diff --git a/.changelog/21055fce4a0e4b1f89eee57d450b5a6b.json b/.changelog/21055fce4a0e4b1f89eee57d450b5a6b.json new file mode 100644 index 00000000000..aa54717b22b --- /dev/null +++ b/.changelog/21055fce4a0e4b1f89eee57d450b5a6b.json @@ -0,0 +1,8 @@ +{ + "id": "21055fce-4a0e-4b1f-89ee-e57d450b5a6b", + "type": "feature", + "description": "Release FilterCriteria encryption for Lambda EventSourceMapping, enabling customers to encrypt their filter criteria using a customer-owned KMS key.", + "modules": [ + "service/lambda" + ] +} \ No newline at end of file diff --git a/.changelog/23a16dce7c3d4531b1bf16de40e06700.json b/.changelog/23a16dce7c3d4531b1bf16de40e06700.json new file mode 100644 index 00000000000..35f0ebb6079 --- /dev/null +++ b/.changelog/23a16dce7c3d4531b1bf16de40e06700.json @@ -0,0 +1,8 @@ +{ + "id": "23a16dce-7c3d-4531-b1bf-16de40e06700", + "type": "feature", + "description": "DescribeInstanceStatus now returns health information on EBS volumes attached to Nitro instances", + "modules": [ + "service/ec2" + ] +} \ No newline at end of file diff --git a/.changelog/30c5a7e0fa0c4d269661639c3a9cf04f.json b/.changelog/30c5a7e0fa0c4d269661639c3a9cf04f.json new file mode 100644 index 00000000000..6a6f84cacf9 --- /dev/null +++ b/.changelog/30c5a7e0fa0c4d269661639c3a9cf04f.json @@ -0,0 +1,8 @@ +{ + "id": "30c5a7e0-fa0c-4d26-9661-639c3a9cf04f", + "type": "feature", + "description": "Increase the mapping attributes in Schema to 35.", + "modules": [ + "service/entityresolution" + ] +} \ No newline at end of file diff --git a/.changelog/54bfae7cf8e541d79842df8dafd2ba19.json b/.changelog/54bfae7cf8e541d79842df8dafd2ba19.json new file mode 100644 index 00000000000..75644ea9166 --- /dev/null +++ b/.changelog/54bfae7cf8e541d79842df8dafd2ba19.json @@ -0,0 +1,8 @@ +{ + "id": "54bfae7c-f8e5-41d7-9842-df8dafd2ba19", + "type": "feature", + "description": "Add optional field JobRunQueuingEnabled to CreateJob and UpdateJob APIs.", + "modules": [ + "service/glue" + ] +} \ No newline at end of file diff --git a/.changelog/61ca57de3eba4c2b8bb959fd878ebad9.json b/.changelog/61ca57de3eba4c2b8bb959fd878ebad9.json new file mode 100644 index 00000000000..1a84e2723c3 --- /dev/null +++ b/.changelog/61ca57de3eba4c2b8bb959fd878ebad9.json @@ -0,0 +1,8 @@ +{ + "id": "61ca57de-3eba-4c2b-8bb9-59fd878ebad9", + "type": "feature", + "description": "Enable email receiving customers to provide SES with access to their S3 buckets via an IAM role for \"Deliver to S3 Action\"", + "modules": [ + "service/ses" + ] +} \ No newline at end of file diff --git a/.changelog/a185e9c863634aa599005836f6aa56fa.json b/.changelog/a185e9c863634aa599005836f6aa56fa.json new file mode 100644 index 00000000000..985b0eaf0ff --- /dev/null +++ b/.changelog/a185e9c863634aa599005836f6aa56fa.json @@ -0,0 +1,8 @@ +{ + "id": "a185e9c8-6363-4aa5-9900-5836f6aa56fa", + "type": "feature", + "description": "Security Hub documentation and definition updates", + "modules": [ + "service/securityhub" + ] +} \ No newline at end of file diff --git a/feature/dynamodbstreams/attributevalue/go_module_metadata.go b/feature/dynamodbstreams/attributevalue/go_module_metadata.go index cba6ca093b6..47cde575fac 100644 --- a/feature/dynamodbstreams/attributevalue/go_module_metadata.go +++ b/feature/dynamodbstreams/attributevalue/go_module_metadata.go @@ -3,4 +3,4 @@ package attributevalue // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.68" +const goModuleVersion = "1.14.11" diff --git a/service/ec2/api_op_CopyImage.go b/service/ec2/api_op_CopyImage.go index 5d16fa33546..2cf4e94c7ae 100644 --- a/service/ec2/api_op_CopyImage.go +++ b/service/ec2/api_op_CopyImage.go @@ -11,30 +11,23 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Initiates the copy of an AMI. You can copy an AMI from one Region to another, -// or from a Region to an Outpost. You can't copy an AMI from an Outpost to a -// Region, from one Outpost to another, or within the same Outpost. To copy an AMI -// to another partition, see [CreateStoreImageTask]. +// Initiates an AMI copy operation. You can copy an AMI from one Region to +// another, or from a Region to an Outpost. You can't copy an AMI from an Outpost +// to a Region, from one Outpost to another, or within the same Outpost. To copy an +// AMI to another partition, see [CreateStoreImageTask]. // -// To copy an AMI from one Region to another, specify the source Region using the -// SourceRegion parameter, and specify the destination Region using its endpoint. -// Copies of encrypted backing snapshots for the AMI are encrypted. Copies of -// unencrypted backing snapshots remain unencrypted, unless you set Encrypted -// during the copy operation. You cannot create an unencrypted copy of an encrypted -// backing snapshot. +// When you copy an AMI from one Region to another, the destination Region is the +// current Region. // -// To copy an AMI from a Region to an Outpost, specify the source Region using the -// SourceRegion parameter, and specify the ARN of the destination Outpost using -// DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by -// default using the default encryption key for the Region, or a different key that -// you specify in the request using KmsKeyId. Outposts do not support unencrypted -// snapshots. For more information, [Amazon EBS local snapshots on Outposts]in the Amazon EBS User Guide. +// When you copy an AMI from a Region to an Outpost, specify the ARN of the +// Outpost as the destination. Backing snapshots copied to an Outpost are encrypted +// by default using the default encryption key for the Region or the key that you +// specify. Outposts do not support unencrypted snapshots. // -// For more information about the prerequisites and limits when copying an AMI, -// see [Copy an AMI]in the Amazon EC2 User Guide. +// For information about the prerequisites when copying an AMI, see [Copy an AMI] in the Amazon +// EC2 User Guide. // // [CreateStoreImageTask]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html -// [Amazon EBS local snapshots on Outposts]: https://docs.aws.amazon.com/ebs/latest/userguide/snapshots-outposts.html#ami // [Copy an AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html func (c *Client) CopyImage(ctx context.Context, params *CopyImageInput, optFns ...func(*Options)) (*CopyImageOutput, error) { if params == nil { @@ -111,10 +104,10 @@ type CopyImageInput struct { // encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot // create an unencrypted copy of an encrypted snapshot. The default KMS key for // Amazon EBS is used unless you specify a non-default Key Management Service (KMS) - // KMS key using KmsKeyId . For more information, see [Amazon EBS encryption] in the Amazon EBS User + // KMS key using KmsKeyId . For more information, see [Use encryption with EBS-backed AMIs] in the Amazon EC2 User // Guide. // - // [Amazon EBS encryption]: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html + // [Use encryption with EBS-backed AMIs]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html Encrypted *bool // The identifier of the symmetric Key Management Service (KMS) KMS key to use diff --git a/service/ec2/api_op_DeleteSecurityGroup.go b/service/ec2/api_op_DeleteSecurityGroup.go index e2b382a8868..170ba8fd5bf 100644 --- a/service/ec2/api_op_DeleteSecurityGroup.go +++ b/service/ec2/api_op_DeleteSecurityGroup.go @@ -13,8 +13,8 @@ import ( // Deletes a security group. // // If you attempt to delete a security group that is associated with an instance -// or network interface or is referenced by another security group, the operation -// fails with DependencyViolation . +// or network interface or is referenced by another security group in the same VPC, +// the operation fails with DependencyViolation . func (c *Client) DeleteSecurityGroup(ctx context.Context, params *DeleteSecurityGroupInput, optFns ...func(*Options)) (*DeleteSecurityGroupOutput, error) { if params == nil { params = &DeleteSecurityGroupInput{} diff --git a/service/ec2/api_op_DescribeInstanceStatus.go b/service/ec2/api_op_DescribeInstanceStatus.go index 51259254246..20787fbdfa2 100644 --- a/service/ec2/api_op_DescribeInstanceStatus.go +++ b/service/ec2/api_op_DescribeInstanceStatus.go @@ -106,6 +106,9 @@ type DescribeInstanceStatusInput struct { // // - system-status.status - The system status of the instance ( ok | impaired | // initializing | insufficient-data | not-applicable ). + // + // - attached-ebs-status.status - The status of the attached EBS volume for the + // instance ( ok | impaired | initializing | insufficient-data | not-applicable ). Filters []types.Filter // When true , includes the health status for all instances. When false , includes diff --git a/service/ec2/api_op_DescribeStaleSecurityGroups.go b/service/ec2/api_op_DescribeStaleSecurityGroups.go index 46313165dae..ca2d9e8f802 100644 --- a/service/ec2/api_op_DescribeStaleSecurityGroups.go +++ b/service/ec2/api_op_DescribeStaleSecurityGroups.go @@ -12,9 +12,9 @@ import ( ) // Describes the stale security group rules for security groups in a specified -// VPC. Rules are stale when they reference a deleted security group in the same -// VPC or peered VPC. Rules can also be stale if they reference a security group in -// a peer VPC for which the VPC peering connection has been deleted. +// VPC. Rules are stale when they reference a deleted security group in a peered +// VPC. Rules can also be stale if they reference a security group in a peer VPC +// for which the VPC peering connection has been deleted. func (c *Client) DescribeStaleSecurityGroups(ctx context.Context, params *DescribeStaleSecurityGroupsInput, optFns ...func(*Options)) (*DescribeStaleSecurityGroupsOutput, error) { if params == nil { params = &DescribeStaleSecurityGroupsInput{} diff --git a/service/ec2/api_op_DisableSnapshotBlockPublicAccess.go b/service/ec2/api_op_DisableSnapshotBlockPublicAccess.go index 7a1f2ae1c55..f17292e7064 100644 --- a/service/ec2/api_op_DisableSnapshotBlockPublicAccess.go +++ b/service/ec2/api_op_DisableSnapshotBlockPublicAccess.go @@ -15,9 +15,14 @@ import ( // the specified Amazon Web Services Region. After you disable block public access // for snapshots in a Region, users can publicly share snapshots in that Region. // -// If block public access is enabled in block-all-sharing mode, and you disable -// block public access, all snapshots that were previously publicly shared are no -// longer treated as private and they become publicly accessible again. +// Enabling block public access for snapshots in block-all-sharing mode does not +// change the permissions for snapshots that are already publicly shared. Instead, +// it prevents these snapshots from be publicly visible and publicly accessible. +// Therefore, the attributes for these snapshots still indicate that they are +// publicly shared, even though they are not publicly available. +// +// If you disable block public access , these snapshots will become publicly +// available again. // // For more information, see [Block public access for snapshots] in the Amazon EBS User Guide . // diff --git a/service/ec2/api_op_EnableSnapshotBlockPublicAccess.go b/service/ec2/api_op_EnableSnapshotBlockPublicAccess.go index 4cd85874280..538c8782ef2 100644 --- a/service/ec2/api_op_EnableSnapshotBlockPublicAccess.go +++ b/service/ec2/api_op_EnableSnapshotBlockPublicAccess.go @@ -18,9 +18,14 @@ import ( // shared are either treated as private or they remain publicly shared, depending // on the State that you specify. // -// If block public access is enabled in block-all-sharing mode, and you change the -// mode to block-new-sharing , all snapshots that were previously publicly shared -// are no longer treated as private and they become publicly accessible again. +// Enabling block public access for snapshots in block all sharing mode does not +// change the permissions for snapshots that are already publicly shared. Instead, +// it prevents these snapshots from be publicly visible and publicly accessible. +// Therefore, the attributes for these snapshots still indicate that they are +// publicly shared, even though they are not publicly available. +// +// If you later disable block public access or change the mode to block new +// sharing, these snapshots will become publicly available again. // // For more information, see [Block public access for snapshots] in the Amazon EBS User Guide. // @@ -50,12 +55,6 @@ type EnableSnapshotBlockPublicAccessInput struct { // Additionally, snapshots that are already publicly shared are treated as private // and they are no longer publicly available. // - // If you enable block public access for snapshots in block-all-sharing mode, it - // does not change the permissions for snapshots that are already publicly shared. - // Instead, it prevents these snapshots from be publicly visible and publicly - // accessible. Therefore, the attributes for these snapshots still indicate that - // they are publicly shared, even though they are not publicly available. - // // - block-new-sharing - Prevents only new public sharing of snapshots in the // Region. Users in the account will no longer be able to request new public // sharing. However, snapshots that are already publicly shared, remain publicly diff --git a/service/ec2/api_op_ModifySubnetAttribute.go b/service/ec2/api_op_ModifySubnetAttribute.go index f56c852223f..bad5eaa26c6 100644 --- a/service/ec2/api_op_ModifySubnetAttribute.go +++ b/service/ec2/api_op_ModifySubnetAttribute.go @@ -72,6 +72,13 @@ type ModifySubnetAttributeInput struct { // Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this // subnet should return synthetic IPv6 addresses for IPv4-only destinations. + // + // You must first configure a NAT gateway in a public subnet (separate from the + // subnet containing the IPv6-only workloads). For example, the subnet containing + // the NAT gateway should have a 0.0.0.0/0 route pointing to the internet gateway. + // For more information, see [Configure DNS64 and NAT64]in the Amazon VPC User Guide. + // + // [Configure DNS64 and NAT64]: https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-nat64-dns64.html#nat-gateway-nat64-dns64-walkthrough EnableDns64 *types.AttributeBooleanValue // Indicates the device position for local network interfaces in this subnet. For diff --git a/service/ec2/deserializers.go b/service/ec2/deserializers.go index 9d4bf6fb90d..3251d3ce0c8 100644 --- a/service/ec2/deserializers.go +++ b/service/ec2/deserializers.go @@ -71942,6 +71942,208 @@ func awsEc2query_deserializeDocumentEbsOptimizedInfo(v **types.EbsOptimizedInfo, return nil } +func awsEc2query_deserializeDocumentEbsStatusDetails(v **types.EbsStatusDetails, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.EbsStatusDetails + if *v == nil { + sv = &types.EbsStatusDetails{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("impairedSince", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + t, err := smithytime.ParseDateTime(xtv) + if err != nil { + return err + } + sv.ImpairedSince = ptr.Time(t) + } + + case strings.EqualFold("name", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Name = types.StatusName(xtv) + } + + case strings.EqualFold("status", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Status = types.StatusType(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsEc2query_deserializeDocumentEbsStatusDetailsList(v *[]types.EbsStatusDetails, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv []types.EbsStatusDetails + if *v == nil { + sv = make([]types.EbsStatusDetails, 0) + } else { + sv = *v + } + + originalDecoder := decoder + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + switch { + case strings.EqualFold("item", t.Name.Local): + var col types.EbsStatusDetails + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + destAddr := &col + if err := awsEc2query_deserializeDocumentEbsStatusDetails(&destAddr, nodeDecoder); err != nil { + return err + } + col = *destAddr + sv = append(sv, col) + + default: + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsEc2query_deserializeDocumentEbsStatusDetailsListUnwrapped(v *[]types.EbsStatusDetails, decoder smithyxml.NodeDecoder) error { + var sv []types.EbsStatusDetails + if *v == nil { + sv = make([]types.EbsStatusDetails, 0) + } else { + sv = *v + } + + switch { + default: + var mv types.EbsStatusDetails + t := decoder.StartEl + _ = t + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + destAddr := &mv + if err := awsEc2query_deserializeDocumentEbsStatusDetails(&destAddr, nodeDecoder); err != nil { + return err + } + mv = *destAddr + sv = append(sv, mv) + } + *v = sv + return nil +} +func awsEc2query_deserializeDocumentEbsStatusSummary(v **types.EbsStatusSummary, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.EbsStatusSummary + if *v == nil { + sv = &types.EbsStatusSummary{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("details", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsEc2query_deserializeDocumentEbsStatusDetailsList(&sv.Details, nodeDecoder); err != nil { + return err + } + + case strings.EqualFold("status", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Status = types.SummaryStatus(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsEc2query_deserializeDocumentEc2InstanceConnectEndpoint(v **types.Ec2InstanceConnectEndpoint, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -87105,6 +87307,12 @@ func awsEc2query_deserializeDocumentInstanceStatus(v **types.InstanceStatus, dec originalDecoder := decoder decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) switch { + case strings.EqualFold("attachedEbsStatus", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsEc2query_deserializeDocumentEbsStatusSummary(&sv.AttachedEbsStatus, nodeDecoder); err != nil { + return err + } + case strings.EqualFold("availabilityZone", t.Name.Local): val, err := decoder.Value() if err != nil { diff --git a/service/ec2/types/types.go b/service/ec2/types/types.go index baa9e67e371..cff88a1df77 100644 --- a/service/ec2/types/types.go +++ b/service/ec2/types/types.go @@ -2679,8 +2679,7 @@ type DataQuery struct { // in the query, the dataResponse identifies the query as MyQuery01 . Id *string - // The metric, aggregation-latency , indicating that network latency is aggregated - // for the query. This is the only supported metric. + // The metric used for the network performance request. Metric MetricType // The aggregation period used for the data query. @@ -2708,8 +2707,7 @@ type DataResponse struct { // The ID passed in the DataQuery . Id *string - // The metric used for the network performance request. Only aggregate-latency is - // supported, which shows network latency during a specified period. + // The metric used for the network performance request. Metric MetricType // A list of MetricPoint objects. @@ -3508,6 +3506,33 @@ type EbsOptimizedInfo struct { noSmithyDocumentSerde } +// Describes the attached EBS status check for an instance. +type EbsStatusDetails struct { + + // The date and time when the attached EBS status check failed. + ImpairedSince *time.Time + + // The name of the attached EBS status check. + Name StatusName + + // The result of the attached EBS status check. + Status StatusType + + noSmithyDocumentSerde +} + +// Provides a summary of the attached EBS volume status for an instance. +type EbsStatusSummary struct { + + // Details about the attached EBS status check for an instance. + Details []EbsStatusDetails + + // The current status. + Status SummaryStatus + + noSmithyDocumentSerde +} + // The EC2 Instance Connect Endpoint. type Ec2InstanceConnectEndpoint struct { @@ -7942,6 +7967,10 @@ type InstanceStateChange struct { // Describes the status of an instance. type InstanceStatus struct { + // Reports impaired functionality that stems from an attached Amazon EBS volume + // that is unreachable and unable to complete I/O operations. + AttachedEbsStatus *EbsStatusSummary + // The Availability Zone of the instance. AvailabilityZone *string @@ -11266,9 +11295,19 @@ type ModifyTransitGatewayOptions struct { // The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for // 32-bit ASNs. // - // The modify ASN operation is not allowed on a transit gateway with active BGP - // sessions. You must first delete all transit gateway attachments that have BGP - // configured prior to modifying the ASN on the transit gateway. + // The modify ASN operation is not allowed on a transit gateway if it has the + // following attachments: + // + // - Dynamic VPN + // + // - Static VPN + // + // - Direct Connect Gateway + // + // - Connect + // + // You must first delete all transit gateway attachments configured prior to + // modifying the ASN on the transit gateway. AmazonSideAsn *int64 // The ID of the default association route table. @@ -13748,7 +13787,7 @@ type RequestLaunchTemplateData struct { // The name or Amazon Resource Name (ARN) of an IAM instance profile. IamInstanceProfile *LaunchTemplateIamInstanceProfileSpecificationRequest - // The ID of the AMI in the format ami-17characters00000 . + // The ID of the AMI in the format ami-0ac394d6a3example . // // Alternatively, you can specify a Systems Manager parameter, using one of the // following formats. The Systems Manager parameter will resolve to an AMI ID on diff --git a/service/glue/api_op_CreateJob.go b/service/glue/api_op_CreateJob.go index f2296c835c6..ff1e89a42d9 100644 --- a/service/glue/api_op_CreateJob.go +++ b/service/glue/api_op_CreateJob.go @@ -133,6 +133,15 @@ type CreateJobInput struct { // value. JobMode types.JobMode + // Specifies whether job run queuing is enabled for the job runs for this job. + // + // A value of true means job run queuing is enabled for the job runs. If false or + // not populated, the job runs will not be considered for queueing. + // + // If this field does not match the value set in the job run, then the value from + // the job run field will be used. + JobRunQueuingEnabled *bool + // This field is reserved for future use. LogUri *string diff --git a/service/glue/api_op_StartJobRun.go b/service/glue/api_op_StartJobRun.go index df10feba07d..4cf78578ea9 100644 --- a/service/glue/api_op_StartJobRun.go +++ b/service/glue/api_op_StartJobRun.go @@ -85,6 +85,12 @@ type StartJobRunInput struct { // The ID of a previous JobRun to retry. JobRunId *string + // Specifies whether job run queuing is enabled for the job run. + // + // A value of true means job run queuing is enabled for the job run. If false or + // not populated, the job run will not be considered for queueing. + JobRunQueuingEnabled *bool + // For Glue version 1.0 or earlier jobs, using the standard worker type, the // number of Glue data processing units (DPUs) that can be allocated when this job // runs. A DPU is a relative measure of processing power that consists of 4 vCPUs diff --git a/service/glue/deserializers.go b/service/glue/deserializers.go index 6e22cf0d4cb..af96fdeeed0 100644 --- a/service/glue/deserializers.go +++ b/service/glue/deserializers.go @@ -42254,6 +42254,15 @@ func awsAwsjson11_deserializeDocumentJob(v **types.Job, value interface{}) error sv.JobMode = types.JobMode(jtv) } + case "JobRunQueuingEnabled": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected NullableBoolean to be of type *bool, got %T instead", value) + } + sv.JobRunQueuingEnabled = ptr.Bool(jtv) + } + case "LastModifiedOn": if value != nil { switch jtv := value.(type) { @@ -42928,6 +42937,15 @@ func awsAwsjson11_deserializeDocumentJobRun(v **types.JobRun, value interface{}) sv.JobName = ptr.String(jtv) } + case "JobRunQueuingEnabled": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected NullableBoolean to be of type *bool, got %T instead", value) + } + sv.JobRunQueuingEnabled = ptr.Bool(jtv) + } + case "JobRunState": if value != nil { jtv, ok := value.(string) @@ -43071,6 +43089,15 @@ func awsAwsjson11_deserializeDocumentJobRun(v **types.JobRun, value interface{}) } } + case "StateDetail": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OrchestrationMessageString to be of type string, got %T instead", value) + } + sv.StateDetail = ptr.String(jtv) + } + case "Timeout": if value != nil { jtv, ok := value.(json.Number) diff --git a/service/glue/serializers.go b/service/glue/serializers.go index 230c3c256ab..2ad5bf92dc6 100644 --- a/service/glue/serializers.go +++ b/service/glue/serializers.go @@ -16915,6 +16915,11 @@ func awsAwsjson11_serializeDocumentJobUpdate(v *types.JobUpdate, value smithyjso ok.String(string(v.JobMode)) } + if v.JobRunQueuingEnabled != nil { + ok := object.Key("JobRunQueuingEnabled") + ok.Boolean(*v.JobRunQueuingEnabled) + } + if v.LogUri != nil { ok := object.Key("LogUri") ok.String(*v.LogUri) @@ -22376,6 +22381,11 @@ func awsAwsjson11_serializeOpDocumentCreateJobInput(v *CreateJobInput, value smi ok.String(string(v.JobMode)) } + if v.JobRunQueuingEnabled != nil { + ok := object.Key("JobRunQueuingEnabled") + ok.Boolean(*v.JobRunQueuingEnabled) + } + if v.LogUri != nil { ok := object.Key("LogUri") ok.String(*v.LogUri) @@ -26421,6 +26431,11 @@ func awsAwsjson11_serializeOpDocumentStartJobRunInput(v *StartJobRunInput, value ok.String(*v.JobRunId) } + if v.JobRunQueuingEnabled != nil { + ok := object.Key("JobRunQueuingEnabled") + ok.Boolean(*v.JobRunQueuingEnabled) + } + if v.MaxCapacity != nil { ok := object.Key("MaxCapacity") switch { diff --git a/service/glue/types/types.go b/service/glue/types/types.go index 0e1c8c9b9d1..cbdf953fed0 100644 --- a/service/glue/types/types.go +++ b/service/glue/types/types.go @@ -4464,6 +4464,15 @@ type Job struct { // value. JobMode JobMode + // Specifies whether job run queuing is enabled for the job runs for this job. + // + // A value of true means job run queuing is enabled for the job runs. If false or + // not populated, the job runs will not be considered for queueing. + // + // If this field does not match the value set in the job run, then the value from + // the job run field will be used. + JobRunQueuingEnabled *bool + // The last point in time when this job definition was modified. LastModifiedOn *time.Time @@ -4771,6 +4780,12 @@ type JobRun struct { // The name of the job definition being used in this run. JobName *string + // Specifies whether job run queuing is enabled for the job run. + // + // A value of true means job run queuing is enabled for the job run. If false or + // not populated, the job run will not be considered for queueing. + JobRunQueuingEnabled *bool + // The current state of the job run. For more information about the statuses of // jobs that have terminated abnormally, see [Glue Job Run Statuses]. // @@ -4845,6 +4860,13 @@ type JobRun struct { // The date and time at which this job run was started. StartedOn *time.Time + // This field holds details that pertain to the state of a job run. The field is + // nullable. + // + // For example, when a job run is in a WAITING state as a result of job run + // queuing, the field has the reason why the job run is in that state. + StateDetail *string + // The JobRun timeout in minutes. This is the maximum time that a job run can // consume resources before it is terminated and enters TIMEOUT status. This value // overrides the timeout value set in the parent job. @@ -4999,6 +5021,15 @@ type JobUpdate struct { // value. JobMode JobMode + // Specifies whether job run queuing is enabled for the job runs for this job. + // + // A value of true means job run queuing is enabled for the job runs. If false or + // not populated, the job runs will not be considered for queueing. + // + // If this field does not match the value set in the job run, then the value from + // the job run field will be used. + JobRunQueuingEnabled *bool + // This field is reserved for future use. LogUri *string diff --git a/service/internal/integrationtest/go.sum b/service/internal/integrationtest/go.sum index 6652d9ff567..7ac5e139a40 100644 --- a/service/internal/integrationtest/go.sum +++ b/service/internal/integrationtest/go.sum @@ -1,11 +1,14 @@ github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4= github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/service/lambda/api_op_AddPermission.go b/service/lambda/api_op_AddPermission.go index 1b875ef9560..45afb624282 100644 --- a/service/lambda/api_op_AddPermission.go +++ b/service/lambda/api_op_AddPermission.go @@ -11,21 +11,22 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Grants an Amazon Web Service, Amazon Web Services account, or Amazon Web -// Services organization permission to use a function. You can apply the policy at -// the function level, or specify a qualifier to restrict access to a single +// Grants an Amazon Web Servicesservice, Amazon Web Services account, or Amazon +// Web Services organization permission to use a function. You can apply the policy +// at the function level, or specify a qualifier to restrict access to a single // version or alias. If you use a qualifier, the invoker must use the full Amazon // Resource Name (ARN) of that version or alias to invoke the function. Note: // Lambda does not support adding policies to version $LATEST. // // To grant permission to another account, specify the account ID as the Principal // . To grant permission to an organization defined in Organizations, specify the -// organization ID as the PrincipalOrgID . For Amazon Web Services, the principal -// is a domain-style identifier that the service defines, such as s3.amazonaws.com -// or sns.amazonaws.com . For Amazon Web Services, you can also specify the ARN of -// the associated resource as the SourceArn . If you grant permission to a service -// principal without specifying the source, other accounts could potentially -// configure resources in their account to invoke your Lambda function. +// organization ID as the PrincipalOrgID . For Amazon Web Servicesservices, the +// principal is a domain-style identifier that the service defines, such as +// s3.amazonaws.com or sns.amazonaws.com . For Amazon Web Servicesservices, you can +// also specify the ARN of the associated resource as the SourceArn . If you grant +// permission to a service principal without specifying the source, other accounts +// could potentially configure resources in their account to invoke your Lambda +// function. // // This operation adds a statement to a resource-based permissions policy for the // function. For more information about function policies, see [Using resource-based policies for Lambda]. @@ -71,7 +72,7 @@ type AddPermissionInput struct { // This member is required. FunctionName *string - // The Amazon Web Service or Amazon Web Services account that invokes the + // The Amazon Web Servicesservice or Amazon Web Services account that invokes the // function. If you specify a service, use SourceArn or SourceAccount to limit who // can invoke the function through that service. // @@ -107,14 +108,14 @@ type AddPermissionInput struct { // this option to avoid modifying a policy that has changed since you last read it. RevisionId *string - // For Amazon Web Service, the ID of the Amazon Web Services account that owns the - // resource. Use this together with SourceArn to ensure that the specified account - // owns the resource. It is possible for an Amazon S3 bucket to be deleted by its - // owner and recreated by another account. + // For Amazon Web Servicesservice, the ID of the Amazon Web Services account that + // owns the resource. Use this together with SourceArn to ensure that the + // specified account owns the resource. It is possible for an Amazon S3 bucket to + // be deleted by its owner and recreated by another account. SourceAccount *string - // For Amazon Web Services, the ARN of the Amazon Web Services resource that - // invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. + // For Amazon Web Servicesservices, the ARN of the Amazon Web Services resource + // that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. // // Note that Lambda configures the comparison using the StringLike operator. SourceArn *string diff --git a/service/lambda/api_op_CreateEventSourceMapping.go b/service/lambda/api_op_CreateEventSourceMapping.go index ebd912fab75..87171a7cc2a 100644 --- a/service/lambda/api_op_CreateEventSourceMapping.go +++ b/service/lambda/api_op_CreateEventSourceMapping.go @@ -183,6 +183,14 @@ type CreateEventSourceMappingInput struct { // enums applied to the event source mapping. FunctionResponseTypes []types.FunctionResponseType + // The ARN of the Key Management Service (KMS) customer managed key that Lambda + // uses to encrypt your function's [filter criteria]. By default, Lambda does not encrypt your + // filter criteria object. Specify this property to encrypt data using your own + // customer managed key. + // + // [filter criteria]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics + KMSKeyArn *string + // The maximum amount of time, in seconds, that Lambda spends gathering records // before invoking the function. You can configure MaximumBatchingWindowInSeconds // to any value from 0 seconds to 300 seconds in increments of seconds. @@ -291,9 +299,18 @@ type CreateEventSourceMappingOutput struct { // An object that defines the filter criteria that determine whether Lambda should // process an event. For more information, see [Lambda event filtering]. // + // If filter criteria is encrypted, this field shows up as null in the response of + // ListEventSourceMapping API calls. You can view this field in plaintext in the + // response of GetEventSourceMapping and DeleteEventSourceMapping calls if you have + // kms:Decrypt permissions for the correct KMS key. + // // [Lambda event filtering]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html FilterCriteria *types.FilterCriteria + // An object that contains details about an error related to filter criteria + // encryption. + FilterCriteriaError *types.FilterCriteriaError + // The ARN of the Lambda function. FunctionArn *string @@ -301,6 +318,12 @@ type CreateEventSourceMappingOutput struct { // enums applied to the event source mapping. FunctionResponseTypes []types.FunctionResponseType + // The ARN of the Key Management Service (KMS) customer managed key that Lambda + // uses to encrypt your function's [filter criteria]. + // + // [filter criteria]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics + KMSKeyArn *string + // The date that the event source mapping was last updated or that its state // changed. LastModified *time.Time diff --git a/service/lambda/api_op_CreateFunction.go b/service/lambda/api_op_CreateFunction.go index b02bd30de33..8bd976fa1bb 100644 --- a/service/lambda/api_op_CreateFunction.go +++ b/service/lambda/api_op_CreateFunction.go @@ -14,8 +14,8 @@ import ( // Creates a Lambda function. To create a function, you need a [deployment package] and an [execution role]. The // deployment package is a .zip file archive or container image that contains your // function code. The execution role grants the function permission to use Amazon -// Web Services, such as Amazon CloudWatch Logs for log streaming and X-Ray for -// request tracing. +// Web Servicesservices, such as Amazon CloudWatch Logs for log streaming and X-Ray +// for request tracing. // // If the deployment package is a [container image], then you set the package type to Image . For a // container image, the code property must include the URI of a container image in @@ -54,14 +54,15 @@ import ( // code-signing configuration includes set of signing profiles, which define the // trusted publishers for this function. // -// If another Amazon Web Services account or an Amazon Web Service invokes your -// function, use AddPermissionto grant permission by creating a resource-based Identity and -// Access Management (IAM) policy. You can grant permissions at the function level, -// on a version, or on an alias. +// If another Amazon Web Services account or an Amazon Web Servicesservice invokes +// your function, use AddPermissionto grant permission by creating a resource-based Identity +// and Access Management (IAM) policy. You can grant permissions at the function +// level, on a version, or on an alias. // // To invoke your function directly, use Invoke. To invoke your function in response to -// events in other Amazon Web Services, create an event source mapping (CreateEventSourceMapping ), or -// configure a function trigger in the other service. For more information, see [Invoking Lambda functions]. +// events in other Amazon Web Servicesservices, create an event source mapping (CreateEventSourceMapping ), +// or configure a function trigger in the other service. For more information, see [Invoking Lambda functions] +// . // // [Invoking Lambda functions]: https://docs.aws.amazon.com/lambda/latest/dg/lambda-invocation.html // [Lambda function states]: https://docs.aws.amazon.com/lambda/latest/dg/functions-states.html diff --git a/service/lambda/api_op_DeleteEventSourceMapping.go b/service/lambda/api_op_DeleteEventSourceMapping.go index 1201b64ea33..640bf184d59 100644 --- a/service/lambda/api_op_DeleteEventSourceMapping.go +++ b/service/lambda/api_op_DeleteEventSourceMapping.go @@ -81,9 +81,18 @@ type DeleteEventSourceMappingOutput struct { // An object that defines the filter criteria that determine whether Lambda should // process an event. For more information, see [Lambda event filtering]. // + // If filter criteria is encrypted, this field shows up as null in the response of + // ListEventSourceMapping API calls. You can view this field in plaintext in the + // response of GetEventSourceMapping and DeleteEventSourceMapping calls if you have + // kms:Decrypt permissions for the correct KMS key. + // // [Lambda event filtering]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html FilterCriteria *types.FilterCriteria + // An object that contains details about an error related to filter criteria + // encryption. + FilterCriteriaError *types.FilterCriteriaError + // The ARN of the Lambda function. FunctionArn *string @@ -91,6 +100,12 @@ type DeleteEventSourceMappingOutput struct { // enums applied to the event source mapping. FunctionResponseTypes []types.FunctionResponseType + // The ARN of the Key Management Service (KMS) customer managed key that Lambda + // uses to encrypt your function's [filter criteria]. + // + // [filter criteria]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics + KMSKeyArn *string + // The date that the event source mapping was last updated or that its state // changed. LastModified *time.Time diff --git a/service/lambda/api_op_DeleteFunction.go b/service/lambda/api_op_DeleteFunction.go index d0034044143..c5914d7abbf 100644 --- a/service/lambda/api_op_DeleteFunction.go +++ b/service/lambda/api_op_DeleteFunction.go @@ -15,8 +15,8 @@ import ( // doesn't require the user to have explicit permissions for DeleteAlias. // // To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon -// Web Services and resources that invoke your function directly, delete the -// trigger in the service where you originally configured it. +// Web Servicesservices and resources that invoke your function directly, delete +// the trigger in the service where you originally configured it. func (c *Client) DeleteFunction(ctx context.Context, params *DeleteFunctionInput, optFns ...func(*Options)) (*DeleteFunctionOutput, error) { if params == nil { params = &DeleteFunctionInput{} diff --git a/service/lambda/api_op_GetEventSourceMapping.go b/service/lambda/api_op_GetEventSourceMapping.go index 92da5d0d124..5677103f93a 100644 --- a/service/lambda/api_op_GetEventSourceMapping.go +++ b/service/lambda/api_op_GetEventSourceMapping.go @@ -77,9 +77,18 @@ type GetEventSourceMappingOutput struct { // An object that defines the filter criteria that determine whether Lambda should // process an event. For more information, see [Lambda event filtering]. // + // If filter criteria is encrypted, this field shows up as null in the response of + // ListEventSourceMapping API calls. You can view this field in plaintext in the + // response of GetEventSourceMapping and DeleteEventSourceMapping calls if you have + // kms:Decrypt permissions for the correct KMS key. + // // [Lambda event filtering]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html FilterCriteria *types.FilterCriteria + // An object that contains details about an error related to filter criteria + // encryption. + FilterCriteriaError *types.FilterCriteriaError + // The ARN of the Lambda function. FunctionArn *string @@ -87,6 +96,12 @@ type GetEventSourceMappingOutput struct { // enums applied to the event source mapping. FunctionResponseTypes []types.FunctionResponseType + // The ARN of the Key Management Service (KMS) customer managed key that Lambda + // uses to encrypt your function's [filter criteria]. + // + // [filter criteria]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics + KMSKeyArn *string + // The date that the event source mapping was last updated or that its state // changed. LastModified *time.Time diff --git a/service/lambda/api_op_RemovePermission.go b/service/lambda/api_op_RemovePermission.go index b067739a324..6aa0d3d9128 100644 --- a/service/lambda/api_op_RemovePermission.go +++ b/service/lambda/api_op_RemovePermission.go @@ -10,8 +10,9 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Revokes function-use permission from an Amazon Web Service or another Amazon -// Web Services account. You can get the ID of the statement from the output of GetPolicy. +// Revokes function-use permission from an Amazon Web Servicesservice or another +// Amazon Web Services account. You can get the ID of the statement from the output +// of GetPolicy. func (c *Client) RemovePermission(ctx context.Context, params *RemovePermissionInput, optFns ...func(*Options)) (*RemovePermissionOutput, error) { if params == nil { params = &RemovePermissionInput{} diff --git a/service/lambda/api_op_UpdateEventSourceMapping.go b/service/lambda/api_op_UpdateEventSourceMapping.go index f5ecb2236ab..00e4b716cca 100644 --- a/service/lambda/api_op_UpdateEventSourceMapping.go +++ b/service/lambda/api_op_UpdateEventSourceMapping.go @@ -164,6 +164,14 @@ type UpdateEventSourceMappingInput struct { // enums applied to the event source mapping. FunctionResponseTypes []types.FunctionResponseType + // The ARN of the Key Management Service (KMS) customer managed key that Lambda + // uses to encrypt your function's [filter criteria]. By default, Lambda does not encrypt your + // filter criteria object. Specify this property to encrypt data using your own + // customer managed key. + // + // [filter criteria]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics + KMSKeyArn *string + // The maximum amount of time, in seconds, that Lambda spends gathering records // before invoking the function. You can configure MaximumBatchingWindowInSeconds // to any value from 0 seconds to 300 seconds in increments of seconds. @@ -250,9 +258,18 @@ type UpdateEventSourceMappingOutput struct { // An object that defines the filter criteria that determine whether Lambda should // process an event. For more information, see [Lambda event filtering]. // + // If filter criteria is encrypted, this field shows up as null in the response of + // ListEventSourceMapping API calls. You can view this field in plaintext in the + // response of GetEventSourceMapping and DeleteEventSourceMapping calls if you have + // kms:Decrypt permissions for the correct KMS key. + // // [Lambda event filtering]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html FilterCriteria *types.FilterCriteria + // An object that contains details about an error related to filter criteria + // encryption. + FilterCriteriaError *types.FilterCriteriaError + // The ARN of the Lambda function. FunctionArn *string @@ -260,6 +277,12 @@ type UpdateEventSourceMappingOutput struct { // enums applied to the event source mapping. FunctionResponseTypes []types.FunctionResponseType + // The ARN of the Key Management Service (KMS) customer managed key that Lambda + // uses to encrypt your function's [filter criteria]. + // + // [filter criteria]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics + KMSKeyArn *string + // The date that the event source mapping was last updated or that its state // changed. LastModified *time.Time diff --git a/service/lambda/api_op_UpdateFunctionConfiguration.go b/service/lambda/api_op_UpdateFunctionConfiguration.go index c287c320261..78b2253c7e3 100644 --- a/service/lambda/api_op_UpdateFunctionConfiguration.go +++ b/service/lambda/api_op_UpdateFunctionConfiguration.go @@ -26,7 +26,7 @@ import ( // only the unpublished version. // // To configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions to an -// Amazon Web Services account or Amazon Web Service, use AddPermission. +// Amazon Web Services account or Amazon Web Servicesservice, use AddPermission. // // [Lambda function states]: https://docs.aws.amazon.com/lambda/latest/dg/functions-states.html func (c *Client) UpdateFunctionConfiguration(ctx context.Context, params *UpdateFunctionConfigurationInput, optFns ...func(*Options)) (*UpdateFunctionConfigurationOutput, error) { diff --git a/service/lambda/deserializers.go b/service/lambda/deserializers.go index 31a2c979cd9..f71b48d347a 100644 --- a/service/lambda/deserializers.go +++ b/service/lambda/deserializers.go @@ -929,6 +929,11 @@ func awsRestjson1_deserializeOpDocumentCreateEventSourceMappingOutput(v **Create return err } + case "FilterCriteriaError": + if err := awsRestjson1_deserializeDocumentFilterCriteriaError(&sv.FilterCriteriaError, value); err != nil { + return err + } + case "FunctionArn": if value != nil { jtv, ok := value.(string) @@ -943,6 +948,15 @@ func awsRestjson1_deserializeOpDocumentCreateEventSourceMappingOutput(v **Create return err } + case "KMSKeyArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected KMSKeyArn to be of type string, got %T instead", value) + } + sv.KMSKeyArn = ptr.String(jtv) + } + case "LastModified": if value != nil { switch jtv := value.(type) { @@ -2171,6 +2185,11 @@ func awsRestjson1_deserializeOpDocumentDeleteEventSourceMappingOutput(v **Delete return err } + case "FilterCriteriaError": + if err := awsRestjson1_deserializeDocumentFilterCriteriaError(&sv.FilterCriteriaError, value); err != nil { + return err + } + case "FunctionArn": if value != nil { jtv, ok := value.(string) @@ -2185,6 +2204,15 @@ func awsRestjson1_deserializeOpDocumentDeleteEventSourceMappingOutput(v **Delete return err } + case "KMSKeyArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected KMSKeyArn to be of type string, got %T instead", value) + } + sv.KMSKeyArn = ptr.String(jtv) + } + case "LastModified": if value != nil { switch jtv := value.(type) { @@ -3766,6 +3794,11 @@ func awsRestjson1_deserializeOpDocumentGetEventSourceMappingOutput(v **GetEventS return err } + case "FilterCriteriaError": + if err := awsRestjson1_deserializeDocumentFilterCriteriaError(&sv.FilterCriteriaError, value); err != nil { + return err + } + case "FunctionArn": if value != nil { jtv, ok := value.(string) @@ -3780,6 +3813,15 @@ func awsRestjson1_deserializeOpDocumentGetEventSourceMappingOutput(v **GetEventS return err } + case "KMSKeyArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected KMSKeyArn to be of type string, got %T instead", value) + } + sv.KMSKeyArn = ptr.String(jtv) + } + case "LastModified": if value != nil { switch jtv := value.(type) { @@ -11906,6 +11948,11 @@ func awsRestjson1_deserializeOpDocumentUpdateEventSourceMappingOutput(v **Update return err } + case "FilterCriteriaError": + if err := awsRestjson1_deserializeDocumentFilterCriteriaError(&sv.FilterCriteriaError, value); err != nil { + return err + } + case "FunctionArn": if value != nil { jtv, ok := value.(string) @@ -11920,6 +11967,15 @@ func awsRestjson1_deserializeOpDocumentUpdateEventSourceMappingOutput(v **Update return err } + case "KMSKeyArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected KMSKeyArn to be of type string, got %T instead", value) + } + sv.KMSKeyArn = ptr.String(jtv) + } + case "LastModified": if value != nil { switch jtv := value.(type) { @@ -16894,6 +16950,11 @@ func awsRestjson1_deserializeDocumentEventSourceMappingConfiguration(v **types.E return err } + case "FilterCriteriaError": + if err := awsRestjson1_deserializeDocumentFilterCriteriaError(&sv.FilterCriteriaError, value); err != nil { + return err + } + case "FunctionArn": if value != nil { jtv, ok := value.(string) @@ -16908,6 +16969,15 @@ func awsRestjson1_deserializeDocumentEventSourceMappingConfiguration(v **types.E return err } + case "KMSKeyArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected KMSKeyArn to be of type string, got %T instead", value) + } + sv.KMSKeyArn = ptr.String(jtv) + } + case "LastModified": if value != nil { switch jtv := value.(type) { @@ -17282,6 +17352,55 @@ func awsRestjson1_deserializeDocumentFilterCriteria(v **types.FilterCriteria, va return nil } +func awsRestjson1_deserializeDocumentFilterCriteriaError(v **types.FilterCriteriaError, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.FilterCriteriaError + if *v == nil { + sv = &types.FilterCriteriaError{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "ErrorCode": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected FilterCriteriaErrorCode to be of type string, got %T instead", value) + } + sv.ErrorCode = ptr.String(jtv) + } + + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected FilterCriteriaErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsRestjson1_deserializeDocumentFilterList(v *[]types.Filter, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/service/lambda/serializers.go b/service/lambda/serializers.go index 3dcc07b64f5..b7508c6bd71 100644 --- a/service/lambda/serializers.go +++ b/service/lambda/serializers.go @@ -585,6 +585,11 @@ func awsRestjson1_serializeOpDocumentCreateEventSourceMappingInput(v *CreateEven } } + if v.KMSKeyArn != nil { + ok := object.Key("KMSKeyArn") + ok.String(*v.KMSKeyArn) + } + if v.MaximumBatchingWindowInSeconds != nil { ok := object.Key("MaximumBatchingWindowInSeconds") ok.Integer(*v.MaximumBatchingWindowInSeconds) @@ -5391,6 +5396,11 @@ func awsRestjson1_serializeOpDocumentUpdateEventSourceMappingInput(v *UpdateEven } } + if v.KMSKeyArn != nil { + ok := object.Key("KMSKeyArn") + ok.String(*v.KMSKeyArn) + } + if v.MaximumBatchingWindowInSeconds != nil { ok := object.Key("MaximumBatchingWindowInSeconds") ok.Integer(*v.MaximumBatchingWindowInSeconds) diff --git a/service/lambda/types/types.go b/service/lambda/types/types.go index 1548b563aec..19b25b2330a 100644 --- a/service/lambda/types/types.go +++ b/service/lambda/types/types.go @@ -352,9 +352,18 @@ type EventSourceMappingConfiguration struct { // An object that defines the filter criteria that determine whether Lambda should // process an event. For more information, see [Lambda event filtering]. // + // If filter criteria is encrypted, this field shows up as null in the response of + // ListEventSourceMapping API calls. You can view this field in plaintext in the + // response of GetEventSourceMapping and DeleteEventSourceMapping calls if you have + // kms:Decrypt permissions for the correct KMS key. + // // [Lambda event filtering]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html FilterCriteria *FilterCriteria + // An object that contains details about an error related to filter criteria + // encryption. + FilterCriteriaError *FilterCriteriaError + // The ARN of the Lambda function. FunctionArn *string @@ -362,6 +371,12 @@ type EventSourceMappingConfiguration struct { // enums applied to the event source mapping. FunctionResponseTypes []FunctionResponseType + // The ARN of the Key Management Service (KMS) customer managed key that Lambda + // uses to encrypt your function's [filter criteria]. + // + // [filter criteria]: https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics + KMSKeyArn *string + // The date that the event source mapping was last updated or that its state // changed. LastModified *time.Time @@ -497,6 +512,19 @@ type FilterCriteria struct { noSmithyDocumentSerde } +// An object that contains details about an error related to filter criteria +// encryption. +type FilterCriteriaError struct { + + // The KMS exception that resulted from filter criteria encryption or decryption. + ErrorCode *string + + // The error message. + Message *string + + noSmithyDocumentSerde +} + // The code for the Lambda function. You can either specify an object in Amazon // S3, upload a .zip file archive deployment package directly, or specify the URI // of a container image. diff --git a/service/securityhub/api_op_CreateFindingAggregator.go b/service/securityhub/api_op_CreateFindingAggregator.go index 98d08cda852..24d6b2d8d74 100644 --- a/service/securityhub/api_op_CreateFindingAggregator.go +++ b/service/securityhub/api_op_CreateFindingAggregator.go @@ -42,20 +42,23 @@ type CreateFindingAggregatorInput struct { // // The options are as follows: // - // - ALL_REGIONS - Indicates to aggregate findings from all of the Regions where - // Security Hub is enabled. When you choose this option, Security Hub also - // automatically aggregates findings from new Regions as Security Hub supports them - // and you opt into them. + // - ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub + // is enabled. When you choose this option, Security Hub also automatically + // aggregates findings from new Regions as Security Hub supports them and you opt + // into them. // - // - ALL_REGIONS_EXCEPT_SPECIFIED - Indicates to aggregate findings from all of - // the Regions where Security Hub is enabled, except for the Regions listed in the - // Regions parameter. When you choose this option, Security Hub also - // automatically aggregates findings from new Regions as Security Hub supports them - // and you opt into them. + // - ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions + // where Security Hub is enabled, except for the Regions listed in the Regions + // parameter. When you choose this option, Security Hub also automatically + // aggregates findings from new Regions as Security Hub supports them and you opt + // into them. // - // - SPECIFIED_REGIONS - Indicates to aggregate findings only from the Regions - // listed in the Regions parameter. Security Hub does not automatically aggregate - // findings from new Regions. + // - SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the + // Regions parameter. Security Hub does not automatically aggregate findings from + // new Regions. + // + // - NO_REGIONS - Aggregates no data because no Regions are selected as linked + // Regions. // // This member is required. RegionLinkingMode *string @@ -66,6 +69,9 @@ type CreateFindingAggregatorInput struct { // // If RegionLinkingMode is SPECIFIED_REGIONS , then this is a space-separated list // of Regions that do aggregate findings to the aggregation Region. + // + // An InvalidInputException error results if you populate this field while + // RegionLinkingMode is NO_REGIONS . Regions []string noSmithyDocumentSerde diff --git a/service/securityhub/api_op_UpdateFindingAggregator.go b/service/securityhub/api_op_UpdateFindingAggregator.go index c6e2af00306..5e98f67e19f 100644 --- a/service/securityhub/api_op_UpdateFindingAggregator.go +++ b/service/securityhub/api_op_UpdateFindingAggregator.go @@ -47,20 +47,23 @@ type UpdateFindingAggregatorInput struct { // // The options are as follows: // - // - ALL_REGIONS - Indicates to aggregate findings from all of the Regions where - // Security Hub is enabled. When you choose this option, Security Hub also - // automatically aggregates findings from new Regions as Security Hub supports them - // and you opt into them. + // - ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub + // is enabled. When you choose this option, Security Hub also automatically + // aggregates findings from new Regions as Security Hub supports them and you opt + // into them. // - // - ALL_REGIONS_EXCEPT_SPECIFIED - Indicates to aggregate findings from all of - // the Regions where Security Hub is enabled, except for the Regions listed in the - // Regions parameter. When you choose this option, Security Hub also - // automatically aggregates findings from new Regions as Security Hub supports them - // and you opt into them. + // - ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions + // where Security Hub is enabled, except for the Regions listed in the Regions + // parameter. When you choose this option, Security Hub also automatically + // aggregates findings from new Regions as Security Hub supports them and you opt + // into them. // - // - SPECIFIED_REGIONS - Indicates to aggregate findings only from the Regions - // listed in the Regions parameter. Security Hub does not automatically aggregate - // findings from new Regions. + // - SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the + // Regions parameter. Security Hub does not automatically aggregate findings from + // new Regions. + // + // - NO_REGIONS - Aggregates no data because no Regions are selected as linked + // Regions. // // This member is required. RegionLinkingMode *string @@ -71,6 +74,9 @@ type UpdateFindingAggregatorInput struct { // // If RegionLinkingMode is SPECIFIED_REGIONS , then this is a space-separated list // of Regions that do aggregate findings to the aggregation Region. + // + // An InvalidInputException error results if you populate this field while + // RegionLinkingMode is NO_REGIONS . Regions []string noSmithyDocumentSerde diff --git a/service/securityhub/api_op_UpdateFindings.go b/service/securityhub/api_op_UpdateFindings.go index 34bd3dbacaa..33567fda766 100644 --- a/service/securityhub/api_op_UpdateFindings.go +++ b/service/securityhub/api_op_UpdateFindings.go @@ -14,13 +14,14 @@ import ( // UpdateFindings is a deprecated operation. Instead of UpdateFindings , use the // BatchUpdateFindings operation. // -// Updates the Note and RecordState of the Security Hub-aggregated findings that -// the filter attributes specify. Any member account that can view the finding also -// sees the update to the finding. +// The UpdateFindings operation updates the Note and RecordState of the Security +// Hub aggregated findings that the filter attributes specify. Any member account +// that can view the finding can also see the update to the finding. // -// Finding updates made with UpdateFindings might not be persisted if the same -// finding is later updated by the finding provider through the BatchImportFindings -// operation. +// Finding updates made with UpdateFindings aren't persisted if the same finding +// is later updated by the finding provider through the BatchImportFindings +// operation. In addition, Security Hub doesn't record updates made with +// UpdateFindings in the finding history. func (c *Client) UpdateFindings(ctx context.Context, params *UpdateFindingsInput, optFns ...func(*Options)) (*UpdateFindingsOutput, error) { if params == nil { params = &UpdateFindingsInput{} diff --git a/service/securityhub/doc.go b/service/securityhub/doc.go index e6e23ffe149..21dd6bc0da2 100644 --- a/service/securityhub/doc.go +++ b/service/securityhub/doc.go @@ -8,8 +8,8 @@ // against security industry standards and best practices. // // Security Hub collects security data across Amazon Web Services accounts, Amazon -// Web Services, and supported third-party products and helps you analyze your -// security trends and identify the highest priority security issues. +// Web Servicesservices, and supported third-party products and helps you analyze +// your security trends and identify the highest priority security issues. // // To help you manage the security state of your organization, Security Hub // supports multiple security standards. These include the Amazon Web Services @@ -23,10 +23,11 @@ // practices. // // In addition to generating control findings, Security Hub also receives findings -// from other Amazon Web Services, such as Amazon GuardDuty and Amazon Inspector, -// and supported third-party products. This gives you a single pane of glass into a -// variety of security-related issues. You can also send Security Hub findings to -// other Amazon Web Services and supported third-party products. +// from other Amazon Web Servicesservices, such as Amazon GuardDuty and Amazon +// Inspector, and supported third-party products. This gives you a single pane of +// glass into a variety of security-related issues. You can also send Security Hub +// findings to other Amazon Web Servicesservices and supported third-party +// products. // // Security Hub offers automation features that help you triage and remediate // security issues. For example, you can use automation rules to automatically @@ -39,17 +40,17 @@ // and schemas. If you're new to Security Hub, you might find it helpful to also // review the [Security Hub User Guide]. The user guide explains key concepts and provides procedures that // demonstrate how to use Security Hub features. It also provides information about -// topics such as integrating Security Hub with other Amazon Web Services. +// topics such as integrating Security Hub with other Amazon Web Servicesservices. // // In addition to interacting with Security Hub by making calls to the Security // Hub API, you can use a current version of an Amazon Web Services command line // tool or SDK. Amazon Web Services provides tools and SDKs that consist of // libraries and sample code for various languages and platforms, such as // PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide -// convenient, programmatic access to Security Hub and other Amazon Web Services . -// They also handle tasks such as signing requests, managing errors, and retrying -// requests automatically. For information about installing and using the Amazon -// Web Services tools and SDKs, see [Tools to Build on Amazon Web Services]. +// convenient, programmatic access to Security Hub and other Amazon Web +// Servicesservices . They also handle tasks such as signing requests, managing +// errors, and retrying requests automatically. For information about installing +// and using the Amazon Web Services tools and SDKs, see [Tools to Build on Amazon Web Services]. // // With the exception of operations that are related to central configuration, // Security Hub API requests are executed only in the Amazon Web Services Region diff --git a/service/securityhub/types/types.go b/service/securityhub/types/types.go index d1cf971c134..90b5a8e62ef 100644 --- a/service/securityhub/types/types.go +++ b/service/securityhub/types/types.go @@ -609,8 +609,9 @@ type AutomationRulesFindingFilters struct { // The identifier for the given resource type. For Amazon Web Services resources // that are identified by Amazon Resource Names (ARNs), this is the ARN. For Amazon // Web Services resources that lack ARNs, this is the identifier as defined by the - // Amazon Web Service that created the resource. For non-Amazon Web Services - // resources, this is a unique identifier that is associated with the resource. + // Amazon Web Servicesservice that created the resource. For non-Amazon Web + // Services resources, this is a unique identifier that is associated with the + // resource. // // Array Members: Minimum number of 1 item. Maximum number of 100 items. ResourceId []StringFilter @@ -13242,7 +13243,8 @@ type AwsSecurityFindingFilters struct { ComplianceAssociatedStandardsId []StringFilter // The unique identifier of a control across standards. Values for this field - // typically consist of an Amazon Web Service and a number, such as APIGateway.5. + // typically consist of an Amazon Web Servicesservice and a number, such as + // APIGateway.5. ComplianceSecurityControlId []StringFilter // The name of a security control parameter. @@ -15044,7 +15046,8 @@ type Compliance struct { RelatedRequirements []string // The unique identifier of a control across standards. Values for this field - // typically consist of an Amazon Web Service and a number, such as APIGateway.5. + // typically consist of an Amazon Web Servicesservice and a number, such as + // APIGateway.5. SecurityControlId *string // An object that includes security control parameter names and values. @@ -15555,8 +15558,9 @@ type FindingHistoryRecord struct { NextToken *string // Identifies the source of the event that changed the finding. For example, an - // integrated Amazon Web Service or third-party partner integration may call [BatchImportFindings] - // BatchImportFindings , or an Security Hub customer may call [BatchUpdateFindings]BatchUpdateFindings . + // integrated Amazon Web Servicesservice or third-party partner integration may + // call [BatchImportFindings]BatchImportFindings , or an Security Hub customer may call [BatchUpdateFindings] + // BatchUpdateFindings . // // [BatchUpdateFindings]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html // [BatchImportFindings]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html @@ -15623,8 +15627,8 @@ type FindingHistoryUpdateSource struct { Identity *string // Describes the type of finding change event, such as a call to [BatchImportFindings] - // BatchImportFindings (by an integrated Amazon Web Service or third party partner - // integration) or [BatchUpdateFindings]BatchUpdateFindings (by a Security Hub customer). + // BatchImportFindings (by an integrated Amazon Web Servicesservice or third party + // partner integration) or [BatchUpdateFindings]BatchUpdateFindings (by a Security Hub customer). // // [BatchUpdateFindings]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html // [BatchImportFindings]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html @@ -16766,7 +16770,7 @@ type Policy interface { isPolicy() } -// The Amazon Web Service that the configuration policy applies to. +// The Amazon Web Servicesservice that the configuration policy applies to. type PolicyMemberSecurityHub struct { Value SecurityHubPolicy @@ -17468,7 +17472,7 @@ type RouteSetDetails struct { // The IPv6 CIDR block used for the destination match. DestinationIpv6CidrBlock *string - // The prefix of the destination Amazon Web Service. + // The prefix of the destination Amazon Web Servicesservice. DestinationPrefixListId *string // The ID of the egress-only internet gateway. @@ -17815,8 +17819,8 @@ type SecurityControl struct { SecurityControlArn *string // The unique identifier of a security control across standards. Values for this - // field typically consist of an Amazon Web Service name and a number, such as - // APIGateway.3. + // field typically consist of an Amazon Web Servicesservice name and a number, such + // as APIGateway.3. // // This member is required. SecurityControlId *string @@ -17853,9 +17857,10 @@ type SecurityControl struct { Parameters map[string]ParameterConfiguration // Identifies whether customizable properties of a security control are reflected - // in Security Hub findings. A status of READY indicates findings include the - // current parameter values. A status of UPDATING indicates that all findings may - // not include the current parameter values. + // in Security Hub findings. A status of READY indicates that Security Hub uses + // the current control parameter values when running security checks of the + // control. A status of UPDATING indicates that all security checks might not use + // the current parameter values. UpdateStatus UpdateStatus noSmithyDocumentSerde @@ -17903,10 +17908,10 @@ type SecurityControlDefinition struct { RemediationUrl *string // The unique identifier of a security control across standards. Values for this - // field typically consist of an Amazon Web Service name and a number (for example, - // APIGateway.3). This parameter differs from SecurityControlArn , which is a - // unique Amazon Resource Name (ARN) assigned to a control. The ARN references the - // security control ID (for example, + // field typically consist of an Amazon Web Servicesservice name and a number (for + // example, APIGateway.3). This parameter differs from SecurityControlArn , which + // is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references + // the security control ID (for example, // arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3). // // This member is required. @@ -18283,8 +18288,8 @@ type StandardsControlAssociationDetail struct { SecurityControlArn *string // The unique identifier of a security control across standards. Values for this - // field typically consist of an Amazon Web Service name and a number, such as - // APIGateway.3. + // field typically consist of an Amazon Web Servicesservice name and a number, such + // as APIGateway.3. // // This member is required. SecurityControlId *string @@ -18362,8 +18367,8 @@ type StandardsControlAssociationSummary struct { SecurityControlArn *string // A unique standard-agnostic identifier for a control. Values for this field - // typically consist of an Amazon Web Service and a number, such as APIGateway.5. - // This field doesn't reference a specific standard. + // typically consist of an Amazon Web Servicesservice and a number, such as + // APIGateway.5. This field doesn't reference a specific standard. // // This member is required. SecurityControlId *string diff --git a/service/ses/api_op_SendBulkTemplatedEmail.go b/service/ses/api_op_SendBulkTemplatedEmail.go index 0af260cfb79..6ddb9ecb4df 100644 --- a/service/ses/api_op_SendBulkTemplatedEmail.go +++ b/service/ses/api_op_SendBulkTemplatedEmail.go @@ -66,6 +66,16 @@ func (c *Client) SendBulkTemplatedEmail(ctx context.Context, params *SendBulkTem // [Amazon SES Developer Guide]: https://docs.aws.amazon.com/ses/latest/dg/send-personalized-email-api.html type SendBulkTemplatedEmailInput struct { + // A list of replacement values to apply to the template when replacement data is + // not specified in a Destination object. These values act as a default or fallback + // option when no other data is available. + // + // The template data is a JSON object, typically consisting of key-value pairs in + // which the keys correspond to replacement tags in the email template. + // + // This member is required. + DefaultTemplateData *string + // One or more Destination objects. All of the recipients in a Destination receive // the same version of the email. You can specify up to 50 Destination objects // within a Destinations array. @@ -111,14 +121,6 @@ type SendBulkTemplatedEmailInput struct { // send to a destination using SendBulkTemplatedEmail . DefaultTags []types.MessageTag - // A list of replacement values to apply to the template when replacement data is - // not specified in a Destination object. These values act as a default or fallback - // option when no other data is available. - // - // The template data is a JSON object, typically consisting of key-value pairs in - // which the keys correspond to replacement tags in the email template. - DefaultTemplateData *string - // The reply-to email address(es) for the message. If the recipient replies to the // message, each reply-to address receives the reply. ReplyToAddresses []string diff --git a/service/ses/deserializers.go b/service/ses/deserializers.go index d2f74317a96..c2d9ccfac0b 100644 --- a/service/ses/deserializers.go +++ b/service/ses/deserializers.go @@ -13884,6 +13884,19 @@ func awsAwsquery_deserializeDocumentS3Action(v **types.S3Action, decoder smithyx sv.BucketName = ptr.String(xtv) } + case strings.EqualFold("IamRoleArn", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.IamRoleArn = ptr.String(xtv) + } + case strings.EqualFold("KmsKeyArn", t.Name.Local): val, err := decoder.Value() if err != nil { diff --git a/service/ses/serializers.go b/service/ses/serializers.go index 486f6ba78cf..14d4a54650d 100644 --- a/service/ses/serializers.go +++ b/service/ses/serializers.go @@ -5268,6 +5268,11 @@ func awsAwsquery_serializeDocumentS3Action(v *types.S3Action, value query.Value) objectKey.String(*v.BucketName) } + if v.IamRoleArn != nil { + objectKey := object.Key("IamRoleArn") + objectKey.String(*v.IamRoleArn) + } + if v.KmsKeyArn != nil { objectKey := object.Key("KmsKeyArn") objectKey.String(*v.KmsKeyArn) diff --git a/service/ses/types/types.go b/service/ses/types/types.go index 33c7a3b5783..6284d0b29e0 100644 --- a/service/ses/types/types.go +++ b/service/ses/types/types.go @@ -1093,25 +1093,44 @@ type S3Action struct { // This member is required. BucketName *string - // The customer master key that Amazon SES should use to encrypt your emails - // before saving them to the Amazon S3 bucket. You can use the default master key - // or a custom master key that you created in Amazon Web Services KMS as follows: + // The ARN of the IAM role to be used by Amazon Simple Email Service while + // writing to the Amazon S3 bucket, optionally encrypting your mail via the + // provided customer managed key, and publishing to the Amazon SNS topic. This role + // should have access to the following APIs: // - // - To use the default master key, provide an ARN in the form of + // - s3:PutObject , kms:Encrypt and kms:GenerateDataKey for the given Amazon S3 + // bucket. + // + // - kms:GenerateDataKey for the given Amazon Web Services KMS customer managed + // key. + // + // - sns:Publish for the given Amazon SNS topic. + // + // If an IAM role ARN is provided, the role (and only the role) is used to access + // all the given resources (Amazon S3 bucket, Amazon Web Services KMS customer + // managed key and Amazon SNS topic). Therefore, setting up individual resource + // access permissions is not required. + IamRoleArn *string + + // The customer managed key that Amazon SES should use to encrypt your emails + // before saving them to the Amazon S3 bucket. You can use the default managed key + // or a custom managed key that you created in Amazon Web Services KMS as follows: + // + // - To use the default managed key, provide an ARN in the form of // arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses . For example, if // your Amazon Web Services account ID is 123456789012 and you want to use the - // default master key in the US West (Oregon) Region, the ARN of the default master - // key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses . If you use the - // default master key, you don't need to perform any extra steps to give Amazon SES - // permission to use the key. + // default managed key in the US West (Oregon) Region, the ARN of the default + // master key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses . If you + // use the default managed key, you don't need to perform any extra steps to give + // Amazon SES permission to use the key. // - // - To use a custom master key that you created in Amazon Web Services KMS, - // provide the ARN of the master key and ensure that you add a statement to your + // - To use a custom managed key that you created in Amazon Web Services KMS, + // provide the ARN of the managed key and ensure that you add a statement to your // key's policy to give Amazon SES permission to use it. For more information about // giving permissions, see the [Amazon SES Developer Guide]. // // For more information about key policies, see the [Amazon Web Services KMS Developer Guide]. If you do not specify a - // master key, Amazon SES does not encrypt your emails. + // managed key, Amazon SES does not encrypt your emails. // // Your mail is encrypted by Amazon SES using the Amazon S3 encryption client // before the mail is submitted to Amazon S3 for storage. It is not encrypted using @@ -1120,7 +1139,7 @@ type S3Action struct { // the service has no access to use your Amazon Web Services KMS keys for // decryption. This encryption client is currently available with the [Amazon Web Services SDK for Java]and [Amazon Web Services SDK for Ruby] only. // For more information about client-side encryption using Amazon Web Services KMS - // master keys, see the [Amazon S3 Developer Guide]. + // managed keys, see the [Amazon S3 Developer Guide]. // // [Amazon Web Services KMS Developer Guide]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html // [Amazon Web Services SDK for Ruby]: http://aws.amazon.com/sdk-for-ruby/ diff --git a/service/ses/validators.go b/service/ses/validators.go index 304c046d942..0c8af08c790 100644 --- a/service/ses/validators.go +++ b/service/ses/validators.go @@ -2685,6 +2685,9 @@ func validateOpSendBulkTemplatedEmailInput(v *SendBulkTemplatedEmailInput) error if v.Template == nil { invalidParams.Add(smithy.NewErrParamRequired("Template")) } + if v.DefaultTemplateData == nil { + invalidParams.Add(smithy.NewErrParamRequired("DefaultTemplateData")) + } if v.Destinations == nil { invalidParams.Add(smithy.NewErrParamRequired("Destinations")) } else if v.Destinations != nil {