setting to enabled.
For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.
dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.
fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.
tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.
guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The account setting value for the specified principal ARN. Accepted values are enabled, disabled, on, and off.
When you specify fargateTaskRetirementWaitPeriod for the name, the following are the valid values:
0 - Amazon Web Services sends the notification, and immediately retires the affected tasks.
7 - Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.
14 - Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.
The account setting value for the specified principal ARN. Accepted values are enabled, disabled, enhanced, on, and off.
When you specify fargateTaskRetirementWaitPeriod for the name, the following are the valid values:
0 - Amazon Web Services sends the notification, and immediately retires the affected tasks.
7 - Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.
14 - Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.
Gets details and status of a phone number that’s claimed to your Amazon Connect instance or traffic distribution group.
If the number is claimed to a traffic distribution group, and you are calling in the Amazon Web Services Region where the traffic distribution group was created, you can use either a phone number ARN or UUID value for the PhoneNumberId URI request parameter. However, if the number is claimed to a traffic distribution group and you are calling this API in the alternate Amazon Web Services Region associated with the traffic distribution group, you must provide a full phone number ARN. If a UUID is provided in this scenario, you will receive a ResourceNotFoundException.
Gets details and status of a phone number that’s claimed to your Amazon Connect instance or traffic distribution group.
If the number is claimed to a traffic distribution group, and you are calling in the Amazon Web Services Region where the traffic distribution group was created, you can use either a phone number ARN or UUID value for the PhoneNumberId URI request parameter. However, if the number is claimed to a traffic distribution group and you are calling this API in the alternate Amazon Web Services Region associated with the traffic distribution group, you must provide a full phone number ARN. If a UUID is provided in this scenario, you receive a ResourceNotFoundException.
Imports a claimed phone number from an external service, such as Amazon Pinpoint, into an Amazon Connect instance. You can call this API only in the same Amazon Web Services Region where the Amazon Connect instance was created.
Call the DescribePhoneNumber API to verify the status of a previous ImportPhoneNumber operation.
If you plan to claim or import numbers and then release numbers frequently, contact us for a service quota exception. Otherwise, it is possible you will be blocked from claiming and releasing any more numbers until up to 180 days past the oldest number released has expired.
By default you can claim or import and then release up to 200% of your maximum number of active phone numbers. If you claim or import and then release phone numbers using the UI or API during a rolling 180 day cycle that exceeds 200% of your phone number service level quota, you will be blocked from claiming or importing any more numbers until 180 days past the oldest number released has expired.
For example, if you already have 99 claimed or imported numbers and a service level quota of 99 phone numbers, and in any 180 day period you release 99, claim 99, and then release 99, you will have exceeded the 200% limit. At that point you are blocked from claiming any more numbers until you open an Amazon Web Services Support ticket.
" + "documentation":"Imports a claimed phone number from an external service, such as Amazon Web Services End User Messaging, into an Amazon Connect instance. You can call this API only in the same Amazon Web Services Region where the Amazon Connect instance was created.
Call the DescribePhoneNumber API to verify the status of a previous ImportPhoneNumber operation.
If you plan to claim or import numbers and then release numbers frequently, contact us for a service quota exception. Otherwise, it is possible you will be blocked from claiming and releasing any more numbers until up to 180 days past the oldest number released has expired.
By default you can claim or import and then release up to 200% of your maximum number of active phone numbers. If you claim or import and then release phone numbers using the UI or API during a rolling 180 day cycle that exceeds 200% of your phone number service level quota, you will be blocked from claiming or importing any more numbers until 180 days past the oldest number released has expired.
For example, if you already have 99 claimed or imported numbers and a service level quota of 99 phone numbers, and in any 180 day period you release 99, claim 99, and then release 99, you will have exceeded the 200% limit. At that point you are blocked from claiming any more numbers until you open an Amazon Web Services Support ticket.
" }, "ListAgentStatuses":{ "name":"ListAgentStatuses", @@ -3444,7 +3444,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Processes chat integration events from Amazon Web Services or external integrations to Amazon Connect. A chat integration event includes:
SourceId, DestinationId, and Subtype: a set of identifiers, uniquely representing a chat
ChatEvent: details of the chat action to perform such as sending a message, event, or disconnecting from a chat
When a chat integration event is sent with chat identifiers that do not map to an active chat contact, a new chat contact is also created before handling chat action.
Access to this API is currently restricted to Amazon Pinpoint for supporting SMS integration.
" + "documentation":"Processes chat integration events from Amazon Web Services or external integrations to Amazon Connect. A chat integration event includes:
SourceId, DestinationId, and Subtype: a set of identifiers, uniquely representing a chat
ChatEvent: details of the chat action to perform such as sending a message, event, or disconnecting from a chat
When a chat integration event is sent with chat identifiers that do not map to an active chat contact, a new chat contact is also created before handling chat action.
Access to this API is currently restricted to Amazon Web Services End User Messaging for supporting SMS integration.
" }, "SendOutboundEmail":{ "name":"SendOutboundEmail", @@ -3588,7 +3588,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Initiates a new outbound SMS contact to a customer. Response of this API provides the ContactId of the outbound SMS contact created.
SourceEndpoint only supports Endpoints with CONNECT_PHONENUMBER_ARN as Type and DestinationEndpoint only supports Endpoints with TELEPHONE_NUMBER as Type. ContactFlowId initiates the flow to manage the new SMS contact created.
This API can be used to initiate outbound SMS contacts for an agent or it can also deflect an ongoing contact to an outbound SMS contact by using the StartOutboundChatContact Flow Action.
For more information about using SMS in Amazon Connect, see the following topics in the Amazon Connect Administrator Guide:
" + "documentation":"Initiates a new outbound SMS contact to a customer. Response of this API provides the ContactId of the outbound SMS contact created.
SourceEndpoint only supports Endpoints with CONNECT_PHONENUMBER_ARN as Type and DestinationEndpoint only supports Endpoints with TELEPHONE_NUMBER as Type. ContactFlowId initiates the flow to manage the new SMS contact created.
This API can be used to initiate outbound SMS contacts for an agent, or it can also deflect an ongoing contact to an outbound SMS contact by using the StartOutboundChatContact Flow Action.
For more information about using SMS in Amazon Connect, see the following topics in the Amazon Connect Administrator Guide:
" }, "StartOutboundEmailContact":{ "name":"StartOutboundEmailContact", @@ -3895,7 +3895,9 @@ {"shape":"InvalidParameterException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServiceException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} ], "documentation":"This API is in preview release for Amazon Connect and is subject to change.
Adds or updates user-defined contact information associated with the specified contact. At least one field to be updated must be present in the request.
You can add or update user-defined contact information for both ongoing and completed contacts.
The identifier of the resource.
" + "documentation":"The identifier of the resource.
Amazon Web Services End User Messaging SMS phone number ARN when using SMS_PHONE_NUMBER
Amazon Web Services End User Messaging Social phone number ARN when using WHATSAPP_MESSAGING_PHONE_NUMBER
A list of resource identifiers to retrieve flow associations.
" + "documentation":"A list of resource identifiers to retrieve flow associations.
Amazon Web Services End User Messaging SMS phone number ARN when using SMS_PHONE_NUMBER
Amazon Web Services End User Messaging Social phone number ARN when using WHATSAPP_MESSAGING_PHONE_NUMBER
The claimed phone number ARN that was previously imported from the external service, such as Amazon Pinpoint. If it is from Amazon Pinpoint, it looks like the ARN of the phone number that was imported from Amazon Pinpoint.
" + "documentation":"The claimed phone number ARN that was previously imported from the external service, such as Amazon Web Services End User Messaging. If it is from Amazon Web Services End User Messaging, it looks like the ARN of the phone number that was imported from Amazon Web Services End User Messaging.
" } }, "documentation":"Information about a phone number that has been claimed to your Amazon Connect instance or traffic distribution group.
" @@ -7206,6 +7208,14 @@ "error":{"httpStatusCode":410}, "exception":true }, + "ContactRecordingType":{ + "type":"string", + "enum":[ + "AGENT", + "IVR", + "SCREEN" + ] + }, "ContactReferences":{ "type":"map", "key":{"shape":"ReferenceKey"}, @@ -7938,7 +7948,7 @@ }, "IntegrationArn":{ "shape":"ARN", - "documentation":"The Amazon Resource Name (ARN) of the integration.
When integrating with Amazon Pinpoint, the Amazon Connect and Amazon Pinpoint instances must be in the same account.
The Amazon Resource Name (ARN) of the integration.
When integrating with Amazon Web Services End User Messaging, the Amazon Connect and Amazon Web Services End User Messaging instances must be in the same account.
The identifier of the resource.
", + "documentation":"The identifier of the resource.
Amazon Web Services End User Messaging SMS phone number ARN when using SMS_PHONE_NUMBER
Amazon Web Services End User Messaging Social phone number ARN when using WHATSAPP_MESSAGING_PHONE_NUMBER
The identifier of the resource.
", + "documentation":"The identifier of the resource.
Amazon Web Services End User Messaging SMS phone number ARN when using SMS_PHONE_NUMBER
Amazon Web Services End User Messaging Social phone number ARN when using WHATSAPP_MESSAGING_PHONE_NUMBER
The filters to apply to returned metrics. You can filter on the following resources:
Agents
Campaigns
Channels
Feature
Queues
Routing profiles
Routing step expression
User hierarchy groups
At least one filter must be passed from queues, routing profiles, agents, or user hierarchy groups.
For metrics for outbound campaigns analytics, you can also use campaigns to satisfy at least one filter requirement.
To filter by phone number, see Create a historical metrics report in the Amazon Connect Administrator Guide.
Note the following limits:
Filter keys: A maximum of 5 filter keys are supported in a single request. Valid filter keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE |CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | FEATURE | FLOW_TYPE | FLOWS_NEXT_RESOURCE_ID | FLOWS_NEXT_RESOURCE_QUEUE_ID | FLOWS_OUTCOME_TYPE | FLOWS_RESOURCE_ID | INITIATION_METHOD | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION | QUEUE | Q_CONNECT_ENABLED |
Filter values: A maximum of 100 filter values are supported in a single request. VOICE, CHAT, and TASK are valid filterValue for the CHANNEL filter key. They do not count towards limitation of 100 filter values. For example, a GetMetricDataV2 request can filter by 50 queues, 35 agents, and 15 routing profiles for a total of 100 filter values, along with 3 channel filters.
contact_lens_conversational_analytics is a valid filterValue for the FEATURE filter key. It is available only to contacts analyzed by Contact Lens conversational analytics.
connect:Chat, connect:SMS, connect:Telephony, and connect:WebRTC are valid filterValue examples (not exhaustive) for the contact/segmentAttributes/connect:Subtype filter key.
ROUTING_STEP_EXPRESSION is a valid filter key with a filter value up to 3000 length. This filter is case and order sensitive. JSON string fields must be sorted in ascending order and JSON array order should be kept as is.
Q_CONNECT_ENABLED. TRUE and FALSE are the only valid filterValues for the Q_CONNECT_ENABLED filter key.
TRUE includes all contacts that had Amazon Q in Connect enabled as part of the flow.
FALSE includes all contacts that did not have Amazon Q in Connect enabled as part of the flow
This filter is available only for contact record-driven metrics.
Campaign ARNs are valid filterValues for the CAMPAIGN filter key.
The filters to apply to returned metrics. You can filter on the following resources:
Agents
Campaigns
Channels
Feature
Queues
Routing profiles
Routing step expression
User hierarchy groups
At least one filter must be passed from queues, routing profiles, agents, or user hierarchy groups.
For metrics for outbound campaigns analytics, you can also use campaigns to satisfy at least one filter requirement.
To filter by phone number, see Create a historical metrics report in the Amazon Connect Administrator Guide.
Note the following limits:
Filter keys: A maximum of 5 filter keys are supported in a single request. Valid filter keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE |CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | FEATURE | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_MODULE_RESOURCE_ID | FLOWS_NEXT_RESOURCE_ID | FLOWS_NEXT_RESOURCE_QUEUE_ID | FLOWS_OUTCOME_TYPE | FLOWS_RESOURCE_ID | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION | QUEUE | Q_CONNECT_ENABLED |
Filter values: A maximum of 100 filter values are supported in a single request. VOICE, CHAT, and TASK are valid filterValue for the CHANNEL filter key. They do not count towards limitation of 100 filter values. For example, a GetMetricDataV2 request can filter by 50 queues, 35 agents, and 15 routing profiles for a total of 100 filter values, along with 3 channel filters.
contact_lens_conversational_analytics is a valid filterValue for the FEATURE filter key. It is available only to contacts analyzed by Contact Lens conversational analytics.
connect:Chat, connect:SMS, connect:Telephony, and connect:WebRTC are valid filterValue examples (not exhaustive) for the contact/segmentAttributes/connect:Subtype filter key.
ROUTING_STEP_EXPRESSION is a valid filter key with a filter value up to 3000 length. This filter is case and order sensitive. JSON string fields must be sorted in ascending order and JSON array order should be kept as is.
Q_CONNECT_ENABLED. TRUE and FALSE are the only valid filterValues for the Q_CONNECT_ENABLED filter key.
TRUE includes all contacts that had Amazon Q in Connect enabled as part of the flow.
FALSE includes all contacts that did not have Amazon Q in Connect enabled as part of the flow
This filter is available only for contact record-driven metrics.
Campaign ARNs are valid filterValues for the CAMPAIGN filter key.
The grouping applied to the metrics that are returned. For example, when results are grouped by queue, the metrics returned are grouped by queue. The values that are returned apply to the metrics for each queue. They are not aggregated for all queues.
If no grouping is specified, a summary of all metrics is returned.
Valid grouping keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | FLOWS_RESOURCE_ID | FLOWS_MODULE_RESOURCE_ID | FLOW_TYPE | FLOWS_OUTCOME_TYPE | INITIATION_METHOD | Q_CONNECT_ENABLED | QUEUE | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION
The grouping applied to the metrics that are returned. For example, when results are grouped by queue, the metrics returned are grouped by queue. The values that are returned apply to the metrics for each queue. They are not aggregated for all queues.
If no grouping is specified, a summary of all metrics is returned.
Valid grouping keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | FLOWS_RESOURCE_ID | FLOWS_MODULE_RESOURCE_ID | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_OUTCOME_TYPE | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | Q_CONNECT_ENABLED | QUEUE | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION
The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Historical metrics definitions in the Amazon Connect Administrator Guide.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Abandonment rate
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherent time
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent answer rate
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Non-adherent time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent non-response
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Data for this metric is available starting from October 1, 2023 0:00:00 GMT.
Unit: Percentage
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Occupancy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherence
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Scheduled time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average queue abandon time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average active time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average after contact work time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Average agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average agent pause time
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average contacts per case
Unit: Seconds
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average case resolution time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average contact duration
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average conversation duration
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign, Queue, Routing Profile
UI name: Average dials per minute
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Average flow time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent greeting time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression
UI name: Average handle time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer hold time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average holds
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interaction time
Feature is a valid filter but not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruptions
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruption time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average non-talk time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average queue answer time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average resolution time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer talk time
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Seconds
Valid groupings and filters: Campaign
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
UI name: Campaign contacts abandoned after X
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Percent
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
This metric is available only for outbound campaigns using the email delivery mode.
Unit: Count
Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE
Valid groupings and filters: Campaign
UI name: Campaign interactions
This metric is available only for outbound campaigns.
Unit: Count
Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype
UI name: Campaign send attempts
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases created
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts created
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: API contacts handled
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts hold disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold agent disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold customer disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts put on hold
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out external
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out internal
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts queued
Unit: Count
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype
UI name: Contacts queued (enqueue timestamp)
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts resolved in X
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out by agent
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out queue
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Current cases
This metric is available only for outbound campaigns.
Unit: Count
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Campaign Delivery EventType, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempts
Campaign Delivery EventType filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Percent
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempt disposition rate
Campaign Delivery Event Type filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows started
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Count
Valid groupings and filters: Agent, Campaign
UI name: Human answered
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Maximum flow time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Maximum queued time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Minimum flow time
Unit: Percent
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved on first contact
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid metric filter key: FLOWS_OUTCOME_TYPE
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome percentage.
The FLOWS_OUTCOME_TYPE is not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Non-talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Agent talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Customer talk time percent
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases reopened
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved
You can include up to 20 SERVICE_LEVEL metrics in a request.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Service level X
Unit: Count
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: After contact work time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. This metric only supports the following filter keys as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Count
Metric filter:
Valid values: API| Incoming | Outbound | Transfer | Callback | Queue_Transfer| Disconnect
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: Contact abandoned
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts abandoned in X seconds
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts answered in X seconds
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact flow time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent on contact time
Valid metric filter key: DISCONNECT_REASON
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contact disconnected
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Error status time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact handle time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Customer hold time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent idle time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Agent interaction and hold time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent interaction time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Non-Productive Time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Online time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Callback attempts
The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Historical metrics definitions in the Amazon Connect Administrator Guide.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Abandonment rate
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherent time
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent answer rate
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Non-adherent time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent non-response
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Data for this metric is available starting from October 1, 2023 0:00:00 GMT.
Unit: Percentage
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Occupancy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherence
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Scheduled time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average queue abandon time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average active time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average after contact work time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Average agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average agent pause time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Average bot conversation time
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Average bot conversation turns
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average contacts per case
Unit: Seconds
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average case resolution time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average contact duration
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average conversation duration
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign, Queue, Routing Profile
UI name: Average dials per minute
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Average flow time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent greeting time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression
UI name: Average handle time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer hold time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average holds
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interaction time
Feature is a valid filter but not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruptions
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruption time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average non-talk time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average queue answer time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average resolution time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer talk time
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Seconds
Valid groupings and filters: Campaign
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Bot conversations
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Bot intents completed
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
UI name: Campaign contacts abandoned after X
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Percent
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
This metric is available only for outbound campaigns using the email delivery mode.
Unit: Count
Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE
Valid groupings and filters: Campaign
UI name: Campaign interactions
This metric is available only for outbound campaigns.
Unit: Count
Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype
UI name: Campaign send attempts
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases created
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts created
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: API contacts handled
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts hold disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold agent disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold customer disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts put on hold
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out external
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out internal
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts queued
Unit: Count
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype
UI name: Contacts queued (enqueue timestamp)
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts resolved in X
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out by agent
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out queue
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Current cases
This metric is available only for outbound campaigns.
Unit: Count
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Campaign Delivery EventType, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempts
Campaign Delivery EventType filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Percent
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempt disposition rate
Campaign Delivery Event Type filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows started
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Count
Valid groupings and filters: Agent, Campaign
UI name: Human answered
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Maximum flow time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Maximum queued time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Minimum flow time
Unit: Percent
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Percent bot conversations outcome
Unit: Percent
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Percent bot intents outcome
Unit: Percent
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved on first contact
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid metric filter key: FLOWS_OUTCOME_TYPE
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome percentage.
The FLOWS_OUTCOME_TYPE is not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Non-talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Agent talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Customer talk time percent
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases reopened
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved
You can include up to 20 SERVICE_LEVEL metrics in a request.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Service level X
Unit: Count
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: After contact work time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. This metric only supports the following filter keys as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Count
Metric filter:
Valid values: API| Incoming | Outbound | Transfer | Callback | Queue_Transfer| Disconnect
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: Contact abandoned
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts abandoned in X seconds
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts answered in X seconds
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact flow time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent on contact time
Valid metric filter key: DISCONNECT_REASON
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contact disconnected
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Error status time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact handle time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Customer hold time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent idle time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Agent interaction and hold time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent interaction time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Non-Productive Time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Online time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Callback attempts
The claimed phone number ARN being imported from the external service, such as Amazon Pinpoint. If it is from Amazon Pinpoint, it looks like the ARN of the phone number to import from Amazon Pinpoint.
" + "documentation":"The claimed phone number ARN being imported from the external service, such as Amazon Web Services End User Messaging. If it is from Amazon Web Services End User Messaging, it looks like the ARN of the phone number to import from Amazon Web Services End User Messaging.
" }, "PhoneNumberDescription":{ "shape":"PhoneNumberDescription", @@ -14067,7 +14079,9 @@ "CASES_DOMAIN", "APPLICATION", "FILE_SCANNER", - "SES_IDENTITY" + "SES_IDENTITY", + "ANALYTICS_CONNECTOR", + "CALL_TRANSFER_CONNECTOR" ] }, "InternalServiceException":{ @@ -14188,6 +14202,10 @@ "type":"list", "member":{"shape":"IpCidr"} }, + "IvrRecordingTrack":{ + "type":"string", + "enum":["ALL"] + }, "JoinToken":{ "type":"string", "sensitive":true @@ -14942,9 +14960,11 @@ "ListFlowAssociationResourceType":{ "type":"string", "enum":[ + "WHATSAPP_MESSAGING_PHONE_NUMBER", "VOICE_PHONE_NUMBER", "INBOUND_EMAIL", - "OUTBOUND_EMAIL" + "OUTBOUND_EMAIL", + "ANALYTICS_CONNECTOR" ] }, "ListFlowAssociationsRequest":{ @@ -15356,7 +15376,7 @@ }, "SourcePhoneNumberArn":{ "shape":"ARN", - "documentation":"The claimed phone number ARN that was previously imported from the external service, such as Amazon Pinpoint. If it is from Amazon Pinpoint, it looks like the ARN of the phone number that was imported from Amazon Pinpoint.
" + "documentation":"The claimed phone number ARN that was previously imported from the external service, such as Amazon Web Services End User Messaging. If it is from Amazon Web Services End User Messaging, it looks like the ARN of the phone number that was imported from Amazon Web Services End User Messaging.
" } }, "documentation":"Information about phone numbers that have been claimed to your Amazon Connect instance or traffic distribution group.
" @@ -16642,7 +16662,7 @@ }, "MetricFilterValues":{ "shape":"MetricFilterValueList", - "documentation":"The values to use for filtering data. Values for metric-level filters can be either a fixed set of values or a customized list, depending on the use case.
For valid values of metric-level filters INITIATION_METHOD, DISCONNECT_REASON, and ANSWERING_MACHINE_DETECTION_STATUS, see ContactTraceRecord in the Amazon Connect Administrator Guide.
For valid values of the metric-level filter FLOWS_OUTCOME_TYPE, see the description for the Flow outcome metric in the Amazon Connect Administrator Guide.
The values to use for filtering data. Values for metric-level filters can be either a fixed set of values or a customized list, depending on the use case.
For valid values of metric-level filters INITIATION_METHOD, DISCONNECT_REASON, and ANSWERING_MACHINE_DETECTION_STATUS, see ContactTraceRecord in the Amazon Connect Administrator Guide.
For valid values of the metric-level filter FLOWS_OUTCOME_TYPE, see the description for the Flow outcome metric in the Amazon Connect Administrator Guide.
For valid values of the metric-level filter BOT_CONVERSATION_OUTCOME_TYPE, see the description for the Bot conversations completed in the Amazon Connect Administrator Guide.
For valid values of the metric-level filter BOT_INTENT_OUTCOME_TYPE, see the description for the Bot intents completed metric in the Amazon Connect Administrator Guide.
If this contact was queued, this contains information about the queue.
" }, + "QueueInfoInput":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"QueueId", + "documentation":"The identifier of the queue.
" + } + }, + "documentation":"Information about a queue.
" + }, "QueueMaxContacts":{ "type":"integer", "min":0 @@ -19207,6 +19237,10 @@ "InitialContactId":{ "shape":"ContactId", "documentation":"The identifier of the contact. This is the identifier of the contact associated with the first interaction with the contact center.
" + }, + "ContactRecordingType":{ + "shape":"ContactRecordingType", + "documentation":"The type of recording being operated on.
" } } }, @@ -20792,7 +20826,7 @@ }, "Arn":{ "shape":"ARN", - "documentation":"The Amazon Resource Name (ARN) for the secruity profile.
" + "documentation":"The Amazon Resource Name (ARN) for the security profile.
" }, "SecurityProfileName":{ "shape":"SecurityProfileName", @@ -21006,11 +21040,11 @@ }, "DestinationId":{ "shape":"DestinationId", - "documentation":"Chat system identifier, used in part to uniquely identify chat. This is associated with the Amazon Connect instance and flow to be used to start chats. For SMS, this is the phone number destination of inbound SMS messages represented by an Amazon Pinpoint phone number ARN.
" + "documentation":"Chat system identifier, used in part to uniquely identify chat. This is associated with the Amazon Connect instance and flow to be used to start chats. For Server Migration Service, this is the phone number destination of inbound Server Migration Service messages represented by an Amazon Web Services End User Messaging phone number ARN.
" }, "Subtype":{ "shape":"Subtype", - "documentation":"Classification of a channel. This is used in part to uniquely identify chat.
Valid value: [\"connect:sms\"]
Classification of a channel. This is used in part to uniquely identify chat.
Valid value: [\"connect:sms\", connect:\"WhatsApp\"]
The identifier of the contact. This is the identifier of the contact associated with the first interaction with the contact center.
" + }, + "ContactRecordingType":{ + "shape":"ContactRecordingType", + "documentation":"The type of recording being operated on.
" } } }, @@ -22259,6 +22297,10 @@ "InitialContactId":{ "shape":"ContactId", "documentation":"The identifier of the contact. This is the identifier of the contact associated with the first interaction with the contact center.
" + }, + "ContactRecordingType":{ + "shape":"ContactRecordingType", + "documentation":"The type of recording being operated on.
" } } }, @@ -22395,7 +22437,7 @@ "members":{ "key":{ "shape":"TagKey", - "documentation":"The tag key in the tagSet.
" + "documentation":"The tag key in the TagSet.
" }, "value":{ "shape":"TagValue", @@ -23432,6 +23474,22 @@ "SegmentAttributes":{ "shape":"SegmentAttributes", "documentation":"A set of system defined key-value pairs stored on individual contact segments (unique contact ID) using an attribute map. The attributes are standard Amazon Connect attributes. They can be accessed in flows.
Attribute keys can include only alphanumeric, -, and _.
This field can be used to show channel subtype, such as connect:Guide.
Currently Contact Expiry is the only segment attribute which can be updated by using the UpdateContact API.
" + }, + "QueueInfo":{ + "shape":"QueueInfoInput", + "documentation":"Information about the queue associated with a contact. This parameter can only be updated for external audio contacts. It is used when you integrate third-party systems with Contact Lens for analytics. For more information, see Amazon Connect Contact Lens integration in the Amazon Connect Administrator Guide.
" + }, + "UserInfo":{ + "shape":"UserInfo", + "documentation":"Information about the agent associated with a contact. This parameter can only be updated for external audio contacts. It is used when you integrate third-party systems with Contact Lens for analytics. For more information, see Amazon Connect Contact Lens integration in the Amazon Connect Administrator Guide.
" + }, + "CustomerEndpoint":{ + "shape":"Endpoint", + "documentation":"The endpoint of the customer for which the contact was initiated. For external audio contacts, this is usually the end customer's phone number. This value can only be updated for external audio contacts. For more information, see Amazon Connect Contact Lens integration in the Amazon Connect Administrator Guide.
" + }, + "SystemEndpoint":{ + "shape":"Endpoint", + "documentation":"External system endpoint for the contact was initiated. For external audio contacts, this is the phone number of the external system such as the contact center. This value can only be updated for external audio contacts. For more information, see Amazon Connect Contact Lens integration in the Amazon Connect Administrator Guide.
" } } }, @@ -25710,6 +25768,10 @@ "VoiceRecordingTrack":{ "shape":"VoiceRecordingTrack", "documentation":"Identifies which track is being recorded.
" + }, + "IvrRecordingTrack":{ + "shape":"IvrRecordingTrack", + "documentation":"Identifies which IVR track is being recorded.
" } }, "documentation":"Contains information about the recording configuration settings.
" @@ -25740,5 +25802,5 @@ }, "timestamp":{"type":"timestamp"} }, - "documentation":"Amazon Connect is a cloud-based contact center solution that you use to set up and manage a customer contact center and provide reliable customer engagement at any scale.
Amazon Connect provides metrics and real-time reporting that enable you to optimize contact routing. You can also resolve customer issues more efficiently by getting customers in touch with the appropriate agents.
There are limits to the number of Amazon Connect resources that you can create. There are also limits to the number of requests that you can make per second. For more information, see Amazon Connect Service Quotas in the Amazon Connect Administrator Guide.
You can connect programmatically to an Amazon Web Services service by using an endpoint. For a list of Amazon Connect endpoints, see Amazon Connect Endpoints.
" + "documentation":"Amazon Connect is a cloud-based contact center solution that you use to set up and manage a customer contact center and provide reliable customer engagement at any scale.
Amazon Connect provides metrics and real-time reporting that enable you to optimize contact routing. You can also resolve customer issues more efficiently by getting customers in touch with the appropriate agents.
There are limits to the number of Amazon Connect resources that you can create. There are also limits to the number of requests that you can make per second. For more information, see Amazon Connect Service Quotas in the Amazon Connect Administrator Guide.
You can use an endpoint to connect programmatically to an Amazon Web Services service. For a list of Amazon Connect endpoints, see Amazon Connect Endpoints.
" } From 1c8b2df45ab68e43204aac25f1dbe3fda58d9b05 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:21 +0000 Subject: [PATCH 31/35] Amazon Elastic Kubernetes Service Update: Added support for Auto Mode Clusters, Hybrid Nodes, and specifying computeTypes in the DescribeAddonVersions API. --- ...mazonElasticKubernetesService-d3cdaff.json | 6 + .../codegen-resources/service-2.json | 187 +++++++++++++++++- 2 files changed, 191 insertions(+), 2 deletions(-) create mode 100644 .changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json diff --git a/.changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json b/.changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json new file mode 100644 index 00000000000..c1fb832ade5 --- /dev/null +++ b/.changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Elastic Kubernetes Service", + "contributor": "", + "description": "Added support for Auto Mode Clusters, Hybrid Nodes, and specifying computeTypes in the DescribeAddonVersions API." +} diff --git a/services/eks/src/main/resources/codegen-resources/service-2.json b/services/eks/src/main/resources/codegen-resources/service-2.json index c5b551fc8e3..1a80210d64b 100644 --- a/services/eks/src/main/resources/codegen-resources/service-2.json +++ b/services/eks/src/main/resources/codegen-resources/service-2.json @@ -1286,6 +1286,10 @@ "shape":"StringList", "documentation":"The architectures that the version supports.
" }, + "computeTypes":{ + "shape":"StringList", + "documentation":"Indicates the compute type of the addon version.
" + }, "compatibilities":{ "shape":"Compatibilities", "documentation":"An object representing the compatibilities of a version.
" @@ -1485,6 +1489,16 @@ "error":{"httpStatusCode":400}, "exception":true }, + "BlockStorage":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"BoxedBoolean", + "documentation":"Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account.
" + } + }, + "documentation":"Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account. For more information, see EKS Auto Mode block storage capability in the EKS User Guide.
" + }, "Boolean":{"type":"boolean"}, "BoxedBoolean":{ "type":"boolean", @@ -1669,6 +1683,18 @@ "zonalShiftConfig":{ "shape":"ZonalShiftConfigResponse", "documentation":"The configuration for zonal shift for the cluster.
" + }, + "remoteNetworkConfig":{ + "shape":"RemoteNetworkConfigResponse", + "documentation":"The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.
" + }, + "computeConfig":{ + "shape":"ComputeConfigResponse", + "documentation":"Indicates the current configuration of the compute capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account. For more information, see EKS Auto Mode compute capability in the EKS User Guide.
" + }, + "storageConfig":{ + "shape":"StorageConfigResponse", + "documentation":"Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account. For more information, see EKS Auto Mode block storage capability in the EKS User Guide.
" } }, "documentation":"An object representing an Amazon EKS cluster.
" @@ -1768,6 +1794,42 @@ }, "documentation":"Compatibility information.
" }, + "ComputeConfigRequest":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"BoxedBoolean", + "documentation":"Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
" + }, + "nodePools":{ + "shape":"StringList", + "documentation":"Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. For more information, see EKS Auto Mode Node Pools in the EKS User Guide.
" + }, + "nodeRoleArn":{ + "shape":"String", + "documentation":"The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled. For more information, see the IAM Reference in the EKS User Guide.
" + } + }, + "documentation":"Request to update the configuration of the compute capability of your EKS Auto Mode cluster. For example, enable the capability. For more information, see EKS Auto Mode compute capability in the EKS User Guide.
" + }, + "ComputeConfigResponse":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"BoxedBoolean", + "documentation":"Indicates if the compute capability is enabled on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
" + }, + "nodePools":{ + "shape":"StringList", + "documentation":"Indicates the current configuration of node pools in your EKS Auto Mode cluster. For more information, see EKS Auto Mode Node Pools in the EKS User Guide.
" + }, + "nodeRoleArn":{ + "shape":"String", + "documentation":"The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster.
" + } + }, + "documentation":"Indicates the status of the request to update the compute capability of your EKS Auto Mode cluster.
" + }, "ConnectorConfigProvider":{ "type":"string", "enum":[ @@ -2024,6 +2086,18 @@ "zonalShiftConfig":{ "shape":"ZonalShiftConfigRequest", "documentation":"Enable or disable ARC zonal shift for the cluster. If zonal shift is enabled, Amazon Web Services configures zonal autoshift for the cluster.
Zonal shift is a feature of Amazon Application Recovery Controller (ARC). ARC zonal shift is designed to be a temporary measure that allows you to move traffic for a resource away from an impaired AZ until the zonal shift expires or you cancel it. You can extend the zonal shift if necessary.
You can start a zonal shift for an EKS cluster, or you can allow Amazon Web Services to do it for you by enabling zonal autoshift. This shift updates the flow of east-to-west network traffic in your cluster to only consider network endpoints for Pods running on worker nodes in healthy AZs. Additionally, any ALB or NLB handling ingress traffic for applications in your EKS cluster will automatically route traffic to targets in the healthy AZs. For more information about zonal shift in EKS, see Learn about Amazon Application Recovery Controller (ARC) Zonal Shift in Amazon EKS in the Amazon EKS User Guide .
" + }, + "remoteNetworkConfig":{ + "shape":"RemoteNetworkConfigRequest", + "documentation":"The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.
" + }, + "computeConfig":{ + "shape":"ComputeConfigRequest", + "documentation":"Enable or disable the compute capability of EKS Auto Mode when creating your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account
" + }, + "storageConfig":{ + "shape":"StorageConfigRequest", + "documentation":"Enable or disable the block storage capability of EKS Auto Mode when creating your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account.
" } } }, @@ -3076,6 +3150,16 @@ "type":"string", "enum":["MONTHS"] }, + "ElasticLoadBalancing":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"BoxedBoolean", + "documentation":"Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
" + } + }, + "documentation":"Indicates the current configuration of the load balancing capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. For more information, see EKS Auto Mode load balancing capability in the EKS User Guide.
" + }, "EncryptionConfig":{ "type":"structure", "members":{ @@ -3584,6 +3668,10 @@ "ipFamily":{ "shape":"IpFamily", "documentation":"Specify which IP family is used to assign Kubernetes pod and service IP addresses. If you don't specify a value, ipv4 is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify ipv6, the VPC and subnets that you specify for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to them. You can't specify ipv6 for clusters in China Regions.
You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on. If you specify ipv6, then ensure that your VPC meets the requirements listed in the considerations listed in Assigning IPv6 addresses to pods and services in the Amazon EKS User Guide. Kubernetes assigns services IPv6 addresses from the unique local address range (fc00::/7). You can't specify a custom IPv6 CIDR block. Pod addresses are assigned from the subnet's IPv6 CIDR.
Request to enable or disable the load balancing capability on your EKS Auto Mode cluster. For more information, see EKS Auto Mode load balancing capability in the EKS User Guide.
" } }, "documentation":"The Kubernetes network configuration for the cluster.
" @@ -3602,6 +3690,10 @@ "ipFamily":{ "shape":"IpFamily", "documentation":"The IP family used to assign Kubernetes Pod and Service objects IP addresses. The IP family is always ipv4, unless you have a 1.21 or later cluster running version 1.10.1 or later of the Amazon VPC CNI plugin for Kubernetes and specified ipv6 when you created the cluster.
Indicates the current configuration of the load balancing capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled.
" } }, "documentation":"The Kubernetes network configuration for the cluster. The response contains a value for serviceIpv6Cidr or serviceIpv4Cidr, but not both.
" @@ -4766,6 +4858,64 @@ }, "documentation":"An object representing the remote access configuration for the managed node group.
" }, + "RemoteNetworkConfigRequest":{ + "type":"structure", + "members":{ + "remoteNodeNetworks":{ + "shape":"RemoteNodeNetworkList", + "documentation":"The list of network CIDRs that can contain hybrid nodes.
" + }, + "remotePodNetworks":{ + "shape":"RemotePodNetworkList", + "documentation":"The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
" + } + }, + "documentation":"The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.
" + }, + "RemoteNetworkConfigResponse":{ + "type":"structure", + "members":{ + "remoteNodeNetworks":{ + "shape":"RemoteNodeNetworkList", + "documentation":"The list of network CIDRs that can contain hybrid nodes.
" + }, + "remotePodNetworks":{ + "shape":"RemotePodNetworkList", + "documentation":"The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
" + } + }, + "documentation":"The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.
" + }, + "RemoteNodeNetwork":{ + "type":"structure", + "members":{ + "cidrs":{ + "shape":"StringList", + "documentation":"A network CIDR that can contain hybrid nodes.
" + } + }, + "documentation":"A network CIDR that can contain hybrid nodes.
" + }, + "RemoteNodeNetworkList":{ + "type":"list", + "member":{"shape":"RemoteNodeNetwork"}, + "max":1 + }, + "RemotePodNetwork":{ + "type":"structure", + "members":{ + "cidrs":{ + "shape":"StringList", + "documentation":"A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.
" + } + }, + "documentation":"A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.
" + }, + "RemotePodNetworkList":{ + "type":"list", + "member":{"shape":"RemotePodNetwork"}, + "max":1 + }, "ResolveConflicts":{ "type":"string", "enum":[ @@ -4913,6 +5063,26 @@ "exception":true, "fault":true }, + "StorageConfigRequest":{ + "type":"structure", + "members":{ + "blockStorage":{ + "shape":"BlockStorage", + "documentation":"Request to configure EBS Block Storage settings for your EKS Auto Mode cluster.
" + } + }, + "documentation":"Request to update the configuration of the storage capability of your EKS Auto Mode cluster. For example, enable the capability. For more information, see EKS Auto Mode block storage capability in the EKS User Guide.
" + }, + "StorageConfigResponse":{ + "type":"structure", + "members":{ + "blockStorage":{ + "shape":"BlockStorage", + "documentation":"Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled.
" + } + }, + "documentation":"Indicates the status of the request to update the block storage capability of your EKS Auto Mode cluster.
" + }, "String":{"type":"string"}, "StringList":{ "type":"list", @@ -5217,6 +5387,15 @@ "zonalShiftConfig":{ "shape":"ZonalShiftConfigRequest", "documentation":"Enable or disable ARC zonal shift for the cluster. If zonal shift is enabled, Amazon Web Services configures zonal autoshift for the cluster.
Zonal shift is a feature of Amazon Application Recovery Controller (ARC). ARC zonal shift is designed to be a temporary measure that allows you to move traffic for a resource away from an impaired AZ until the zonal shift expires or you cancel it. You can extend the zonal shift if necessary.
You can start a zonal shift for an EKS cluster, or you can allow Amazon Web Services to do it for you by enabling zonal autoshift. This shift updates the flow of east-to-west network traffic in your cluster to only consider network endpoints for Pods running on worker nodes in healthy AZs. Additionally, any ALB or NLB handling ingress traffic for applications in your EKS cluster will automatically route traffic to targets in the healthy AZs. For more information about zonal shift in EKS, see Learn about Amazon Application Recovery Controller (ARC) Zonal Shift in Amazon EKS in the Amazon EKS User Guide .
" + }, + "computeConfig":{ + "shape":"ComputeConfigRequest", + "documentation":"Update the configuration of the compute capability of your EKS Auto Mode cluster. For example, enable the capability.
" + }, + "kubernetesNetworkConfig":{"shape":"KubernetesNetworkConfigRequest"}, + "storageConfig":{ + "shape":"StorageConfigRequest", + "documentation":"Update the configuration of the block storage capability of your EKS Auto Mode cluster. For example, enable the capability.
" } } }, @@ -5448,7 +5627,10 @@ "AuthenticationMode", "PodIdentityAssociations", "UpgradePolicy", - "ZonalShiftConfig" + "ZonalShiftConfig", + "ComputeConfig", + "StorageConfig", + "KubernetesNetworkConfig" ] }, "UpdateParams":{ @@ -5531,7 +5713,8 @@ "VpcConfigUpdate", "AccessConfigUpdate", "UpgradePolicyUpdate", - "ZonalShiftConfigUpdate" + "ZonalShiftConfigUpdate", + "AutoModeUpdate" ] }, "UpgradePolicyRequest":{ From 596a4506a5197ca90683d929a10e5566196c331f Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:08 +0000 Subject: [PATCH 32/35] Amazon Elastic Compute Cloud Update: Adds support for declarative policies that allow you to enforce desired configuration across an AWS organization through configuring account attributes. Adds support for Allowed AMIs that allows you to limit the use of AMIs in AWS accounts. Adds support for connectivity over non-HTTP protocols. --- ...ure-AmazonElasticComputeCloud-c98c8a3.json | 6 + .../codegen-resources/service-2.json | 1547 ++++++++++++++++- 2 files changed, 1523 insertions(+), 30 deletions(-) create mode 100644 .changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json diff --git a/.changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json b/.changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json new file mode 100644 index 00000000000..b02223c87bd --- /dev/null +++ b/.changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Elastic Compute Cloud", + "contributor": "", + "description": "Adds support for declarative policies that allow you to enforce desired configuration across an AWS organization through configuring account attributes. Adds support for Allowed AMIs that allows you to limit the use of AMIs in AWS accounts. Adds support for connectivity over non-HTTP protocols." +} diff --git a/services/ec2/src/main/resources/codegen-resources/service-2.json b/services/ec2/src/main/resources/codegen-resources/service-2.json index b988267798a..9d7e611990b 100644 --- a/services/ec2/src/main/resources/codegen-resources/service-2.json +++ b/services/ec2/src/main/resources/codegen-resources/service-2.json @@ -491,6 +491,16 @@ "input":{"shape":"CancelConversionRequest"}, "documentation":"Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.
" }, + "CancelDeclarativePoliciesReport":{ + "name":"CancelDeclarativePoliciesReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CancelDeclarativePoliciesReportRequest"}, + "output":{"shape":"CancelDeclarativePoliciesReportResult"}, + "documentation":"Cancels the generation of an account status report.
You can only cancel a report while it has the running status. Reports with other statuses (complete, cancelled, or error) can't be canceled.
For more information, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
" + }, "CancelExportTask":{ "name":"CancelExportTask", "http":{ @@ -2507,6 +2517,16 @@ "output":{"shape":"DescribeCustomerGatewaysResult"}, "documentation":"Describes one or more of your VPN customer gateways.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
" }, + "DescribeDeclarativePoliciesReports":{ + "name":"DescribeDeclarativePoliciesReports", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeDeclarativePoliciesReportsRequest"}, + "output":{"shape":"DescribeDeclarativePoliciesReportsResult"}, + "documentation":"Describes the metadata of an account status report, including the status of the report.
To view the full report, download it from the Amazon S3 bucket where it was saved. Reports are accessible only when they have the complete status. Reports with other statuses (running, cancelled, or error) are not available in the S3 bucket. For more information about downloading objects from an S3 bucket, see Downloading objects in the Amazon Simple Storage Service User Guide.
For more information, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
" + }, "DescribeDhcpOptions":{ "name":"DescribeDhcpOptions", "http":{ @@ -2715,7 +2735,7 @@ }, "input":{"shape":"DescribeImagesRequest"}, "output":{"shape":"DescribeImagesResult"}, - "documentation":"Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.
Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.
Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.
When Allowed AMIs is set to enabled, only allowed images are returned in the results, with the imageAllowed field set to true for each image. In audit-mode, the imageAllowed field is set to true for images that meet the account's Allowed AMIs criteria, and false for images that don't meet the criteria. For more information, see EnableAllowedImagesSettings.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the AMI that was used to launch an instance, even if the AMI is deprecated, deregistered, or made private (no longer public or shared with your account).
If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance.
If you specify an instance ID that is not valid, an instance that doesn't exist, or an instance that you do not own, an error (InvalidInstanceID.NotFound) is returned.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
In the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected Availability Zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs that are in an unaffected Availability Zone, the call works normally.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the AMI that was used to launch an instance, even if the AMI is deprecated, deregistered, made private (no longer public or shared with your account), or not allowed.
If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance.
If you specify an instance ID that is not valid, an instance that doesn't exist, or an instance that you do not own, an error (InvalidInstanceID.NotFound) is returned.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
In the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected Availability Zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs that are in an unaffected Availability Zone, the call works normally.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
This action is deprecated.
Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance.
" }, + "DescribeVpcEndpointAssociations":{ + "name":"DescribeVpcEndpointAssociations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeVpcEndpointAssociationsRequest"}, + "output":{"shape":"DescribeVpcEndpointAssociationsResult"}, + "documentation":"Describes the VPC resources, VPC endpoint services, Amazon Lattice services, or service networks associated with the VPC endpoint.
" + }, "DescribeVpcEndpointConnectionNotifications":{ "name":"DescribeVpcEndpointConnectionNotifications", "http":{ @@ -3914,6 +3944,16 @@ "output":{"shape":"DisableAddressTransferResult"}, "documentation":"Disables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
" }, + "DisableAllowedImagesSettings":{ + "name":"DisableAllowedImagesSettings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisableAllowedImagesSettingsRequest"}, + "output":{"shape":"DisableAllowedImagesSettingsResult"}, + "documentation":"Disables Allowed AMIs for your account in the specified Amazon Web Services Region. When set to disabled, the image criteria in your Allowed AMIs settings do not apply, and no restrictions are placed on AMI discoverability or usage. Users in your account can launch instances using any public AMI or AMI shared with your account.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
" + }, "DisableAwsNetworkPerformanceMetricSubscription":{ "name":"DisableAwsNetworkPerformanceMetricSubscription", "http":{ @@ -4241,6 +4281,16 @@ "output":{"shape":"EnableAddressTransferResult"}, "documentation":"Enables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
" }, + "EnableAllowedImagesSettings":{ + "name":"EnableAllowedImagesSettings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EnableAllowedImagesSettingsRequest"}, + "output":{"shape":"EnableAllowedImagesSettingsResult"}, + "documentation":"Enables Allowed AMIs for your account in the specified Amazon Web Services Region. Two values are accepted:
enabled: The image criteria in your Allowed AMIs settings are applied. As a result, only AMIs matching these criteria are discoverable and can be used by your account to launch instances.
audit-mode: The image criteria in your Allowed AMIs settings are not applied. No restrictions are placed on AMI discoverability or usage. Users in your account can launch instances using any public AMI or AMI shared with your account.
The purpose of audit-mode is to indicate which AMIs will be affected when Allowed AMIs is enabled. In audit-mode, each AMI displays either \"ImageAllowed\": true or \"ImageAllowed\": false to indicate whether the AMI will be discoverable and available to users in the account when Allowed AMIs is enabled.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
" + }, "EnableAwsNetworkPerformanceMetricSubscription":{ "name":"EnableAwsNetworkPerformanceMetricSubscription", "http":{ @@ -4449,6 +4499,26 @@ "output":{"shape":"ExportTransitGatewayRoutesResult"}, "documentation":"Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.
The routes are saved to the specified bucket in a JSON file. For more information, see Export route tables to Amazon S3 in the Amazon Web Services Transit Gateways Guide.
" }, + "ExportVerifiedAccessInstanceClientConfiguration":{ + "name":"ExportVerifiedAccessInstanceClientConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ExportVerifiedAccessInstanceClientConfigurationRequest"}, + "output":{"shape":"ExportVerifiedAccessInstanceClientConfigurationResult"}, + "documentation":"Exports the client configuration for a Verified Access instance.
" + }, + "GetAllowedImagesSettings":{ + "name":"GetAllowedImagesSettings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAllowedImagesSettingsRequest"}, + "output":{"shape":"GetAllowedImagesSettingsResult"}, + "documentation":"Gets the current state of the Allowed AMIs setting and the list of Allowed AMIs criteria at the account level in the specified Region.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
" + }, "GetAssociatedEnclaveCertificateIamRoles":{ "name":"GetAssociatedEnclaveCertificateIamRoles", "http":{ @@ -4519,6 +4589,16 @@ "output":{"shape":"GetConsoleScreenshotResult"}, "documentation":"Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
The returned content is Base64-encoded.
For more information, see Instance console output in the Amazon EC2 User Guide.
" }, + "GetDeclarativePoliciesReportSummary":{ + "name":"GetDeclarativePoliciesReportSummary", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDeclarativePoliciesReportSummaryRequest"}, + "output":{"shape":"GetDeclarativePoliciesReportSummaryResult"}, + "documentation":"Retrieves a summary of the account status report.
To view the full report, download it from the Amazon S3 bucket where it was saved. Reports are accessible only when they have the complete status. Reports with other statuses (running, cancelled, or error) are not available in the S3 bucket. For more information about downloading objects from an S3 bucket, see Downloading objects in the Amazon Simple Storage Service User Guide.
For more information, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
" + }, "GetDefaultCreditSpecification":{ "name":"GetDefaultCreditSpecification", "http":{ @@ -4899,6 +4979,16 @@ "output":{"shape":"GetVerifiedAccessEndpointPolicyResult"}, "documentation":"Get the Verified Access policy associated with the endpoint.
" }, + "GetVerifiedAccessEndpointTargets":{ + "name":"GetVerifiedAccessEndpointTargets", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetVerifiedAccessEndpointTargetsRequest"}, + "output":{"shape":"GetVerifiedAccessEndpointTargetsResult"}, + "documentation":"Gets the targets for the specified network CIDR endpoint for Verified Access.
" + }, "GetVerifiedAccessGroupPolicy":{ "name":"GetVerifiedAccessGroupPolicy", "http":{ @@ -5978,6 +6068,16 @@ "output":{"shape":"ReplaceIamInstanceProfileAssociationResult"}, "documentation":"Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.
Use DescribeIamInstanceProfileAssociations to get the association ID.
" }, + "ReplaceImageCriteriaInAllowedImagesSettings":{ + "name":"ReplaceImageCriteriaInAllowedImagesSettings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ReplaceImageCriteriaInAllowedImagesSettingsRequest"}, + "output":{"shape":"ReplaceImageCriteriaInAllowedImagesSettingsResult"}, + "documentation":"Sets or replaces the criteria for Allowed AMIs.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
" + }, "ReplaceNetworkAclAssociation":{ "name":"ReplaceNetworkAclAssociation", "http":{ @@ -6270,6 +6370,16 @@ "input":{"shape":"SendDiagnosticInterruptRequest"}, "documentation":"Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).
In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.
Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.
For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt (for advanced users) in the Amazon EC2 User Guide.
" }, + "StartDeclarativePoliciesReport":{ + "name":"StartDeclarativePoliciesReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartDeclarativePoliciesReportRequest"}, + "output":{"shape":"StartDeclarativePoliciesReportResult"}, + "documentation":"Generates an account status report. The report is generated asynchronously, and can take several hours to complete.
The report provides the current status of all attributes supported by declarative policies for the accounts within the specified scope. The scope is determined by the specified TargetId, which can represent an individual account, or all the accounts that fall under the specified organizational unit (OU) or root (the entire Amazon Web Services Organization).
The report is saved to your specified S3 bucket, using the following path structure (with the italicized placeholders representing your specific values):
s3://amzn-s3-demo-bucket/your-optional-s3-prefix/ec2_targetId_reportId_yyyyMMddThhmmZ.csv
Prerequisites for generating a report
The StartDeclarativePoliciesReport API can only be called by the management account or delegated administrators for the organization.
An S3 bucket must be available before generating the report (you can create a new one or use an existing one), and it must have an appropriate bucket policy. For a sample S3 policy, see Sample Amazon S3 policy under .
Trusted access must be enabled for the service for which the declarative policy will enforce a baseline configuration. If you use the Amazon Web Services Organizations console, this is done automatically when you enable declarative policies. The API uses the following service principal to identify the EC2 service: ec2.amazonaws.com. For more information on how to enable trusted access with the Amazon Web Services CLI and Amazon Web Services SDKs, see Using Organizations with other Amazon Web Services services in the Amazon Web Services Organizations User Guide.
Only one report per organization can be generated at a time. Attempting to generate a report while another is in progress will result in an error.
For more information, including the required IAM permissions to run this API, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
" + }, "StartInstances":{ "name":"StartInstances", "http":{ @@ -7557,6 +7667,17 @@ "type":"string", "enum":["used"] }, + "AllowedImagesSettingsDisabledState":{ + "type":"string", + "enum":["disabled"] + }, + "AllowedImagesSettingsEnabledState":{ + "type":"string", + "enum":[ + "enabled", + "audit-mode" + ] + }, "AllowedInstanceType":{ "type":"string", "max":30, @@ -9306,6 +9427,44 @@ }, "documentation":"Describes a value for a resource attribute that is a Boolean value.
" }, + "AttributeSummary":{ + "type":"structure", + "members":{ + "AttributeName":{ + "shape":"String", + "documentation":"The name of the attribute.
", + "locationName":"attributeName" + }, + "MostFrequentValue":{ + "shape":"String", + "documentation":"The configuration value that is most frequently observed for the attribute.
", + "locationName":"mostFrequentValue" + }, + "NumberOfMatchedAccounts":{ + "shape":"Integer", + "documentation":"The number of accounts with the same configuration value for the attribute that is most frequently observed.
", + "locationName":"numberOfMatchedAccounts" + }, + "NumberOfUnmatchedAccounts":{ + "shape":"Integer", + "documentation":"The number of accounts with a configuration value different from the most frequently observed value for the attribute.
", + "locationName":"numberOfUnmatchedAccounts" + }, + "RegionalSummaries":{ + "shape":"RegionalSummaryList", + "documentation":"The summary report for each Region for the attribute.
", + "locationName":"regionalSummarySet" + } + }, + "documentation":"A summary report for the attribute across all Regions.
" + }, + "AttributeSummaryList":{ + "type":"list", + "member":{ + "shape":"AttributeSummary", + "locationName":"item" + } + }, "AttributeValue":{ "type":"structure", "members":{ @@ -10244,6 +10403,30 @@ } } }, + "CancelDeclarativePoliciesReportRequest":{ + "type":"structure", + "required":["ReportId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the report.
" + } + } + }, + "CancelDeclarativePoliciesReportResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "documentation":"Is true if the request succeeds, and an error otherwise.
The protocol.
" + }, + "SubnetIds":{ + "shape":"CreateVerifiedAccessEndpointSubnetIdList", + "documentation":"The IDs of the subnets.
", + "locationName":"SubnetId" + }, + "Cidr":{ + "shape":"String", + "documentation":"The CIDR.
" + }, + "PortRanges":{ + "shape":"CreateVerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"PortRange" + } + }, + "documentation":"Describes the CIDR options for a Verified Access endpoint.
" + }, "CreateVerifiedAccessEndpointEniOptions":{ "type":"structure", "members":{ @@ -16391,6 +16598,11 @@ "Port":{ "shape":"VerifiedAccessEndpointPortNumber", "documentation":"The IP port number.
" + }, + "PortRanges":{ + "shape":"CreateVerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"PortRange" } }, "documentation":"Describes the network interface options when creating an Amazon Web Services Verified Access endpoint using the network-interface type.
The IDs of the subnets.
", "locationName":"SubnetId" + }, + "PortRanges":{ + "shape":"CreateVerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"PortRange" } }, "documentation":"Describes the load balancer options when creating an Amazon Web Services Verified Access endpoint using the load-balancer type.
The start of the port range.
" + }, + "ToPort":{ + "shape":"VerifiedAccessEndpointPortNumber", + "documentation":"The end of the port range.
" + } + }, + "documentation":"Describes the port range for a Verified Access endpoint.
" + }, + "CreateVerifiedAccessEndpointPortRangeList":{ + "type":"list", + "member":{ + "shape":"CreateVerifiedAccessEndpointPortRange", + "locationName":"item" + } + }, + "CreateVerifiedAccessEndpointRdsOptions":{ + "type":"structure", + "members":{ + "Protocol":{ + "shape":"VerifiedAccessEndpointProtocol", + "documentation":"The protocol.
" + }, + "Port":{ + "shape":"VerifiedAccessEndpointPortNumber", + "documentation":"The port.
" + }, + "RdsDbInstanceArn":{ + "shape":"RdsDbInstanceArn", + "documentation":"The ARN of the RDS instance.
" + }, + "RdsDbClusterArn":{ + "shape":"RdsDbClusterArn", + "documentation":"The ARN of the DB cluster.
" + }, + "RdsDbProxyArn":{ + "shape":"RdsDbProxyArn", + "documentation":"The ARN of the RDS proxy.
" + }, + "RdsEndpoint":{ + "shape":"String", + "documentation":"The RDS endpoint.
" + }, + "SubnetIds":{ + "shape":"CreateVerifiedAccessEndpointSubnetIdList", + "documentation":"The IDs of the subnets.
", + "locationName":"SubnetId" + } + }, + "documentation":"Describes the RDS options for a Verified Access endpoint.
" + }, "CreateVerifiedAccessEndpointRequest":{ "type":"structure", "required":[ "VerifiedAccessGroupId", "EndpointType", - "AttachmentType", - "DomainCertificateArn", - "ApplicationDomain", - "EndpointDomainPrefix" + "AttachmentType" ], "members":{ "VerifiedAccessGroupId":{ @@ -16491,6 +16761,14 @@ "SseSpecification":{ "shape":"VerifiedAccessSseSpecificationRequest", "documentation":"The options for server side encryption.
" + }, + "RdsOptions":{ + "shape":"CreateVerifiedAccessEndpointRdsOptions", + "documentation":"The RDS details. This parameter is required if the endpoint type is rds.
The CIDR options. This parameter is required if the endpoint type is cidr.
Enable or disable support for Federal Information Processing Standards (FIPS) on the instance.
" + }, + "CidrEndpointsCustomSubDomain":{ + "shape":"String", + "documentation":"The custom subdomain.
" } } }, @@ -16594,6 +16876,44 @@ } } }, + "CreateVerifiedAccessNativeApplicationOidcOptions":{ + "type":"structure", + "members":{ + "PublicSigningKeyEndpoint":{ + "shape":"String", + "documentation":"The public signing key endpoint.
" + }, + "Issuer":{ + "shape":"String", + "documentation":"The OIDC issuer identifier of the IdP.
" + }, + "AuthorizationEndpoint":{ + "shape":"String", + "documentation":"The authorization endpoint of the IdP.
" + }, + "TokenEndpoint":{ + "shape":"String", + "documentation":"The token endpoint of the IdP.
" + }, + "UserInfoEndpoint":{ + "shape":"String", + "documentation":"The user info endpoint of the IdP.
" + }, + "ClientId":{ + "shape":"String", + "documentation":"The OAuth 2.0 client identifier.
" + }, + "ClientSecret":{ + "shape":"ClientSecretType", + "documentation":"The OAuth 2.0 client secret.
" + }, + "Scope":{ + "shape":"String", + "documentation":"The set of user claims to be requested from the IdP.
" + } + }, + "documentation":"Describes the OpenID Connect (OIDC) options.
" + }, "CreateVerifiedAccessTrustProviderDeviceOptions":{ "type":"structure", "members":{ @@ -16694,6 +17014,10 @@ "SseSpecification":{ "shape":"VerifiedAccessSseSpecificationRequest", "documentation":"The options for server side encryption.
" + }, + "NativeApplicationOidcOptions":{ + "shape":"CreateVerifiedAccessNativeApplicationOidcOptions", + "documentation":"The OpenID Connect (OIDC) options.
" } } }, @@ -16897,10 +17221,7 @@ }, "CreateVpcEndpointRequest":{ "type":"structure", - "required":[ - "VpcId", - "ServiceName" - ], + "required":["VpcId"], "members":{ "DryRun":{ "shape":"Boolean", @@ -16963,6 +17284,14 @@ "documentation":"The subnet configurations for the endpoint.
", "locationName":"SubnetConfiguration" }, + "ServiceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"The Amazon Resource Name (ARN) of a service network that will be associated with the VPC endpoint of type service-network.
" + }, + "ResourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of a resource configuration that will be associated with the VPC endpoint of type resource.
" + }, "ServiceRegion":{ "shape":"String", "documentation":"The Region where the service is hosted. The default is the current Region.
" @@ -17460,6 +17789,65 @@ ] }, "DateTime":{"type":"timestamp"}, + "DeclarativePoliciesMaxResults":{ + "type":"integer", + "max":1000, + "min":1 + }, + "DeclarativePoliciesReport":{ + "type":"structure", + "members":{ + "ReportId":{ + "shape":"String", + "documentation":"The ID of the report.
", + "locationName":"reportId" + }, + "S3Bucket":{ + "shape":"String", + "documentation":"The name of the Amazon S3 bucket where the report is located.
", + "locationName":"s3Bucket" + }, + "S3Prefix":{ + "shape":"String", + "documentation":"The prefix for your S3 object.
", + "locationName":"s3Prefix" + }, + "TargetId":{ + "shape":"String", + "documentation":"The root ID, organizational unit ID, or account ID.
Format:
For root: r-ab12
For OU: ou-ab12-cdef1234
For account: 123456789012
The time when the report generation started.
", + "locationName":"startTime" + }, + "EndTime":{ + "shape":"MillisecondDateTime", + "documentation":"The time when the report generation ended.
", + "locationName":"endTime" + }, + "Status":{ + "shape":"ReportState", + "documentation":"The current status of the report.
", + "locationName":"status" + }, + "Tags":{ + "shape":"TagList", + "documentation":"Any tags assigned to the report.
", + "locationName":"tagSet" + } + }, + "documentation":"Describes the metadata of the account status report.
" + }, + "DeclarativePoliciesReportId":{"type":"string"}, + "DeclarativePoliciesReportList":{ + "type":"list", + "member":{ + "shape":"DeclarativePoliciesReport", + "locationName":"item" + } + }, "DedicatedHostFlag":{"type":"boolean"}, "DedicatedHostId":{"type":"string"}, "DedicatedHostIdList":{ @@ -20798,6 +21186,43 @@ }, "documentation":"Contains the output of DescribeCustomerGateways.
" }, + "DescribeDeclarativePoliciesReportsRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
" + }, + "MaxResults":{ + "shape":"DeclarativePoliciesMaxResults", + "documentation":"The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
" + }, + "ReportIds":{ + "shape":"ValueStringList", + "documentation":"One or more report IDs.
", + "locationName":"ReportId" + } + } + }, + "DescribeDeclarativePoliciesReportsResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"The token to include in another request to get the next page of items. This value is null when there are no more items to return.
The report metadata.
", + "locationName":"reportSet" + } + } + }, "DescribeDhcpOptionsMaxResults":{ "type":"integer", "max":1000, @@ -21861,7 +22286,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"The filters.
architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac | arm64_mac).
block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.
block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.
block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).
block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.
creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.
description - The description of the image (provided during image creation).
ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.
hypervisor - The hypervisor type (ovm | xen).
image-id - The ID of the image.
image-type - The image type (machine | kernel | ramdisk).
is-public - A Boolean that indicates whether the image is public.
kernel-id - The kernel ID.
manifest-location - The location of the image manifest.
name - The name of the AMI (provided during image creation).
owner-alias - The owner alias (amazon | aws-backup-vault | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.
owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.
platform - The platform. The only supported value is windows.
product-code - The product code.
product-code.type - The type of the product code (marketplace).
ramdisk-id - The RAM disk ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-instance-id - The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This filter is applicable only if the AMI was created using CreateImage.
state - The state of the image (available | pending | failed).
state-reason-code - The reason code for the state change.
state-reason-message - The message for the state change.
sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
virtualization-type - The virtualization type (paravirtual | hvm).
The filters.
architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac | arm64_mac).
block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.
block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.
block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).
block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.
creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.
description - The description of the image (provided during image creation).
ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.
hypervisor - The hypervisor type (ovm | xen).
image-allowed - A Boolean that indicates whether the image meets the criteria specified for Allowed AMIs.
image-id - The ID of the image.
image-type - The image type (machine | kernel | ramdisk).
is-public - A Boolean that indicates whether the image is public.
kernel-id - The kernel ID.
manifest-location - The location of the image manifest.
name - The name of the AMI (provided during image creation).
owner-alias - The owner alias (amazon | aws-backup-vault | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.
owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.
platform - The platform. The only supported value is windows.
product-code - The product code.
product-code.type - The type of the product code (marketplace).
ramdisk-id - The RAM disk ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-image-id - The ID of the source AMI from which the AMI was created.
source-image-region - The Region of the source AMI.
source-instance-id - The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This filter is applicable only if the AMI was created using CreateImage.
state - The state of the image (available | pending | failed).
state-reason-code - The reason code for the state change.
state-reason-message - The message for the state change.
sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
virtualization-type - The virtualization type (paravirtual | hvm).
The filters.
availability-zone - The name of the Availability Zone (for example, us-west-2a) or Local Zone (for example, us-west-2-lax-1b) of the instance.
instance-id - The ID of the instance.
instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
instance-type - The type of instance (for example, t3.micro).
launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2023-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2023-09-29T*, which matches an entire day.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
zone-id - The ID of the Availability Zone (for example, usw2-az2) or Local Zone (for example, usw2-lax1-az1) of the instance.
The filters.
availability-zone - The name of the Availability Zone (for example, us-west-2a) or Local Zone (for example, us-west-2-lax-1b) of the instance.
instance-id - The ID of the instance.
image-allowed - A Boolean that indicates whether the image meets the criteria specified for Allowed AMIs.
instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
instance-type - The type of instance (for example, t3.micro).
launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2023-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2023-09-29T*, which matches an entire day.
owner-alias - The owner alias (amazon | aws-marketplace | aws-backup-vault). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.
owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
zone-id - The ID of the Availability Zone (for example, usw2-az2) or Local Zone (for example, usw2-lax1-az1) of the instance.
The filters.
description - A description of the snapshot.
encrypted - Indicates whether the snapshot is encrypted (true | false)
owner-alias - The owner alias, from an Amazon-maintained list (amazon). This is not the user-configured Amazon Web Services account alias set using the IAM console. We recommend that you use the related parameter instead of this filter.
owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the related parameter instead of this filter.
progress - The progress of the snapshot, as a percentage (for example, 80%).
snapshot-id - The snapshot ID.
start-time - The time stamp when the snapshot was initiated.
status - The status of the snapshot (pending | completed | error).
storage-tier - The storage tier of the snapshot (archive | standard).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
volume-id - The ID of the volume the snapshot is for.
volume-size - The size of the volume, in GiB.
The filters.
description - A description of the snapshot.
encrypted - Indicates whether the snapshot is encrypted (true | false)
owner-alias - The owner alias, from an Amazon-maintained list (amazon). This is not the user-configured Amazon Web Services account alias set using the IAM console. We recommend that you use the related parameter instead of this filter.
owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the related parameter instead of this filter.
progress - The progress of the snapshot, as a percentage (for example, 80%).
snapshot-id - The snapshot ID.
start-time - The time stamp when the snapshot was initiated.
status - The status of the snapshot (pending | completed | error).
storage-tier - The storage tier of the snapshot (archive | standard).
transfer-type - The type of operation used to create the snapshot (time-based | standard).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
volume-id - The ID of the volume the snapshot is for.
volume-size - The size of the volume, in GiB.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The IDs of the VPC endpoints.
", + "locationName":"VpcEndpointId" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"The filters.
vpc-endpoint-id - The ID of the VPC endpoint.
associated-resource-accessibility - The association state. When the state is accessible, it returns AVAILABLE. When the state is inaccessible, it returns PENDING or FAILED.
association-id - The ID of the VPC endpoint association.
associated-resource-id - The ID of the associated resource configuration.
service-network-arn - The Amazon Resource Name (ARN) of the associated service network. Only VPC endpoints of type service network will be returned.
resource-configuration-group-arn - The Amazon Resource Name (ARN) of the resource configuration of type GROUP.
service-network-resource-association-id - The ID of the association.
The maximum page size.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token.
" + } + } + }, + "DescribeVpcEndpointAssociationsResult":{ + "type":"structure", + "members":{ + "VpcEndpointAssociations":{ + "shape":"VpcEndpointAssociationSet", + "documentation":"Details of the endpoint associations.
", + "locationName":"vpcEndpointAssociationSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token.
", + "locationName":"nextToken" + } + } + }, "DescribeVpcEndpointConnectionNotificationsRequest":{ "type":"structure", "members":{ @@ -27101,6 +27568,13 @@ "jumpcloud" ] }, + "DeviceTrustProviderTypeList":{ + "type":"list", + "member":{ + "shape":"DeviceTrustProviderType", + "locationName":"item" + } + }, "DeviceType":{ "type":"string", "enum":[ @@ -27224,6 +27698,25 @@ } } }, + "DisableAllowedImagesSettingsRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns disabled if the request succeeds; otherwise, it returns an error.
The entity that manages the EBS volume.
", + "documentation":"The service provider that manages the EBS volume.
", "locationName":"operator" } }, @@ -29222,6 +29715,30 @@ } } }, + "EnableAllowedImagesSettingsRequest":{ + "type":"structure", + "required":["AllowedImagesSettingsState"], + "members":{ + "AllowedImagesSettingsState":{ + "shape":"AllowedImagesSettingsEnabledState", + "documentation":"Specify enabled to apply the image criteria specified by the Allowed AMIs settings. Specify audit-mode so that you can check which AMIs will be allowed or not allowed by the image criteria.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns enabled or audit-mode if the request succeeds; otherwise, it returns an error.
The ID of the Verified Access instance.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The version.
", + "locationName":"version" + }, + "VerifiedAccessInstanceId":{ + "shape":"String", + "documentation":"The ID of the Verified Access instance.
", + "locationName":"verifiedAccessInstanceId" + }, + "Region":{ + "shape":"String", + "documentation":"The Region.
", + "locationName":"region" + }, + "DeviceTrustProviders":{ + "shape":"DeviceTrustProviderTypeList", + "documentation":"The device trust providers.
", + "locationName":"deviceTrustProviderSet" + }, + "UserTrustProvider":{ + "shape":"VerifiedAccessInstanceUserTrustProviderClientConfiguration", + "documentation":"The user identity trust provider.
", + "locationName":"userTrustProvider" + }, + "OpenVpnConfigurations":{ + "shape":"VerifiedAccessInstanceOpenVpnClientConfigurationList", + "documentation":"The Open VPN configuration.
", + "locationName":"openVpnConfigurationSet" + } + } + }, "ExportVmTaskId":{"type":"string"}, "FailedCapacityReservationFleetCancellationResult":{ "type":"structure", @@ -31815,6 +32381,35 @@ "type":"string", "enum":["ipsec.1"] }, + "GetAllowedImagesSettingsRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The current state of the Allowed AMIs setting at the account level in the specified Amazon Web Services Region.
Possible values:
disabled: All AMIs are allowed.
audit-mode: All AMIs are allowed, but the ImageAllowed field is set to true if the AMI would be allowed with the current list of criteria if allowed AMIs was enabled.
enabled: Only AMIs matching the image criteria are discoverable and available for use.
The list of criteria for images that are discoverable and usable in the account in the specified Amazon Web Services Region.
", + "locationName":"imageCriterionSet" + }, + "ManagedBy":{ + "shape":"ManagedBy", + "documentation":"The entity that manages the Allowed AMIs settings. Possible values include:
account - The Allowed AMIs settings is managed by the account.
declarative-policy - The Allowed AMIs settings is managed by a declarative policy and can't be modified by the account.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the report.
" + } + } + }, + "GetDeclarativePoliciesReportSummaryResult":{ + "type":"structure", + "members":{ + "ReportId":{ + "shape":"String", + "documentation":"The ID of the report.
", + "locationName":"reportId" + }, + "S3Bucket":{ + "shape":"String", + "documentation":"The name of the Amazon S3 bucket where the report is located.
", + "locationName":"s3Bucket" + }, + "S3Prefix":{ + "shape":"String", + "documentation":"The prefix for your S3 object.
", + "locationName":"s3Prefix" + }, + "TargetId":{ + "shape":"String", + "documentation":"The root ID, organizational unit ID, or account ID.
Format:
For root: r-ab12
For OU: ou-ab12-cdef1234
For account: 123456789012
The time when the report generation started.
", + "locationName":"startTime" + }, + "EndTime":{ + "shape":"MillisecondDateTime", + "documentation":"The time when the report generation ended.
", + "locationName":"endTime" + }, + "NumberOfAccounts":{ + "shape":"Integer", + "documentation":"The total number of accounts associated with the specified targetId.
The number of accounts where attributes could not be retrieved in any Region.
", + "locationName":"numberOfFailedAccounts" + }, + "AttributeSummaries":{ + "shape":"AttributeSummaryList", + "documentation":"The attributes described in the report.
", + "locationName":"attributeSummarySet" + } + } + }, "GetDefaultCreditSpecificationRequest":{ "type":"structure", "required":["InstanceFamily"], @@ -32316,6 +32975,11 @@ "shape":"String", "documentation":"The current state of block public access for AMIs at the account level in the specified Amazon Web Services Region.
Possible values:
block-new-sharing - Any attempt to publicly share your AMIs in the specified Region is blocked.
unblocked - Your AMIs in the specified Region can be publicly shared.
The entity that manages the state for block public access for AMIs. Possible values include:
account - The state is managed by the account.
declarative-policy - The state is managed by a declarative policy and can't be modified by the account.
If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.
The entity that manages access to the serial console. Possible values include:
account - Access is managed by the account.
declarative-policy - Access is managed by a declarative policy and can't be modified by the account.
The current state of block public access for snapshots. Possible values include:
block-all-sharing - All public sharing of snapshots is blocked. Users in the account can't request new public sharing. Additionally, snapshots that were already publicly shared are treated as private and are not publicly available.
block-new-sharing - Only new public sharing of snapshots is blocked. Users in the account can't request new public sharing. However, snapshots that were already publicly shared, remain publicly available.
unblocked - Public sharing is not blocked. Users can publicly share snapshots.
The entity that manages the state for block public access for snapshots. Possible values include:
account - The state is managed by the account.
declarative-policy - The state is managed by a declarative policy and can't be modified by the account.
The ID of the network CIDR endpoint.
" + }, + "MaxResults":{ + "shape":"GetVerifiedAccessEndpointTargetsMaxResults", + "documentation":"The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
The token for the next page of results.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The Verified Access targets.
", + "locationName":"verifiedAccessEndpointTargetSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
The date and time, in ISO 8601 date-time format, when the AMI was last used to launch an EC2 instance. When the AMI is used to launch an instance, there is a 24-hour delay before that usage is reported.
lastLaunchedTime data is available starting April 2017.
If true, the AMI satisfies the criteria for Allowed AMIs and can be discovered and used in the account. If false and Allowed AMIs is set to enabled, the AMI can't be discovered or used in the account. If false and Allowed AMIs is set to audit-mode, the AMI can be discovered and used in the account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
", + "locationName":"imageAllowed" + }, "SourceImageId":{ "shape":"String", "documentation":"The ID of the source AMI from which the AMI was created.
The ID only appears if the AMI was created using CreateImage, CopyImage, or CreateRestoreImageTask. The ID does not appear if the AMI was created using any other API. For some older AMIs, the ID might not be available. For more information, see Identify the source AMI used to create a new AMI in the Amazon EC2 User Guide.
", @@ -34789,6 +35510,42 @@ "type":"string", "enum":["block-new-sharing"] }, + "ImageCriterion":{ + "type":"structure", + "members":{ + "ImageProviders":{ + "shape":"ImageProviderList", + "documentation":"A list of AMI providers whose AMIs are discoverable and useable in the account. Up to a total of 200 values can be specified.
Possible values:
amazon: Allow AMIs created by Amazon Web Services.
aws-marketplace: Allow AMIs created by verified providers in the Amazon Web Services Marketplace.
aws-backup-vault: Allow AMIs created by Amazon Web Services Backup.
12-digit account ID: Allow AMIs created by this account. One or more account IDs can be specified.
none: Allow AMIs created by your own account only.
The list of criteria that are evaluated to determine whch AMIs are discoverable and usable in the account in the specified Amazon Web Services Region. Currently, the only criteria that can be specified are AMI providers.
Up to 10 imageCriteria objects can be specified, and up to a total of 200 values for all imageProviders. For more information, see JSON configuration for the Allowed AMIs criteria in the Amazon EC2 User Guide.
A list of image providers whose AMIs are discoverable and useable in the account. Up to a total of 200 values can be specified.
Possible values:
amazon: Allow AMIs created by Amazon Web Services.
aws-marketplace: Allow AMIs created by verified providers in the Amazon Web Services Marketplace.
aws-backup-vault: Allow AMIs created by Amazon Web Services Backup.
12-digit account ID: Allow AMIs created by this account. One or more account IDs can be specified.
none: Allow AMIs created by your own account only. When none is specified, no other values can be specified.
The list of criteria that are evaluated to determine whch AMIs are discoverable and usable in the account in the specified Amazon Web Services Region. Currently, the only criteria that can be specified are AMI providers.
Up to 10 imageCriteria objects can be specified, and up to a total of 200 values for all imageProviders. For more information, see JSON configuration for the Allowed AMIs criteria in the Amazon EC2 User Guide.
The deprecation date and time of the AMI, in UTC, in the following format: YYYY-MM-DDTHH:MM:SSZ.
", "locationName":"deprecationTime" }, + "ImageAllowed":{ + "shape":"Boolean", + "documentation":"If true, the AMI satisfies the criteria for Allowed AMIs and can be discovered and used in the account. If false, the AMI can't be discovered or used in the account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
", + "locationName":"imageAllowed" + }, "IsPublic":{ "shape":"Boolean", "documentation":"Indicates whether the AMI has public launch permissions. A value of true means this AMI has public launch permissions, while false means it has only implicit (AMI owner) or explicit (shared with your account) launch permissions.
Information about the AMI.
" }, + "ImageProvider":{"type":"string"}, + "ImageProviderList":{ + "type":"list", + "member":{ + "shape":"ImageProvider", + "locationName":"item" + } + }, + "ImageProviderRequest":{"type":"string"}, + "ImageProviderRequestList":{ + "type":"list", + "member":{ + "shape":"ImageProviderRequest", + "locationName":"item" + } + }, "ImageRecycleBinInfo":{ "type":"structure", "members":{ @@ -35963,7 +36741,7 @@ }, "Operator":{ "shape":"OperatorResponse", - "documentation":"The entity that manages the instance.
", + "documentation":"The service provider that manages the instance.
", "locationName":"operator" }, "InstanceId":{ @@ -36902,6 +37680,16 @@ "shape":"InstanceMetadataTagsState", "documentation":"Indicates whether access to instance tags from the instance metadata is enabled or disabled. For more information, see Work with instance tags using the instance metadata in the Amazon EC2 User Guide.
", "locationName":"instanceMetadataTags" + }, + "ManagedBy":{ + "shape":"ManagedBy", + "documentation":"The entity that manages the IMDS default settings. Possible values include:
account - The IMDS default settings are managed by the account.
declarative-policy - The IMDS default settings are managed by a declarative policy and can't be modified by the account.
The customized exception message that is specified in the declarative policy.
", + "locationName":"managedExceptionMessage" } }, "documentation":"The default instance metadata service (IMDS) settings that were set at the account level in the specified Amazon Web Services Region.
" @@ -37119,7 +37907,7 @@ }, "Operator":{ "shape":"OperatorResponse", - "documentation":"The entity that manages the network interface.
", + "documentation":"The service provider that manages the network interface.
", "locationName":"operator" } }, @@ -37720,7 +38508,7 @@ }, "Operator":{ "shape":"OperatorResponse", - "documentation":"The entity that manages the instance.
", + "documentation":"The service provider that manages the instance.
", "locationName":"operator" }, "Events":{ @@ -38809,7 +39597,25 @@ "x8g.24xlarge", "x8g.48xlarge", "x8g.metal-24xl", - "x8g.metal-48xl" + "x8g.metal-48xl", + "i7ie.large", + "i7ie.xlarge", + "i7ie.2xlarge", + "i7ie.3xlarge", + "i7ie.6xlarge", + "i7ie.12xlarge", + "i7ie.18xlarge", + "i7ie.24xlarge", + "i7ie.48xlarge", + "i8g.large", + "i8g.xlarge", + "i8g.2xlarge", + "i8g.4xlarge", + "i8g.8xlarge", + "i8g.12xlarge", + "i8g.16xlarge", + "i8g.24xlarge", + "i8g.metal-24xl" ] }, "InstanceTypeHypervisor":{ @@ -43471,6 +44277,13 @@ }, "documentation":"Details for Site-to-Site VPN tunnel endpoint maintenance events.
" }, + "ManagedBy":{ + "type":"string", + "enum":[ + "account", + "declarative-policy" + ] + }, "ManagedPrefixList":{ "type":"structure", "members":{ @@ -45725,6 +46538,17 @@ } } }, + "ModifyVerifiedAccessEndpointCidrOptions":{ + "type":"structure", + "members":{ + "PortRanges":{ + "shape":"ModifyVerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"PortRange" + } + }, + "documentation":"The CIDR options for a Verified Access endpoint.
" + }, "ModifyVerifiedAccessEndpointEniOptions":{ "type":"structure", "members":{ @@ -45735,6 +46559,11 @@ "Port":{ "shape":"VerifiedAccessEndpointPortNumber", "documentation":"The IP port number.
" + }, + "PortRanges":{ + "shape":"ModifyVerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"PortRange" } }, "documentation":"Describes the options when modifying a Verified Access endpoint with the network-interface type.
The IP port number.
" + }, + "PortRanges":{ + "shape":"ModifyVerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"PortRange" } }, "documentation":"Describes a load balancer when creating an Amazon Web Services Verified Access endpoint using the load-balancer type.
The start of the port range.
" + }, + "ToPort":{ + "shape":"VerifiedAccessEndpointPortNumber", + "documentation":"The end of the port range.
" + } + }, + "documentation":"Describes the port range for a Verified Access endpoint.
" + }, + "ModifyVerifiedAccessEndpointPortRangeList":{ + "type":"list", + "member":{ + "shape":"ModifyVerifiedAccessEndpointPortRange", + "locationName":"item" + } + }, + "ModifyVerifiedAccessEndpointRdsOptions":{ + "type":"structure", + "members":{ + "SubnetIds":{ + "shape":"ModifyVerifiedAccessEndpointSubnetIdList", + "documentation":"The IDs of the subnets.
", + "locationName":"SubnetId" + }, + "Port":{ + "shape":"VerifiedAccessEndpointPortNumber", + "documentation":"The port.
" + }, + "RdsEndpoint":{ + "shape":"String", + "documentation":"The RDS endpoint.
" + } + }, + "documentation":"The RDS options for a Verified Access endpoint.
" + }, "ModifyVerifiedAccessEndpointRequest":{ "type":"structure", "required":["VerifiedAccessEndpointId"], @@ -45841,6 +46715,14 @@ "DryRun":{ "shape":"Boolean", "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The RDS options.
" + }, + "CidrOptions":{ + "shape":"ModifyVerifiedAccessEndpointCidrOptions", + "documentation":"The CIDR options.
" } } }, @@ -46005,6 +46887,10 @@ "shape":"String", "documentation":"A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring idempotency.
", "idempotencyToken":true + }, + "CidrEndpointsCustomSubDomain":{ + "shape":"String", + "documentation":"The custom subdomain.
" } } }, @@ -46018,12 +46904,50 @@ } } }, + "ModifyVerifiedAccessNativeApplicationOidcOptions":{ + "type":"structure", + "members":{ + "PublicSigningKeyEndpoint":{ + "shape":"String", + "documentation":"The public signing key endpoint.
" + }, + "Issuer":{ + "shape":"String", + "documentation":"The OIDC issuer identifier of the IdP.
" + }, + "AuthorizationEndpoint":{ + "shape":"String", + "documentation":"The authorization endpoint of the IdP.
" + }, + "TokenEndpoint":{ + "shape":"String", + "documentation":"The token endpoint of the IdP.
" + }, + "UserInfoEndpoint":{ + "shape":"String", + "documentation":"The user info endpoint of the IdP.
" + }, + "ClientId":{ + "shape":"String", + "documentation":"The OAuth 2.0 client identifier.
" + }, + "ClientSecret":{ + "shape":"ClientSecretType", + "documentation":"The OAuth 2.0 client secret.
" + }, + "Scope":{ + "shape":"String", + "documentation":"The set of user claims to be requested from the IdP.
" + } + }, + "documentation":"Describes the OpenID Connect (OIDC) options.
" + }, "ModifyVerifiedAccessTrustProviderDeviceOptions":{ "type":"structure", "members":{ "PublicSigningKeyUrl":{ "shape":"String", - "documentation":"The URL Amazon Web Services Verified Access will use to verify the authenticity of the device tokens.
" + "documentation":"The URL Amazon Web Services Verified Access will use to verify the authenticity of the device tokens.
" } }, "documentation":"Modifies the configuration of the specified device-based Amazon Web Services Verified Access trust provider.
" @@ -46094,6 +47018,10 @@ "SseSpecification":{ "shape":"VerifiedAccessSseSpecificationRequest", "documentation":"The options for server side encryption.
" + }, + "NativeApplicationOidcOptions":{ + "shape":"ModifyVerifiedAccessNativeApplicationOidcOptions", + "documentation":"The OpenID Connect (OIDC) options.
" } } }, @@ -47168,6 +48096,47 @@ "deleted" ] }, + "NativeApplicationOidcOptions":{ + "type":"structure", + "members":{ + "PublicSigningKeyEndpoint":{ + "shape":"String", + "documentation":"The public signing key endpoint.
", + "locationName":"publicSigningKeyEndpoint" + }, + "Issuer":{ + "shape":"String", + "documentation":"The OIDC issuer identifier of the IdP.
", + "locationName":"issuer" + }, + "AuthorizationEndpoint":{ + "shape":"String", + "documentation":"The authorization endpoint of the IdP.
", + "locationName":"authorizationEndpoint" + }, + "TokenEndpoint":{ + "shape":"String", + "documentation":"The token endpoint of the IdP.
", + "locationName":"tokenEndpoint" + }, + "UserInfoEndpoint":{ + "shape":"String", + "documentation":"The user info endpoint of the IdP.
", + "locationName":"userInfoEndpoint" + }, + "ClientId":{ + "shape":"String", + "documentation":"The OAuth 2.0 client identifier.
", + "locationName":"clientId" + }, + "Scope":{ + "shape":"String", + "documentation":"The set of user claims to be requested from the IdP.
", + "locationName":"scope" + } + }, + "documentation":"Describes the OpenID Connect (OIDC) options.
" + }, "NetmaskLength":{"type":"integer"}, "NetworkAcl":{ "type":"structure", @@ -47928,7 +48897,7 @@ }, "Operator":{ "shape":"OperatorResponse", - "documentation":"The entity that manages the network interface.
", + "documentation":"The service provider that manages the network interface.
", "locationName":"operator" } }, @@ -48580,26 +49549,26 @@ "members":{ "Principal":{ "shape":"String", - "documentation":"The entity that manages the resource.
" + "documentation":"The service provider that manages the resource.
" } }, - "documentation":"The entity that manages the resource.
" + "documentation":"The service provider that manages the resource.
" }, "OperatorResponse":{ "type":"structure", "members":{ "Managed":{ "shape":"Boolean", - "documentation":"If true, the resource is managed by an entity.
If true, the resource is managed by an service provider.
If managed is true, then the principal is returned. The principal is the entity that manages the resource.
If managed is true, then the principal is returned. The principal is the service provider that manages the resource.
Describes whether the resource is managed by an entity and, if so, describes the entity that manages it.
" + "documentation":"Describes whether the resource is managed by an service provider and, if so, describes the service provider that manages it.
" }, "OrganizationArnStringList":{ "type":"list", @@ -50673,6 +51642,9 @@ ] }, "RamdiskId":{"type":"string"}, + "RdsDbClusterArn":{"type":"string"}, + "RdsDbInstanceArn":{"type":"string"}, + "RdsDbProxyArn":{"type":"string"}, "ReasonCodesList":{ "type":"list", "member":{ @@ -50795,6 +51767,34 @@ "max":10, "min":0 }, + "RegionalSummary":{ + "type":"structure", + "members":{ + "RegionName":{ + "shape":"String", + "documentation":"The Amazon Web Services Region.
", + "locationName":"regionName" + }, + "NumberOfMatchedAccounts":{ + "shape":"Integer", + "documentation":"The number of accounts in the Region with the same configuration value for the attribute that is most frequently observed.
", + "locationName":"numberOfMatchedAccounts" + }, + "NumberOfUnmatchedAccounts":{ + "shape":"Integer", + "documentation":"The number of accounts in the Region with a configuration value different from the most frequently observed value for the attribute.
", + "locationName":"numberOfUnmatchedAccounts" + } + }, + "documentation":"A summary report for the attribute for a Region.
" + }, + "RegionalSummaryList":{ + "type":"list", + "member":{ + "shape":"RegionalSummary", + "locationName":"item" + } + }, "RegisterImageRequest":{ "type":"structure", "required":["Name"], @@ -51328,6 +52328,30 @@ } } }, + "ReplaceImageCriteriaInAllowedImagesSettingsRequest":{ + "type":"structure", + "members":{ + "ImageCriteria":{ + "shape":"ImageCriterionRequestList", + "documentation":"The list of criteria that are evaluated to determine whether AMIs are discoverable and usable in the account in the specified Amazon Web Services Region.
", + "locationName":"ImageCriterion" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The name of the S3 bucket where the report will be saved.
" + }, + "S3Prefix":{ + "shape":"String", + "documentation":"The prefix for your S3 object.
" + }, + "TargetId":{ + "shape":"String", + "documentation":"The root ID, organizational unit ID, or account ID.
Format:
For root: r-ab12
For OU: ou-ab12-cdef1234
For account: 123456789012
The tags to apply.
", + "locationName":"TagSpecification" + } + } + }, + "StartDeclarativePoliciesReportResult":{ + "type":"structure", + "members":{ + "ReportId":{ + "shape":"String", + "documentation":"The ID of the report.
", + "locationName":"reportId" + } + } + }, "StartInstancesRequest":{ "type":"structure", "required":["InstanceIds"], @@ -57243,7 +58320,8 @@ "Deleted", "Rejected", "Failed", - "Expired" + "Expired", + "Partial" ] }, "StateReason":{ @@ -57677,6 +58755,29 @@ "locationName":"SubnetId" } }, + "SubnetIpPrefixes":{ + "type":"structure", + "members":{ + "SubnetId":{ + "shape":"String", + "documentation":"ID of the subnet.
", + "locationName":"subnetId" + }, + "IpPrefixes":{ + "shape":"ValueStringList", + "documentation":"Array of SubnetIpPrefixes objects.
", + "locationName":"ipPrefixSet" + } + }, + "documentation":"Prefixes of the subnet IP.
" + }, + "SubnetIpPrefixesList":{ + "type":"list", + "member":{ + "shape":"SubnetIpPrefixes", + "locationName":"item" + } + }, "SubnetIpv6CidrBlockAssociation":{ "type":"structure", "members":{ @@ -61297,6 +62398,16 @@ "shape":"VerifiedAccessSseSpecificationResponse", "documentation":"The options in use for server side encryption.
", "locationName":"sseSpecification" + }, + "RdsOptions":{ + "shape":"VerifiedAccessEndpointRdsOptions", + "documentation":"The options for an RDS endpoint.
", + "locationName":"rdsOptions" + }, + "CidrOptions":{ + "shape":"VerifiedAccessEndpointCidrOptions", + "documentation":"The options for a CIDR endpoint.
", + "locationName":"cidrOptions" } }, "documentation":"An Amazon Web Services Verified Access endpoint specifies the application that Amazon Web Services Verified Access provides access to. It must be attached to an Amazon Web Services Verified Access group. An Amazon Web Services Verified Access endpoint must also have an attached access policy before you attached it to a group.
" @@ -61305,6 +62416,32 @@ "type":"string", "enum":["vpc"] }, + "VerifiedAccessEndpointCidrOptions":{ + "type":"structure", + "members":{ + "Cidr":{ + "shape":"String", + "documentation":"The CIDR.
", + "locationName":"cidr" + }, + "PortRanges":{ + "shape":"VerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"portRangeSet" + }, + "Protocol":{ + "shape":"VerifiedAccessEndpointProtocol", + "documentation":"The protocol.
", + "locationName":"protocol" + }, + "SubnetIds":{ + "shape":"VerifiedAccessEndpointSubnetIdList", + "documentation":"The IDs of the subnets.
", + "locationName":"subnetIdSet" + } + }, + "documentation":"Describes the CIDR options for a Verified Access endpoint.
" + }, "VerifiedAccessEndpointEniOptions":{ "type":"structure", "members":{ @@ -61322,6 +62459,11 @@ "shape":"VerifiedAccessEndpointPortNumber", "documentation":"The IP port number.
", "locationName":"port" + }, + "PortRanges":{ + "shape":"VerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"portRangeSet" } }, "documentation":"Options for a network-interface type endpoint.
" @@ -61363,6 +62505,11 @@ "shape":"VerifiedAccessEndpointSubnetIdList", "documentation":"The IDs of the subnets.
", "locationName":"subnetIdSet" + }, + "PortRanges":{ + "shape":"VerifiedAccessEndpointPortRangeList", + "documentation":"The port ranges.
", + "locationName":"portRangeSet" } }, "documentation":"Describes a load balancer when creating an Amazon Web Services Verified Access endpoint using the load-balancer type.
The start of the port range.
", + "locationName":"fromPort" + }, + "ToPort":{ + "shape":"VerifiedAccessEndpointPortNumber", + "documentation":"The end of the port range.
", + "locationName":"toPort" + } + }, + "documentation":"Describes a port range.
" + }, + "VerifiedAccessEndpointPortRangeList":{ + "type":"list", + "member":{ + "shape":"VerifiedAccessEndpointPortRange", + "locationName":"item" + } + }, "VerifiedAccessEndpointProtocol":{ "type":"string", "enum":[ "http", - "https" + "https", + "tcp" ] }, + "VerifiedAccessEndpointRdsOptions":{ + "type":"structure", + "members":{ + "Protocol":{ + "shape":"VerifiedAccessEndpointProtocol", + "documentation":"The protocol.
", + "locationName":"protocol" + }, + "Port":{ + "shape":"VerifiedAccessEndpointPortNumber", + "documentation":"The port.
", + "locationName":"port" + }, + "RdsDbInstanceArn":{ + "shape":"String", + "documentation":"The ARN of the RDS instance.
", + "locationName":"rdsDbInstanceArn" + }, + "RdsDbClusterArn":{ + "shape":"String", + "documentation":"The ARN of the DB cluster.
", + "locationName":"rdsDbClusterArn" + }, + "RdsDbProxyArn":{ + "shape":"String", + "documentation":"The ARN of the RDS proxy.
", + "locationName":"rdsDbProxyArn" + }, + "RdsEndpoint":{ + "shape":"String", + "documentation":"The RDS endpoint.
", + "locationName":"rdsEndpoint" + }, + "SubnetIds":{ + "shape":"VerifiedAccessEndpointSubnetIdList", + "documentation":"The IDs of the subnets.
", + "locationName":"subnetIdSet" + } + }, + "documentation":"Describes the RDS options for a Verified Access endpoint.
" + }, "VerifiedAccessEndpointStatus":{ "type":"structure", "members":{ @@ -61412,11 +62624,41 @@ "locationName":"item" } }, + "VerifiedAccessEndpointTarget":{ + "type":"structure", + "members":{ + "VerifiedAccessEndpointId":{ + "shape":"VerifiedAccessEndpointId", + "documentation":"The ID of the Verified Access endpoint.
", + "locationName":"verifiedAccessEndpointId" + }, + "VerifiedAccessEndpointTargetIpAddress":{ + "shape":"String", + "documentation":"The IP address of the target.
", + "locationName":"verifiedAccessEndpointTargetIpAddress" + }, + "VerifiedAccessEndpointTargetDns":{ + "shape":"String", + "documentation":"The DNS name of the target.
", + "locationName":"verifiedAccessEndpointTargetDns" + } + }, + "documentation":"Describes the targets for the specified Verified Access endpoint.
" + }, + "VerifiedAccessEndpointTargetList":{ + "type":"list", + "member":{ + "shape":"VerifiedAccessEndpointTarget", + "locationName":"item" + } + }, "VerifiedAccessEndpointType":{ "type":"string", "enum":[ "load-balancer", - "network-interface" + "network-interface", + "rds", + "cidr" ] }, "VerifiedAccessGroup":{ @@ -61527,10 +62769,31 @@ "shape":"Boolean", "documentation":"Indicates whether support for Federal Information Processing Standards (FIPS) is enabled on the instance.
", "locationName":"fipsEnabled" + }, + "CidrEndpointsCustomSubDomain":{ + "shape":"VerifiedAccessInstanceCustomSubDomain", + "documentation":"The custom subdomain.
", + "locationName":"cidrEndpointsCustomSubDomain" } }, "documentation":"Describes a Verified Access instance.
" }, + "VerifiedAccessInstanceCustomSubDomain":{ + "type":"structure", + "members":{ + "SubDomain":{ + "shape":"String", + "documentation":"The subdomain.
", + "locationName":"subDomain" + }, + "Nameservers":{ + "shape":"ValueStringList", + "documentation":"The name servers.
", + "locationName":"nameserverSet" + } + }, + "documentation":"Describes a custom subdomain for a network CIDR endpoint for Verified Access.
" + }, "VerifiedAccessInstanceId":{"type":"string"}, "VerifiedAccessInstanceIdList":{ "type":"list", @@ -61569,6 +62832,103 @@ "locationName":"item" } }, + "VerifiedAccessInstanceOpenVpnClientConfiguration":{ + "type":"structure", + "members":{ + "Config":{ + "shape":"String", + "documentation":"The base64-encoded Open VPN client configuration.
", + "locationName":"config" + }, + "Routes":{ + "shape":"VerifiedAccessInstanceOpenVpnClientConfigurationRouteList", + "documentation":"The routes.
", + "locationName":"routeSet" + } + }, + "documentation":"Describes a set of routes.
" + }, + "VerifiedAccessInstanceOpenVpnClientConfigurationList":{ + "type":"list", + "member":{ + "shape":"VerifiedAccessInstanceOpenVpnClientConfiguration", + "locationName":"item" + } + }, + "VerifiedAccessInstanceOpenVpnClientConfigurationRoute":{ + "type":"structure", + "members":{ + "Cidr":{ + "shape":"String", + "documentation":"The CIDR block.
", + "locationName":"cidr" + } + }, + "documentation":"Describes a route.
" + }, + "VerifiedAccessInstanceOpenVpnClientConfigurationRouteList":{ + "type":"list", + "member":{ + "shape":"VerifiedAccessInstanceOpenVpnClientConfigurationRoute", + "locationName":"item" + } + }, + "VerifiedAccessInstanceUserTrustProviderClientConfiguration":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"UserTrustProviderType", + "documentation":"The trust provider type.
", + "locationName":"type" + }, + "Scopes":{ + "shape":"String", + "documentation":"The set of user claims to be requested from the IdP.
", + "locationName":"scopes" + }, + "Issuer":{ + "shape":"String", + "documentation":"The OIDC issuer identifier of the IdP.
", + "locationName":"issuer" + }, + "AuthorizationEndpoint":{ + "shape":"String", + "documentation":"The authorization endpoint of the IdP.
", + "locationName":"authorizationEndpoint" + }, + "PublicSigningKeyEndpoint":{ + "shape":"String", + "documentation":"The public signing key endpoint.
", + "locationName":"publicSigningKeyEndpoint" + }, + "TokenEndpoint":{ + "shape":"String", + "documentation":"The token endpoint of the IdP.
", + "locationName":"tokenEndpoint" + }, + "UserInfoEndpoint":{ + "shape":"String", + "documentation":"The user info endpoint of the IdP.
", + "locationName":"userInfoEndpoint" + }, + "ClientId":{ + "shape":"String", + "documentation":"The OAuth 2.0 client identifier.
", + "locationName":"clientId" + }, + "ClientSecret":{ + "shape":"ClientSecretType", + "documentation":"The OAuth 2.0 client secret.
", + "locationName":"clientSecret" + }, + "PkceEnabled":{ + "shape":"Boolean", + "documentation":"Indicates whether Proof of Key Code Exchange (PKCE) is enabled.
", + "locationName":"pkceEnabled" + } + }, + "documentation":"Describes the trust provider.
" + }, "VerifiedAccessLogCloudWatchLogsDestination":{ "type":"structure", "members":{ @@ -61867,6 +63227,11 @@ "shape":"VerifiedAccessSseSpecificationResponse", "documentation":"The options in use for server side encryption.
", "locationName":"sseSpecification" + }, + "NativeApplicationOidcOptions":{ + "shape":"NativeApplicationOidcOptions", + "documentation":"The OpenID Connect (OIDC) options.
", + "locationName":"nativeApplicationOidcOptions" } }, "documentation":"Describes a Verified Access trust provider.
" @@ -62047,7 +63412,7 @@ }, "Operator":{ "shape":"OperatorResponse", - "documentation":"The entity that manages the volume.
", + "documentation":"The service provider that manages the volume.
", "locationName":"operator" }, "VolumeId":{ @@ -62695,6 +64060,13 @@ "disable-complete" ] }, + "VpcBlockPublicAccessExclusionsAllowed":{ + "type":"string", + "enum":[ + "allowed", + "not-allowed" + ] + }, "VpcBlockPublicAccessOptions":{ "type":"structure", "members":{ @@ -62727,6 +64099,16 @@ "shape":"MillisecondDateTime", "documentation":"The last time the VPC BPA mode was updated.
", "locationName":"lastUpdateTimestamp" + }, + "ManagedBy":{ + "shape":"ManagedBy", + "documentation":"The entity that manages the state of VPC BPA. Possible values include:
account - The state is managed by the account.
declarative-policy - The state is managed by a declarative policy and can't be modified by the account.
Determines if exclusions are allowed. If you have enabled VPC BPA at the Organization level, exclusions may be not-allowed. Otherwise, they are allowed.
VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" @@ -62928,6 +64310,31 @@ "documentation":"The last error that occurred for endpoint.
", "locationName":"lastError" }, + "Ipv4Prefixes":{ + "shape":"SubnetIpPrefixesList", + "documentation":"Array of IPv4 prefixes.
", + "locationName":"ipv4PrefixSet" + }, + "Ipv6Prefixes":{ + "shape":"SubnetIpPrefixesList", + "documentation":"Array of IPv6 prefixes.
", + "locationName":"ipv6PrefixSet" + }, + "FailureReason":{ + "shape":"String", + "documentation":"Reason for the failure.
", + "locationName":"failureReason" + }, + "ServiceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"The Amazon Resource Name (ARN) of the service network.
", + "locationName":"serviceNetworkArn" + }, + "ResourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration.
", + "locationName":"resourceConfigurationArn" + }, "ServiceRegion":{ "shape":"String", "documentation":"The Region where the service is hosted.
", @@ -62936,6 +64343,79 @@ }, "documentation":"Describes a VPC endpoint.
" }, + "VpcEndpointAssociation":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"String", + "documentation":"The ID of the VPC endpoint association.
", + "locationName":"id" + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"The ID of the VPC endpoint.
", + "locationName":"vpcEndpointId" + }, + "ServiceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"The Amazon Resource Name (ARN) of the service network.
", + "locationName":"serviceNetworkArn" + }, + "ServiceNetworkName":{ + "shape":"String", + "documentation":"The name of the service network.
", + "locationName":"serviceNetworkName" + }, + "AssociatedResourceAccessibility":{ + "shape":"String", + "documentation":"The connectivity status of the resources associated to a VPC endpoint. The resource is accessible if the associated resource configuration is AVAILABLE, otherwise the resource is inaccessible.
A message related to why an VPC endpoint association failed.
", + "locationName":"failureReason" + }, + "FailureCode":{ + "shape":"String", + "documentation":"An error code related to why an VPC endpoint association failed.
", + "locationName":"failureCode" + }, + "DnsEntry":{ + "shape":"DnsEntry", + "documentation":"The DNS entry of the VPC endpoint association.
", + "locationName":"dnsEntry" + }, + "PrivateDnsEntry":{ + "shape":"DnsEntry", + "documentation":"The private DNS entry of the VPC endpoint association.
", + "locationName":"privateDnsEntry" + }, + "AssociatedResourceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the associated resource.
", + "locationName":"associatedResourceArn" + }, + "ResourceConfigurationGroupArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the resource configuration group.
", + "locationName":"resourceConfigurationGroupArn" + }, + "Tags":{ + "shape":"TagList", + "documentation":"The tags to apply to the VPC endpoint association.
", + "locationName":"tagSet" + } + }, + "documentation":"Describes the VPC resources, VPC endpoint services, Lattice services, or service networks associated with the VPC endpoint.
" + }, + "VpcEndpointAssociationSet":{ + "type":"list", + "member":{ + "shape":"VpcEndpointAssociation", + "locationName":"item" + } + }, "VpcEndpointConnection":{ "type":"structure", "members":{ @@ -63058,7 +64538,9 @@ "enum":[ "Interface", "Gateway", - "GatewayLoadBalancer" + "GatewayLoadBalancer", + "Resource", + "ServiceNetwork" ] }, "VpcFlowLogId":{"type":"string"}, @@ -63797,6 +65279,11 @@ "type":"string", "sensitive":true }, + "maxResults":{ + "type":"integer", + "max":100, + "min":1 + }, "preSharedKey":{ "type":"string", "sensitive":true From 632a5a2e9474b6eccb48dc0139b443fe747f6a24 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:48:20 +0000 Subject: [PATCH 33/35] Amazon Simple Storage Service Update: Amazon S3 introduces support for AWS Dedicated Local Zones --- ...re-AmazonSimpleStorageService-36d4cfc.json | 6 + .../codegen-resources/endpoint-rule-set.json | 528 ++++++++++++++++++ .../codegen-resources/endpoint-tests.json | 483 ++++++++++++++-- .../codegen-resources/service-2.json | 146 ++--- 4 files changed, 1053 insertions(+), 110 deletions(-) create mode 100644 .changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json diff --git a/.changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json b/.changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json new file mode 100644 index 00000000000..3586cd88780 --- /dev/null +++ b/.changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Simple Storage Service", + "contributor": "", + "description": "Amazon S3 introduces support for AWS Dedicated Local Zones" +} diff --git a/services/s3/src/main/resources/codegen-resources/endpoint-rule-set.json b/services/s3/src/main/resources/codegen-resources/endpoint-rule-set.json index 1ef9810cdac..6a11be757de 100644 --- a/services/s3/src/main/resources/codegen-resources/endpoint-rule-set.json +++ b/services/s3/src/main/resources/codegen-resources/endpoint-rule-set.json @@ -863,6 +863,270 @@ ], "type": "tree" }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 19, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 19, + 21, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 20, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 20, + 22, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 26, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 26, + 28, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [], "error": "Unrecognized S3Express bucket name format.", @@ -1047,6 +1311,270 @@ ], "type": "tree" }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 19, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 19, + 21, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 20, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 20, + 22, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 26, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 26, + 28, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [], "error": "Unrecognized S3Express bucket name format.", diff --git a/services/s3/src/main/resources/codegen-resources/endpoint-tests.json b/services/s3/src/main/resources/codegen-resources/endpoint-tests.json index b6575d8e020..b6a69202747 100644 --- a/services/s3/src/main/resources/codegen-resources/endpoint-tests.json +++ b/services/s3/src/main/resources/codegen-resources/endpoint-tests.json @@ -7844,7 +7844,7 @@ } }, { - "documentation": "Data Plane with short AZ", + "documentation": "Data Plane with short zone name", "expect": { "endpoint": { "properties": { @@ -7858,7 +7858,7 @@ ], "backend": "S3Express" }, - "url": "https://mybucket--use1-az1--x-s3.s3express-use1-az1.us-east-1.amazonaws.com" + "url": "https://mybucket--abcd-ab1--x-s3.s3express-abcd-ab1.us-east-1.amazonaws.com" } }, "operationInputs": [ @@ -7868,14 +7868,14 @@ }, "operationName": "GetObject", "operationParams": { - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--abcd-ab1--x-s3", "Key": "key" } } ], "params": { "Region": "us-east-1", - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--abcd-ab1--x-s3", "UseFIPS": false, "UseDualStack": false, "Accelerate": false, @@ -7883,7 +7883,124 @@ } }, { - "documentation": "Data Plane with short AZ fips", + "documentation": "Data Plane with short zone names (13 chars)", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test-zone-ab1--x-s3.s3express-test-zone-ab1.us-west-2.amazonaws.com" + } + }, + "operationInputs": [ + { + "builtInParams": { + "AWS::Region": "us-west-2" + }, + "operationName": "GetObject", + "operationParams": { + "Bucket": "mybucket--test-zone-ab1--x-s3", + "Key": "key" + } + } + ], + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test-zone-ab1--x-s3", + "UseFIPS": false, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false + } + }, + { + "documentation": "Data Plane with medium zone names (14 chars)", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-zone-ab1--x-s3.s3express-test1-zone-ab1.us-west-2.amazonaws.com" + } + }, + "operationInputs": [ + { + "builtInParams": { + "AWS::Region": "us-west-2" + }, + "operationName": "GetObject", + "operationParams": { + "Bucket": "mybucket--test1-zone-ab1--x-s3", + "Key": "key" + } + } + ], + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-zone-ab1--x-s3", + "UseFIPS": false, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false + } + }, + { + "documentation": "Data Plane with long zone names (20 chars)", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-long1-zone-ab1--x-s3.s3express-test1-long1-zone-ab1.us-west-2.amazonaws.com" + } + }, + "operationInputs": [ + { + "builtInParams": { + "AWS::Region": "us-west-2" + }, + "operationName": "GetObject", + "operationParams": { + "Bucket": "mybucket--test1-long1-zone-ab1--x-s3", + "Key": "key" + } + } + ], + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-long1-zone-ab1--x-s3", + "UseFIPS": false, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false + } + }, + { + "documentation": "Data Plane with short zone fips", "expect": { "endpoint": { "properties": { @@ -7897,7 +8014,7 @@ ], "backend": "S3Express" }, - "url": "https://mybucket--use1-az1--x-s3.s3express-fips-use1-az1.us-east-1.amazonaws.com" + "url": "https://mybucket--test-ab1--x-s3.s3express-fips-test-ab1.us-east-1.amazonaws.com" } }, "operationInputs": [ @@ -7908,14 +8025,134 @@ }, "operationName": "GetObject", "operationParams": { - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", "Key": "key" } } ], "params": { "Region": "us-east-1", - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", + "UseFIPS": true, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false + } + }, + { + "documentation": "Data Plane with short zone (13 chars) fips", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test-zone-ab1--x-s3.s3express-fips-test-zone-ab1.us-west-2.amazonaws.com" + } + }, + "operationInputs": [ + { + "builtInParams": { + "AWS::Region": "us-west-2", + "AWS::UseFIPS": true + }, + "operationName": "GetObject", + "operationParams": { + "Bucket": "mybucket--test-zone-ab1--x-s3", + "Key": "key" + } + } + ], + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test-zone-ab1--x-s3", + "UseFIPS": true, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false + } + }, + { + "documentation": "Data Plane with medium zone (14 chars) fips", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-zone-ab1--x-s3.s3express-fips-test1-zone-ab1.us-west-2.amazonaws.com" + } + }, + "operationInputs": [ + { + "builtInParams": { + "AWS::Region": "us-west-2", + "AWS::UseFIPS": true + }, + "operationName": "GetObject", + "operationParams": { + "Bucket": "mybucket--test1-zone-ab1--x-s3", + "Key": "key" + } + } + ], + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-zone-ab1--x-s3", + "UseFIPS": true, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false + } + }, + { + "documentation": "Data Plane with long zone (20 chars) fips", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-long1-zone-ab1--x-s3.s3express-fips-test1-long1-zone-ab1.us-west-2.amazonaws.com" + } + }, + "operationInputs": [ + { + "builtInParams": { + "AWS::Region": "us-west-2", + "AWS::UseFIPS": true + }, + "operationName": "GetObject", + "operationParams": { + "Bucket": "mybucket--test1-long1-zone-ab1--x-s3", + "Key": "key" + } + } + ], + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-long1-zone-ab1--x-s3", "UseFIPS": true, "UseDualStack": false, "Accelerate": false, @@ -7931,30 +8168,30 @@ { "name": "sigv4-s3express", "signingName": "s3express", - "signingRegion": "ap-northeast-1", + "signingRegion": "us-west-2", "disableDoubleEncoding": true } ], "backend": "S3Express" }, - "url": "https://mybucket--apne1-az1--x-s3.s3express-apne1-az1.ap-northeast-1.amazonaws.com" + "url": "https://mybucket--test1-az1--x-s3.s3express-test1-az1.us-west-2.amazonaws.com" } }, "operationInputs": [ { "builtInParams": { - "AWS::Region": "ap-northeast-1" + "AWS::Region": "us-west-2" }, "operationName": "GetObject", "operationParams": { - "Bucket": "mybucket--apne1-az1--x-s3", + "Bucket": "mybucket--test1-az1--x-s3", "Key": "key" } } ], "params": { - "Region": "ap-northeast-1", - "Bucket": "mybucket--apne1-az1--x-s3", + "Region": "us-west-2", + "Bucket": "mybucket--test1-az1--x-s3", "UseFIPS": false, "UseDualStack": false, "Accelerate": false, @@ -7970,31 +8207,31 @@ { "name": "sigv4-s3express", "signingName": "s3express", - "signingRegion": "ap-northeast-1", + "signingRegion": "us-west-2", "disableDoubleEncoding": true } ], "backend": "S3Express" }, - "url": "https://mybucket--apne1-az1--x-s3.s3express-fips-apne1-az1.ap-northeast-1.amazonaws.com" + "url": "https://mybucket--test1-az1--x-s3.s3express-fips-test1-az1.us-west-2.amazonaws.com" } }, "operationInputs": [ { "builtInParams": { - "AWS::Region": "ap-northeast-1", + "AWS::Region": "us-west-2", "AWS::UseFIPS": true }, "operationName": "GetObject", "operationParams": { - "Bucket": "mybucket--apne1-az1--x-s3", + "Bucket": "mybucket--test1-az1--x-s3", "Key": "key" } } ], "params": { - "Region": "ap-northeast-1", - "Bucket": "mybucket--apne1-az1--x-s3", + "Region": "us-west-2", + "Bucket": "mybucket--test1-az1--x-s3", "UseFIPS": true, "UseDualStack": false, "Accelerate": false, @@ -8016,7 +8253,7 @@ ], "backend": "S3Express" }, - "url": "https://s3express-control.us-east-1.amazonaws.com/mybucket--use1-az1--x-s3" + "url": "https://s3express-control.us-east-1.amazonaws.com/mybucket--test-ab1--x-s3" } }, "operationInputs": [ @@ -8026,13 +8263,13 @@ }, "operationName": "CreateBucket", "operationParams": { - "Bucket": "mybucket--use1-az1--x-s3" + "Bucket": "mybucket--test-ab1--x-s3" } } ], "params": { "Region": "us-east-1", - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", "UseFIPS": false, "UseDualStack": false, "Accelerate": false, @@ -8055,7 +8292,7 @@ ], "backend": "S3Express" }, - "url": "https://s3express-control-fips.us-east-1.amazonaws.com/mybucket--use1-az1--x-s3" + "url": "https://s3express-control-fips.us-east-1.amazonaws.com/mybucket--test-ab1--x-s3" } }, "operationInputs": [ @@ -8066,13 +8303,13 @@ }, "operationName": "CreateBucket", "operationParams": { - "Bucket": "mybucket--use1-az1--x-s3" + "Bucket": "mybucket--test-ab1--x-s3" } } ], "params": { "Region": "us-east-1", - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", "UseFIPS": true, "UseDualStack": false, "Accelerate": false, @@ -8178,6 +8415,33 @@ "DisableS3ExpressSessionAuth": true } }, + { + "documentation": "Data Plane sigv4 auth with short zone (13 chars)", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test-zone-ab1--x-s3.s3express-test-zone-ab1.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test-zone-ab1--x-s3", + "UseFIPS": false, + "UseDualStack": false, + "Accelerate": false, + "DisableS3ExpressSessionAuth": true + } + }, { "documentation": "Data Plane sigv4 auth with short AZ fips", "expect": { @@ -8205,6 +8469,33 @@ "DisableS3ExpressSessionAuth": true } }, + { + "documentation": "Data Plane sigv4 auth with short zone (13 chars) fips", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test-zone-ab1--x-s3.s3express-fips-test-zone-ab1.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test-zone-ab1--x-s3", + "UseFIPS": true, + "UseDualStack": false, + "Accelerate": false, + "DisableS3ExpressSessionAuth": true + } + }, { "documentation": "Data Plane sigv4 auth with long AZ", "expect": { @@ -8214,18 +8505,74 @@ { "name": "sigv4", "signingName": "s3express", - "signingRegion": "ap-northeast-1", + "signingRegion": "us-west-2", "disableDoubleEncoding": true } ], "backend": "S3Express" }, - "url": "https://mybucket--apne1-az1--x-s3.s3express-apne1-az1.ap-northeast-1.amazonaws.com" + "url": "https://mybucket--test1-az1--x-s3.s3express-test1-az1.us-west-2.amazonaws.com" } }, "params": { - "Region": "ap-northeast-1", - "Bucket": "mybucket--apne1-az1--x-s3", + "Region": "us-west-2", + "Bucket": "mybucket--test1-az1--x-s3", + "UseFIPS": false, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false, + "DisableS3ExpressSessionAuth": true + } + }, + { + "documentation": "Data Plane sigv4 auth with medium zone(14 chars)", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-zone-ab1--x-s3.s3express-test1-zone-ab1.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-zone-ab1--x-s3", + "UseFIPS": false, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false, + "DisableS3ExpressSessionAuth": true + } + }, + { + "documentation": "Data Plane sigv4 auth with long zone(20 chars)", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-long1-zone-ab1--x-s3.s3express-test1-long1-zone-ab1.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-long1-zone-ab1--x-s3", "UseFIPS": false, "UseDualStack": false, "Accelerate": false, @@ -8242,18 +8589,74 @@ { "name": "sigv4", "signingName": "s3express", - "signingRegion": "ap-northeast-1", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-az1--x-s3.s3express-fips-test1-az1.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-az1--x-s3", + "UseFIPS": true, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false, + "DisableS3ExpressSessionAuth": true + } + }, + { + "documentation": "Data Plane sigv4 auth with medium zone (14 chars) fips", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "us-west-2", + "disableDoubleEncoding": true + } + ], + "backend": "S3Express" + }, + "url": "https://mybucket--test1-zone-ab1--x-s3.s3express-fips-test1-zone-ab1.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "Bucket": "mybucket--test1-zone-ab1--x-s3", + "UseFIPS": true, + "UseDualStack": false, + "Accelerate": false, + "UseS3ExpressControlEndpoint": false, + "DisableS3ExpressSessionAuth": true + } + }, + { + "documentation": "Data Plane sigv4 auth with long zone (20 chars) fips", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "us-west-2", "disableDoubleEncoding": true } ], "backend": "S3Express" }, - "url": "https://mybucket--apne1-az1--x-s3.s3express-fips-apne1-az1.ap-northeast-1.amazonaws.com" + "url": "https://mybucket--test1-long1-zone-ab1--x-s3.s3express-fips-test1-long1-zone-ab1.us-west-2.amazonaws.com" } }, "params": { - "Region": "ap-northeast-1", - "Bucket": "mybucket--apne1-az1--x-s3", + "Region": "us-west-2", + "Bucket": "mybucket--test1-long1-zone-ab1--x-s3", "UseFIPS": true, "UseDualStack": false, "Accelerate": false, @@ -8493,14 +8896,14 @@ }, "operationName": "GetObject", "operationParams": { - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", "Key": "key" } } ], "params": { "Region": "us-east-1", - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", "UseFIPS": false, "UseDualStack": true, "Accelerate": false, @@ -8520,14 +8923,14 @@ }, "operationName": "GetObject", "operationParams": { - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", "Key": "key" } } ], "params": { "Region": "us-east-1", - "Bucket": "mybucket--use1-az1--x-s3", + "Bucket": "mybucket--test-ab1--x-s3", "UseFIPS": false, "UseDualStack": false, "Accelerate": true, @@ -8546,14 +8949,14 @@ }, "operationName": "GetObject", "operationParams": { - "Bucket": "my.bucket--use1-az1--x-s3", + "Bucket": "my.bucket--test-ab1--x-s3", "Key": "key" } } ], "params": { "Region": "us-east-1", - "Bucket": "my.bucket--use1-az1--x-s3", + "Bucket": "my.bucket--test-ab1--x-s3", "UseFIPS": false, "UseDualStack": false, "Accelerate": false, diff --git a/services/s3/src/main/resources/codegen-resources/service-2.json b/services/s3/src/main/resources/codegen-resources/service-2.json index d81fdbe0c6c..c92ba74cd2f 100644 --- a/services/s3/src/main/resources/codegen-resources/service-2.json +++ b/services/s3/src/main/resources/codegen-resources/service-2.json @@ -28,7 +28,7 @@ {"shape":"NoSuchUpload"} ], "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadAbort.html", - "documentation":"This operation aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.
To verify that all parts have been removed and prevent getting charged for the part storage, you should call the ListParts API operation and ensure that the parts list is empty.
Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload, see Multipart Upload and Permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to AbortMultipartUpload:
This operation aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.
To verify that all parts have been removed and prevent getting charged for the part storage, you should call the ListParts API operation and ensure that the parts list is empty.
Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload, see Multipart Upload and Permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to AbortMultipartUpload:
Completes a multipart upload by assembling previously uploaded parts.
You first initiate the multipart upload and then upload all parts using the UploadPart operation or the UploadPartCopy operation. After successfully uploading all relevant parts of an upload, you call this CompleteMultipartUpload operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the CompleteMultipartUpload request, you must provide the parts list and ensure that the parts list is complete. The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list, you must provide the PartNumber value and the ETag value that are returned after that part was uploaded.
The processing of a CompleteMultipartUpload request could take several minutes to finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial 200 OK response has been sent. This means that a 200 OK response can contain either a success or an error. The error response might be embedded in the 200 OK response. If you call this API operation directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).
Note that if CompleteMultipartUpload fails, applications should be prepared to retry any failed requests (including 500 error responses). For more information, see Amazon S3 Error Best Practices.
You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload can still return a 200 OK response.
For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
If you provide an additional checksum value in your MultipartUpload requests and the object is encrypted with Key Management Service, you must have permission to use the kms:Decrypt action for the CompleteMultipartUpload request to succeed.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
Error Code: EntityTooSmall
Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.
HTTP Status Code: 400 Bad Request
Error Code: InvalidPart
Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified ETag might not have matched the uploaded part's ETag.
HTTP Status Code: 400 Bad Request
Error Code: InvalidPartOrder
Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.
HTTP Status Code: 400 Bad Request
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CompleteMultipartUpload:
Completes a multipart upload by assembling previously uploaded parts.
You first initiate the multipart upload and then upload all parts using the UploadPart operation or the UploadPartCopy operation. After successfully uploading all relevant parts of an upload, you call this CompleteMultipartUpload operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the CompleteMultipartUpload request, you must provide the parts list and ensure that the parts list is complete. The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list, you must provide the PartNumber value and the ETag value that are returned after that part was uploaded.
The processing of a CompleteMultipartUpload request could take several minutes to finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial 200 OK response has been sent. This means that a 200 OK response can contain either a success or an error. The error response might be embedded in the 200 OK response. If you call this API operation directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).
Note that if CompleteMultipartUpload fails, applications should be prepared to retry any failed requests (including 500 error responses). For more information, see Amazon S3 Error Best Practices.
You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload can still return a 200 OK response.
For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
If you provide an additional checksum value in your MultipartUpload requests and the object is encrypted with Key Management Service, you must have permission to use the kms:Decrypt action for the CompleteMultipartUpload request to succeed.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
Error Code: EntityTooSmall
Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.
HTTP Status Code: 400 Bad Request
Error Code: InvalidPart
Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified ETag might not have matched the uploaded part's ETag.
HTTP Status Code: 400 Bad Request
Error Code: InvalidPartOrder
Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.
HTTP Status Code: 400 Bad Request
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to CompleteMultipartUpload:
Creates a copy of an object that is already stored in Amazon S3.
You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.
You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.
Amazon S3 supports copy operations using Multi-Region Access Points only as a destination when using the Multi-Region Access Point ARN.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
VPC endpoints don't support cross-Region requests (including copies). If you're using VPC endpoints, your source and destination buckets should be in the same Amazon Web Services Region as your VPC endpoint.
Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.
Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.
All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
You must have read access to the source object and write access to the destination bucket.
General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.
If the source object is in a general purpose bucket, you must have s3:GetObject permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have s3:PutObject permission to write the object copy to the destination bucket.
Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.
If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds.
If the copy is successful, you receive a response with information about the copied object.
A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.
If the error occurs before the copy action starts, you receive a standard Amazon S3 error.
If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed.
If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).
The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CopyObject:
Creates a copy of an object that is already stored in Amazon S3.
You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.
You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.
Amazon S3 supports copy operations using Multi-Region Access Points only as a destination when using the Multi-Region Access Point ARN.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
VPC endpoints don't support cross-Region requests (including copies). If you're using VPC endpoints, your source and destination buckets should be in the same Amazon Web Services Region as your VPC endpoint.
Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.
Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.
All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
You must have read access to the source object and write access to the destination bucket.
General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.
If the source object is in a general purpose bucket, you must have s3:GetObject permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have s3:PutObject permission to write the object copy to the destination bucket.
Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.
If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds.
If the copy is successful, you receive a response with information about the copied object.
A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.
If the error occurs before the copy action starts, you receive a standard Amazon S3 error.
If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed.
If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).
The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to CopyObject:
This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts bucket, see CreateBucket .
Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.
There are two types of buckets: general purpose buckets and directory buckets. For more information about these bucket types, see Creating, configuring, and working with Amazon S3 buckets in the Amazon S3 User Guide.
General purpose buckets - If you send your CreateBucket request to the s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. So the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - In addition to the s3:CreateBucket permission, the following permissions are required in a policy when your CreateBucket request includes specific headers:
Access control lists (ACLs) - In your CreateBucket request, if you specify an access control list (ACL) and set it to public-read, public-read-write, authenticated-read, or if you explicitly specify any other custom ACLs, both s3:CreateBucket and s3:PutBucketAcl permissions are required. In your CreateBucket request, if you set the ACL to private, or if you don't specify any ACLs, only the s3:CreateBucket permission is required.
Object Lock - In your CreateBucket request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are required.
S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership header, then the s3:PutBucketOwnershipControls permission is required.
To set an ACL on a bucket as part of a CreateBucket request, you must explicitly set S3 Object Ownership for the bucket to a different value than the default, BucketOwnerEnforced. Additionally, if your desired bucket ACL grants public access, you must first create the bucket (without the bucket ACL) and then explicitly disable Block Public Access on the bucket before using PutBucketAcl to set the ACL. If you try to create a bucket with a public ACL, the request will fail.
For the majority of modern use cases in S3, we recommend that you keep all Block Public Access settings enabled and keep ACLs disabled. If you would like to share data with users outside of your account, you can use bucket policies as needed. For more information, see Controlling ownership of objects and disabling ACLs for your bucket and Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.
S3 Block Public Access - If your specific use case requires granting public access to your S3 resources, you can disable Block Public Access. Specifically, you can create a new bucket with Block Public Access enabled, then separately call the DeletePublicAccessBlock API. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about S3 Block Public Access, see Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.
Directory bucket permissions - You must have the s3express:CreateBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
The permissions for ACLs, Object Lock, S3 Object Ownership, and S3 Block Public Access are not supported for directory buckets. For directory buckets, all Block Public Access settings are enabled at the bucket level and S3 Object Ownership is set to Bucket owner enforced (ACLs disabled). These settings can't be modified.
For more information about permissions for creating and working with directory buckets, see Directory buckets in the Amazon S3 User Guide. For more information about supported S3 features for directory buckets, see Features of S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to CreateBucket:
This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts bucket, see CreateBucket .
Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.
There are two types of buckets: general purpose buckets and directory buckets. For more information about these bucket types, see Creating, configuring, and working with Amazon S3 buckets in the Amazon S3 User Guide.
General purpose buckets - If you send your CreateBucket request to the s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. So the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - In addition to the s3:CreateBucket permission, the following permissions are required in a policy when your CreateBucket request includes specific headers:
Access control lists (ACLs) - In your CreateBucket request, if you specify an access control list (ACL) and set it to public-read, public-read-write, authenticated-read, or if you explicitly specify any other custom ACLs, both s3:CreateBucket and s3:PutBucketAcl permissions are required. In your CreateBucket request, if you set the ACL to private, or if you don't specify any ACLs, only the s3:CreateBucket permission is required.
Object Lock - In your CreateBucket request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are required.
S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership header, then the s3:PutBucketOwnershipControls permission is required.
To set an ACL on a bucket as part of a CreateBucket request, you must explicitly set S3 Object Ownership for the bucket to a different value than the default, BucketOwnerEnforced. Additionally, if your desired bucket ACL grants public access, you must first create the bucket (without the bucket ACL) and then explicitly disable Block Public Access on the bucket before using PutBucketAcl to set the ACL. If you try to create a bucket with a public ACL, the request will fail.
For the majority of modern use cases in S3, we recommend that you keep all Block Public Access settings enabled and keep ACLs disabled. If you would like to share data with users outside of your account, you can use bucket policies as needed. For more information, see Controlling ownership of objects and disabling ACLs for your bucket and Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.
S3 Block Public Access - If your specific use case requires granting public access to your S3 resources, you can disable Block Public Access. Specifically, you can create a new bucket with Block Public Access enabled, then separately call the DeletePublicAccessBlock API. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about S3 Block Public Access, see Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.
Directory bucket permissions - You must have the s3express:CreateBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
The permissions for ACLs, Object Lock, S3 Object Ownership, and S3 Block Public Access are not supported for directory buckets. For directory buckets, all Block Public Access settings are enabled at the bucket level and S3 Object Ownership is set to Bucket owner enforced (ACLs disabled). These settings can't be modified.
For more information about permissions for creating and working with directory buckets, see Directory buckets in the Amazon S3 User Guide. For more information about supported S3 features for directory buckets, see Features of S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to CreateBucket:
This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.
After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stops charging you for storing them only after you either complete or abort a multipart upload.
If you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart upload must be completed within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration.
Directory buckets - S3 Lifecycle is not supported by directory buckets.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 User Guide.
General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service (KMS) KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose buckets - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the CreateMultipartUpload request.
Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (aws/s3) and KMS customer managed keys stored in Key Management Service (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.
x-amz-server-side-encryption
x-amz-server-side-encryption-aws-kms-key-id
x-amz-server-side-encryption-context
If you specify x-amz-server-side-encryption:aws:kms, but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3 key) in KMS to protect the data.
To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.
If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key policy and your IAM user or role.
All GET and PUT requests for an object protected by KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.
For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys in the Amazon S3 User Guide.
Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request.
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about server-side encryption with customer-provided encryption keys (SSE-C), see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.
When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.
For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CreateMultipartUpload:
This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.
After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stops charging you for storing them only after you either complete or abort a multipart upload.
If you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart upload must be completed within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration.
Directory buckets - S3 Lifecycle is not supported by directory buckets.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 User Guide.
General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service (KMS) KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose buckets - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the CreateMultipartUpload request.
Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (aws/s3) and KMS customer managed keys stored in Key Management Service (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.
x-amz-server-side-encryption
x-amz-server-side-encryption-aws-kms-key-id
x-amz-server-side-encryption-context
If you specify x-amz-server-side-encryption:aws:kms, but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3 key) in KMS to protect the data.
To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.
If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key policy and your IAM user or role.
All GET and PUT requests for an object protected by KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.
For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys in the Amazon S3 User Guide.
Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request.
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about server-side encryption with customer-provided encryption keys (SSE-C), see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.
When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.
For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to CreateMultipartUpload:
Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets. For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see S3 Express One Zone APIs in the Amazon S3 User Guide.
To make Zonal endpoint API requests on a directory bucket, use the CreateSession API operation. Specifically, you grant s3express:CreateSession permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the CreateSession API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the x-amz-s3session-token request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a CreateSession API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.
If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see Performance guidelines and design patterns in the Amazon S3 User Guide.
You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
CopyObject API operation - Unlike other Zonal endpoint API operations, the CopyObject API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the CopyObject API operation on directory buckets, see CopyObject.
HeadBucket API operation - Unlike other Zonal endpoint API operations, the HeadBucket API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the HeadBucket API operation on directory buckets, see HeadBucket.
To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants s3express:CreateSession permission to the bucket. In a policy, you can have the s3express:SessionMode condition key to control who can create a ReadWrite or ReadOnly session. For more information about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode . For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the s3express:CreateSession permission.
If you want to encrypt objects with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.
For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
For Zonal endpoint (object-level) API operations except CopyObject and UploadPartCopy, you authenticate and authorize requests through CreateSession for low latency. To encrypt new objects in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). Then, when a session is created for Zonal endpoint API operations, new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys during the session.
Only 1 customer managed key is supported per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported. After you specify SSE-KMS as your bucket's default encryption configuration with a customer managed key, you can't change the customer managed key for the bucket's SSE-KMS configuration.
In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, you can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) from the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.
When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. Also, in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), it's not supported to override the values of the encryption settings from the CreateSession request.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets. For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see S3 Express One Zone APIs in the Amazon S3 User Guide.
To make Zonal endpoint API requests on a directory bucket, use the CreateSession API operation. Specifically, you grant s3express:CreateSession permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the CreateSession API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the x-amz-s3session-token request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a CreateSession API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.
If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see Performance guidelines and design patterns in the Amazon S3 User Guide.
You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
CopyObject API operation - Unlike other Zonal endpoint API operations, the CopyObject API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the CopyObject API operation on directory buckets, see CopyObject.
HeadBucket API operation - Unlike other Zonal endpoint API operations, the HeadBucket API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the HeadBucket API operation on directory buckets, see HeadBucket.
To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants s3express:CreateSession permission to the bucket. In a policy, you can have the s3express:SessionMode condition key to control who can create a ReadWrite or ReadOnly session. For more information about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode . For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the s3express:CreateSession permission.
If you want to encrypt objects with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.
For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
For Zonal endpoint (object-level) API operations except CopyObject and UploadPartCopy, you authenticate and authorize requests through CreateSession for low latency. To encrypt new objects in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). Then, when a session is created for Zonal endpoint API operations, new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys during the session.
Only 1 customer managed key is supported per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported. After you specify SSE-KMS as your bucket's default encryption configuration with a customer managed key, you can't change the customer managed key for the bucket's SSE-KMS configuration.
In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, you can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) from the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.
When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. Also, in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), it's not supported to override the values of the encryption settings from the CreateSession request.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
Deletes the S3 bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted.
Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - You must have the s3:DeleteBucket permission on the specified bucket in a policy.
Directory bucket permissions - You must have the s3express:DeleteBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to DeleteBucket:
Deletes the S3 bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted.
Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - You must have the s3:DeleteBucket permission on the specified bucket in a policy.
Directory bucket permissions - You must have the s3express:DeleteBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to DeleteBucket:
This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets - For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see Setting default server-side encryption behavior for directory buckets.
General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to DeleteBucketEncryption:
This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets - For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see Setting default server-side encryption behavior for directory buckets.
General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to DeleteBucketEncryption:
Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration.
General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.
For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.
For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
For more information about the object expiration, see Elements to Describe Lifecycle Actions.
Related actions include:
", + "documentation":"Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration.
General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.
For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.
For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
For more information about the object expiration, see Elements to Describe Lifecycle Actions.
Related actions include:
", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -236,7 +236,7 @@ }, "input":{"shape":"DeleteBucketPolicyRequest"}, "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEpolicy.html", - "documentation":"Deletes the policy of a specified bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the DeleteBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.
General purpose bucket permissions - The s3:DeleteBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to DeleteBucketPolicy
Deletes the policy of a specified bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the DeleteBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.
General purpose bucket permissions - The s3:DeleteBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to DeleteBucketPolicy
Removes an object from a bucket. The behavior depends on the bucket's versioning state. For more information, see Best practices to consider before deleting an object.
To remove a specific version, you must use the versionId query parameter. Using this query parameter permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker to true. If the object you want to delete is in a bucket where the bucket versioning configuration is MFA delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS. For more information about MFA delete and to see example requests, see Using MFA delete and Sample request in the Amazon S3 User Guide.
S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
MFA delete is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always have the s3:DeleteObject permission.
You can also use PutBucketLifecycle to delete objects in Amazon S3.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must have the s3:DeleteObjectVersion permission.
If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration permissions.
Directory buckets permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following action is related to DeleteObject:
Removes an object from a bucket. The behavior depends on the bucket's versioning state:
If bucket versioning is not enabled, the operation permanently deletes the object.
If bucket versioning is enabled, the operation inserts a delete marker, which becomes the current version of the object. To permanently delete an object in a versioned bucket, you must include the object’s versionId in the request. For more information about versioning-enabled buckets, see Deleting object versions from a versioning-enabled bucket.
If bucket versioning is suspended, the operation removes the object that has a null versionId, if there is one, and inserts a delete marker that becomes the current version of the object. If there isn't an object with a null versionId, and all versions of the object have a versionId, Amazon S3 does not remove the object and only inserts a delete marker. To permanently delete an object that has a versionId, you must include the object’s versionId in the request. For more information about versioning-suspended buckets, see Deleting objects from versioning-suspended buckets.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
To remove a specific version, you must use the versionId query parameter. Using this query parameter permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker to true.
If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS. For more information about MFA Delete, see Using MFA Delete in the Amazon S3 User Guide. To see sample requests that use versioning, see Sample Request.
Directory buckets - MFA delete is not supported by directory buckets.
You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.
Directory buckets - S3 Lifecycle is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always have the s3:DeleteObject permission.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must have the s3:DeleteObjectVersion permission.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following action is related to DeleteObject:
This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead.
The request can contain a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body.
When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.
Directory buckets - MFA delete is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.
Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to DeleteObjects:
This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead.
The request can contain a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body.
When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.
Directory buckets - MFA delete is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.
Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to DeleteObjects:
Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets - For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see Setting default server-side encryption behavior for directory buckets.
General purpose bucket permissions - The s3:GetEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to GetBucketEncryption:
Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets - For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see Setting default server-side encryption behavior for directory buckets.
General purpose bucket permissions - The s3:GetEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to GetBucketEncryption:
Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.
Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API, which is compatible with the new functionality. The previous version of the API supported filtering based only on an object key name prefix, which is supported for general purpose buckets for backward compatibility. For the related API description, see GetBucketLifecycle.
Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects, transitions and tag filters are not supported.
General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:GetLifecycleConfiguration permission.
For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - You must have the s3express:GetLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.
For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
GetBucketLifecycleConfiguration has the following special error:
Error code: NoSuchLifecycleConfiguration
Description: The lifecycle configuration does not exist.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
The following operations are related to GetBucketLifecycleConfiguration:
Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.
Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API, which is compatible with the new functionality. The previous version of the API supported filtering based only on an object key name prefix, which is supported for general purpose buckets for backward compatibility. For the related API description, see GetBucketLifecycle.
Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects, transitions and tag filters are not supported.
General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:GetLifecycleConfiguration permission.
For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - You must have the s3express:GetLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.
For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
GetBucketLifecycleConfiguration has the following special error:
Error code: NoSuchLifecycleConfiguration
Description: The lifecycle configuration does not exist.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
The following operations are related to GetBucketLifecycleConfiguration:
Returns the policy of a specified bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.
General purpose bucket permissions - The s3:GetBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.
Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following action is related to GetBucketPolicy:
Returns the policy of a specified bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.
General purpose bucket permissions - The s3:GetBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.
Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following action is related to GetBucketPolicy:
Retrieves an object from Amazon S3.
In the GetObject request, specify the full key name for the object.
General purpose buckets - Both the virtual-hosted-style requests and the path-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg, specify the object key name as /photos/2006/February/sample.jpg. For a path-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification in the Amazon S3 User Guide.
Directory buckets - Only virtual-hosted-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket--use1-az5--x-s3, specify the object key name as /photos/2006/February/sample.jpg. Also, when you make requests to this API operation, your requests are sent to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - You must have the required permissions in a policy. To use GetObject, you must have the READ access to the object (or version). If you grant READ access to the anonymous user, the GetObject operation returns the object without using an authorization header. For more information, see Specifying permissions in a policy in the Amazon S3 User Guide.
If you include a versionId in your request header, you must have the s3:GetObjectVersion permission to access a specific version of an object. The s3:GetObject permission is not required in this scenario.
If you request the current version of an object without a specific versionId in the request header, only the s3:GetObject permission is required. The s3:GetObjectVersion permission is not required in this scenario.
If the object that you request doesn’t exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.
If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Access Denied error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted using SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see Restoring Archived Objects in the Amazon S3 User Guide.
Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request.
You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object.
The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires.
To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request.
response-cache-control
response-content-disposition
response-content-encoding
response-content-language
response-content-type
response-expires
When you use these parameters, you must sign the request by using either an Authorization header or a presigned URL. These parameters cannot be used with an unsigned (anonymous) request.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to GetObject:
Retrieves an object from Amazon S3.
In the GetObject request, specify the full key name for the object.
General purpose buckets - Both the virtual-hosted-style requests and the path-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg, specify the object key name as /photos/2006/February/sample.jpg. For a path-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification in the Amazon S3 User Guide.
Directory buckets - Only virtual-hosted-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket--use1-az5--x-s3, specify the object key name as /photos/2006/February/sample.jpg. Also, when you make requests to this API operation, your requests are sent to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - You must have the required permissions in a policy. To use GetObject, you must have the READ access to the object (or version). If you grant READ access to the anonymous user, the GetObject operation returns the object without using an authorization header. For more information, see Specifying permissions in a policy in the Amazon S3 User Guide.
If you include a versionId in your request header, you must have the s3:GetObjectVersion permission to access a specific version of an object. The s3:GetObject permission is not required in this scenario.
If you request the current version of an object without a specific versionId in the request header, only the s3:GetObject permission is required. The s3:GetObjectVersion permission is not required in this scenario.
If the object that you request doesn’t exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.
If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Access Denied error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted using SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see Restoring Archived Objects in the Amazon S3 User Guide.
Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request.
You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object.
The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires.
To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request.
response-cache-control
response-content-disposition
response-content-encoding
response-content-language
response-content-type
response-expires
When you use these parameters, you must sign the request by using either an Authorization header or a presigned URL. These parameters cannot be used with an unsigned (anonymous) request.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to GetObject:
Retrieves all the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.
GetObjectAttributes combines the functionality of HeadObject and ListParts. All of the data returned with each of those individual calls can be returned with a single call to GetObjectAttributes.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - To use GetObjectAttributes, you must have READ access to the object. The permissions that you need to use this operation depend on whether the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see Specifying Permissions in a Policy in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found (\"no such key\") error.
If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden (\"access denied\") error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a GET request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
Directory bucket permissions - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
Consider the following when using request headers:
If both of the If-Match and If-Unmodified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 200 OK and the data requested:
If-Match condition evaluates to true.
If-Unmodified-Since condition evaluates to false.
For more information about conditional requests, see RFC 7232.
If both of the If-None-Match and If-Modified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 304 Not Modified:
If-None-Match condition evaluates to false.
If-Modified-Since condition evaluates to true.
For more information about conditional requests, see RFC 7232.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following actions are related to GetObjectAttributes:
Retrieves all the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.
GetObjectAttributes combines the functionality of HeadObject and ListParts. All of the data returned with each of those individual calls can be returned with a single call to GetObjectAttributes.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - To use GetObjectAttributes, you must have READ access to the object. The permissions that you need to use this operation depend on whether the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see Specifying Permissions in a Policy in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found (\"no such key\") error.
If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden (\"access denied\") error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a GET request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
Directory bucket permissions - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
Consider the following when using request headers:
If both of the If-Match and If-Unmodified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 200 OK and the data requested:
If-Match condition evaluates to true.
If-Unmodified-Since condition evaluates to false.
For more information about conditional requests, see RFC 7232.
If both of the If-None-Match and If-Modified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 304 Not Modified:
If-None-Match condition evaluates to false.
If-Modified-Since condition evaluates to true.
For more information about conditional requests, see RFC 7232.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following actions are related to GetObjectAttributes:
You can use this operation to determine if a bucket exists and if you have permission to access it. The action returns a 200 OK if the bucket exists and you have permission to access it.
If the bucket does not exist or you do not have permission to access it, the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 Not Found code. A message body is not included, so you cannot determine the exception beyond these HTTP response codes.
General purpose buckets - Request to public buckets that grant the s3:ListBucket permission publicly do not need to be signed. All other HeadBucket requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use IAM credentials to authenticate and authorize your access to the HeadBucket API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
General purpose bucket permissions - To use this operation, you must have permissions to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Managing access permissions to your Amazon S3 resources in the Amazon S3 User Guide.
Directory bucket permissions - You must have the s3express:CreateSession permission in the Action element of a policy. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the bucket.
For more information about example bucket policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
You can use this operation to determine if a bucket exists and if you have permission to access it. The action returns a 200 OK if the bucket exists and you have permission to access it.
If the bucket does not exist or you do not have permission to access it, the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 Not Found code. A message body is not included, so you cannot determine the exception beyond these HTTP response codes.
General purpose buckets - Request to public buckets that grant the s3:ListBucket permission publicly do not need to be signed. All other HeadBucket requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use IAM credentials to authenticate and authorize your access to the HeadBucket API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
General purpose bucket permissions - To use this operation, you must have permissions to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Managing access permissions to your Amazon S3 resources in the Amazon S3 User Guide.
Directory bucket permissions - You must have the s3express:CreateSession permission in the Action element of a policy. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the bucket.
For more information about example bucket policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
The HEAD operation retrieves metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.
A HEAD request has the same options as a GET operation on an object. The response is identical to the GET response except that there is no response body. Because of this, if the HEAD request generates an error, it returns a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not possible to retrieve the exact exception of these error codes.
Request headers are limited to 8 KB in size. For more information, see Common Request Headers.
General purpose bucket permissions - To use HEAD, you must have the s3:GetObject permission. You need the relevant read object (or version) permission for this operation. For more information, see Actions, resources, and condition keys for Amazon S3 in the Amazon S3 User Guide. For more information about the permissions to S3 API operations by S3 resource types, see Required permissions for Amazon S3 API operations in the Amazon S3 User Guide.
If the object you request doesn't exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.
If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If you enable x-amz-checksum-mode in the request and the object is encrypted with Amazon Web Services Key Management Service (Amazon Web Services KMS), you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key to retrieve the checksum of the object.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a HEAD request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
Directory bucket - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response.
If the specified version is a delete marker, the response returns a 405 Method Not Allowed error and the Last-Modified: timestamp response header.
Directory buckets - Delete marker is not supported for directory buckets.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
The following actions are related to HeadObject:
The HEAD operation retrieves metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.
A HEAD request has the same options as a GET operation on an object. The response is identical to the GET response except that there is no response body. Because of this, if the HEAD request generates an error, it returns a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not possible to retrieve the exact exception of these error codes.
Request headers are limited to 8 KB in size. For more information, see Common Request Headers.
General purpose bucket permissions - To use HEAD, you must have the s3:GetObject permission. You need the relevant read object (or version) permission for this operation. For more information, see Actions, resources, and condition keys for Amazon S3 in the Amazon S3 User Guide. For more information about the permissions to S3 API operations by S3 resource types, see Required permissions for Amazon S3 API operations in the Amazon S3 User Guide.
If the object you request doesn't exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.
If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If you enable x-amz-checksum-mode in the request and the object is encrypted with Amazon Web Services Key Management Service (Amazon Web Services KMS), you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key to retrieve the checksum of the object.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a HEAD request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
Directory bucket - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response.
If the specified version is a delete marker, the response returns a 405 Method Not Allowed error and the Last-Modified: timestamp response header.
Directory buckets - Delete marker is not supported for directory buckets.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
The following actions are related to HeadObject:
Returns a list of all Amazon S3 directory buckets owned by the authenticated sender of the request. For more information about directory buckets, see Directory buckets in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The BucketRegion response element is not part of the ListDirectoryBuckets Response Syntax.
Returns a list of all Amazon S3 directory buckets owned by the authenticated sender of the request. For more information about directory buckets, see Directory buckets in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The BucketRegion response element is not part of the ListDirectoryBuckets Response Syntax.
This operation lists in-progress multipart uploads in a bucket. An in-progress multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload request, but has not yet been completed or aborted.
Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.
The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads in the response. The limit of 1,000 multipart uploads is also the default value. You can further limit the number of uploads in a response by specifying the max-uploads request parameter. If there are more than 1,000 multipart uploads that satisfy your ListMultipartUploads request, the response returns an IsTruncated element with the value of true, a NextKeyMarker element, and a NextUploadIdMarker element. To list the remaining multipart uploads, you need to make subsequent ListMultipartUploads requests. In these requests, include two query parameters: key-marker and upload-id-marker. Set the value of key-marker to the NextKeyMarker value from the previous response. Similarly, set the value of upload-id-marker to the NextUploadIdMarker value from the previous response.
Directory buckets - The upload-id-marker element and the NextUploadIdMarker element aren't supported by directory buckets. To list the additional multipart uploads, you only need to set the value of key-marker to the NextKeyMarker value from the previous response.
For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - In the ListMultipartUploads response, the multipart uploads are sorted based on two criteria:
Key-based sorting - Multipart uploads are initially sorted in ascending order based on their object keys.
Time-based sorting - For uploads that share the same object key, they are further sorted in ascending order based on the upload initiation time. Among uploads with the same key, the one that was initiated first will appear before the ones that were initiated later.
Directory bucket - In the ListMultipartUploads response, the multipart uploads aren't sorted lexicographically based on the object keys.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to ListMultipartUploads:
This operation lists in-progress multipart uploads in a bucket. An in-progress multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload request, but has not yet been completed or aborted.
Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.
The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads in the response. The limit of 1,000 multipart uploads is also the default value. You can further limit the number of uploads in a response by specifying the max-uploads request parameter. If there are more than 1,000 multipart uploads that satisfy your ListMultipartUploads request, the response returns an IsTruncated element with the value of true, a NextKeyMarker element, and a NextUploadIdMarker element. To list the remaining multipart uploads, you need to make subsequent ListMultipartUploads requests. In these requests, include two query parameters: key-marker and upload-id-marker. Set the value of key-marker to the NextKeyMarker value from the previous response. Similarly, set the value of upload-id-marker to the NextUploadIdMarker value from the previous response.
Directory buckets - The upload-id-marker element and the NextUploadIdMarker element aren't supported by directory buckets. To list the additional multipart uploads, you only need to set the value of key-marker to the NextKeyMarker value from the previous response.
For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - In the ListMultipartUploads response, the multipart uploads are sorted based on two criteria:
Key-based sorting - Multipart uploads are initially sorted in ascending order based on their object keys.
Time-based sorting - For uploads that share the same object key, they are further sorted in ascending order based on the upload initiation time. Among uploads with the same key, the one that was initiated first will appear before the ones that were initiated later.
Directory bucket - In the ListMultipartUploads response, the multipart uploads aren't sorted lexicographically based on the object keys.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to ListMultipartUploads:
Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. For more information about listing objects, see Listing object keys programmatically in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets.
General purpose bucket - For general purpose buckets, ListObjectsV2 doesn't return prefixes that are related only to in-progress multipart uploads.
Directory buckets - For directory buckets, ListObjectsV2 response includes the prefixes that are related only to in-progress multipart uploads.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - To use this operation, you must have READ access to the bucket. You must have permission to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - For general purpose buckets, ListObjectsV2 returns objects in lexicographical order based on their key names.
Directory bucket - For directory buckets, ListObjectsV2 does not return objects in lexicographical order.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
This section describes the latest revision of this action. We recommend that you use this revised API operation for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API operation, ListObjects.
The following operations are related to ListObjectsV2:
Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. For more information about listing objects, see Listing object keys programmatically in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets.
General purpose bucket - For general purpose buckets, ListObjectsV2 doesn't return prefixes that are related only to in-progress multipart uploads.
Directory buckets - For directory buckets, ListObjectsV2 response includes the prefixes that are related only to in-progress multipart uploads.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - To use this operation, you must have READ access to the bucket. You must have permission to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - For general purpose buckets, ListObjectsV2 returns objects in lexicographical order based on their key names.
Directory bucket - For directory buckets, ListObjectsV2 does not return objects in lexicographical order.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
This section describes the latest revision of this action. We recommend that you use this revised API operation for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API operation, ListObjects.
The following operations are related to ListObjectsV2:
Lists the parts that have been uploaded for a specific multipart upload.
To use this operation, you must provide the upload ID in the request. You obtain this uploadID by sending the initiate multipart upload request through CreateMultipartUpload.
The ListParts request returns a maximum of 1,000 uploaded parts. The limit of 1,000 parts is also the default value. You can restrict the number of parts in a response by specifying the max-parts request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an IsTruncated field with the value of true, and a NextPartNumberMarker element. To list remaining uploaded parts, in subsequent ListParts requests, include the part-number-marker query string parameter and set its value to the NextPartNumberMarker field value from the previous response.
For more information on multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
If the upload was created using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you must have permission to the kms:Decrypt action for the ListParts request to succeed.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to ListParts:
Lists the parts that have been uploaded for a specific multipart upload.
To use this operation, you must provide the upload ID in the request. You obtain this uploadID by sending the initiate multipart upload request through CreateMultipartUpload.
The ListParts request returns a maximum of 1,000 uploaded parts. The limit of 1,000 parts is also the default value. You can restrict the number of parts in a response by specifying the max-parts request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an IsTruncated field with the value of true, and a NextPartNumberMarker element. To list remaining uploaded parts, in subsequent ListParts requests, include the part-number-marker query string parameter and set its value to the NextPartNumberMarker field value from the previous response.
For more information on multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
If the upload was created using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you must have permission to the kms:Decrypt action for the ListParts request to succeed.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to ListParts:
This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets
You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests.
Directory buckets - You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS).
We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.
S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
For directory buckets, if you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests.
If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
Also, this action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to PutBucketEncryption:
This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets
You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests.
Directory buckets - You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS).
We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.
S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
For directory buckets, if you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests.
If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
Also, this action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to PutBucketEncryption:
Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.
You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable.
Bucket lifecycle configuration supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility for general purpose buckets. For the related API description, see PutBucketLifecycle.
Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects,transitions and tag filters are not supported.
A lifecycle rule consists of the following:
A filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, object size, or any combination of these.
A status indicating whether the rule is in effect.
One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.
For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.
General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.
You can also explicitly deny permissions. An explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:
s3:DeleteObject
s3:DeleteObjectVersion
s3:PutLifecycleConfiguration
For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.
For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to PutBucketLifecycleConfiguration:
Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.
Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.
You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable.
Bucket lifecycle configuration supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility for general purpose buckets. For the related API description, see PutBucketLifecycle.
Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects,transitions and tag filters are not supported.
A lifecycle rule consists of the following:
A filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, object size, or any combination of these.
A status indicating whether the rule is in effect.
One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.
For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.
General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.
You can also explicitly deny permissions. An explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:
s3:DeleteObject
s3:DeleteObjectVersion
s3:PutLifecycleConfiguration
For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.
For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to PutBucketLifecycleConfiguration:
Applies an Amazon S3 bucket policy to an Amazon S3 bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.
General purpose bucket permissions - The s3:PutBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.
Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to PutBucketPolicy:
Applies an Amazon S3 bucket policy to an Amazon S3 bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.
General purpose bucket permissions - The s3:PutBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.
Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to PutBucketPolicy:
Adds an object to a bucket.
Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket. You cannot use PutObject to only update a single piece of metadata for an existing object. You must put the entire object with updated metadata if you want to update some values.
If your bucket uses the bucket owner enforced setting for Object Ownership, ACLs are disabled and no longer affect permissions. All objects written to the bucket by any account will be owned by the bucket owner.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. However, Amazon S3 provides features that can modify this behavior:
S3 Object Lock - To prevent objects from being deleted or overwritten, you can use Amazon S3 Object Lock in the Amazon S3 User Guide.
This functionality is not supported for directory buckets.
S3 Versioning - When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all versions of the objects. For each write request that is made to the same object, Amazon S3 automatically generates a unique version ID of that object being stored in Amazon S3. You can retrieve, replace, or delete any version of the object. For more information about versioning, see Adding Objects to Versioning-Enabled Buckets in the Amazon S3 User Guide. For information about returning the versioning state of a bucket, see GetBucketVersioning.
This functionality is not supported for directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your PutObject request includes specific headers.
s3:PutObject - To successfully complete the PutObject request, you must always have the s3:PutObject permission on a bucket to add an object to it.
s3:PutObjectAcl - To successfully change the objects ACL of your PutObject request, you must have the s3:PutObjectAcl.
s3:PutObjectTagging - To successfully set the tag-set with your PutObject request, you must have the s3:PutObjectTagging.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
General purpose bucket - To ensure that data is not corrupted traversing the network, use the Content-MD5 header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5 digest, you can calculate the MD5 while putting the object to Amazon S3 and compare the returned ETag to the calculated MD5 value.
Directory bucket - This functionality is not supported for directory buckets.
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
For more information about related Amazon S3 APIs, see the following:
", + "documentation":"Adds an object to a bucket.
Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket. You cannot use PutObject to only update a single piece of metadata for an existing object. You must put the entire object with updated metadata if you want to update some values.
If your bucket uses the bucket owner enforced setting for Object Ownership, ACLs are disabled and no longer affect permissions. All objects written to the bucket by any account will be owned by the bucket owner.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. However, Amazon S3 provides features that can modify this behavior:
S3 Object Lock - To prevent objects from being deleted or overwritten, you can use Amazon S3 Object Lock in the Amazon S3 User Guide.
This functionality is not supported for directory buckets.
S3 Versioning - When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all versions of the objects. For each write request that is made to the same object, Amazon S3 automatically generates a unique version ID of that object being stored in Amazon S3. You can retrieve, replace, or delete any version of the object. For more information about versioning, see Adding Objects to Versioning-Enabled Buckets in the Amazon S3 User Guide. For information about returning the versioning state of a bucket, see GetBucketVersioning.
This functionality is not supported for directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your PutObject request includes specific headers.
s3:PutObject - To successfully complete the PutObject request, you must always have the s3:PutObject permission on a bucket to add an object to it.
s3:PutObjectAcl - To successfully change the objects ACL of your PutObject request, you must have the s3:PutObjectAcl.
s3:PutObjectTagging - To successfully set the tag-set with your PutObject request, you must have the s3:PutObjectTagging.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
General purpose bucket - To ensure that data is not corrupted traversing the network, use the Content-MD5 header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5 digest, you can calculate the MD5 while putting the object to Amazon S3 and compare the returned ETag to the calculated MD5 value.
Directory bucket - This functionality is not supported for directory buckets.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
For more information about related Amazon S3 APIs, see the following:
", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":false @@ -1375,7 +1375,7 @@ "input":{"shape":"UploadPartRequest"}, "output":{"shape":"UploadPartOutput"}, "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPart.html", - "documentation":"Uploads a part in a multipart upload.
In this operation, you provide new data as a part of an object in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.
You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier that you must include in your upload part request.
Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.
For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs.
These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C).
Server-side encryption is supported by the S3 Multipart Upload operations. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.
If you request server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following request headers.
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms).
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to UploadPart:
Uploads a part in a multipart upload.
In this operation, you provide new data as a part of an object in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.
You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier that you must include in your upload part request.
Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.
For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs.
These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C).
Server-side encryption is supported by the S3 Multipart Upload operations. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.
If you request server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following request headers.
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms).
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to UploadPart:
Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.
You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request.
For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.
All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
You must have READ access to the source object and WRITE access to the destination bucket.
General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.
If the source object is in a general purpose bucket, you must have the s3:GetObject permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have the s3:PutObject permission to write the object copy to the destination bucket.
To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.
If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.
S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through UploadPartCopy. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
Error Code: InvalidRequest
Description: The specified copy source is not supported as a byte-range copy source.
HTTP Status Code: 400 Bad Request
Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to UploadPartCopy:
Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.
You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request.
For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
You must have READ access to the source object and WRITE access to the destination bucket.
General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.
If the source object is in a general purpose bucket, you must have the s3:GetObject permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have the s3:PutObject permission to write the object copy to the destination bucket.
To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.
If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.
S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through UploadPartCopy. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
Error Code: InvalidRequest
Description: The specified copy source is not supported as a byte-range copy source.
HTTP Status Code: 400 Bad Request
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to UploadPartCopy:
The bucket name to which the upload was taking place.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name to which the upload was taking place.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The number of Availability Zone that's used for redundancy for the bucket.
" + "documentation":"The number of Zone (Availability Zone or Local Zone) that's used for redundancy for the bucket.
" }, "Type":{ "shape":"BucketType", @@ -2110,7 +2110,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"Name of the bucket to which the multipart upload was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
Name of the bucket to which the multipart upload was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
If the object expiration is configured, the response includes this header.
This functionality is not supported for directory buckets.
If the object expiration is configured, the response includes this header.
Object expiration information is not returned in directory buckets and this header returns the value \"NotImplemented\" in all responses for directory buckets.
The name of the destination bucket.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the destination bucket.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
Specifies the location where the bucket will be created.
For directory buckets, the location type is Availability Zone.
This functionality is only supported by directory buckets.
Specifies the location where the bucket will be created.
Directory buckets - The location type is Availability Zone or Local Zone. When the location type is Local Zone, your Local Zone must be in opt-in status. Otherwise, you get an HTTP 400 Bad Request error with the error code Access denied. To learn more about opt-in Local Zones, see Opt-in Dedicated Local Zonesin the Amazon S3 User Guide.
This functionality is only supported by directory buckets.
The name of the bucket to create.
General purpose buckets - For information about bucket naming restrictions, see Bucket naming rules in the Amazon S3 User Guide.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The name of the bucket to create.
General purpose buckets - For information about bucket naming restrictions, see Bucket naming rules in the Amazon S3 User Guide.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The name of the bucket where the multipart upload is initiated and where the object is uploaded.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket where the multipart upload is initiated and where the object is uploaded.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket containing the server-side encryption configuration to delete.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The name of the bucket containing the server-side encryption configuration to delete.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The bucket name.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The bucket name.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
Specifies the bucket being deleted.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
Specifies the bucket being deleted.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The bucket name of the bucket containing the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name of the bucket containing the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name containing the objects to delete.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name containing the objects to delete.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket from which the server-side encryption configuration is retrieved.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The name of the bucket from which the server-side encryption configuration is retrieved.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The bucket name to get the bucket policy for.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
Access points - When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.
Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.
Access points and Object Lambda access points are not supported by directory buckets.
The bucket name to get the bucket policy for.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
Access points - When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.
Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.
Access points and Object Lambda access points are not supported by directory buckets.
The name of the bucket that contains the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket that contains the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
If the object expiration is configured (see PutBucketLifecycleConfiguration ), the response includes this header. It includes the expiry-date and rule-id key-value pairs providing object expiration information. The value of the rule-id is URL-encoded.
This functionality is not supported for directory buckets.
If the object expiration is configured (see PutBucketLifecycleConfiguration ), the response includes this header. It includes the expiry-date and rule-id key-value pairs providing object expiration information. The value of the rule-id is URL-encoded.
Object expiration information is not returned in directory buckets and this header returns the value \"NotImplemented\" in all responses for directory buckets.
The bucket name containing the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Object Lambda access points - When you use this action with an Object Lambda access point, you must direct requests to the Object Lambda access point hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name containing the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Object Lambda access points - When you use this action with an Object Lambda access point, you must direct requests to the Object Lambda access point hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the location where the bucket will be created.
For directory buckets, the AZ ID of the Availability Zone where the bucket is created. An example AZ ID value is usw2-az1.
This functionality is only supported by directory buckets.
The name of the location where the bucket will be created.
For directory buckets, the Zone ID of the Availability Zone or the Local Zone where the bucket is created. An example Zone ID value for an Availability Zone is usw2-az1.
This functionality is only supported by directory buckets.
The bucket name.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
If the object expiration is configured (see PutBucketLifecycleConfiguration ), the response includes this header. It includes the expiry-date and rule-id key-value pairs providing object expiration information. The value of the rule-id is URL-encoded.
This functionality is not supported for directory buckets.
If the object expiration is configured (see PutBucketLifecycleConfiguration ), the response includes this header. It includes the expiry-date and rule-id key-value pairs providing object expiration information. The value of the rule-id is URL-encoded.
Object expiration information is not returned in directory buckets and this header returns the value \"NotImplemented\" in all responses for directory buckets.
The name of the bucket that contains the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket that contains the object.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket to which the multipart upload was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket to which the multipart upload was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket containing the objects.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket containing the objects.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket to which the parts are being uploaded.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket to which the parts are being uploaded.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the location where the bucket will be created.
For directory buckets, the name of the location is the AZ ID of the Availability Zone where the bucket will be created. An example AZ ID value is usw2-az1.
The name of the location where the bucket will be created.
For directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is usw2-az1.
Specifies the location where the bucket will be created.
For directory buckets, the location type is Availability Zone. For more information about directory buckets, see Directory buckets in the Amazon S3 User Guide.
This functionality is only supported by directory buckets.
Specifies the location where the bucket will be created.
For directory buckets, the location type is Availability Zone or Local Zone. For more information about directory buckets, see Directory buckets in the Amazon S3 User Guide.
This functionality is only supported by directory buckets.
Specifies default encryption for a bucket using server-side encryption with different key options.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
Specifies default encryption for a bucket using server-side encryption with different key options.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The name of the bucket.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
The name of the bucket.
Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide
If the expiration is configured for the object (see PutBucketLifecycleConfiguration) in the Amazon S3 User Guide, the response includes this header. It includes the expiry-date and rule-id key-value pairs that provide information about object expiration. The value of the rule-id is URL-encoded.
This functionality is not supported for directory buckets.
If the expiration is configured for the object (see PutBucketLifecycleConfiguration) in the Amazon S3 User Guide, the response includes this header. It includes the expiry-date and rule-id key-value pairs that provide information about object expiration. The value of the rule-id is URL-encoded.
Object expiration information is not returned in directory buckets and this header returns the value \"NotImplemented\" in all responses for directory buckets.
The bucket name to which the PUT action was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name to which the PUT action was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
Type of restore request.
" + "documentation":"Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more
Type of restore request.
" }, "Tier":{ "shape":"Tier", @@ -10398,7 +10404,7 @@ }, "SelectParameters":{ "shape":"SelectParameters", - "documentation":"Describes the parameters for Select job types.
" + "documentation":"Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more
Describes the parameters for Select job types.
" }, "OutputLocation":{ "shape":"OutputLocation", @@ -10692,7 +10698,7 @@ "locationName":"x-amz-expected-bucket-owner" } }, - "documentation":"Request to filter the contents of an Amazon S3 object based on a simple Structured Query Language (SQL) statement. In the request, along with the SQL expression, you must specify a data serialization format (JSON or CSV) of the object. Amazon S3 uses this to parse object data into records. It returns only records that match the specified SQL expression. You must also specify the data serialization format for the response. For more information, see S3Select API Documentation.
" + "documentation":"Learn Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more
Request to filter the contents of an Amazon S3 object based on a simple Structured Query Language (SQL) statement. In the request, along with the SQL expression, you must specify a data serialization format (JSON or CSV) of the object. Amazon S3 uses this to parse object data into records. It returns only records that match the specified SQL expression. You must also specify the data serialization format for the response. For more information, see S3Select API Documentation.
" }, "SelectParameters":{ "type":"structure", @@ -10713,14 +10719,14 @@ }, "Expression":{ "shape":"Expression", - "documentation":"The expression that is used to query the object.
" + "documentation":"Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more
The expression that is used to query the object.
" }, "OutputSerialization":{ "shape":"OutputSerialization", "documentation":"Describes how the results of the Select job are serialized.
" } }, - "documentation":"Describes the parameters for Select job types.
" + "documentation":"Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more
Describes the parameters for Select job types.
Learn How to optimize querying your data in Amazon S3 using Amazon Athena, S3 Object Lambda, or client-side filtering.
" }, "ServerSideEncryption":{ "type":"string", @@ -11245,7 +11251,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"The bucket name.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The bucket name.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket to which the multipart upload was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
The name of the bucket to which the multipart upload was initiated.
Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
Access points and Object Lambda access points are not supported by directory buckets.
S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.
Disables the HTTP endpoint for the specified DB cluster. Disabling this endpoint disables RDS Data API.
For more information, see Using RDS Data API in the Amazon Aurora User Guide.
This operation applies only to Aurora PostgreSQL Serverless v2 and provisioned DB clusters. To disable the HTTP endpoint for Aurora Serverless v1 DB clusters, use the EnableHttpEndpoint parameter of the ModifyDBCluster operation.
Disables the HTTP endpoint for the specified DB cluster. Disabling this endpoint disables RDS Data API.
For more information, see Using RDS Data API in the Amazon Aurora User Guide.
This operation applies only to Aurora Serverless v2 and provisioned DB clusters. To disable the HTTP endpoint for Aurora Serverless v1 DB clusters, use the EnableHttpEndpoint parameter of the ModifyDBCluster operation.
Enables the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled.
When enabled, this endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the Aurora DB cluster. You can also query your database from inside the RDS console with the RDS query editor.
For more information, see Using RDS Data API in the Amazon Aurora User Guide.
This operation applies only to Aurora PostgreSQL Serverless v2 and provisioned DB clusters. To enable the HTTP endpoint for Aurora Serverless v1 DB clusters, use the EnableHttpEndpoint parameter of the ModifyDBCluster operation.
Enables the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled.
When enabled, this endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the Aurora DB cluster. You can also query your database from inside the RDS console with the RDS query editor.
For more information, see Using RDS Data API in the Amazon Aurora User Guide.
This operation applies only to Aurora Serverless v2 and provisioned DB clusters. To enable the HTTP endpoint for Aurora Serverless v1 DB clusters, use the EnableHttpEndpoint parameter of the ModifyDBCluster operation.
The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see Setting up and enabling Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn value.
Valid for Cluster Type: Multi-AZ DB clusters only
" }, + "DatabaseInsightsMode":{ + "shape":"DatabaseInsightsMode", + "documentation":"Specifies the mode of Database Insights to enable for the cluster.
" + }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", "documentation":"Specifies whether to turn on Performance Insights for the DB cluster.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
Valid for Cluster Type: Multi-AZ DB clusters only
" @@ -4610,6 +4614,10 @@ "shape":"BooleanOptional", "documentation":"Specifies whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.
For more information, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
This setting doesn't apply to the following DB instances:
Amazon Aurora (Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.)
RDS Custom
Specifies the mode of Database Insights to enable for the instance.
" + }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", "documentation":"Specifies whether to enable Performance Insights for the DB instance. For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom DB instances.
" @@ -4774,6 +4782,10 @@ "shape":"BooleanOptional", "documentation":"Specifies whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom DB instances.
" }, + "DatabaseInsightsMode":{ + "shape":"DatabaseInsightsMode", + "documentation":"Specifies the mode of Database Insights.
" + }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", "documentation":"Specifies whether to enable Performance Insights for the read replica.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom DB instances.
" @@ -5695,6 +5707,10 @@ "shape":"String", "documentation":"The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs.
This setting is only for non-Aurora Multi-AZ DB clusters.
" }, + "DatabaseInsightsMode":{ + "shape":"DatabaseInsightsMode", + "documentation":"The mode of Database Insights that is enabled for the cluster.
" + }, "PerformanceInsightsEnabled":{ "shape":"BooleanOptional", "documentation":"Indicates whether Performance Insights is enabled for the DB cluster.
This setting is only for non-Aurora Multi-AZ DB clusters.
" @@ -6939,6 +6955,10 @@ "shape":"Boolean", "documentation":"Indicates whether mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled for the DB instance.
For a list of engine versions that support IAM database authentication, see IAM database authentication in the Amazon RDS User Guide and IAM database authentication in Aurora in the Amazon Aurora User Guide.
" }, + "DatabaseInsightsMode":{ + "shape":"DatabaseInsightsMode", + "documentation":"The mode of Database Insights that is enabled for the instance.
" + }, "PerformanceInsightsEnabled":{ "shape":"BooleanOptional", "documentation":"Indicates whether Performance Insights is enabled for the DB instance.
" @@ -8699,6 +8719,13 @@ "min":1, "pattern":"^arn:[A-Za-z][0-9A-Za-z-:._]*" }, + "DatabaseInsightsMode":{ + "type":"string", + "enum":[ + "standard", + "advanced" + ] + }, "DeleteBlueGreenDeploymentRequest":{ "type":"structure", "required":["BlueGreenDeploymentIdentifier"], @@ -12339,7 +12366,7 @@ }, "EnableHttpEndpoint":{ "shape":"BooleanOptional", - "documentation":"Specifies whether to enable the HTTP endpoint for an Aurora Serverless v1 DB cluster. By default, the HTTP endpoint isn't enabled.
When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the Aurora Serverless v1 DB cluster. You can also query your database from inside the RDS console with the RDS query editor.
For more information, see Using RDS Data API in the Amazon Aurora User Guide.
This parameter applies only to Aurora Serverless v1 DB clusters. To enable or disable the HTTP endpoint for an Aurora PostgreSQL Serverless v2 or provisioned DB cluster, use the EnableHttpEndpoint and DisableHttpEndpoint operations.
Valid for Cluster Type: Aurora DB clusters only
" + "documentation":"Specifies whether to enable the HTTP endpoint for an Aurora Serverless v1 DB cluster. By default, the HTTP endpoint isn't enabled.
When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the Aurora Serverless v1 DB cluster. You can also query your database from inside the RDS console with the RDS query editor.
For more information, see Using RDS Data API in the Amazon Aurora User Guide.
This parameter applies only to Aurora Serverless v1 DB clusters. To enable or disable the HTTP endpoint for an Aurora Serverless v2 or provisioned DB cluster, use the EnableHttpEndpoint and DisableHttpEndpoint operations.
Valid for Cluster Type: Aurora DB clusters only
" }, "CopyTagsToSnapshot":{ "shape":"BooleanOptional", @@ -12377,6 +12404,10 @@ "shape":"String", "documentation":"The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn value.
Valid for Cluster Type: Multi-AZ DB clusters only
" }, + "DatabaseInsightsMode":{ + "shape":"DatabaseInsightsMode", + "documentation":"Specifies the mode of Database Insights to enable for the cluster.
" + }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", "documentation":"Specifies whether to turn on Performance Insights for the DB cluster.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
" @@ -12645,6 +12676,10 @@ "shape":"BooleanOptional", "documentation":"Specifies whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.
This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom DB instances.
" }, + "DatabaseInsightsMode":{ + "shape":"DatabaseInsightsMode", + "documentation":"Specifies the mode of Database Insights to enable for the instance.
" + }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", "documentation":"Specifies whether to enable Performance Insights for the DB instance.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom DB instances.
" @@ -15617,6 +15652,10 @@ "shape":"String", "documentation":"An Amazon Web Services Identity and Access Management (IAM) role with a trust policy and a permissions policy that allows Amazon RDS to access your Amazon S3 bucket. For information about this role, see Creating an IAM role manually in the Amazon RDS User Guide.
" }, + "DatabaseInsightsMode":{ + "shape":"DatabaseInsightsMode", + "documentation":"Specifies the mode of Database Insights to enable for the instance.
" + }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", "documentation":"Specifies whether to enable Performance Insights for the DB instance.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
" From 1fb1c81e9321c8f42caddb2f038d6c354d0d33d9 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Mon, 2 Dec 2024 03:51:41 +0000 Subject: [PATCH 35/35] Release 2.29.24. Updated CHANGELOG.md, README.md and all pom.xml. --- .changes/2.29.24.json | 192 ++++++++++++++++++ .../bugfix-AWSCRTbasedS3client-906e1ea.json | 6 - .../feature-AWSCleanRoomsService-f293562.json | 6 - .../feature-AWSInvoicing-e5d5943.json | 6 - .../feature-AWSOrganizations-42333d1.json | 6 - .../feature-AWSS3Control-ab425dc.json | 6 - .../feature-AWSSecurityHub-096bdcc.json | 6 - .../feature-AWSTransferFamily-5c2b94e.json | 6 - ...eature-AgentsforAmazonBedrock-35d36fc.json | 6 - ...AgentsforAmazonBedrockRuntime-70183c9.json | 6 - .../feature-AmazonBedrock-4b0d7bd.json | 6 - .../feature-AmazonChimeSDKVoice-59cfe26.json | 6 - .../feature-AmazonCloudWatchLogs-dd286dc.json | 6 - ...mazonConnectCampaignServiceV2-d4badfa.json | 6 - ...AmazonConnectCustomerProfiles-836a182.json | 6 - .../feature-AmazonConnectService-8488c96.json | 6 - ...ure-AmazonEC2ContainerService-889d675.json | 6 - ...ure-AmazonElasticComputeCloud-c98c8a3.json | 6 - ...mazonElasticKubernetesService-d3cdaff.json | 6 - .../feature-AmazonEventBridge-300044d.json | 6 - .../feature-AmazonFSx-bef794e.json | 6 - .../feature-AmazonGuardDuty-4ce4a9d.json | 6 - .../feature-AmazonMemoryDB-d74846d.json | 6 - ...ature-AmazonOpenSearchService-afd5c96.json | 6 - .../feature-AmazonQConnect-4057b7d.json | 6 - ...azonRelationalDatabaseService-e21caa4.json | 6 - ...re-AmazonSimpleStorageService-36d4cfc.json | 6 - .../feature-AmazonVPCLattice-e1068cd.json | 6 - .../feature-EC2ImageBuilder-0b74f6d.json | 6 - .../feature-NetworkFlowMonitor-28a0b5a.json | 6 - .../feature-QBusiness-05a6cee.json | 6 - ...ture-SecurityIncidentResponse-214853b.json | 6 - CHANGELOG.md | 125 ++++++++++++ README.md | 8 +- archetypes/archetype-app-quickstart/pom.xml | 2 +- archetypes/archetype-lambda/pom.xml | 2 +- archetypes/archetype-tools/pom.xml | 2 +- archetypes/pom.xml | 2 +- aws-sdk-java/pom.xml | 17 +- bom-internal/pom.xml | 2 +- bom/pom.xml | 17 +- bundle-logging-bridge/pom.xml | 2 +- bundle-sdk/pom.xml | 2 +- bundle/pom.xml | 2 +- codegen-lite-maven-plugin/pom.xml | 2 +- codegen-lite/pom.xml | 2 +- codegen-maven-plugin/pom.xml | 2 +- codegen/pom.xml | 2 +- core/annotations/pom.xml | 2 +- core/arns/pom.xml | 2 +- core/auth-crt/pom.xml | 2 +- core/auth/pom.xml | 2 +- core/aws-core/pom.xml | 2 +- core/checksums-spi/pom.xml | 2 +- core/checksums/pom.xml | 2 +- core/crt-core/pom.xml | 2 +- core/endpoints-spi/pom.xml | 2 +- core/http-auth-aws-crt/pom.xml | 2 +- core/http-auth-aws-eventstream/pom.xml | 2 +- core/http-auth-aws/pom.xml | 2 +- core/http-auth-spi/pom.xml | 2 +- core/http-auth/pom.xml | 2 +- core/identity-spi/pom.xml | 2 +- core/imds/pom.xml | 2 +- core/json-utils/pom.xml | 2 +- core/metrics-spi/pom.xml | 2 +- core/pom.xml | 2 +- core/profiles/pom.xml | 2 +- core/protocols/aws-cbor-protocol/pom.xml | 2 +- core/protocols/aws-json-protocol/pom.xml | 2 +- core/protocols/aws-query-protocol/pom.xml | 2 +- core/protocols/aws-xml-protocol/pom.xml | 2 +- core/protocols/pom.xml | 2 +- core/protocols/protocol-core/pom.xml | 2 +- core/protocols/smithy-rpcv2-protocol/pom.xml | 2 +- core/regions/pom.xml | 2 +- core/retries-spi/pom.xml | 2 +- core/retries/pom.xml | 2 +- core/sdk-core/pom.xml | 2 +- http-client-spi/pom.xml | 2 +- http-clients/apache-client/pom.xml | 2 +- http-clients/aws-crt-client/pom.xml | 2 +- http-clients/netty-nio-client/pom.xml | 2 +- http-clients/pom.xml | 2 +- http-clients/url-connection-client/pom.xml | 2 +- .../cloudwatch-metric-publisher/pom.xml | 2 +- metric-publishers/pom.xml | 2 +- pom.xml | 2 +- release-scripts/pom.xml | 2 +- services-custom/dynamodb-enhanced/pom.xml | 2 +- services-custom/iam-policy-builder/pom.xml | 2 +- services-custom/pom.xml | 2 +- .../s3-event-notifications/pom.xml | 2 +- services-custom/s3-transfer-manager/pom.xml | 2 +- services/accessanalyzer/pom.xml | 2 +- services/account/pom.xml | 2 +- services/acm/pom.xml | 2 +- services/acmpca/pom.xml | 2 +- services/amp/pom.xml | 2 +- services/amplify/pom.xml | 2 +- services/amplifybackend/pom.xml | 2 +- services/amplifyuibuilder/pom.xml | 2 +- services/apigateway/pom.xml | 2 +- services/apigatewaymanagementapi/pom.xml | 2 +- services/apigatewayv2/pom.xml | 2 +- services/appconfig/pom.xml | 2 +- services/appconfigdata/pom.xml | 2 +- services/appfabric/pom.xml | 2 +- services/appflow/pom.xml | 2 +- services/appintegrations/pom.xml | 2 +- services/applicationautoscaling/pom.xml | 2 +- services/applicationcostprofiler/pom.xml | 2 +- services/applicationdiscovery/pom.xml | 2 +- services/applicationinsights/pom.xml | 2 +- services/applicationsignals/pom.xml | 2 +- services/appmesh/pom.xml | 2 +- services/apprunner/pom.xml | 2 +- services/appstream/pom.xml | 2 +- services/appsync/pom.xml | 2 +- services/apptest/pom.xml | 2 +- services/arczonalshift/pom.xml | 2 +- services/artifact/pom.xml | 2 +- services/athena/pom.xml | 2 +- services/auditmanager/pom.xml | 2 +- services/autoscaling/pom.xml | 2 +- services/autoscalingplans/pom.xml | 2 +- services/b2bi/pom.xml | 2 +- services/backup/pom.xml | 2 +- services/backupgateway/pom.xml | 2 +- services/batch/pom.xml | 2 +- services/bcmdataexports/pom.xml | 2 +- services/bcmpricingcalculator/pom.xml | 2 +- services/bedrock/pom.xml | 2 +- services/bedrockagent/pom.xml | 2 +- services/bedrockagentruntime/pom.xml | 2 +- services/bedrockruntime/pom.xml | 2 +- services/billing/pom.xml | 2 +- services/billingconductor/pom.xml | 2 +- services/braket/pom.xml | 2 +- services/budgets/pom.xml | 2 +- services/chatbot/pom.xml | 2 +- services/chime/pom.xml | 2 +- services/chimesdkidentity/pom.xml | 2 +- services/chimesdkmediapipelines/pom.xml | 2 +- services/chimesdkmeetings/pom.xml | 2 +- services/chimesdkmessaging/pom.xml | 2 +- services/chimesdkvoice/pom.xml | 2 +- services/cleanrooms/pom.xml | 2 +- services/cleanroomsml/pom.xml | 2 +- services/cloud9/pom.xml | 2 +- services/cloudcontrol/pom.xml | 2 +- services/clouddirectory/pom.xml | 2 +- services/cloudformation/pom.xml | 2 +- services/cloudfront/pom.xml | 2 +- services/cloudfrontkeyvaluestore/pom.xml | 2 +- services/cloudhsm/pom.xml | 2 +- services/cloudhsmv2/pom.xml | 2 +- services/cloudsearch/pom.xml | 2 +- services/cloudsearchdomain/pom.xml | 2 +- services/cloudtrail/pom.xml | 2 +- services/cloudtraildata/pom.xml | 2 +- services/cloudwatch/pom.xml | 2 +- services/cloudwatchevents/pom.xml | 2 +- services/cloudwatchlogs/pom.xml | 2 +- services/codeartifact/pom.xml | 2 +- services/codebuild/pom.xml | 2 +- services/codecatalyst/pom.xml | 2 +- services/codecommit/pom.xml | 2 +- services/codeconnections/pom.xml | 2 +- services/codedeploy/pom.xml | 2 +- services/codeguruprofiler/pom.xml | 2 +- services/codegurureviewer/pom.xml | 2 +- services/codegurusecurity/pom.xml | 2 +- services/codepipeline/pom.xml | 2 +- services/codestarconnections/pom.xml | 2 +- services/codestarnotifications/pom.xml | 2 +- services/cognitoidentity/pom.xml | 2 +- services/cognitoidentityprovider/pom.xml | 2 +- services/cognitosync/pom.xml | 2 +- services/comprehend/pom.xml | 2 +- services/comprehendmedical/pom.xml | 2 +- services/computeoptimizer/pom.xml | 2 +- services/config/pom.xml | 2 +- services/connect/pom.xml | 2 +- services/connectcampaigns/pom.xml | 2 +- services/connectcampaignsv2/pom.xml | 2 +- services/connectcases/pom.xml | 2 +- services/connectcontactlens/pom.xml | 2 +- services/connectparticipant/pom.xml | 2 +- services/controlcatalog/pom.xml | 2 +- services/controltower/pom.xml | 2 +- services/costandusagereport/pom.xml | 2 +- services/costexplorer/pom.xml | 2 +- services/costoptimizationhub/pom.xml | 2 +- services/customerprofiles/pom.xml | 2 +- services/databasemigration/pom.xml | 2 +- services/databrew/pom.xml | 2 +- services/dataexchange/pom.xml | 2 +- services/datapipeline/pom.xml | 2 +- services/datasync/pom.xml | 2 +- services/datazone/pom.xml | 2 +- services/dax/pom.xml | 2 +- services/deadline/pom.xml | 2 +- services/detective/pom.xml | 2 +- services/devicefarm/pom.xml | 2 +- services/devopsguru/pom.xml | 2 +- services/directconnect/pom.xml | 2 +- services/directory/pom.xml | 2 +- services/directoryservicedata/pom.xml | 2 +- services/dlm/pom.xml | 2 +- services/docdb/pom.xml | 2 +- services/docdbelastic/pom.xml | 2 +- services/drs/pom.xml | 2 +- services/dynamodb/pom.xml | 2 +- services/ebs/pom.xml | 2 +- services/ec2/pom.xml | 2 +- services/ec2instanceconnect/pom.xml | 2 +- services/ecr/pom.xml | 2 +- services/ecrpublic/pom.xml | 2 +- services/ecs/pom.xml | 2 +- services/efs/pom.xml | 2 +- services/eks/pom.xml | 2 +- services/eksauth/pom.xml | 2 +- services/elasticache/pom.xml | 2 +- services/elasticbeanstalk/pom.xml | 2 +- services/elasticinference/pom.xml | 2 +- services/elasticloadbalancing/pom.xml | 2 +- services/elasticloadbalancingv2/pom.xml | 2 +- services/elasticsearch/pom.xml | 2 +- services/elastictranscoder/pom.xml | 2 +- services/emr/pom.xml | 2 +- services/emrcontainers/pom.xml | 2 +- services/emrserverless/pom.xml | 2 +- services/entityresolution/pom.xml | 2 +- services/eventbridge/pom.xml | 2 +- services/evidently/pom.xml | 2 +- services/finspace/pom.xml | 2 +- services/finspacedata/pom.xml | 2 +- services/firehose/pom.xml | 2 +- services/fis/pom.xml | 2 +- services/fms/pom.xml | 2 +- services/forecast/pom.xml | 2 +- services/forecastquery/pom.xml | 2 +- services/frauddetector/pom.xml | 2 +- services/freetier/pom.xml | 2 +- services/fsx/pom.xml | 2 +- services/gamelift/pom.xml | 2 +- services/geomaps/pom.xml | 2 +- services/geoplaces/pom.xml | 2 +- services/georoutes/pom.xml | 2 +- services/glacier/pom.xml | 2 +- services/globalaccelerator/pom.xml | 2 +- services/glue/pom.xml | 2 +- services/grafana/pom.xml | 2 +- services/greengrass/pom.xml | 2 +- services/greengrassv2/pom.xml | 2 +- services/groundstation/pom.xml | 2 +- services/guardduty/pom.xml | 2 +- services/health/pom.xml | 2 +- services/healthlake/pom.xml | 2 +- services/iam/pom.xml | 2 +- services/identitystore/pom.xml | 2 +- services/imagebuilder/pom.xml | 2 +- services/inspector/pom.xml | 2 +- services/inspector2/pom.xml | 2 +- services/inspectorscan/pom.xml | 2 +- services/internetmonitor/pom.xml | 2 +- services/invoicing/pom.xml | 2 +- services/iot/pom.xml | 2 +- services/iot1clickdevices/pom.xml | 2 +- services/iot1clickprojects/pom.xml | 2 +- services/iotanalytics/pom.xml | 2 +- services/iotdataplane/pom.xml | 2 +- services/iotdeviceadvisor/pom.xml | 2 +- services/iotevents/pom.xml | 2 +- services/ioteventsdata/pom.xml | 2 +- services/iotfleethub/pom.xml | 2 +- services/iotfleetwise/pom.xml | 2 +- services/iotjobsdataplane/pom.xml | 2 +- services/iotsecuretunneling/pom.xml | 2 +- services/iotsitewise/pom.xml | 2 +- services/iotthingsgraph/pom.xml | 2 +- services/iottwinmaker/pom.xml | 2 +- services/iotwireless/pom.xml | 2 +- services/ivs/pom.xml | 2 +- services/ivschat/pom.xml | 2 +- services/ivsrealtime/pom.xml | 2 +- services/kafka/pom.xml | 2 +- services/kafkaconnect/pom.xml | 2 +- services/kendra/pom.xml | 2 +- services/kendraranking/pom.xml | 2 +- services/keyspaces/pom.xml | 2 +- services/kinesis/pom.xml | 2 +- services/kinesisanalytics/pom.xml | 2 +- services/kinesisanalyticsv2/pom.xml | 2 +- services/kinesisvideo/pom.xml | 2 +- services/kinesisvideoarchivedmedia/pom.xml | 2 +- services/kinesisvideomedia/pom.xml | 2 +- services/kinesisvideosignaling/pom.xml | 2 +- services/kinesisvideowebrtcstorage/pom.xml | 2 +- services/kms/pom.xml | 2 +- services/lakeformation/pom.xml | 2 +- services/lambda/pom.xml | 2 +- services/launchwizard/pom.xml | 2 +- services/lexmodelbuilding/pom.xml | 2 +- services/lexmodelsv2/pom.xml | 2 +- services/lexruntime/pom.xml | 2 +- services/lexruntimev2/pom.xml | 2 +- services/licensemanager/pom.xml | 2 +- .../licensemanagerlinuxsubscriptions/pom.xml | 2 +- .../licensemanagerusersubscriptions/pom.xml | 2 +- services/lightsail/pom.xml | 2 +- services/location/pom.xml | 2 +- services/lookoutequipment/pom.xml | 2 +- services/lookoutmetrics/pom.xml | 2 +- services/lookoutvision/pom.xml | 2 +- services/m2/pom.xml | 2 +- services/machinelearning/pom.xml | 2 +- services/macie2/pom.xml | 2 +- services/mailmanager/pom.xml | 2 +- services/managedblockchain/pom.xml | 2 +- services/managedblockchainquery/pom.xml | 2 +- services/marketplaceagreement/pom.xml | 2 +- services/marketplacecatalog/pom.xml | 2 +- services/marketplacecommerceanalytics/pom.xml | 2 +- services/marketplacedeployment/pom.xml | 2 +- services/marketplaceentitlement/pom.xml | 2 +- services/marketplacemetering/pom.xml | 2 +- services/marketplacereporting/pom.xml | 2 +- services/mediaconnect/pom.xml | 2 +- services/mediaconvert/pom.xml | 2 +- services/medialive/pom.xml | 2 +- services/mediapackage/pom.xml | 2 +- services/mediapackagev2/pom.xml | 2 +- services/mediapackagevod/pom.xml | 2 +- services/mediastore/pom.xml | 2 +- services/mediastoredata/pom.xml | 2 +- services/mediatailor/pom.xml | 2 +- services/medicalimaging/pom.xml | 2 +- services/memorydb/pom.xml | 2 +- services/mgn/pom.xml | 2 +- services/migrationhub/pom.xml | 2 +- services/migrationhubconfig/pom.xml | 2 +- services/migrationhuborchestrator/pom.xml | 2 +- services/migrationhubrefactorspaces/pom.xml | 2 +- services/migrationhubstrategy/pom.xml | 2 +- services/mq/pom.xml | 2 +- services/mturk/pom.xml | 2 +- services/mwaa/pom.xml | 2 +- services/neptune/pom.xml | 2 +- services/neptunedata/pom.xml | 2 +- services/neptunegraph/pom.xml | 2 +- services/networkfirewall/pom.xml | 2 +- services/networkflowmonitor/pom.xml | 2 +- services/networkmanager/pom.xml | 2 +- services/networkmonitor/pom.xml | 2 +- services/notifications/pom.xml | 2 +- services/notificationscontacts/pom.xml | 2 +- services/oam/pom.xml | 2 +- services/observabilityadmin/pom.xml | 2 +- services/omics/pom.xml | 2 +- services/opensearch/pom.xml | 2 +- services/opensearchserverless/pom.xml | 2 +- services/opsworks/pom.xml | 2 +- services/opsworkscm/pom.xml | 2 +- services/organizations/pom.xml | 2 +- services/osis/pom.xml | 2 +- services/outposts/pom.xml | 2 +- services/panorama/pom.xml | 2 +- services/partnercentralselling/pom.xml | 2 +- services/paymentcryptography/pom.xml | 2 +- services/paymentcryptographydata/pom.xml | 2 +- services/pcaconnectorad/pom.xml | 2 +- services/pcaconnectorscep/pom.xml | 2 +- services/pcs/pom.xml | 2 +- services/personalize/pom.xml | 2 +- services/personalizeevents/pom.xml | 2 +- services/personalizeruntime/pom.xml | 2 +- services/pi/pom.xml | 2 +- services/pinpoint/pom.xml | 2 +- services/pinpointemail/pom.xml | 2 +- services/pinpointsmsvoice/pom.xml | 2 +- services/pinpointsmsvoicev2/pom.xml | 2 +- services/pipes/pom.xml | 2 +- services/polly/pom.xml | 2 +- services/pom.xml | 5 +- services/pricing/pom.xml | 2 +- services/privatenetworks/pom.xml | 2 +- services/proton/pom.xml | 2 +- services/qapps/pom.xml | 2 +- services/qbusiness/pom.xml | 2 +- services/qconnect/pom.xml | 2 +- services/qldb/pom.xml | 2 +- services/qldbsession/pom.xml | 2 +- services/quicksight/pom.xml | 2 +- services/ram/pom.xml | 2 +- services/rbin/pom.xml | 2 +- services/rds/pom.xml | 2 +- services/rdsdata/pom.xml | 2 +- services/redshift/pom.xml | 2 +- services/redshiftdata/pom.xml | 2 +- services/redshiftserverless/pom.xml | 2 +- services/rekognition/pom.xml | 2 +- services/repostspace/pom.xml | 2 +- services/resiliencehub/pom.xml | 2 +- services/resourceexplorer2/pom.xml | 2 +- services/resourcegroups/pom.xml | 2 +- services/resourcegroupstaggingapi/pom.xml | 2 +- services/robomaker/pom.xml | 2 +- services/rolesanywhere/pom.xml | 2 +- services/route53/pom.xml | 2 +- services/route53domains/pom.xml | 2 +- services/route53profiles/pom.xml | 2 +- services/route53recoverycluster/pom.xml | 2 +- services/route53recoverycontrolconfig/pom.xml | 2 +- services/route53recoveryreadiness/pom.xml | 2 +- services/route53resolver/pom.xml | 2 +- services/rum/pom.xml | 2 +- services/s3/pom.xml | 2 +- services/s3control/pom.xml | 2 +- services/s3outposts/pom.xml | 2 +- services/sagemaker/pom.xml | 2 +- services/sagemakera2iruntime/pom.xml | 2 +- services/sagemakeredge/pom.xml | 2 +- services/sagemakerfeaturestoreruntime/pom.xml | 2 +- services/sagemakergeospatial/pom.xml | 2 +- services/sagemakermetrics/pom.xml | 2 +- services/sagemakerruntime/pom.xml | 2 +- services/savingsplans/pom.xml | 2 +- services/scheduler/pom.xml | 2 +- services/schemas/pom.xml | 2 +- services/secretsmanager/pom.xml | 2 +- services/securityhub/pom.xml | 2 +- services/securityir/pom.xml | 2 +- services/securitylake/pom.xml | 2 +- .../serverlessapplicationrepository/pom.xml | 2 +- services/servicecatalog/pom.xml | 2 +- services/servicecatalogappregistry/pom.xml | 2 +- services/servicediscovery/pom.xml | 2 +- services/servicequotas/pom.xml | 2 +- services/ses/pom.xml | 2 +- services/sesv2/pom.xml | 2 +- services/sfn/pom.xml | 2 +- services/shield/pom.xml | 2 +- services/signer/pom.xml | 2 +- services/simspaceweaver/pom.xml | 2 +- services/sms/pom.xml | 2 +- services/snowball/pom.xml | 2 +- services/snowdevicemanagement/pom.xml | 2 +- services/sns/pom.xml | 2 +- services/socialmessaging/pom.xml | 2 +- services/sqs/pom.xml | 2 +- services/ssm/pom.xml | 2 +- services/ssmcontacts/pom.xml | 2 +- services/ssmincidents/pom.xml | 2 +- services/ssmquicksetup/pom.xml | 2 +- services/ssmsap/pom.xml | 2 +- services/sso/pom.xml | 2 +- services/ssoadmin/pom.xml | 2 +- services/ssooidc/pom.xml | 2 +- services/storagegateway/pom.xml | 2 +- services/sts/pom.xml | 2 +- services/supplychain/pom.xml | 2 +- services/support/pom.xml | 2 +- services/supportapp/pom.xml | 2 +- services/swf/pom.xml | 2 +- services/synthetics/pom.xml | 2 +- services/taxsettings/pom.xml | 2 +- services/textract/pom.xml | 2 +- services/timestreaminfluxdb/pom.xml | 2 +- services/timestreamquery/pom.xml | 2 +- services/timestreamwrite/pom.xml | 2 +- services/tnb/pom.xml | 2 +- services/transcribe/pom.xml | 2 +- services/transcribestreaming/pom.xml | 2 +- services/transfer/pom.xml | 2 +- services/translate/pom.xml | 2 +- services/trustedadvisor/pom.xml | 2 +- services/verifiedpermissions/pom.xml | 2 +- services/voiceid/pom.xml | 2 +- services/vpclattice/pom.xml | 2 +- services/waf/pom.xml | 2 +- services/wafv2/pom.xml | 2 +- services/wellarchitected/pom.xml | 2 +- services/wisdom/pom.xml | 2 +- services/workdocs/pom.xml | 2 +- services/workmail/pom.xml | 2 +- services/workmailmessageflow/pom.xml | 2 +- services/workspaces/pom.xml | 2 +- services/workspacesthinclient/pom.xml | 2 +- services/workspacesweb/pom.xml | 2 +- services/xray/pom.xml | 2 +- test/auth-tests/pom.xml | 2 +- .../pom.xml | 2 +- test/bundle-shading-tests/pom.xml | 2 +- test/codegen-generated-classes-test/pom.xml | 2 +- test/crt-unavailable-tests/pom.xml | 2 +- test/http-client-tests/pom.xml | 2 +- test/module-path-tests/pom.xml | 2 +- .../pom.xml | 2 +- test/protocol-tests-core/pom.xml | 2 +- test/protocol-tests/pom.xml | 2 +- test/region-testing/pom.xml | 2 +- test/ruleset-testing-core/pom.xml | 2 +- test/s3-benchmarks/pom.xml | 2 +- test/sdk-benchmarks/pom.xml | 2 +- test/sdk-native-image-test/pom.xml | 2 +- test/service-test-utils/pom.xml | 2 +- test/stability-tests/pom.xml | 2 +- test/test-utils/pom.xml | 2 +- test/tests-coverage-reporting/pom.xml | 2 +- test/v2-migration-tests/pom.xml | 2 +- third-party/pom.xml | 2 +- third-party/third-party-jackson-core/pom.xml | 2 +- .../pom.xml | 2 +- third-party/third-party-slf4j-api/pom.xml | 2 +- utils/pom.xml | 2 +- v2-migration/pom.xml | 2 +- 518 files changed, 838 insertions(+), 674 deletions(-) create mode 100644 .changes/2.29.24.json delete mode 100644 .changes/next-release/bugfix-AWSCRTbasedS3client-906e1ea.json delete mode 100644 .changes/next-release/feature-AWSCleanRoomsService-f293562.json delete mode 100644 .changes/next-release/feature-AWSInvoicing-e5d5943.json delete mode 100644 .changes/next-release/feature-AWSOrganizations-42333d1.json delete mode 100644 .changes/next-release/feature-AWSS3Control-ab425dc.json delete mode 100644 .changes/next-release/feature-AWSSecurityHub-096bdcc.json delete mode 100644 .changes/next-release/feature-AWSTransferFamily-5c2b94e.json delete mode 100644 .changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json delete mode 100644 .changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json delete mode 100644 .changes/next-release/feature-AmazonBedrock-4b0d7bd.json delete mode 100644 .changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json delete mode 100644 .changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json delete mode 100644 .changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json delete mode 100644 .changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json delete mode 100644 .changes/next-release/feature-AmazonConnectService-8488c96.json delete mode 100644 .changes/next-release/feature-AmazonEC2ContainerService-889d675.json delete mode 100644 .changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json delete mode 100644 .changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json delete mode 100644 .changes/next-release/feature-AmazonEventBridge-300044d.json delete mode 100644 .changes/next-release/feature-AmazonFSx-bef794e.json delete mode 100644 .changes/next-release/feature-AmazonGuardDuty-4ce4a9d.json delete mode 100644 .changes/next-release/feature-AmazonMemoryDB-d74846d.json delete mode 100644 .changes/next-release/feature-AmazonOpenSearchService-afd5c96.json delete mode 100644 .changes/next-release/feature-AmazonQConnect-4057b7d.json delete mode 100644 .changes/next-release/feature-AmazonRelationalDatabaseService-e21caa4.json delete mode 100644 .changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json delete mode 100644 .changes/next-release/feature-AmazonVPCLattice-e1068cd.json delete mode 100644 .changes/next-release/feature-EC2ImageBuilder-0b74f6d.json delete mode 100644 .changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json delete mode 100644 .changes/next-release/feature-QBusiness-05a6cee.json delete mode 100644 .changes/next-release/feature-SecurityIncidentResponse-214853b.json diff --git a/.changes/2.29.24.json b/.changes/2.29.24.json new file mode 100644 index 00000000000..7ec6e9c96cf --- /dev/null +++ b/.changes/2.29.24.json @@ -0,0 +1,192 @@ +{ + "version": "2.29.24", + "date": "2024-12-01", + "entries": [ + { + "type": "bugfix", + "category": "AWS CRT-based S3 client", + "contributor": "", + "description": "Fixed an issue where an error was not surfaced if request failed halfway for a GetObject operation. See [#5631](https://github.com/aws/aws-sdk-java-v2/issues/5631)" + }, + { + "type": "feature", + "category": "AWS Clean Rooms Service", + "contributor": "", + "description": "This release allows customers and their partners to easily collaborate with data stored in Snowflake and Amazon Athena, without having to move or share their underlying data among collaborators." + }, + { + "type": "feature", + "category": "AWS Invoicing", + "contributor": "", + "description": "AWS Invoice Configuration allows you to receive separate AWS invoices based on your organizational needs. You can use the AWS SDKs to manage Invoice Units and programmatically fetch the information of the invoice receiver." + }, + { + "type": "feature", + "category": "AWS Organizations", + "contributor": "", + "description": "Add support for policy operations on the DECLARATIVE_POLICY_EC2 policy type." + }, + { + "type": "feature", + "category": "AWS S3 Control", + "contributor": "", + "description": "Amazon S3 introduces support for AWS Dedicated Local Zones" + }, + { + "type": "feature", + "category": "AWS SecurityHub", + "contributor": "", + "description": "Add new Multi Domain Correlation findings." + }, + { + "type": "feature", + "category": "AWS Transfer Family", + "contributor": "", + "description": "AWS Transfer Family now offers Web apps that enables simple and secure access to data stored in Amazon S3." + }, + { + "type": "feature", + "category": "Agents for Amazon Bedrock", + "contributor": "", + "description": "This release introduces APIs to upload documents directly into a Knowledge Base" + }, + { + "type": "feature", + "category": "Agents for Amazon Bedrock Runtime", + "contributor": "", + "description": "This release introduces a new Rerank API to leverage reranking models (with integration into Knowledge Bases); APIs to upload documents directly into Knowledge Base; RetrieveAndGenerateStream API for streaming response; Guardrails on Retrieve API; and ability to automatically generate filters" + }, + { + "type": "feature", + "category": "Amazon Bedrock", + "contributor": "", + "description": "Add support for Knowledge Base Evaluations & LLM as a judge" + }, + { + "type": "feature", + "category": "Amazon Chime SDK Voice", + "contributor": "", + "description": "This release adds supports for enterprises to integrate Amazon Connect with other voice systems. It supports directly transferring voice calls and metadata without using the public telephone network. It also supports real-time and post-call analytics." + }, + { + "type": "feature", + "category": "Amazon CloudWatch Logs", + "contributor": "", + "description": "Adds PutIntegration, GetIntegration, ListIntegrations and DeleteIntegration APIs. Adds QueryLanguage support to StartQuery, GetQueryResults, DescribeQueries, DescribeQueryDefinitions, and PutQueryDefinition APIs." + }, + { + "type": "feature", + "category": "AmazonConnectCampaignServiceV2", + "contributor": "", + "description": "Amazon Connect Outbound Campaigns V2 / Features : Adds support for Event-Triggered Campaigns." + }, + { + "type": "feature", + "category": "Amazon Connect Customer Profiles", + "contributor": "", + "description": "This release introduces Event Trigger APIs as part of Amazon Connect Customer Profiles service." + }, + { + "type": "feature", + "category": "Amazon Connect Service", + "contributor": "", + "description": "Adds support for WhatsApp Business messaging, IVR call recording, enabling Contact Lens for existing on-premise contact centers and telephony platforms, and enabling telephony and IVR migration to Amazon Connect independent of their contact center agents." + }, + { + "type": "feature", + "category": "Amazon EC2 Container Service", + "contributor": "", + "description": "This release adds support for Container Insights with Enhanced Observability for Amazon ECS." + }, + { + "type": "feature", + "category": "Amazon Elastic Compute Cloud", + "contributor": "", + "description": "Adds support for declarative policies that allow you to enforce desired configuration across an AWS organization through configuring account attributes. Adds support for Allowed AMIs that allows you to limit the use of AMIs in AWS accounts. Adds support for connectivity over non-HTTP protocols." + }, + { + "type": "feature", + "category": "Amazon Elastic Kubernetes Service", + "contributor": "", + "description": "Added support for Auto Mode Clusters, Hybrid Nodes, and specifying computeTypes in the DescribeAddonVersions API." + }, + { + "type": "feature", + "category": "Amazon EventBridge", + "contributor": "", + "description": "Call private APIs by configuring Connections with VPC connectivity through PrivateLink and VPC Lattice" + }, + { + "type": "feature", + "category": "Amazon FSx", + "contributor": "", + "description": "FSx API changes to support the public launch of the Amazon FSx Intelligent Tiering for OpenZFS storage class." + }, + { + "type": "feature", + "category": "Amazon GuardDuty", + "contributor": "", + "description": "Add new Multi Domain Correlation findings." + }, + { + "type": "feature", + "category": "Amazon MemoryDB", + "contributor": "", + "description": "Amazon MemoryDB SDK now supports all APIs for Multi-Region. Please refer to the updated Amazon MemoryDB public documentation for detailed information on API usage." + }, + { + "type": "feature", + "category": "Amazon OpenSearch Service", + "contributor": "", + "description": "This feature introduces support for CRUDL APIs, enabling the creation and management of Connected data sources." + }, + { + "type": "feature", + "category": "Amazon Q Connect", + "contributor": "", + "description": "This release adds following capabilities: Configuring safeguards via AIGuardrails for Q in Connect inferencing, and APIs to support Q&A self-service use cases" + }, + { + "type": "feature", + "category": "Amazon Relational Database Service", + "contributor": "", + "description": "Amazon RDS supports CloudWatch Database Insights. You can use the SDK to create, modify, and describe the DatabaseInsightsMode for your DB instances and clusters." + }, + { + "type": "feature", + "category": "Amazon Simple Storage Service", + "contributor": "", + "description": "Amazon S3 introduces support for AWS Dedicated Local Zones" + }, + { + "type": "feature", + "category": "Amazon VPC Lattice", + "contributor": "", + "description": "Lattice APIs that allow sharing and access of VPC resources across accounts." + }, + { + "type": "feature", + "category": "EC2 Image Builder", + "contributor": "", + "description": "Added support for EC2 Image Builder's integration with AWS Marketplace for Marketplace components." + }, + { + "type": "feature", + "category": "Network Flow Monitor", + "contributor": "", + "description": "This release adds documentation for a new feature in Amazon CloudWatch called Network Flow Monitor. You can use Network Flow Monitor to get near real-time metrics, including retransmissions and data transferred, for your actual workloads." + }, + { + "type": "feature", + "category": "QBusiness", + "contributor": "", + "description": "Amazon Q Business now supports capabilities to extract insights and answer questions from visual elements embedded within documents, a browser extension for Google Chrome, Mozilla Firefox, and Microsoft Edge, and attachments across conversations." + }, + { + "type": "feature", + "category": "Security Incident Response", + "contributor": "", + "description": "AWS Security Incident Response is a purpose-built security incident solution designed to help customers prepare for, respond to, and recover from security incidents." + } + ] +} \ No newline at end of file diff --git a/.changes/next-release/bugfix-AWSCRTbasedS3client-906e1ea.json b/.changes/next-release/bugfix-AWSCRTbasedS3client-906e1ea.json deleted file mode 100644 index ca4c0d04c99..00000000000 --- a/.changes/next-release/bugfix-AWSCRTbasedS3client-906e1ea.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "bugfix", - "category": "AWS CRT-based S3 client", - "contributor": "", - "description": "Fixed an issue where an error was not surfaced if request failed halfway for a GetObject operation. See [#5631](https://github.com/aws/aws-sdk-java-v2/issues/5631)" -} diff --git a/.changes/next-release/feature-AWSCleanRoomsService-f293562.json b/.changes/next-release/feature-AWSCleanRoomsService-f293562.json deleted file mode 100644 index 9dc323edca6..00000000000 --- a/.changes/next-release/feature-AWSCleanRoomsService-f293562.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS Clean Rooms Service", - "contributor": "", - "description": "This release allows customers and their partners to easily collaborate with data stored in Snowflake and Amazon Athena, without having to move or share their underlying data among collaborators." -} diff --git a/.changes/next-release/feature-AWSInvoicing-e5d5943.json b/.changes/next-release/feature-AWSInvoicing-e5d5943.json deleted file mode 100644 index 351fd25f6c8..00000000000 --- a/.changes/next-release/feature-AWSInvoicing-e5d5943.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS Invoicing", - "contributor": "", - "description": "AWS Invoice Configuration allows you to receive separate AWS invoices based on your organizational needs. You can use the AWS SDKs to manage Invoice Units and programmatically fetch the information of the invoice receiver." -} diff --git a/.changes/next-release/feature-AWSOrganizations-42333d1.json b/.changes/next-release/feature-AWSOrganizations-42333d1.json deleted file mode 100644 index d7a1aa22540..00000000000 --- a/.changes/next-release/feature-AWSOrganizations-42333d1.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS Organizations", - "contributor": "", - "description": "Add support for policy operations on the DECLARATIVE_POLICY_EC2 policy type." -} diff --git a/.changes/next-release/feature-AWSS3Control-ab425dc.json b/.changes/next-release/feature-AWSS3Control-ab425dc.json deleted file mode 100644 index 078bc4e5004..00000000000 --- a/.changes/next-release/feature-AWSS3Control-ab425dc.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS S3 Control", - "contributor": "", - "description": "Amazon S3 introduces support for AWS Dedicated Local Zones" -} diff --git a/.changes/next-release/feature-AWSSecurityHub-096bdcc.json b/.changes/next-release/feature-AWSSecurityHub-096bdcc.json deleted file mode 100644 index d5c8113589c..00000000000 --- a/.changes/next-release/feature-AWSSecurityHub-096bdcc.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS SecurityHub", - "contributor": "", - "description": "Add new Multi Domain Correlation findings." -} diff --git a/.changes/next-release/feature-AWSTransferFamily-5c2b94e.json b/.changes/next-release/feature-AWSTransferFamily-5c2b94e.json deleted file mode 100644 index bf7b01b7939..00000000000 --- a/.changes/next-release/feature-AWSTransferFamily-5c2b94e.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS Transfer Family", - "contributor": "", - "description": "AWS Transfer Family now offers Web apps that enables simple and secure access to data stored in Amazon S3." -} diff --git a/.changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json b/.changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json deleted file mode 100644 index 0cf4314aba3..00000000000 --- a/.changes/next-release/feature-AgentsforAmazonBedrock-35d36fc.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Agents for Amazon Bedrock", - "contributor": "", - "description": "This release introduces APIs to upload documents directly into a Knowledge Base" -} diff --git a/.changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json b/.changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json deleted file mode 100644 index c6fbb0457dc..00000000000 --- a/.changes/next-release/feature-AgentsforAmazonBedrockRuntime-70183c9.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Agents for Amazon Bedrock Runtime", - "contributor": "", - "description": "This release introduces a new Rerank API to leverage reranking models (with integration into Knowledge Bases); APIs to upload documents directly into Knowledge Base; RetrieveAndGenerateStream API for streaming response; Guardrails on Retrieve API; and ability to automatically generate filters" -} diff --git a/.changes/next-release/feature-AmazonBedrock-4b0d7bd.json b/.changes/next-release/feature-AmazonBedrock-4b0d7bd.json deleted file mode 100644 index c7f9f3a165f..00000000000 --- a/.changes/next-release/feature-AmazonBedrock-4b0d7bd.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Bedrock", - "contributor": "", - "description": "Add support for Knowledge Base Evaluations & LLM as a judge" -} diff --git a/.changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json b/.changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json deleted file mode 100644 index a70956b6d01..00000000000 --- a/.changes/next-release/feature-AmazonChimeSDKVoice-59cfe26.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Chime SDK Voice", - "contributor": "", - "description": "This release adds supports for enterprises to integrate Amazon Connect with other voice systems. It supports directly transferring voice calls and metadata without using the public telephone network. It also supports real-time and post-call analytics." -} diff --git a/.changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json b/.changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json deleted file mode 100644 index 65a06e6052d..00000000000 --- a/.changes/next-release/feature-AmazonCloudWatchLogs-dd286dc.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon CloudWatch Logs", - "contributor": "", - "description": "Adds PutIntegration, GetIntegration, ListIntegrations and DeleteIntegration APIs. Adds QueryLanguage support to StartQuery, GetQueryResults, DescribeQueries, DescribeQueryDefinitions, and PutQueryDefinition APIs." -} diff --git a/.changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json b/.changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json deleted file mode 100644 index 59642837e4f..00000000000 --- a/.changes/next-release/feature-AmazonConnectCampaignServiceV2-d4badfa.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AmazonConnectCampaignServiceV2", - "contributor": "", - "description": "Amazon Connect Outbound Campaigns V2 / Features : Adds support for Event-Triggered Campaigns." -} diff --git a/.changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json b/.changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json deleted file mode 100644 index e27a8faa841..00000000000 --- a/.changes/next-release/feature-AmazonConnectCustomerProfiles-836a182.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Connect Customer Profiles", - "contributor": "", - "description": "This release introduces Event Trigger APIs as part of Amazon Connect Customer Profiles service." -} diff --git a/.changes/next-release/feature-AmazonConnectService-8488c96.json b/.changes/next-release/feature-AmazonConnectService-8488c96.json deleted file mode 100644 index 2aa68ed37e2..00000000000 --- a/.changes/next-release/feature-AmazonConnectService-8488c96.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Connect Service", - "contributor": "", - "description": "Adds support for WhatsApp Business messaging, IVR call recording, enabling Contact Lens for existing on-premise contact centers and telephony platforms, and enabling telephony and IVR migration to Amazon Connect independent of their contact center agents." -} diff --git a/.changes/next-release/feature-AmazonEC2ContainerService-889d675.json b/.changes/next-release/feature-AmazonEC2ContainerService-889d675.json deleted file mode 100644 index de5346ab27c..00000000000 --- a/.changes/next-release/feature-AmazonEC2ContainerService-889d675.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon EC2 Container Service", - "contributor": "", - "description": "This release adds support for Container Insights with Enhanced Observability for Amazon ECS." -} diff --git a/.changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json b/.changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json deleted file mode 100644 index b02223c87bd..00000000000 --- a/.changes/next-release/feature-AmazonElasticComputeCloud-c98c8a3.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Elastic Compute Cloud", - "contributor": "", - "description": "Adds support for declarative policies that allow you to enforce desired configuration across an AWS organization through configuring account attributes. Adds support for Allowed AMIs that allows you to limit the use of AMIs in AWS accounts. Adds support for connectivity over non-HTTP protocols." -} diff --git a/.changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json b/.changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json deleted file mode 100644 index c1fb832ade5..00000000000 --- a/.changes/next-release/feature-AmazonElasticKubernetesService-d3cdaff.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Elastic Kubernetes Service", - "contributor": "", - "description": "Added support for Auto Mode Clusters, Hybrid Nodes, and specifying computeTypes in the DescribeAddonVersions API." -} diff --git a/.changes/next-release/feature-AmazonEventBridge-300044d.json b/.changes/next-release/feature-AmazonEventBridge-300044d.json deleted file mode 100644 index 89ec407cacc..00000000000 --- a/.changes/next-release/feature-AmazonEventBridge-300044d.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon EventBridge", - "contributor": "", - "description": "Call private APIs by configuring Connections with VPC connectivity through PrivateLink and VPC Lattice" -} diff --git a/.changes/next-release/feature-AmazonFSx-bef794e.json b/.changes/next-release/feature-AmazonFSx-bef794e.json deleted file mode 100644 index c74ac64fbad..00000000000 --- a/.changes/next-release/feature-AmazonFSx-bef794e.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon FSx", - "contributor": "", - "description": "FSx API changes to support the public launch of the Amazon FSx Intelligent Tiering for OpenZFS storage class." -} diff --git a/.changes/next-release/feature-AmazonGuardDuty-4ce4a9d.json b/.changes/next-release/feature-AmazonGuardDuty-4ce4a9d.json deleted file mode 100644 index 0e32749c5fa..00000000000 --- a/.changes/next-release/feature-AmazonGuardDuty-4ce4a9d.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon GuardDuty", - "contributor": "", - "description": "Add new Multi Domain Correlation findings." -} diff --git a/.changes/next-release/feature-AmazonMemoryDB-d74846d.json b/.changes/next-release/feature-AmazonMemoryDB-d74846d.json deleted file mode 100644 index a3310f28732..00000000000 --- a/.changes/next-release/feature-AmazonMemoryDB-d74846d.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon MemoryDB", - "contributor": "", - "description": "Amazon MemoryDB SDK now supports all APIs for Multi-Region. Please refer to the updated Amazon MemoryDB public documentation for detailed information on API usage." -} diff --git a/.changes/next-release/feature-AmazonOpenSearchService-afd5c96.json b/.changes/next-release/feature-AmazonOpenSearchService-afd5c96.json deleted file mode 100644 index a7f3c1dfdbe..00000000000 --- a/.changes/next-release/feature-AmazonOpenSearchService-afd5c96.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon OpenSearch Service", - "contributor": "", - "description": "This feature introduces support for CRUDL APIs, enabling the creation and management of Connected data sources." -} diff --git a/.changes/next-release/feature-AmazonQConnect-4057b7d.json b/.changes/next-release/feature-AmazonQConnect-4057b7d.json deleted file mode 100644 index 26f62ed5ed9..00000000000 --- a/.changes/next-release/feature-AmazonQConnect-4057b7d.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Q Connect", - "contributor": "", - "description": "This release adds following capabilities: Configuring safeguards via AIGuardrails for Q in Connect inferencing, and APIs to support Q&A self-service use cases" -} diff --git a/.changes/next-release/feature-AmazonRelationalDatabaseService-e21caa4.json b/.changes/next-release/feature-AmazonRelationalDatabaseService-e21caa4.json deleted file mode 100644 index 5b286eeaaa3..00000000000 --- a/.changes/next-release/feature-AmazonRelationalDatabaseService-e21caa4.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Relational Database Service", - "contributor": "", - "description": "Amazon RDS supports CloudWatch Database Insights. You can use the SDK to create, modify, and describe the DatabaseInsightsMode for your DB instances and clusters." -} diff --git a/.changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json b/.changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json deleted file mode 100644 index 3586cd88780..00000000000 --- a/.changes/next-release/feature-AmazonSimpleStorageService-36d4cfc.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Simple Storage Service", - "contributor": "", - "description": "Amazon S3 introduces support for AWS Dedicated Local Zones" -} diff --git a/.changes/next-release/feature-AmazonVPCLattice-e1068cd.json b/.changes/next-release/feature-AmazonVPCLattice-e1068cd.json deleted file mode 100644 index 44aa0914c3c..00000000000 --- a/.changes/next-release/feature-AmazonVPCLattice-e1068cd.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon VPC Lattice", - "contributor": "", - "description": "Lattice APIs that allow sharing and access of VPC resources across accounts." -} diff --git a/.changes/next-release/feature-EC2ImageBuilder-0b74f6d.json b/.changes/next-release/feature-EC2ImageBuilder-0b74f6d.json deleted file mode 100644 index 34cee33e36d..00000000000 --- a/.changes/next-release/feature-EC2ImageBuilder-0b74f6d.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "EC2 Image Builder", - "contributor": "", - "description": "Added support for EC2 Image Builder's integration with AWS Marketplace for Marketplace components." -} diff --git a/.changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json b/.changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json deleted file mode 100644 index eccd37c6033..00000000000 --- a/.changes/next-release/feature-NetworkFlowMonitor-28a0b5a.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Network Flow Monitor", - "contributor": "", - "description": "This release adds documentation for a new feature in Amazon CloudWatch called Network Flow Monitor. You can use Network Flow Monitor to get near real-time metrics, including retransmissions and data transferred, for your actual workloads." -} diff --git a/.changes/next-release/feature-QBusiness-05a6cee.json b/.changes/next-release/feature-QBusiness-05a6cee.json deleted file mode 100644 index 2d461e0fb7d..00000000000 --- a/.changes/next-release/feature-QBusiness-05a6cee.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "QBusiness", - "contributor": "", - "description": "Amazon Q Business now supports capabilities to extract insights and answer questions from visual elements embedded within documents, a browser extension for Google Chrome, Mozilla Firefox, and Microsoft Edge, and attachments across conversations." -} diff --git a/.changes/next-release/feature-SecurityIncidentResponse-214853b.json b/.changes/next-release/feature-SecurityIncidentResponse-214853b.json deleted file mode 100644 index 6455b3f59f1..00000000000 --- a/.changes/next-release/feature-SecurityIncidentResponse-214853b.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Security Incident Response", - "contributor": "", - "description": "AWS Security Incident Response is a purpose-built security incident solution designed to help customers prepare for, respond to, and recover from security incidents." -} diff --git a/CHANGELOG.md b/CHANGELOG.md index 088e1f636f5..977cc5fabae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,129 @@ #### 👋 _Looking for changelogs for older versions? You can find them in the [changelogs](./changelogs) directory._ +# __2.29.24__ __2024-12-01__ +## __AWS CRT-based S3 client__ + - ### Bugfixes + - Fixed an issue where an error was not surfaced if request failed halfway for a GetObject operation. See [#5631](https://github.com/aws/aws-sdk-java-v2/issues/5631) + +## __AWS Clean Rooms Service__ + - ### Features + - This release allows customers and their partners to easily collaborate with data stored in Snowflake and Amazon Athena, without having to move or share their underlying data among collaborators. + +## __AWS Invoicing__ + - ### Features + - AWS Invoice Configuration allows you to receive separate AWS invoices based on your organizational needs. You can use the AWS SDKs to manage Invoice Units and programmatically fetch the information of the invoice receiver. + +## __AWS Organizations__ + - ### Features + - Add support for policy operations on the DECLARATIVE_POLICY_EC2 policy type. + +## __AWS S3 Control__ + - ### Features + - Amazon S3 introduces support for AWS Dedicated Local Zones + +## __AWS SecurityHub__ + - ### Features + - Add new Multi Domain Correlation findings. + +## __AWS Transfer Family__ + - ### Features + - AWS Transfer Family now offers Web apps that enables simple and secure access to data stored in Amazon S3. + +## __Agents for Amazon Bedrock__ + - ### Features + - This release introduces APIs to upload documents directly into a Knowledge Base + +## __Agents for Amazon Bedrock Runtime__ + - ### Features + - This release introduces a new Rerank API to leverage reranking models (with integration into Knowledge Bases); APIs to upload documents directly into Knowledge Base; RetrieveAndGenerateStream API for streaming response; Guardrails on Retrieve API; and ability to automatically generate filters + +## __Amazon Bedrock__ + - ### Features + - Add support for Knowledge Base Evaluations & LLM as a judge + +## __Amazon Chime SDK Voice__ + - ### Features + - This release adds supports for enterprises to integrate Amazon Connect with other voice systems. It supports directly transferring voice calls and metadata without using the public telephone network. It also supports real-time and post-call analytics. + +## __Amazon CloudWatch Logs__ + - ### Features + - Adds PutIntegration, GetIntegration, ListIntegrations and DeleteIntegration APIs. Adds QueryLanguage support to StartQuery, GetQueryResults, DescribeQueries, DescribeQueryDefinitions, and PutQueryDefinition APIs. + +## __Amazon Connect Customer Profiles__ + - ### Features + - This release introduces Event Trigger APIs as part of Amazon Connect Customer Profiles service. + +## __Amazon Connect Service__ + - ### Features + - Adds support for WhatsApp Business messaging, IVR call recording, enabling Contact Lens for existing on-premise contact centers and telephony platforms, and enabling telephony and IVR migration to Amazon Connect independent of their contact center agents. + +## __Amazon EC2 Container Service__ + - ### Features + - This release adds support for Container Insights with Enhanced Observability for Amazon ECS. + +## __Amazon Elastic Compute Cloud__ + - ### Features + - Adds support for declarative policies that allow you to enforce desired configuration across an AWS organization through configuring account attributes. Adds support for Allowed AMIs that allows you to limit the use of AMIs in AWS accounts. Adds support for connectivity over non-HTTP protocols. + +## __Amazon Elastic Kubernetes Service__ + - ### Features + - Added support for Auto Mode Clusters, Hybrid Nodes, and specifying computeTypes in the DescribeAddonVersions API. + +## __Amazon EventBridge__ + - ### Features + - Call private APIs by configuring Connections with VPC connectivity through PrivateLink and VPC Lattice + +## __Amazon FSx__ + - ### Features + - FSx API changes to support the public launch of the Amazon FSx Intelligent Tiering for OpenZFS storage class. + +## __Amazon GuardDuty__ + - ### Features + - Add new Multi Domain Correlation findings. + +## __Amazon MemoryDB__ + - ### Features + - Amazon MemoryDB SDK now supports all APIs for Multi-Region. Please refer to the updated Amazon MemoryDB public documentation for detailed information on API usage. + +## __Amazon OpenSearch Service__ + - ### Features + - This feature introduces support for CRUDL APIs, enabling the creation and management of Connected data sources. + +## __Amazon Q Connect__ + - ### Features + - This release adds following capabilities: Configuring safeguards via AIGuardrails for Q in Connect inferencing, and APIs to support Q&A self-service use cases + +## __Amazon Relational Database Service__ + - ### Features + - Amazon RDS supports CloudWatch Database Insights. You can use the SDK to create, modify, and describe the DatabaseInsightsMode for your DB instances and clusters. + +## __Amazon Simple Storage Service__ + - ### Features + - Amazon S3 introduces support for AWS Dedicated Local Zones + +## __Amazon VPC Lattice__ + - ### Features + - Lattice APIs that allow sharing and access of VPC resources across accounts. + +## __AmazonConnectCampaignServiceV2__ + - ### Features + - Amazon Connect Outbound Campaigns V2 / Features : Adds support for Event-Triggered Campaigns. + +## __EC2 Image Builder__ + - ### Features + - Added support for EC2 Image Builder's integration with AWS Marketplace for Marketplace components. + +## __Network Flow Monitor__ + - ### Features + - This release adds documentation for a new feature in Amazon CloudWatch called Network Flow Monitor. You can use Network Flow Monitor to get near real-time metrics, including retransmissions and data transferred, for your actual workloads. + +## __QBusiness__ + - ### Features + - Amazon Q Business now supports capabilities to extract insights and answer questions from visual elements embedded within documents, a browser extension for Google Chrome, Mozilla Firefox, and Microsoft Edge, and attachments across conversations. + +## __Security Incident Response__ + - ### Features + - AWS Security Incident Response is a purpose-built security incident solution designed to help customers prepare for, respond to, and recover from security incidents. + # __2.29.23__ __2024-11-27__ ## __AWS Config__ - ### Features diff --git a/README.md b/README.md index 487d613ee6f..965c5253a7e 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ To automatically manage module versions (currently all modules have the same ver