Returns details about your Config rules.
", "DescribeConfigurationAggregatorSourcesStatus": "Returns status information for sources within an aggregator. The status includes information about the last time Config verified authorization between the source account and an aggregator account. In case of a failure, the status contains the related error code or message.
", "DescribeConfigurationAggregators": "Returns the details of one or more configuration aggregators. If the configuration aggregator is not specified, this action returns the details for all the configuration aggregators associated with the account.
", - "DescribeConfigurationRecorderStatus": "Returns the current status of the specified configuration recorder as well as the status of the last recording event for the recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorders associated with the account.
Currently, you can specify only one configuration recorder per region in your account. For a detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics.
Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.
Currently, you can specify only one configuration recorder per region in your account.
Returns the current status of the specified configuration recorder as well as the status of the last recording event for the recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorders associated with the account.
>You can specify only one configuration recorder for each Amazon Web Services Region for each account. For a detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics.
Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.
You can specify only one configuration recorder for each Amazon Web Services Region for each account.
Returns compliance details for each rule in that conformance pack.
You must provide exact rule names.
Provides one or more conformance packs deployment status.
If there are no conformance packs then you will see an empty result.
Returns a list of one or more conformance packs.
", @@ -73,19 +73,19 @@ "PutAggregationAuthorization": "Authorizes the aggregator account and region to collect data from the source account and region.
PutAggregationAuthorization is an idempotent API. Subsequent requests won’t create a duplicate resource if one was already created. If a following request has different tags values, Config will ignore these differences and treat it as an idempotent request of the previous. In this case, tags will not be updated, even if they are different.
Adds or updates an Config rule to evaluate if your Amazon Web Services resources comply with your desired configurations. For information on how many Config rules you can have per account, see Service Limits in the Config Developer Guide.
There are two types of rules: Config Managed Rules and Config Custom Rules. You can use PutConfigRule to create both Config Managed Rules and Config Custom Rules.
Config Managed Rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config Managed Rules. If you are adding an Config managed rule, you must specify the rule's identifier for the SourceIdentifier key.
Config Custom Rules are rules that you create from scratch. There are two ways to create Config custom rules: with Lambda functions ( Lambda Developer Guide) and with Guard (Guard GitHub Repository), a policy-as-code language. Config custom rules created with Lambda are called Config Custom Lambda Rules and Config custom rules created with Guard are called Config Custom Policy Rules.
If you are adding a new Config Custom Lambda rule, you first need to create an Lambda function that the rule invokes to evaluate your resources. When you use PutConfigRule to add a Custom Lambda rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. You specify the ARN in the SourceIdentifier key. This key is part of the Source object, which is part of the ConfigRule object.
For any new Config rule that you add, specify the ConfigRuleName in the ConfigRule object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are generated by Config for new rules.
If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName, ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in this request.
For more information about developing and using Config rules, see Evaluating Resources with Config Rules in the Config Developer Guide.
PutConfigRule is an idempotent API. Subsequent requests won’t create a duplicate resource if one was already created. If a following request has different tags values, Config will ignore these differences and treat it as an idempotent request of the previous. In this case, tags will not be updated, even if they are different.
Creates and updates the configuration aggregator with the selected source accounts and regions. The source account can be individual account(s) or an organization.
accountIds that are passed will be replaced with existing accounts. If you want to add additional accounts into the aggregator, call DescribeConfigurationAggregators to get the previous accounts and then append new ones.
Config should be enabled in source accounts and regions you want to aggregate.
If your source type is an organization, you must be signed in to the management account or a registered delegated administrator and all the features must be enabled in your organization. If the caller is a management account, Config calls EnableAwsServiceAccess API to enable integration between Config and Organizations. If the caller is a registered delegated administrator, Config calls ListDelegatedAdministrators API to verify whether the caller is a valid delegated administrator.
To register a delegated administrator, see Register a Delegated Administrator in the Config developer guide.
PutConfigurationAggregator is an idempotent API. Subsequent requests won’t create a duplicate resource if one was already created. If a following request has different tags values, Config will ignore these differences and treat it as an idempotent request of the previous. In this case, tags will not be updated, even if they are different.
Creates a new configuration recorder to record the selected resource configurations.
You can use this action to change the role roleARN or the recordingGroup of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.
Currently, you can specify only one configuration recorder per region in your account.
If ConfigurationRecorder does not have the recordingGroup parameter specified, the default is to record all supported resource types.
Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily deployed in an account and a region and across an organization. For information on how many conformance packs you can have per account, see Service Limits in the Config Developer Guide.
This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The service-linked role is created only when the role does not exist in your account.
You must specify only one of the follow parameters: TemplateS3Uri, TemplateBody or TemplateSSMDocumentDetails.
Creates a new configuration recorder to record configuration changes for specified resource types.
You can also use this action to change the roleARN or the recordingGroup of an existing recorder. For more information, see Managing the Configuration Recorder in the Config Developer Guide.
You can specify only one configuration recorder for each Amazon Web Services Region for each account.
If the configuration recorder does not have the recordingGroup field specified, the default is to record all supported resource types.
Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily deployed in an account and a region and across an organization. For information on how many conformance packs you can have per account, see Service Limits in the Config Developer Guide.
This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The service-linked role is created only when the role does not exist in your account.
You must specify only one of the follow parameters: TemplateS3Uri, TemplateBody or TemplateSSMDocumentDetails.
Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.
Before you can create a delivery channel, you must create a configuration recorder.
You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.
You can have only one delivery channel per region in your account.
Used by an Lambda function to deliver evaluation results to Config. This action is required in every Lambda function that is invoked by an Config rule.
", "PutExternalEvaluation": "Add or updates the evaluations for process checks. This API checks if the rule is a process check when the name of the Config rule is provided.
", "PutOrganizationConfigRule": "Adds or updates an Config rule for your entire organization to evaluate if your Amazon Web Services resources comply with your desired configurations. For information on how many organization Config rules you can have per account, see Service Limits in the Config Developer Guide.
Only a management account and a delegated administrator can create or update an organization Config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated administrators.
This API enables organization service access through the EnableAWSServiceAccess action and creates a service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. Config verifies the existence of role with GetRole action.
To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegated-administrator for config-multiaccountsetup.amazonaws.com.
There are two types of rules: Config Managed Rules and Config Custom Rules. You can use PutOrganizationConfigRule to create both Config Managed Rules and Config Custom Rules.
Config Managed Rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config Managed Rules. If you are adding an Config managed rule, you must specify the rule's identifier for the RuleIdentifier key.
Config Custom Rules are rules that you create from scratch. There are two ways to create Config custom rules: with Lambda functions ( Lambda Developer Guide) and with Guard (Guard GitHub Repository), a policy-as-code language. Config custom rules created with Lambda are called Config Custom Lambda Rules and Config custom rules created with Guard are called Config Custom Policy Rules.
If you are adding a new Config Custom Lambda rule, you first need to create an Lambda function in the management account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed account that can be assumed by the Lambda function. When you use PutOrganizationConfigRule to add a Custom Lambda rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function.
Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
Make sure to specify one of either OrganizationCustomPolicyRuleMetadata for Custom Policy rules, OrganizationCustomRuleMetadata for Custom Lambda rules, or OrganizationManagedRuleMetadata for managed rules.
Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how many organization conformance packs and how many Config rules you can have per account, see Service Limits in the Config Developer Guide.
Only a management account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated administrators.
This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.
Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.
Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.
Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how many organization conformance packs and how many Config rules you can have per account, see Service Limits in the Config Developer Guide.
Only a management account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated administrators.
This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.
Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.
Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.
Adds or updates the remediation configuration with a specific Config rule with the selected target or action. The API creates the RemediationConfiguration object for the Config rule. The Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target.
If you make backward incompatible changes to the SSM document, you must call this again to ensure the remediations can run.
This API does not support adding remediation configurations for service-linked Config Rules such as Organization Config rules, the rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub.
For manual remediation configuration, you need to provide a value for automationAssumeRole or use a value in the assumeRolefield to remediate your resources. The SSM automation document can use either as long as it maps to a valid parameter.
However, for automatic remediation configuration, the only valid assumeRole field value is AutomationAssumeRole and you need to provide a value for AutomationAssumeRole to remediate your resources.
A remediation exception is when a specified resource is no longer considered for auto-remediation. This API adds a new exception or updates an existing exception for a specified resource with a specified Config rule.
Config generates a remediation exception when a problem occurs running a remediation action for a specified resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
When placing an exception on an Amazon Web Services resource, it is recommended that remediation is set as manual remediation until the given Config rule for the specified resource evaluates the resource as NON_COMPLIANT. Once the resource has been evaluated as NON_COMPLIANT, you can add remediation exceptions and change the remediation type back from Manual to Auto if you want to use auto-remediation. Otherwise, using auto-remediation before a NON_COMPLIANT evaluation result can delete resources before the exception is applied.
Placing an exception can only be performed on resources that are NON_COMPLIANT. If you use this API for COMPLIANT resources or resources that are NOT_APPLICABLE, a remediation exception will not be generated. For more information on the conditions that initiate the possible Config evaluation results, see Concepts | Config Rules in the Config Developer Guide.
A remediation exception is when a specified resource is no longer considered for auto-remediation. This API adds a new exception or updates an existing exception for a specified resource with a specified Config rule.
Config generates a remediation exception when a problem occurs running a remediation action for a specified resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
When placing an exception on an Amazon Web Services resource, it is recommended that remediation is set as manual remediation until the given Config rule for the specified resource evaluates the resource as NON_COMPLIANT. Once the resource has been evaluated as NON_COMPLIANT, you can add remediation exceptions and change the remediation type back from Manual to Auto if you want to use auto-remediation. Otherwise, using auto-remediation before a NON_COMPLIANT evaluation result can delete resources before the exception is applied.
Placing an exception can only be performed on resources that are NON_COMPLIANT. If you use this API for COMPLIANT resources or resources that are NOT_APPLICABLE, a remediation exception will not be generated. For more information on the conditions that initiate the possible Config evaluation results, see Concepts | Config Rules in the Config Developer Guide.
Records the configuration state for the resource provided in the request. The configuration state of a resource is represented in Config as Configuration Items. Once this API records the configuration item, you can retrieve the list of configuration items for the custom resource type using existing Config APIs.
The custom resource type must be registered with CloudFormation. This API accepts the configuration item registered with CloudFormation.
When you call this API, Config only stores configuration state of the resource provided in the request. This API does not change or remediate the configuration of the resource.
Write-only schema properites are not recorded as part of the published configuration item.
Creates and updates the retention configuration with details about retention period (number of days) that Config stores your historical information. The API creates the RetentionConfiguration object and names the object as default. When you have a RetentionConfiguration object named default, calling the API modifies the default object.
Currently, Config supports only one retention configuration per region in your account.
Saves a new query or updates an existing saved query. The QueryName must be unique for a single Amazon Web Services account and a single Amazon Web Services Region. You can create upto 300 queries in a single Amazon Web Services account and a single Amazon Web Services Region.
PutStoredQuery is an idempotent API. Subsequent requests won’t create a duplicate resource if one was already created. If a following request has different tags values, Config will ignore these differences and treat it as an idempotent request of the previous. In this case, tags will not be updated, even if they are different.
Accepts a structured query language (SQL) SELECT command and an aggregator to query configuration state of Amazon Web Services resources across multiple accounts and regions, performs the corresponding search, and returns resource configurations matching the properties.
For more information about query components, see the Query Components section in the Config Developer Guide.
If you run an aggregation query (i.e., using GROUP BY or using aggregate functions such as COUNT; e.g., SELECT resourceId, COUNT(*) WHERE resourceType = 'AWS::IAM::Role' GROUP BY resourceId) and do not specify the MaxResults or the Limit query parameters, the default page size is set to 500.
If you run a non-aggregation query (i.e., not using GROUP BY or aggregate function; e.g., SELECT * WHERE resourceType = 'AWS::IAM::Role') and do not specify the MaxResults or the Limit query parameters, the default page size is set to 25.
Accepts a structured query language (SQL) SELECT command and an aggregator to query configuration state of Amazon Web Services resources across multiple accounts and regions, performs the corresponding search, and returns resource configurations matching the properties.
For more information about query components, see the Query Components section in the Config Developer Guide.
If you run an aggregation query (i.e., using GROUP BY or using aggregate functions such as COUNT; e.g., SELECT resourceId, COUNT(*) WHERE resourceType = 'AWS::IAM::Role' GROUP BY resourceId) and do not specify the MaxResults or the Limit query parameters, the default page size is set to 500.
If you run a non-aggregation query (i.e., not using GROUP BY or aggregate function; e.g., SELECT * WHERE resourceType = 'AWS::IAM::Role') and do not specify the MaxResults or the Limit query parameters, the default page size is set to 25.
Accepts a structured query language (SQL) SELECT command, performs the corresponding search, and returns resource configurations matching the properties.
For more information about query components, see the Query Components section in the Config Developer Guide.
", "StartConfigRulesEvaluation": "Runs an on-demand evaluation for the specified Config rules against the last known configuration state of the resources. Use StartConfigRulesEvaluation when you want to test that a rule you updated is working as expected. StartConfigRulesEvaluation does not re-record the latest configuration state for your resources. It re-runs an evaluation against the last known state of your resources.
You can specify up to 25 Config rules per request.
An existing StartConfigRulesEvaluation call for the specified rules must complete before you can call the API again. If you chose to have Config stream to an Amazon SNS topic, you will receive a ConfigRuleEvaluationStarted notification when the evaluation starts.
You don't need to call the StartConfigRulesEvaluation API to run an evaluation for a new rule. When you create a rule, Config evaluates your resources against the rule automatically.
The StartConfigRulesEvaluation API is useful if you want to run on-demand evaluations, such as the following example:
You have a custom rule that evaluates your IAM resources every 24 hours.
You update your Lambda function to add additional conditions to your rule.
Instead of waiting for the next periodic evaluation, you call the StartConfigRulesEvaluation API.
Config invokes your Lambda function and evaluates your IAM resources.
Your custom rule will still run periodic evaluations every 24 hours.
Starts recording configurations of the Amazon Web Services resources you have selected to record in your Amazon Web Services account.
You must have created at least one delivery channel to successfully start the configuration recorder.
", @@ -305,7 +305,7 @@ "AllSupported": { "base": null, "refs": { - "RecordingGroup$allSupported": "Specifies whether Config records configuration changes for every supported type of regional resource.
If you set this option to true, when Config adds support for a new type of regional resource, it starts recording resources of that type automatically.
If you set this option to true, you cannot enumerate a list of resourceTypes.
Specifies whether Config records configuration changes for all supported regional resource types.
If you set this field to true, when Config adds support for a new type of regional resource, Config starts recording resources of that type automatically.
If you set this field to true, you cannot enumerate specific resource types to record in the resourceTypes field of RecordingGroup, or to exclude in the resourceTypes field of ExclusionByResourceTypes.
An object that represents the recording of configuration changes of an Amazon Web Services resource.
", + "base": "Records configuration changes to specified resource types. For more information about the configuration recorder, see Managing the Configuration Recorder in the Config Developer Guide.
", "refs": { "ConfigurationRecorderList$member": null, - "PutConfigurationRecorderRequest$ConfigurationRecorder": "The configuration recorder object that records each configuration change made to the resources.
" + "PutConfigurationRecorderRequest$ConfigurationRecorder": "An object for the configuration recorder to record configuration changes for specified resource types.
" } }, "ConfigurationRecorderList": { @@ -1272,9 +1272,9 @@ } }, "DescribeConfigRulesFilters": { - "base": "Returns a filtered list of Detective or Proactive Config rules. By default, if the filter is not defined, this API returns an unfiltered list. For more information on Detective or Proactive Config rules, see Evaluation Mode in the Config Developer Guide.
", + "base": "Returns a filtered list of Detective or Proactive Config rules. By default, if the filter is not defined, this API returns an unfiltered list. For more information on Detective or Proactive Config rules, see Evaluation Mode in the Config Developer Guide.
", "refs": { - "DescribeConfigRulesRequest$Filters": "Returns a list of Detective or Proactive Config rules. By default, this API returns an unfiltered list. For more information on Detective or Proactive Config rules, see Evaluation Mode in the Config Developer Guide.
" + "DescribeConfigRulesRequest$Filters": "Returns a list of Detective or Proactive Config rules. By default, this API returns an unfiltered list. For more information on Detective or Proactive Config rules, see Evaluation Mode in the Config Developer Guide.
" } }, "DescribeConfigRulesRequest": { @@ -1608,6 +1608,12 @@ "PutOrganizationConformancePackRequest$ExcludedAccounts": "A list of Amazon Web Services accounts to be excluded from an organization conformance pack while deploying a conformance pack.
" } }, + "ExclusionByResourceTypes": { + "base": "Specifies whether the configuration recorder excludes resource types from being recorded. Use the resourceTypes field to enter a comma-separated list of resource types to exclude as exemptions.
An object that specifies how Config excludes resource types from being recorded by the configuration recorder.
To use this option, you must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
The controls that Config uses for executing remediations.
", "refs": { @@ -1900,7 +1906,7 @@ "IncludeGlobalResourceTypes": { "base": null, "refs": { - "RecordingGroup$includeGlobalResourceTypes": "Specifies whether Config includes all supported types of global resources (for example, IAM resources) with the resources that it records.
Before you can set this option to true, you must set the allSupported option to true.
If you set this option to true, when Config adds support for a new type of global resource, it starts recording resources of that type automatically.
The configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing Config in only one region to record global resources.
" + "RecordingGroup$includeGlobalResourceTypes": "Specifies whether Config records configuration changes for all supported global resources.
Before you set this field to true, set the allSupported field of RecordingGroup to true. Optionally, you can set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES.
If you set this field to true, when Config adds support for a new type of global resource in the Region where you set up the configuration recorder, Config starts recording resources of that type automatically.
If you set this field to false but list global resource types in the resourceTypes field of RecordingGroup, Config will still record configuration changes for those specified resource types regardless of if you set the includeGlobalResourceTypes field to false.
If you do not want to record configuration changes to global resource types, make sure to not list them in the resourceTypes field in addition to setting the includeGlobalResourceTypes field to false.
You have provided a configuration recorder name that is not valid.
", + "base": "You have provided a name for the configuration recorder that is not valid.
", "refs": { } }, @@ -1955,7 +1961,7 @@ } }, "InvalidRecordingGroupException": { - "base": "Config throws an exception if the recording group does not contain a valid list of resource types. Values that are not valid might also be incorrectly formatted.
", + "base": "Indicates one of the following errors:
You have provided a combination of parameter values that is not valid. For example:
Setting the allSupported field of RecordingGroup to true, but providing a non-empty list for the resourceTypesfield of RecordingGroup.
Setting the allSupported field of RecordingGroup to true, but also setting the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
Every parameter is either null, false, or empty.
You have reached the limit of the number of resource types you can provide for the recording group.
You have provided resource types or a recording strategy that are not valid.
You have provided a null or empty role ARN.
", + "base": "You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by Config and used by the configuration recorder.
", "refs": { } }, @@ -2121,12 +2127,12 @@ } }, "MaxNumberOfConfigurationRecordersExceededException": { - "base": "You have reached the limit of the number of recorders you can create.
", + "base": "You have reached the limit of the number of configuration recorders you can create.
", "refs": { } }, "MaxNumberOfConformancePacksExceededException": { - "base": "You have reached the limit of the number of conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.
", + "base": "You have reached the limit of the number of conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.
", "refs": { } }, @@ -2136,12 +2142,12 @@ } }, "MaxNumberOfOrganizationConfigRulesExceededException": { - "base": "You have reached the limit of the number of organization Config rules you can create. For more information, see see Service Limits in the Config Developer Guide.
", + "base": "You have reached the limit of the number of organization Config rules you can create. For more information, see see Service Limits in the Config Developer Guide.
", "refs": { } }, "MaxNumberOfOrganizationConformancePacksExceededException": { - "base": "You have reached the limit of the number of organization conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.
", + "base": "You have reached the limit of the number of organization conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.
", "refs": { } }, @@ -2479,20 +2485,20 @@ } }, "OrganizationCustomPolicyRuleMetadataNoPolicy": { - "base": "An object that specifies metadata for your organization Config Custom Policy rule including the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that trigger Config to evaluate Amazon Web Services resources against a rule.
", + "base": "metadata for your organization Config Custom Policy rule including the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that trigger Config to evaluate Amazon Web Services resources against a rule.
", "refs": { "OrganizationConfigRule$OrganizationCustomPolicyRuleMetadata": "An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
" } }, "OrganizationCustomRuleMetadata": { - "base": "An object that specifies organization custom rule metadata such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
", + "base": "organization custom rule metadata such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
", "refs": { "OrganizationConfigRule$OrganizationCustomRuleMetadata": "An OrganizationCustomRuleMetadata object.
An OrganizationCustomRuleMetadata object. This object specifies organization custom rule metadata such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
An object that specifies organization managed rule metadata such as resource type and ID of Amazon Web Services resource along with the rule identifier. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
", + "base": "organization managed rule metadata such as resource type and ID of Amazon Web Services resource along with the rule identifier. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
", "refs": { "OrganizationConfigRule$OrganizationManagedRuleMetadata": "An OrganizationManagedRuleMetadata object.
An OrganizationManagedRuleMetadata object. This object specifies organization managed rule metadata such as resource type and ID of Amazon Web Services resource along with the rule identifier. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
The name of the recorder. By default, Config automatically assigns the name \"default\" when creating the configuration recorder. You cannot change the assigned name.
", + "ConfigurationRecorder$name": "The name of the configuration recorder. Config automatically assigns the name of \"default\" when creating the configuration recorder.
You cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.
", "ConfigurationRecorderNameList$member": null, "DeleteConfigurationRecorderRequest$ConfigurationRecorderName": "The name of the configuration recorder to be deleted. You can retrieve the name of your configuration recorder by using the DescribeConfigurationRecorders action.
The name of the recorder object that records each configuration change made to the resources.
", @@ -2782,9 +2788,21 @@ } }, "RecordingGroup": { - "base": "Specifies which Amazon Web Services resource types Config records for configuration changes. In the recording group, you specify whether you want to record all supported resource types or only specific types of resources.
By default, Config records the configuration changes for all supported types of regional resources that Config discovers in the region in which it is running. Regional resources are tied to a region and can be used only in that region. Examples of regional resources are EC2 instances and EBS volumes.
You can also have Config record supported types of global resources. Global resources are not tied to a specific region and can be used in all regions. The global resource types that Config supports include IAM users, groups, roles, and customer managed policies.
Global resource types onboarded to Config recording after February 2022 will only be recorded in the service's home region for the commercial partition and Amazon Web Services GovCloud (US) West for the GovCloud partition. You can view the Configuration Items for these new global resource types only in their home region and Amazon Web Services GovCloud (US) West.
Supported global resource types onboarded before February 2022 such as AWS::IAM::Group, AWS::IAM::Policy, AWS::IAM::Role, AWS::IAM::User remain unchanged, and they will continue to deliver Configuration Items in all supported regions in Config. The change will only affect new global resource types onboarded after February 2022.
To record global resource types onboarded after February 2022, enable All Supported Resource Types in the home region of the global resource type you want to record.
If you don't want Config to record all resources, you can specify which types of resources it will record with the resourceTypes parameter.
For a list of supported resource types, see Supported Resource Types.
For more information and a table of the Home Regions for Global Resource Types Onboarded after February 2022, see Selecting Which Resources Config Records.
", + "base": "Specifies which resource types Config records for configuration changes. In the recording group, you specify whether you want to record all supported resource types or to include or exclude specific types of resources.
By default, Config records configuration changes for all supported types of Regional resources that Config discovers in the Amazon Web Services Region in which it is running. Regional resources are tied to a Region and can be used only in that Region. Examples of Regional resources are Amazon EC2 instances and Amazon EBS volumes.
You can also have Config record supported types of global resources. Global resources are not tied to a specific Region and can be used in all Regions. The global resource types that Config supports include IAM users, groups, roles, and customer managed policies.
Global resource types onboarded to Config recording after February 2022 will be recorded only in the service's home Region for the commercial partition and Amazon Web Services GovCloud (US-West) for the Amazon Web Services GovCloud (US) partition. You can view the Configuration Items for these new global resource types only in their home Region and Amazon Web Services GovCloud (US-West).
If you don't want Config to record all resources, you can specify which types of resources Config records with the resourceTypes parameter.
For a list of supported resource types, see Supported Resource Types in the Config developer guide.
For more information and a table of the Home Regions for Global Resource Types Onboarded after February 2022, see Selecting Which Resources Config Records in the Config developer guide.
", + "refs": { + "ConfigurationRecorder$recordingGroup": "Specifies which resource types Config records for configuration changes.
High Number of Config Evaluations
You may notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the initial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected for Config to record.
If you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these temporary resources. An ephemeral workload is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling. If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with Config turned off to avoid increased configuration recording and rule evaluations.
Specifies the recording strategy of the configuration recorder.
", + "refs": { + "RecordingGroup$recordingStrategy": "An object that specifies the recording strategy for the configuration recorder.
If you set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported regional resource types. You also must set the allSupported field of RecordingGroup to true. When Config adds support for a new type of regional resource, Config automatically starts recording resources of that type.
If you set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types you specify in the resourceTypes field of RecordingGroup.
If you set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types except the resource types that you specify as exemptions to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.
The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the resourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exemptions in the resourceTypes field of exclusionByResourceTypes.
By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically.
Specifies the types of Amazon Web Services resources for which Config records configuration changes.
" + "RecordingStrategy$useOnly": "The recording strategy for the configuration recorder.
If you set this option to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported regional resource types. You also must set the allSupported field of RecordingGroup to true.
When Config adds support for a new type of regional resource, Config automatically starts recording resources of that type. For a list of supported resource types, see Supported Resource Types in the Config developer guide.
If you set this option to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types that you specify in the resourceTypes field of RecordingGroup.
If you set this option to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types, except the resource types that you specify as exemptions to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.
The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the resourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exemptions in the resourceTypes field of exclusionByResourceTypes.
By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically.
A comma-separated list that specifies the types of Amazon Web Services resources for which Config records configuration changes (for example, AWS::EC2::Instance or AWS::CloudTrail::Trail).
To record all configuration changes, you must set the allSupported option to true.
If you set the AllSupported option to false and populate the ResourceTypes option with values, when Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.
For a list of valid resourceTypes values, see the resourceType Value column in Supported Amazon Web Services resource Types.
A comma-separated list of resource types to exclude from recording by the configuration recorder.
", + "RecordingGroup$resourceTypes": "A comma-separated list that specifies which resource types Config records.
Optionally, you can set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES.
To record all configuration changes, set the allSupported field of RecordingGroup to true, and either omit this field or don't specify any resource types in this field. If you set the allSupported field to false and specify values for resourceTypes, when Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.
For a list of valid resourceTypes values, see the Resource Type Value column in Supported Amazon Web Services resource Types in the Config developer guide.
Region Availability
Before specifying a resource type for Config to track, check Resource Coverage by Region Availability to see if the resource type is supported in the Amazon Web Services Region where you set up Config. If a resource type is supported by Config in at least one Region, you can enable the recording of that resource type in all Regions supported by Config, even if the specified resource type is not supported in the Amazon Web Services Region where you set up Config.
The reason Config was not able to deliver a debug log. This is for the last failed attempt to retrieve a debug log for your Config Custom Policy rules.
", "ConfigStreamDeliveryInfo$lastErrorCode": "The error code from the last attempted delivery.
", "ConfigStreamDeliveryInfo$lastErrorMessage": "The error message from the last attempted delivery.
", - "ConfigurationRecorder$roleARN": "Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web Services resources associated with the account.
While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.
Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the configuration recorder.
While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.
Pre-existing Config role
If you have used an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an Config role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the already created Config role. You must do this so that the other Amazon Web Services service continues to run as expected.
For example, if Control Tower has an IAM role that allows Config to read Amazon Simple Storage Service (Amazon S3) objects, make sure that the same permissions are granted within the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates. For more information about IAM roles for Config, see Identity and Access Management for Config in the Config Developer Guide.
The name of the configuration recorder.
", "ConfigurationRecorderStatus$lastErrorCode": "The latest error code from when the recorder last failed.
", "ConfigurationRecorderStatus$lastErrorMessage": "The latest error message from when the recorder last failed.
", @@ -3681,7 +3700,7 @@ } }, "TooManyTagsException": { - "base": "You have reached the limit of the number of tags you can use. For more information, see Service Limits in the Config Developer Guide.
", + "base": "You have reached the limit of the number of tags you can use. For more information, see Service Limits in the Config Developer Guide.
", "refs": { } }, diff --git a/models/apis/frauddetector/2019-11-15/api-2.json b/models/apis/frauddetector/2019-11-15/api-2.json index 30700798b49..225251cc08b 100644 --- a/models/apis/frauddetector/2019-11-15/api-2.json +++ b/models/apis/frauddetector/2019-11-15/api-2.json @@ -2002,6 +2002,13 @@ "DISABLED" ] }, + "EventOrchestration":{ + "type":"structure", + "required":["eventBridgeEnabled"], + "members":{ + "eventBridgeEnabled":{"shape":"Boolean"} + } + }, "EventPredictionSummary":{ "type":"structure", "members":{ @@ -2031,7 +2038,8 @@ "ingestedEventStatistics":{"shape":"IngestedEventStatistics"}, "lastUpdatedTime":{"shape":"time"}, "createdTime":{"shape":"time"}, - "arn":{"shape":"fraudDetectorArn"} + "arn":{"shape":"fraudDetectorArn"}, + "eventOrchestration":{"shape":"EventOrchestration"} }, "sensitive":true }, @@ -2956,7 +2964,8 @@ "labels":{"shape":"ListOfStrings"}, "entityTypes":{"shape":"NonEmptyListOfStrings"}, "eventIngestion":{"shape":"EventIngestion"}, - "tags":{"shape":"tagList"} + "tags":{"shape":"tagList"}, + "eventOrchestration":{"shape":"EventOrchestration"} } }, "PutEventTypeResult":{ diff --git a/models/apis/frauddetector/2019-11-15/docs-2.json b/models/apis/frauddetector/2019-11-15/docs-2.json index f582a5957bb..670a95558ff 100644 --- a/models/apis/frauddetector/2019-11-15/docs-2.json +++ b/models/apis/frauddetector/2019-11-15/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "This is the Amazon Fraud Detector API Reference. This guide is for developers who need detailed information about Amazon Fraud Detector API actions, data types, and errors. For more information about Amazon Fraud Detector features, see the Amazon Fraud Detector User Guide.
We provide the Query API as well as AWS software development kits (SDK) for Amazon Fraud Detector in Java and Python programming languages.
The Amazon Fraud Detector Query API provides HTTPS requests that use the HTTP verb GET or POST and a Query parameter Action. AWS SDK provides libraries, sample code, tutorials, and other resources for software developers who prefer to build applications using language-specific APIs instead of submitting a request over HTTP or HTTPS. These libraries provide basic functions that automatically take care of tasks such as cryptographically signing your requests, retrying requests, and handling error responses, so that it is easier for you to get started. For more information about the AWS SDKs, see Tools to build on AWS.
This is the Amazon Fraud Detector API Reference. This guide is for developers who need detailed information about Amazon Fraud Detector API actions, data types, and errors. For more information about Amazon Fraud Detector features, see the Amazon Fraud Detector User Guide.
We provide the Query API as well as AWS software development kits (SDK) for Amazon Fraud Detector in Java and Python programming languages.
The Amazon Fraud Detector Query API provides HTTPS requests that use the HTTP verb GET or POST and a Query parameter Action. AWS SDK provides libraries, sample code, tutorials, and other resources for software developers who prefer to build applications using language-specific APIs instead of submitting a request over HTTP or HTTPS. These libraries provide basic functions that automatically take care of tasks such as cryptographically signing your requests, retrying requests, and handling error responses, so that it is easier for you to get started. For more information about the AWS SDKs, go to Tools to build on AWS page, scroll down to the SDK section, and choose plus (+) sign to expand the section.
Creates a batch of variables.
", "BatchGetVariable": "Gets a batch of variables.
", @@ -217,7 +217,8 @@ "refs": { "EvaluatedExternalModel$useEventVariables": "Indicates whether event variables were used to generate predictions.
", "EvaluatedRule$evaluated": "Indicates whether the rule was evaluated.
", - "EvaluatedRule$matched": "Indicates whether the rule matched.
" + "EvaluatedRule$matched": "Indicates whether the rule matched.
", + "EventOrchestration$eventBridgeEnabled": "Specifies if event orchestration is enabled through Amazon EventBridge.
" } }, "CancelBatchImportJobRequest": { @@ -649,7 +650,14 @@ "base": null, "refs": { "EventType$eventIngestion": "If Enabled, Amazon Fraud Detector stores event data when you generate a prediction and uses that data to update calculated variables in near real-time. Amazon Fraud Detector uses this data, known as INGESTED_EVENTS, to train your model and improve fraud predictions.
Specifies if ingenstion is enabled or disabled.
" + "PutEventTypeRequest$eventIngestion": "Specifies if ingestion is enabled or disabled.
" + } + }, + "EventOrchestration": { + "base": "The event orchestration status.
", + "refs": { + "EventType$eventOrchestration": "The event orchestration status.
", + "PutEventTypeRequest$eventOrchestration": "Enables or disables event orchestration. If enabled, you can send event predictions to select AWS services for downstream processing of the events.
" } }, "EventPredictionSummary": { @@ -1606,7 +1614,7 @@ "UnlabeledEventsTreatment": { "base": null, "refs": { - "LabelSchema$unlabeledEventsTreatment": "The action to take for unlabeled events.
Use IGNORE if you want the unlabeled events to be ignored. This is recommended when the majority of the events in the dataset are labeled.
Use FRAUD if you want to categorize all unlabeled events as “Fraud”. This is recommended when most of the events in your dataset are fraudulent.
Use LEGIT f you want to categorize all unlabeled events as “Legit”. This is recommended when most of the events in your dataset are legitimate.
Use AUTO if you want Amazon Fraud Detector to decide how to use the unlabeled data. This is recommended when there is significant unlabeled events in the dataset.
By default, Amazon Fraud Detector ignores the unlabeled data.
" + "LabelSchema$unlabeledEventsTreatment": "The action to take for unlabeled events.
Use IGNORE if you want the unlabeled events to be ignored. This is recommended when the majority of the events in the dataset are labeled.
Use FRAUD if you want to categorize all unlabeled events as “Fraud”. This is recommended when most of the events in your dataset are fraudulent.
Use LEGIT if you want to categorize all unlabeled events as “Legit”. This is recommended when most of the events in your dataset are legitimate.
Use AUTO if you want Amazon Fraud Detector to decide how to use the unlabeled data. This is recommended when there is significant unlabeled events in the dataset.
By default, Amazon Fraud Detector ignores the unlabeled data.
" } }, "UntagResourceRequest": { @@ -1926,7 +1934,7 @@ "TFIModelPerformance$auc": "The area under the curve (auc). This summarizes the total positive rate (tpr) and false positive rate (FPR) across all possible model score thresholds.
", "TrainingMetrics$auc": "The area under the curve. This summarizes true positive rate (TPR) and false positive rate (FPR) across all possible model score thresholds. A model with no predictive power has an AUC of 0.5, whereas a perfect model has a score of 1.0.
", "UncertaintyRange$lowerBoundValue": "The lower bound value of the area under curve (auc).
", - "UncertaintyRange$upperBoundValue": "The lower bound value of the area under curve (auc).
", + "UncertaintyRange$upperBoundValue": "The upper bound value of the area under curve (auc).
", "VariableImpactExplanation$logOddsImpact": "The raw, uninterpreted value represented as log-odds of the fraud. These values are usually between -10 to +10, but range from - infinity to + infinity.
A positive value indicates that the variable drove the risk score up.
A negative value indicates that the variable drove the risk score down.
A collection of key and value pairs.
", "PutEventTypeRequest$tags": "A collection of key and value pairs.
", "PutExternalModelRequest$tags": "A collection of key and value pairs.
", - "PutLabelRequest$tags": "", + "PutLabelRequest$tags": "A collection of key and value pairs.
", "PutOutcomeRequest$tags": "A collection of key and value pairs.
", "TagResourceRequest$tags": "The tags to assign to the resource.
", "UpdateModelVersionRequest$tags": "A collection of key and value pairs.
", diff --git a/models/apis/frauddetector/2019-11-15/endpoint-tests-1.json b/models/apis/frauddetector/2019-11-15/endpoint-tests-1.json index 5b98ea5ac79..9c96f885c7e 100644 --- a/models/apis/frauddetector/2019-11-15/endpoint-tests-1.json +++ b/models/apis/frauddetector/2019-11-15/endpoint-tests-1.json @@ -9,8 +9,8 @@ }, "params": { "Region": "ap-southeast-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -22,8 +22,8 @@ }, "params": { "Region": "ap-southeast-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -35,8 +35,8 @@ }, "params": { "Region": "eu-west-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -48,8 +48,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -61,8 +61,8 @@ }, "params": { "Region": "us-east-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -74,8 +74,8 @@ }, "params": { "Region": "us-west-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -87,8 +87,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -100,8 +100,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -113,8 +113,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -126,8 +126,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -139,8 +139,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -152,8 +152,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -165,8 +165,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -178,8 +178,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -191,8 +191,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -204,8 +204,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -217,8 +217,19 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { @@ -230,8 +241,19 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { @@ -243,8 +265,19 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { @@ -256,8 +289,19 @@ }, "params": { "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { @@ -269,8 +313,8 @@ }, "params": { "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -282,8 +326,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -295,8 +339,8 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -307,8 +351,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -319,10 +363,16 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/apis/healthlake/2017-07-01/api-2.json b/models/apis/healthlake/2017-07-01/api-2.json index 31d96ef19c6..6939b0169ac 100644 --- a/models/apis/healthlake/2017-07-01/api-2.json +++ b/models/apis/healthlake/2017-07-01/api-2.json @@ -223,6 +223,14 @@ "min":1, "pattern":"^arn:aws((-us-gov)|(-iso)|(-iso-b)|(-cn))?:healthlake:[a-z0-9-]+:\\d{12}:datastore\\/fhir\\/.{32}" }, + "AuthorizationStrategy":{ + "type":"string", + "enum":[ + "SMART_ON_FHIR_V1", + "AWS_AUTH" + ] + }, + "Boolean":{"type":"boolean"}, "BoundedLengthString":{ "type":"string", "max":5000, @@ -242,6 +250,7 @@ "AWS_OWNED_KMS_KEY" ] }, + "ConfigurationMetadata":{"type":"string"}, "ConflictException":{ "type":"structure", "members":{ @@ -261,7 +270,8 @@ "shape":"ClientTokenString", "idempotencyToken":true }, - "Tags":{"shape":"TagList"} + "Tags":{"shape":"TagList"}, + "IdentityProviderConfiguration":{"shape":"IdentityProviderConfiguration"} } }, "CreateFHIRDatastoreResponse":{ @@ -322,7 +332,8 @@ "DatastoreTypeVersion":{"shape":"FHIRVersion"}, "DatastoreEndpoint":{"shape":"String"}, "SseConfiguration":{"shape":"SseConfiguration"}, - "PreloadDataConfig":{"shape":"PreloadDataConfig"} + "PreloadDataConfig":{"shape":"PreloadDataConfig"}, + "IdentityProviderConfiguration":{"shape":"IdentityProviderConfiguration"} } }, "DatastorePropertiesList":{ @@ -340,6 +351,7 @@ }, "DeleteFHIRDatastoreRequest":{ "type":"structure", + "required":["DatastoreId"], "members":{ "DatastoreId":{"shape":"DatastoreId"} } @@ -361,6 +373,7 @@ }, "DescribeFHIRDatastoreRequest":{ "type":"structure", + "required":["DatastoreId"], "members":{ "DatastoreId":{"shape":"DatastoreId"} } @@ -449,6 +462,16 @@ "min":20, "pattern":"arn:aws(-[^:]+)?:iam::[0-9]{12}:role/.+" }, + "IdentityProviderConfiguration":{ + "type":"structure", + "required":["AuthorizationStrategy"], + "members":{ + "AuthorizationStrategy":{"shape":"AuthorizationStrategy"}, + "FineGrainedAuthorizationEnabled":{"shape":"Boolean"}, + "Metadata":{"shape":"ConfigurationMetadata"}, + "IdpLambdaArn":{"shape":"LambdaArn"} + } + }, "ImportJobProperties":{ "type":"structure", "required":[ @@ -509,7 +532,11 @@ "IN_PROGRESS", "COMPLETED_WITH_ERRORS", "COMPLETED", - "FAILED" + "FAILED", + "CANCEL_SUBMITTED", + "CANCEL_IN_PROGRESS", + "CANCEL_COMPLETED", + "CANCEL_FAILED" ] }, "KmsEncryptionConfig":{ @@ -520,6 +547,12 @@ "KmsKeyId":{"shape":"EncryptionKeyID"} } }, + "LambdaArn":{ + "type":"string", + "max":256, + "min":49, + "pattern":"arn:aws:lambda:[a-z]{2}-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9\\-_\\.]+(:(\\$LATEST|[a-zA-Z0-9\\-_]+))?" + }, "ListFHIRDatastoresRequest":{ "type":"structure", "members":{ diff --git a/models/apis/healthlake/2017-07-01/docs-2.json b/models/apis/healthlake/2017-07-01/docs-2.json index 3f645c7ecde..5d62f91210c 100644 --- a/models/apis/healthlake/2017-07-01/docs-2.json +++ b/models/apis/healthlake/2017-07-01/docs-2.json @@ -13,7 +13,7 @@ "ListTagsForResource": "Returns a list of all existing tags associated with a Data Store.
", "StartFHIRExportJob": "Begins a FHIR export job.
", "StartFHIRImportJob": "Begins a FHIR Import job.
", - "TagResource": "Adds a user specifed key and value tag to a Data Store.
", + "TagResource": "Adds a user specified key and value tag to a Data Store.
", "UntagResource": "Removes tags from a Data Store.
" }, "shapes": { @@ -30,10 +30,22 @@ "UntagResourceRequest$ResourceARN": "\"The Amazon Resource Name(ARN) of the Data Store for which tags are being removed
" } }, + "AuthorizationStrategy": { + "base": null, + "refs": { + "IdentityProviderConfiguration$AuthorizationStrategy": "The authorization strategy that you selected when you created the Data Store.
" + } + }, + "Boolean": { + "base": null, + "refs": { + "IdentityProviderConfiguration$FineGrainedAuthorizationEnabled": "If you enabled fine-grained authorization when you created the Data Store.
" + } + }, "BoundedLengthString": { "base": null, "refs": { - "CreateFHIRDatastoreResponse$DatastoreEndpoint": "The AWS endpoint for the created Data Store. For preview, only US-east-1 endpoints are supported.
", + "CreateFHIRDatastoreResponse$DatastoreEndpoint": "The AWS endpoint for the created Data Store.
", "DeleteFHIRDatastoreResponse$DatastoreEndpoint": "The AWS endpoint for the Data Store the user has requested to be deleted.
" } }, @@ -51,6 +63,12 @@ "KmsEncryptionConfig$CmkType": "The type of customer-managed-key(CMK) used for encyrption. The two types of supported CMKs are customer owned CMKs and AWS owned CMKs.
" } }, + "ConfigurationMetadata": { + "base": null, + "refs": { + "IdentityProviderConfiguration$Metadata": "The JSON metadata elements that you want to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.
authorization_endpoint: The URL to the OAuth2 authorization endpoint.
grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.
token_endpoint: The URL to the OAuth2 token endpoint.
capabilities: An array of strings of the SMART capabilities that the authorization server supports.
code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.
The Data Store is in a transition state and the user requested action can not be performed.
", "refs": { @@ -69,7 +87,7 @@ "DatastoreArn": { "base": null, "refs": { - "CreateFHIRDatastoreResponse$DatastoreArn": "The datastore ARN is generated during the creation of the Data Store and can be found in the output from the initial Data Store creation call.
", + "CreateFHIRDatastoreResponse$DatastoreArn": "The Data Store ARN is generated during the creation of the Data Store and can be found in the output from the initial Data Store creation call.
", "DatastoreProperties$DatastoreArn": "The Amazon Resource Name used in the creation of the Data Store.
", "DeleteFHIRDatastoreResponse$DatastoreArn": "The Amazon Resource Name (ARN) that gives Amazon HealthLake access permission.
" } @@ -87,7 +105,7 @@ "DatastoreProperties$DatastoreId": "The AWS-generated ID number for the Data Store.
", "DeleteFHIRDatastoreRequest$DatastoreId": "The AWS-generated ID for the Data Store to be deleted.
", "DeleteFHIRDatastoreResponse$DatastoreId": "The AWS-generated ID for the Data Store to be deleted.
", - "DescribeFHIRDatastoreRequest$DatastoreId": "The AWS-generated Data Store id. This is part of the ‘CreateFHIRDatastore’ output.
", + "DescribeFHIRDatastoreRequest$DatastoreId": "The AWS-generated Data Store ID.
", "DescribeFHIRExportJobRequest$DatastoreId": "The AWS generated ID for the Data Store from which files are being exported from for an export job.
", "DescribeFHIRImportJobRequest$DatastoreId": "The AWS-generated ID of the Data Store.
", "ExportJobProperties$DatastoreId": "The AWS generated ID for the Data Store from which files are being exported for an export job.
", @@ -109,7 +127,7 @@ } }, "DatastoreProperties": { - "base": "Displays the properties of the Data Store, including the ID, Arn, name, and the status of the Data Store.
", + "base": "Displays the properties of the Data Store, including the ID, ARN, name, and the status of the Data Store.
", "refs": { "DatastorePropertiesList$member": null, "DescribeFHIRDatastoreResponse$DatastoreProperties": "All properties associated with a Data Store, including the Data Store ID, Data Store ARN, Data Store name, Data Store status, created at, Data Store type version, and Data Store endpoint.
" @@ -206,6 +224,13 @@ "StartFHIRImportJobRequest$DataAccessRoleArn": "The Amazon Resource Name (ARN) that gives Amazon HealthLake access permission.
" } }, + "IdentityProviderConfiguration": { + "base": "The identity provider configuration that you gave when the Data Store was created.
", + "refs": { + "CreateFHIRDatastoreRequest$IdentityProviderConfiguration": "The configuration of the identity provider that you want to use for your Data Store.
", + "DatastoreProperties$IdentityProviderConfiguration": "The identity provider that you selected when you created the Data Store.
" + } + }, "ImportJobProperties": { "base": "Displays the properties of the import job, including the ID, Arn, Name, and the status of the Data Store.
", "refs": { @@ -257,7 +282,7 @@ "base": null, "refs": { "ExportJobProperties$JobStatus": "The status of a FHIR export job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED, or FAILED.
", - "ImportJobProperties$JobStatus": "The job status for an Import job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED, FAILED.
", + "ImportJobProperties$JobStatus": "The job status for an Import job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED_WITH_ERRORS, COMPLETED, FAILED.
", "ListFHIRExportJobsRequest$JobStatus": "This parameter limits the response to the export jobs with the specified job status.
", "ListFHIRImportJobsRequest$JobStatus": "This parameter limits the response to the import job with the specified job status.
", "StartFHIRExportJobResponse$JobStatus": "The status of a FHIR export job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED, or FAILED.
", @@ -270,6 +295,12 @@ "SseConfiguration$KmsEncryptionConfig": "The KMS encryption configuration used to provide details for data encryption.
" } }, + "LambdaArn": { + "base": null, + "refs": { + "IdentityProviderConfiguration$IdpLambdaArn": "The Amazon Resource Name (ARN) of the Lambda function that you want to use to decode the access token created by the authorization server.
" + } + }, "ListFHIRDatastoresRequest": { "base": null, "refs": { @@ -455,7 +486,7 @@ "TagValue": { "base": null, "refs": { - "Tag$Value": "The value portion of tag. Tag values are case sensitive.
" + "Tag$Value": "The value portion of a tag. Tag values are case sensitive.
" } }, "ThrottlingException": { diff --git a/models/apis/healthlake/2017-07-01/endpoint-rule-set-1.json b/models/apis/healthlake/2017-07-01/endpoint-rule-set-1.json new file mode 100644 index 00000000000..8acf26e8a35 --- /dev/null +++ b/models/apis/healthlake/2017-07-01/endpoint-rule-set-1.json @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://healthlake-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://healthlake-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://healthlake.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://healthlake.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + } + ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/healthlake/2017-07-01/endpoint-tests-1.json b/models/apis/healthlake/2017-07-01/endpoint-tests-1.json new file mode 100644 index 00000000000..a234a21aa71 --- /dev/null +++ b/models/apis/healthlake/2017-07-01/endpoint-tests-1.json @@ -0,0 +1,340 @@ +{ + "testCases": [ + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-east-2.amazonaws.com" + } + }, + "params": { + "Region": "us-east-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://healthlake.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://healthlake.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/m2/2021-04-28/api-2.json b/models/apis/m2/2021-04-28/api-2.json index e9564d6e62e..7565fc0d185 100644 --- a/models/apis/m2/2021-04-28/api-2.json +++ b/models/apis/m2/2021-04-28/api-2.json @@ -650,6 +650,7 @@ "environmentId":{"shape":"Identifier"}, "lastStartTime":{"shape":"Timestamp"}, "name":{"shape":"EntityName"}, + "roleArn":{"shape":"Arn"}, "status":{"shape":"ApplicationLifecycle"}, "versionStatus":{"shape":"ApplicationVersionLifecycle"} } @@ -686,7 +687,7 @@ }, "Arn":{ "type":"string", - "pattern":"^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$" + "pattern":"^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]|):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$" }, "ArnList":{ "type":"list", @@ -840,6 +841,7 @@ "engineType":{"shape":"EngineType"}, "kmsKeyId":{"shape":"String"}, "name":{"shape":"EntityName"}, + "roleArn":{"shape":"Arn"}, "tags":{"shape":"TagMap"} } }, @@ -1046,6 +1048,8 @@ "type":"structure", "members":{ "gdg":{"shape":"GdgDetailAttributes"}, + "po":{"shape":"PoDetailAttributes"}, + "ps":{"shape":"PsDetailAttributes"}, "vsam":{"shape":"VsamDetailAttributes"} }, "union":true @@ -1054,6 +1058,8 @@ "type":"structure", "members":{ "gdg":{"shape":"GdgAttributes"}, + "po":{"shape":"PoAttributes"}, + "ps":{"shape":"PsAttributes"}, "vsam":{"shape":"VsamAttributes"} }, "union":true @@ -1353,6 +1359,7 @@ "loadBalancerDnsName":{"shape":"String100"}, "logGroups":{"shape":"LogGroupSummaries"}, "name":{"shape":"EntityName"}, + "roleArn":{"shape":"Arn"}, "status":{"shape":"ApplicationLifecycle"}, "statusReason":{"shape":"String"}, "tags":{"shape":"TagMap"}, @@ -1998,6 +2005,29 @@ "schedule":{"shape":"MaintenanceSchedule"} } }, + "PoAttributes":{ + "type":"structure", + "required":[ + "format", + "memberFileExtensions" + ], + "members":{ + "encoding":{"shape":"String"}, + "format":{"shape":"String"}, + "memberFileExtensions":{"shape":"String20List"} + } + }, + "PoDetailAttributes":{ + "type":"structure", + "required":[ + "encoding", + "format" + ], + "members":{ + "encoding":{"shape":"String"}, + "format":{"shape":"String"} + } + }, "PortList":{ "type":"list", "member":{"shape":"Integer"}, @@ -2015,6 +2045,25 @@ "offset":{"shape":"Integer"} } }, + "PsAttributes":{ + "type":"structure", + "required":["format"], + "members":{ + "encoding":{"shape":"String"}, + "format":{"shape":"String"} + } + }, + "PsDetailAttributes":{ + "type":"structure", + "required":[ + "encoding", + "format" + ], + "members":{ + "encoding":{"shape":"String"}, + "format":{"shape":"String"} + } + }, "RecordLength":{ "type":"structure", "required":[ @@ -2155,6 +2204,12 @@ "type":"string", "pattern":"^\\S{1,2000}$" }, + "String20List":{ + "type":"list", + "member":{"shape":"String20"}, + "max":10, + "min":1 + }, "String50":{ "type":"string", "pattern":"^\\S{1,50}$" diff --git a/models/apis/m2/2021-04-28/docs-2.json b/models/apis/m2/2021-04-28/docs-2.json index de415b0b092..dcbc6b101e9 100644 --- a/models/apis/m2/2021-04-28/docs-2.json +++ b/models/apis/m2/2021-04-28/docs-2.json @@ -104,10 +104,13 @@ "base": null, "refs": { "ApplicationSummary$applicationArn": "The Amazon Resource Name (ARN) of the application.
", + "ApplicationSummary$roleArn": "The Amazon Resource Name (ARN) of the role associated with the application.
", "ArnList$member": null, + "CreateApplicationRequest$roleArn": "The Amazon Resource Name (ARN) of the role associated with the application.
", "CreateApplicationResponse$applicationArn": "The Amazon Resource Name (ARN) of the application.
", "EnvironmentSummary$environmentArn": "The Amazon Resource Name (ARN) of a particular runtime environment.
", "GetApplicationResponse$applicationArn": "The Amazon Resource Name (ARN) of the application.
", + "GetApplicationResponse$roleArn": "The Amazon Resource Name (ARN) of the role associated with the application.
", "GetEnvironmentResponse$environmentArn": "The Amazon Resource Name (ARN) of the runtime environment.
", "ListTagsForResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource.
", "TagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource.
", @@ -156,8 +159,8 @@ "BatchJobIdentifier": { "base": "Identifies a specific batch job.
", "refs": { - "BatchJobExecutionSummary$batchJobIdentifier": null, - "GetBatchJobExecutionResponse$batchJobIdentifier": null, + "BatchJobExecutionSummary$batchJobIdentifier": "The unique identifier of this batch job.
", + "GetBatchJobExecutionResponse$batchJobIdentifier": "The unique identifier of this batch job.
", "StartBatchJobRequest$batchJobIdentifier": "The unique identifier of the batch job.
" } }, @@ -175,7 +178,7 @@ } }, "BatchParamKey": { - "base": "Parameter key: the first character must be alphabetic. Can be of up to 8 alphanumeric characters.
", + "base": "See https://www.ibm.com/docs/en/workload-automation/9.3.0?topic=zos-coding-variables-in-jcl to get details about limits for both keys and values: 8 for keys (variable names), 44 for values (variable values) In addition, keys will be only alphabetic characters and digits, without any space or special characters (dash, underscore, etc ...)
Parameter key: the first character must be alphabetic. Can be of up to 8 alphanumeric characters.
", "refs": { "BatchJobParametersMap$key": null } @@ -865,6 +868,18 @@ "GetEnvironmentResponse$pendingMaintenance": "Indicates the pending maintenance scheduled on this environment.
" } }, + "PoAttributes": { + "base": "The supported properties for a PO type data set.
", + "refs": { + "DatasetOrgAttributes$po": "The details of a PO type data set.
" + } + }, + "PoDetailAttributes": { + "base": "The supported properties for a PO type data set.
", + "refs": { + "DatasetDetailOrgAttributes$po": "The details of a PO type data set.
" + } + }, "PortList": { "base": null, "refs": { @@ -878,6 +893,18 @@ "VsamDetailAttributes$primaryKey": "The primary key of the data set.
" } }, + "PsAttributes": { + "base": "The supported properties for a PS type data set.
", + "refs": { + "DatasetOrgAttributes$ps": "The details of a PS type data set.
" + } + }, + "PsDetailAttributes": { + "base": "The supported properties for a PS type data set.
", + "refs": { + "DatasetDetailOrgAttributes$ps": "The details of a PS type data set.
" + } + }, "RecordLength": { "base": "The length of the records in the data set.
", "refs": { @@ -955,7 +982,7 @@ "AccessDeniedException$message": null, "AlternateKey$name": "The name of the alternate key.
", "ApplicationVersionSummary$statusReason": "The reason for the reported status.
", - "BatchJobExecutionSummary$returnCode": "", + "BatchJobExecutionSummary$returnCode": "The batch job return code from either the Blu Age or Micro Focus runtime engines. For more information, see Batch return codes in the IBM WebSphere Application Server documentation.
", "ConflictException$message": null, "ConflictException$resourceId": "The ID of the conflicting resource.
", "ConflictException$resourceType": "The type of the conflicting resource.
", @@ -980,7 +1007,7 @@ "GetApplicationResponse$kmsKeyId": "The identifier of a customer managed key.
", "GetApplicationResponse$statusReason": "The reason for the reported status.
", "GetApplicationVersionResponse$statusReason": "The reason for the reported status.
", - "GetBatchJobExecutionResponse$returnCode": "", + "GetBatchJobExecutionResponse$returnCode": "The batch job return code from either the Blu Age or Micro Focus runtime engines. For more information, see Batch return codes in the IBM WebSphere Application Server documentation.
", "GetBatchJobExecutionResponse$statusReason": "The reason for the reported status.
", "GetDeploymentResponse$statusReason": "The reason for the reported status.
", "GetEnvironmentResponse$kmsKeyId": "The identifier of a customer managed key.
", @@ -989,7 +1016,15 @@ "InternalServerException$message": null, "ListBatchJobDefinitionsRequest$prefix": "If the batch job definition is a FileBatchJobDefinition, the prefix allows you to search on the file names of FileBatchJobDefinitions.
", "PendingMaintenance$engineVersion": "The specific runtime engine that the maintenance schedule applies to.
", + "PoAttributes$encoding": "The character set encoding of the data set.
", + "PoAttributes$format": "The format of the data set records.
", + "PoDetailAttributes$encoding": "The character set encoding of the data set.
", + "PoDetailAttributes$format": "The format of the data set records.
", "PrimaryKey$name": "A name for the Primary Key.
", + "PsAttributes$encoding": "The character set encoding of the data set.
", + "PsAttributes$format": "The format of the data set records.
", + "PsDetailAttributes$encoding": "The character set encoding of the data set.
", + "PsDetailAttributes$format": "The format of the data set records.
", "ResourceNotFoundException$message": null, "ResourceNotFoundException$resourceId": "The ID of the missing resource.
", "ResourceNotFoundException$resourceType": "The type of the missing resource.
", @@ -1032,6 +1067,7 @@ "EnvironmentSummary$instanceType": "The instance type of the runtime environment.
", "GetEnvironmentResponse$instanceType": "The type of instance underlying the runtime environment.
", "LogGroupSummary$logType": "The type of log.
", + "String20List$member": null, "UpdateEnvironmentRequest$instanceType": "The instance type for the runtime environment to update.
", "VsamDetailAttributes$encoding": "The character set used by the data set. Can be ASCII, EBCDIC, or unknown.
", "VsamDetailAttributes$recordFormat": "The record format of the data set.
" @@ -1059,6 +1095,12 @@ "GetDataSetDetailsResponse$location": "The location where the data set is stored.
" } }, + "String20List": { + "base": null, + "refs": { + "PoAttributes$memberFileExtensions": "An array containing one or more filename extensions, allowing you to specify which files to be included as PDS member.
" + } + }, "String50": { "base": null, "refs": { diff --git a/models/apis/m2/2021-04-28/endpoint-rule-set-1.json b/models/apis/m2/2021-04-28/endpoint-rule-set-1.json index 8c0c66bd0d1..ef314671806 100644 --- a/models/apis/m2/2021-04-28/endpoint-rule-set-1.json +++ b/models/apis/m2/2021-04-28/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,154 +111,215 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://m2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://m2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://m2-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://m2-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://m2.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -286,7 +327,7 @@ { "conditions": [], "endpoint": { - "url": "https://m2.{Region}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://m2.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -295,28 +336,13 @@ ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://m2.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/m2/2021-04-28/endpoint-tests-1.json b/models/apis/m2/2021-04-28/endpoint-tests-1.json index 935c615f33d..46b2e6c2c5d 100644 --- a/models/apis/m2/2021-04-28/endpoint-tests-1.json +++ b/models/apis/m2/2021-04-28/endpoint-tests-1.json @@ -1,211 +1,248 @@ { "testCases": [ { - "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2-fips.us-isob-east-1.sc2s.sgov.gov" + "url": "https://m2.ap-southeast-2.amazonaws.com" } }, "params": { - "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": true + "Region": "ap-southeast-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.us-isob-east-1.sc2s.sgov.gov" + "url": "https://m2.ca-central-1.amazonaws.com" } }, "params": { - "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "ca-central-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2-fips.us-gov-east-1.api.aws" + "url": "https://m2.eu-central-1.amazonaws.com" } }, "params": { - "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": true + "Region": "eu-central-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2-fips.us-gov-east-1.amazonaws.com" + "url": "https://m2.eu-west-1.amazonaws.com" } }, "params": { - "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": true + "Region": "eu-west-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.us-gov-east-1.api.aws" + "url": "https://m2.sa-east-1.amazonaws.com" } }, "params": { - "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": false + "Region": "sa-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.us-gov-east-1.amazonaws.com" + "url": "https://m2.us-east-1.amazonaws.com" } }, "params": { - "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.sa-east-1.amazonaws.com" + "url": "https://m2.us-west-2.amazonaws.com" } }, "params": { - "Region": "sa-east-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-west-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://m2.ca-central-1.amazonaws.com" + "url": "https://m2-fips.us-east-1.api.aws" } }, "params": { - "Region": "ca-central-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.us-east-1.amazonaws.com" + "url": "https://m2-fips.us-east-1.amazonaws.com" } }, "params": { "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://m2.eu-central-1.amazonaws.com" + "url": "https://m2.us-east-1.api.aws" } }, "params": { - "Region": "eu-central-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://m2.ap-southeast-2.amazonaws.com" + "url": "https://m2-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "Region": "ap-southeast-2", - "UseDualStack": false, - "UseFIPS": false + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.eu-west-1.amazonaws.com" + "url": "https://m2-fips.cn-north-1.amazonaws.com.cn" } }, "params": { - "Region": "eu-west-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://m2.us-west-2.amazonaws.com" + "url": "https://m2.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "Region": "us-west-2", - "UseDualStack": false, - "UseFIPS": false + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2-fips.us-east-1.api.aws" + "url": "https://m2.cn-north-1.amazonaws.com.cn" } }, "params": { - "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": true + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://m2-fips.us-east-1.amazonaws.com" + "url": "https://m2-fips.us-gov-east-1.api.aws" } }, "params": { - "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": true + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.us-east-1.api.aws" + "url": "https://m2-fips.us-gov-east-1.amazonaws.com" } }, "params": { - "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": false + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://m2.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://m2.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { @@ -217,8 +254,19 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { @@ -230,73 +278,82 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://m2-fips.cn-north-1.api.amazonwebservices.com.cn" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": true + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2-fips.cn-north-1.amazonaws.com.cn" + "url": "https://m2-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": true + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://m2.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://m2.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": false + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://m2.cn-north-1.amazonaws.com.cn" + "url": "https://example.com" } }, "params": { - "Region": "cn-north-1", + "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": false, - "UseFIPS": false + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { - "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -307,8 +364,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -319,10 +376,16 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/apis/rds/2014-10-31/api-2.json b/models/apis/rds/2014-10-31/api-2.json index 7396dd60fb2..e3f0f85b8c1 100644 --- a/models/apis/rds/2014-10-31/api-2.json +++ b/models/apis/rds/2014-10-31/api-2.json @@ -6799,7 +6799,8 @@ "StorageThroughput":{"shape":"IntegerOptional"}, "ManageMasterUserPassword":{"shape":"BooleanOptional"}, "RotateMasterUserPassword":{"shape":"BooleanOptional"}, - "MasterUserSecretKmsKeyId":{"shape":"String"} + "MasterUserSecretKmsKeyId":{"shape":"String"}, + "Engine":{"shape":"String"} } }, "ModifyDBInstanceResult":{ @@ -7363,7 +7364,8 @@ "IAMDatabaseAuthenticationEnabled":{"shape":"BooleanOptional"}, "AutomationMode":{"shape":"AutomationMode"}, "ResumeFullAutomationModeTime":{"shape":"TStamp"}, - "StorageThroughput":{"shape":"IntegerOptional"} + "StorageThroughput":{"shape":"IntegerOptional"}, + "Engine":{"shape":"String"} } }, "PointInTimeRestoreNotEnabledFault":{ diff --git a/models/apis/rds/2014-10-31/docs-2.json b/models/apis/rds/2014-10-31/docs-2.json index 5b1a35f37a4..62e47225b98 100644 --- a/models/apis/rds/2014-10-31/docs-2.json +++ b/models/apis/rds/2014-10-31/docs-2.json @@ -4019,7 +4019,7 @@ "CreateDBClusterMessage$Domain": "The Active Directory directory ID to create the DB cluster in.
For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB cluster.
For more information, see Kerberos authentication in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
", "CreateDBClusterMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
Valid for: Aurora DB clusters only
", "CreateDBClusterMessage$DBClusterInstanceClass": "The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.
For the full list of DB instance classes and availability for your engine, see DB instance class in the Amazon RDS User Guide.
This setting is required to create a Multi-AZ DB cluster.
Valid for: Multi-AZ DB clusters only
", - "CreateDBClusterMessage$StorageType": "Specifies the storage type to be associated with the DB cluster.
This setting is required to create a Multi-AZ DB cluster.
When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.
Valid values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", + "CreateDBClusterMessage$StorageType": "Specifies the storage type to be associated with the DB cluster.
This setting is required to create a Multi-AZ DB cluster.
When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.
Valid values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Valid for: Aurora DB clusters and Multi-AZ DB clusters
For more information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For more information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.
", "CreateDBClusterMessage$MonitoringRoleArn": "The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see Setting up and enabling Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn value.
Valid for: Multi-AZ DB clusters only
", "CreateDBClusterMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Valid for: Multi-AZ DB clusters only
", "CreateDBClusterMessage$NetworkType": "The network type of the DB cluster.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
", @@ -4568,6 +4568,7 @@ "ModifyDBInstanceMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
This setting doesn't apply to RDS Custom.
", "ModifyDBInstanceMessage$NetworkType": "The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "ModifyDBInstanceMessage$MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if both of the following conditions are met:
The DB instance doesn't manage the master user password in Amazon Web Services Secrets Manager.
If the DB instance already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key used to encrypt the secret.
You are turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager.
If you are turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
", + "ModifyDBInstanceMessage$Engine": "The target Oracle DB engine when you convert a non-CDB to a CDB. This intermediate step is necessary to upgrade an Oracle Database 19c non-CDB to an Oracle Database 21c CDB.
Note the following requirements:
Make sure that you specify oracle-ee-cdb or oracle-se2-cdb.
Make sure that your DB engine runs Oracle Database 19c with an April 2021 or later RU.
Note the following limitations:
You can't convert a CDB to a non-CDB.
You can't convert a replica database.
You can't convert a non-CDB to a CDB and upgrade the engine version in the same command.
You can't convert the existing custom parameter or option group when it has options or parameters that are permanent or persistent. In this situation, the DB instance reverts to the default option and parameter group. To avoid reverting to the default, specify a new parameter group with --db-parameter-group-name and a new option group with --option-group-name.
The name of the DB parameter group.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
The identifier for the DBProxy to modify.
The new identifier for the DBProxy. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
The identifier for the DB snapshot to modify the attributes for.
", "ModifyDBSnapshotAttributeMessage$AttributeName": "The name of the DB snapshot attribute to modify.
To manage authorization for other Amazon Web Services accounts to copy or restore a manual DB snapshot, set this value to restore.
To view the list of attributes available to modify, use the DescribeDBSnapshotAttributes API operation.
The identifier of the DB snapshot to modify.
", - "ModifyDBSnapshotMessage$EngineVersion": "The engine version to upgrade the DB snapshot to.
The following are the database engines and engine versions that are available when you upgrade a DB snapshot.
MySQL
5.5.46 (supported for 5.1 DB snapshots)
Oracle
19.0.0.0.ru-2022-01.rur-2022-01.r1 (supported for 12.2.0.1 DB snapshots)
19.0.0.0.ru-2022-07.rur-2022-07.r1 (supported for 12.1.0.2 DB snapshots)
12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots)
11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots)
11.2.0.4.v11 (supported for 11.2.0.3 DB snapshots)
PostgreSQL
For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading the PostgreSQL DB Engine for Amazon RDS.
", + "ModifyDBSnapshotMessage$EngineVersion": "The engine version to upgrade the DB snapshot to.
The following are the database engines and engine versions that are available when you upgrade a DB snapshot.
MySQL
5.5.46 (supported for 5.1 DB snapshots)
Oracle
12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots)
11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots)
11.2.0.4.v11 (supported for 11.2.0.3 DB snapshots)
PostgreSQL
For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading the PostgreSQL DB Engine for Amazon RDS.
", "ModifyDBSnapshotMessage$OptionGroupName": "The option group to identify with the upgraded DB snapshot.
You can specify this parameter when you upgrade an Oracle DB snapshot. The same option group considerations apply when upgrading a DB snapshot as when upgrading a DB instance. For more information, see Option group considerations in the Amazon RDS User Guide.
", "ModifyDBSubnetGroupMessage$DBSubnetGroupName": "The name for the DB subnet group. This value is stored as a lowercase string. You can't modify the default subnet group.
Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.
Example: mydbsubnetgroup
The description for the DB subnet group.
", @@ -4655,6 +4656,7 @@ "PendingModifiedValues$StorageType": "The storage type of the DB instance.
", "PendingModifiedValues$CACertificateIdentifier": "The identifier of the CA certificate for the DB instance.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.
", "PendingModifiedValues$DBSubnetGroupName": "The DB subnet group for the DB instance.
", + "PendingModifiedValues$Engine": "The database engine of the DB instance.
", "ProcessorFeature$Name": "The name of the processor feature. Valid names are coreCount and threadsPerCore.
The value of a processor feature name.
", "PromoteReadReplicaDBClusterMessage$DBClusterIdentifier": "The identifier of the DB cluster read replica to promote. This parameter isn't case-sensitive.
Constraints:
Must match the identifier of an existing DB cluster read replica.
Example: my-cluster-replica1
Gets information about the specified TagOption.
", "DisableAWSOrganizationsAccess": "Disable portfolio sharing through the Organizations service. This command will not delete your current shares, but prevents you from creating new shares throughout your organization. Current shares are not kept in sync with your organization structure if the structure changes after calling this API. Only the management account in the organization can call this API.
You cannot call this API if there are active delegated administrators in the organization.
Note that a delegated administrator is not authorized to invoke DisableAWSOrganizationsAccess.
If you share an Service Catalog portfolio in an organization within Organizations, and then disable Organizations access for Service Catalog, the portfolio access permissions will not sync with the latest changes to the organization structure. Specifically, accounts that you removed from the organization after disabling Service Catalog access will retain access to the previously shared portfolio.
Disassociates the specified budget from the specified resource.
", - "DisassociatePrincipalFromPortfolio": "Disassociates a previously associated principal ARN from a specified portfolio.
The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.
For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal.
", + "DisassociatePrincipalFromPortfolio": "Disassociates a previously associated principal ARN from a specified portfolio.
The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.
For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal.
For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference.
If you disassociate a principal from a portfolio, with PrincipalType as IAM, the same principal will still have access to the portfolio if it matches one of the associated principals of type IAM_PATTERN. To fully remove access for a principal, verify all the associated Principals of type IAM_PATTERN, and then ensure you disassociate any IAM_PATTERN principals that match the principal whose access you are removing.
Disassociates the specified product from the specified portfolio.
A delegated admin is authorized to invoke this command.
", "DisassociateServiceActionFromProvisioningArtifact": "Disassociates the specified self-service action association from the specified provisioning artifact.
", "DisassociateTagOptionFromResource": "Disassociates the specified TagOption from the specified resource.
", @@ -1900,17 +1900,17 @@ "PrincipalARN": { "base": null, "refs": { - "AssociatePrincipalWithPortfolioInput$PrincipalARN": "The ARN of the principal (user, role, or group). This field allows an ARN with no accountID if PrincipalType is IAM_PATTERN.
You can associate multiple IAM patterns even if the account has no principal with that name. This is useful in Principal Name Sharing if you want to share a principal without creating it in the account that owns the portfolio.
The ARN of the principal (user, role, or group). This field allows an ARN with no accountID if PrincipalType is IAM_PATTERN.
The ARN of the principal (user, role, or group). This field allows for an ARN with no accountID if the PrincipalType is an IAM_PATTERN.
The ARN of the principal (user, role, or group). The supported value is a fully defined IAM ARN if the PrincipalType is IAM. If the PrincipalType is IAM_PATTERN, the supported value is an IAM ARN without an AccountID in the following format:
arn:partition:iam:::resource-type/resource-id
The resource-id can be either of the following:
Fully formed, for example arn:aws:iam:::role/resource-name or arn:aws:iam:::role/resource-path/resource-name
A wildcard ARN. The wildcard ARN accepts IAM_PATTERN values with a \"*\" or \"?\" in the resource-id segment of the ARN, for example arn:partition:service:::resource-type/resource-path/resource-name. The new symbols are exclusive to the resource-path and resource-name and cannot be used to replace the resource-type or other ARN values.
Examples of an acceptable wildcard ARN:
arn:aws:iam:::role/ResourceName_*
arn:aws:iam:::role/*/ResourceName_?
Examples of an unacceptable wildcard ARN:
arn:aws:iam:::*/ResourceName
You can associate multiple IAM_PATTERNs even if the account has no principal with that name.
The ARN path and principal name allow unlimited wildcard characters.
The \"?\" wildcard character matches zero or one of any character. This is similar to \".?\" in regular regex context.
The \"*\" wildcard character matches any number of any characters. This is similar \".*\" in regular regex context.
In the IAM Principal ARNs format (arn:partition:iam:::resource-type/resource-path/resource-name), valid resource-type values include user/, group/, or role/. The \"?\" and \"*\" are allowed only after the resource-type, in the resource-id segment. You can use special characters anywhere within the resource-id.
The \"*\" also matches the \"/\" character, allowing paths to be formed within the resource-id. For example, arn:aws:iam:::role/*/ResourceName_? matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1.
The ARN of the principal (user, role, or group). This field allows an ARN with no accountID with or without wildcard characters if PrincipalType is IAM_PATTERN.
The ARN of the principal (user, role, or group). This field allows for an ARN with no accountID, with or without wildcard characters if the PrincipalType is an IAM_PATTERN.
For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference.
" } }, "PrincipalType": { "base": null, "refs": { - "AssociatePrincipalWithPortfolioInput$PrincipalType": "The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID.
The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use no accountID.
The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID.
The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without wildcard characters.
The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you specify an IAM ARN with no AccountId, with or without wildcard characters.
The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without wildcard characters.
WorkSpaces Web is a low cost, fully managed WorkSpace built specifically to facilitate secure, web-based workloads. WorkSpaces Web makes it easy for customers to safely provide their employees with access to internal websites and SaaS web applications without the administrative burden of appliances or specialized client software. WorkSpaces Web provides simple policy tools tailored for user interactions, while offloading common tasks like capacity management, scaling, and maintaining browser images.
", "operations": { "AssociateBrowserSettings": "Associates a browser settings resource with a web portal.
", + "AssociateIpAccessSettings": "Associates an IP access settings resource with a web portal.
", "AssociateNetworkSettings": "Associates a network settings resource with a web portal.
", "AssociateTrustStore": "Associates a trust store with a web portal.
", "AssociateUserAccessLoggingSettings": "Associates a user access logging settings resource with a web portal.
", "AssociateUserSettings": "Associates a user settings resource with a web portal.
", "CreateBrowserSettings": "Creates a browser settings resource that can be associated with a web portal. Once associated with a web portal, browser settings control how the browser will behave once a user starts a streaming session for the web portal.
", "CreateIdentityProvider": "Creates an identity provider resource that is then associated with a web portal.
", + "CreateIpAccessSettings": "Creates an IP access settings resource that can be associated with a web portal.
", "CreateNetworkSettings": "Creates a network settings resource that can be associated with a web portal. Once associated with a web portal, network settings define how streaming instances will connect with your specified VPC.
", "CreatePortal": "Creates a web portal.
", "CreateTrustStore": "Creates a trust store that can be associated with a web portal. A trust store contains certificate authority (CA) certificates. Once associated with a web portal, the browser in a streaming session will recognize certificates that have been issued using any of the CAs in the trust store. If your organization has internal websites that use certificates issued by private CAs, you should add the private CA certificate to the trust store.
", @@ -16,18 +18,21 @@ "CreateUserSettings": "Creates a user settings resource that can be associated with a web portal. Once associated with a web portal, user settings control how users can transfer data between a streaming session and the their local devices.
", "DeleteBrowserSettings": "Deletes browser settings.
", "DeleteIdentityProvider": "Deletes the identity provider.
", + "DeleteIpAccessSettings": "Deletes IP access settings.
", "DeleteNetworkSettings": "Deletes network settings.
", "DeletePortal": "Deletes a web portal.
", "DeleteTrustStore": "Deletes the trust store.
", "DeleteUserAccessLoggingSettings": "Deletes user access logging settings.
", "DeleteUserSettings": "Deletes user settings.
", "DisassociateBrowserSettings": "Disassociates browser settings from a web portal.
", + "DisassociateIpAccessSettings": "Disassociates IP access settings from a web portal.
", "DisassociateNetworkSettings": "Disassociates network settings from a web portal.
", "DisassociateTrustStore": "Disassociates a trust store from a web portal.
", "DisassociateUserAccessLoggingSettings": "Disassociates user access logging settings from a web portal.
", "DisassociateUserSettings": "Disassociates user settings from a web portal.
", "GetBrowserSettings": "Gets browser settings.
", "GetIdentityProvider": "Gets the identity provider.
", + "GetIpAccessSettings": "Gets the IP access settings.
", "GetNetworkSettings": "Gets the network settings.
", "GetPortal": "Gets the web portal.
", "GetPortalServiceProviderMetadata": "Gets the service provider metadata.
", @@ -37,6 +42,7 @@ "GetUserSettings": "Gets user settings.
", "ListBrowserSettings": "Retrieves a list of browser settings.
", "ListIdentityProviders": "Retrieves a list of identity providers for a specific web portal.
", + "ListIpAccessSettings": "Retrieves a list of IP access settings.
", "ListNetworkSettings": "Retrieves a list of network settings.
", "ListPortals": "Retrieves a list or web portals.
", "ListTagsForResource": "Retrieves a list of tags for a resource.
", @@ -48,6 +54,7 @@ "UntagResource": "Removes one or more tags from the specified resource.
", "UpdateBrowserSettings": "Updates browser settings.
", "UpdateIdentityProvider": "Updates the identity provider.
", + "UpdateIpAccessSettings": "Updates IP access settings.
", "UpdateNetworkSettings": "Updates network settings.
", "UpdatePortal": "Updates a web portal.
", "UpdateTrustStore": "Updates the trust store.
", @@ -63,6 +70,10 @@ "AssociateBrowserSettingsRequest$portalArn": "The ARN of the web portal.
", "AssociateBrowserSettingsResponse$browserSettingsArn": "The ARN of the browser settings.
", "AssociateBrowserSettingsResponse$portalArn": "The ARN of the web portal.
", + "AssociateIpAccessSettingsRequest$ipAccessSettingsArn": "The ARN of the IP access settings.
", + "AssociateIpAccessSettingsRequest$portalArn": "The ARN of the web portal.
", + "AssociateIpAccessSettingsResponse$ipAccessSettingsArn": "The ARN of the IP access settings resource.
", + "AssociateIpAccessSettingsResponse$portalArn": "The ARN of the web portal.
", "AssociateNetworkSettingsRequest$networkSettingsArn": "The ARN of the network settings.
", "AssociateNetworkSettingsRequest$portalArn": "The ARN of the web portal.
", "AssociateNetworkSettingsResponse$networkSettingsArn": "The ARN of the network settings.
", @@ -84,6 +95,7 @@ "CreateBrowserSettingsResponse$browserSettingsArn": "The ARN of the browser settings.
", "CreateIdentityProviderRequest$portalArn": "The ARN of the web portal.
", "CreateIdentityProviderResponse$identityProviderArn": "The ARN of the identity provider.
", + "CreateIpAccessSettingsResponse$ipAccessSettingsArn": "The ARN of the IP access settings resource.
", "CreateNetworkSettingsResponse$networkSettingsArn": "The ARN of the network settings.
", "CreatePortalResponse$portalArn": "The ARN of the web portal.
", "CreateTrustStoreResponse$trustStoreArn": "The ARN of the trust store.
", @@ -91,18 +103,21 @@ "CreateUserSettingsResponse$userSettingsArn": "The ARN of the user settings.
", "DeleteBrowserSettingsRequest$browserSettingsArn": "The ARN of the browser settings.
", "DeleteIdentityProviderRequest$identityProviderArn": "The ARN of the identity provider.
", + "DeleteIpAccessSettingsRequest$ipAccessSettingsArn": "The ARN of the IP access settings.
", "DeleteNetworkSettingsRequest$networkSettingsArn": "The ARN of the network settings.
", "DeletePortalRequest$portalArn": "The ARN of the web portal.
", "DeleteTrustStoreRequest$trustStoreArn": "The ARN of the trust store.
", "DeleteUserAccessLoggingSettingsRequest$userAccessLoggingSettingsArn": "The ARN of the user access logging settings.
", "DeleteUserSettingsRequest$userSettingsArn": "The ARN of the user settings.
", "DisassociateBrowserSettingsRequest$portalArn": "The ARN of the web portal.
", + "DisassociateIpAccessSettingsRequest$portalArn": "The ARN of the web portal.
", "DisassociateNetworkSettingsRequest$portalArn": "The ARN of the web portal.
", "DisassociateTrustStoreRequest$portalArn": "The ARN of the web portal.
", "DisassociateUserAccessLoggingSettingsRequest$portalArn": "The ARN of the web portal.
", "DisassociateUserSettingsRequest$portalArn": "The ARN of the web portal.
", "GetBrowserSettingsRequest$browserSettingsArn": "The ARN of the browser settings.
", "GetIdentityProviderRequest$identityProviderArn": "The ARN of the identity provider.
", + "GetIpAccessSettingsRequest$ipAccessSettingsArn": "The ARN of the IP access settings.
", "GetNetworkSettingsRequest$networkSettingsArn": "The ARN of the network settings.
", "GetPortalRequest$portalArn": "The ARN of the web portal.
", "GetPortalServiceProviderMetadataRequest$portalArn": "The ARN of the web portal.
", @@ -114,6 +129,8 @@ "GetUserSettingsRequest$userSettingsArn": "The ARN of the user settings.
", "IdentityProvider$identityProviderArn": "The ARN of the identity provider.
", "IdentityProviderSummary$identityProviderArn": "The ARN of the identity provider.
", + "IpAccessSettings$ipAccessSettingsArn": "The ARN of the IP access settings resource.
", + "IpAccessSettingsSummary$ipAccessSettingsArn": "The ARN of IP access settings.
", "ListIdentityProvidersRequest$portalArn": "The ARN of the web portal.
", "ListTagsForResourceRequest$resourceArn": "The ARN of the resource.
", "ListTrustStoreCertificatesRequest$trustStoreArn": "The ARN of the trust store
", @@ -121,12 +138,14 @@ "NetworkSettings$networkSettingsArn": "The ARN of the network settings.
", "NetworkSettingsSummary$networkSettingsArn": "The ARN of the network settings.
", "Portal$browserSettingsArn": "The ARN of the browser settings that is associated with this web portal.
", + "Portal$ipAccessSettingsArn": "The ARN of the IP access settings.
", "Portal$networkSettingsArn": "The ARN of the network settings that is associated with the web portal.
", "Portal$portalArn": "The ARN of the web portal.
", "Portal$trustStoreArn": "The ARN of the trust store that is associated with the web portal.
", "Portal$userAccessLoggingSettingsArn": "The ARN of the user access logging settings that is associated with the web portal.
", "Portal$userSettingsArn": "The ARN of the user settings that is associated with the web portal.
", "PortalSummary$browserSettingsArn": "The ARN of the browser settings that is associated with the web portal.
", + "PortalSummary$ipAccessSettingsArn": "The ARN of the IP access settings.
", "PortalSummary$networkSettingsArn": "The ARN of the network settings that is associated with the web portal.
", "PortalSummary$portalArn": "The ARN of the web portal.
", "PortalSummary$trustStoreArn": "The ARN of the trust that is associated with this web portal.
", @@ -139,6 +158,7 @@ "UntagResourceRequest$resourceArn": "The ARN of the resource.
", "UpdateBrowserSettingsRequest$browserSettingsArn": "The ARN of the browser settings.
", "UpdateIdentityProviderRequest$identityProviderArn": "The ARN of the identity provider.
", + "UpdateIpAccessSettingsRequest$ipAccessSettingsArn": "The ARN of the IP access settings.
", "UpdateNetworkSettingsRequest$networkSettingsArn": "The ARN of the network settings.
", "UpdatePortalRequest$portalArn": "The ARN of the web portal.
", "UpdateTrustStoreRequest$trustStoreArn": "The ARN of the trust store.
", @@ -160,6 +180,7 @@ "base": null, "refs": { "BrowserSettings$associatedPortalArns": "A list of web portal ARNs that this browser settings is associated with.
", + "IpAccessSettings$associatedPortalArns": "A list of web portal ARNs that this IP access settings resource is associated with.
", "NetworkSettings$associatedPortalArns": "A list of web portal ARNs that this network settings is associated with.
", "TrustStore$associatedPortalArns": "A list of web portal ARNs that this trust store is associated with.
", "UserAccessLoggingSettings$associatedPortalArns": "A list of web portal ARNs that this user access logging settings is associated with.
", @@ -176,6 +197,16 @@ "refs": { } }, + "AssociateIpAccessSettingsRequest": { + "base": null, + "refs": { + } + }, + "AssociateIpAccessSettingsResponse": { + "base": null, + "refs": { + } + }, "AssociateNetworkSettingsRequest": { "base": null, "refs": { @@ -320,6 +351,7 @@ "refs": { "CreateBrowserSettingsRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "CreateIdentityProviderRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", + "CreateIpAccessSettingsRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "CreateNetworkSettingsRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "CreatePortalRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "CreateTrustStoreRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", @@ -328,6 +360,7 @@ "TagResourceRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "UpdateBrowserSettingsRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "UpdateIdentityProviderRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", + "UpdateIpAccessSettingsRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "UpdateNetworkSettingsRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "UpdateTrustStoreRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", "UpdateUserAccessLoggingSettingsRequest$clientToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.
If you do not specify a client token, one is automatically generated by the AWS SDK.
", @@ -359,6 +392,16 @@ "refs": { } }, + "CreateIpAccessSettingsRequest": { + "base": null, + "refs": { + } + }, + "CreateIpAccessSettingsResponse": { + "base": null, + "refs": { + } + }, "CreateNetworkSettingsRequest": { "base": null, "refs": { @@ -429,6 +472,16 @@ "refs": { } }, + "DeleteIpAccessSettingsRequest": { + "base": null, + "refs": { + } + }, + "DeleteIpAccessSettingsResponse": { + "base": null, + "refs": { + } + }, "DeleteNetworkSettingsRequest": { "base": null, "refs": { @@ -479,6 +532,16 @@ "refs": { } }, + "Description": { + "base": null, + "refs": { + "CreateIpAccessSettingsRequest$description": "The description of the IP access settings.
", + "IpAccessSettings$description": "The description of the IP access settings.
", + "IpAccessSettingsSummary$description": "The description of the IP access settings.
", + "IpRule$description": "The description of the IP rule.
", + "UpdateIpAccessSettingsRequest$description": "The description of the IP access settings.
" + } + }, "DisassociateBrowserSettingsRequest": { "base": null, "refs": { @@ -489,6 +552,16 @@ "refs": { } }, + "DisassociateIpAccessSettingsRequest": { + "base": null, + "refs": { + } + }, + "DisassociateIpAccessSettingsResponse": { + "base": null, + "refs": { + } + }, "DisassociateNetworkSettingsRequest": { "base": null, "refs": { @@ -541,9 +614,13 @@ "DisplayName": { "base": null, "refs": { + "CreateIpAccessSettingsRequest$displayName": "The display name of the IP access settings.
", "CreatePortalRequest$displayName": "The name of the web portal. This is not visible to users who log into the web portal.
", + "IpAccessSettings$displayName": "The display name of the IP access settings.
", + "IpAccessSettingsSummary$displayName": "The display name of the IP access settings.
", "Portal$displayName": "The name of the web portal.
", "PortalSummary$displayName": "The name of the web portal.
", + "UpdateIpAccessSettingsRequest$displayName": "The display name of the IP access settings.
", "UpdatePortalRequest$displayName": "The name of the web portal. This is not visible to users who log into the web portal.
" } }, @@ -576,6 +653,7 @@ "base": null, "refs": { "CreateBrowserSettingsRequest$additionalEncryptionContext": "Additional encryption context of the browser settings.
", + "CreateIpAccessSettingsRequest$additionalEncryptionContext": "Additional encryption context of the IP access settings.
", "CreatePortalRequest$additionalEncryptionContext": "The additional encryption context of the portal.
" } }, @@ -618,6 +696,16 @@ "refs": { } }, + "GetIpAccessSettingsRequest": { + "base": null, + "refs": { + } + }, + "GetIpAccessSettingsResponse": { + "base": null, + "refs": { + } + }, "GetNetworkSettingsRequest": { "base": null, "refs": { @@ -747,6 +835,45 @@ "refs": { } }, + "IpAccessSettings": { + "base": "The IP access settings resource that can be associated with a web portal.
", + "refs": { + "GetIpAccessSettingsResponse$ipAccessSettings": "The IP access settings.
", + "UpdateIpAccessSettingsResponse$ipAccessSettings": "The IP access settings.
" + } + }, + "IpAccessSettingsList": { + "base": null, + "refs": { + "ListIpAccessSettingsResponse$ipAccessSettings": "The IP access settings.
" + } + }, + "IpAccessSettingsSummary": { + "base": "The summary of IP access settings.
", + "refs": { + "IpAccessSettingsList$member": null + } + }, + "IpRange": { + "base": "A single IP address or an IP address range in CIDR notation
", + "refs": { + "IpRule$ipRange": "The IP range of the IP rule.
" + } + }, + "IpRule": { + "base": "The IP rules of the IP access settings.
", + "refs": { + "IpRuleList$member": null + } + }, + "IpRuleList": { + "base": null, + "refs": { + "CreateIpAccessSettingsRequest$ipRules": "The IP rules of the IP access settings.
", + "IpAccessSettings$ipRules": "The IP rules of the IP access settings.
", + "UpdateIpAccessSettingsRequest$ipRules": "The updated IP rules of the IP access settings.
" + } + }, "KinesisStreamArn": { "base": "Kinesis stream ARN to which log events are published.
", "refs": { @@ -776,6 +903,16 @@ "refs": { } }, + "ListIpAccessSettingsRequest": { + "base": null, + "refs": { + } + }, + "ListIpAccessSettingsResponse": { + "base": null, + "refs": { + } + }, "ListNetworkSettingsRequest": { "base": null, "refs": { @@ -851,6 +988,7 @@ "refs": { "ListBrowserSettingsRequest$maxResults": "The maximum number of results to be included in the next page.
", "ListIdentityProvidersRequest$maxResults": "The maximum number of results to be included in the next page.
", + "ListIpAccessSettingsRequest$maxResults": "The maximum number of results to be included in the next page.
", "ListNetworkSettingsRequest$maxResults": "The maximum number of results to be included in the next page.
", "ListPortalsRequest$maxResults": "The maximum number of results to be included in the next page.
", "ListTrustStoreCertificatesRequest$maxResults": "The maximum number of results to be included in the next page.
", @@ -885,6 +1023,8 @@ "ListBrowserSettingsResponse$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", "ListIdentityProvidersRequest$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", "ListIdentityProvidersResponse$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", + "ListIpAccessSettingsRequest$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", + "ListIpAccessSettingsResponse$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", "ListNetworkSettingsRequest$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", "ListNetworkSettingsResponse$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", "ListPortalsRequest$nextToken": "The pagination token used to retrieve the next page of results for this operation.
", @@ -1065,6 +1205,7 @@ "base": null, "refs": { "CreateBrowserSettingsRequest$tags": "The tags to add to the browser settings resource. A tag is a key-value pair.
", + "CreateIpAccessSettingsRequest$tags": "The tags to add to the browser settings resource. A tag is a key-value pair.
", "CreateNetworkSettingsRequest$tags": "The tags to add to the network settings resource. A tag is a key-value pair.
", "CreatePortalRequest$tags": "The tags to add to the web portal. A tag is a key-value pair.
", "CreateTrustStoreRequest$tags": "The tags to add to the trust store. A tag is a key-value pair.
", @@ -1102,6 +1243,8 @@ "Certificate$notValidBefore": "The certificate is not valid before this date.
", "CertificateSummary$notValidAfter": "The certificate is not valid after this date.
", "CertificateSummary$notValidBefore": "The certificate is not valid before this date.
", + "IpAccessSettings$creationDate": "The creation date timestamp of the IP access settings.
", + "IpAccessSettingsSummary$creationDate": "The creation date timestamp of the IP access settings.
", "Portal$creationDate": "The creation date of the web portal.
", "PortalSummary$creationDate": "The creation date of the web portal.
" } @@ -1159,6 +1302,16 @@ "refs": { } }, + "UpdateIpAccessSettingsRequest": { + "base": null, + "refs": { + } + }, + "UpdateIpAccessSettingsResponse": { + "base": null, + "refs": { + } + }, "UpdateNetworkSettingsRequest": { "base": null, "refs": { @@ -1283,6 +1436,7 @@ "base": null, "refs": { "CreateBrowserSettingsRequest$customerManagedKey": "The custom managed key of the browser settings.
", + "CreateIpAccessSettingsRequest$customerManagedKey": "The custom managed key of the IP access settings.
", "CreatePortalRequest$customerManagedKey": "The customer managed key of the web portal.
" } } diff --git a/models/apis/workspaces-web/2020-07-08/endpoint-rule-set-1.json b/models/apis/workspaces-web/2020-07-08/endpoint-rule-set-1.json index 3bc54f2343b..1552c84bcb8 100644 --- a/models/apis/workspaces-web/2020-07-08/endpoint-rule-set-1.json +++ b/models/apis/workspaces-web/2020-07-08/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,90 +111,215 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] }, - "supportsFIPS" + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://workspaces-web-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] }, { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsDualStack" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://workspaces-web-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://workspaces-web-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://workspaces-web.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -222,7 +327,7 @@ { "conditions": [], "endpoint": { - "url": "https://workspaces-web-fips.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://workspaces-web.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -231,74 +336,13 @@ ] } ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://workspaces-web.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://workspaces-web.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/workspaces-web/2020-07-08/endpoint-tests-1.json b/models/apis/workspaces-web/2020-07-08/endpoint-tests-1.json index 02b9e9cf043..c62e398b873 100644 --- a/models/apis/workspaces-web/2020-07-08/endpoint-tests-1.json +++ b/models/apis/workspaces-web/2020-07-08/endpoint-tests-1.json @@ -1,198 +1,29 @@ { "testCases": [ { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.ap-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.ap-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.ca-central-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.ca-central-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.eu-central-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.eu-central-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web.eu-central-1.amazonaws.com" + "url": "https://workspaces-web.eu-west-1.amazonaws.com" } }, "params": { + "Region": "eu-west-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.us-west-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-west-2" + "UseDualStack": false } }, { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.us-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web.us-west-2.api.aws" + "url": "https://workspaces-web.us-east-1.amazonaws.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "us-west-2" + "UseDualStack": false } }, { @@ -203,377 +34,266 @@ } }, "params": { + "Region": "us-west-2", "UseFIPS": false, - "UseDualStack": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.eu-west-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.eu-west-2.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-west-2" + "UseDualStack": false } }, { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.eu-west-1.api.aws" + "url": "https://workspaces-web-fips.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-west-1" + "UseDualStack": true } }, { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.eu-west-1.amazonaws.com" + "url": "https://workspaces-web-fips.us-east-1.amazonaws.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.eu-west-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-west-1" + "UseDualStack": false } }, { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://workspaces-web.eu-west-1.amazonaws.com" + "url": "https://workspaces-web.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-west-1" + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.ap-northeast-2.api.aws" + "url": "https://workspaces-web-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { + "Region": "cn-north-1", "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-northeast-2" + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.ap-northeast-2.amazonaws.com" + "url": "https://workspaces-web-fips.cn-north-1.amazonaws.com.cn" } }, "params": { + "Region": "cn-north-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-northeast-2" + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://workspaces-web.ap-northeast-2.api.aws" + "url": "https://workspaces-web.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { + "Region": "cn-north-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-northeast-2" + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web.ap-northeast-2.amazonaws.com" + "url": "https://workspaces-web.cn-north-1.amazonaws.com.cn" } }, "params": { + "Region": "cn-north-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-northeast-2" + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.ap-northeast-1.api.aws" + "url": "https://workspaces-web-fips.us-gov-east-1.api.aws" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-northeast-1" + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.ap-northeast-1.amazonaws.com" + "url": "https://workspaces-web-fips.us-gov-east-1.amazonaws.com" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-northeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://workspaces-web.ap-northeast-1.api.aws" + "url": "https://workspaces-web.us-gov-east-1.api.aws" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-northeast-1" + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web.ap-northeast-1.amazonaws.com" + "url": "https://workspaces-web.us-gov-east-1.amazonaws.com" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-northeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.ap-southeast-1.api.aws" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { + "Region": "us-iso-east-1", "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-southeast-1" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.ap-southeast-1.amazonaws.com" + "url": "https://workspaces-web-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { + "Region": "us-iso-east-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-southeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://workspaces-web.ap-southeast-1.api.aws" - } + "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { + "Region": "us-iso-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-southeast-1" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web.ap-southeast-1.amazonaws.com" + "url": "https://workspaces-web.us-iso-east-1.c2s.ic.gov" } }, "params": { + "Region": "us-iso-east-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-southeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.ap-southeast-2.api.aws" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { + "Region": "us-isob-east-1", "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-southeast-2" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.ap-southeast-2.amazonaws.com" + "url": "https://workspaces-web-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { + "Region": "us-isob-east-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-southeast-2" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://workspaces-web.ap-southeast-2.api.aws" - } + "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { + "Region": "us-isob-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-southeast-2" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web.ap-southeast-2.amazonaws.com" + "url": "https://workspaces-web.us-isob-east-1.sc2s.sgov.gov" } }, "params": { + "Region": "us-isob-east-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-southeast-2" + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://workspaces-web-fips.us-east-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-east-1" - } - }, - { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web-fips.us-east-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "us-east-1" - } - }, - { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.us-east-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "us-east-1" - } - }, - { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://workspaces-web.us-east-1.amazonaws.com" + "url": "https://example.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, "UseDualStack": false, - "Region": "us-east-1" + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" @@ -582,7 +302,6 @@ "params": { "UseFIPS": false, "UseDualStack": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -592,9 +311,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { + "Region": "us-east-1", "UseFIPS": true, "UseDualStack": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -604,11 +323,17 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { + "Region": "us-east-1", "UseFIPS": false, "UseDualStack": true, - "Region": "us-east-1", "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/apis/workspaces-web/2020-07-08/paginators-1.json b/models/apis/workspaces-web/2020-07-08/paginators-1.json index 202a6316819..98a37865034 100644 --- a/models/apis/workspaces-web/2020-07-08/paginators-1.json +++ b/models/apis/workspaces-web/2020-07-08/paginators-1.json @@ -10,6 +10,11 @@ "output_token": "nextToken", "limit_key": "maxResults" }, + "ListIpAccessSettings": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults" + }, "ListNetworkSettings": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/service/configservice/api.go b/service/configservice/api.go index 25c25ee86bd..e4f7d28237c 100644 --- a/service/configservice/api.go +++ b/service/configservice/api.go @@ -3239,9 +3239,9 @@ func (c *ConfigService) DescribeConfigurationRecorderStatusRequest(input *Descri // recorder is not specified, this action returns the status of all configuration // recorders associated with the account. // -// Currently, you can specify only one configuration recorder per region in -// your account. For a detailed status of recording events over time, add your -// Config events to Amazon CloudWatch metrics and use CloudWatch metrics. +// >You can specify only one configuration recorder for each Amazon Web Services +// Region for each account. For a detailed status of recording events over time, +// add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3323,8 +3323,8 @@ func (c *ConfigService) DescribeConfigurationRecordersRequest(input *DescribeCon // recorder is not specified, this action returns the details for all configuration // recorders associated with the account. // -// Currently, you can specify only one configuration recorder per region in -// your account. +// You can specify only one configuration recorder for each Amazon Web Services +// Region for each account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9208,7 +9208,8 @@ func (c *ConfigService) PutConfigurationAggregatorRequest(input *PutConfiguratio // of accounts and aggregators exceeds the limit. // // - InvalidRoleException -// You have provided a null or empty role ARN. +// You have provided a null or empty Amazon Resource Name (ARN) for the IAM +// role assumed by Config and used by the configuration recorder. // // - OrganizationAccessDeniedException // For PutConfigurationAggregator API, you can see this exception for the following @@ -9308,16 +9309,18 @@ func (c *ConfigService) PutConfigurationRecorderRequest(input *PutConfigurationR // PutConfigurationRecorder API operation for AWS Config. // -// Creates a new configuration recorder to record the selected resource configurations. +// Creates a new configuration recorder to record configuration changes for +// specified resource types. // -// You can use this action to change the role roleARN or the recordingGroup -// of an existing recorder. To change the role, call the action on the existing -// configuration recorder and specify a role. +// You can also use this action to change the roleARN or the recordingGroup +// of an existing recorder. For more information, see Managing the Configuration +// Recorder (https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html) +// in the Config Developer Guide. // -// Currently, you can specify only one configuration recorder per region in -// your account. +// You can specify only one configuration recorder for each Amazon Web Services +// Region for each account. // -// If ConfigurationRecorder does not have the recordingGroup parameter specified, +// If the configuration recorder does not have the recordingGroup field specified, // the default is to record all supported resource types. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -9330,18 +9333,34 @@ func (c *ConfigService) PutConfigurationRecorderRequest(input *PutConfigurationR // Returned Error Types: // // - MaxNumberOfConfigurationRecordersExceededException -// You have reached the limit of the number of recorders you can create. +// You have reached the limit of the number of configuration recorders you can +// create. // // - InvalidConfigurationRecorderNameException -// You have provided a configuration recorder name that is not valid. +// You have provided a name for the configuration recorder that is not valid. // // - InvalidRoleException -// You have provided a null or empty role ARN. +// You have provided a null or empty Amazon Resource Name (ARN) for the IAM +// role assumed by Config and used by the configuration recorder. // // - InvalidRecordingGroupException -// Config throws an exception if the recording group does not contain a valid -// list of resource types. Values that are not valid might also be incorrectly -// formatted. +// Indicates one of the following errors: +// +// - You have provided a combination of parameter values that is not valid. +// For example: Setting the allSupported field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) +// to true, but providing a non-empty list for the resourceTypesfield of +// RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html). +// Setting the allSupported field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) +// to true, but also setting the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) +// to EXCLUSION_BY_RESOURCE_TYPES. +// +// - Every parameter is either null, false, or empty. +// +// - You have reached the limit of the number of resource types you can provide +// for the recording group. +// +// - You have provided resource types or a recording strategy that are not +// valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/PutConfigurationRecorder func (c *ConfigService) PutConfigurationRecorder(input *PutConfigurationRecorderInput) (*PutConfigurationRecorderOutput, error) { @@ -14417,25 +14436,61 @@ func (s *ConfigurationItem) SetVersion(v string) *ConfigurationItem { return s } -// An object that represents the recording of configuration changes of an Amazon -// Web Services resource. +// Records configuration changes to specified resource types. For more information +// about the configuration recorder, see Managing the Configuration Recorder +// (https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html) +// in the Config Developer Guide. type ConfigurationRecorder struct { _ struct{} `type:"structure"` - // The name of the recorder. By default, Config automatically assigns the name - // "default" when creating the configuration recorder. You cannot change the - // assigned name. + // The name of the configuration recorder. Config automatically assigns the + // name of "default" when creating the configuration recorder. + // + // You cannot change the name of the configuration recorder after it has been + // created. To change the configuration recorder name, you must delete it and + // create a new configuration recorder with a new name. Name *string `locationName:"name" min:"1" type:"string"` - // Specifies the types of Amazon Web Services resources for which Config records - // configuration changes. + // Specifies which resource types Config records for configuration changes. + // + // High Number of Config Evaluations + // + // You may notice increased activity in your account during your initial month + // recording with Config when compared to subsequent months. During the initial + // bootstrapping process, Config runs evaluations on all the resources in your + // account that you have selected for Config to record. + // + // If you are running ephemeral workloads, you may see increased activity from + // Config as it records configuration changes associated with creating and deleting + // these temporary resources. An ephemeral workload is a temporary use of computing + // resources that are loaded and run when needed. Examples include Amazon Elastic + // Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling. + // If you want to avoid the increased activity from running ephemeral workloads, + // you can run these types of workloads in a separate account with Config turned + // off to avoid increased configuration recording and rule evaluations. RecordingGroup *RecordingGroup `locationName:"recordingGroup" type:"structure"` - // Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web - // Services resources associated with the account. + // Amazon Resource Name (ARN) of the IAM role assumed by Config and used by + // the configuration recorder. // // While the API model does not require this field, the server will reject a // request without a defined roleARN for the configuration recorder. + // + // Pre-existing Config role + // + // If you have used an Amazon Web Services service that uses Config, such as + // Security Hub or Control Tower, and an Config role has already been created, + // make sure that the IAM role that you use when setting up Config keeps the + // same minimum permissions as the already created Config role. You must do + // this so that the other Amazon Web Services service continues to run as expected. + // + // For example, if Control Tower has an IAM role that allows Config to read + // Amazon Simple Storage Service (Amazon S3) objects, make sure that the same + // permissions are granted within the IAM role you use when setting up Config. + // Otherwise, it may interfere with how Control Tower operates. For more information + // about IAM roles for Config, see Identity and Access Management for Config + // (https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) + // in the Config Developer Guide. RoleARN *string `locationName:"roleARN" type:"string"` } @@ -19779,6 +19834,41 @@ func (s *EvaluationStatus) SetStatus(v string) *EvaluationStatus { return s } +// Specifies whether the configuration recorder excludes resource types from +// being recorded. Use the resourceTypes field to enter a comma-separated list +// of resource types to exclude as exemptions. +type ExclusionByResourceTypes struct { + _ struct{} `type:"structure"` + + // A comma-separated list of resource types to exclude from recording by the + // configuration recorder. + ResourceTypes []*string `locationName:"resourceTypes" type:"list" enum:"ResourceType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExclusionByResourceTypes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExclusionByResourceTypes) GoString() string { + return s.String() +} + +// SetResourceTypes sets the ResourceTypes field's value. +func (s *ExclusionByResourceTypes) SetResourceTypes(v []*string) *ExclusionByResourceTypes { + s.ResourceTypes = v + return s +} + // The controls that Config uses for executing remediations. type ExecutionControls struct { _ struct{} `type:"structure"` @@ -22594,7 +22684,7 @@ func (s *InsufficientPermissionsException) RequestID() string { return s.RespMetadata.RequestID } -// You have provided a configuration recorder name that is not valid. +// You have provided a name for the configuration recorder that is not valid. type InvalidConfigurationRecorderNameException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -22980,9 +23070,23 @@ func (s *InvalidParameterValueException) RequestID() string { return s.RespMetadata.RequestID } -// Config throws an exception if the recording group does not contain a valid -// list of resource types. Values that are not valid might also be incorrectly -// formatted. +// Indicates one of the following errors: +// +// - You have provided a combination of parameter values that is not valid. +// For example: Setting the allSupported field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) +// to true, but providing a non-empty list for the resourceTypesfield of +// RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html). +// Setting the allSupported field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) +// to true, but also setting the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) +// to EXCLUSION_BY_RESOURCE_TYPES. +// +// - Every parameter is either null, false, or empty. +// +// - You have reached the limit of the number of resource types you can provide +// for the recording group. +// +// - You have provided resource types or a recording strategy that are not +// valid. type InvalidRecordingGroupException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -23110,7 +23214,8 @@ func (s *InvalidResultTokenException) RequestID() string { return s.RespMetadata.RequestID } -// You have provided a null or empty role ARN. +// You have provided a null or empty Amazon Resource Name (ARN) for the IAM +// role assumed by Config and used by the configuration recorder. type InvalidRoleException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -24426,7 +24531,8 @@ func (s *MaxNumberOfConfigRulesExceededException) RequestID() string { return s.RespMetadata.RequestID } -// You have reached the limit of the number of recorders you can create. +// You have reached the limit of the number of configuration recorders you can +// create. type MaxNumberOfConfigurationRecordersExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -26965,11 +27071,11 @@ func (s *OrganizationCustomPolicyRuleMetadata) SetTagValueScope(v string) *Organ return s } -// An object that specifies metadata for your organization Config Custom Policy -// rule including the runtime system in use, which accounts have debug logging -// enabled, and other custom rule metadata such as resource type, resource ID -// of Amazon Web Services resource, and organization trigger types that trigger -// Config to evaluate Amazon Web Services resources against a rule. +// metadata for your organization Config Custom Policy rule including the runtime +// system in use, which accounts have debug logging enabled, and other custom +// rule metadata such as resource type, resource ID of Amazon Web Services resource, +// and organization trigger types that trigger Config to evaluate Amazon Web +// Services resources against a rule. type OrganizationCustomPolicyRuleMetadataNoPolicy struct { _ struct{} `type:"structure"` @@ -27103,11 +27209,11 @@ func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetTagValueScope(v string return s } -// An object that specifies organization custom rule metadata such as resource -// type, resource ID of Amazon Web Services resource, Lambda function ARN, and -// organization trigger types that trigger Config to evaluate your Amazon Web -// Services resources against a rule. It also provides the frequency with which -// you want Config to run evaluations for the rule if the trigger type is periodic. +// organization custom rule metadata such as resource type, resource ID of Amazon +// Web Services resource, Lambda function ARN, and organization trigger types +// that trigger Config to evaluate your Amazon Web Services resources against +// a rule. It also provides the frequency with which you want Config to run +// evaluations for the rule if the trigger type is periodic. type OrganizationCustomRuleMetadata struct { _ struct{} `type:"structure"` @@ -27267,10 +27373,10 @@ func (s *OrganizationCustomRuleMetadata) SetTagValueScope(v string) *Organizatio return s } -// An object that specifies organization managed rule metadata such as resource -// type and ID of Amazon Web Services resource along with the rule identifier. -// It also provides the frequency with which you want Config to run evaluations -// for the rule if the trigger type is periodic. +// organization managed rule metadata such as resource type and ID of Amazon +// Web Services resource along with the rule identifier. It also provides the +// frequency with which you want Config to run evaluations for the rule if the +// trigger type is periodic. type OrganizationManagedRuleMetadata struct { _ struct{} `type:"structure"` @@ -27929,8 +28035,8 @@ func (s *PutConfigurationAggregatorOutput) SetConfigurationAggregator(v *Configu type PutConfigurationRecorderInput struct { _ struct{} `type:"structure"` - // The configuration recorder object that records each configuration change - // made to the resources. + // An object for the configuration recorder to record configuration changes + // for specified resource types. // // ConfigurationRecorder is a required field ConfigurationRecorder *ConfigurationRecorder `type:"structure" required:"true"` @@ -29342,84 +29448,151 @@ func (s *QueryInfo) SetSelectFields(v []*FieldInfo) *QueryInfo { return s } -// Specifies which Amazon Web Services resource types Config records for configuration -// changes. In the recording group, you specify whether you want to record all -// supported resource types or only specific types of resources. +// Specifies which resource types Config records for configuration changes. +// In the recording group, you specify whether you want to record all supported +// resource types or to include or exclude specific types of resources. // -// By default, Config records the configuration changes for all supported types -// of regional resources that Config discovers in the region in which it is -// running. Regional resources are tied to a region and can be used only in -// that region. Examples of regional resources are EC2 instances and EBS volumes. +// By default, Config records configuration changes for all supported types +// of Regional resources that Config discovers in the Amazon Web Services Region +// in which it is running. Regional resources are tied to a Region and can be +// used only in that Region. Examples of Regional resources are Amazon EC2 instances +// and Amazon EBS volumes. // // You can also have Config record supported types of global resources. Global -// resources are not tied to a specific region and can be used in all regions. +// resources are not tied to a specific Region and can be used in all Regions. // The global resource types that Config supports include IAM users, groups, // roles, and customer managed policies. // // Global resource types onboarded to Config recording after February 2022 will -// only be recorded in the service's home region for the commercial partition -// and Amazon Web Services GovCloud (US) West for the GovCloud partition. You -// can view the Configuration Items for these new global resource types only -// in their home region and Amazon Web Services GovCloud (US) West. -// -// Supported global resource types onboarded before February 2022 such as AWS::IAM::Group, -// AWS::IAM::Policy, AWS::IAM::Role, AWS::IAM::User remain unchanged, and they -// will continue to deliver Configuration Items in all supported regions in -// Config. The change will only affect new global resource types onboarded after -// February 2022. -// -// To record global resource types onboarded after February 2022, enable All -// Supported Resource Types in the home region of the global resource type you -// want to record. +// be recorded only in the service's home Region for the commercial partition +// and Amazon Web Services GovCloud (US-West) for the Amazon Web Services GovCloud +// (US) partition. You can view the Configuration Items for these new global +// resource types only in their home Region and Amazon Web Services GovCloud +// (US-West). // // If you don't want Config to record all resources, you can specify which types -// of resources it will record with the resourceTypes parameter. +// of resources Config records with the resourceTypes parameter. // -// For a list of supported resource types, see Supported Resource Types (https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources). +// For a list of supported resource types, see Supported Resource Types (https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) +// in the Config developer guide. // // For more information and a table of the Home Regions for Global Resource // Types Onboarded after February 2022, see Selecting Which Resources Config -// Records (https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html). +// Records (https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html) +// in the Config developer guide. type RecordingGroup struct { _ struct{} `type:"structure"` - // Specifies whether Config records configuration changes for every supported - // type of regional resource. + // Specifies whether Config records configuration changes for all supported + // regional resource types. // - // If you set this option to true, when Config adds support for a new type of - // regional resource, it starts recording resources of that type automatically. + // If you set this field to true, when Config adds support for a new type of + // regional resource, Config starts recording resources of that type automatically. // - // If you set this option to true, you cannot enumerate a list of resourceTypes. + // If you set this field to true, you cannot enumerate specific resource types + // to record in the resourceTypes field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html), + // or to exclude in the resourceTypes field of ExclusionByResourceTypes (https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html). AllSupported *bool `locationName:"allSupported" type:"boolean"` - // Specifies whether Config includes all supported types of global resources - // (for example, IAM resources) with the resources that it records. + // An object that specifies how Config excludes resource types from being recorded + // by the configuration recorder. // - // Before you can set this option to true, you must set the allSupported option - // to true. + // To use this option, you must set the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) + // to EXCLUSION_BY_RESOURCE_TYPES. + ExclusionByResourceTypes *ExclusionByResourceTypes `locationName:"exclusionByResourceTypes" type:"structure"` + + // Specifies whether Config records configuration changes for all supported + // global resources. + // + // Before you set this field to true, set the allSupported field of RecordingGroup + // (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) + // to true. Optionally, you can set the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) + // to ALL_SUPPORTED_RESOURCE_TYPES. + // + // If you set this field to true, when Config adds support for a new type of + // global resource in the Region where you set up the configuration recorder, + // Config starts recording resources of that type automatically. // - // If you set this option to true, when Config adds support for a new type of - // global resource, it starts recording resources of that type automatically. + // If you set this field to false but list global resource types in the resourceTypes + // field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html), + // Config will still record configuration changes for those specified resource + // types regardless of if you set the includeGlobalResourceTypes field to false. // - // The configuration details for any global resource are the same in all regions. - // To prevent duplicate configuration items, you should consider customizing - // Config in only one region to record global resources. + // If you do not want to record configuration changes to global resource types, + // make sure to not list them in the resourceTypes field in addition to setting + // the includeGlobalResourceTypes field to false. IncludeGlobalResourceTypes *bool `locationName:"includeGlobalResourceTypes" type:"boolean"` - // A comma-separated list that specifies the types of Amazon Web Services resources - // for which Config records configuration changes (for example, AWS::EC2::Instance - // or AWS::CloudTrail::Trail). + // An object that specifies the recording strategy for the configuration recorder. + // + // * If you set the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) + // to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes + // for all supported regional resource types. You also must set the allSupported + // field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) + // to true. When Config adds support for a new type of regional resource, + // Config automatically starts recording resources of that type. + // + // * If you set the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) + // to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for + // only the resource types you specify in the resourceTypes field of RecordingGroup + // (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html). + // + // * If you set the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) + // to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for + // all supported resource types except the resource types that you specify + // as exemptions to exclude from being recorded in the resourceTypes field + // of ExclusionByResourceTypes (https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html). // - // To record all configuration changes, you must set the allSupported option + // The recordingStrategy field is optional when you set the allSupported field + // of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) // to true. // - // If you set the AllSupported option to false and populate the ResourceTypes - // option with values, when Config adds support for a new type of resource, - // it will not record resources of that type unless you manually add that type + // The recordingStrategy field is optional when you list resource types in the + // resourceTypes field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html). + // + // The recordingStrategy field is required if you list resource types to exclude + // from recording in the resourceTypes field of ExclusionByResourceTypes (https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html). + // + // If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the + // exclusionByResourceTypes field will override other properties in the request. + // + // For example, even if you set includeGlobalResourceTypes to false, global + // resource types will still be automatically recorded in this option unless + // those resource types are specifically listed as exemptions in the resourceTypes + // field of exclusionByResourceTypes. + // + // By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, + // when Config adds support for a new resource type in the Region where you + // set up the configuration recorder, including global resource types, Config + // starts recording resources of that type automatically. + RecordingStrategy *RecordingStrategy `locationName:"recordingStrategy" type:"structure"` + + // A comma-separated list that specifies which resource types Config records. + // + // Optionally, you can set the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) + // to INCLUSION_BY_RESOURCE_TYPES. + // + // To record all configuration changes, set the allSupported field of RecordingGroup + // (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) + // to true, and either omit this field or don't specify any resource types in + // this field. If you set the allSupported field to false and specify values + // for resourceTypes, when Config adds support for a new type of resource, it + // will not record resources of that type unless you manually add that type // to your recording group. // - // For a list of valid resourceTypes values, see the resourceType Value column - // in Supported Amazon Web Services resource Types (https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources). + // For a list of valid resourceTypes values, see the Resource Type Value column + // in Supported Amazon Web Services resource Types (https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) + // in the Config developer guide. + // + // Region Availability + // + // Before specifying a resource type for Config to track, check Resource Coverage + // by Region Availability (https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) + // to see if the resource type is supported in the Amazon Web Services Region + // where you set up Config. If a resource type is supported by Config in at + // least one Region, you can enable the recording of that resource type in all + // Regions supported by Config, even if the specified resource type is not supported + // in the Amazon Web Services Region where you set up Config. ResourceTypes []*string `locationName:"resourceTypes" type:"list" enum:"ResourceType"` } @@ -29447,18 +29620,102 @@ func (s *RecordingGroup) SetAllSupported(v bool) *RecordingGroup { return s } +// SetExclusionByResourceTypes sets the ExclusionByResourceTypes field's value. +func (s *RecordingGroup) SetExclusionByResourceTypes(v *ExclusionByResourceTypes) *RecordingGroup { + s.ExclusionByResourceTypes = v + return s +} + // SetIncludeGlobalResourceTypes sets the IncludeGlobalResourceTypes field's value. func (s *RecordingGroup) SetIncludeGlobalResourceTypes(v bool) *RecordingGroup { s.IncludeGlobalResourceTypes = &v return s } +// SetRecordingStrategy sets the RecordingStrategy field's value. +func (s *RecordingGroup) SetRecordingStrategy(v *RecordingStrategy) *RecordingGroup { + s.RecordingStrategy = v + return s +} + // SetResourceTypes sets the ResourceTypes field's value. func (s *RecordingGroup) SetResourceTypes(v []*string) *RecordingGroup { s.ResourceTypes = v return s } +// Specifies the recording strategy of the configuration recorder. +type RecordingStrategy struct { + _ struct{} `type:"structure"` + + // The recording strategy for the configuration recorder. + // + // * If you set this option to ALL_SUPPORTED_RESOURCE_TYPES, Config records + // configuration changes for all supported regional resource types. You also + // must set the allSupported field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) + // to true. When Config adds support for a new type of regional resource, + // Config automatically starts recording resources of that type. For a list + // of supported resource types, see Supported Resource Types (https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) + // in the Config developer guide. + // + // * If you set this option to INCLUSION_BY_RESOURCE_TYPES, Config records + // configuration changes for only the resource types that you specify in + // the resourceTypes field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html). + // + // * If you set this option to EXCLUSION_BY_RESOURCE_TYPES, Config records + // configuration changes for all supported resource types, except the resource + // types that you specify as exemptions to exclude from being recorded in + // the resourceTypes field of ExclusionByResourceTypes (https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html). + // + // The recordingStrategy field is optional when you set the allSupported field + // of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) + // to true. + // + // The recordingStrategy field is optional when you list resource types in the + // resourceTypes field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html). + // + // The recordingStrategy field is required if you list resource types to exclude + // from recording in the resourceTypes field of ExclusionByResourceTypes (https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html). + // + // If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the + // exclusionByResourceTypes field will override other properties in the request. + // + // For example, even if you set includeGlobalResourceTypes to false, global + // resource types will still be automatically recorded in this option unless + // those resource types are specifically listed as exemptions in the resourceTypes + // field of exclusionByResourceTypes. + // + // By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, + // when Config adds support for a new resource type in the Region where you + // set up the configuration recorder, including global resource types, Config + // starts recording resources of that type automatically. + UseOnly *string `locationName:"useOnly" type:"string" enum:"RecordingStrategyType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecordingStrategy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecordingStrategy) GoString() string { + return s.String() +} + +// SetUseOnly sets the UseOnly field's value. +func (s *RecordingStrategy) SetUseOnly(v string) *RecordingStrategy { + s.UseOnly = &v + return s +} + // The relationship of the related resource to the main resource. type Relationship struct { _ struct{} `type:"structure"` @@ -33444,6 +33701,26 @@ func RecorderStatus_Values() []string { } } +const ( + // RecordingStrategyTypeAllSupportedResourceTypes is a RecordingStrategyType enum value + RecordingStrategyTypeAllSupportedResourceTypes = "ALL_SUPPORTED_RESOURCE_TYPES" + + // RecordingStrategyTypeInclusionByResourceTypes is a RecordingStrategyType enum value + RecordingStrategyTypeInclusionByResourceTypes = "INCLUSION_BY_RESOURCE_TYPES" + + // RecordingStrategyTypeExclusionByResourceTypes is a RecordingStrategyType enum value + RecordingStrategyTypeExclusionByResourceTypes = "EXCLUSION_BY_RESOURCE_TYPES" +) + +// RecordingStrategyType_Values returns all elements of the RecordingStrategyType enum +func RecordingStrategyType_Values() []string { + return []string{ + RecordingStrategyTypeAllSupportedResourceTypes, + RecordingStrategyTypeInclusionByResourceTypes, + RecordingStrategyTypeExclusionByResourceTypes, + } +} + const ( // RemediationExecutionStateQueued is a RemediationExecutionState enum value RemediationExecutionStateQueued = "QUEUED" diff --git a/service/configservice/errors.go b/service/configservice/errors.go index 1c5357e0059..bcce902a835 100644 --- a/service/configservice/errors.go +++ b/service/configservice/errors.go @@ -51,7 +51,7 @@ const ( // ErrCodeInvalidConfigurationRecorderNameException for service response error code // "InvalidConfigurationRecorderNameException". // - // You have provided a configuration recorder name that is not valid. + // You have provided a name for the configuration recorder that is not valid. ErrCodeInvalidConfigurationRecorderNameException = "InvalidConfigurationRecorderNameException" // ErrCodeInvalidDeliveryChannelNameException for service response error code @@ -89,9 +89,23 @@ const ( // ErrCodeInvalidRecordingGroupException for service response error code // "InvalidRecordingGroupException". // - // Config throws an exception if the recording group does not contain a valid - // list of resource types. Values that are not valid might also be incorrectly - // formatted. + // Indicates one of the following errors: + // + // * You have provided a combination of parameter values that is not valid. + // For example: Setting the allSupported field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) + // to true, but providing a non-empty list for the resourceTypesfield of + // RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html). + // Setting the allSupported field of RecordingGroup (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) + // to true, but also setting the useOnly field of RecordingStrategy (https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) + // to EXCLUSION_BY_RESOURCE_TYPES. + // + // * Every parameter is either null, false, or empty. + // + // * You have reached the limit of the number of resource types you can provide + // for the recording group. + // + // * You have provided resource types or a recording strategy that are not + // valid. ErrCodeInvalidRecordingGroupException = "InvalidRecordingGroupException" // ErrCodeInvalidResultTokenException for service response error code @@ -103,7 +117,8 @@ const ( // ErrCodeInvalidRoleException for service response error code // "InvalidRoleException". // - // You have provided a null or empty role ARN. + // You have provided a null or empty Amazon Resource Name (ARN) for the IAM + // role assumed by Config and used by the configuration recorder. ErrCodeInvalidRoleException = "InvalidRoleException" // ErrCodeInvalidS3KeyPrefixException for service response error code @@ -168,7 +183,8 @@ const ( // ErrCodeMaxNumberOfConfigurationRecordersExceededException for service response error code // "MaxNumberOfConfigurationRecordersExceededException". // - // You have reached the limit of the number of recorders you can create. + // You have reached the limit of the number of configuration recorders you can + // create. ErrCodeMaxNumberOfConfigurationRecordersExceededException = "MaxNumberOfConfigurationRecordersExceededException" // ErrCodeMaxNumberOfConformancePacksExceededException for service response error code diff --git a/service/frauddetector/api.go b/service/frauddetector/api.go index 121f5ad66ff..4eb6903db8f 100644 --- a/service/frauddetector/api.go +++ b/service/frauddetector/api.go @@ -12662,6 +12662,53 @@ func (s *Event) SetLabelTimestamp(v string) *Event { return s } +// The event orchestration status. +type EventOrchestration struct { + _ struct{} `type:"structure"` + + // Specifies if event orchestration is enabled through Amazon EventBridge. + // + // EventBridgeEnabled is a required field + EventBridgeEnabled *bool `locationName:"eventBridgeEnabled" type:"boolean" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EventOrchestration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EventOrchestration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EventOrchestration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EventOrchestration"} + if s.EventBridgeEnabled == nil { + invalidParams.Add(request.NewErrParamRequired("EventBridgeEnabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEventBridgeEnabled sets the EventBridgeEnabled field's value. +func (s *EventOrchestration) SetEventBridgeEnabled(v bool) *EventOrchestration { + s.EventBridgeEnabled = &v + return s +} + // Information about the summary of an event prediction. type EventPredictionSummary struct { _ struct{} `type:"structure"` @@ -12761,6 +12808,9 @@ type EventType struct { // and improve fraud predictions. EventIngestion *string `locationName:"eventIngestion" type:"string" enum:"EventIngestion"` + // The event orchestration status. + EventOrchestration *EventOrchestration `locationName:"eventOrchestration" type:"structure"` + // The event type event variables. EventVariables []*string `locationName:"eventVariables" type:"list"` @@ -12825,6 +12875,12 @@ func (s *EventType) SetEventIngestion(v string) *EventType { return s } +// SetEventOrchestration sets the EventOrchestration field's value. +func (s *EventType) SetEventOrchestration(v *EventOrchestration) *EventType { + s.EventOrchestration = v + return s +} + // SetEventVariables sets the EventVariables field's value. func (s *EventType) SetEventVariables(v []*string) *EventType { s.EventVariables = v @@ -16268,7 +16324,7 @@ type LabelSchema struct { // * Use FRAUD if you want to categorize all unlabeled events as “Fraud”. // This is recommended when most of the events in your dataset are fraudulent. // - // * Use LEGIT f you want to categorize all unlabeled events as “Legit”. + // * Use LEGIT if you want to categorize all unlabeled events as “Legit”. // This is recommended when most of the events in your dataset are legitimate. // // * Use AUTO if you want Amazon Fraud Detector to decide how to use the @@ -17906,9 +17962,13 @@ type PutEventTypeInput struct { // EntityTypes is a required field EntityTypes []*string `locationName:"entityTypes" min:"1" type:"list" required:"true"` - // Specifies if ingenstion is enabled or disabled. + // Specifies if ingestion is enabled or disabled. EventIngestion *string `locationName:"eventIngestion" type:"string" enum:"EventIngestion"` + // Enables or disables event orchestration. If enabled, you can send event predictions + // to select AWS services for downstream processing of the events. + EventOrchestration *EventOrchestration `locationName:"eventOrchestration" type:"structure"` + // The event type variables. // // EventVariables is a required field @@ -17968,6 +18028,11 @@ func (s *PutEventTypeInput) Validate() error { if s.Name != nil && len(*s.Name) < 1 { invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } + if s.EventOrchestration != nil { + if err := s.EventOrchestration.Validate(); err != nil { + invalidParams.AddNested("EventOrchestration", err.(request.ErrInvalidParams)) + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -18003,6 +18068,12 @@ func (s *PutEventTypeInput) SetEventIngestion(v string) *PutEventTypeInput { return s } +// SetEventOrchestration sets the EventOrchestration field's value. +func (s *PutEventTypeInput) SetEventOrchestration(v *EventOrchestration) *PutEventTypeInput { + s.EventOrchestration = v + return s +} + // SetEventVariables sets the EventVariables field's value. func (s *PutEventTypeInput) SetEventVariables(v []*string) *PutEventTypeInput { s.EventVariables = v @@ -18304,6 +18375,7 @@ type PutLabelInput struct { // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` + // A collection of key and value pairs. Tags []*Tag `locationName:"tags" type:"list"` } @@ -19689,7 +19761,7 @@ type UncertaintyRange struct { // LowerBoundValue is a required field LowerBoundValue *float64 `locationName:"lowerBoundValue" type:"float" required:"true"` - // The lower bound value of the area under curve (auc). + // The upper bound value of the area under curve (auc). // // UpperBoundValue is a required field UpperBoundValue *float64 `locationName:"upperBoundValue" type:"float" required:"true"` diff --git a/service/frauddetector/doc.go b/service/frauddetector/doc.go index c107832fefe..6e0fb5137c9 100644 --- a/service/frauddetector/doc.go +++ b/service/frauddetector/doc.go @@ -18,8 +18,9 @@ // a request over HTTP or HTTPS. These libraries provide basic functions that // automatically take care of tasks such as cryptographically signing your requests, // retrying requests, and handling error responses, so that it is easier for -// you to get started. For more information about the AWS SDKs, see Tools to -// build on AWS (https://docs.aws.amazon.com/https:/aws.amazon.com/tools/). +// you to get started. For more information about the AWS SDKs, go to Tools +// to build on AWS (https://aws.amazon.com/developer/tools/) page, scroll down +// to the SDK section, and choose plus (+) sign to expand the section. // // See https://docs.aws.amazon.com/goto/WebAPI/frauddetector-2019-11-15 for more information on this service. // diff --git a/service/healthlake/api.go b/service/healthlake/api.go index a4144dbf170..073df0c4f3d 100644 --- a/service/healthlake/api.go +++ b/service/healthlake/api.go @@ -1221,7 +1221,7 @@ func (c *HealthLake) TagResourceRequest(input *TagResourceInput) (req *request.R // TagResource API operation for Amazon HealthLake. // -// Adds a user specifed key and value tag to a Data Store. +// Adds a user specified key and value tag to a Data Store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1486,6 +1486,10 @@ type CreateFHIRDatastoreInput struct { // DatastoreTypeVersion is a required field DatastoreTypeVersion *string `type:"string" required:"true" enum:"FHIRVersion"` + // The configuration of the identity provider that you want to use for your + // Data Store. + IdentityProviderConfiguration *IdentityProviderConfiguration `type:"structure"` + // Optional parameter to preload data upon creation of the Data Store. Currently, // the only supported preloaded data is synthetic data generated from Synthea. PreloadDataConfig *PreloadDataConfig `type:"structure"` @@ -1528,6 +1532,11 @@ func (s *CreateFHIRDatastoreInput) Validate() error { if s.DatastoreTypeVersion == nil { invalidParams.Add(request.NewErrParamRequired("DatastoreTypeVersion")) } + if s.IdentityProviderConfiguration != nil { + if err := s.IdentityProviderConfiguration.Validate(); err != nil { + invalidParams.AddNested("IdentityProviderConfiguration", err.(request.ErrInvalidParams)) + } + } if s.PreloadDataConfig != nil { if err := s.PreloadDataConfig.Validate(); err != nil { invalidParams.AddNested("PreloadDataConfig", err.(request.ErrInvalidParams)) @@ -1573,6 +1582,12 @@ func (s *CreateFHIRDatastoreInput) SetDatastoreTypeVersion(v string) *CreateFHIR return s } +// SetIdentityProviderConfiguration sets the IdentityProviderConfiguration field's value. +func (s *CreateFHIRDatastoreInput) SetIdentityProviderConfiguration(v *IdentityProviderConfiguration) *CreateFHIRDatastoreInput { + s.IdentityProviderConfiguration = v + return s +} + // SetPreloadDataConfig sets the PreloadDataConfig field's value. func (s *CreateFHIRDatastoreInput) SetPreloadDataConfig(v *PreloadDataConfig) *CreateFHIRDatastoreInput { s.PreloadDataConfig = v @@ -1594,14 +1609,13 @@ func (s *CreateFHIRDatastoreInput) SetTags(v []*Tag) *CreateFHIRDatastoreInput { type CreateFHIRDatastoreOutput struct { _ struct{} `type:"structure"` - // The datastore ARN is generated during the creation of the Data Store and + // The Data Store ARN is generated during the creation of the Data Store and // can be found in the output from the initial Data Store creation call. // // DatastoreArn is a required field DatastoreArn *string `type:"string" required:"true"` - // The AWS endpoint for the created Data Store. For preview, only US-east-1 - // endpoints are supported. + // The AWS endpoint for the created Data Store. // // DatastoreEndpoint is a required field DatastoreEndpoint *string `min:"1" type:"string" required:"true"` @@ -1735,7 +1749,7 @@ func (s *DatastoreFilter) SetDatastoreStatus(v string) *DatastoreFilter { return s } -// Displays the properties of the Data Store, including the ID, Arn, name, and +// Displays the properties of the Data Store, including the ID, ARN, name, and // the status of the Data Store. type DatastoreProperties struct { _ struct{} `type:"structure"` @@ -1773,6 +1787,9 @@ type DatastoreProperties struct { // DatastoreTypeVersion is a required field DatastoreTypeVersion *string `type:"string" required:"true" enum:"FHIRVersion"` + // The identity provider that you selected when you created the Data Store. + IdentityProviderConfiguration *IdentityProviderConfiguration `type:"structure"` + // The preloaded data configuration for the Data Store. Only data preloaded // from Synthea is supported. PreloadDataConfig *PreloadDataConfig `type:"structure"` @@ -1842,6 +1859,12 @@ func (s *DatastoreProperties) SetDatastoreTypeVersion(v string) *DatastoreProper return s } +// SetIdentityProviderConfiguration sets the IdentityProviderConfiguration field's value. +func (s *DatastoreProperties) SetIdentityProviderConfiguration(v *IdentityProviderConfiguration) *DatastoreProperties { + s.IdentityProviderConfiguration = v + return s +} + // SetPreloadDataConfig sets the PreloadDataConfig field's value. func (s *DatastoreProperties) SetPreloadDataConfig(v *PreloadDataConfig) *DatastoreProperties { s.PreloadDataConfig = v @@ -1858,7 +1881,9 @@ type DeleteFHIRDatastoreInput struct { _ struct{} `type:"structure"` // The AWS-generated ID for the Data Store to be deleted. - DatastoreId *string `min:"1" type:"string"` + // + // DatastoreId is a required field + DatastoreId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. @@ -1882,6 +1907,9 @@ func (s DeleteFHIRDatastoreInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteFHIRDatastoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteFHIRDatastoreInput"} + if s.DatastoreId == nil { + invalidParams.Add(request.NewErrParamRequired("DatastoreId")) + } if s.DatastoreId != nil && len(*s.DatastoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("DatastoreId", 1)) } @@ -1967,9 +1995,10 @@ func (s *DeleteFHIRDatastoreOutput) SetDatastoreStatus(v string) *DeleteFHIRData type DescribeFHIRDatastoreInput struct { _ struct{} `type:"structure"` - // The AWS-generated Data Store id. This is part of the ‘CreateFHIRDatastore’ - // output. - DatastoreId *string `min:"1" type:"string"` + // The AWS-generated Data Store ID. + // + // DatastoreId is a required field + DatastoreId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. @@ -1993,6 +2022,9 @@ func (s DescribeFHIRDatastoreInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DescribeFHIRDatastoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DescribeFHIRDatastoreInput"} + if s.DatastoreId == nil { + invalidParams.Add(request.NewErrParamRequired("DatastoreId")) + } if s.DatastoreId != nil && len(*s.DatastoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("DatastoreId", 1)) } @@ -2362,6 +2394,104 @@ func (s *ExportJobProperties) SetSubmitTime(v time.Time) *ExportJobProperties { return s } +// The identity provider configuration that you gave when the Data Store was +// created. +type IdentityProviderConfiguration struct { + _ struct{} `type:"structure"` + + // The authorization strategy that you selected when you created the Data Store. + // + // AuthorizationStrategy is a required field + AuthorizationStrategy *string `type:"string" required:"true" enum:"AuthorizationStrategy"` + + // If you enabled fine-grained authorization when you created the Data Store. + FineGrainedAuthorizationEnabled *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) of the Lambda function that you want to use + // to decode the access token created by the authorization server. + IdpLambdaArn *string `min:"49" type:"string"` + + // The JSON metadata elements that you want to use in your identity provider + // configuration. Required elements are listed based on the launch specification + // of the SMART application. For more information on all possible elements, + // see Metadata (https://build.fhir.org/ig/HL7/smart-app-launch/conformance.html#metadata) + // in SMART's App Launch specification. + // + // authorization_endpoint: The URL to the OAuth2 authorization endpoint. + // + // grant_types_supported: An array of grant types that are supported at the + // token endpoint. You must provide at least one grant type option. Valid options + // are authorization_code and client_credentials. + // + // token_endpoint: The URL to the OAuth2 token endpoint. + // + // capabilities: An array of strings of the SMART capabilities that the authorization + // server supports. + // + // code_challenge_methods_supported: An array of strings of supported PKCE code + // challenge methods. You must include the S256 method in the array of PKCE + // code challenge methods. + Metadata *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IdentityProviderConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IdentityProviderConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *IdentityProviderConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "IdentityProviderConfiguration"} + if s.AuthorizationStrategy == nil { + invalidParams.Add(request.NewErrParamRequired("AuthorizationStrategy")) + } + if s.IdpLambdaArn != nil && len(*s.IdpLambdaArn) < 49 { + invalidParams.Add(request.NewErrParamMinLen("IdpLambdaArn", 49)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthorizationStrategy sets the AuthorizationStrategy field's value. +func (s *IdentityProviderConfiguration) SetAuthorizationStrategy(v string) *IdentityProviderConfiguration { + s.AuthorizationStrategy = &v + return s +} + +// SetFineGrainedAuthorizationEnabled sets the FineGrainedAuthorizationEnabled field's value. +func (s *IdentityProviderConfiguration) SetFineGrainedAuthorizationEnabled(v bool) *IdentityProviderConfiguration { + s.FineGrainedAuthorizationEnabled = &v + return s +} + +// SetIdpLambdaArn sets the IdpLambdaArn field's value. +func (s *IdentityProviderConfiguration) SetIdpLambdaArn(v string) *IdentityProviderConfiguration { + s.IdpLambdaArn = &v + return s +} + +// SetMetadata sets the Metadata field's value. +func (s *IdentityProviderConfiguration) SetMetadata(v string) *IdentityProviderConfiguration { + s.Metadata = &v + return s +} + // Displays the properties of the import job, including the ID, Arn, Name, and // the status of the Data Store. type ImportJobProperties struct { @@ -2396,7 +2526,7 @@ type ImportJobProperties struct { JobOutputDataConfig *OutputDataConfig `type:"structure"` // The job status for an Import job. Possible statuses are SUBMITTED, IN_PROGRESS, - // COMPLETED, FAILED. + // COMPLETED_WITH_ERRORS, COMPLETED, FAILED. // // JobStatus is a required field JobStatus *string `type:"string" required:"true" enum:"JobStatus"` @@ -3788,7 +3918,7 @@ type Tag struct { // Key is a required field Key *string `min:"1" type:"string" required:"true"` - // The value portion of tag. Tag values are case sensitive. + // The value portion of a tag. Tag values are case sensitive. // // Value is a required field Value *string `type:"string" required:"true"` @@ -4154,6 +4284,22 @@ func (s *ValidationException) RequestID() string { return s.RespMetadata.RequestID } +const ( + // AuthorizationStrategySmartOnFhirV1 is a AuthorizationStrategy enum value + AuthorizationStrategySmartOnFhirV1 = "SMART_ON_FHIR_V1" + + // AuthorizationStrategyAwsAuth is a AuthorizationStrategy enum value + AuthorizationStrategyAwsAuth = "AWS_AUTH" +) + +// AuthorizationStrategy_Values returns all elements of the AuthorizationStrategy enum +func AuthorizationStrategy_Values() []string { + return []string{ + AuthorizationStrategySmartOnFhirV1, + AuthorizationStrategyAwsAuth, + } +} + const ( // CmkTypeCustomerManagedKmsKey is a CmkType enum value CmkTypeCustomerManagedKmsKey = "CUSTOMER_MANAGED_KMS_KEY" @@ -4221,6 +4367,18 @@ const ( // JobStatusFailed is a JobStatus enum value JobStatusFailed = "FAILED" + + // JobStatusCancelSubmitted is a JobStatus enum value + JobStatusCancelSubmitted = "CANCEL_SUBMITTED" + + // JobStatusCancelInProgress is a JobStatus enum value + JobStatusCancelInProgress = "CANCEL_IN_PROGRESS" + + // JobStatusCancelCompleted is a JobStatus enum value + JobStatusCancelCompleted = "CANCEL_COMPLETED" + + // JobStatusCancelFailed is a JobStatus enum value + JobStatusCancelFailed = "CANCEL_FAILED" ) // JobStatus_Values returns all elements of the JobStatus enum @@ -4231,6 +4389,10 @@ func JobStatus_Values() []string { JobStatusCompletedWithErrors, JobStatusCompleted, JobStatusFailed, + JobStatusCancelSubmitted, + JobStatusCancelInProgress, + JobStatusCancelCompleted, + JobStatusCancelFailed, } } diff --git a/service/m2/api.go b/service/m2/api.go index 725ec944036..845b6b5536d 100644 --- a/service/m2/api.go +++ b/service/m2/api.go @@ -3706,6 +3706,9 @@ type ApplicationSummary struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true"` + // The Amazon Resource Name (ARN) of the role associated with the application. + RoleArn *string `locationName:"roleArn" type:"string"` + // The status of the application. // // Status is a required field @@ -3793,6 +3796,12 @@ func (s *ApplicationSummary) SetName(v string) *ApplicationSummary { return s } +// SetRoleArn sets the RoleArn field's value. +func (s *ApplicationSummary) SetRoleArn(v string) *ApplicationSummary { + s.RoleArn = &v + return s +} + // SetStatus sets the Status field's value. func (s *ApplicationSummary) SetStatus(v string) *ApplicationSummary { s.Status = &v @@ -3920,7 +3929,7 @@ type BatchJobExecutionSummary struct { // ApplicationId is a required field ApplicationId *string `locationName:"applicationId" type:"string" required:"true"` - // Identifies a specific batch job. + // The unique identifier of this batch job. BatchJobIdentifier *BatchJobIdentifier `locationName:"batchJobIdentifier" type:"structure"` // The timestamp when this batch job execution ended. @@ -3940,6 +3949,9 @@ type BatchJobExecutionSummary struct { // The type of a particular batch job execution. JobType *string `locationName:"jobType" type:"string" enum:"BatchJobType"` + // The batch job return code from either the Blu Age or Micro Focus runtime + // engines. For more information, see Batch return codes (https://www.ibm.com/docs/en/was/8.5.5?topic=model-batch-return-codes) + // in the IBM WebSphere Application Server documentation. ReturnCode *string `locationName:"returnCode" type:"string"` // The timestamp when a particular batch job execution started. @@ -4284,6 +4296,9 @@ type CreateApplicationInput struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true"` + // The Amazon Resource Name (ARN) of the role associated with the application. + RoleArn *string `locationName:"roleArn" type:"string"` + // A list of tags to apply to the application. Tags map[string]*string `locationName:"tags" type:"map"` } @@ -4366,6 +4381,12 @@ func (s *CreateApplicationInput) SetName(v string) *CreateApplicationInput { return s } +// SetRoleArn sets the RoleArn field's value. +func (s *CreateApplicationInput) SetRoleArn(v string) *CreateApplicationInput { + s.RoleArn = &v + return s +} + // SetTags sets the Tags field's value. func (s *CreateApplicationInput) SetTags(v map[string]*string) *CreateApplicationInput { s.Tags = v @@ -5357,6 +5378,12 @@ type DatasetDetailOrgAttributes struct { // The generation data group of the data set. Gdg *GdgDetailAttributes `locationName:"gdg" type:"structure"` + // The details of a PO type data set. + Po *PoDetailAttributes `locationName:"po" type:"structure"` + + // The details of a PS type data set. + Ps *PsDetailAttributes `locationName:"ps" type:"structure"` + // The details of a VSAM data set. Vsam *VsamDetailAttributes `locationName:"vsam" type:"structure"` } @@ -5385,6 +5412,18 @@ func (s *DatasetDetailOrgAttributes) SetGdg(v *GdgDetailAttributes) *DatasetDeta return s } +// SetPo sets the Po field's value. +func (s *DatasetDetailOrgAttributes) SetPo(v *PoDetailAttributes) *DatasetDetailOrgAttributes { + s.Po = v + return s +} + +// SetPs sets the Ps field's value. +func (s *DatasetDetailOrgAttributes) SetPs(v *PsDetailAttributes) *DatasetDetailOrgAttributes { + s.Ps = v + return s +} + // SetVsam sets the Vsam field's value. func (s *DatasetDetailOrgAttributes) SetVsam(v *VsamDetailAttributes) *DatasetDetailOrgAttributes { s.Vsam = v @@ -5400,6 +5439,12 @@ type DatasetOrgAttributes struct { // The generation data group of the data set. Gdg *GdgAttributes `locationName:"gdg" type:"structure"` + // The details of a PO type data set. + Po *PoAttributes `locationName:"po" type:"structure"` + + // The details of a PS type data set. + Ps *PsAttributes `locationName:"ps" type:"structure"` + // The details of a VSAM data set. Vsam *VsamAttributes `locationName:"vsam" type:"structure"` } @@ -5425,6 +5470,16 @@ func (s DatasetOrgAttributes) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DatasetOrgAttributes) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DatasetOrgAttributes"} + if s.Po != nil { + if err := s.Po.Validate(); err != nil { + invalidParams.AddNested("Po", err.(request.ErrInvalidParams)) + } + } + if s.Ps != nil { + if err := s.Ps.Validate(); err != nil { + invalidParams.AddNested("Ps", err.(request.ErrInvalidParams)) + } + } if s.Vsam != nil { if err := s.Vsam.Validate(); err != nil { invalidParams.AddNested("Vsam", err.(request.ErrInvalidParams)) @@ -5443,6 +5498,18 @@ func (s *DatasetOrgAttributes) SetGdg(v *GdgAttributes) *DatasetOrgAttributes { return s } +// SetPo sets the Po field's value. +func (s *DatasetOrgAttributes) SetPo(v *PoAttributes) *DatasetOrgAttributes { + s.Po = v + return s +} + +// SetPs sets the Ps field's value. +func (s *DatasetOrgAttributes) SetPs(v *PsAttributes) *DatasetOrgAttributes { + s.Ps = v + return s +} + // SetVsam sets the Vsam field's value. func (s *DatasetOrgAttributes) SetVsam(v *VsamAttributes) *DatasetOrgAttributes { s.Vsam = v @@ -6505,6 +6572,9 @@ type GetApplicationOutput struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true"` + // The Amazon Resource Name (ARN) of the role associated with the application. + RoleArn *string `locationName:"roleArn" type:"string"` + // The status of the application. // // Status is a required field @@ -6629,6 +6699,12 @@ func (s *GetApplicationOutput) SetName(v string) *GetApplicationOutput { return s } +// SetRoleArn sets the RoleArn field's value. +func (s *GetApplicationOutput) SetRoleArn(v string) *GetApplicationOutput { + s.RoleArn = &v + return s +} + // SetStatus sets the Status field's value. func (s *GetApplicationOutput) SetStatus(v string) *GetApplicationOutput { s.Status = &v @@ -6889,7 +6965,7 @@ type GetBatchJobExecutionOutput struct { // ApplicationId is a required field ApplicationId *string `locationName:"applicationId" type:"string" required:"true"` - // Identifies a specific batch job. + // The unique identifier of this batch job. BatchJobIdentifier *BatchJobIdentifier `locationName:"batchJobIdentifier" type:"structure"` // The timestamp when the batch job execution ended. @@ -6912,6 +6988,9 @@ type GetBatchJobExecutionOutput struct { // The user for the job. JobUser *string `locationName:"jobUser" type:"string"` + // The batch job return code from either the Blu Age or Micro Focus runtime + // engines. For more information, see Batch return codes (https://www.ibm.com/docs/en/was/8.5.5?topic=model-batch-return-codes) + // in the IBM WebSphere Application Server documentation. ReturnCode *string `locationName:"returnCode" type:"string"` // The timestamp when the batch job execution started. @@ -9192,6 +9271,125 @@ func (s *PendingMaintenance) SetSchedule(v *MaintenanceSchedule) *PendingMainten return s } +// The supported properties for a PO type data set. +type PoAttributes struct { + _ struct{} `type:"structure"` + + // The character set encoding of the data set. + Encoding *string `locationName:"encoding" type:"string"` + + // The format of the data set records. + // + // Format is a required field + Format *string `locationName:"format" type:"string" required:"true"` + + // An array containing one or more filename extensions, allowing you to specify + // which files to be included as PDS member. + // + // MemberFileExtensions is a required field + MemberFileExtensions []*string `locationName:"memberFileExtensions" min:"1" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PoAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PoAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PoAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PoAttributes"} + if s.Format == nil { + invalidParams.Add(request.NewErrParamRequired("Format")) + } + if s.MemberFileExtensions == nil { + invalidParams.Add(request.NewErrParamRequired("MemberFileExtensions")) + } + if s.MemberFileExtensions != nil && len(s.MemberFileExtensions) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MemberFileExtensions", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncoding sets the Encoding field's value. +func (s *PoAttributes) SetEncoding(v string) *PoAttributes { + s.Encoding = &v + return s +} + +// SetFormat sets the Format field's value. +func (s *PoAttributes) SetFormat(v string) *PoAttributes { + s.Format = &v + return s +} + +// SetMemberFileExtensions sets the MemberFileExtensions field's value. +func (s *PoAttributes) SetMemberFileExtensions(v []*string) *PoAttributes { + s.MemberFileExtensions = v + return s +} + +// The supported properties for a PO type data set. +type PoDetailAttributes struct { + _ struct{} `type:"structure"` + + // The character set encoding of the data set. + // + // Encoding is a required field + Encoding *string `locationName:"encoding" type:"string" required:"true"` + + // The format of the data set records. + // + // Format is a required field + Format *string `locationName:"format" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PoDetailAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PoDetailAttributes) GoString() string { + return s.String() +} + +// SetEncoding sets the Encoding field's value. +func (s *PoDetailAttributes) SetEncoding(v string) *PoDetailAttributes { + s.Encoding = &v + return s +} + +// SetFormat sets the Format field's value. +func (s *PoDetailAttributes) SetFormat(v string) *PoDetailAttributes { + s.Format = &v + return s +} + // The primary key for a KSDS data set. type PrimaryKey struct { _ struct{} `type:"structure"` @@ -9264,6 +9462,107 @@ func (s *PrimaryKey) SetOffset(v int64) *PrimaryKey { return s } +// The supported properties for a PS type data set. +type PsAttributes struct { + _ struct{} `type:"structure"` + + // The character set encoding of the data set. + Encoding *string `locationName:"encoding" type:"string"` + + // The format of the data set records. + // + // Format is a required field + Format *string `locationName:"format" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PsAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PsAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PsAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PsAttributes"} + if s.Format == nil { + invalidParams.Add(request.NewErrParamRequired("Format")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncoding sets the Encoding field's value. +func (s *PsAttributes) SetEncoding(v string) *PsAttributes { + s.Encoding = &v + return s +} + +// SetFormat sets the Format field's value. +func (s *PsAttributes) SetFormat(v string) *PsAttributes { + s.Format = &v + return s +} + +// The supported properties for a PS type data set. +type PsDetailAttributes struct { + _ struct{} `type:"structure"` + + // The character set encoding of the data set. + // + // Encoding is a required field + Encoding *string `locationName:"encoding" type:"string" required:"true"` + + // The format of the data set records. + // + // Format is a required field + Format *string `locationName:"format" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PsDetailAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PsDetailAttributes) GoString() string { + return s.String() +} + +// SetEncoding sets the Encoding field's value. +func (s *PsDetailAttributes) SetEncoding(v string) *PsDetailAttributes { + s.Encoding = &v + return s +} + +// SetFormat sets the Format field's value. +func (s *PsDetailAttributes) SetFormat(v string) *PsDetailAttributes { + s.Format = &v + return s +} + // The length of the records in the data set. type RecordLength struct { _ struct{} `type:"structure"` diff --git a/service/rds/api.go b/service/rds/api.go index b2f5d76df24..adb94f14ca0 100644 --- a/service/rds/api.go +++ b/service/rds/api.go @@ -20248,6 +20248,11 @@ type CreateDBClusterInput struct { // Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters) // // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // + // For more information on storage types for Aurora DB clusters, see Storage + // configurations for Amazon Aurora DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type). + // For more information on storage types for Multi-AZ DB clusters, see Settings + // for creating Multi-AZ DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings). StorageType *string `type:"string"` // Tags to assign to the DB cluster. @@ -41552,6 +41557,33 @@ type ModifyDBInstanceInput struct { // This setting doesn't apply to RDS Custom. EnablePerformanceInsights *bool `type:"boolean"` + // The target Oracle DB engine when you convert a non-CDB to a CDB. This intermediate + // step is necessary to upgrade an Oracle Database 19c non-CDB to an Oracle + // Database 21c CDB. + // + // Note the following requirements: + // + // * Make sure that you specify oracle-ee-cdb or oracle-se2-cdb. + // + // * Make sure that your DB engine runs Oracle Database 19c with an April + // 2021 or later RU. + // + // Note the following limitations: + // + // * You can't convert a CDB to a non-CDB. + // + // * You can't convert a replica database. + // + // * You can't convert a non-CDB to a CDB and upgrade the engine version + // in the same command. + // + // * You can't convert the existing custom parameter or option group when + // it has options or parameters that are permanent or persistent. In this + // situation, the DB instance reverts to the default option and parameter + // group. To avoid reverting to the default, specify a new parameter group + // with --db-parameter-group-name and a new option group with --option-group-name. + Engine *string `type:"string"` + // The version number of the database engine to upgrade to. Changing this parameter // results in an outage and the change is applied during the next maintenance // window unless the ApplyImmediately parameter is enabled for this request. @@ -42194,6 +42226,12 @@ func (s *ModifyDBInstanceInput) SetEnablePerformanceInsights(v bool) *ModifyDBIn return s } +// SetEngine sets the Engine field's value. +func (s *ModifyDBInstanceInput) SetEngine(v string) *ModifyDBInstanceInput { + s.Engine = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *ModifyDBInstanceInput) SetEngineVersion(v string) *ModifyDBInstanceInput { s.EngineVersion = &v @@ -43016,10 +43054,6 @@ type ModifyDBSnapshotInput struct { // // Oracle // - // * 19.0.0.0.ru-2022-01.rur-2022-01.r1 (supported for 12.2.0.1 DB snapshots) - // - // * 19.0.0.0.ru-2022-07.rur-2022-07.r1 (supported for 12.1.0.2 DB snapshots) - // // * 12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots) // // * 11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots) @@ -45113,6 +45147,9 @@ type PendingModifiedValues struct { // The DB subnet group for the DB instance. DBSubnetGroupName *string `type:"string"` + // The database engine of the DB instance. + Engine *string `type:"string"` + // The database engine version. EngineVersion *string `type:"string"` @@ -45218,6 +45255,12 @@ func (s *PendingModifiedValues) SetDBSubnetGroupName(v string) *PendingModifiedV return s } +// SetEngine sets the Engine field's value. +func (s *PendingModifiedValues) SetEngine(v string) *PendingModifiedValues { + s.Engine = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *PendingModifiedValues) SetEngineVersion(v string) *PendingModifiedValues { s.EngineVersion = &v diff --git a/service/servicecatalog/api.go b/service/servicecatalog/api.go index 213926422f3..9c57236dd8b 100644 --- a/service/servicecatalog/api.go +++ b/service/servicecatalog/api.go @@ -3945,6 +3945,16 @@ func (c *ServiceCatalog) DisassociatePrincipalFromPortfolioRequest(input *Disass // be able to provision products in this portfolio using a role matching the // name of the associated principal. // +// For more information, review associate-principal-with-portfolio (https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/associate-principal-with-portfolio.html#options) +// in the Amazon Web Services CLI Command Reference. +// +// If you disassociate a principal from a portfolio, with PrincipalType as IAM, +// the same principal will still have access to the portfolio if it matches +// one of the associated principals of type IAM_PATTERN. To fully remove access +// for a principal, verify all the associated Principals of type IAM_PATTERN, +// and then ensure you disassociate any IAM_PATTERN principals that match the +// principal whose access you are removing. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9220,18 +9230,58 @@ type AssociatePrincipalWithPortfolioInput struct { // PortfolioId is a required field PortfolioId *string `min:"1" type:"string" required:"true"` - // The ARN of the principal (user, role, or group). This field allows an ARN - // with no accountID if PrincipalType is IAM_PATTERN. + // The ARN of the principal (user, role, or group). The supported value is a + // fully defined IAM ARN (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) + // if the PrincipalType is IAM. If the PrincipalType is IAM_PATTERN, the supported + // value is an IAM ARN without an AccountID in the following format: + // + // arn:partition:iam:::resource-type/resource-id + // + // The resource-id can be either of the following: + // + // * Fully formed, for example arn:aws:iam:::role/resource-name or arn:aws:iam:::role/resource-path/resource-name + // + // * A wildcard ARN. The wildcard ARN accepts IAM_PATTERN values with a "*" + // or "?" in the resource-id segment of the ARN, for example arn:partition:service:::resource-type/resource-path/resource-name. + // The new symbols are exclusive to the resource-path and resource-name and + // cannot be used to replace the resource-type or other ARN values. + // + // Examples of an acceptable wildcard ARN: + // + // * arn:aws:iam:::role/ResourceName_* // - // You can associate multiple IAM patterns even if the account has no principal - // with that name. This is useful in Principal Name Sharing if you want to share - // a principal without creating it in the account that owns the portfolio. + // * arn:aws:iam:::role/*/ResourceName_? + // + // Examples of an unacceptable wildcard ARN: + // + // * arn:aws:iam:::*/ResourceName + // + // You can associate multiple IAM_PATTERNs even if the account has no principal + // with that name. + // + // * The ARN path and principal name allow unlimited wildcard characters. + // + // * The "?" wildcard character matches zero or one of any character. This + // is similar to ".?" in regular regex context. + // + // * The "*" wildcard character matches any number of any characters. This + // is similar ".*" in regular regex context. + // + // * In the IAM Principal ARNs format (arn:partition:iam:::resource-type/resource-path/resource-name), + // valid resource-type values include user/, group/, or role/. The "?" and + // "*" are allowed only after the resource-type, in the resource-id segment. + // You can use special characters anywhere within the resource-id. + // + // * The "*" also matches the "/" character, allowing paths to be formed + // within the resource-id. For example, arn:aws:iam:::role/*/ResourceName_? + // matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1. // // PrincipalARN is a required field PrincipalARN *string `min:"1" type:"string" required:"true"` // The principal type. The supported value is IAM if you use a fully defined - // ARN, or IAM_PATTERN if you use an ARN with no accountID. + // ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without + // wildcard characters. // // PrincipalType is a required field PrincipalType *string `type:"string" required:"true" enum:"PrincipalType"` @@ -14669,13 +14719,14 @@ type DisassociatePrincipalFromPortfolioInput struct { PortfolioId *string `min:"1" type:"string" required:"true"` // The ARN of the principal (user, role, or group). This field allows an ARN - // with no accountID if PrincipalType is IAM_PATTERN. + // with no accountID with or without wildcard characters if PrincipalType is + // IAM_PATTERN. // // PrincipalARN is a required field PrincipalARN *string `min:"1" type:"string" required:"true"` // The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN - // if you use no accountID. + // if you specify an IAM ARN with no AccountId, with or without wildcard characters. PrincipalType *string `type:"string" enum:"PrincipalType"` } @@ -19376,11 +19427,16 @@ type Principal struct { _ struct{} `type:"structure"` // The ARN of the principal (user, role, or group). This field allows for an - // ARN with no accountID if the PrincipalType is an IAM_PATTERN. + // ARN with no accountID, with or without wildcard characters if the PrincipalType + // is an IAM_PATTERN. + // + // For more information, review associate-principal-with-portfolio (https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/associate-principal-with-portfolio.html#options) + // in the Amazon Web Services CLI Command Reference. PrincipalARN *string `min:"1" type:"string"` // The principal type. The supported value is IAM if you use a fully defined - // ARN, or IAM_PATTERN if you use an ARN with no accountID. + // ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without + // wildcard characters. PrincipalType *string `type:"string" enum:"PrincipalType"` } diff --git a/service/workspacesweb/api.go b/service/workspacesweb/api.go index 12aecafc254..0e23331750d 100644 --- a/service/workspacesweb/api.go +++ b/service/workspacesweb/api.go @@ -107,6 +107,100 @@ func (c *WorkSpacesWeb) AssociateBrowserSettingsWithContext(ctx aws.Context, inp return out, req.Send() } +const opAssociateIpAccessSettings = "AssociateIpAccessSettings" + +// AssociateIpAccessSettingsRequest generates a "aws/request.Request" representing the +// client's request for the AssociateIpAccessSettings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateIpAccessSettings for more information on using the AssociateIpAccessSettings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the AssociateIpAccessSettingsRequest method. +// req, resp := client.AssociateIpAccessSettingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/AssociateIpAccessSettings +func (c *WorkSpacesWeb) AssociateIpAccessSettingsRequest(input *AssociateIpAccessSettingsInput) (req *request.Request, output *AssociateIpAccessSettingsOutput) { + op := &request.Operation{ + Name: opAssociateIpAccessSettings, + HTTPMethod: "PUT", + HTTPPath: "/portals/{portalArn+}/ipAccessSettings", + } + + if input == nil { + input = &AssociateIpAccessSettingsInput{} + } + + output = &AssociateIpAccessSettingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateIpAccessSettings API operation for Amazon WorkSpaces Web. +// +// Associates an IP access settings resource with a web portal. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon WorkSpaces Web's +// API operation AssociateIpAccessSettings for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// There is an internal server error. +// +// - ResourceNotFoundException +// The resource cannot be found. +// +// - AccessDeniedException +// Access is denied. +// +// - ThrottlingException +// There is a throttling error. +// +// - ValidationException +// There is a validation error. +// +// - ConflictException +// There is a conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/AssociateIpAccessSettings +func (c *WorkSpacesWeb) AssociateIpAccessSettings(input *AssociateIpAccessSettingsInput) (*AssociateIpAccessSettingsOutput, error) { + req, out := c.AssociateIpAccessSettingsRequest(input) + return out, req.Send() +} + +// AssociateIpAccessSettingsWithContext is the same as AssociateIpAccessSettings with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateIpAccessSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) AssociateIpAccessSettingsWithContext(ctx aws.Context, input *AssociateIpAccessSettingsInput, opts ...request.Option) (*AssociateIpAccessSettingsOutput, error) { + req, out := c.AssociateIpAccessSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAssociateNetworkSettings = "AssociateNetworkSettings" // AssociateNetworkSettingsRequest generates a "aws/request.Request" representing the @@ -677,6 +771,101 @@ func (c *WorkSpacesWeb) CreateIdentityProviderWithContext(ctx aws.Context, input return out, req.Send() } +const opCreateIpAccessSettings = "CreateIpAccessSettings" + +// CreateIpAccessSettingsRequest generates a "aws/request.Request" representing the +// client's request for the CreateIpAccessSettings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateIpAccessSettings for more information on using the CreateIpAccessSettings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateIpAccessSettingsRequest method. +// req, resp := client.CreateIpAccessSettingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/CreateIpAccessSettings +func (c *WorkSpacesWeb) CreateIpAccessSettingsRequest(input *CreateIpAccessSettingsInput) (req *request.Request, output *CreateIpAccessSettingsOutput) { + op := &request.Operation{ + Name: opCreateIpAccessSettings, + HTTPMethod: "POST", + HTTPPath: "/ipAccessSettings", + } + + if input == nil { + input = &CreateIpAccessSettingsInput{} + } + + output = &CreateIpAccessSettingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateIpAccessSettings API operation for Amazon WorkSpaces Web. +// +// Creates an IP access settings resource that can be associated with a web +// portal. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon WorkSpaces Web's +// API operation CreateIpAccessSettings for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// There is an internal server error. +// +// - AccessDeniedException +// Access is denied. +// +// - ThrottlingException +// There is a throttling error. +// +// - ServiceQuotaExceededException +// The service quota has been exceeded. +// +// - ValidationException +// There is a validation error. +// +// - ConflictException +// There is a conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/CreateIpAccessSettings +func (c *WorkSpacesWeb) CreateIpAccessSettings(input *CreateIpAccessSettingsInput) (*CreateIpAccessSettingsOutput, error) { + req, out := c.CreateIpAccessSettingsRequest(input) + return out, req.Send() +} + +// CreateIpAccessSettingsWithContext is the same as CreateIpAccessSettings with the addition of +// the ability to pass a context and additional request options. +// +// See CreateIpAccessSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) CreateIpAccessSettingsWithContext(ctx aws.Context, input *CreateIpAccessSettingsInput, opts ...request.Option) (*CreateIpAccessSettingsOutput, error) { + req, out := c.CreateIpAccessSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateNetworkSettings = "CreateNetworkSettings" // CreateNetworkSettingsRequest generates a "aws/request.Request" representing the @@ -1344,6 +1533,98 @@ func (c *WorkSpacesWeb) DeleteIdentityProviderWithContext(ctx aws.Context, input return out, req.Send() } +const opDeleteIpAccessSettings = "DeleteIpAccessSettings" + +// DeleteIpAccessSettingsRequest generates a "aws/request.Request" representing the +// client's request for the DeleteIpAccessSettings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteIpAccessSettings for more information on using the DeleteIpAccessSettings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteIpAccessSettingsRequest method. +// req, resp := client.DeleteIpAccessSettingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DeleteIpAccessSettings +func (c *WorkSpacesWeb) DeleteIpAccessSettingsRequest(input *DeleteIpAccessSettingsInput) (req *request.Request, output *DeleteIpAccessSettingsOutput) { + op := &request.Operation{ + Name: opDeleteIpAccessSettings, + HTTPMethod: "DELETE", + HTTPPath: "/ipAccessSettings/{ipAccessSettingsArn+}", + } + + if input == nil { + input = &DeleteIpAccessSettingsInput{} + } + + output = &DeleteIpAccessSettingsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteIpAccessSettings API operation for Amazon WorkSpaces Web. +// +// Deletes IP access settings. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon WorkSpaces Web's +// API operation DeleteIpAccessSettings for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// There is an internal server error. +// +// - AccessDeniedException +// Access is denied. +// +// - ThrottlingException +// There is a throttling error. +// +// - ValidationException +// There is a validation error. +// +// - ConflictException +// There is a conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DeleteIpAccessSettings +func (c *WorkSpacesWeb) DeleteIpAccessSettings(input *DeleteIpAccessSettingsInput) (*DeleteIpAccessSettingsOutput, error) { + req, out := c.DeleteIpAccessSettingsRequest(input) + return out, req.Send() +} + +// DeleteIpAccessSettingsWithContext is the same as DeleteIpAccessSettings with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteIpAccessSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) DeleteIpAccessSettingsWithContext(ctx aws.Context, input *DeleteIpAccessSettingsInput, opts ...request.Option) (*DeleteIpAccessSettingsOutput, error) { + req, out := c.DeleteIpAccessSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteNetworkSettings = "DeleteNetworkSettings" // DeleteNetworkSettingsRequest generates a "aws/request.Request" representing the @@ -1896,58 +2177,58 @@ func (c *WorkSpacesWeb) DisassociateBrowserSettingsWithContext(ctx aws.Context, return out, req.Send() } -const opDisassociateNetworkSettings = "DisassociateNetworkSettings" +const opDisassociateIpAccessSettings = "DisassociateIpAccessSettings" -// DisassociateNetworkSettingsRequest generates a "aws/request.Request" representing the -// client's request for the DisassociateNetworkSettings operation. The "output" return +// DisassociateIpAccessSettingsRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateIpAccessSettings operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DisassociateNetworkSettings for more information on using the DisassociateNetworkSettings +// See DisassociateIpAccessSettings for more information on using the DisassociateIpAccessSettings // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the DisassociateNetworkSettingsRequest method. -// req, resp := client.DisassociateNetworkSettingsRequest(params) +// // Example sending a request using the DisassociateIpAccessSettingsRequest method. +// req, resp := client.DisassociateIpAccessSettingsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateNetworkSettings -func (c *WorkSpacesWeb) DisassociateNetworkSettingsRequest(input *DisassociateNetworkSettingsInput) (req *request.Request, output *DisassociateNetworkSettingsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateIpAccessSettings +func (c *WorkSpacesWeb) DisassociateIpAccessSettingsRequest(input *DisassociateIpAccessSettingsInput) (req *request.Request, output *DisassociateIpAccessSettingsOutput) { op := &request.Operation{ - Name: opDisassociateNetworkSettings, + Name: opDisassociateIpAccessSettings, HTTPMethod: "DELETE", - HTTPPath: "/portals/{portalArn+}/networkSettings", + HTTPPath: "/portals/{portalArn+}/ipAccessSettings", } if input == nil { - input = &DisassociateNetworkSettingsInput{} + input = &DisassociateIpAccessSettingsInput{} } - output = &DisassociateNetworkSettingsOutput{} + output = &DisassociateIpAccessSettingsOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DisassociateNetworkSettings API operation for Amazon WorkSpaces Web. +// DisassociateIpAccessSettings API operation for Amazon WorkSpaces Web. // -// Disassociates network settings from a web portal. +// Disassociates IP access settings from a web portal. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon WorkSpaces Web's -// API operation DisassociateNetworkSettings for usage and error information. +// API operation DisassociateIpAccessSettings for usage and error information. // // Returned Error Types: // @@ -1966,58 +2247,150 @@ func (c *WorkSpacesWeb) DisassociateNetworkSettingsRequest(input *DisassociateNe // - ValidationException // There is a validation error. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateNetworkSettings -func (c *WorkSpacesWeb) DisassociateNetworkSettings(input *DisassociateNetworkSettingsInput) (*DisassociateNetworkSettingsOutput, error) { - req, out := c.DisassociateNetworkSettingsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateIpAccessSettings +func (c *WorkSpacesWeb) DisassociateIpAccessSettings(input *DisassociateIpAccessSettingsInput) (*DisassociateIpAccessSettingsOutput, error) { + req, out := c.DisassociateIpAccessSettingsRequest(input) return out, req.Send() } -// DisassociateNetworkSettingsWithContext is the same as DisassociateNetworkSettings with the addition of +// DisassociateIpAccessSettingsWithContext is the same as DisassociateIpAccessSettings with the addition of // the ability to pass a context and additional request options. // -// See DisassociateNetworkSettings for details on how to use this API operation. +// See DisassociateIpAccessSettings for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *WorkSpacesWeb) DisassociateNetworkSettingsWithContext(ctx aws.Context, input *DisassociateNetworkSettingsInput, opts ...request.Option) (*DisassociateNetworkSettingsOutput, error) { - req, out := c.DisassociateNetworkSettingsRequest(input) +func (c *WorkSpacesWeb) DisassociateIpAccessSettingsWithContext(ctx aws.Context, input *DisassociateIpAccessSettingsInput, opts ...request.Option) (*DisassociateIpAccessSettingsOutput, error) { + req, out := c.DisassociateIpAccessSettingsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDisassociateTrustStore = "DisassociateTrustStore" +const opDisassociateNetworkSettings = "DisassociateNetworkSettings" -// DisassociateTrustStoreRequest generates a "aws/request.Request" representing the -// client's request for the DisassociateTrustStore operation. The "output" return +// DisassociateNetworkSettingsRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateNetworkSettings operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DisassociateTrustStore for more information on using the DisassociateTrustStore +// See DisassociateNetworkSettings for more information on using the DisassociateNetworkSettings // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the DisassociateTrustStoreRequest method. -// req, resp := client.DisassociateTrustStoreRequest(params) +// // Example sending a request using the DisassociateNetworkSettingsRequest method. +// req, resp := client.DisassociateNetworkSettingsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateTrustStore -func (c *WorkSpacesWeb) DisassociateTrustStoreRequest(input *DisassociateTrustStoreInput) (req *request.Request, output *DisassociateTrustStoreOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateNetworkSettings +func (c *WorkSpacesWeb) DisassociateNetworkSettingsRequest(input *DisassociateNetworkSettingsInput) (req *request.Request, output *DisassociateNetworkSettingsOutput) { op := &request.Operation{ - Name: opDisassociateTrustStore, + Name: opDisassociateNetworkSettings, HTTPMethod: "DELETE", - HTTPPath: "/portals/{portalArn+}/trustStores", + HTTPPath: "/portals/{portalArn+}/networkSettings", + } + + if input == nil { + input = &DisassociateNetworkSettingsInput{} + } + + output = &DisassociateNetworkSettingsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DisassociateNetworkSettings API operation for Amazon WorkSpaces Web. +// +// Disassociates network settings from a web portal. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon WorkSpaces Web's +// API operation DisassociateNetworkSettings for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// There is an internal server error. +// +// - ResourceNotFoundException +// The resource cannot be found. +// +// - AccessDeniedException +// Access is denied. +// +// - ThrottlingException +// There is a throttling error. +// +// - ValidationException +// There is a validation error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateNetworkSettings +func (c *WorkSpacesWeb) DisassociateNetworkSettings(input *DisassociateNetworkSettingsInput) (*DisassociateNetworkSettingsOutput, error) { + req, out := c.DisassociateNetworkSettingsRequest(input) + return out, req.Send() +} + +// DisassociateNetworkSettingsWithContext is the same as DisassociateNetworkSettings with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateNetworkSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) DisassociateNetworkSettingsWithContext(ctx aws.Context, input *DisassociateNetworkSettingsInput, opts ...request.Option) (*DisassociateNetworkSettingsOutput, error) { + req, out := c.DisassociateNetworkSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisassociateTrustStore = "DisassociateTrustStore" + +// DisassociateTrustStoreRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateTrustStore operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateTrustStore for more information on using the DisassociateTrustStore +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisassociateTrustStoreRequest method. +// req, resp := client.DisassociateTrustStoreRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/DisassociateTrustStore +func (c *WorkSpacesWeb) DisassociateTrustStoreRequest(input *DisassociateTrustStoreInput) (req *request.Request, output *DisassociateTrustStoreOutput) { + op := &request.Operation{ + Name: opDisassociateTrustStore, + HTTPMethod: "DELETE", + HTTPPath: "/portals/{portalArn+}/trustStores", } if input == nil { @@ -2446,6 +2819,97 @@ func (c *WorkSpacesWeb) GetIdentityProviderWithContext(ctx aws.Context, input *G return out, req.Send() } +const opGetIpAccessSettings = "GetIpAccessSettings" + +// GetIpAccessSettingsRequest generates a "aws/request.Request" representing the +// client's request for the GetIpAccessSettings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetIpAccessSettings for more information on using the GetIpAccessSettings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetIpAccessSettingsRequest method. +// req, resp := client.GetIpAccessSettingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/GetIpAccessSettings +func (c *WorkSpacesWeb) GetIpAccessSettingsRequest(input *GetIpAccessSettingsInput) (req *request.Request, output *GetIpAccessSettingsOutput) { + op := &request.Operation{ + Name: opGetIpAccessSettings, + HTTPMethod: "GET", + HTTPPath: "/ipAccessSettings/{ipAccessSettingsArn+}", + } + + if input == nil { + input = &GetIpAccessSettingsInput{} + } + + output = &GetIpAccessSettingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetIpAccessSettings API operation for Amazon WorkSpaces Web. +// +// Gets the IP access settings. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon WorkSpaces Web's +// API operation GetIpAccessSettings for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// There is an internal server error. +// +// - ResourceNotFoundException +// The resource cannot be found. +// +// - AccessDeniedException +// Access is denied. +// +// - ThrottlingException +// There is a throttling error. +// +// - ValidationException +// There is a validation error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/GetIpAccessSettings +func (c *WorkSpacesWeb) GetIpAccessSettings(input *GetIpAccessSettingsInput) (*GetIpAccessSettingsOutput, error) { + req, out := c.GetIpAccessSettingsRequest(input) + return out, req.Send() +} + +// GetIpAccessSettingsWithContext is the same as GetIpAccessSettings with the addition of +// the ability to pass a context and additional request options. +// +// See GetIpAccessSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) GetIpAccessSettingsWithContext(ctx aws.Context, input *GetIpAccessSettingsInput, opts ...request.Option) (*GetIpAccessSettingsOutput, error) { + req, out := c.GetIpAccessSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetNetworkSettings = "GetNetworkSettings" // GetNetworkSettingsRequest generates a "aws/request.Request" representing the @@ -3373,36 +3837,36 @@ func (c *WorkSpacesWeb) ListIdentityProvidersPagesWithContext(ctx aws.Context, i return p.Err() } -const opListNetworkSettings = "ListNetworkSettings" +const opListIpAccessSettings = "ListIpAccessSettings" -// ListNetworkSettingsRequest generates a "aws/request.Request" representing the -// client's request for the ListNetworkSettings operation. The "output" return +// ListIpAccessSettingsRequest generates a "aws/request.Request" representing the +// client's request for the ListIpAccessSettings operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListNetworkSettings for more information on using the ListNetworkSettings +// See ListIpAccessSettings for more information on using the ListIpAccessSettings // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ListNetworkSettingsRequest method. -// req, resp := client.ListNetworkSettingsRequest(params) +// // Example sending a request using the ListIpAccessSettingsRequest method. +// req, resp := client.ListIpAccessSettingsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListNetworkSettings -func (c *WorkSpacesWeb) ListNetworkSettingsRequest(input *ListNetworkSettingsInput) (req *request.Request, output *ListNetworkSettingsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListIpAccessSettings +func (c *WorkSpacesWeb) ListIpAccessSettingsRequest(input *ListIpAccessSettingsInput) (req *request.Request, output *ListIpAccessSettingsOutput) { op := &request.Operation{ - Name: opListNetworkSettings, + Name: opListIpAccessSettings, HTTPMethod: "GET", - HTTPPath: "/networkSettings", + HTTPPath: "/ipAccessSettings", Paginator: &request.Paginator{ InputTokens: []string{"nextToken"}, OutputTokens: []string{"nextToken"}, @@ -3412,24 +3876,24 @@ func (c *WorkSpacesWeb) ListNetworkSettingsRequest(input *ListNetworkSettingsInp } if input == nil { - input = &ListNetworkSettingsInput{} + input = &ListIpAccessSettingsInput{} } - output = &ListNetworkSettingsOutput{} + output = &ListIpAccessSettingsOutput{} req = c.newRequest(op, input, output) return } -// ListNetworkSettings API operation for Amazon WorkSpaces Web. +// ListIpAccessSettings API operation for Amazon WorkSpaces Web. // -// Retrieves a list of network settings. +// Retrieves a list of IP access settings. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon WorkSpaces Web's -// API operation ListNetworkSettings for usage and error information. +// API operation ListIpAccessSettings for usage and error information. // // Returned Error Types: // @@ -3445,64 +3909,64 @@ func (c *WorkSpacesWeb) ListNetworkSettingsRequest(input *ListNetworkSettingsInp // - ValidationException // There is a validation error. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListNetworkSettings -func (c *WorkSpacesWeb) ListNetworkSettings(input *ListNetworkSettingsInput) (*ListNetworkSettingsOutput, error) { - req, out := c.ListNetworkSettingsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListIpAccessSettings +func (c *WorkSpacesWeb) ListIpAccessSettings(input *ListIpAccessSettingsInput) (*ListIpAccessSettingsOutput, error) { + req, out := c.ListIpAccessSettingsRequest(input) return out, req.Send() } -// ListNetworkSettingsWithContext is the same as ListNetworkSettings with the addition of +// ListIpAccessSettingsWithContext is the same as ListIpAccessSettings with the addition of // the ability to pass a context and additional request options. // -// See ListNetworkSettings for details on how to use this API operation. +// See ListIpAccessSettings for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *WorkSpacesWeb) ListNetworkSettingsWithContext(ctx aws.Context, input *ListNetworkSettingsInput, opts ...request.Option) (*ListNetworkSettingsOutput, error) { - req, out := c.ListNetworkSettingsRequest(input) +func (c *WorkSpacesWeb) ListIpAccessSettingsWithContext(ctx aws.Context, input *ListIpAccessSettingsInput, opts ...request.Option) (*ListIpAccessSettingsOutput, error) { + req, out := c.ListIpAccessSettingsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListNetworkSettingsPages iterates over the pages of a ListNetworkSettings operation, +// ListIpAccessSettingsPages iterates over the pages of a ListIpAccessSettings operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListNetworkSettings method for more information on how to use this operation. +// See ListIpAccessSettings method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListNetworkSettings operation. +// // Example iterating over at most 3 pages of a ListIpAccessSettings operation. // pageNum := 0 -// err := client.ListNetworkSettingsPages(params, -// func(page *workspacesweb.ListNetworkSettingsOutput, lastPage bool) bool { +// err := client.ListIpAccessSettingsPages(params, +// func(page *workspacesweb.ListIpAccessSettingsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) -func (c *WorkSpacesWeb) ListNetworkSettingsPages(input *ListNetworkSettingsInput, fn func(*ListNetworkSettingsOutput, bool) bool) error { - return c.ListNetworkSettingsPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *WorkSpacesWeb) ListIpAccessSettingsPages(input *ListIpAccessSettingsInput, fn func(*ListIpAccessSettingsOutput, bool) bool) error { + return c.ListIpAccessSettingsPagesWithContext(aws.BackgroundContext(), input, fn) } -// ListNetworkSettingsPagesWithContext same as ListNetworkSettingsPages except +// ListIpAccessSettingsPagesWithContext same as ListIpAccessSettingsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *WorkSpacesWeb) ListNetworkSettingsPagesWithContext(ctx aws.Context, input *ListNetworkSettingsInput, fn func(*ListNetworkSettingsOutput, bool) bool, opts ...request.Option) error { +func (c *WorkSpacesWeb) ListIpAccessSettingsPagesWithContext(ctx aws.Context, input *ListIpAccessSettingsInput, fn func(*ListIpAccessSettingsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *ListNetworkSettingsInput + var inCpy *ListIpAccessSettingsInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.ListNetworkSettingsRequest(inCpy) + req, _ := c.ListIpAccessSettingsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -3510,7 +3974,7 @@ func (c *WorkSpacesWeb) ListNetworkSettingsPagesWithContext(ctx aws.Context, inp } for p.Next() { - if !fn(p.Page().(*ListNetworkSettingsOutput), !p.HasNextPage()) { + if !fn(p.Page().(*ListIpAccessSettingsOutput), !p.HasNextPage()) { break } } @@ -3518,36 +3982,36 @@ func (c *WorkSpacesWeb) ListNetworkSettingsPagesWithContext(ctx aws.Context, inp return p.Err() } -const opListPortals = "ListPortals" +const opListNetworkSettings = "ListNetworkSettings" -// ListPortalsRequest generates a "aws/request.Request" representing the -// client's request for the ListPortals operation. The "output" return +// ListNetworkSettingsRequest generates a "aws/request.Request" representing the +// client's request for the ListNetworkSettings operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListPortals for more information on using the ListPortals +// See ListNetworkSettings for more information on using the ListNetworkSettings // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ListPortalsRequest method. -// req, resp := client.ListPortalsRequest(params) +// // Example sending a request using the ListNetworkSettingsRequest method. +// req, resp := client.ListNetworkSettingsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListPortals -func (c *WorkSpacesWeb) ListPortalsRequest(input *ListPortalsInput) (req *request.Request, output *ListPortalsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListNetworkSettings +func (c *WorkSpacesWeb) ListNetworkSettingsRequest(input *ListNetworkSettingsInput) (req *request.Request, output *ListNetworkSettingsOutput) { op := &request.Operation{ - Name: opListPortals, + Name: opListNetworkSettings, HTTPMethod: "GET", - HTTPPath: "/portals", + HTTPPath: "/networkSettings", Paginator: &request.Paginator{ InputTokens: []string{"nextToken"}, OutputTokens: []string{"nextToken"}, @@ -3557,24 +4021,24 @@ func (c *WorkSpacesWeb) ListPortalsRequest(input *ListPortalsInput) (req *reques } if input == nil { - input = &ListPortalsInput{} + input = &ListNetworkSettingsInput{} } - output = &ListPortalsOutput{} + output = &ListNetworkSettingsOutput{} req = c.newRequest(op, input, output) return } -// ListPortals API operation for Amazon WorkSpaces Web. +// ListNetworkSettings API operation for Amazon WorkSpaces Web. // -// Retrieves a list or web portals. +// Retrieves a list of network settings. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon WorkSpaces Web's -// API operation ListPortals for usage and error information. +// API operation ListNetworkSettings for usage and error information. // // Returned Error Types: // @@ -3590,49 +4054,194 @@ func (c *WorkSpacesWeb) ListPortalsRequest(input *ListPortalsInput) (req *reques // - ValidationException // There is a validation error. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListPortals -func (c *WorkSpacesWeb) ListPortals(input *ListPortalsInput) (*ListPortalsOutput, error) { - req, out := c.ListPortalsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListNetworkSettings +func (c *WorkSpacesWeb) ListNetworkSettings(input *ListNetworkSettingsInput) (*ListNetworkSettingsOutput, error) { + req, out := c.ListNetworkSettingsRequest(input) return out, req.Send() } -// ListPortalsWithContext is the same as ListPortals with the addition of +// ListNetworkSettingsWithContext is the same as ListNetworkSettings with the addition of // the ability to pass a context and additional request options. // -// See ListPortals for details on how to use this API operation. +// See ListNetworkSettings for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *WorkSpacesWeb) ListPortalsWithContext(ctx aws.Context, input *ListPortalsInput, opts ...request.Option) (*ListPortalsOutput, error) { - req, out := c.ListPortalsRequest(input) +func (c *WorkSpacesWeb) ListNetworkSettingsWithContext(ctx aws.Context, input *ListNetworkSettingsInput, opts ...request.Option) (*ListNetworkSettingsOutput, error) { + req, out := c.ListNetworkSettingsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListPortalsPages iterates over the pages of a ListPortals operation, +// ListNetworkSettingsPages iterates over the pages of a ListNetworkSettings operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListPortals method for more information on how to use this operation. +// See ListNetworkSettings method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListPortals operation. +// // Example iterating over at most 3 pages of a ListNetworkSettings operation. // pageNum := 0 -// err := client.ListPortalsPages(params, -// func(page *workspacesweb.ListPortalsOutput, lastPage bool) bool { +// err := client.ListNetworkSettingsPages(params, +// func(page *workspacesweb.ListNetworkSettingsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) -func (c *WorkSpacesWeb) ListPortalsPages(input *ListPortalsInput, fn func(*ListPortalsOutput, bool) bool) error { - return c.ListPortalsPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *WorkSpacesWeb) ListNetworkSettingsPages(input *ListNetworkSettingsInput, fn func(*ListNetworkSettingsOutput, bool) bool) error { + return c.ListNetworkSettingsPagesWithContext(aws.BackgroundContext(), input, fn) } -// ListPortalsPagesWithContext same as ListPortalsPages except +// ListNetworkSettingsPagesWithContext same as ListNetworkSettingsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) ListNetworkSettingsPagesWithContext(ctx aws.Context, input *ListNetworkSettingsInput, fn func(*ListNetworkSettingsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListNetworkSettingsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListNetworkSettingsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListNetworkSettingsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListPortals = "ListPortals" + +// ListPortalsRequest generates a "aws/request.Request" representing the +// client's request for the ListPortals operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListPortals for more information on using the ListPortals +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListPortalsRequest method. +// req, resp := client.ListPortalsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListPortals +func (c *WorkSpacesWeb) ListPortalsRequest(input *ListPortalsInput) (req *request.Request, output *ListPortalsOutput) { + op := &request.Operation{ + Name: opListPortals, + HTTPMethod: "GET", + HTTPPath: "/portals", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListPortalsInput{} + } + + output = &ListPortalsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListPortals API operation for Amazon WorkSpaces Web. +// +// Retrieves a list or web portals. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon WorkSpaces Web's +// API operation ListPortals for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// There is an internal server error. +// +// - AccessDeniedException +// Access is denied. +// +// - ThrottlingException +// There is a throttling error. +// +// - ValidationException +// There is a validation error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/ListPortals +func (c *WorkSpacesWeb) ListPortals(input *ListPortalsInput) (*ListPortalsOutput, error) { + req, out := c.ListPortalsRequest(input) + return out, req.Send() +} + +// ListPortalsWithContext is the same as ListPortals with the addition of +// the ability to pass a context and additional request options. +// +// See ListPortals for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) ListPortalsWithContext(ctx aws.Context, input *ListPortalsInput, opts ...request.Option) (*ListPortalsOutput, error) { + req, out := c.ListPortalsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListPortalsPages iterates over the pages of a ListPortals operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListPortals method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListPortals operation. +// pageNum := 0 +// err := client.ListPortalsPages(params, +// func(page *workspacesweb.ListPortalsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *WorkSpacesWeb) ListPortalsPages(input *ListPortalsInput, fn func(*ListPortalsOutput, bool) bool) error { + return c.ListPortalsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListPortalsPagesWithContext same as ListPortalsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If @@ -4706,6 +5315,97 @@ func (c *WorkSpacesWeb) UpdateIdentityProviderWithContext(ctx aws.Context, input return out, req.Send() } +const opUpdateIpAccessSettings = "UpdateIpAccessSettings" + +// UpdateIpAccessSettingsRequest generates a "aws/request.Request" representing the +// client's request for the UpdateIpAccessSettings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateIpAccessSettings for more information on using the UpdateIpAccessSettings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateIpAccessSettingsRequest method. +// req, resp := client.UpdateIpAccessSettingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/UpdateIpAccessSettings +func (c *WorkSpacesWeb) UpdateIpAccessSettingsRequest(input *UpdateIpAccessSettingsInput) (req *request.Request, output *UpdateIpAccessSettingsOutput) { + op := &request.Operation{ + Name: opUpdateIpAccessSettings, + HTTPMethod: "PATCH", + HTTPPath: "/ipAccessSettings/{ipAccessSettingsArn+}", + } + + if input == nil { + input = &UpdateIpAccessSettingsInput{} + } + + output = &UpdateIpAccessSettingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateIpAccessSettings API operation for Amazon WorkSpaces Web. +// +// Updates IP access settings. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon WorkSpaces Web's +// API operation UpdateIpAccessSettings for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// There is an internal server error. +// +// - ResourceNotFoundException +// The resource cannot be found. +// +// - AccessDeniedException +// Access is denied. +// +// - ThrottlingException +// There is a throttling error. +// +// - ValidationException +// There is a validation error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/UpdateIpAccessSettings +func (c *WorkSpacesWeb) UpdateIpAccessSettings(input *UpdateIpAccessSettingsInput) (*UpdateIpAccessSettingsOutput, error) { + req, out := c.UpdateIpAccessSettingsRequest(input) + return out, req.Send() +} + +// UpdateIpAccessSettingsWithContext is the same as UpdateIpAccessSettings with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateIpAccessSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *WorkSpacesWeb) UpdateIpAccessSettingsWithContext(ctx aws.Context, input *UpdateIpAccessSettingsInput, opts ...request.Option) (*UpdateIpAccessSettingsOutput, error) { + req, out := c.UpdateIpAccessSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opUpdateNetworkSettings = "UpdateNetworkSettings" // UpdateNetworkSettingsRequest generates a "aws/request.Request" representing the @@ -4866,6 +5566,9 @@ func (c *WorkSpacesWeb) UpdatePortalRequest(input *UpdatePortalInput) (req *requ // - ValidationException // There is a validation error. // +// - ConflictException +// There is a conflict. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/workspaces-web-2020-07-08/UpdatePortal func (c *WorkSpacesWeb) UpdatePortal(input *UpdatePortalInput) (*UpdatePortalOutput, error) { req, out := c.UpdatePortalRequest(input) @@ -5338,13 +6041,13 @@ func (s *AssociateBrowserSettingsOutput) SetPortalArn(v string) *AssociateBrowse return s } -type AssociateNetworkSettingsInput struct { +type AssociateIpAccessSettingsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The ARN of the network settings. + // The ARN of the IP access settings. // - // NetworkSettingsArn is a required field - NetworkSettingsArn *string `location:"querystring" locationName:"networkSettingsArn" min:"20" type:"string" required:"true"` + // IpAccessSettingsArn is a required field + IpAccessSettingsArn *string `location:"querystring" locationName:"ipAccessSettingsArn" min:"20" type:"string" required:"true"` // The ARN of the web portal. // @@ -5357,7 +6060,7 @@ type AssociateNetworkSettingsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AssociateNetworkSettingsInput) String() string { +func (s AssociateIpAccessSettingsInput) String() string { return awsutil.Prettify(s) } @@ -5366,18 +6069,18 @@ func (s AssociateNetworkSettingsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AssociateNetworkSettingsInput) GoString() string { +func (s AssociateIpAccessSettingsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *AssociateNetworkSettingsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AssociateNetworkSettingsInput"} - if s.NetworkSettingsArn == nil { - invalidParams.Add(request.NewErrParamRequired("NetworkSettingsArn")) +func (s *AssociateIpAccessSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateIpAccessSettingsInput"} + if s.IpAccessSettingsArn == nil { + invalidParams.Add(request.NewErrParamRequired("IpAccessSettingsArn")) } - if s.NetworkSettingsArn != nil && len(*s.NetworkSettingsArn) < 20 { - invalidParams.Add(request.NewErrParamMinLen("NetworkSettingsArn", 20)) + if s.IpAccessSettingsArn != nil && len(*s.IpAccessSettingsArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("IpAccessSettingsArn", 20)) } if s.PortalArn == nil { invalidParams.Add(request.NewErrParamRequired("PortalArn")) @@ -5392,25 +6095,25 @@ func (s *AssociateNetworkSettingsInput) Validate() error { return nil } -// SetNetworkSettingsArn sets the NetworkSettingsArn field's value. -func (s *AssociateNetworkSettingsInput) SetNetworkSettingsArn(v string) *AssociateNetworkSettingsInput { - s.NetworkSettingsArn = &v +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *AssociateIpAccessSettingsInput) SetIpAccessSettingsArn(v string) *AssociateIpAccessSettingsInput { + s.IpAccessSettingsArn = &v return s } // SetPortalArn sets the PortalArn field's value. -func (s *AssociateNetworkSettingsInput) SetPortalArn(v string) *AssociateNetworkSettingsInput { +func (s *AssociateIpAccessSettingsInput) SetPortalArn(v string) *AssociateIpAccessSettingsInput { s.PortalArn = &v return s } -type AssociateNetworkSettingsOutput struct { +type AssociateIpAccessSettingsOutput struct { _ struct{} `type:"structure"` - // The ARN of the network settings. + // The ARN of the IP access settings resource. // - // NetworkSettingsArn is a required field - NetworkSettingsArn *string `locationName:"networkSettingsArn" min:"20" type:"string" required:"true"` + // IpAccessSettingsArn is a required field + IpAccessSettingsArn *string `locationName:"ipAccessSettingsArn" min:"20" type:"string" required:"true"` // The ARN of the web portal. // @@ -5423,7 +6126,7 @@ type AssociateNetworkSettingsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AssociateNetworkSettingsOutput) String() string { +func (s AssociateIpAccessSettingsOutput) String() string { return awsutil.Prettify(s) } @@ -5432,34 +6135,34 @@ func (s AssociateNetworkSettingsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AssociateNetworkSettingsOutput) GoString() string { +func (s AssociateIpAccessSettingsOutput) GoString() string { return s.String() } -// SetNetworkSettingsArn sets the NetworkSettingsArn field's value. -func (s *AssociateNetworkSettingsOutput) SetNetworkSettingsArn(v string) *AssociateNetworkSettingsOutput { - s.NetworkSettingsArn = &v +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *AssociateIpAccessSettingsOutput) SetIpAccessSettingsArn(v string) *AssociateIpAccessSettingsOutput { + s.IpAccessSettingsArn = &v return s } // SetPortalArn sets the PortalArn field's value. -func (s *AssociateNetworkSettingsOutput) SetPortalArn(v string) *AssociateNetworkSettingsOutput { +func (s *AssociateIpAccessSettingsOutput) SetPortalArn(v string) *AssociateIpAccessSettingsOutput { s.PortalArn = &v return s } -type AssociateTrustStoreInput struct { +type AssociateNetworkSettingsInput struct { _ struct{} `type:"structure" nopayload:"true"` + // The ARN of the network settings. + // + // NetworkSettingsArn is a required field + NetworkSettingsArn *string `location:"querystring" locationName:"networkSettingsArn" min:"20" type:"string" required:"true"` + // The ARN of the web portal. // // PortalArn is a required field PortalArn *string `location:"uri" locationName:"portalArn" min:"20" type:"string" required:"true"` - - // The ARN of the trust store. - // - // TrustStoreArn is a required field - TrustStoreArn *string `location:"querystring" locationName:"trustStoreArn" min:"20" type:"string" required:"true"` } // String returns the string representation. @@ -5467,7 +6170,117 @@ type AssociateTrustStoreInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AssociateTrustStoreInput) String() string { +func (s AssociateNetworkSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateNetworkSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateNetworkSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateNetworkSettingsInput"} + if s.NetworkSettingsArn == nil { + invalidParams.Add(request.NewErrParamRequired("NetworkSettingsArn")) + } + if s.NetworkSettingsArn != nil && len(*s.NetworkSettingsArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("NetworkSettingsArn", 20)) + } + if s.PortalArn == nil { + invalidParams.Add(request.NewErrParamRequired("PortalArn")) + } + if s.PortalArn != nil && len(*s.PortalArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("PortalArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNetworkSettingsArn sets the NetworkSettingsArn field's value. +func (s *AssociateNetworkSettingsInput) SetNetworkSettingsArn(v string) *AssociateNetworkSettingsInput { + s.NetworkSettingsArn = &v + return s +} + +// SetPortalArn sets the PortalArn field's value. +func (s *AssociateNetworkSettingsInput) SetPortalArn(v string) *AssociateNetworkSettingsInput { + s.PortalArn = &v + return s +} + +type AssociateNetworkSettingsOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the network settings. + // + // NetworkSettingsArn is a required field + NetworkSettingsArn *string `locationName:"networkSettingsArn" min:"20" type:"string" required:"true"` + + // The ARN of the web portal. + // + // PortalArn is a required field + PortalArn *string `locationName:"portalArn" min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateNetworkSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateNetworkSettingsOutput) GoString() string { + return s.String() +} + +// SetNetworkSettingsArn sets the NetworkSettingsArn field's value. +func (s *AssociateNetworkSettingsOutput) SetNetworkSettingsArn(v string) *AssociateNetworkSettingsOutput { + s.NetworkSettingsArn = &v + return s +} + +// SetPortalArn sets the PortalArn field's value. +func (s *AssociateNetworkSettingsOutput) SetPortalArn(v string) *AssociateNetworkSettingsOutput { + s.PortalArn = &v + return s +} + +type AssociateTrustStoreInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The ARN of the web portal. + // + // PortalArn is a required field + PortalArn *string `location:"uri" locationName:"portalArn" min:"20" type:"string" required:"true"` + + // The ARN of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `location:"querystring" locationName:"trustStoreArn" min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateTrustStoreInput) String() string { return awsutil.Prettify(s) } @@ -6402,6 +7215,193 @@ func (s *CreateIdentityProviderOutput) SetIdentityProviderArn(v string) *CreateI return s } +type CreateIpAccessSettingsInput struct { + _ struct{} `type:"structure"` + + // Additional encryption context of the IP access settings. + AdditionalEncryptionContext map[string]*string `locationName:"additionalEncryptionContext" type:"map"` + + // A unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. Idempotency ensures that an API request completes only once. + // With an idempotent request, if the original request completes successfully, + // subsequent retries with the same client token returns the result from the + // original successful request. + // + // If you do not specify a client token, one is automatically generated by the + // AWS SDK. + ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"` + + // The custom managed key of the IP access settings. + CustomerManagedKey *string `locationName:"customerManagedKey" min:"20" type:"string"` + + // The description of the IP access settings. + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateIpAccessSettingsInput's + // String and GoString methods. + Description *string `locationName:"description" min:"1" type:"string" sensitive:"true"` + + // The display name of the IP access settings. + // + // DisplayName is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateIpAccessSettingsInput's + // String and GoString methods. + DisplayName *string `locationName:"displayName" min:"1" type:"string" sensitive:"true"` + + // The IP rules of the IP access settings. + // + // IpRules is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateIpAccessSettingsInput's + // String and GoString methods. + // + // IpRules is a required field + IpRules []*IpRule `locationName:"ipRules" min:"1" type:"list" required:"true" sensitive:"true"` + + // The tags to add to the browser settings resource. A tag is a key-value pair. + Tags []*Tag `locationName:"tags" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIpAccessSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIpAccessSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateIpAccessSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateIpAccessSettingsInput"} + if s.ClientToken != nil && len(*s.ClientToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1)) + } + if s.CustomerManagedKey != nil && len(*s.CustomerManagedKey) < 20 { + invalidParams.Add(request.NewErrParamMinLen("CustomerManagedKey", 20)) + } + if s.Description != nil && len(*s.Description) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Description", 1)) + } + if s.DisplayName != nil && len(*s.DisplayName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DisplayName", 1)) + } + if s.IpRules == nil { + invalidParams.Add(request.NewErrParamRequired("IpRules")) + } + if s.IpRules != nil && len(s.IpRules) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IpRules", 1)) + } + if s.IpRules != nil { + for i, v := range s.IpRules { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "IpRules", i), err.(request.ErrInvalidParams)) + } + } + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAdditionalEncryptionContext sets the AdditionalEncryptionContext field's value. +func (s *CreateIpAccessSettingsInput) SetAdditionalEncryptionContext(v map[string]*string) *CreateIpAccessSettingsInput { + s.AdditionalEncryptionContext = v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateIpAccessSettingsInput) SetClientToken(v string) *CreateIpAccessSettingsInput { + s.ClientToken = &v + return s +} + +// SetCustomerManagedKey sets the CustomerManagedKey field's value. +func (s *CreateIpAccessSettingsInput) SetCustomerManagedKey(v string) *CreateIpAccessSettingsInput { + s.CustomerManagedKey = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateIpAccessSettingsInput) SetDescription(v string) *CreateIpAccessSettingsInput { + s.Description = &v + return s +} + +// SetDisplayName sets the DisplayName field's value. +func (s *CreateIpAccessSettingsInput) SetDisplayName(v string) *CreateIpAccessSettingsInput { + s.DisplayName = &v + return s +} + +// SetIpRules sets the IpRules field's value. +func (s *CreateIpAccessSettingsInput) SetIpRules(v []*IpRule) *CreateIpAccessSettingsInput { + s.IpRules = v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateIpAccessSettingsInput) SetTags(v []*Tag) *CreateIpAccessSettingsInput { + s.Tags = v + return s +} + +type CreateIpAccessSettingsOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the IP access settings resource. + // + // IpAccessSettingsArn is a required field + IpAccessSettingsArn *string `locationName:"ipAccessSettingsArn" min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIpAccessSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIpAccessSettingsOutput) GoString() string { + return s.String() +} + +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *CreateIpAccessSettingsOutput) SetIpAccessSettingsArn(v string) *CreateIpAccessSettingsOutput { + s.IpAccessSettingsArn = &v + return s +} + type CreateNetworkSettingsInput struct { _ struct{} `type:"structure"` @@ -7311,13 +8311,13 @@ func (s DeleteIdentityProviderOutput) GoString() string { return s.String() } -type DeleteNetworkSettingsInput struct { +type DeleteIpAccessSettingsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The ARN of the network settings. + // The ARN of the IP access settings. // - // NetworkSettingsArn is a required field - NetworkSettingsArn *string `location:"uri" locationName:"networkSettingsArn" min:"20" type:"string" required:"true"` + // IpAccessSettingsArn is a required field + IpAccessSettingsArn *string `location:"uri" locationName:"ipAccessSettingsArn" min:"20" type:"string" required:"true"` } // String returns the string representation. @@ -7325,7 +8325,78 @@ type DeleteNetworkSettingsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteNetworkSettingsInput) String() string { +func (s DeleteIpAccessSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteIpAccessSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteIpAccessSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteIpAccessSettingsInput"} + if s.IpAccessSettingsArn == nil { + invalidParams.Add(request.NewErrParamRequired("IpAccessSettingsArn")) + } + if s.IpAccessSettingsArn != nil && len(*s.IpAccessSettingsArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("IpAccessSettingsArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *DeleteIpAccessSettingsInput) SetIpAccessSettingsArn(v string) *DeleteIpAccessSettingsInput { + s.IpAccessSettingsArn = &v + return s +} + +type DeleteIpAccessSettingsOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteIpAccessSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteIpAccessSettingsOutput) GoString() string { + return s.String() +} + +type DeleteNetworkSettingsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The ARN of the network settings. + // + // NetworkSettingsArn is a required field + NetworkSettingsArn *string `location:"uri" locationName:"networkSettingsArn" min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteNetworkSettingsInput) String() string { return awsutil.Prettify(s) } @@ -7737,6 +8808,77 @@ func (s DisassociateBrowserSettingsOutput) GoString() string { return s.String() } +type DisassociateIpAccessSettingsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The ARN of the web portal. + // + // PortalArn is a required field + PortalArn *string `location:"uri" locationName:"portalArn" min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpAccessSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpAccessSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateIpAccessSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateIpAccessSettingsInput"} + if s.PortalArn == nil { + invalidParams.Add(request.NewErrParamRequired("PortalArn")) + } + if s.PortalArn != nil && len(*s.PortalArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("PortalArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPortalArn sets the PortalArn field's value. +func (s *DisassociateIpAccessSettingsInput) SetPortalArn(v string) *DisassociateIpAccessSettingsInput { + s.PortalArn = &v + return s +} + +type DisassociateIpAccessSettingsOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpAccessSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpAccessSettingsOutput) GoString() string { + return s.String() +} + type DisassociateNetworkSettingsInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -8181,6 +9323,86 @@ func (s *GetIdentityProviderOutput) SetIdentityProvider(v *IdentityProvider) *Ge return s } +type GetIpAccessSettingsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The ARN of the IP access settings. + // + // IpAccessSettingsArn is a required field + IpAccessSettingsArn *string `location:"uri" locationName:"ipAccessSettingsArn" min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpAccessSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpAccessSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetIpAccessSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetIpAccessSettingsInput"} + if s.IpAccessSettingsArn == nil { + invalidParams.Add(request.NewErrParamRequired("IpAccessSettingsArn")) + } + if s.IpAccessSettingsArn != nil && len(*s.IpAccessSettingsArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("IpAccessSettingsArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *GetIpAccessSettingsInput) SetIpAccessSettingsArn(v string) *GetIpAccessSettingsInput { + s.IpAccessSettingsArn = &v + return s +} + +type GetIpAccessSettingsOutput struct { + _ struct{} `type:"structure"` + + // The IP access settings. + IpAccessSettings *IpAccessSettings `locationName:"ipAccessSettings" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpAccessSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpAccessSettingsOutput) GoString() string { + return s.String() +} + +// SetIpAccessSettings sets the IpAccessSettings field's value. +func (s *GetIpAccessSettingsOutput) SetIpAccessSettings(v *IpAccessSettings) *GetIpAccessSettingsOutput { + s.IpAccessSettings = v + return s +} + type GetNetworkSettingsInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -8905,27 +10127,263 @@ func (s *IdentityProviderSummary) SetIdentityProviderArn(v string) *IdentityProv return s } -// SetIdentityProviderName sets the IdentityProviderName field's value. -func (s *IdentityProviderSummary) SetIdentityProviderName(v string) *IdentityProviderSummary { - s.IdentityProviderName = &v +// SetIdentityProviderName sets the IdentityProviderName field's value. +func (s *IdentityProviderSummary) SetIdentityProviderName(v string) *IdentityProviderSummary { + s.IdentityProviderName = &v + return s +} + +// SetIdentityProviderType sets the IdentityProviderType field's value. +func (s *IdentityProviderSummary) SetIdentityProviderType(v string) *IdentityProviderSummary { + s.IdentityProviderType = &v + return s +} + +// There is an internal server error. +type InternalServerException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` + + // Advice to clients on when the call can be safely retried. + RetryAfterSeconds *int64 `location:"header" locationName:"Retry-After" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) GoString() string { + return s.String() +} + +func newErrorInternalServerException(v protocol.ResponseMetadata) error { + return &InternalServerException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InternalServerException) Code() string { + return "InternalServerException" +} + +// Message returns the exception's message. +func (s *InternalServerException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InternalServerException) OrigErr() error { + return nil +} + +func (s *InternalServerException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InternalServerException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InternalServerException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The IP access settings resource that can be associated with a web portal. +type IpAccessSettings struct { + _ struct{} `type:"structure"` + + // A list of web portal ARNs that this IP access settings resource is associated + // with. + AssociatedPortalArns []*string `locationName:"associatedPortalArns" type:"list"` + + // The creation date timestamp of the IP access settings. + CreationDate *time.Time `locationName:"creationDate" type:"timestamp"` + + // The description of the IP access settings. + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpAccessSettings's + // String and GoString methods. + Description *string `locationName:"description" min:"1" type:"string" sensitive:"true"` + + // The display name of the IP access settings. + // + // DisplayName is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpAccessSettings's + // String and GoString methods. + DisplayName *string `locationName:"displayName" min:"1" type:"string" sensitive:"true"` + + // The ARN of the IP access settings resource. + // + // IpAccessSettingsArn is a required field + IpAccessSettingsArn *string `locationName:"ipAccessSettingsArn" min:"20" type:"string" required:"true"` + + // The IP rules of the IP access settings. + // + // IpRules is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpAccessSettings's + // String and GoString methods. + IpRules []*IpRule `locationName:"ipRules" min:"1" type:"list" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpAccessSettings) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpAccessSettings) GoString() string { + return s.String() +} + +// SetAssociatedPortalArns sets the AssociatedPortalArns field's value. +func (s *IpAccessSettings) SetAssociatedPortalArns(v []*string) *IpAccessSettings { + s.AssociatedPortalArns = v + return s +} + +// SetCreationDate sets the CreationDate field's value. +func (s *IpAccessSettings) SetCreationDate(v time.Time) *IpAccessSettings { + s.CreationDate = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *IpAccessSettings) SetDescription(v string) *IpAccessSettings { + s.Description = &v + return s +} + +// SetDisplayName sets the DisplayName field's value. +func (s *IpAccessSettings) SetDisplayName(v string) *IpAccessSettings { + s.DisplayName = &v + return s +} + +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *IpAccessSettings) SetIpAccessSettingsArn(v string) *IpAccessSettings { + s.IpAccessSettingsArn = &v + return s +} + +// SetIpRules sets the IpRules field's value. +func (s *IpAccessSettings) SetIpRules(v []*IpRule) *IpAccessSettings { + s.IpRules = v + return s +} + +// The summary of IP access settings. +type IpAccessSettingsSummary struct { + _ struct{} `type:"structure"` + + // The creation date timestamp of the IP access settings. + CreationDate *time.Time `locationName:"creationDate" type:"timestamp"` + + // The description of the IP access settings. + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpAccessSettingsSummary's + // String and GoString methods. + Description *string `locationName:"description" min:"1" type:"string" sensitive:"true"` + + // The display name of the IP access settings. + // + // DisplayName is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpAccessSettingsSummary's + // String and GoString methods. + DisplayName *string `locationName:"displayName" min:"1" type:"string" sensitive:"true"` + + // The ARN of IP access settings. + IpAccessSettingsArn *string `locationName:"ipAccessSettingsArn" min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpAccessSettingsSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpAccessSettingsSummary) GoString() string { + return s.String() +} + +// SetCreationDate sets the CreationDate field's value. +func (s *IpAccessSettingsSummary) SetCreationDate(v time.Time) *IpAccessSettingsSummary { + s.CreationDate = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *IpAccessSettingsSummary) SetDescription(v string) *IpAccessSettingsSummary { + s.Description = &v + return s +} + +// SetDisplayName sets the DisplayName field's value. +func (s *IpAccessSettingsSummary) SetDisplayName(v string) *IpAccessSettingsSummary { + s.DisplayName = &v return s } -// SetIdentityProviderType sets the IdentityProviderType field's value. -func (s *IdentityProviderSummary) SetIdentityProviderType(v string) *IdentityProviderSummary { - s.IdentityProviderType = &v +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *IpAccessSettingsSummary) SetIpAccessSettingsArn(v string) *IpAccessSettingsSummary { + s.IpAccessSettingsArn = &v return s } -// There is an internal server error. -type InternalServerException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` +// The IP rules of the IP access settings. +type IpRule struct { + _ struct{} `type:"structure"` - Message_ *string `locationName:"message" type:"string"` + // The description of the IP rule. + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpRule's + // String and GoString methods. + Description *string `locationName:"description" min:"1" type:"string" sensitive:"true"` - // Advice to clients on when the call can be safely retried. - RetryAfterSeconds *int64 `location:"header" locationName:"Retry-After" type:"integer"` + // The IP range of the IP rule. + // + // IpRange is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpRule's + // String and GoString methods. + // + // IpRange is a required field + IpRange *string `locationName:"ipRange" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -8933,7 +10391,7 @@ type InternalServerException struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s InternalServerException) String() string { +func (s IpRule) String() string { return awsutil.Prettify(s) } @@ -8942,46 +10400,36 @@ func (s InternalServerException) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s InternalServerException) GoString() string { +func (s IpRule) GoString() string { return s.String() } -func newErrorInternalServerException(v protocol.ResponseMetadata) error { - return &InternalServerException{ - RespMetadata: v, +// Validate inspects the fields of the type to determine if they are valid. +func (s *IpRule) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "IpRule"} + if s.Description != nil && len(*s.Description) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Description", 1)) } -} - -// Code returns the exception type name. -func (s *InternalServerException) Code() string { - return "InternalServerException" -} - -// Message returns the exception's message. -func (s *InternalServerException) Message() string { - if s.Message_ != nil { - return *s.Message_ + if s.IpRange == nil { + invalidParams.Add(request.NewErrParamRequired("IpRange")) } - return "" -} -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *InternalServerException) OrigErr() error { + if invalidParams.Len() > 0 { + return invalidParams + } return nil } -func (s *InternalServerException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) -} - -// Status code returns the HTTP status code for the request's response error. -func (s *InternalServerException) StatusCode() int { - return s.RespMetadata.StatusCode +// SetDescription sets the Description field's value. +func (s *IpRule) SetDescription(v string) *IpRule { + s.Description = &v + return s } -// RequestID returns the service's response RequestID for request. -func (s *InternalServerException) RequestID() string { - return s.RespMetadata.RequestID +// SetIpRange sets the IpRange field's value. +func (s *IpRule) SetIpRange(v string) *IpRule { + s.IpRange = &v + return s } type ListBrowserSettingsInput struct { @@ -9193,6 +10641,102 @@ func (s *ListIdentityProvidersOutput) SetNextToken(v string) *ListIdentityProvid return s } +type ListIpAccessSettingsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The maximum number of results to be included in the next page. + MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` + + // The pagination token used to retrieve the next page of results for this operation. + NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListIpAccessSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListIpAccessSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListIpAccessSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListIpAccessSettingsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListIpAccessSettingsInput) SetMaxResults(v int64) *ListIpAccessSettingsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListIpAccessSettingsInput) SetNextToken(v string) *ListIpAccessSettingsInput { + s.NextToken = &v + return s +} + +type ListIpAccessSettingsOutput struct { + _ struct{} `type:"structure"` + + // The IP access settings. + IpAccessSettings []*IpAccessSettingsSummary `locationName:"ipAccessSettings" type:"list"` + + // The pagination token used to retrieve the next page of results for this operation. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListIpAccessSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListIpAccessSettingsOutput) GoString() string { + return s.String() +} + +// SetIpAccessSettings sets the IpAccessSettings field's value. +func (s *ListIpAccessSettingsOutput) SetIpAccessSettings(v []*IpAccessSettingsSummary) *ListIpAccessSettingsOutput { + s.IpAccessSettings = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListIpAccessSettingsOutput) SetNextToken(v string) *ListIpAccessSettingsOutput { + s.NextToken = &v + return s +} + type ListNetworkSettingsInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -10026,6 +11570,9 @@ type Portal struct { // String and GoString methods. DisplayName *string `locationName:"displayName" min:"1" type:"string" sensitive:"true"` + // The ARN of the IP access settings. + IpAccessSettingsArn *string `locationName:"ipAccessSettingsArn" min:"20" type:"string"` + // The ARN of the network settings that is associated with the web portal. NetworkSettingsArn *string `locationName:"networkSettingsArn" min:"20" type:"string"` @@ -10104,6 +11651,12 @@ func (s *Portal) SetDisplayName(v string) *Portal { return s } +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *Portal) SetIpAccessSettingsArn(v string) *Portal { + s.IpAccessSettingsArn = &v + return s +} + // SetNetworkSettingsArn sets the NetworkSettingsArn field's value. func (s *Portal) SetNetworkSettingsArn(v string) *Portal { s.NetworkSettingsArn = &v @@ -10193,6 +11746,9 @@ type PortalSummary struct { // String and GoString methods. DisplayName *string `locationName:"displayName" min:"1" type:"string" sensitive:"true"` + // The ARN of the IP access settings. + IpAccessSettingsArn *string `locationName:"ipAccessSettingsArn" min:"20" type:"string"` + // The ARN of the network settings that is associated with the web portal. NetworkSettingsArn *string `locationName:"networkSettingsArn" min:"20" type:"string"` @@ -10268,6 +11824,12 @@ func (s *PortalSummary) SetDisplayName(v string) *PortalSummary { return s } +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *PortalSummary) SetIpAccessSettingsArn(v string) *PortalSummary { + s.IpAccessSettingsArn = &v + return s +} + // SetNetworkSettingsArn sets the NetworkSettingsArn field's value. func (s *PortalSummary) SetNetworkSettingsArn(v string) *PortalSummary { s.NetworkSettingsArn = &v @@ -11225,6 +12787,165 @@ func (s *UpdateIdentityProviderOutput) SetIdentityProvider(v *IdentityProvider) return s } +type UpdateIpAccessSettingsInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. Idempotency ensures that an API request completes only once. + // With an idempotent request, if the original request completes successfully, + // subsequent retries with the same client token return the result from the + // original successful request. + // + // If you do not specify a client token, one is automatically generated by the + // AWS SDK. + ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"` + + // The description of the IP access settings. + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateIpAccessSettingsInput's + // String and GoString methods. + Description *string `locationName:"description" min:"1" type:"string" sensitive:"true"` + + // The display name of the IP access settings. + // + // DisplayName is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateIpAccessSettingsInput's + // String and GoString methods. + DisplayName *string `locationName:"displayName" min:"1" type:"string" sensitive:"true"` + + // The ARN of the IP access settings. + // + // IpAccessSettingsArn is a required field + IpAccessSettingsArn *string `location:"uri" locationName:"ipAccessSettingsArn" min:"20" type:"string" required:"true"` + + // The updated IP rules of the IP access settings. + // + // IpRules is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateIpAccessSettingsInput's + // String and GoString methods. + IpRules []*IpRule `locationName:"ipRules" min:"1" type:"list" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateIpAccessSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateIpAccessSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateIpAccessSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateIpAccessSettingsInput"} + if s.ClientToken != nil && len(*s.ClientToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1)) + } + if s.Description != nil && len(*s.Description) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Description", 1)) + } + if s.DisplayName != nil && len(*s.DisplayName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DisplayName", 1)) + } + if s.IpAccessSettingsArn == nil { + invalidParams.Add(request.NewErrParamRequired("IpAccessSettingsArn")) + } + if s.IpAccessSettingsArn != nil && len(*s.IpAccessSettingsArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("IpAccessSettingsArn", 20)) + } + if s.IpRules != nil && len(s.IpRules) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IpRules", 1)) + } + if s.IpRules != nil { + for i, v := range s.IpRules { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "IpRules", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *UpdateIpAccessSettingsInput) SetClientToken(v string) *UpdateIpAccessSettingsInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *UpdateIpAccessSettingsInput) SetDescription(v string) *UpdateIpAccessSettingsInput { + s.Description = &v + return s +} + +// SetDisplayName sets the DisplayName field's value. +func (s *UpdateIpAccessSettingsInput) SetDisplayName(v string) *UpdateIpAccessSettingsInput { + s.DisplayName = &v + return s +} + +// SetIpAccessSettingsArn sets the IpAccessSettingsArn field's value. +func (s *UpdateIpAccessSettingsInput) SetIpAccessSettingsArn(v string) *UpdateIpAccessSettingsInput { + s.IpAccessSettingsArn = &v + return s +} + +// SetIpRules sets the IpRules field's value. +func (s *UpdateIpAccessSettingsInput) SetIpRules(v []*IpRule) *UpdateIpAccessSettingsInput { + s.IpRules = v + return s +} + +type UpdateIpAccessSettingsOutput struct { + _ struct{} `type:"structure"` + + // The IP access settings. + // + // IpAccessSettings is a required field + IpAccessSettings *IpAccessSettings `locationName:"ipAccessSettings" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateIpAccessSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateIpAccessSettingsOutput) GoString() string { + return s.String() +} + +// SetIpAccessSettings sets the IpAccessSettings field's value. +func (s *UpdateIpAccessSettingsOutput) SetIpAccessSettings(v *IpAccessSettings) *UpdateIpAccessSettingsOutput { + s.IpAccessSettings = v + return s +} + type UpdateNetworkSettingsInput struct { _ struct{} `type:"structure"` diff --git a/service/workspacesweb/workspaceswebiface/interface.go b/service/workspacesweb/workspaceswebiface/interface.go index fccb3b72e25..cf187ec8a27 100644 --- a/service/workspacesweb/workspaceswebiface/interface.go +++ b/service/workspacesweb/workspaceswebiface/interface.go @@ -64,6 +64,10 @@ type WorkSpacesWebAPI interface { AssociateBrowserSettingsWithContext(aws.Context, *workspacesweb.AssociateBrowserSettingsInput, ...request.Option) (*workspacesweb.AssociateBrowserSettingsOutput, error) AssociateBrowserSettingsRequest(*workspacesweb.AssociateBrowserSettingsInput) (*request.Request, *workspacesweb.AssociateBrowserSettingsOutput) + AssociateIpAccessSettings(*workspacesweb.AssociateIpAccessSettingsInput) (*workspacesweb.AssociateIpAccessSettingsOutput, error) + AssociateIpAccessSettingsWithContext(aws.Context, *workspacesweb.AssociateIpAccessSettingsInput, ...request.Option) (*workspacesweb.AssociateIpAccessSettingsOutput, error) + AssociateIpAccessSettingsRequest(*workspacesweb.AssociateIpAccessSettingsInput) (*request.Request, *workspacesweb.AssociateIpAccessSettingsOutput) + AssociateNetworkSettings(*workspacesweb.AssociateNetworkSettingsInput) (*workspacesweb.AssociateNetworkSettingsOutput, error) AssociateNetworkSettingsWithContext(aws.Context, *workspacesweb.AssociateNetworkSettingsInput, ...request.Option) (*workspacesweb.AssociateNetworkSettingsOutput, error) AssociateNetworkSettingsRequest(*workspacesweb.AssociateNetworkSettingsInput) (*request.Request, *workspacesweb.AssociateNetworkSettingsOutput) @@ -88,6 +92,10 @@ type WorkSpacesWebAPI interface { CreateIdentityProviderWithContext(aws.Context, *workspacesweb.CreateIdentityProviderInput, ...request.Option) (*workspacesweb.CreateIdentityProviderOutput, error) CreateIdentityProviderRequest(*workspacesweb.CreateIdentityProviderInput) (*request.Request, *workspacesweb.CreateIdentityProviderOutput) + CreateIpAccessSettings(*workspacesweb.CreateIpAccessSettingsInput) (*workspacesweb.CreateIpAccessSettingsOutput, error) + CreateIpAccessSettingsWithContext(aws.Context, *workspacesweb.CreateIpAccessSettingsInput, ...request.Option) (*workspacesweb.CreateIpAccessSettingsOutput, error) + CreateIpAccessSettingsRequest(*workspacesweb.CreateIpAccessSettingsInput) (*request.Request, *workspacesweb.CreateIpAccessSettingsOutput) + CreateNetworkSettings(*workspacesweb.CreateNetworkSettingsInput) (*workspacesweb.CreateNetworkSettingsOutput, error) CreateNetworkSettingsWithContext(aws.Context, *workspacesweb.CreateNetworkSettingsInput, ...request.Option) (*workspacesweb.CreateNetworkSettingsOutput, error) CreateNetworkSettingsRequest(*workspacesweb.CreateNetworkSettingsInput) (*request.Request, *workspacesweb.CreateNetworkSettingsOutput) @@ -116,6 +124,10 @@ type WorkSpacesWebAPI interface { DeleteIdentityProviderWithContext(aws.Context, *workspacesweb.DeleteIdentityProviderInput, ...request.Option) (*workspacesweb.DeleteIdentityProviderOutput, error) DeleteIdentityProviderRequest(*workspacesweb.DeleteIdentityProviderInput) (*request.Request, *workspacesweb.DeleteIdentityProviderOutput) + DeleteIpAccessSettings(*workspacesweb.DeleteIpAccessSettingsInput) (*workspacesweb.DeleteIpAccessSettingsOutput, error) + DeleteIpAccessSettingsWithContext(aws.Context, *workspacesweb.DeleteIpAccessSettingsInput, ...request.Option) (*workspacesweb.DeleteIpAccessSettingsOutput, error) + DeleteIpAccessSettingsRequest(*workspacesweb.DeleteIpAccessSettingsInput) (*request.Request, *workspacesweb.DeleteIpAccessSettingsOutput) + DeleteNetworkSettings(*workspacesweb.DeleteNetworkSettingsInput) (*workspacesweb.DeleteNetworkSettingsOutput, error) DeleteNetworkSettingsWithContext(aws.Context, *workspacesweb.DeleteNetworkSettingsInput, ...request.Option) (*workspacesweb.DeleteNetworkSettingsOutput, error) DeleteNetworkSettingsRequest(*workspacesweb.DeleteNetworkSettingsInput) (*request.Request, *workspacesweb.DeleteNetworkSettingsOutput) @@ -140,6 +152,10 @@ type WorkSpacesWebAPI interface { DisassociateBrowserSettingsWithContext(aws.Context, *workspacesweb.DisassociateBrowserSettingsInput, ...request.Option) (*workspacesweb.DisassociateBrowserSettingsOutput, error) DisassociateBrowserSettingsRequest(*workspacesweb.DisassociateBrowserSettingsInput) (*request.Request, *workspacesweb.DisassociateBrowserSettingsOutput) + DisassociateIpAccessSettings(*workspacesweb.DisassociateIpAccessSettingsInput) (*workspacesweb.DisassociateIpAccessSettingsOutput, error) + DisassociateIpAccessSettingsWithContext(aws.Context, *workspacesweb.DisassociateIpAccessSettingsInput, ...request.Option) (*workspacesweb.DisassociateIpAccessSettingsOutput, error) + DisassociateIpAccessSettingsRequest(*workspacesweb.DisassociateIpAccessSettingsInput) (*request.Request, *workspacesweb.DisassociateIpAccessSettingsOutput) + DisassociateNetworkSettings(*workspacesweb.DisassociateNetworkSettingsInput) (*workspacesweb.DisassociateNetworkSettingsOutput, error) DisassociateNetworkSettingsWithContext(aws.Context, *workspacesweb.DisassociateNetworkSettingsInput, ...request.Option) (*workspacesweb.DisassociateNetworkSettingsOutput, error) DisassociateNetworkSettingsRequest(*workspacesweb.DisassociateNetworkSettingsInput) (*request.Request, *workspacesweb.DisassociateNetworkSettingsOutput) @@ -164,6 +180,10 @@ type WorkSpacesWebAPI interface { GetIdentityProviderWithContext(aws.Context, *workspacesweb.GetIdentityProviderInput, ...request.Option) (*workspacesweb.GetIdentityProviderOutput, error) GetIdentityProviderRequest(*workspacesweb.GetIdentityProviderInput) (*request.Request, *workspacesweb.GetIdentityProviderOutput) + GetIpAccessSettings(*workspacesweb.GetIpAccessSettingsInput) (*workspacesweb.GetIpAccessSettingsOutput, error) + GetIpAccessSettingsWithContext(aws.Context, *workspacesweb.GetIpAccessSettingsInput, ...request.Option) (*workspacesweb.GetIpAccessSettingsOutput, error) + GetIpAccessSettingsRequest(*workspacesweb.GetIpAccessSettingsInput) (*request.Request, *workspacesweb.GetIpAccessSettingsOutput) + GetNetworkSettings(*workspacesweb.GetNetworkSettingsInput) (*workspacesweb.GetNetworkSettingsOutput, error) GetNetworkSettingsWithContext(aws.Context, *workspacesweb.GetNetworkSettingsInput, ...request.Option) (*workspacesweb.GetNetworkSettingsOutput, error) GetNetworkSettingsRequest(*workspacesweb.GetNetworkSettingsInput) (*request.Request, *workspacesweb.GetNetworkSettingsOutput) @@ -206,6 +226,13 @@ type WorkSpacesWebAPI interface { ListIdentityProvidersPages(*workspacesweb.ListIdentityProvidersInput, func(*workspacesweb.ListIdentityProvidersOutput, bool) bool) error ListIdentityProvidersPagesWithContext(aws.Context, *workspacesweb.ListIdentityProvidersInput, func(*workspacesweb.ListIdentityProvidersOutput, bool) bool, ...request.Option) error + ListIpAccessSettings(*workspacesweb.ListIpAccessSettingsInput) (*workspacesweb.ListIpAccessSettingsOutput, error) + ListIpAccessSettingsWithContext(aws.Context, *workspacesweb.ListIpAccessSettingsInput, ...request.Option) (*workspacesweb.ListIpAccessSettingsOutput, error) + ListIpAccessSettingsRequest(*workspacesweb.ListIpAccessSettingsInput) (*request.Request, *workspacesweb.ListIpAccessSettingsOutput) + + ListIpAccessSettingsPages(*workspacesweb.ListIpAccessSettingsInput, func(*workspacesweb.ListIpAccessSettingsOutput, bool) bool) error + ListIpAccessSettingsPagesWithContext(aws.Context, *workspacesweb.ListIpAccessSettingsInput, func(*workspacesweb.ListIpAccessSettingsOutput, bool) bool, ...request.Option) error + ListNetworkSettings(*workspacesweb.ListNetworkSettingsInput) (*workspacesweb.ListNetworkSettingsOutput, error) ListNetworkSettingsWithContext(aws.Context, *workspacesweb.ListNetworkSettingsInput, ...request.Option) (*workspacesweb.ListNetworkSettingsOutput, error) ListNetworkSettingsRequest(*workspacesweb.ListNetworkSettingsInput) (*request.Request, *workspacesweb.ListNetworkSettingsOutput) @@ -268,6 +295,10 @@ type WorkSpacesWebAPI interface { UpdateIdentityProviderWithContext(aws.Context, *workspacesweb.UpdateIdentityProviderInput, ...request.Option) (*workspacesweb.UpdateIdentityProviderOutput, error) UpdateIdentityProviderRequest(*workspacesweb.UpdateIdentityProviderInput) (*request.Request, *workspacesweb.UpdateIdentityProviderOutput) + UpdateIpAccessSettings(*workspacesweb.UpdateIpAccessSettingsInput) (*workspacesweb.UpdateIpAccessSettingsOutput, error) + UpdateIpAccessSettingsWithContext(aws.Context, *workspacesweb.UpdateIpAccessSettingsInput, ...request.Option) (*workspacesweb.UpdateIpAccessSettingsOutput, error) + UpdateIpAccessSettingsRequest(*workspacesweb.UpdateIpAccessSettingsInput) (*request.Request, *workspacesweb.UpdateIpAccessSettingsOutput) + UpdateNetworkSettings(*workspacesweb.UpdateNetworkSettingsInput) (*workspacesweb.UpdateNetworkSettingsOutput, error) UpdateNetworkSettingsWithContext(aws.Context, *workspacesweb.UpdateNetworkSettingsInput, ...request.Option) (*workspacesweb.UpdateNetworkSettingsOutput, error) UpdateNetworkSettingsRequest(*workspacesweb.UpdateNetworkSettingsInput) (*request.Request, *workspacesweb.UpdateNetworkSettingsOutput)