These interfaces allow you to apply the AWS library of pre-defined\n controls to your organizational units, programmatically. In AWS Control Tower, the terms \"control\" and \"guardrail\" are synonyms. .
\nTo call these APIs, you'll need to know:
\nthe controlIdentifier for the control--or guardrail--you are targeting.
the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.
\n To get the controlIdentifier for your AWS Control Tower\n control:\n
The controlIdentifier is an ARN that is specified for each\n control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.
The controlIdentifier is unique in each AWS Region for each control. You can\n find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.\n
A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and guardrails in the Controls reference guide section\n of the AWS Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.
\n\n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}\n
\n Example:\n
\n\n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED\n
\n To get the targetIdentifier:\n
The targetIdentifier is the ARN for an OU.
In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.
\n\n OU ARN format:\n
\n\n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}\n
\n Details and examples\n
\n\n Creating AWS Control Tower resources with AWS CloudFormation\n
\nTo view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n
\n\n Recording API Requests\n
\nAWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your\n AWS account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the AWS Control Tower service received, who made\n the request and when, and so on. For more about AWS Control Tower and its support for\n CloudTrail, see Logging AWS Control Tower\n Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User\n Guide.
", + "smithy.api#documentation": "These interfaces allow you to apply the AWS library of pre-defined\n controls to your organizational units, programmatically. In AWS Control Tower, the terms \"control\" and \"guardrail\" are synonyms.
\nTo call these APIs, you'll need to know:
\nthe controlIdentifier for the control--or guardrail--you are targeting.
the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.
the ARN associated with a resource that you wish to tag or untag.
\n\n To get the controlIdentifier for your AWS Control Tower\n control:\n
The controlIdentifier is an ARN that is specified for each\n control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.
The controlIdentifier is unique in each AWS Region for each control. You can\n find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.\n
A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and controls in the Controls reference guide section\n of the AWS Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.
\n\n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}\n
\n Example:\n
\n\n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED\n
\n To get the targetIdentifier:\n
The targetIdentifier is the ARN for an OU.
In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.
\n\n OU ARN format:\n
\n\n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}\n
\n Details and examples\n
\n\n Creating AWS Control Tower resources with AWS CloudFormation\n
\nTo view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n
\n\n Recording API Requests\n
\nAWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your\n AWS account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the AWS Control Tower service received, who made\n the request and when, and so on. For more about AWS Control Tower and its support for\n CloudTrail, see Logging AWS Control Tower\n Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User\n Guide.
", "smithy.api#title": "AWS Control Tower", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -96,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -139,7 +147,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -152,7 +161,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -166,7 +174,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -189,7 +196,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -224,7 +230,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -235,14 +240,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -256,14 +263,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -272,11 +277,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -287,14 +292,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -308,7 +315,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -328,7 +334,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -339,14 +344,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -357,9 +364,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -899,6 +908,17 @@ "expect": { "error": "Invalid Configuration: Missing Region" } + }, + { + "documentation": "Partition doesn't support DualStack", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } } ], "version": "1.0" @@ -989,7 +1009,7 @@ "statusMessage": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "If the operation result is FAILED, this string contains a message explaining\n why the operation failed.
If the operation result is FAILED, this string contains a message explaining\n why the operation failed.
This API call turns off a control. It starts an asynchronous operation that deletes AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#documentation": "This API call turns off a control. It starts an asynchronous operation that deletes AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1077,7 +1097,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.
The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.
The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", + "smithy.api#documentation": "The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", "smithy.api#required": {} } } @@ -1131,12 +1151,12 @@ "driftStatus": { "target": "com.amazonaws.controltower#DriftStatus", "traits": { - "smithy.api#documentation": "The drift status of the enabled control.
\nValid values:
\n\n DRIFTED: The enabledControl deployed in this configuration\n doesn’t match the configuration that AWS Control Tower expected.
\n IN_SYNC: The enabledControl deployed in this configuration matches\n the configuration that AWS Control Tower expected.
\n NOT_CHECKING: AWS Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.
\n UNKNOWN: AWS Control Tower is not able to check the drift status for the\n enabled control.
The drift status of the enabled control.
\nValid values:
\n\n DRIFTED: The enabledControl deployed in this configuration\n doesn’t match the configuration that AWS Control Tower expected.
\n IN_SYNC: The enabledControl deployed in this configuration matches\n the configuration that AWS Control Tower expected.
\n NOT_CHECKING: AWS Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.
\n UNKNOWN: AWS Control Tower is not able to check the drift status for the\n enabled control.
The drift summary of the enabled control.
\nAWS Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.
" + "smithy.api#documentation": "The drift summary of the enabled control.
\nAWS Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.
" } }, "com.amazonaws.controltower#EnableControl": { @@ -1171,7 +1191,7 @@ } ], "traits": { - "smithy.api#documentation": "This API call activates a control. It starts an asynchronous operation that creates AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n created will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n \n
", + "smithy.api#documentation": "This API call activates a control. It starts an asynchronous operation that creates AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n created will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1185,7 +1205,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.
The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.
The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
Tags to be applied to the EnabledControl resource.
The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", + "smithy.api#documentation": "The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", "smithy.api#required": {} } + }, + "arn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the EnabledControl resource.
\n The ARN of the enabled control.\n
" + "smithy.api#documentation": "The ARN of the enabled control.
" } }, "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "\n The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.\n
The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.
\n The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.\n
The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
\n Target AWS Regions for the enabled control.\n
" + "smithy.api#documentation": "Target AWS Regions for the enabled control.
" } }, "statusSummary": { "target": "com.amazonaws.controltower#EnablementStatusSummary", "traits": { - "smithy.api#documentation": "\n The deployment summary of the enabled control.\n
" + "smithy.api#documentation": "The deployment summary of the enabled control.
" } }, "driftStatusSummary": { "target": "com.amazonaws.controltower#DriftStatusSummary", "traits": { - "smithy.api#documentation": "\n The drift status of the enabled control.\n
" + "smithy.api#documentation": "The drift status of the enabled control.
" } } }, "traits": { - "smithy.api#documentation": "\n Information about the enabled control.\n
" + "smithy.api#documentation": "Information about the enabled control.
" } }, "com.amazonaws.controltower#EnabledControlSummary": { @@ -1260,36 +1292,36 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.
The controlIdentifier of the enabled control.
\n The ARN of the enabled control.\n
" + "smithy.api#documentation": "The ARN of the enabled control.
" } }, "targetIdentifier": { "target": "com.amazonaws.controltower#TargetIdentifier", "traits": { - "smithy.api#documentation": "\n The ARN of the organizational unit.\n
" + "smithy.api#documentation": "\n The ARN of the organizational unit.\n
" } }, "statusSummary": { "target": "com.amazonaws.controltower#EnablementStatusSummary", "traits": { - "smithy.api#documentation": "" + "smithy.api#documentation": "A short description of the status of the enabled control.
" } }, "driftStatusSummary": { "target": "com.amazonaws.controltower#DriftStatusSummary", "traits": { - "smithy.api#documentation": "\n The drift status of the enabled control.\n
" + "smithy.api#documentation": "The drift status of the enabled control.
" } } }, "traits": { - "smithy.api#documentation": "A summary of enabled controls.
" + "smithy.api#documentation": "Returns a summary of information about an enabled control.
" } }, "com.amazonaws.controltower#EnabledControls": { @@ -1329,12 +1361,12 @@ "lastOperationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "\n The last operation identifier for the enabled control.\n
" + "smithy.api#documentation": "The last operation identifier for the enabled control.
" } } }, "traits": { - "smithy.api#documentation": "\n The deployment summary of the enabled control. \n
" + "smithy.api#documentation": "The deployment summary of the enabled control.
" } }, "com.amazonaws.controltower#GetControlOperation": { @@ -1363,7 +1395,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns the status of a particular EnableControl or\n DisableControl operation. Displays a message in case of error. Details for an\n operation are available for 90 days. For usage examples, see \n the AWS Control Tower User Guide\n \n
Returns the status of a particular EnableControl or\n DisableControl operation. Displays a message in case of error. Details for an\n operation are available for 90 days. For usage examples, see \n the AWS Control Tower User Guide\n .
The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", + "smithy.api#documentation": "The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", "smithy.api#required": {} } } @@ -1422,7 +1454,7 @@ } ], "traits": { - "smithy.api#documentation": "\n Provides details about the enabled control. For usage examples, see \n the AWS Control Tower User Guide\n .
\n\n Returned values\n
\nTargetRegions: Shows target AWS Regions where the enabled control is available to be deployed.
\nStatusSummary: Provides a detailed summary of the deployment status.
\nDriftSummary: Provides a detailed summary of the drifted status.
\nRetrieves details about an enabled control. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1437,7 +1469,7 @@ "enabledControlIdentifier": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "\n The ARN of the enabled control.\n
", + "smithy.api#documentation": "The controlIdentifier of the enabled control.
\n Information about the enabled control.\n
", + "smithy.api#documentation": "Information about the enabled control.
", "smithy.api#required": {} } } @@ -1504,7 +1536,7 @@ } ], "traits": { - "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains. For usage examples, see \n the AWS Control Tower User Guide\n \n
", + "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1549,16 +1581,76 @@ "enabledControls": { "target": "com.amazonaws.controltower#EnabledControls", "traits": { - "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.
", + "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.
", "smithy.api#required": {} } }, "nextToken": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.
" + "smithy.api#documentation": "Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.
" + } + } + } + }, + "com.amazonaws.controltower#ListTagsForResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#ListTagsForResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#ListTagsForResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Returns a list of tags associated with the resource. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#http": { + "code": 200, + "method": "GET", + "uri": "/tags/{resourceArn}" + }, + "smithy.api#readonly": {} + } + }, + "com.amazonaws.controltower#ListTagsForResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the resource.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#ListTagsForResourceOutput": { + "type": "structure", + "members": { + "tags": { + "target": "com.amazonaws.controltower#TagMap", + "traits": { + "smithy.api#documentation": "A list of tags, as key:value strings.
\n The AWS Region name.\n
" + "smithy.api#documentation": "The AWS Region name.
" } } }, "traits": { - "smithy.api#documentation": "An AWS Region in which AWS Control Tower expects to find the control deployed.
\nThe expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.
" + "smithy.api#documentation": "An AWS Region in which AWS Control Tower expects to find the control deployed.
\nThe expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.
" } }, "com.amazonaws.controltower#RegionName": { @@ -1635,6 +1727,109 @@ "smithy.api#httpError": 402 } }, + "com.amazonaws.controltower#TagKey": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 128 + } + } + }, + "com.amazonaws.controltower#TagKeys": { + "type": "list", + "member": { + "target": "com.amazonaws.controltower#TagKey" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.controltower#TagMap": { + "type": "map", + "key": { + "target": "com.amazonaws.controltower#TagKey" + }, + "value": { + "target": "com.amazonaws.controltower#TagValue" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.controltower#TagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#TagResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#TagResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Applies tags to a resource. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#http": { + "code": 204, + "method": "POST", + "uri": "/tags/{resourceArn}" + } + } + }, + "com.amazonaws.controltower#TagResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the resource to be tagged.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "tags": { + "target": "com.amazonaws.controltower#TagMap", + "traits": { + "smithy.api#documentation": "Tags to be applied to the resource.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#TagResourceOutput": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.controltower#TagValue": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 256 + } + } + }, "com.amazonaws.controltower#TargetIdentifier": { "type": "string", "traits": { @@ -1695,6 +1890,65 @@ "smithy.api#timestampFormat": "date-time" } }, + "com.amazonaws.controltower#UntagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#UntagResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#UntagResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Removes tags from a resource. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#http": { + "code": 204, + "method": "DELETE", + "uri": "/tags/{resourceArn}" + } + } + }, + "com.amazonaws.controltower#UntagResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the resource.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "tagKeys": { + "target": "com.amazonaws.controltower#TagKeys", + "traits": { + "smithy.api#documentation": "Tag keys to be removed from the resource.
", + "smithy.api#httpQuery": "tagKeys", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#UntagResourceOutput": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.controltower#ValidationException": { "type": "structure", "members": { diff --git a/codegen/sdk-codegen/aws-models/cost-and-usage-report-service.json b/codegen/sdk-codegen/aws-models/cost-and-usage-report-service.json index a58d5dd784a..01cfb188b62 100644 --- a/codegen/sdk-codegen/aws-models/cost-and-usage-report-service.json +++ b/codegen/sdk-codegen/aws-models/cost-and-usage-report-service.json @@ -39,11 +39,20 @@ { "target": "com.amazonaws.costandusagereportservice#DescribeReportDefinitions" }, + { + "target": "com.amazonaws.costandusagereportservice#ListTagsForResource" + }, { "target": "com.amazonaws.costandusagereportservice#ModifyReportDefinition" }, { "target": "com.amazonaws.costandusagereportservice#PutReportDefinition" + }, + { + "target": "com.amazonaws.costandusagereportservice#TagResource" + }, + { + "target": "com.amazonaws.costandusagereportservice#UntagResource" } ], "traits": { @@ -59,7 +68,7 @@ "name": "cur" }, "aws.protocols#awsJson1_1": {}, - "smithy.api#documentation": "The AWS Cost and Usage Report API enables you to programmatically create, query, and delete \n AWS Cost and Usage report definitions.
\nAWS Cost and Usage reports track the monthly AWS costs and usage \n associated with your AWS account.\n \n The report contains line items for each unique combination of AWS product,\n usage type, and operation that your AWS account uses. \n \n You can configure the AWS Cost and Usage report to show only the data that you want, using the\n AWS Cost and Usage API.
\n\nService Endpoint
\nThe AWS Cost and Usage Report API provides the following endpoint:
\ncur.us-east-1.amazonaws.com
\nYou can use the Amazon Web Services Cost and Usage Report API to programmatically create, query, and delete \n Amazon Web Services Cost and Usage Report definitions.
\nAmazon Web Services Cost and Usage Report track the monthly Amazon Web Services costs and usage \n associated with your Amazon Web Services account.\n \n The report contains line items for each unique combination of Amazon Web Services product,\n usage type, and operation that your Amazon Web Services account uses. \n \n You can configure the Amazon Web Services Cost and Usage Report to show only the data that you want, using the\n Amazon Web Services Cost and Usage Report API.
\nService Endpoint
\nThe Amazon Web Services Cost and Usage Report API provides the following endpoint:
\ncur.us-east-1.amazonaws.com
\nThe region of the S3 bucket that AWS delivers the report into.
" + "smithy.api#documentation": "The region of the S3 bucket that Amazon Web Services delivers the report into.
" } }, "com.amazonaws.costandusagereportservice#AdditionalArtifact": { @@ -903,7 +912,7 @@ } }, "traits": { - "smithy.api#documentation": "The types of manifest that you want AWS to create for this report.
" + "smithy.api#documentation": "The types of manifest that you want Amazon Web Services to create for this report.
" } }, "com.amazonaws.costandusagereportservice#AdditionalArtifactList": { @@ -948,7 +957,7 @@ } }, "traits": { - "smithy.api#documentation": "The compression format that AWS uses for the report.
" + "smithy.api#documentation": "The compression format that Amazon Web Services uses for the report.
" } }, "com.amazonaws.costandusagereportservice#DeleteReportDefinition": { @@ -968,7 +977,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes the specified report.
", + "smithy.api#documentation": "Deletes the specified report. Any tags associated with the report are also\n deleted.
", "smithy.api#examples": [ { "title": "To delete the AWS Cost and Usage report named ExampleReport.", @@ -986,7 +995,8 @@ "ReportName": { "target": "com.amazonaws.costandusagereportservice#ReportName", "traits": { - "smithy.api#documentation": "The name of the report that you want to delete. The name must be unique, is case sensitive, and can't include spaces.
" + "smithy.api#documentation": "The name of the report that you want to delete. The name must be unique, is case sensitive, and can't include spaces.
", + "smithy.api#required": {} } } }, @@ -1027,7 +1037,7 @@ } ], "traits": { - "smithy.api#documentation": "Lists the AWS Cost and Usage reports available to this account.
", + "smithy.api#documentation": "Lists the Amazon Web Services Cost and Usage Report available to this account.
", "smithy.api#examples": [ { "title": "To list the AWS Cost and Usage reports for the account.", @@ -1089,7 +1099,7 @@ } }, "traits": { - "smithy.api#documentation": "Requests a list of AWS Cost and Usage reports owned by the account.
", + "smithy.api#documentation": "Requests a Amazon Web Services Cost and Usage Report list owned by the account.
", "smithy.api#input": {} } }, @@ -1099,7 +1109,7 @@ "ReportDefinitions": { "target": "com.amazonaws.costandusagereportservice#ReportDefinitionList", "traits": { - "smithy.api#documentation": "A list of AWS Cost and Usage reports owned by the account.
" + "smithy.api#documentation": "An Amazon Web Services Cost and Usage Report list owned by the account.
" } }, "NextToken": { @@ -1152,10 +1162,95 @@ "smithy.api#error": "server" } }, + "com.amazonaws.costandusagereportservice#LastDelivery": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 16, + "max": 20 + }, + "smithy.api#pattern": "^[0-9]{8}[T][0-9]{6}([Z]|[+-][0-9]{4})$" + } + }, + "com.amazonaws.costandusagereportservice#LastStatus": { + "type": "enum", + "members": { + "SUCCESS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SUCCESS" + } + }, + "ERROR_PERMISSIONS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ERROR_PERMISSIONS" + } + }, + "ERROR_NO_BUCKET": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ERROR_NO_BUCKET" + } + } + } + }, + "com.amazonaws.costandusagereportservice#ListTagsForResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.costandusagereportservice#ListTagsForResourceRequest" + }, + "output": { + "target": "com.amazonaws.costandusagereportservice#ListTagsForResourceResponse" + }, + "errors": [ + { + "target": "com.amazonaws.costandusagereportservice#InternalErrorException" + }, + { + "target": "com.amazonaws.costandusagereportservice#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.costandusagereportservice#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Lists the tags associated with the specified report definition.
" + } + }, + "com.amazonaws.costandusagereportservice#ListTagsForResourceRequest": { + "type": "structure", + "members": { + "ReportName": { + "target": "com.amazonaws.costandusagereportservice#ReportName", + "traits": { + "smithy.api#documentation": "The report name of the report definition that tags are to be returned for.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.costandusagereportservice#ListTagsForResourceResponse": { + "type": "structure", + "members": { + "Tags": { + "target": "com.amazonaws.costandusagereportservice#TagList", + "traits": { + "smithy.api#documentation": "The tags assigned to the report definition resource.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.costandusagereportservice#MaxResults": { "type": "integer", "traits": { - "smithy.api#documentation": "The maximum number of results that AWS returns for the operation.
", + "smithy.api#documentation": "The maximum number of results that Amazon Web Services returns for the operation.
", "smithy.api#range": { "min": 5, "max": 5 @@ -1179,7 +1274,7 @@ } ], "traits": { - "smithy.api#documentation": "Allows you to programatically update your report preferences.
" + "smithy.api#documentation": "Allows you to programmatically update your report preferences.
" } }, "com.amazonaws.costandusagereportservice#ModifyReportDefinitionRequest": { @@ -1227,6 +1322,9 @@ { "target": "com.amazonaws.costandusagereportservice#ReportLimitReachedException" }, + { + "target": "com.amazonaws.costandusagereportservice#ResourceNotFoundException" + }, { "target": "com.amazonaws.costandusagereportservice#ValidationException" } @@ -1268,6 +1366,12 @@ "smithy.api#documentation": "Represents the output of the PutReportDefinition operation. The content consists of the detailed \n metadata and data file information.
", "smithy.api#required": {} } + }, + "Tags": { + "target": "com.amazonaws.costandusagereportservice#TagList", + "traits": { + "smithy.api#documentation": "The tags to be assigned to the report definition resource.
" + } } }, "traits": { @@ -1359,12 +1463,18 @@ "BillingViewArn": { "target": "com.amazonaws.costandusagereportservice#BillingViewArn", "traits": { - "smithy.api#documentation": "\n The Amazon resource name of the billing view. You can get this value by using the billing view service public APIs.\n
" + "smithy.api#documentation": "\n The Amazon resource name of the billing view. The BillingViewArn is needed to create Amazon Web Services Cost and Usage Report for each billing group maintained in the Amazon Web Services Billing Conductor service. The BillingViewArn for a billing group can be constructed as: arn:aws:billing::payer-account-id:billingview/billing-group-primary-account-id\n
The status of the report.
" } } }, "traits": { - "smithy.api#documentation": "The definition of AWS Cost and Usage Report. You can specify the report name, \n time unit, report format, compression format, S3 bucket, additional artifacts, and schema \n elements in the definition.\n
" + "smithy.api#documentation": "The definition of Amazon Web Services Cost and Usage Report. You can specify the report name, \n time unit, report format, compression format, S3 bucket, additional artifacts, and schema \n elements in the definition.\n
" } }, "com.amazonaws.costandusagereportservice#ReportDefinitionList": { @@ -1393,7 +1503,7 @@ } }, "traits": { - "smithy.api#documentation": "The format that AWS saves the report in.
" + "smithy.api#documentation": "The format that Amazon Web Services saves the report in.
" } }, "com.amazonaws.costandusagereportservice#ReportLimitReachedException": { @@ -1419,6 +1529,26 @@ "smithy.api#pattern": "^[0-9A-Za-z!\\-_.*\\'()]+$" } }, + "com.amazonaws.costandusagereportservice#ReportStatus": { + "type": "structure", + "members": { + "lastDelivery": { + "target": "com.amazonaws.costandusagereportservice#LastDelivery", + "traits": { + "smithy.api#documentation": "A timestamp that gives the date of a report delivery.
" + } + }, + "lastStatus": { + "target": "com.amazonaws.costandusagereportservice#LastStatus", + "traits": { + "smithy.api#documentation": "An enum that gives the status of a report delivery.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A two element dictionary with a lastDelivery and lastStatus key\n whose values describe the date and status of the last delivered report for a particular report\n definition.
The specified report (ReportName) in the request doesn't exist.
The S3 bucket where AWS delivers the report.
", + "smithy.api#documentation": "The S3 bucket where Amazon Web Services delivers the report.
", "smithy.api#length": { "min": 0, "max": 256 @@ -1450,7 +1592,7 @@ "com.amazonaws.costandusagereportservice#S3Prefix": { "type": "string", "traits": { - "smithy.api#documentation": "The prefix that AWS adds to the report name when AWS delivers the report. Your prefix\n can't include spaces.
", + "smithy.api#documentation": "The prefix that Amazon Web Services adds to the report name when Amazon Web Services delivers the report. Your prefix\n can't include spaces.
", "smithy.api#length": { "min": 0, "max": 256 @@ -1472,10 +1614,16 @@ "traits": { "smithy.api#enumValue": "SPLIT_COST_ALLOCATION_DATA" } + }, + "MANUAL_DISCOUNT_COMPATIBILITY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "MANUAL_DISCOUNT_COMPATIBILITY" + } } }, "traits": { - "smithy.api#documentation": "Whether or not AWS includes resource IDs in the report.
" + "smithy.api#documentation": "Whether or not Amazon Web Services includes resource IDs in the report.
" } }, "com.amazonaws.costandusagereportservice#SchemaElementList": { @@ -1487,6 +1635,124 @@ "smithy.api#documentation": "A list of strings that indicate the content that is included in the report, such as service or usage type.
" } }, + "com.amazonaws.costandusagereportservice#Tag": { + "type": "structure", + "members": { + "Key": { + "target": "com.amazonaws.costandusagereportservice#TagKey", + "traits": { + "smithy.api#documentation": "The key of the tag. Tag keys are case sensitive. Each report definition can only have up\n to one tag with the same key. If you try to add an existing tag with the same key, the\n existing tag value will be updated to the new value.
", + "smithy.api#required": {} + } + }, + "Value": { + "target": "com.amazonaws.costandusagereportservice#TagValue", + "traits": { + "smithy.api#documentation": "The value of the tag. Tag values are case-sensitive. This can be an empty string.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Describes a tag. A tag is a key-value pair. You can add up to 50 tags to a report\n definition.
" + } + }, + "com.amazonaws.costandusagereportservice#TagKey": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 128 + }, + "smithy.api#pattern": ".*" + } + }, + "com.amazonaws.costandusagereportservice#TagKeyList": { + "type": "list", + "member": { + "target": "com.amazonaws.costandusagereportservice#TagKey" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.costandusagereportservice#TagList": { + "type": "list", + "member": { + "target": "com.amazonaws.costandusagereportservice#Tag" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.costandusagereportservice#TagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.costandusagereportservice#TagResourceRequest" + }, + "output": { + "target": "com.amazonaws.costandusagereportservice#TagResourceResponse" + }, + "errors": [ + { + "target": "com.amazonaws.costandusagereportservice#InternalErrorException" + }, + { + "target": "com.amazonaws.costandusagereportservice#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.costandusagereportservice#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Associates a set of tags with a report definition.
" + } + }, + "com.amazonaws.costandusagereportservice#TagResourceRequest": { + "type": "structure", + "members": { + "ReportName": { + "target": "com.amazonaws.costandusagereportservice#ReportName", + "traits": { + "smithy.api#documentation": "The report name of the report definition that tags are to be associated with.
", + "smithy.api#required": {} + } + }, + "Tags": { + "target": "com.amazonaws.costandusagereportservice#TagList", + "traits": { + "smithy.api#documentation": "The tags to be assigned to the report definition resource.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.costandusagereportservice#TagResourceResponse": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.costandusagereportservice#TagValue": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 256 + }, + "smithy.api#pattern": ".*" + } + }, "com.amazonaws.costandusagereportservice#TimeUnit": { "type": "enum", "members": { @@ -1513,6 +1779,58 @@ "smithy.api#documentation": "The length of time covered by the report.
" } }, + "com.amazonaws.costandusagereportservice#UntagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.costandusagereportservice#UntagResourceRequest" + }, + "output": { + "target": "com.amazonaws.costandusagereportservice#UntagResourceResponse" + }, + "errors": [ + { + "target": "com.amazonaws.costandusagereportservice#InternalErrorException" + }, + { + "target": "com.amazonaws.costandusagereportservice#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.costandusagereportservice#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Disassociates a set of tags from a report definition.
" + } + }, + "com.amazonaws.costandusagereportservice#UntagResourceRequest": { + "type": "structure", + "members": { + "ReportName": { + "target": "com.amazonaws.costandusagereportservice#ReportName", + "traits": { + "smithy.api#documentation": "The report name of the report definition that tags are to be disassociated\n from.
", + "smithy.api#required": {} + } + }, + "TagKeys": { + "target": "com.amazonaws.costandusagereportservice#TagKeyList", + "traits": { + "smithy.api#documentation": "The tags to be disassociated from the report definition resource.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.costandusagereportservice#UntagResourceResponse": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.costandusagereportservice#ValidationException": { "type": "structure", "members": { @@ -1521,7 +1839,7 @@ } }, "traits": { - "smithy.api#documentation": "The input fails to satisfy the constraints specified by an AWS service.
", + "smithy.api#documentation": "The input fails to satisfy the constraints specified by an Amazon Web Services service.
", "smithy.api#error": "client" } } diff --git a/codegen/sdk-codegen/aws-models/ec2.json b/codegen/sdk-codegen/aws-models/ec2.json index 3e10fc979c7..2aad8f89e23 100644 --- a/codegen/sdk-codegen/aws-models/ec2.json +++ b/codegen/sdk-codegen/aws-models/ec2.json @@ -7711,7 +7711,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "EnaSrdEnabled", - "smithy.api#documentation": "Indicates whether ENA Express is enabled for the network interface that's attached to the\n\t\t\tinstance.
", + "smithy.api#documentation": "Indicates whether ENA Express is enabled for the network interface.
", "smithy.api#xmlName": "enaSrdEnabled" } }, @@ -7719,13 +7719,13 @@ "target": "com.amazonaws.ec2#AttachmentEnaSrdUdpSpecification", "traits": { "aws.protocols#ec2QueryName": "EnaSrdUdpSpecification", - "smithy.api#documentation": "ENA Express configuration for UDP network traffic.
", + "smithy.api#documentation": "Configures ENA Express for UDP network traffic.
", "smithy.api#xmlName": "enaSrdUdpSpecification" } } }, "traits": { - "smithy.api#documentation": "Describes the ENA Express configuration for the network interface that's attached to the instance.
" + "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the \n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. \n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same \n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the \n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets \n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express \n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" } }, "com.amazonaws.ec2#AttachmentEnaSrdUdpSpecification": { @@ -7741,7 +7741,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes the ENA Express configuration for UDP traffic on the network interface that's attached to \n\t\t\tthe instance.
" + "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" } }, "com.amazonaws.ec2#AttachmentStatus": { @@ -31226,7 +31226,7 @@ "Filters": { "target": "com.amazonaws.ec2#FilterList", "traits": { - "smithy.api#documentation": "The filters.
\n\n affinity - The affinity setting for an instance running on a\n Dedicated Host (default | host).
\n architecture - The instance architecture (i386 |\n x86_64 | arm64).
\n availability-zone - The Availability Zone of the instance.
\n block-device-mapping.attach-time - The attach time for an EBS\n volume mapped to the instance, for example,\n 2022-09-15T17:15:20.000Z.
\n block-device-mapping.delete-on-termination - A Boolean that\n indicates whether the EBS volume is deleted on instance termination.
\n block-device-mapping.device-name - The device name specified in\n the block device mapping (for example, /dev/sdh or\n xvdh).
\n block-device-mapping.status - The status for the EBS volume\n (attaching | attached | detaching |\n detached).
\n block-device-mapping.volume-id - The volume ID of the EBS\n volume.
\n boot-mode - The boot mode that was specified by the AMI\n (legacy-bios | uefi |\n uefi-preferred).
\n capacity-reservation-id - The ID of the Capacity Reservation into which the\n instance was launched.
\n capacity-reservation-specification.capacity-reservation-preference\n - The instance's Capacity Reservation preference (open | none).
\n capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id\n - The ID of the targeted Capacity Reservation.
\n capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn\n - The ARN of the targeted Capacity Reservation group.
\n client-token - The idempotency token you provided when you\n launched the instance.
\n current-instance-boot-mode - The boot mode that is used to launch\n the instance at launch or start (legacy-bios |\n uefi).
\n dns-name - The public DNS name of the instance.
\n ebs-optimized - A Boolean that indicates whether the instance is\n optimized for Amazon EBS I/O.
\n ena-support - A Boolean that indicates whether the instance is\n enabled for enhanced networking with ENA.
\n enclave-options.enabled - A Boolean that indicates whether the\n instance is enabled for Amazon Web Services Nitro Enclaves.
\n hibernation-options.configured - A Boolean that indicates whether\n the instance is enabled for hibernation. A value of true means that\n the instance is enabled for hibernation.
\n host-id - The ID of the Dedicated Host on which the instance is\n running, if applicable.
\n hypervisor - The hypervisor type of the instance\n (ovm | xen). The value xen is used\n for both Xen and Nitro hypervisors.
\n iam-instance-profile.arn - The instance profile associated with\n the instance. Specified as an ARN.
\n iam-instance-profile.id - The instance profile associated with\n the instance. Specified as an ID.
\n iam-instance-profile.name - The instance profile associated with\n the instance. Specified as an name.
\n image-id - The ID of the image used to launch the\n instance.
\n instance-id - The ID of the instance.
\n instance-lifecycle - Indicates whether this is a Spot Instance or\n a Scheduled Instance (spot | scheduled).
\n instance-state-code - The state of the instance, as a 16-bit\n unsigned integer. The high byte is used for internal purposes and should be\n ignored. The low byte is set based on the state represented. The valid values\n are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64\n (stopping), and 80 (stopped).
\n instance-state-name - The state of the instance\n (pending | running | shutting-down |\n terminated | stopping |\n stopped).
\n instance-type - The type of instance (for example,\n t2.micro).
\n instance.group-id - The ID of the security group for the\n instance.
\n instance.group-name - The name of the security group for the\n instance.
\n ip-address - The public IPv4 address of the instance.
\n ipv6-address - The IPv6 address of the instance.
\n kernel-id - The kernel ID.
\n key-name - The name of the key pair used when the instance was\n launched.
\n launch-index - When launching multiple instances, this is the\n index for the instance in the launch group (for example, 0, 1, 2, and so on).\n
\n launch-time - The time when the instance was launched, in the ISO\n 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example,\n 2021-09-29T11:04:43.305Z. You can use a wildcard\n (*), for example, 2021-09-29T*, which matches an\n entire day.
\n maintenance-options.auto-recovery - The current automatic\n recovery behavior of the instance (disabled | default).
\n metadata-options.http-endpoint - The status of access to the HTTP\n metadata endpoint on your instance (enabled |\n disabled)
\n metadata-options.http-protocol-ipv4 - Indicates whether the IPv4\n endpoint is enabled (disabled | enabled).
\n metadata-options.http-protocol-ipv6 - Indicates whether the IPv6\n endpoint is enabled (disabled | enabled).
\n metadata-options.http-put-response-hop-limit - The HTTP metadata\n request put response hop limit (integer, possible values 1 to\n 64)
\n metadata-options.http-tokens - The metadata request authorization\n state (optional | required)
\n metadata-options.instance-metadata-tags - The status of access to\n instance tags from the instance metadata (enabled |\n disabled)
\n metadata-options.state - The state of the metadata option changes\n (pending | applied).
\n monitoring-state - Indicates whether detailed monitoring is\n enabled (disabled | enabled).
\n network-interface.addresses.association.allocation-id - The allocation ID.
\n network-interface.addresses.association.association-id - The association ID.
\n network-interface.addresses.association.carrier-ip - The carrier IP address.
\n network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.
\n network-interface.addresses.association.ip-owner-id - The owner\n ID of the private IPv4 address associated with the network interface.
\n network-interface.addresses.association.public-dns-name - The public DNS name.
\n network-interface.addresses.association.public-ip - The ID of the\n association of an Elastic IP address (IPv4) with a network interface.
\n network-interface.addresses.primary - Specifies whether the IPv4\n address of the network interface is the primary private IPv4 address.
\n network-interface.addresses.private-dns-name - The private DNS name.
\n network-interface.addresses.private-ip-address - The private IPv4\n address associated with the network interface.
\n network-interface.association.allocation-id - The allocation ID\n returned when you allocated the Elastic IP address (IPv4) for your network\n interface.
\n network-interface.association.association-id - The association ID\n returned when the network interface was associated with an IPv4 address.
\n network-interface.association.carrier-ip - The customer-owned IP address.
\n network-interface.association.customer-owned-ip - The customer-owned IP address.
\n network-interface.association.ip-owner-id - The owner of the\n Elastic IP address (IPv4) associated with the network interface.
\n network-interface.association.public-dns-name - The public DNS name.
\n network-interface.association.public-ip - The address of the\n Elastic IP address (IPv4) bound to the network interface.
\n network-interface.attachment.attach-time - The time that the\n network interface was attached to an instance.
\n network-interface.attachment.attachment-id - The ID of the\n interface attachment.
\n network-interface.attachment.delete-on-termination - Specifies\n whether the attachment is deleted when an instance is terminated.
\n network-interface.attachment.device-index - The device index to\n which the network interface is attached.
\n network-interface.attachment.instance-id - The ID of the instance\n to which the network interface is attached.
\n network-interface.attachment.instance-owner-id - The owner ID of\n the instance to which the network interface is attached.
\n network-interface.attachment.network-card-index - The index of the network card.
\n network-interface.attachment.status - The status of the\n attachment (attaching | attached |\n detaching | detached).
\n network-interface.availability-zone - The Availability Zone for\n the network interface.
\n network-interface.deny-all-igw-traffic - A Boolean that indicates whether \n a network interface with an IPv6 address is unreachable from the public internet.
\n network-interface.description - The description of the network\n interface.
\n network-interface.group-id - The ID of a security group\n associated with the network interface.
\n network-interface.group-name - The name of a security group\n associated with the network interface.
\n network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.
\n network-interface.ipv6-address - The IPv6 address associated with the network interface.
\n network-interface.ipv6-addresses.ipv6-address - The IPv6 address\n associated with the network interface.
\n network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this\n is the primary IPv6 address.
\n network-interface.ipv6-native - A Boolean that indicates whether this is\n an IPv6 only network interface.
\n network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.
\n network-interface.mac-address - The MAC address of the network\n interface.
\n network-interface.network-interface-id - The ID of the network\n interface.
\n network-interface.outpost-arn - The ARN of the Outpost.
\n network-interface.owner-id - The ID of the owner of the network\n interface.
\n network-interface.private-dns-name - The private DNS name of the\n network interface.
\n network-interface.private-ip-address - The private IPv4 address.
\n network-interface.public-dns-name - The public DNS name.
\n network-interface.requester-id - The requester ID for the network\n interface.
\n network-interface.requester-managed - Indicates whether the\n network interface is being managed by Amazon Web Services.
\n network-interface.status - The status of the network interface\n (available) | in-use).
\n network-interface.source-dest-check - Whether the network\n interface performs source/destination checking. A value of true\n means that checking is enabled, and false means that checking is\n disabled. The value must be false for the network interface to\n perform network address translation (NAT) in your VPC.
\n network-interface.subnet-id - The ID of the subnet for the\n network interface.
\n network-interface.tag-key - The key of a tag assigned to the network interface.
\n network-interface.tag-value - The value of a tag assigned to the network interface.
\n network-interface.vpc-id - The ID of the VPC for the network\n interface.
\n outpost-arn - The Amazon Resource Name (ARN) of the\n Outpost.
\n owner-id - The Amazon Web Services account ID of the instance\n owner.
\n placement-group-name - The name of the placement group for the\n instance.
\n placement-partition-number - The partition in which the instance is\n located.
\n platform - The platform. To list only Windows instances, use\n windows.
\n platform-details - The platform (Linux/UNIX |\n Red Hat BYOL Linux | Red Hat Enterprise Linux |\n Red Hat Enterprise Linux with HA | Red Hat Enterprise\n Linux with SQL Server Standard and HA | Red Hat Enterprise\n Linux with SQL Server Enterprise and HA | Red Hat Enterprise\n Linux with SQL Server Standard | Red Hat Enterprise Linux with\n SQL Server Web | Red Hat Enterprise Linux with SQL Server\n Enterprise | SQL Server Enterprise | SQL Server\n Standard | SQL Server Web | SUSE Linux |\n Ubuntu Pro | Windows | Windows BYOL |\n Windows with SQL Server Enterprise | Windows with SQL\n Server Standard | Windows with SQL Server Web).
\n private-dns-name - The private IPv4 DNS name of the\n instance.
\n private-dns-name-options.enable-resource-name-dns-a-record - A\n Boolean that indicates whether to respond to DNS queries for instance hostnames\n with DNS A records.
\n private-dns-name-options.enable-resource-name-dns-aaaa-record - A\n Boolean that indicates whether to respond to DNS queries for instance hostnames\n with DNS AAAA records.
\n private-dns-name-options.hostname-type - The type of hostname\n (ip-name | resource-name).
\n private-ip-address - The private IPv4 address of the\n instance.
\n product-code - The product code associated with the AMI used to\n launch the instance.
\n product-code.type - The type of product code (devpay\n | marketplace).
\n ramdisk-id - The RAM disk ID.
\n reason - The reason for the current state of the instance (for\n example, shows \"User Initiated [date]\" when you stop or terminate the instance).\n Similar to the state-reason-code filter.
\n requester-id - The ID of the entity that launched the instance on\n your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so\n on).
\n reservation-id - The ID of the instance's reservation. A\n reservation ID is created any time you launch an instance. A reservation ID has\n a one-to-one relationship with an instance launch request, but can be associated\n with more than one instance if you launch multiple instances using the same\n launch request. For example, if you launch one instance, you get one reservation\n ID. If you launch ten instances using the same launch request, you also get one\n reservation ID.
\n root-device-name - The device name of the root device volume (for\n example, /dev/sda1).
\n root-device-type - The type of the root device volume\n (ebs | instance-store).
\n source-dest-check - Indicates whether the instance performs\n source/destination checking. A value of true means that checking is\n enabled, and false means that checking is disabled. The value must\n be false for the instance to perform network address translation\n (NAT) in your VPC.
\n spot-instance-request-id - The ID of the Spot Instance\n request.
\n state-reason-code - The reason code for the state change.
\n state-reason-message - A message that describes the state\n change.
\n subnet-id - The ID of the subnet for the instance.
\n tag: - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.\n For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
\n tenancy - The tenancy of an instance (dedicated |\n default | host).
\n tpm-support - Indicates if the instance is configured for\n NitroTPM support (v2.0).
\n usage-operation - The usage operation value for the instance\n (RunInstances | RunInstances:00g0 |\n RunInstances:0010 | RunInstances:1010 |\n RunInstances:1014 | RunInstances:1110 |\n RunInstances:0014 | RunInstances:0210 |\n RunInstances:0110 | RunInstances:0100 |\n RunInstances:0004 | RunInstances:0200 |\n RunInstances:000g | RunInstances:0g00 |\n RunInstances:0002 | RunInstances:0800 |\n RunInstances:0102 | RunInstances:0006 |\n RunInstances:0202).
\n usage-operation-update-time - The time that the usage operation\n was last updated, for example, 2022-09-15T17:15:20.000Z.
\n virtualization-type - The virtualization type of the instance\n (paravirtual | hvm).
\n vpc-id - The ID of the VPC that the instance is running in.
The filters.
\n\n affinity - The affinity setting for an instance running on a\n Dedicated Host (default | host).
\n architecture - The instance architecture (i386 |\n x86_64 | arm64).
\n availability-zone - The Availability Zone of the instance.
\n block-device-mapping.attach-time - The attach time for an EBS\n volume mapped to the instance, for example,\n 2022-09-15T17:15:20.000Z.
\n block-device-mapping.delete-on-termination - A Boolean that\n indicates whether the EBS volume is deleted on instance termination.
\n block-device-mapping.device-name - The device name specified in\n the block device mapping (for example, /dev/sdh or\n xvdh).
\n block-device-mapping.status - The status for the EBS volume\n (attaching | attached | detaching |\n detached).
\n block-device-mapping.volume-id - The volume ID of the EBS\n volume.
\n boot-mode - The boot mode that was specified by the AMI\n (legacy-bios | uefi |\n uefi-preferred).
\n capacity-reservation-id - The ID of the Capacity Reservation into which the\n instance was launched.
\n capacity-reservation-specification.capacity-reservation-preference\n - The instance's Capacity Reservation preference (open | none).
\n capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id\n - The ID of the targeted Capacity Reservation.
\n capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn\n - The ARN of the targeted Capacity Reservation group.
\n client-token - The idempotency token you provided when you\n launched the instance.
\n current-instance-boot-mode - The boot mode that is used to launch\n the instance at launch or start (legacy-bios |\n uefi).
\n dns-name - The public DNS name of the instance.
\n ebs-optimized - A Boolean that indicates whether the instance is\n optimized for Amazon EBS I/O.
\n ena-support - A Boolean that indicates whether the instance is\n enabled for enhanced networking with ENA.
\n enclave-options.enabled - A Boolean that indicates whether the\n instance is enabled for Amazon Web Services Nitro Enclaves.
\n hibernation-options.configured - A Boolean that indicates whether\n the instance is enabled for hibernation. A value of true means that\n the instance is enabled for hibernation.
\n host-id - The ID of the Dedicated Host on which the instance is\n running, if applicable.
\n hypervisor - The hypervisor type of the instance\n (ovm | xen). The value xen is used\n for both Xen and Nitro hypervisors.
\n iam-instance-profile.arn - The instance profile associated with\n the instance. Specified as an ARN.
\n iam-instance-profile.id - The instance profile associated with\n the instance. Specified as an ID.
\n iam-instance-profile.name - The instance profile associated with\n the instance. Specified as an name.
\n image-id - The ID of the image used to launch the\n instance.
\n instance-id - The ID of the instance.
\n instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled Instance, or\n a Capacity Block (spot | scheduled | capacity-block).
\n instance-state-code - The state of the instance, as a 16-bit\n unsigned integer. The high byte is used for internal purposes and should be\n ignored. The low byte is set based on the state represented. The valid values\n are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64\n (stopping), and 80 (stopped).
\n instance-state-name - The state of the instance\n (pending | running | shutting-down |\n terminated | stopping |\n stopped).
\n instance-type - The type of instance (for example,\n t2.micro).
\n instance.group-id - The ID of the security group for the\n instance.
\n instance.group-name - The name of the security group for the\n instance.
\n ip-address - The public IPv4 address of the instance.
\n ipv6-address - The IPv6 address of the instance.
\n kernel-id - The kernel ID.
\n key-name - The name of the key pair used when the instance was\n launched.
\n launch-index - When launching multiple instances, this is the\n index for the instance in the launch group (for example, 0, 1, 2, and so on).\n
\n launch-time - The time when the instance was launched, in the ISO\n 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example,\n 2021-09-29T11:04:43.305Z. You can use a wildcard\n (*), for example, 2021-09-29T*, which matches an\n entire day.
\n maintenance-options.auto-recovery - The current automatic\n recovery behavior of the instance (disabled | default).
\n metadata-options.http-endpoint - The status of access to the HTTP\n metadata endpoint on your instance (enabled |\n disabled)
\n metadata-options.http-protocol-ipv4 - Indicates whether the IPv4\n endpoint is enabled (disabled | enabled).
\n metadata-options.http-protocol-ipv6 - Indicates whether the IPv6\n endpoint is enabled (disabled | enabled).
\n metadata-options.http-put-response-hop-limit - The HTTP metadata\n request put response hop limit (integer, possible values 1 to\n 64)
\n metadata-options.http-tokens - The metadata request authorization\n state (optional | required)
\n metadata-options.instance-metadata-tags - The status of access to\n instance tags from the instance metadata (enabled |\n disabled)
\n metadata-options.state - The state of the metadata option changes\n (pending | applied).
\n monitoring-state - Indicates whether detailed monitoring is\n enabled (disabled | enabled).
\n network-interface.addresses.association.allocation-id - The allocation ID.
\n network-interface.addresses.association.association-id - The association ID.
\n network-interface.addresses.association.carrier-ip - The carrier IP address.
\n network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.
\n network-interface.addresses.association.ip-owner-id - The owner\n ID of the private IPv4 address associated with the network interface.
\n network-interface.addresses.association.public-dns-name - The public DNS name.
\n network-interface.addresses.association.public-ip - The ID of the\n association of an Elastic IP address (IPv4) with a network interface.
\n network-interface.addresses.primary - Specifies whether the IPv4\n address of the network interface is the primary private IPv4 address.
\n network-interface.addresses.private-dns-name - The private DNS name.
\n network-interface.addresses.private-ip-address - The private IPv4\n address associated with the network interface.
\n network-interface.association.allocation-id - The allocation ID\n returned when you allocated the Elastic IP address (IPv4) for your network\n interface.
\n network-interface.association.association-id - The association ID\n returned when the network interface was associated with an IPv4 address.
\n network-interface.association.carrier-ip - The customer-owned IP address.
\n network-interface.association.customer-owned-ip - The customer-owned IP address.
\n network-interface.association.ip-owner-id - The owner of the\n Elastic IP address (IPv4) associated with the network interface.
\n network-interface.association.public-dns-name - The public DNS name.
\n network-interface.association.public-ip - The address of the\n Elastic IP address (IPv4) bound to the network interface.
\n network-interface.attachment.attach-time - The time that the\n network interface was attached to an instance.
\n network-interface.attachment.attachment-id - The ID of the\n interface attachment.
\n network-interface.attachment.delete-on-termination - Specifies\n whether the attachment is deleted when an instance is terminated.
\n network-interface.attachment.device-index - The device index to\n which the network interface is attached.
\n network-interface.attachment.instance-id - The ID of the instance\n to which the network interface is attached.
\n network-interface.attachment.instance-owner-id - The owner ID of\n the instance to which the network interface is attached.
\n network-interface.attachment.network-card-index - The index of the network card.
\n network-interface.attachment.status - The status of the\n attachment (attaching | attached |\n detaching | detached).
\n network-interface.availability-zone - The Availability Zone for\n the network interface.
\n network-interface.deny-all-igw-traffic - A Boolean that indicates whether \n a network interface with an IPv6 address is unreachable from the public internet.
\n network-interface.description - The description of the network\n interface.
\n network-interface.group-id - The ID of a security group\n associated with the network interface.
\n network-interface.group-name - The name of a security group\n associated with the network interface.
\n network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.
\n network-interface.ipv6-address - The IPv6 address associated with the network interface.
\n network-interface.ipv6-addresses.ipv6-address - The IPv6 address\n associated with the network interface.
\n network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this\n is the primary IPv6 address.
\n network-interface.ipv6-native - A Boolean that indicates whether this is\n an IPv6 only network interface.
\n network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.
\n network-interface.mac-address - The MAC address of the network\n interface.
\n network-interface.network-interface-id - The ID of the network\n interface.
\n network-interface.outpost-arn - The ARN of the Outpost.
\n network-interface.owner-id - The ID of the owner of the network\n interface.
\n network-interface.private-dns-name - The private DNS name of the\n network interface.
\n network-interface.private-ip-address - The private IPv4 address.
\n network-interface.public-dns-name - The public DNS name.
\n network-interface.requester-id - The requester ID for the network\n interface.
\n network-interface.requester-managed - Indicates whether the\n network interface is being managed by Amazon Web Services.
\n network-interface.status - The status of the network interface\n (available) | in-use).
\n network-interface.source-dest-check - Whether the network\n interface performs source/destination checking. A value of true\n means that checking is enabled, and false means that checking is\n disabled. The value must be false for the network interface to\n perform network address translation (NAT) in your VPC.
\n network-interface.subnet-id - The ID of the subnet for the\n network interface.
\n network-interface.tag-key - The key of a tag assigned to the network interface.
\n network-interface.tag-value - The value of a tag assigned to the network interface.
\n network-interface.vpc-id - The ID of the VPC for the network\n interface.
\n outpost-arn - The Amazon Resource Name (ARN) of the\n Outpost.
\n owner-id - The Amazon Web Services account ID of the instance\n owner.
\n placement-group-name - The name of the placement group for the\n instance.
\n placement-partition-number - The partition in which the instance is\n located.
\n platform - The platform. To list only Windows instances, use\n windows.
\n platform-details - The platform (Linux/UNIX |\n Red Hat BYOL Linux | Red Hat Enterprise Linux |\n Red Hat Enterprise Linux with HA | Red Hat Enterprise\n Linux with SQL Server Standard and HA | Red Hat Enterprise\n Linux with SQL Server Enterprise and HA | Red Hat Enterprise\n Linux with SQL Server Standard | Red Hat Enterprise Linux with\n SQL Server Web | Red Hat Enterprise Linux with SQL Server\n Enterprise | SQL Server Enterprise | SQL Server\n Standard | SQL Server Web | SUSE Linux |\n Ubuntu Pro | Windows | Windows BYOL |\n Windows with SQL Server Enterprise | Windows with SQL\n Server Standard | Windows with SQL Server Web).
\n private-dns-name - The private IPv4 DNS name of the\n instance.
\n private-dns-name-options.enable-resource-name-dns-a-record - A\n Boolean that indicates whether to respond to DNS queries for instance hostnames\n with DNS A records.
\n private-dns-name-options.enable-resource-name-dns-aaaa-record - A\n Boolean that indicates whether to respond to DNS queries for instance hostnames\n with DNS AAAA records.
\n private-dns-name-options.hostname-type - The type of hostname\n (ip-name | resource-name).
\n private-ip-address - The private IPv4 address of the\n instance.
\n product-code - The product code associated with the AMI used to\n launch the instance.
\n product-code.type - The type of product code (devpay\n | marketplace).
\n ramdisk-id - The RAM disk ID.
\n reason - The reason for the current state of the instance (for\n example, shows \"User Initiated [date]\" when you stop or terminate the instance).\n Similar to the state-reason-code filter.
\n requester-id - The ID of the entity that launched the instance on\n your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so\n on).
\n reservation-id - The ID of the instance's reservation. A\n reservation ID is created any time you launch an instance. A reservation ID has\n a one-to-one relationship with an instance launch request, but can be associated\n with more than one instance if you launch multiple instances using the same\n launch request. For example, if you launch one instance, you get one reservation\n ID. If you launch ten instances using the same launch request, you also get one\n reservation ID.
\n root-device-name - The device name of the root device volume (for\n example, /dev/sda1).
\n root-device-type - The type of the root device volume\n (ebs | instance-store).
\n source-dest-check - Indicates whether the instance performs\n source/destination checking. A value of true means that checking is\n enabled, and false means that checking is disabled. The value must\n be false for the instance to perform network address translation\n (NAT) in your VPC.
\n spot-instance-request-id - The ID of the Spot Instance\n request.
\n state-reason-code - The reason code for the state change.
\n state-reason-message - A message that describes the state\n change.
\n subnet-id - The ID of the subnet for the instance.
\n tag: - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.\n For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
\n tenancy - The tenancy of an instance (dedicated |\n default | host).
\n tpm-support - Indicates if the instance is configured for\n NitroTPM support (v2.0).
\n usage-operation - The usage operation value for the instance\n (RunInstances | RunInstances:00g0 |\n RunInstances:0010 | RunInstances:1010 |\n RunInstances:1014 | RunInstances:1110 |\n RunInstances:0014 | RunInstances:0210 |\n RunInstances:0110 | RunInstances:0100 |\n RunInstances:0004 | RunInstances:0200 |\n RunInstances:000g | RunInstances:0g00 |\n RunInstances:0002 | RunInstances:0800 |\n RunInstances:0102 | RunInstances:0006 |\n RunInstances:0202).
\n usage-operation-update-time - The time that the usage operation\n was last updated, for example, 2022-09-15T17:15:20.000Z.
\n virtualization-type - The virtualization type of the instance\n (paravirtual | hvm).
\n vpc-id - The ID of the VPC that the instance is running in.
ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the \n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. \n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same \n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the \n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets \n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express \n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" } }, + "com.amazonaws.ec2#EnaSrdSpecificationRequest": { + "type": "structure", + "members": { + "EnaSrdEnabled": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Specifies whether ENA Express is enabled for the network interface when you \n\t\t\tlaunch an instance from your launch template.
" + } + }, + "EnaSrdUdpSpecification": { + "target": "com.amazonaws.ec2#EnaSrdUdpSpecificationRequest", + "traits": { + "smithy.api#documentation": "Contains ENA Express settings for UDP network traffic in your launch template.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Launch instances with ENA Express settings configured \n\t\t\tfrom your launch template.
" + } + }, "com.amazonaws.ec2#EnaSrdSupported": { "type": "boolean" }, @@ -44442,12 +44462,26 @@ "EnaSrdUdpEnabled": { "target": "com.amazonaws.ec2#Boolean", "traits": { - "smithy.api#documentation": "Indicates whether UDP traffic uses ENA Express. To specify this setting, you must first enable ENA Express.
" + "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, \n\t\t\tyou must first enable ENA Express.
" + } + } + }, + "traits": { + "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" + } + }, + "com.amazonaws.ec2#EnaSrdUdpSpecificationRequest": { + "type": "structure", + "members": { + "EnaSrdUdpEnabled": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Indicates whether UDP traffic uses ENA Express for your instance. To ensure that \n\t\t\tUDP traffic can use ENA Express when you launch an instance, you must also set \n\t\t\tEnaSrdEnabled in the EnaSrdSpecificationRequest to true in your \n\t\t\tlaunch template.
ENA Express is compatible with both TCP and UDP transport protocols. When it’s enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" + "smithy.api#documentation": "Configures ENA Express for UDP network traffic from your launch template.
" } }, "com.amazonaws.ec2#EnaSupport": { @@ -56300,6 +56334,46 @@ "smithy.api#documentation": "Describes an instance.
" } }, + "com.amazonaws.ec2#InstanceAttachmentEnaSrdSpecification": { + "type": "structure", + "members": { + "EnaSrdEnabled": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdEnabled", + "smithy.api#documentation": "Indicates whether ENA Express is enabled for the network interface.
", + "smithy.api#xmlName": "enaSrdEnabled" + } + }, + "EnaSrdUdpSpecification": { + "target": "com.amazonaws.ec2#InstanceAttachmentEnaSrdUdpSpecification", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdUdpSpecification", + "smithy.api#documentation": "Configures ENA Express for UDP network traffic.
", + "smithy.api#xmlName": "enaSrdUdpSpecification" + } + } + }, + "traits": { + "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the \n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. \n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same \n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the \n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets \n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express \n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" + } + }, + "com.amazonaws.ec2#InstanceAttachmentEnaSrdUdpSpecification": { + "type": "structure", + "members": { + "EnaSrdUdpEnabled": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdUdpEnabled", + "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, \n\t\t\tyou must first enable ENA Express.
", + "smithy.api#xmlName": "enaSrdUdpEnabled" + } + } + }, + "traits": { + "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" + } + }, "com.amazonaws.ec2#InstanceAttribute": { "type": "structure", "members": { @@ -57958,6 +58032,14 @@ "smithy.api#documentation": "The index of the network card.
", "smithy.api#xmlName": "networkCardIndex" } + }, + "EnaSrdSpecification": { + "target": "com.amazonaws.ec2#InstanceAttachmentEnaSrdSpecification", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdSpecification", + "smithy.api#documentation": "Contains the ENA Express settings for the network interface that's attached \n\t\t\tto the instance.
", + "smithy.api#xmlName": "enaSrdSpecification" + } } }, "traits": { @@ -58120,6 +58202,12 @@ "traits": { "smithy.api#documentation": "The primary IPv6 address of the network interface. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information about primary IPv6 addresses, see RunInstances.
" } + }, + "EnaSrdSpecification": { + "target": "com.amazonaws.ec2#EnaSrdSpecificationRequest", + "traits": { + "smithy.api#documentation": "Specifies the ENA Express settings for the network interface that's attached to \n\t\t\tthe instance.
" + } } }, "traits": { @@ -67655,6 +67743,46 @@ } } }, + "com.amazonaws.ec2#LaunchTemplateEnaSrdSpecification": { + "type": "structure", + "members": { + "EnaSrdEnabled": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdEnabled", + "smithy.api#documentation": "Indicates whether ENA Express is enabled for the network interface.
", + "smithy.api#xmlName": "enaSrdEnabled" + } + }, + "EnaSrdUdpSpecification": { + "target": "com.amazonaws.ec2#LaunchTemplateEnaSrdUdpSpecification", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdUdpSpecification", + "smithy.api#documentation": "Configures ENA Express for UDP network traffic.
", + "smithy.api#xmlName": "enaSrdUdpSpecification" + } + } + }, + "traits": { + "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the \n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. \n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same \n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the \n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets \n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express \n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" + } + }, + "com.amazonaws.ec2#LaunchTemplateEnaSrdUdpSpecification": { + "type": "structure", + "members": { + "EnaSrdUdpEnabled": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdUdpEnabled", + "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, \n\t\t\tyou must first enable ENA Express.
", + "smithy.api#xmlName": "enaSrdUdpEnabled" + } + } + }, + "traits": { + "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" + } + }, "com.amazonaws.ec2#LaunchTemplateEnclaveOptions": { "type": "structure", "members": { @@ -68227,6 +68355,14 @@ "smithy.api#documentation": "The primary IPv6 address of the network interface. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information about primary IPv6 addresses, see RunInstances.
", "smithy.api#xmlName": "primaryIpv6" } + }, + "EnaSrdSpecification": { + "target": "com.amazonaws.ec2#LaunchTemplateEnaSrdSpecification", + "traits": { + "aws.protocols#ec2QueryName": "EnaSrdSpecification", + "smithy.api#documentation": "Contains the ENA Express settings for instances launched from your launch template.
", + "smithy.api#xmlName": "enaSrdSpecification" + } } }, "traits": { @@ -68367,6 +68503,12 @@ "traits": { "smithy.api#documentation": "The primary IPv6 address of the network interface. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information about primary IPv6 addresses, see RunInstances.
" } + }, + "EnaSrdSpecification": { + "target": "com.amazonaws.ec2#EnaSrdSpecificationRequest", + "traits": { + "smithy.api#documentation": "Configure ENA Express settings for your launch template.
" + } } }, "traits": { @@ -68882,7 +69024,7 @@ "ResourceType": { "target": "com.amazonaws.ec2#ResourceType", "traits": { - "smithy.api#documentation": "The type of resource to tag.
\nValid Values lists all resource types for Amazon EC2 that can be tagged. When\n you create a launch template, you can specify tags for the following resource types\n only: instance | volume | elastic-gpu |\n network-interface | spot-instances-request.\n If the instance does include the resource type that you specify, the instance \n launch fails. For example, not all instance types include an Elastic GPU.
To tag a resource after it has been created, see CreateTags.
" + "smithy.api#documentation": "The type of resource to tag.
\nValid Values lists all resource types for Amazon EC2 that can be tagged. When\n you create a launch template, you can specify tags for the following resource types\n only: instance | volume | elastic-gpu |\n network-interface | spot-instances-request.\n If the instance does not include the resource type that you specify, the instance \n launch fails. For example, not all instance types include an Elastic GPU.
To tag a resource after it has been created, see CreateTags.
" } }, "Tags": { @@ -84037,14 +84179,14 @@ "SecurityGroupIds": { "target": "com.amazonaws.ec2#SecurityGroupIdStringList", "traits": { - "smithy.api#documentation": "One or more security group IDs. You can create a security group using CreateSecurityGroup. You cannot specify both a security group ID and\n security name in the same request.
", + "smithy.api#documentation": "One or more security group IDs. You can create a security group using CreateSecurityGroup.
", "smithy.api#xmlName": "SecurityGroupId" } }, "SecurityGroups": { "target": "com.amazonaws.ec2#SecurityGroupStringList", "traits": { - "smithy.api#documentation": "One or more security group names. For a nondefault VPC, you must use security group\n IDs instead. You cannot specify both a security group ID and security name in the same\n request.
", + "smithy.api#documentation": "One or more security group names. For a nondefault VPC, you must use security group\n IDs instead.
", "smithy.api#xmlName": "SecurityGroup" } }, diff --git a/codegen/sdk-codegen/aws-models/fms.json b/codegen/sdk-codegen/aws-models/fms.json index 59156a45a25..1430dd10a28 100644 --- a/codegen/sdk-codegen/aws-models/fms.json +++ b/codegen/sdk-codegen/aws-models/fms.json @@ -2227,7 +2227,7 @@ "target": "com.amazonaws.fms#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "If True, the request performs cleanup according to the policy type.
For WAF and Shield Advanced policies, the cleanup does the following:
\nDeletes rule groups created by Firewall Manager
\nRemoves web ACLs from in-scope resources
\nDeletes web ACLs that contain no rules or rule groups
\nFor security group policies, the cleanup does the following for each security group in\n the policy:
\nDisassociates the security group from in-scope resources
\nDeletes the security group if it was created through Firewall Manager and if it's\n no longer associated with any resources through another policy
\nAfter the cleanup, in-scope resources are no longer protected by web ACLs in this policy.\n Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you\n create and accounts that you associate with the policy. When creating the policy, if you\n specify that only resources in specific accounts or with specific tags are in scope of the\n policy, those accounts and resources are handled by the policy. All others are out of scope.\n If you don't specify tags or accounts, all resources are in scope.
" + "smithy.api#documentation": "If True, the request performs cleanup according to the policy type.
For WAF and Shield Advanced policies, the cleanup does the following:
\nDeletes rule groups created by Firewall Manager
\nRemoves web ACLs from in-scope resources
\nDeletes web ACLs that contain no rules or rule groups
\nFor security group policies, the cleanup does the following for each security group in\n the policy:
\nDisassociates the security group from in-scope resources
\nDeletes the security group if it was created through Firewall Manager and if it's\n no longer associated with any resources through another policy
\nFor security group common policies, even if set to False, Firewall Manager deletes all security groups created by Firewall Manager that aren't associated with any other resources through another policy.
After the cleanup, in-scope resources are no longer protected by web ACLs in this policy.\n Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you\n create and accounts that you associate with the policy. When creating the policy, if you\n specify that only resources in specific accounts or with specific tags are in scope of the\n policy, those accounts and resources are handled by the policy. All others are out of scope.\n If you don't specify tags or accounts, all resources are in scope.
" } } }, @@ -3807,7 +3807,7 @@ "PolicyId": { "target": "com.amazonaws.fms#PolicyId", "traits": { - "smithy.api#documentation": "The ID of the Firewall Manager policy that you want the details for. This currently only supports security group content audit policies.
", + "smithy.api#documentation": "The ID of the Firewall Manager policy that you want the details for. You can get violation details for the following policy types:
\nDNS Firewall
\nImported Network Firewall
\nNetwork Firewall
\nSecurity group content audit
\nThird-party firewall
\nThe type of resource protected by or in scope of the policy. This is in the format shown\n in the Amazon Web Services Resource Types Reference.\n To apply this policy to multiple resource types, specify a resource type of ResourceTypeList and then specify the resource types in a ResourceTypeList.
For WAF and Shield Advanced, resource types include\n AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP, and\n AWS::CloudFront::Distribution. For a security group common policy, valid values\n are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a\n security group content audit policy, valid values are AWS::EC2::SecurityGroup,\n AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security\n group usage audit policy, the value is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS Firewall policy,\n the value is AWS::EC2::VPC.
The type of resource protected by or in scope of the policy. This is in the format shown\n in the Amazon Web Services Resource Types Reference.\n To apply this policy to multiple resource types, specify a resource type of ResourceTypeList and then specify the resource types in a ResourceTypeList.
The following are valid resource types for each Firewall Manager policy type:
\nAmazon Web Services WAF Classic - AWS::ApiGateway::Stage, AWS::CloudFront::Distribution, and AWS::ElasticLoadBalancingV2::LoadBalancer.
WAF - AWS::ApiGateway::Stage, AWS::ElasticLoadBalancingV2::LoadBalancer, and AWS::CloudFront::Distribution.
DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC.
Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP, and AWS::CloudFront::Distribution.
Security group content audit - AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance.
Security group usage audit - AWS::EC2::SecurityGroup.
Creates an Firewall Manager policy.
\nFirewall Manager provides the following types of policies:
\nAn WAF policy (type WAFV2), which defines rule groups to run first in the\n corresponding WAF web ACL and rule groups to run last in the web ACL.
\nAn WAF Classic policy (type WAF), which defines a rule group.
\nA Shield Advanced policy, which applies Shield Advanced protection to specified\n accounts and resources.
\nA security group policy, which manages VPC security groups across your Amazon Web Services\n organization.
\nAn Network Firewall policy, which provides firewall rules to filter network traffic in specified\n Amazon VPCs.
\nA DNS Firewall policy, which provides Route 53 Resolver DNS Firewall rules to filter DNS queries for\n specified VPCs.
\nEach policy is specific to one of the types. If you want to enforce more than one\n policy type across accounts, create multiple policies. You can create multiple\n policies for each type.
\nYou must be subscribed to Shield Advanced to create a Shield Advanced policy. For more\n information about subscribing to Shield Advanced, see\n CreateSubscription.
" + "smithy.api#documentation": "Creates an Firewall Manager policy.
\nA Firewall Manager policy is specific to the individual policy type. If you want to enforce multiple\n\t\tpolicy types across accounts, you can create multiple policies. You can create more than one\n\t\tpolicy for each type.
\nIf you add a new account to an organization that you created with Organizations, Firewall Manager\n\t\tautomatically applies the policy to the resources in that account that are within scope of\n\t\tthe policy.
\nFirewall Manager provides the following types of policies:
\n\n Shield Advanced policy - This policy applies Shield Advanced\n\t\t\t\tprotection to specified accounts and resources.
\n\n Security Groups policy - This type of policy gives you\n\t\t\t\tcontrol over security groups that are in use throughout your organization in\n\t\t\t\tOrganizations and lets you enforce a baseline set of rules across your organization.
\n\n Network Firewall policy - This policy applies\n\t\t\t\tNetwork Firewall protection to your organization's VPCs.
\n\n DNS Firewall policy - This policy applies\n\t\t\t\tAmazon Route 53 Resolver DNS Firewall protections to your organization's VPCs.
\n\n Third-party firewall policy - This policy applies third-party firewall protections. Third-party firewalls are available by subscription through the Amazon Web Services Marketplace console at Amazon Web Services Marketplace.
\n\n Palo Alto Networks Cloud NGFW policy - This policy applies Palo Alto Networks Cloud Next Generation Firewall (NGFW) protections and Palo Alto Networks Cloud NGFW rulestacks to your organization's VPCs.
\n\n Fortigate CNF policy - This policy applies\n\t\t\t\t\t\tFortigate Cloud Native Firewall (CNF) protections. Fortigate CNF is a cloud-centered solution that blocks Zero-Day threats and secures cloud infrastructures with industry-leading advanced threat prevention, smart web application firewalls (WAF), and API protection.
\nDetails about the service that are specific to the service type, in JSON format.
\nExample: DNS_FIREWALL\n
\n \"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"\n
Valid values for preProcessRuleGroups are between 1 and 99. Valid\n values for postProcessRuleGroups are between 9901 and 10000.
Example: IMPORT_NETWORK_FIREWALL\n \"{\\\"type\\\":\\\"IMPORT_NETWORK_FIREWALL\\\",\\\"awsNetworkFirewallConfig\\\":{\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-2:000000000000:stateless-rulegroup\\/rg1\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:drop\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup\\/ThreatSignaturesEmergingEventsStrictOrder\\\",\\\"priority\\\":8}],\\\"networkFirewallStatefulEngineOptions\\\":{\\\"ruleOrder\\\":\\\"STRICT_ORDER\\\"},\\\"networkFirewallStatefulDefaultActions\\\":[\\\"aws:drop_strict\\\"]}}\"\n
\n \"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"\n
Valid values for preProcessRuleGroups are between 1 and 99. Valid\n values for postProcessRuleGroups are between 9901 and 10000.
Example: NETWORK_FIREWALL - Centralized deployment\n model
\n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"awsNetworkFirewallConfig\\\":{\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}},\\\"firewallDeploymentModel\\\":{\\\"centralizedFirewallDeploymentModel\\\":{\\\"centralizedFirewallOrchestrationConfig\\\":{\\\"inspectionVpcIds\\\":[{\\\"resourceId\\\":\\\"vpc-1234\\\",\\\"accountId\\\":\\\"123456789011\\\"}],\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneId\\\":null,\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"allowedIPV4CidrList\\\":[]}}}}\"\n
To use the centralized deployment model, you must set PolicyOption to\n CENTRALIZED.
Example: NETWORK_FIREWALL - Distributed deployment model with\n automatic Availability Zone configuration
\n \n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"OFF\\\"},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"\n \n
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: NETWORK_FIREWALL - Distributed deployment model with\n automatic Availability Zone configuration and route management
\n \n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"]},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\": \\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"\n \n
To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: NETWORK_FIREWALL - Distributed deployment model with\n custom Availability Zone configuration
\n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\", \\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{ \\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[ \\\"10.0.0.0/28\\\"]}]} },\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"OFF\\\",\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"\n \n
\n With custom Availability Zone configuration,\n you define which specific Availability Zones to create endpoints in by configuring\n firewallCreationConfig. To configure the Availability Zones in firewallCreationConfig, specify either the availabilityZoneName or availabilityZoneId parameter, not both parameters.\n
To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: NETWORK_FIREWALL - Distributed deployment model with\n custom Availability Zone configuration and route management
\n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"],\\\"routeManagementConfig\\\":{\\\"allowCrossAZTrafficIfNoEndpoint\\\":true}},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"\n \n
To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: THIRD_PARTY_FIREWALL\n
\n \"{\n \"type\":\"THIRD_PARTY_FIREWALL\",\n \"thirdPartyFirewall\":\"PALO_ALTO_NETWORKS_CLOUD_NGFW\",\n \"thirdPartyFirewallConfig\":{\n \"thirdPartyFirewallPolicyList\":[\"global-1\"]\n },\n\t \"firewallDeploymentModel\":{\n \"distributedFirewallDeploymentModel\":{\n \"distributedFirewallOrchestrationConfig\":{\n \"firewallCreationConfig\":{\n \"endpointLocation\":{\n \"availabilityZoneConfigList\":[\n {\n \"availabilityZoneName\":\"${AvailabilityZone}\"\n }\n ]\n }\n },\n \"allowedIPV4CidrList\":[\n ]\n }\n }\n }\n }\"\n
Example: SECURITY_GROUPS_COMMON\n
\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\n \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\"\n sg-000e55995d61a06bd\\\"}]}\"\n
Example: SECURITY_GROUPS_COMMON - Security group tag distribution\n
\n \"\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"revertManualSecurityGroupChanges\\\":true,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":false,\\\"enableTagDistribution\\\":true}\"\"\n
\n Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set revertManualSecurityGroupChanges to true, otherwise Firewall Manager won't be able to create the policy. When you enable revertManualSecurityGroupChanges, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.\n
\n Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the aws: prefix.\n
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as\n well as to those in VPCs that the account owns
\n\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\n \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\"\n sg-000e55995d61a06bd\\\"}]}\"\n
Example: SECURITY_GROUPS_CONTENT_AUDIT\n
\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"\n
The security group action for content audit can be ALLOW or\n DENY. For ALLOW, all in-scope security group rules must\n be within the allowed range of the policy's security group rules. For\n DENY, all in-scope security group rules must not contain a value or a\n range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT\n
\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"\n
Specification for SHIELD_ADVANCED for Amazon CloudFront distributions
\n \"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\":\n {\\\"automaticResponseStatus\\\":\\\"ENABLED|IGNORED|DISABLED\\\",\n \\\"automaticResponseAction\\\":\\\"BLOCK|COUNT\\\"},\n \\\"overrideCustomerWebaclClassic\\\":true|false}\"\n
For example:\n \"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\":\n {\\\"automaticResponseStatus\\\":\\\"ENABLED\\\",\n \\\"automaticResponseAction\\\":\\\"COUNT\\\"}}\"\n
The default value for automaticResponseStatus is\n IGNORED. The value for automaticResponseAction is only\n required when automaticResponseStatus is set to ENABLED.\n The default value for overrideCustomerWebaclClassic is\n false.
For other resource types that you can protect with a Shield Advanced policy, this\n ManagedServiceData configuration is an empty string.
Example: WAFV2 - Account takeover prevention and Bot Control managed rule groups, and rule action override\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesATPRuleSet\\\",\\\"managedRuleGroupConfigs\\\":[{\\\"awsmanagedRulesATPRuleSet\\\":{\\\"loginPath\\\":\\\"/loginpath\\\",\\\"requestInspection\\\":{\\\"payloadType\\\":\\\"FORM_ENCODED|JSON\\\",\\\"usernameField\\\":{\\\"identifier\\\":\\\"/form/username\\\"},\\\"passwordField\\\":{\\\"identifier\\\":\\\"/form/password\\\"}}}}]},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[],\\\"sampledRequestsEnabled\\\":true},{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesBotControlRuleSet\\\",\\\"managedRuleGroupConfigs\\\":[{\\\"awsmanagedRulesBotControlRuleSet\\\":{\\\"inspectionLevel\\\":\\\"TARGETED|COMMON\\\"}}]},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[],\\\"sampledRequestsEnabled\\\":true,\\\"ruleActionOverrides\\\":[{\\\"name\\\":\\\"Rule1\\\",\\\"actionToUse\\\":{\\\"allow|block|count|captcha|challenge\\\":{}}},{\\\"name\\\":\\\"Rule2\\\",\\\"actionToUse\\\":{\\\"allow|block|count|captcha|challenge\\\":{}}}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"customRequestHandling\\\":null,\\\"customResponse\\\":null,\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":null,\\\"sampledRequestsEnabledForDefaultActions\\\":true}\"\n
Fraud Control account takeover prevention (ATP) - For information about the properties available for AWSManagedRulesATPRuleSet managed rule groups, see AWSManagedRulesATPRuleSet in the WAF API Reference.
Bot Control - For information about AWSManagedRulesBotControlRuleSet managed rule groups, see AWSManagedRulesBotControlRuleSet in the WAF API Reference.
Rule action overrides - Firewall Manager supports rule action overrides only for managed rule groups. To configure a RuleActionOverrides add the Name of the rule to override, and ActionToUse, which is the new action to use for the rule. For information about using rule action override, see RuleActionOverride in the WAF API Reference.
Example: WAFV2 - CAPTCHA and Challenge configs\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAdminProtectionRuleSet\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[],\\\"sampledRequestsEnabled\\\":true}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"customRequestHandling\\\":null,\\\"customResponse\\\":null,\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":null,\\\"sampledRequestsEnabledForDefaultActions\\\":true,\\\"captchaConfig\\\":{\\\"immunityTimeProperty\\\":{\\\"immunityTime\\\":500}},\\\"challengeConfig\\\":{\\\"immunityTimeProperty\\\":{\\\"immunityTime\\\":800}},\\\"tokenDomains\\\":[\\\"google.com\\\",\\\"amazon.com\\\"]}\"\n
If you update the policy's values for captchaConfig, challengeConfig, or tokenDomains, Firewall Manager will overwrite your local web ACLs to contain the new value(s). However, if you don't update the policy's captchaConfig, challengeConfig, or tokenDomains values, the values in your local web ACLs will remain unchanged. For information about CAPTCHA and Challenge configs, see CaptchaConfig and ChallengeConfig in the WAF API Reference.
Example: WAFV2 - Firewall Manager support for WAF managed rule group versioning\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":true,\\\"version\\\":\\\"Version_2.0\\\",\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesCommonRuleSet\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"\n
\n To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set versionEnabled to true, and set version to the version you'd like to use. If you don't set versionEnabled to true, or if you omit versionEnabled, then Firewall Manager uses the default version of the WAF managed rule group.\n
Example: WAFV2 - Logging configurations\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null, \\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\": {\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\", \\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAdminProtectionRuleSet\\\"} ,\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[], \\\"sampledRequestsEnabled\\\":true}],\\\"postProcessRuleGroups\\\":[], \\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"customRequestHandling\\\" :null,\\\"customResponse\\\":null,\\\"overrideCustomerWebACLAssociation\\\" :false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\": [\\\"arn:aws:s3:::aws-waf-logs-example-bucket\\\"] ,\\\"redactedFields\\\":[],\\\"loggingFilterConfigs\\\":{\\\"defaultBehavior\\\":\\\"KEEP\\\", \\\"filters\\\":[{\\\"behavior\\\":\\\"KEEP\\\",\\\"requirement\\\":\\\"MEETS_ALL\\\", \\\"conditions\\\":[{\\\"actionCondition\\\":\\\"CAPTCHA\\\"},{\\\"actionCondition\\\": \\\"CHALLENGE\\\"}, {\\\"actionCondition\\\":\\\"EXCLUDED_AS_COUNT\\\"}]}]}},\\\"sampledRequestsEnabledForDefaultActions\\\":true}\"\n
Firewall Manager supports Amazon Kinesis Data Firehose and Amazon S3 as the logDestinationConfigs in your loggingConfiguration. For information about WAF logging configurations, see LoggingConfiguration in the WAF API Reference\n
In the loggingConfiguration, you can specify one\n logDestinationConfigs. Optionally provide as many as 20\n redactedFields. The RedactedFieldType must be one of\n URI, QUERY_STRING, HEADER, or\n METHOD.
Example: WAF Classic\n
\n \"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\":\n [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\":\n \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"\n
Details about the service that are specific to the service type, in JSON format.
\nExample: DNS_FIREWALL\n
\n \"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"\n
Valid values for preProcessRuleGroups are between 1 and 99. Valid\n values for postProcessRuleGroups are between 9901 and 10000.
Example: IMPORT_NETWORK_FIREWALL\n
\n \"{\\\"type\\\":\\\"IMPORT_NETWORK_FIREWALL\\\",\\\"awsNetworkFirewallConfig\\\":{\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-2:000000000000:stateless-rulegroup\\/rg1\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:drop\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup\\/ThreatSignaturesEmergingEventsStrictOrder\\\",\\\"priority\\\":8}],\\\"networkFirewallStatefulEngineOptions\\\":{\\\"ruleOrder\\\":\\\"STRICT_ORDER\\\"},\\\"networkFirewallStatefulDefaultActions\\\":[\\\"aws:drop_strict\\\"]}}\"\n
\n \"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"\n
Valid values for preProcessRuleGroups are between 1 and 99. Valid\n values for postProcessRuleGroups are between 9901 and 10000.
Example: NETWORK_FIREWALL - Centralized deployment\n model
\n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"awsNetworkFirewallConfig\\\":{\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}},\\\"firewallDeploymentModel\\\":{\\\"centralizedFirewallDeploymentModel\\\":{\\\"centralizedFirewallOrchestrationConfig\\\":{\\\"inspectionVpcIds\\\":[{\\\"resourceId\\\":\\\"vpc-1234\\\",\\\"accountId\\\":\\\"123456789011\\\"}],\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneId\\\":null,\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"allowedIPV4CidrList\\\":[]}}}}\"\n
To use the centralized deployment model, you must set PolicyOption to\n CENTRALIZED.
Example: NETWORK_FIREWALL - Distributed deployment model with\n automatic Availability Zone configuration
\n \n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"OFF\\\"},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"\n \n
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: NETWORK_FIREWALL - Distributed deployment model with\n automatic Availability Zone configuration and route management
\n \n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"]},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\": \\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"\n \n
To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: NETWORK_FIREWALL - Distributed deployment model with\n custom Availability Zone configuration
\n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\", \\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{ \\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[ \\\"10.0.0.0/28\\\"]}]} },\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"OFF\\\",\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"\n \n
\n With custom Availability Zone configuration,\n you define which specific Availability Zones to create endpoints in by configuring\n firewallCreationConfig. To configure the Availability Zones in firewallCreationConfig, specify either the availabilityZoneName or availabilityZoneId parameter, not both parameters.\n
To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: NETWORK_FIREWALL - Distributed deployment model with\n custom Availability Zone configuration and route management
\n \"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"],\\\"routeManagementConfig\\\":{\\\"allowCrossAZTrafficIfNoEndpoint\\\":true}},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"\n \n
To use the distributed deployment model, you must set PolicyOption to\n NULL.
Example: SECURITY_GROUPS_COMMON\n
\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\n \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\"\n sg-000e55995d61a06bd\\\"}]}\"\n
Example: SECURITY_GROUPS_COMMON - Security group tag distribution\n
\n \"\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"revertManualSecurityGroupChanges\\\":true,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":false,\\\"enableTagDistribution\\\":true}\"\"\n
\n Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set revertManualSecurityGroupChanges to true, otherwise Firewall Manager won't be able to create the policy. When you enable revertManualSecurityGroupChanges, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.\n
\n Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the aws: prefix.\n
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as\n well as to those in VPCs that the account owns
\n\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\n \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\"\n sg-000e55995d61a06bd\\\"}]}\"\n
Example: SECURITY_GROUPS_CONTENT_AUDIT\n
\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"\n
The security group action for content audit can be ALLOW or\n DENY. For ALLOW, all in-scope security group rules must\n be within the allowed range of the policy's security group rules. For\n DENY, all in-scope security group rules must not contain a value or a\n range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT\n
\n \"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"\n
Example: SHIELD_ADVANCED with web ACL management
\n \"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"optimizeUnassociatedWebACL\\\":true}\"\n
If you set optimizeUnassociatedWebACL to true, Firewall Manager creates web ACLs in accounts within the policy scope if the web ACLs will be used by at least one resource. Firewall Manager creates web ACLs in the accounts within policy scope only if the web ACLs will be used by at least one resource. If at any time an account comes into policy scope, Firewall Manager automatically creates a web ACL in the account if at least one resource will use the web ACL.
Upon enablement, Firewall Manager performs a one-time cleanup of unused web ACLs in your account. The cleanup process can take several hours. If a resource leaves policy scope after Firewall Manager creates a web ACL, Firewall Manager doesn't disassociate the resource from the web ACL. If you want Firewall Manager to clean up the web ACL, you must first manually disassociate the resources from the web ACL, and then enable the manage unused web ACLs option in your policy.
\nIf you set optimizeUnassociatedWebACL to false, and Firewall Manager automatically creates an empty web ACL in each account that's within policy scope.
Specification for SHIELD_ADVANCED for Amazon CloudFront distributions
\n \"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\": {\\\"automaticResponseStatus\\\":\\\"ENABLED|IGNORED|DISABLED\\\", \\\"automaticResponseAction\\\":\\\"BLOCK|COUNT\\\"}, \\\"overrideCustomerWebaclClassic\\\":true|false, \\\"optimizeUnassociatedWebACL\\\":true|false}\"\n
For example:\n \"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\":\n {\\\"automaticResponseStatus\\\":\\\"ENABLED\\\",\n \\\"automaticResponseAction\\\":\\\"COUNT\\\"}}\"\n
The default value for automaticResponseStatus is\n IGNORED. The value for automaticResponseAction is only\n required when automaticResponseStatus is set to ENABLED.\n The default value for overrideCustomerWebaclClassic is\n false.
For other resource types that you can protect with a Shield Advanced policy, this\n ManagedServiceData configuration is an empty string.
Example: THIRD_PARTY_FIREWALL\n
Replace THIRD_PARTY_FIREWALL_NAME with the name of the third-party firewall.
\n \"{\n \"type\":\"THIRD_PARTY_FIREWALL\",\n \"thirdPartyFirewall\":\"THIRD_PARTY_FIREWALL_NAME\",\n \"thirdPartyFirewallConfig\":{\n \"thirdPartyFirewallPolicyList\":[\"global-1\"]\n },\n\t \"firewallDeploymentModel\":{\n \"distributedFirewallDeploymentModel\":{\n \"distributedFirewallOrchestrationConfig\":{\n \"firewallCreationConfig\":{\n \"endpointLocation\":{\n \"availabilityZoneConfigList\":[\n {\n \"availabilityZoneName\":\"${AvailabilityZone}\"\n }\n ]\n }\n },\n \"allowedIPV4CidrList\":[\n ]\n }\n }\n }\n }\"\n
Example: WAFV2 - Account takeover prevention, Bot Control managed rule groups, optimize unassociated web ACL, and rule action override\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesATPRuleSet\\\",\\\"managedRuleGroupConfigs\\\":[{\\\"awsmanagedRulesATPRuleSet\\\":{\\\"loginPath\\\":\\\"/loginpath\\\",\\\"requestInspection\\\":{\\\"payloadType\\\":\\\"FORM_ENCODED|JSON\\\",\\\"usernameField\\\":{\\\"identifier\\\":\\\"/form/username\\\"},\\\"passwordField\\\":{\\\"identifier\\\":\\\"/form/password\\\"}}}}]},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[],\\\"sampledRequestsEnabled\\\":true},{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesBotControlRuleSet\\\",\\\"managedRuleGroupConfigs\\\":[{\\\"awsmanagedRulesBotControlRuleSet\\\":{\\\"inspectionLevel\\\":\\\"TARGETED|COMMON\\\"}}]},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[],\\\"sampledRequestsEnabled\\\":true,\\\"ruleActionOverrides\\\":[{\\\"name\\\":\\\"Rule1\\\",\\\"actionToUse\\\":{\\\"allow|block|count|captcha|challenge\\\":{}}},{\\\"name\\\":\\\"Rule2\\\",\\\"actionToUse\\\":{\\\"allow|block|count|captcha|challenge\\\":{}}}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"customRequestHandling\\\":null,\\\"customResponse\\\":null,\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":null,\\\"sampledRequestsEnabledForDefaultActions\\\":true,\\\"optimizeUnassociatedWebACL\\\":true}\"\n
Bot Control - For information about AWSManagedRulesBotControlRuleSet managed rule groups, see AWSManagedRulesBotControlRuleSet in the WAF API Reference.
Fraud Control account takeover prevention (ATP) - For information about the properties available for AWSManagedRulesATPRuleSet managed rule groups, see AWSManagedRulesATPRuleSet in the WAF API Reference.
Optimize unassociated web ACL - If you set optimizeUnassociatedWebACL to true, Firewall Manager creates web ACLs in accounts within the policy scope if the web ACLs will be used by at least one resource. Firewall Manager creates web ACLs in the accounts within policy scope only if the web ACLs will be used by at least one resource. If at any time an account comes into policy scope, Firewall Manager automatically creates a web ACL in the account if at least one resource will use the web ACL.
Upon enablement, Firewall Manager performs a one-time cleanup of unused web ACLs in your account. The cleanup process can take several hours. If a resource leaves policy scope after Firewall Manager creates a web ACL, Firewall Manager disassociates the resource from the web ACL, but won't clean up the unused web ACL. Firewall Manager only cleans up unused web ACLs when you first enable management of unused web ACLs in a policy.
\nIf you set optimizeUnassociatedWebACL to false Firewall Manager doesn't manage unused web ACLs, and Firewall Manager automatically creates an empty web ACL in each account that's within policy scope.
Rule action overrides - Firewall Manager supports rule action overrides only for managed rule groups. To configure a RuleActionOverrides add the Name of the rule to override, and ActionToUse, which is the new action to use for the rule. For information about using rule action override, see RuleActionOverride in the WAF API Reference.
Example: WAFV2 - CAPTCHA and Challenge configs\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAdminProtectionRuleSet\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[],\\\"sampledRequestsEnabled\\\":true}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"customRequestHandling\\\":null,\\\"customResponse\\\":null,\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":null,\\\"sampledRequestsEnabledForDefaultActions\\\":true,\\\"captchaConfig\\\":{\\\"immunityTimeProperty\\\":{\\\"immunityTime\\\":500}},\\\"challengeConfig\\\":{\\\"immunityTimeProperty\\\":{\\\"immunityTime\\\":800}},\\\"tokenDomains\\\":[\\\"google.com\\\",\\\"amazon.com\\\"],\\\"associationConfig\\\":{\\\"requestBody\\\":{\\\"CLOUDFRONT\\\":{\\\"defaultSizeInspectionLimit\\\":\\\"KB_16\\\"}}}}\"\n
\n CAPTCHA and Challenge configs - If you update the policy's values for associationConfig, captchaConfig, challengeConfig, or tokenDomains, Firewall Manager will overwrite your local web ACLs to contain the new value(s). However, if you don't update the policy's associationConfig, captchaConfig, challengeConfig, or tokenDomains values, the values in your local web ACLs will remain unchanged. For information about association configs, see AssociationConfig. For information about CAPTCHA and Challenge configs, see CaptchaConfig and ChallengeConfig in the WAF API Reference.
\n defaultSizeInspectionLimit - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to WAF for inspection. For more information, see DefaultSizeInspectionLimit in the WAF API Reference.
Example: WAFV2 - Firewall Manager support for WAF managed rule group versioning\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":true,\\\"version\\\":\\\"Version_2.0\\\",\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesCommonRuleSet\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"\n
\n To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set versionEnabled to true, and set version to the version you'd like to use. If you don't set versionEnabled to true, or if you omit versionEnabled, then Firewall Manager uses the default version of the WAF managed rule group.\n
Example: WAFV2 - Logging configurations\n
\n \"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null, \\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\": {\\\"versionEnabled\\\":null,\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\", \\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAdminProtectionRuleSet\\\"} ,\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[], \\\"sampledRequestsEnabled\\\":true}],\\\"postProcessRuleGroups\\\":[], \\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"customRequestHandling\\\" :null,\\\"customResponse\\\":null,\\\"overrideCustomerWebACLAssociation\\\" :false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\": [\\\"arn:aws:s3:::aws-waf-logs-example-bucket\\\"] ,\\\"redactedFields\\\":[],\\\"loggingFilterConfigs\\\":{\\\"defaultBehavior\\\":\\\"KEEP\\\", \\\"filters\\\":[{\\\"behavior\\\":\\\"KEEP\\\",\\\"requirement\\\":\\\"MEETS_ALL\\\", \\\"conditions\\\":[{\\\"actionCondition\\\":\\\"CAPTCHA\\\"},{\\\"actionCondition\\\": \\\"CHALLENGE\\\"}, {\\\"actionCondition\\\":\\\"EXCLUDED_AS_COUNT\\\"}]}]}},\\\"sampledRequestsEnabledForDefaultActions\\\":true}\"\n
Firewall Manager supports Amazon Kinesis Data Firehose and Amazon S3 as the logDestinationConfigs in your loggingConfiguration. For information about WAF logging configurations, see LoggingConfiguration in the WAF API Reference\n
In the loggingConfiguration, you can specify one\n logDestinationConfigs. Optionally provide as many as 20\n redactedFields. The RedactedFieldType must be one of\n URI, QUERY_STRING, HEADER, or\n METHOD.
Example: WAF Classic\n
\n \"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\":\n [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\":\n \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"\n
GetEntitlements retrieves entitlement values for a given product. The results can be\n filtered based on customer identifier or product dimensions.
" + "smithy.api#documentation": "GetEntitlements retrieves entitlement values for a given product. The results can be\n filtered based on customer identifier or product dimensions.
", + "smithy.api#paginated": { + "inputToken": "NextToken", + "outputToken": "NextToken", + "pageSize": "MaxResults" + } } }, "com.amazonaws.marketplaceentitlementservice#GetEntitlementsRequest": { @@ -883,7 +888,7 @@ } }, "MaxResults": { - "target": "com.amazonaws.marketplaceentitlementservice#Integer", + "target": "com.amazonaws.marketplaceentitlementservice#PageSizeInteger", "traits": { "smithy.api#documentation": "The maximum number of items to retrieve from the GetEntitlements operation. For\n pagination, use the NextToken field in subsequent calls to GetEntitlements.
" } @@ -948,6 +953,15 @@ "smithy.api#pattern": "^\\S+$" } }, + "com.amazonaws.marketplaceentitlementservice#PageSizeInteger": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 1, + "max": 25 + } + } + }, "com.amazonaws.marketplaceentitlementservice#ProductCode": { "type": "string", "traits": { diff --git a/codegen/sdk-codegen/aws-models/mediaconvert.json b/codegen/sdk-codegen/aws-models/mediaconvert.json index 656faa23268..6db98cc13a4 100644 --- a/codegen/sdk-codegen/aws-models/mediaconvert.json +++ b/codegen/sdk-codegen/aws-models/mediaconvert.json @@ -799,7 +799,7 @@ "SampleRate": { "target": "com.amazonaws.mediaconvert#__integerMin8000Max192000", "traits": { - "smithy.api#documentation": "Sample rate in hz.", + "smithy.api#documentation": "Sample rate in Hz.", "smithy.api#jsonName": "sampleRate" } } @@ -1180,7 +1180,7 @@ } }, "traits": { - "smithy.api#documentation": "You can add a tag for this mono-channel audio track to mimic its placement in a multi-channel layout. For example, if this track is the left surround channel, choose Left surround (LS)." + "smithy.api#documentation": "Specify the QuickTime audio channel layout tags for the audio channels in this audio track. Enter channel layout tags in the same order as your output's audio channel order. For example, if your output audio track has a left and a right channel, enter Left (L) for the first channel and Right (R) for the second. If your output has multiple single-channel audio tracks, enter a single channel layout tag for each track." } }, "com.amazonaws.mediaconvert#AudioChannelTaggingSettings": { @@ -1189,13 +1189,20 @@ "ChannelTag": { "target": "com.amazonaws.mediaconvert#AudioChannelTag", "traits": { - "smithy.api#documentation": "You can add a tag for this mono-channel audio track to mimic its placement in a multi-channel layout. For example, if this track is the left surround channel, choose Left surround (LS).", + "smithy.api#documentation": "Specify the QuickTime audio channel layout tags for the audio channels in this audio track. Enter channel layout tags in the same order as your output's audio channel order. For example, if your output audio track has a left and a right channel, enter Left (L) for the first channel and Right (R) for the second. If your output has multiple single-channel audio tracks, enter a single channel layout tag for each track.", "smithy.api#jsonName": "channelTag" } + }, + "ChannelTags": { + "target": "com.amazonaws.mediaconvert#__listOfAudioChannelTag", + "traits": { + "smithy.api#documentation": "Specify the QuickTime audio channel layout tags for the audio channels in this audio track. Enter channel layout tags in the same order as your output's audio channel order. For example, if your output audio track has a left and a right channel, enter Left (L) for the first channel and Right (R) for the second. If your output has multiple single-channel audio tracks, enter a single channel layout tag for each track.", + "smithy.api#jsonName": "channelTags" + } } }, "traits": { - "smithy.api#documentation": "When you mimic a multi-channel audio layout with multiple mono-channel tracks, you can tag each channel layout manually. For example, you would tag the tracks that contain your left, right, and center audio with Left (L), Right (R), and Center (C), respectively. When you don't specify a value, MediaConvert labels your track as Center (C) by default. To use audio layout tagging, your output must be in a QuickTime (.mov) container; your audio codec must be AAC, WAV, or AIFF; and you must set up your audio track to have only one channel." + "smithy.api#documentation": "Specify the QuickTime audio channel layout tags for the audio channels in this audio track. When you don't specify a value, MediaConvert labels your track as Center (C) by default. To use Audio layout tagging, your output must be in a QuickTime (MOV) container and your audio codec must be AAC, WAV, or AIFF." } }, "com.amazonaws.mediaconvert#AudioCodec": { @@ -1396,7 +1403,7 @@ "AudioChannelTaggingSettings": { "target": "com.amazonaws.mediaconvert#AudioChannelTaggingSettings", "traits": { - "smithy.api#documentation": "When you mimic a multi-channel audio layout with multiple mono-channel tracks, you can tag each channel layout manually. For example, you would tag the tracks that contain your left, right, and center audio with Left (L), Right (R), and Center (C), respectively. When you don't specify a value, MediaConvert labels your track as Center (C) by default. To use audio layout tagging, your output must be in a QuickTime (.mov) container; your audio codec must be AAC, WAV, or AIFF; and you must set up your audio track to have only one channel.", + "smithy.api#documentation": "Specify the QuickTime audio channel layout tags for the audio channels in this audio track. When you don't specify a value, MediaConvert labels your track as Center (C) by default. To use Audio layout tagging, your output must be in a QuickTime (MOV) container and your audio codec must be AAC, WAV, or AIFF.", "smithy.api#jsonName": "audioChannelTaggingSettings" } }, @@ -8710,7 +8717,7 @@ } }, "traits": { - "smithy.api#documentation": "If set to PROGRESSIVE_DOWNLOAD, the MOOV atom is relocated to the beginning of the archive as required for progressive downloading. Otherwise it is placed normally at the end." + "smithy.api#documentation": "To place the MOOV atom at the beginning of your output, which is useful for progressive downloading: Leave blank or choose Progressive download. To place the MOOV at the end of your output: Choose Normal." } }, "com.amazonaws.mediaconvert#F4vSettings": { @@ -8719,7 +8726,7 @@ "MoovPlacement": { "target": "com.amazonaws.mediaconvert#F4vMoovPlacement", "traits": { - "smithy.api#documentation": "If set to PROGRESSIVE_DOWNLOAD, the MOOV atom is relocated to the beginning of the archive as required for progressive downloading. Otherwise it is placed normally at the end.", + "smithy.api#documentation": "To place the MOOV atom at the beginning of your output, which is useful for progressive downloading: Leave blank or choose Progressive download. To place the MOOV at the end of your output: Choose Normal.", "smithy.api#jsonName": "moovPlacement" } } @@ -8860,7 +8867,7 @@ "SampleRate": { "target": "com.amazonaws.mediaconvert#__integerMin22050Max48000", "traits": { - "smithy.api#documentation": "Sample rate in hz.", + "smithy.api#documentation": "Sample rate in Hz.", "smithy.api#jsonName": "sampleRate" } } @@ -13734,6 +13741,13 @@ "smithy.api#jsonName": "extendedDataServices" } }, + "FollowSource": { + "target": "com.amazonaws.mediaconvert#__integerMin1Max150", + "traits": { + "smithy.api#documentation": "Specify the input that MediaConvert references for your default output settings. MediaConvert uses this input's Resolution, Frame rate, and Pixel aspect ratio for all outputs that you don't manually specify different output settings for. Enabling this setting will disable \"Follow source\" for all other inputs. If MediaConvert cannot follow your source, for example if you specify an audio-only input, MediaConvert uses the first followable input instead. In your JSON job specification, enter an integer from 1 to 150 corresponding to the order of your inputs.", + "smithy.api#jsonName": "followSource" + } + }, "Inputs": { "target": "com.amazonaws.mediaconvert#__listOfInput", "traits": { @@ -13993,6 +14007,13 @@ "smithy.api#jsonName": "extendedDataServices" } }, + "FollowSource": { + "target": "com.amazonaws.mediaconvert#__integerMin1Max150", + "traits": { + "smithy.api#documentation": "Specify the input that MediaConvert references for your default output settings. MediaConvert uses this input's Resolution, Frame rate, and Pixel aspect ratio for all outputs that you don't manually specify different output settings for. Enabling this setting will disable \"Follow source\" for all other inputs. If MediaConvert cannot follow your source, for example if you specify an audio-only input, MediaConvert uses the first followable input instead. In your JSON job specification, enter an integer from 1 to 150 corresponding to the order of your inputs.", + "smithy.api#jsonName": "followSource" + } + }, "Inputs": { "target": "com.amazonaws.mediaconvert#__listOfInputTemplate", "traits": { @@ -18099,7 +18120,7 @@ "SampleRate": { "target": "com.amazonaws.mediaconvert#__integerMin32000Max48000", "traits": { - "smithy.api#documentation": "Sample rate in hz.", + "smithy.api#documentation": "Sample rate in Hz.", "smithy.api#jsonName": "sampleRate" } } @@ -18155,7 +18176,7 @@ "SampleRate": { "target": "com.amazonaws.mediaconvert#__integerMin22050Max48000", "traits": { - "smithy.api#documentation": "Sample rate in hz.", + "smithy.api#documentation": "Sample rate in Hz.", "smithy.api#jsonName": "sampleRate" } }, @@ -18228,7 +18249,7 @@ } }, "traits": { - "smithy.api#documentation": "If set to PROGRESSIVE_DOWNLOAD, the MOOV atom is relocated to the beginning of the archive as required for progressive downloading. Otherwise it is placed normally at the end." + "smithy.api#documentation": "To place the MOOV atom at the beginning of your output, which is useful for progressive downloading: Leave blank or choose Progressive download. To place the MOOV at the end of your output: Choose Normal." } }, "com.amazonaws.mediaconvert#Mp4Settings": { @@ -18265,7 +18286,7 @@ "MoovPlacement": { "target": "com.amazonaws.mediaconvert#Mp4MoovPlacement", "traits": { - "smithy.api#documentation": "If set to PROGRESSIVE_DOWNLOAD, the MOOV atom is relocated to the beginning of the archive as required for progressive downloading. Otherwise it is placed normally at the end.", + "smithy.api#documentation": "To place the MOOV atom at the beginning of your output, which is useful for progressive downloading: Leave blank or choose Progressive download. To place the MOOV at the end of your output: Choose Normal.", "smithy.api#jsonName": "moovPlacement" } }, @@ -20009,7 +20030,7 @@ "SampleRate": { "target": "com.amazonaws.mediaconvert#__integerMin16000Max48000", "traits": { - "smithy.api#documentation": "Optional. Sample rate in hz. Valid values are 16000, 24000, and 48000. The default value is 48000.", + "smithy.api#documentation": "Optional. Sample rate in Hz. Valid values are 16000, 24000, and 48000. The default value is 48000.", "smithy.api#jsonName": "sampleRate" } } @@ -21610,10 +21631,28 @@ "traits": { "smithy.api#enumValue": "STRETCH_TO_OUTPUT" } + }, + "FIT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "FIT" + } + }, + "FIT_NO_UPSCALE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "FIT_NO_UPSCALE" + } + }, + "FILL": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "FILL" + } } }, "traits": { - "smithy.api#documentation": "Specify how the service handles outputs that have a different aspect ratio from the input aspect ratio. Choose Stretch to output to have the service stretch your video image to fit. Keep the setting Default to have the service letterbox your video instead. This setting overrides any value that you specify for the setting Selection placement in this output." + "smithy.api#documentation": "Specify the video Scaling behavior when your output has a different resolution than your input. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/video-scaling.html" } }, "com.amazonaws.mediaconvert#SccDestinationFramerate": { @@ -23262,7 +23301,7 @@ "ScalingBehavior": { "target": "com.amazonaws.mediaconvert#ScalingBehavior", "traits": { - "smithy.api#documentation": "Specify how the service handles outputs that have a different aspect ratio from the input aspect ratio. Choose Stretch to output to have the service stretch your video image to fit. Keep the setting Default to have the service letterbox your video instead. This setting overrides any value that you specify for the setting Selection placement in this output.", + "smithy.api#documentation": "Specify the video Scaling behavior when your output has a different resolution than your input. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/video-scaling.html", "smithy.api#jsonName": "scalingBehavior" } }, @@ -23347,7 +23386,7 @@ } }, "traits": { - "smithy.api#documentation": "Overlay one or more videos on top of your input video." + "smithy.api#documentation": "Overlay one or more videos on top of your input video. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/video-overlays.html" } }, "com.amazonaws.mediaconvert#VideoOverlayInput": { @@ -23370,7 +23409,7 @@ "TimecodeSource": { "target": "com.amazonaws.mediaconvert#InputTimecodeSource", "traits": { - "smithy.api#documentation": "Specify the starting timecode for your video overlay. To use the timecode present in your video overlay: Choose Embedded. To use a zerobased timecode: Choose Start at 0. To choose a timecode: Choose Specified start. When you do, enter the starting timecode in Start timecode. If you don't specify a value for Timecode source, MediaConvert uses Embedded by default.", + "smithy.api#documentation": "Specify the timecode source for your video overlay input clips. To use the timecode present in your video overlay: Choose Embedded. To use a zerobased timecode: Choose Start at 0. To choose a timecode: Choose Specified start. When you do, enter the starting timecode in Start timecode. If you don't specify a value for Timecode source, MediaConvert uses Embedded by default.", "smithy.api#jsonName": "timecodeSource" } }, @@ -25496,6 +25535,15 @@ } } }, + "com.amazonaws.mediaconvert#__integerMin1Max150": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 1, + "max": 150 + } + } + }, "com.amazonaws.mediaconvert#__integerMin1Max17895697": { "type": "integer", "traits": { @@ -25961,6 +26009,12 @@ "target": "com.amazonaws.mediaconvert#AllowedRenditionSize" } }, + "com.amazonaws.mediaconvert#__listOfAudioChannelTag": { + "type": "list", + "member": { + "target": "com.amazonaws.mediaconvert#AudioChannelTag" + } + }, "com.amazonaws.mediaconvert#__listOfAudioDescription": { "type": "list", "member": { diff --git a/codegen/sdk-codegen/aws-models/rds.json b/codegen/sdk-codegen/aws-models/rds.json index 90dda782202..f10a7740d36 100644 --- a/codegen/sdk-codegen/aws-models/rds.json +++ b/codegen/sdk-codegen/aws-models/rds.json @@ -6404,7 +6404,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a zero-ETL integration with Amazon Redshift. For more information, see Working\n with Amazon Aurora zero-ETL integrations with Amazon Redshift in the\n Amazon Aurora User Guide.
" + "smithy.api#documentation": "Creates a zero-ETL integration with Amazon Redshift.
" } }, "com.amazonaws.rds#CreateIntegrationMessage": { @@ -6414,7 +6414,7 @@ "target": "com.amazonaws.rds#SourceArn", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Aurora DB cluster to use as the source for\n replication.
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the database to use as the source for\n replication.
", "smithy.api#required": {} } }, @@ -6437,7 +6437,7 @@ "KMSKeyId": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "The Amazon Web Services Key Management System (Amazon Web Services KMS) key identifier for the key to use to\n encrypt the integration. If you don't specify an encryption key, Aurora uses a default\n Amazon Web Services owned key.
" + "smithy.api#documentation": "The Amazon Web Services Key Management System (Amazon Web Services KMS) key identifier for the key to use to\n encrypt the integration. If you don't specify an encryption key, RDS uses a default\n Amazon Web Services owned key.
" } }, "AdditionalEncryptionContext": { @@ -8546,7 +8546,7 @@ "SupportsIntegrations": { "target": "com.amazonaws.rds#Boolean", "traits": { - "smithy.api#documentation": "Indicates whether the DB engine version supports Aurora zero-ETL integrations with\n Amazon Redshift.
" + "smithy.api#documentation": "Indicates whether the DB engine version supports zero-ETL integrations with\n Amazon Redshift.
" } } }, @@ -12322,7 +12322,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes a zero-ETL integration with Amazon Redshift. For more information, see Deleting Amazon Aurora zero-ETL integrations with Amazon Redshift in the\n Amazon Aurora User Guide\n
" + "smithy.api#documentation": "Deletes a zero-ETL integration with Amazon Redshift.
" } }, "com.amazonaws.rds#DeleteIntegrationMessage": { @@ -16206,7 +16206,7 @@ } ], "traits": { - "smithy.api#documentation": "Describe one or more zero-ETL integration with Amazon Redshift. For more information,\n see Viewing and monitoring Amazon Aurora zero-ETL integrations with Amazon Redshift in\n the Amazon Aurora User Guide\n
", + "smithy.api#documentation": "Describe one or more zero-ETL integrations with Amazon Redshift.
", "smithy.api#paginated": { "inputToken": "Marker", "outputToken": "Marker", @@ -18763,7 +18763,7 @@ "SourceArn": { "target": "com.amazonaws.rds#SourceArn", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Aurora DB cluster used as the source for\n replication.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the database used as the source for\n replication.
" } }, "TargetArn": { @@ -18819,7 +18819,7 @@ } }, "traits": { - "smithy.api#documentation": "An Aurora zero-ETL integration with Amazon Redshift. For more information, see Working\n with Amazon Aurora zero-ETL integrations with Amazon Redshift in the\n Amazon Aurora User Guide.
" + "smithy.api#documentation": "A zero-ETL integration with Amazon Redshift.
" } }, "com.amazonaws.rds#IntegrationAlreadyExistsFault": { @@ -29397,7 +29397,7 @@ "SupportsIntegrations": { "target": "com.amazonaws.rds#BooleanOptional", "traits": { - "smithy.api#documentation": "Indicates whether the DB engine version supports Aurora zero-ETL integrations with\n Amazon Redshift.
" + "smithy.api#documentation": "Indicates whether the DB engine version supports zero-ETL integrations with\n Amazon Redshift.
" } } },