From a18206cfeb9738cf2ad7002450cb5b3417bcf5bf Mon Sep 17 00:00:00 2001 From: awstools Date: Mon, 17 Jun 2024 18:23:15 +0000 Subject: [PATCH] docs(client-secrets-manager): Doc only update for Secrets Manager --- .../src/commands/CreateSecretCommand.ts | 2 +- clients/client-secrets-manager/src/models/models_0.ts | 2 +- codegen/sdk-codegen/aws-models/secrets-manager.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/clients/client-secrets-manager/src/commands/CreateSecretCommand.ts b/clients/client-secrets-manager/src/commands/CreateSecretCommand.ts index 7adc0966989c..69783ae67093 100644 --- a/clients/client-secrets-manager/src/commands/CreateSecretCommand.ts +++ b/clients/client-secrets-manager/src/commands/CreateSecretCommand.ts @@ -59,7 +59,7 @@ export interface CreateSecretCommandOutput extends CreateSecretResponse, __Metad *

* Required permissions: * secretsmanager:CreateSecret. If you - * include tags in the secret, you also need secretsmanager:TagResource. + * include tags in the secret, you also need secretsmanager:TagResource. To add replica Regions, you must also have secretsmanager:ReplicateSecretToRegions. * For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

diff --git a/clients/client-secrets-manager/src/models/models_0.ts b/clients/client-secrets-manager/src/models/models_0.ts index 02388516f4c4..97795d54c364 100644 --- a/clients/client-secrets-manager/src/models/models_0.ts +++ b/clients/client-secrets-manager/src/models/models_0.ts @@ -1959,7 +1959,7 @@ export interface RotateSecretRequest { *

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. * The rotation schedule is defined in RotateSecretRequest$RotationRules.

*

For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the - * + * * testSecret * step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.

*

By default, Secrets Manager rotates the secret immediately.

diff --git a/codegen/sdk-codegen/aws-models/secrets-manager.json b/codegen/sdk-codegen/aws-models/secrets-manager.json index 588b08eeefe7..f4cba1801823 100644 --- a/codegen/sdk-codegen/aws-models/secrets-manager.json +++ b/codegen/sdk-codegen/aws-models/secrets-manager.json @@ -350,7 +350,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates a new secret. A secret can be a password, a set of \n credentials such as a user name and password, an OAuth token, or other secret information \n that you store in an encrypted form in Secrets Manager. The secret also \n includes the connection information to access a database or other service, which Secrets Manager \n doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the\n important information needed to manage the secret.

\n

For secrets that use managed rotation, you need to create the secret through the managing service. For more information, see Secrets Manager secrets managed by other Amazon Web Services services.\n\n

\n

For information about creating a secret in the console, see Create a secret.

\n

To create a secret, you can provide the secret value to be encrypted in either the\n SecretString parameter or the SecretBinary parameter, but not both. \n If you include SecretString or SecretBinary\n then Secrets Manager creates an initial secret version and automatically attaches the staging\n label AWSCURRENT to it.

\n

For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret,\n you must make sure the JSON you store in the SecretString matches the JSON structure of\n a database secret.

\n

If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key \n aws/secretsmanager. If this key \n doesn't already exist in your account, then Secrets Manager creates it for you automatically. All\n users and roles in the Amazon Web Services account automatically have access to use aws/secretsmanager. \n Creating aws/secretsmanager can result in a one-time significant delay in returning the \n result.

\n

If the secret is in a different Amazon Web Services account from the credentials calling the API, then \n you can't use aws/secretsmanager to encrypt the secret, and you must create \n and use a customer managed KMS key.

\n

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary or SecretString because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

\n

\n Required permissions: \n secretsmanager:CreateSecret. If you \n include tags in the secret, you also need secretsmanager:TagResource.\n For more information, see \n IAM policy actions for Secrets Manager and Authentication \n and access control in Secrets Manager.

\n

To encrypt the secret with a KMS key other than aws/secretsmanager, you need kms:GenerateDataKey and kms:Decrypt permission to the key.

", + "smithy.api#documentation": "

Creates a new secret. A secret can be a password, a set of \n credentials such as a user name and password, an OAuth token, or other secret information \n that you store in an encrypted form in Secrets Manager. The secret also \n includes the connection information to access a database or other service, which Secrets Manager \n doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the\n important information needed to manage the secret.

\n

For secrets that use managed rotation, you need to create the secret through the managing service. For more information, see Secrets Manager secrets managed by other Amazon Web Services services.\n\n

\n

For information about creating a secret in the console, see Create a secret.

\n

To create a secret, you can provide the secret value to be encrypted in either the\n SecretString parameter or the SecretBinary parameter, but not both. \n If you include SecretString or SecretBinary\n then Secrets Manager creates an initial secret version and automatically attaches the staging\n label AWSCURRENT to it.

\n

For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret,\n you must make sure the JSON you store in the SecretString matches the JSON structure of\n a database secret.

\n

If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key \n aws/secretsmanager. If this key \n doesn't already exist in your account, then Secrets Manager creates it for you automatically. All\n users and roles in the Amazon Web Services account automatically have access to use aws/secretsmanager. \n Creating aws/secretsmanager can result in a one-time significant delay in returning the \n result.

\n

If the secret is in a different Amazon Web Services account from the credentials calling the API, then \n you can't use aws/secretsmanager to encrypt the secret, and you must create \n and use a customer managed KMS key.

\n

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary or SecretString because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

\n

\n Required permissions: \n secretsmanager:CreateSecret. If you \n include tags in the secret, you also need secretsmanager:TagResource. To add replica Regions, you must also have secretsmanager:ReplicateSecretToRegions.\n For more information, see \n IAM policy actions for Secrets Manager and Authentication \n and access control in Secrets Manager.

\n

To encrypt the secret with a KMS key other than aws/secretsmanager, you need kms:GenerateDataKey and kms:Decrypt permission to the key.

", "smithy.api#examples": [ { "title": "To create a basic secret", @@ -2442,7 +2442,7 @@ "target": "com.amazonaws.secretsmanager#BooleanType", "traits": { "smithy.api#default": null, - "smithy.api#documentation": "

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. \n The rotation schedule is defined in RotateSecretRequest$RotationRules.

\n

For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the \n \n testSecret \n step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.

\n

By default, Secrets Manager rotates the secret immediately.

" + "smithy.api#documentation": "

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. \n The rotation schedule is defined in RotateSecretRequest$RotationRules.

\n

For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the \n \n testSecret \n step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.

\n

By default, Secrets Manager rotates the secret immediately.

" } } },