Represents an attribute for describing the key schema for the table and\n indexes.
" + "smithy.api#documentation": "Represents an attribute for describing the schema for the table and\n indexes.
" } }, "com.amazonaws.dynamodb#AttributeDefinitions": { @@ -5471,7 +5471,7 @@ "S3BucketOwner": { "target": "com.amazonaws.dynamodb#S3BucketOwner", "traits": { - "smithy.api#documentation": "The ID of the Amazon Web Services account that owns the bucket the export will be\n stored in.
" + "smithy.api#documentation": "The ID of the Amazon Web Services account that owns the bucket the export will be\n stored in.
\nS3BucketOwner is a required parameter when exporting to a S3 bucket in another account.
\nThe set of attributes that are projected into the index:
\n\n KEYS_ONLY - Only the index and primary keys are projected into the\n index.
\n INCLUDE - In addition to the attributes described in\n KEYS_ONLY, the secondary index will include other non-key\n attributes that you specify.
\n ALL - All of the table attributes are projected into the\n index.
The set of attributes that are projected into the index:
\n\n KEYS_ONLY - Only the index and primary keys are projected into the\n index.
\n INCLUDE - In addition to the attributes described in\n KEYS_ONLY, the secondary index will include other non-key\n attributes that you specify.
\n ALL - All of the table attributes are projected into the\n index.
When using the DynamoDB console, ALL is selected by default.
A string that contains conditions that DynamoDB applies after the Query\n operation, but before the data is returned to you. Items that do not satisfy the\n FilterExpression criteria are not returned.
A FilterExpression does not allow key attributes. You cannot define a\n filter expression based on a partition key or a sort key.
A FilterExpression is applied after the items have already been read;\n the process of filtering does not consume any additional read capacity units.
For more information, see Filter Expressions in the Amazon DynamoDB Developer\n Guide.
" + "smithy.api#documentation": "A string that contains conditions that DynamoDB applies after the Query\n operation, but before the data is returned to you. Items that do not satisfy the\n FilterExpression criteria are not returned.
A FilterExpression does not allow key attributes. You cannot define a\n filter expression based on a partition key or a sort key.
A FilterExpression is applied after the items have already been read;\n the process of filtering does not consume any additional read capacity units.
For more information, see Filter Expressions in the Amazon DynamoDB Developer\n Guide.
" } }, "KeyConditionExpression": { @@ -11461,7 +11461,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": false }, - "smithy.api#documentation": "Adds or removes replicas in the specified global table. The global table must already\n exist to be able to use this operation. Any replica to be added must be empty, have the\n same name as the global table, have the same key schema, have DynamoDB Streams enabled,\n and have the same provisioned and maximum write capacity units.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using\n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\n\n This operation only applies to Version\n 2017.11.29 of global tables. If you are using global tables Version\n 2019.11.21 you can use DescribeTable instead.\n
\n\n Although you can use UpdateGlobalTable to add replicas and remove\n replicas in a single request, for simplicity we recommend that you issue separate\n requests for adding or removing replicas.\n
If global secondary indexes are specified, then the following conditions must also be\n met:
\nThe global secondary indexes must have the same name.
\nThe global secondary indexes must have the same hash key and sort key (if\n present).
\nThe global secondary indexes must have the same provisioned and maximum write\n capacity units.
\nAdds or removes replicas in the specified global table. The global table must already\n exist to be able to use this operation. Any replica to be added must be empty, have the\n same name as the global table, have the same key schema, have DynamoDB Streams enabled,\n and have the same provisioned and maximum write capacity units.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using\n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\n\n This operation only applies to Version\n 2017.11.29 of global tables. If you are using global tables Version\n 2019.11.21 you can use UpdateTable instead.\n
\n\n Although you can use UpdateGlobalTable to add replicas and remove\n replicas in a single request, for simplicity we recommend that you issue separate\n requests for adding or removing replicas.\n
If global secondary indexes are specified, then the following conditions must also be\n met:
\nThe global secondary indexes must have the same name.
\nThe global secondary indexes must have the same hash key and sort key (if\n present).
\nThe global secondary indexes must have the same provisioned and maximum write\n capacity units.
\nFor an impacted container image, this identifies a list of URIs for associated \n\t\t\tcontainer images distributed to ECR repositories.
" } + }, + "startTime": { + "target": "com.amazonaws.imagebuilder#DateTimeTimestamp", + "traits": { + "smithy.api#documentation": "The starting timestamp from the lifecycle action that was applied to the resource.
" + } + }, + "endTime": { + "target": "com.amazonaws.imagebuilder#DateTimeTimestamp", + "traits": { + "smithy.api#documentation": "The ending timestamp from the lifecycle action that was applied to the resource.
" + } } }, "traits": { @@ -7507,6 +7519,12 @@ "traits": { "smithy.api#enumValue": "SUCCESS" } + }, + "PENDING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PENDING" + } } } }, @@ -7713,7 +7731,7 @@ "tagMap": { "target": "com.amazonaws.imagebuilder#TagMap", "traits": { - "smithy.api#documentation": "Contains a list of tags that Image Builder uses to skip lifecycle actions for resources that have them.
" + "smithy.api#documentation": "Contains a list of tags that Image Builder uses to skip lifecycle actions for Image Builder image \n\t\t\tresources that have them.
" } }, "amis": { @@ -7890,7 +7908,7 @@ "tagMap": { "target": "com.amazonaws.imagebuilder#TagMap", "traits": { - "smithy.api#documentation": "A list of tags that are used as selection criteria for the resources \n\t\t\tthat the lifecycle policy applies to.
" + "smithy.api#documentation": "A list of tags that are used as selection criteria for the Image Builder image \n\t\t\tresources that the lifecycle policy applies to.
" } } }, diff --git a/codegen/sdk-codegen/aws-models/mwaa.json b/codegen/sdk-codegen/aws-models/mwaa.json index f63c1fad3c7..7e15e90fa92 100644 --- a/codegen/sdk-codegen/aws-models/mwaa.json +++ b/codegen/sdk-codegen/aws-models/mwaa.json @@ -1133,7 +1133,7 @@ "AirflowVersion": { "target": "com.amazonaws.mwaa#AirflowVersion", "traits": { - "smithy.api#documentation": "The Apache Airflow version for your environment. If no value is specified, it defaults to the latest version.\n For more information, see Apache Airflow versions on Amazon Managed Workflows for Apache Airflow (MWAA).
\nValid values: 1.10.12, 2.0.2, 2.2.2, 2.4.3, 2.5.1, 2.6.3, 2.7.2\n
The Apache Airflow version for your environment. If no value is specified, it defaults to the latest version.\n For more information, see Apache Airflow versions on Amazon Managed Workflows for Apache Airflow (MWAA).
\nValid values: 1.10.12, 2.0.2, 2.2.2, 2.4.3, 2.5.1, 2.6.3, 2.7.2\n 2.8.1\n
The storage type for the DB cluster.
" } + }, + "CertificateDetails": { + "target": "com.amazonaws.rds#CertificateDetails" } }, "traits": { @@ -4480,6 +4483,12 @@ "traits": { "smithy.api#documentation": "Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By\n default, write operations aren't allowed on reader DB instances.
\nValid for: Aurora DB clusters only
" } + }, + "CACertificateIdentifier": { + "target": "com.amazonaws.rds#String", + "traits": { + "smithy.api#documentation": "The CA certificate identifier to use for the DB cluster's server certificate.
\nValid for Cluster Type: Multi-AZ DB clusters
" + } } }, "traits": { @@ -4899,7 +4908,7 @@ "AllocatedStorage": { "target": "com.amazonaws.rds#IntegerOptional", "traits": { - "smithy.api#documentation": "The amount of storage in gibibytes (GiB) to allocate for the DB instance.
\nThis setting doesn't apply to Amazon Aurora DB instances. Aurora cluster volumes automatically grow as the amount of data in your \n database increases, though you are only charged for the space that you use in an Aurora cluster volume.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 40 to 65536 for RDS Custom for Oracle, \n 16384 for RDS Custom for SQL Server.
\nProvisioned IOPS storage (io1): Must be an integer from 40 to 65536 for RDS Custom for Oracle, \n 16384 for RDS Custom for SQL Server.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000.
\nProvisioned IOPS storage (io1): Must be an integer from 100 to 64000.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 5 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 5 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 10 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 5 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3):
\nEnterprise and Standard editions: Must be an integer from 20 to 16384.
\nWeb and Express editions: Must be an integer from 20 to 16384.
\nProvisioned IOPS storage (io1):
\nEnterprise and Standard editions: Must be an integer from 100 to 16384.
\nWeb and Express editions: Must be an integer from 100 to 16384.
\nMagnetic storage (standard):
\nEnterprise and Standard editions: Must be an integer from 20 to 1024.
\nWeb and Express editions: Must be an integer from 20 to 1024.
\nThe amount of storage in gibibytes (GiB) to allocate for the DB instance.
\nThis setting doesn't apply to Amazon Aurora DB instances. Aurora cluster volumes automatically grow as the amount of data in your \n database increases, though you are only charged for the space that you use in an Aurora cluster volume.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 40 to 65536 for RDS Custom for Oracle, \n 16384 for RDS Custom for SQL Server.
\nProvisioned IOPS storage (io1, io2): Must be an integer from 40 to 65536 for RDS Custom for Oracle, \n 16384 for RDS Custom for SQL Server.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 5 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 5 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 10 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536.
\nProvisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536.
\nMagnetic storage (standard): Must be an integer from 5 to 3072.
\nConstraints to the amount of storage for each storage type are the following:
\nGeneral Purpose (SSD) storage (gp2, gp3):
\nEnterprise and Standard editions: Must be an integer from 20 to 16384.
\nWeb and Express editions: Must be an integer from 20 to 16384.
\nProvisioned IOPS storage (io1, io2):
\nEnterprise and Standard editions: Must be an integer from 100 to 16384.
\nWeb and Express editions: Must be an integer from 100 to 16384.
\nMagnetic storage (standard):
\nEnterprise and Standard editions: Must be an integer from 20 to 1024.
\nWeb and Express editions: Must be an integer from 20 to 1024.
\nThe storage type to associate with the DB instance.
\nIf you specify io1 or gp3, you must also include a value for the\n Iops parameter.
This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.
\nValid Values: gp2 | gp3 | io1 | standard\n
Default: io1, if the Iops parameter\n is specified. Otherwise, gp2.
The storage type to associate with the DB instance.
\nIf you specify io1, io2, or gp3, you must also include a value for the\n Iops parameter.
This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.
\nValid Values: gp2 | gp3 | io1 | io2 | standard\n
Default: io1, if the Iops parameter\n is specified. Otherwise, gp2.
The storage type to associate with the read replica.
\nIf you specify io1 or gp3, you must also include a value for the\n Iops parameter.
Valid Values: gp2 | gp3 | io1 | standard\n
Default: io1 if the Iops parameter\n is specified. Otherwise, gp2.
The storage type to associate with the read replica.
\nIf you specify io1, io2, or gp3, you must also include a value for the\n Iops parameter.
Valid Values: gp2 | gp3 | io1 | io2 | standard\n
Default: io1 if the Iops parameter\n is specified. Otherwise, gp2.
The storage throughput for the DB cluster. The throughput is automatically set based on the IOPS that you provision, and is not configurable.
\nThis setting is only for non-Aurora Multi-AZ DB clusters.
" } + }, + "CertificateDetails": { + "target": "com.amazonaws.rds#CertificateDetails" } }, "traits": { @@ -21659,6 +21671,12 @@ "traits": { "smithy.api#documentation": "Specifies whether to enable Aurora Limitless Database. You must enable Aurora Limitless Database to create a DB shard group.
\nValid for: Aurora DB clusters only
" } + }, + "CACertificateIdentifier": { + "target": "com.amazonaws.rds#String", + "traits": { + "smithy.api#documentation": "The CA certificate identifier to use for the DB cluster's server certificate.
\nValid for Cluster Type: Multi-AZ DB clusters
" + } } }, "traits": { @@ -22093,7 +22111,7 @@ "StorageType": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "The storage type to associate with the DB instance.
\nIf you specify Provisioned IOPS (io1), \n you must also include a value for the Iops parameter.
If you choose to migrate your DB instance from using standard storage to using\n Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process\n can take time. The duration of the migration depends on several factors such as database\n load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS\n provisioned (if any), and the number of prior scale storage operations. Typical\n migration times are under 24 hours, but the process can take up to several days in some\n cases. During the migration, the DB instance is available for use, but might experience\n performance degradation. While the migration takes place, nightly backups for the\n instance are suspended. No other Amazon RDS operations can take place for the instance,\n including modifying the instance, rebooting the instance, deleting the instance,\n creating a read replica for the instance, and creating a DB snapshot of the instance.
\nValid Values: gp2 | gp3 | io1 | standard\n
Default: io1, if the Iops parameter\n is specified. Otherwise, gp2.
The storage type to associate with the DB instance.
\nIf you specify io1), io2, or gp3 \n you must also include a value for the Iops parameter.
If you choose to migrate your DB instance from using standard storage to using\n Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process\n can take time. The duration of the migration depends on several factors such as database\n load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS\n provisioned (if any), and the number of prior scale storage operations. Typical\n migration times are under 24 hours, but the process can take up to several days in some\n cases. During the migration, the DB instance is available for use, but might experience\n performance degradation. While the migration takes place, nightly backups for the\n instance are suspended. No other Amazon RDS operations can take place for the instance,\n including modifying the instance, rebooting the instance, deleting the instance,\n creating a read replica for the instance, and creating a DB snapshot of the instance.
\nValid Values: gp2 | gp3 | io1 | io2 | standard\n
Default: io1, if the Iops parameter\n is specified. Otherwise, gp2.
Specifies the storage type to be associated with the DB instance.
\nValid Values: gp2 | gp3 | io1 | standard\n
If you specify io1 or gp3, you must also include a value for the\n Iops parameter.
Default: io1 if the Iops parameter\n is specified, otherwise gp2\n
Specifies the storage type to be associated with the DB instance.
\nValid Values: gp2 | gp3 | io1 | io2 | standard\n
If you specify io1, io2, or gp3, you must also include a value for the\n Iops parameter.
Default: io1 if the Iops parameter\n is specified, otherwise gp2\n
Specifies the storage type to be associated with the DB instance.
\nValid Values: gp2 | gp3 | io1 | standard\n
If you specify io1 or gp3, \n you must also include a value for the Iops parameter.
Default: io1 \n if the Iops parameter is specified; \n otherwise gp2\n
Specifies the storage type to be associated with the DB instance.
\nValid Values: gp2 | gp3 | io1 | io2 | standard\n
If you specify io1, io2, or gp3, \n you must also include a value for the Iops parameter.
Default: io1 \n if the Iops parameter is specified; \n otherwise gp2\n
The storage type to associate with the DB instance.
\nValid Values: gp2 | gp3 | io1 | standard\n
Default: io1, if the Iops parameter\n is specified. Otherwise, gp2.
Constraints:
\nIf you specify io1 or gp3, you must also include a value for the\n Iops parameter.
The storage type to associate with the DB instance.
\nValid Values: gp2 | gp3 | io1 | io2 | standard\n
Default: io1, if the Iops parameter\n is specified. Otherwise, gp2.
Constraints:
\nIf you specify io1, io2, or gp3, you must also include a value for the\n Iops parameter.
The valid storage types for your DB instance.\n For example: gp2, gp3, io1.
" + "smithy.api#documentation": "The valid storage types for your DB instance.\n For example: gp2, gp3, io1, io2.
" } }, "StorageSize": { diff --git a/codegen/sdk-codegen/aws-models/redshift.json b/codegen/sdk-codegen/aws-models/redshift.json index 5dbca5f4e1e..f7a46dd42fa 100644 --- a/codegen/sdk-codegen/aws-models/redshift.json +++ b/codegen/sdk-codegen/aws-models/redshift.json @@ -338,7 +338,7 @@ "target": "com.amazonaws.redshift#String", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the datashare that the consumer is to use with the account or the namespace.
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the datashare that the consumer is to use.
", "smithy.api#required": {} } }, @@ -351,7 +351,7 @@ "ConsumerArn": { "target": "com.amazonaws.redshift#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the consumer that is associated with the\n datashare.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the consumer namespace associated with the\n datashare.
" } }, "ConsumerRegion": { @@ -707,7 +707,7 @@ "target": "com.amazonaws.redshift#String", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the datashare that producers are to authorize\n sharing for.
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the datashare namespace that producers are to authorize\n sharing for.
", "smithy.api#required": {} } }, @@ -843,7 +843,7 @@ "SnapshotClusterIdentifier": { "target": "com.amazonaws.redshift#String", "traits": { - "smithy.api#documentation": "The identifier of the cluster the snapshot was created from. This parameter is\n required if your IAM user has a policy containing a snapshot resource element that\n specifies anything other than * for the cluster name.
" + "smithy.api#documentation": "The identifier of the cluster the snapshot was created from.
\n\n If the snapshot to access doesn't exist and the associated IAM policy doesn't allow access to all (*) snapshots - This parameter is required. Otherwise, permissions \n aren't available to check if the snapshot exists.
\n\n If the snapshot to access exists - This parameter isn't required. Redshift can retrieve the cluster identifier and use it to \n validate snapshot authorization.
\nThe port number on which the cluster accepts incoming connections.
\nThe cluster is accessible only via the JDBC and ODBC connection strings. Part of\n the connection string requires the port on which the cluster will listen for incoming\n connections.
\nDefault: 5439\n
Valid Values: 1150-65535\n
The port number on which the cluster accepts incoming connections.
\nThe cluster is accessible only via the JDBC and ODBC connection strings. Part of\n the connection string requires the port on which the cluster will listen for incoming\n connections.
\nDefault: 5439\n
Valid Values:\n
\nFor clusters with ra3 nodes - Select a port within the ranges 5431-5455 or 8191-8215. (If you have an existing cluster \n with ra3 nodes, it isn't required that you change the port to these ranges.)
For clusters with ds2 or dc2 nodes - Select a port within the range 1150-65535.
An Amazon Resource Name (ARN) that references the datashare that is owned by a specific namespace of the producer cluster. A datashare ARN is in the arn:aws:redshift:{region}:{account-id}:{datashare}:{namespace-guid}/{datashare-name} format.
The Amazon Resource Name (ARN) of the datashare that the consumer is to use.
" } }, "ProducerArn": { "target": "com.amazonaws.redshift#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the producer.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the producer namespace.
" } }, "AllowPubliclyAccessibleConsumers": { @@ -4667,7 +4667,7 @@ "target": "com.amazonaws.redshift#String", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the datashare to remove authorization from.
", + "smithy.api#documentation": "The namespace Amazon Resource Name (ARN) of the datashare to remove authorization from.
", "smithy.api#required": {} } }, @@ -6502,7 +6502,7 @@ "ConsumerArn": { "target": "com.amazonaws.redshift#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the consumer that returns in the list of datashares.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the consumer namespace that returns in the list of datashares.
" } }, "Status": { @@ -6577,7 +6577,7 @@ "ProducerArn": { "target": "com.amazonaws.redshift#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the producer that returns in the list of datashares.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the producer namespace that returns in the list of datashares.
" } }, "Status": { @@ -6629,7 +6629,7 @@ "DataShareArn": { "target": "com.amazonaws.redshift#String", "traits": { - "smithy.api#documentation": "The identifier of the datashare to describe details of.
" + "smithy.api#documentation": "The Amazon resource name (ARN) of the datashare to describe details of.
" } }, "MaxRecords": { @@ -8350,7 +8350,7 @@ "target": "com.amazonaws.redshift#String", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the datashare to remove association for.
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the datashare to remove association for.
", "smithy.api#required": {} } }, @@ -8363,7 +8363,7 @@ "ConsumerArn": { "target": "com.amazonaws.redshift#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the consumer that association for\n the datashare is removed from.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the consumer namespace that association for\n the datashare is removed from.
" } }, "ConsumerRegion": { @@ -11585,7 +11585,7 @@ "Port": { "target": "com.amazonaws.redshift#IntegerOptional", "traits": { - "smithy.api#documentation": "The option to change the port of an Amazon Redshift cluster.
" + "smithy.api#documentation": "The option to change the port of an Amazon Redshift cluster.
\nValid Values:\n
\nFor clusters with ra3 nodes - Select a port within the ranges 5431-5455 or 8191-8215. (If you have an existing cluster \n with ra3 nodes, it isn't required that you change the port to these ranges.)
For clusters with ds2 or dc2 nodes - Select a port within the range 1150-65535.
The port number on which the cluster accepts connections.
\nDefault: The same port as the original cluster.
\nConstraints: Must be between 1115 and 65535.
The port number on which the cluster accepts connections.
\nDefault: The same port as the original cluster.
\nValid values: For clusters with ds2 or dc2 nodes, must be within the range 1150-65535. For clusters with ra3 nodes, must be \n within the ranges 5431-5455 or 8191-8215.
Makes a series of decisions about multiple authorization requests for one principal or\n resource. Each request contains the equivalent content of an IsAuthorized\n request: principal, action, resource, and context. Either the principal or\n the resource parameter must be identical across all requests. For example,\n Verified Permissions won't evaluate a pair of requests where bob views\n photo1 and alice views photo2. Authorization\n of bob to view photo1 and photo2, or\n bob and alice to view photo1, are valid\n batches.
The request is evaluated against all policies in the specified policy store that match the\n entities that you declare. The result of the decisions is a series of Allow\n or Deny responses, along with the IDs of the policies that produced each\n decision.
The entities of a BatchIsAuthorized API request can contain\n up to 100 principals and up to 100 resources. The requests of a\n BatchIsAuthorized API request can contain up to 30 requests.
The BatchIsAuthorized operation doesn't have its own IAM\n permission. To authorize this operation for Amazon Web Services principals, include the permission\n verifiedpermissions:IsAuthorized in their IAM policies.
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used\n as an identity provider for Verified Permissions.
\nThis data type is used as a field that is part of an Configuration structure that is\n used as a parameter to the Configuration.
\nExample:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\":\n [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}\n
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used\n as an identity provider for Verified Permissions.
\nThis data type is used as a field that is part of an Configuration structure that is\n used as a parameter to CreateIdentitySource.
\nExample:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\":\n [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}\n
The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be\n authorized.
\nExample: \"userPoolArn\":\n \"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\"\n
The unique application client IDs that are associated with the specified Amazon Cognito user\n pool.
\nExample: \"clientIds\": [\"&ExampleCogClientId;\"]\n
The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that contains the identities to be\n authorized.
Example: \"issuer\":\n \"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5\"\n
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used\n as an identity provider for Verified Permissions.
\nThis data type is used as a field that is part of an ConfigurationDetail structure that is\n part of the response to GetIdentitySource.
\nExample:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\":\n [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}\n
The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be\n authorized.
\nExample: \"userPoolArn\":\n \"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\"\n
The unique application client IDs that are associated with the specified Amazon Cognito user\n pool.
\nExample: \"clientIds\": [\"&ExampleCogClientId;\"]\n
The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that contains the identities to be\n authorized.
Example: \"issuer\":\n \"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5\"\n
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used\n as an identity provider for Verified Permissions.
\nThis data type is used as a field that is part of the ConfigurationItem structure that is\n part of the response to ListIdentitySources.
\nExample:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\":\n [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}\n
Contains configuration information used when creating a new identity source.
\nAt this time, the only valid member of this structure is a Amazon Cognito user pool\n configuration.
\nYou must specify a userPoolArn, and optionally, a\n ClientId.
This data type is used as a request parameter for the CreateIdentitySource\n operation.
" } }, + "com.amazonaws.verifiedpermissions#ConfigurationDetail": { + "type": "union", + "members": { + "cognitoUserPoolConfiguration": { + "target": "com.amazonaws.verifiedpermissions#CognitoUserPoolConfigurationDetail", + "traits": { + "smithy.api#documentation": "Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of\n authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool\n and one or more application client IDs.
\nExample:\n \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\":\n [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}}\n
Contains configuration information about an identity source.
\nThis data type is a response parameter to the GetIdentitySource\n operation.
" + } + }, + "com.amazonaws.verifiedpermissions#ConfigurationItem": { + "type": "union", + "members": { + "cognitoUserPoolConfiguration": { + "target": "com.amazonaws.verifiedpermissions#CognitoUserPoolConfigurationItem", + "traits": { + "smithy.api#documentation": "Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of\n authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool\n and one or more application client IDs.
\nExample:\n \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\":\n [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}}\n
Contains configuration information about an identity source.
\nThis data type is a response parameter to the ListIdentitySources\n operation.
" + } + }, "com.amazonaws.verifiedpermissions#ConflictException": { "type": "structure", "members": { @@ -383,8 +471,10 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to create a reference to an external identity provider (IdP) that is compatible with OpenID Connect (OIDC) authentication protocol, such as Amazon Cognito", - "smithy.api#documentation": "Creates a reference to an Amazon Cognito user pool as an external identity provider (IdP).\n
\nAfter you create an identity source, you can use the identities provided by the IdP as proxies\n for the principal in authorization queries that use the IsAuthorizedWithToken\n operation. These identities take the form of tokens that contain claims about the user,\n such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and\n access tokens, and Verified Permissions can use either or both. Any combination of identity and access\n tokens results in the same Cedar principal. Verified Permissions automatically translates the\n information about the identities into the standard Cedar attributes that can be\n evaluated by your policies. Because the Amazon Cognito identity and access tokens can contain\n different information, the tokens you choose to use determine which principal attributes\n are available to access when evaluating Cedar policies.
\nIf you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.
\nTo reference a user from this identity source in your Cedar policies, use the following\n syntax.
\n\n IdentityType::\"<CognitoUserPoolIdentifier>|<CognitoClientId>\n
\nWhere IdentityType is the string that you provide to the\n PrincipalEntityType parameter for this operation. The\n CognitoUserPoolId and CognitoClientId are defined by\n the Amazon Cognito user pool.
Verified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nCreates a reference to an Amazon Cognito user pool as an external identity provider (IdP).\n
\nAfter you create an identity source, you can use the identities provided by the IdP as proxies\n for the principal in authorization queries that use the IsAuthorizedWithToken\n operation. These identities take the form of tokens that contain claims about the user,\n such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and\n access tokens, and Verified Permissions can use either or both. Any combination of identity and access\n tokens results in the same Cedar principal. Verified Permissions automatically translates the\n information about the identities into the standard Cedar attributes that can be\n evaluated by your policies. Because the Amazon Cognito identity and access tokens can contain\n different information, the tokens you choose to use determine which principal attributes\n are available to access when evaluating Cedar policies.
\nIf you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.
\nTo reference a user from this identity source in your Cedar policies, use the following\n syntax.
\n\n IdentityType::\"<CognitoUserPoolIdentifier>|<CognitoClientId>\n
\nWhere IdentityType is the string that you provide to the\n PrincipalEntityType parameter for this operation. The\n CognitoUserPoolId and CognitoClientId are defined by\n the Amazon Cognito user pool.
Verified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nSpecifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an IdempotentParameterMismatch\n error.
Specifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an ConflictException\n error.
Verified Permissions recognizes a ClientToken for eight hours. After eight hours,\n the next request with the same parameters performs the operation again regardless of \n the value of ClientToken.
Creates a Cedar policy and saves it in the specified policy store. You can create either a\n static policy or a policy linked to a policy template.
\nTo create a static policy, provide the Cedar policy text in the\n StaticPolicy section of the\n PolicyDefinition.
To create a policy that is dynamically linked to a policy template, specify the policy template ID\n and the principal and resource to associate with this policy in the\n templateLinked section of the PolicyDefinition. If the\n policy template is ever updated, any policies linked to the policy template automatically use the\n updated template.
Creating a policy causes it to be validated against the schema in the policy store. If the\n policy doesn't pass validation, the operation fails and the policy isn't\n stored.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nCreates a Cedar policy and saves it in the specified policy store. You can create either a\n static policy or a policy linked to a policy template.
\nTo create a static policy, provide the Cedar policy text in the\n StaticPolicy section of the\n PolicyDefinition.
To create a policy that is dynamically linked to a policy template, specify the policy template ID\n and the principal and resource to associate with this policy in the\n templateLinked section of the PolicyDefinition. If the\n policy template is ever updated, any policies linked to the policy template automatically use the\n updated template.
Creating a policy causes it to be validated against the schema in the policy store. If the\n policy doesn't pass validation, the operation fails and the policy isn't\n stored.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nSpecifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an IdempotentParameterMismatch\n error.
Specifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an ConflictException\n error.
Verified Permissions recognizes a ClientToken for eight hours. After eight hours,\n the next request with the same parameters performs the operation again regardless of \n the value of ClientToken.
Creates a policy store. A policy store is a container for policy resources.
\nAlthough Cedar supports multiple namespaces, Verified Permissions currently supports only one\n namespace per policy store.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nCreates a policy store. A policy store is a container for policy resources.
\nAlthough Cedar supports multiple namespaces, Verified Permissions currently supports only one\n namespace per policy store.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nSpecifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an IdempotentParameterMismatch\n error.
Specifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an ConflictException\n error.
Verified Permissions recognizes a ClientToken for eight hours. After eight hours,\n the next request with the same parameters performs the operation again regardless of \n the value of ClientToken.
Creates a policy template. A template can use placeholders for the principal and resource. A\n template must be instantiated into a policy by associating it with specific principals\n and resources to use for the placeholders. That instantiated policy can then be\n considered in authorization decisions. The instantiated policy works identically to any\n other policy, except that it is dynamically linked to the template. If the template\n changes, then any policies that are linked to that template are immediately updated as\n well.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nCreates a policy template. A template can use placeholders for the principal and resource. A\n template must be instantiated into a policy by associating it with specific principals\n and resources to use for the placeholders. That instantiated policy can then be\n considered in authorization decisions. The instantiated policy works identically to any\n other policy, except that it is dynamically linked to the template. If the template\n changes, then any policies that are linked to that template are immediately updated as\n well.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nSpecifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an IdempotentParameterMismatch\n error.
Specifies a unique, case-sensitive ID that you provide to\n ensure the idempotency of the request. This lets you safely retry the request without\n accidentally performing the same operation a second time. Passing the same value to a\n later call to an operation requires that you also pass the same value for all other \n parameters. We recommend that you use a UUID type of \n value..
\nIf you don't provide this value, then Amazon Web Services generates a random one for\n you.
\nIf you retry the operation with the same ClientToken, but with \n different parameters, the retry fails with an ConflictException\n error.
Verified Permissions recognizes a ClientToken for eight hours. After eight hours,\n the next request with the same parameters performs the operation again regardless of \n the value of ClientToken.
Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito. After\n you delete the identity source, you can no longer use tokens for identities from that identity source to\n represent principals in authorization queries made using IsAuthorizedWithToken.\n operations.
", "smithy.api#idempotent": {} } @@ -835,7 +933,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to delete the specified policy from the policy store", + "aws.iam#iamAction": { + "documentation": "Grants permission to delete the specified policy from the policy store" + }, "smithy.api#documentation": "Deletes the specified policy from the policy store.
\nThis operation is idempotent; if you specify a policy that doesn't \n exist, the request response returns a successful HTTP 200 status code.
Deletes the specified policy store.
\nThis operation is idempotent. If you specify a policy store that does not exist, the request\n response will still return a successful HTTP 200 status code.
", "smithy.api#idempotent": {} } @@ -922,7 +1024,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to delete the specified policy template from the policy store", + "aws.iam#iamAction": { + "documentation": "Grants permission to delete the specified policy template from the policy store" + }, "smithy.api#documentation": "Deletes the specified policy template from the policy store.
\nThis operation also deletes any policies that were created from the specified\n policy template. Those policies are immediately removed from all future API responses, and are\n asynchronously deleted from the policy store.
\nRetrieves the details about the specified identity source.
", "smithy.api#readonly": {} } @@ -1190,8 +1296,10 @@ "details": { "target": "com.amazonaws.verifiedpermissions#IdentitySourceDetails", "traits": { - "smithy.api#documentation": "A structure that describes the configuration of the identity source.
", - "smithy.api#required": {} + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration" + }, + "smithy.api#documentation": "A structure that describes the configuration of the identity source.
" } }, "identitySourceId": { @@ -1222,6 +1330,13 @@ "smithy.api#documentation": "The data type of principals generated for identities authenticated by this\n identity source.
", "smithy.api#required": {} } + }, + "configuration": { + "target": "com.amazonaws.verifiedpermissions#ConfigurationDetail", + "traits": { + "aws.cloudformation#cfnExcludeProperty": {}, + "smithy.api#documentation": "Contains configuration information about an identity source.
" + } } }, "traits": { @@ -1242,7 +1357,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to retrieve information about the specified policy", + "aws.iam#iamAction": { + "documentation": "Grants permission to retrieve information about the specified policy" + }, "smithy.api#documentation": "Retrieves information about the specified policy.
", "smithy.api#readonly": {} } @@ -1348,7 +1465,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to retrieve details about a policy store", + "aws.iam#iamAction": { + "documentation": "Grants permission to retrieve details about a policy store" + }, "smithy.api#documentation": "Retrieves details about a policy store.
", "smithy.api#readonly": {} } @@ -1433,7 +1552,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to retrieve the details for the specified policy template in the specified policy store", + "aws.iam#iamAction": { + "documentation": "Grants permission to retrieve the details for the specified policy template in the specified policy store" + }, "smithy.api#documentation": "Retrieve the details for the specified policy template in the specified policy store.
", "smithy.api#readonly": {} } @@ -1525,7 +1646,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to retrieve the details for the specified schema in the specified policy store", + "aws.iam#iamAction": { + "documentation": "Grants permission to retrieve the details for the specified schema in the specified policy store" + }, "smithy.api#documentation": "Retrieve the details for the specified schema in the specified policy store.
", "smithy.api#readonly": {} } @@ -1633,30 +1756,45 @@ "clientIds": { "target": "com.amazonaws.verifiedpermissions#ClientIds", "traits": { + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds" + }, "smithy.api#documentation": "The application client IDs associated with the specified Amazon Cognito user pool that are\n enabled for this identity source.
" } }, "userPoolArn": { "target": "com.amazonaws.verifiedpermissions#UserPoolArn", "traits": { + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn" + }, "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Amazon Cognito user pool whose identities are accessible to this Verified Permissions\n policy store.
" } }, "discoveryUrl": { "target": "com.amazonaws.verifiedpermissions#DiscoveryUrl", "traits": { + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer" + }, "smithy.api#documentation": "The well-known URL that points to this user pool's OIDC discovery endpoint. This is a\n URL string in the following format. This URL replaces the placeholders for both the\n Amazon Web Services Region and the user pool identifier with those appropriate for this user\n pool.
\n\n https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration\n
A string that identifies the type of OIDC service represented by this identity source.
\nAt this time, the only valid value is cognito.
A structure that contains configuration of the identity source.
\nThis data type is used as a response parameter for the CreateIdentitySource\n operation.
" + "smithy.api#deprecated": { + "message": "This shape has been replaced by ConfigurationDetail" + }, + "smithy.api#documentation": "A structure that contains configuration of the identity source.
\nThis data type was a response parameter for the GetIdentitySource\n operation. Replaced by ConfigurationDetail.
" } }, "com.amazonaws.verifiedpermissions#IdentitySourceFilter": { @@ -1670,7 +1808,7 @@ } }, "traits": { - "smithy.api#documentation": "A structure that defines characteristics of an identity source that you can use to\n filter.
\nThis data type is used as a request parameter for the ListIdentityStores\n operation.
" + "smithy.api#documentation": "A structure that defines characteristics of an identity source that you can use to\n filter.
\nThis data type is a request parameter for the ListIdentityStores\n operation.
" } }, "com.amazonaws.verifiedpermissions#IdentitySourceFilters": { @@ -1708,8 +1846,10 @@ "details": { "target": "com.amazonaws.verifiedpermissions#IdentitySourceItemDetails", "traits": { - "smithy.api#documentation": "A structure that contains the details of the associated identity provider\n (IdP).
", - "smithy.api#required": {} + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration" + }, + "smithy.api#documentation": "A structure that contains the details of the associated identity provider\n (IdP).
" } }, "identitySourceId": { @@ -1739,10 +1879,16 @@ "smithy.api#documentation": "The Cedar entity type of the principals returned from the IdP associated with this\n identity source.
", "smithy.api#required": {} } + }, + "configuration": { + "target": "com.amazonaws.verifiedpermissions#ConfigurationItem", + "traits": { + "smithy.api#documentation": "Contains configuration information about an identity source.
" + } } }, "traits": { - "smithy.api#documentation": "A structure that defines an identity source.
\nThis data type is used as a request parameter for the ListIdentityStores\n operation.
" + "smithy.api#documentation": "A structure that defines an identity source.
\nThis data type is a response parameter to the ListIdentitySources\n operation.
" } }, "com.amazonaws.verifiedpermissions#IdentitySourceItemDetails": { @@ -1751,30 +1897,45 @@ "clientIds": { "target": "com.amazonaws.verifiedpermissions#ClientIds", "traits": { + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds" + }, "smithy.api#documentation": "The application client IDs associated with the specified Amazon Cognito user pool that are\n enabled for this identity source.
" } }, "userPoolArn": { "target": "com.amazonaws.verifiedpermissions#UserPoolArn", "traits": { + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn" + }, "smithy.api#documentation": "The Amazon Cognito user pool whose identities are accessible to this Verified Permissions policy store.
" } }, "discoveryUrl": { "target": "com.amazonaws.verifiedpermissions#DiscoveryUrl", "traits": { + "smithy.api#deprecated": { + "message": "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer" + }, "smithy.api#documentation": "The well-known URL that points to this user pool's OIDC discovery endpoint. This is a\n URL string in the following format. This URL replaces the placeholders for both the\n Amazon Web Services Region and the user pool identifier with those appropriate for this user\n pool.
\n\n https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration\n
A string that identifies the type of OIDC service represented by this identity source.
\nAt this time, the only valid value is cognito.
A structure that contains configuration of the identity source.
\nThis data type is used as a response parameter for the CreateIdentitySource\n operation.
" + "smithy.api#deprecated": { + "message": "This shape has been replaced by ConfigurationItem" + }, + "smithy.api#documentation": "A structure that contains configuration of the identity source.
\nThis data type was a response parameter for the ListIdentitySources\n operation. Replaced by ConfigurationItem.
" } }, "com.amazonaws.verifiedpermissions#IdentitySources": { @@ -1814,7 +1975,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to make an authorization decision about a service request described in the parameters", + "aws.iam#iamAction": { + "documentation": "Grants permission to make an authorization decision about a service request described in the parameters" + }, "smithy.api#documentation": "Makes an authorization decision about a service request described in the parameters.\n The information in the parameters can also define additional context that Verified Permissions can\n include in the evaluation. The request is evaluated against all matching policies in the\n specified policy store. The result of the decision is either Allow or\n Deny, along with a list of the policies that resulted in the\n decision.
Makes an authorization decision about a service request described in the parameters.\n The principal in this request comes from an external identity source in the form of an identity\n token formatted as a JSON web\n token (JWT). The information in the parameters can also define additional\n context that Verified Permissions can include in the evaluation. The request is evaluated against all\n matching policies in the specified policy store. The result of the decision is either\n Allow or Deny, along with a list of the policies that\n resulted in the decision.
If you specify the identityToken parameter, then this operation\n derives the principal from that token. You must not also include that principal in\n the entities parameter or the operation fails and reports a conflict\n between the two entity sources.
If you provide only an accessToken, then you can include the entity\n as part of the entities parameter to provide additional\n attributes.
At this time, Verified Permissions accepts tokens from only Amazon Cognito.
\nVerified Permissions validates each token that is specified in a request by checking its expiration\n date and its signature.
\nIf you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.
\nSpecifies an identity token for the principal to be authorized. This token is provided\n to you by the identity provider (IdP) associated with the specified identity source. You must\n specify either an AccessToken or an IdentityToken, or\n both.
Specifies an identity token for the principal to be authorized. This token is provided\n to you by the identity provider (IdP) associated with the specified identity source. You must\n specify either an accessToken, an identityToken, or\n both.
Must be an ID token. Verified Permissions returns an error if the token_use claim in the\n submitted token isn't id.
Specifies an access token for the principal to be authorized. This token is provided\n to you by the identity provider (IdP) associated with the specified identity source. You must\n specify either an AccessToken, or an IdentityToken, or\n both.
Specifies an access token for the principal to be authorized. This token is provided\n to you by the identity provider (IdP) associated with the specified identity source. You must\n specify either an accessToken, an identityToken, or\n both.
Must be an access token. Verified Permissions returns an error if the token_use claim in\n the submitted token isn't access.
Returns a paginated list of all of the identity sources defined in the specified policy store.
", "smithy.api#paginated": { "inputToken": "nextToken", @@ -2094,7 +2271,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to return a paginated list of all policies stored in the specified policy store", + "aws.iam#iamAction": { + "documentation": "Grants permission to return a paginated list of all policies stored in the specified policy store" + }, "smithy.api#documentation": "Returns a paginated list of all policies stored in the specified policy store.
", "smithy.api#paginated": { "inputToken": "nextToken", @@ -2168,7 +2347,9 @@ "target": "com.amazonaws.verifiedpermissions#ListPolicyStoresOutput" }, "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to return a paginated list of all policy stores in the calling Amazon Web Services account", + "aws.iam#iamAction": { + "documentation": "Grants permission to return a paginated list of all policy stores in the calling Amazon Web Services account" + }, "smithy.api#documentation": "Returns a paginated list of all policy stores in the calling Amazon Web Services account.
", "smithy.api#paginated": { "inputToken": "nextToken", @@ -2234,7 +2415,9 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to return a paginated list of all policy templates in the specified policy store", + "aws.iam#iamAction": { + "documentation": "Grants permission to return a paginated list of all policy templates in the specified policy store" + }, "smithy.api#documentation": "Returns a paginated list of all policy templates in the specified policy store.
", "smithy.api#paginated": { "inputToken": "nextToken", @@ -2844,8 +3027,10 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to create or update the policy schema in the specified policy store", - "smithy.api#documentation": "Creates or updates the policy schema in the specified policy store. The schema is used to\n validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema\n validate only policies and templates submitted after the schema change. Existing\n policies and templates are not re-evaluated against the changed schema. If you later\n update a policy, then it is evaluated against the new schema at that time.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nCreates or updates the policy schema in the specified policy store. The schema is used to\n validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema\n validate only policies and templates submitted after the schema change. Existing\n policies and templates are not re-evaluated against the changed schema. If you later\n update a policy, then it is evaluated against the new schema at that time.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nContains information about a policy that was
\n \ncreated by instantiating a policy template.
\nThis
" + "smithy.api#documentation": "Contains information about a policy that was created by instantiating a policy template.
" } }, "com.amazonaws.verifiedpermissions#TemplateLinkedPolicyDefinitionItem": { @@ -3343,8 +3528,10 @@ } ], "traits": { - "aws.iam#actionPermissionDescription": "Grants permission to update the specified identity source to use a new identity provider (IdP) source, or to change the mapping of identities from the IdP to a different principal entity type", - "smithy.api#documentation": "Updates the specified identity source to use a new identity provider (IdP) source, or to change\n the mapping of identities from the IdP to a different principal entity type.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nUpdates the specified identity source to use a new identity provider (IdP) source, or to change\n the mapping of identities from the IdP to a different principal entity type.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nModifies a Cedar static policy in the specified policy store. You can change only certain elements of\n the UpdatePolicyDefinition parameter. You can directly update only static policies. To\n change a template-linked policy, you must update the template instead, using UpdatePolicyTemplate.
\nIf policy validation is enabled in the policy store, then updating a static policy causes\n Verified Permissions to validate the policy against the schema in the policy store. If the updated\n static policy doesn't pass validation, the operation fails and the update isn't\n stored.
\nWhen you edit a static policy, You can change only certain elements of a static\n policy:
\nThe action referenced by the policy.
\nA condition clause, such as when and unless.
\nYou can't change these elements of a static policy:
\nChanging a policy from a static policy to a template-linked\n policy.
\nChanging the effect of a static policy from permit or forbid.\n
\nThe principal referenced by a static policy.
\nThe resource referenced by a static policy.
\nTo update a template-linked policy, you must update the template instead.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nModifies a Cedar static policy in the specified policy store. You can change only certain elements of\n the UpdatePolicyDefinition parameter. You can directly update only static policies. To\n change a template-linked policy, you must update the template instead, using UpdatePolicyTemplate.
\nIf policy validation is enabled in the policy store, then updating a static policy causes\n Verified Permissions to validate the policy against the schema in the policy store. If the updated\n static policy doesn't pass validation, the operation fails and the update isn't\n stored.
\nWhen you edit a static policy, you can change only certain elements of a static\n policy:
\nThe action referenced by the policy.
\nA condition clause, such as when and unless.
\nYou can't change these elements of a static policy:
\nChanging a policy from a static policy to a template-linked\n policy.
\nChanging the effect of a static policy from permit or forbid.\n
\nThe principal referenced by a static policy.
\nThe resource referenced by a static policy.
\nTo update a template-linked policy, you must update the template instead.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nModifies the validation setting for a policy store.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nModifies the validation setting for a policy store.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nUpdates the specified policy template. You can update only the description and the some elements\n of the policyBody.
\nChanges you make to the policy template content are immediately (within the constraints of\n eventual consistency) reflected in authorization decisions that involve all template-linked policies\n instantiated from this template.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.
\nUpdates the specified policy template. You can update only the description and the some elements\n of the policyBody.
\nChanges you make to the policy template content are immediately (within the constraints of\n eventual consistency) reflected in authorization decisions that involve all template-linked policies\n instantiated from this template.
\nVerified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to propagate through\n the service and be visible in the results of other Verified Permissions operations.
\n