The status of the account gate function.
\n\n SUCCEEDED: The account gate function has determined that the account and Region passes any\n requirements for a stack set operation to occur. CloudFormation proceeds with the stack operation in that\n account and Region.
\n FAILED: The account gate function has determined that the account and Region doesn't meet the\n requirements for a stack set operation to occur. CloudFormation cancels the stack set operation in that account\n and Region, and sets the stack set operation result status for that account and Region to\n FAILED.
\n SKIPPED: CloudFormation has skipped calling the account gate function for this account and\n Region, for one of the following reasons:
An account gate function hasn't been specified for the account and Region. CloudFormation proceeds with\n the stack set operation in this account and Region.
\nThe AWSCloudFormationStackSetExecutionRole of the stack set administration account lacks\n permissions to invoke the function. CloudFormation proceeds with the stack set operation in this account\n and Region.
Either no action is necessary, or no action is possible, on the stack. CloudFormation skips the stack\n set operation in this account and Region.
\nThe status of the account gate function.
\n\n SUCCEEDED: The account gate function has determined that the account and\n Region passes any requirements for a stack set operation to occur. CloudFormation\n proceeds with the stack operation in that account and Region.
\n FAILED: The account gate function has determined that the account and Region\n doesn't meet the requirements for a stack set operation to occur. CloudFormation cancels\n the stack set operation in that account and Region, and sets the stack set operation result\n status for that account and Region to FAILED.
\n SKIPPED: CloudFormation has skipped calling the account gate function for\n this account and Region, for one of the following reasons:
An account gate function hasn't been specified for the account and Region. CloudFormation proceeds with the stack set operation in this account and Region.
\nThe AWSCloudFormationStackSetExecutionRole of the stack set administration\n account lacks permissions to invoke the function. CloudFormation proceeds with the\n stack set operation in this account and Region.
Either no action is necessary, or no action is possible, on the stack. CloudFormation skips the stack set operation in this account and Region.
\nThe reason for the account gate status assigned to this account and Region for the stack set operation.
" + "smithy.api#documentation": "The reason for the account gate status assigned to this account and Region for the stack set\n operation.
" } } }, "traits": { - "smithy.api#documentation": "Structure that contains the results of the account gate function which CloudFormation invokes, if present,\n before proceeding with a stack set operation in an account and Region.
\nFor each account and Region, CloudFormation lets you specify a Lambda function that encapsulates\n any requirements that must be met before CloudFormation can proceed with a stack set operation in that\n account and Region. CloudFormation invokes the function each time a stack set operation is requested for\n that account and Region; if the function returns FAILED, CloudFormation cancels the operation\n in that account and Region, and sets the stack set operation result status for that account and Region to\n FAILED.
For more information, see Configuring a target account\n gate.
" + "smithy.api#documentation": "Structure that contains the results of the account gate function which CloudFormation\n invokes, if present, before proceeding with a stack set operation in an account and\n Region.
\nFor each account and Region, CloudFormation lets you specify a Lambda\n function that encapsulates any requirements that must be met before CloudFormation can\n proceed with a stack set operation in that account and Region. CloudFormation invokes\n the function each time a stack set operation is requested for that account and Region; if the\n function returns FAILED, CloudFormation cancels the operation in that\n account and Region, and sets the stack set operation result status for that account and Region to\n FAILED.
For more information, see Configuring a target\n account gate.
" } }, "com.amazonaws.cloudformation#AccountGateStatus": { @@ -327,18 +327,18 @@ "Enabled": { "target": "com.amazonaws.cloudformation#AutoDeploymentNullable", "traits": { - "smithy.api#documentation": "If set to true, StackSets automatically deploys additional stack instances to Organizations\n accounts that are added to a target organization or organizational unit (OU) in the specified Regions. If an account\n is removed from a target organization or OU, StackSets deletes stack instances from the account in the specified\n Regions.
If set to true, StackSets automatically deploys additional stack instances to\n Organizations accounts that are added to a target organization or organizational unit\n (OU) in the specified Regions. If an account is removed from a target organization or OU,\n StackSets deletes stack instances from the account in the specified Regions.
If set to true, stack resources are retained when an account is removed from a target organization\n or OU. If set to false, stack resources are deleted. Specify only if Enabled is set to\n True.
If set to true, stack resources are retained when an account is removed from a\n target organization or OU. If set to false, stack resources are deleted. Specify\n only if Enabled is set to True.
[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations\n accounts that are added to a target organization or organizational unit (OU).
" + "smithy.api#documentation": "[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit\n (OU).
" } }, "com.amazonaws.cloudformation#AutoDeploymentNullable": { @@ -2301,12 +2301,40 @@ "expect": { "error": "Invalid Configuration: Missing Region" } + }, + { + "documentation": "Partition doesn't support DualStack", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } } ], "version": "1.0" } } }, + "com.amazonaws.cloudformation#ConcurrencyMode": { + "type": "enum", + "members": { + "STRICT_FAILURE_TOLERANCE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "STRICT_FAILURE_TOLERANCE" + } + }, + "SOFT_FAILURE_TOLERANCE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SOFT_FAILURE_TOLERANCE" + } + } + } + }, "com.amazonaws.cloudformation#ConfigurationSchema": { "type": "string", "traits": { @@ -2448,13 +2476,13 @@ "Capabilities": { "target": "com.amazonaws.cloudformation#Capabilities", "traits": { - "smithy.api#documentation": "In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order\n for CloudFormation to create the stack.
\n\n CAPABILITY_IAM and CAPABILITY_NAMED_IAM\n
Some stack templates might include resources that can affect permissions in your Amazon Web Services account;\n for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must\n explicitly acknowledge this by specifying one of these capabilities.
\nThe following IAM resources require you to specify either the CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
\nIf you have IAM resources with custom names, you must specify\n CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an\n InsufficientCapabilities error.
If your stack template contains these resources, we suggest that you review all permissions associated with\n them and edit their permissions if necessary.
\n\n \n AWS::IAM::Group\n
\n\n \n AWS::IAM::Policy\n
\n\n \n AWS::IAM::Role\n
\n\n \n AWS::IAM::User\n
\nFor more information, see Acknowledging IAM\n resources in CloudFormation templates.
\n\n CAPABILITY_AUTO_EXPAND\n
Some template contain macros. Macros perform custom processing on templates; this can include simple actions\n like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this,\n users typically create a change set from the processed template, so that they can review the changes resulting from\n the macros before actually creating the stack. If your stack template contains one or more macros, and you choose\n to create a stack directly from the processed template, without first reviewing the resulting changes in a change\n set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which\n are macros hosted by CloudFormation.
\nThis capacity doesn't apply to creating change sets, and specifying it when creating change sets has no\n effect.
\nIf you want to create a stack from a stack template that contains macros and nested\n stacks, you must create or update the stack directly from the template using the CreateStack or\n UpdateStack action, and specifying this capability.
\nFor more information about macros, see Using CloudFormation macros to perform custom\n processing on templates.
\nIn some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order\n for CloudFormation to create the stack.
\n\n CAPABILITY_IAM and CAPABILITY_NAMED_IAM\n
Some stack templates might include resources that can affect permissions in your Amazon Web Services account;\n for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must\n explicitly acknowledge this by specifying one of these capabilities.
\nThe following IAM resources require you to specify either the CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
\nIf you have IAM resources with custom names, you must specify\n CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an\n InsufficientCapabilities error.
If your stack template contains these resources, we suggest that you review all permissions associated with\n them and edit their permissions if necessary.
\n\n \n AWS::IAM::Group\n
\n\n \n AWS::IAM::Policy\n
\n\n \n AWS::IAM::Role\n
\n\n \n AWS::IAM::User\n
\nFor more information, see Acknowledging IAM\n resources in CloudFormation templates.
\n\n CAPABILITY_AUTO_EXPAND\n
Some template contain macros. Macros perform custom processing on templates; this can include simple actions\n like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this,\n users typically create a change set from the processed template, so that they can review the changes resulting from\n the macros before actually creating the stack. If your stack template contains one or more macros, and you choose\n to create a stack directly from the processed template, without first reviewing the resulting changes in a change\n set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which\n are macros hosted by CloudFormation.
\nThis capacity doesn't apply to creating change sets, and specifying it when creating change sets has no\n effect.
\nIf you want to create a stack from a stack template that contains macros and nested\n stacks, you must create or update the stack directly from the template using the CreateStack or\n UpdateStack action, and specifying this capability.
\nFor more information about macros, see Using CloudFormation macros to perform custom\n processing on templates.
\nOnly one of the Capabilities and ResourceType parameters can be specified.
The template resource types that you have permissions to work with if you execute this change set, such as\n AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By\n default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM)\n uses this parameter for condition keys in IAM policies for CloudFormation. For more information,\n see Controlling access\n with Identity and Access Management in the CloudFormation User Guide.
" + "smithy.api#documentation": "The template resource types that you have permissions to work with if you execute this change set, such as\n AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By\n default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM)\n uses this parameter for condition keys in IAM policies for CloudFormation. For more information,\n see Controlling access\n with Identity and Access Management in the CloudFormation User Guide.
\nOnly one of the Capabilities and ResourceType parameters can be specified.
In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order\n for CloudFormation to create the stack.
\n\n CAPABILITY_IAM and CAPABILITY_NAMED_IAM\n
Some stack templates might include resources that can affect permissions in your Amazon Web Services account;\n for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must\n explicitly acknowledge this by specifying one of these capabilities.
\nThe following IAM resources require you to specify either the CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
\nIf you have IAM resources with custom names, you must specify\n CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an\n InsufficientCapabilities error.
If your stack template contains these resources, we recommend that you review all permissions associated with\n them and edit their permissions if necessary.
\n\n \n AWS::IAM::Group\n
\n\n \n AWS::IAM::Policy\n
\n\n \n AWS::IAM::Role\n
\n\n \n AWS::IAM::User\n
\nFor more information, see Acknowledging IAM\n Resources in CloudFormation Templates.
\n\n CAPABILITY_AUTO_EXPAND\n
Some template contain macros. Macros perform custom processing on templates; this can include simple actions\n like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this,\n users typically create a change set from the processed template, so that they can review the changes resulting from\n the macros before actually creating the stack. If your stack template contains one or more macros, and you choose\n to create a stack directly from the processed template, without first reviewing the resulting changes in a change\n set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which\n are macros hosted by CloudFormation.
\nIf you want to create a stack from a stack template that contains macros and nested\n stacks, you must create the stack directly from the template using this capability.
\nYou should only create stacks directly from a stack template that contains macros if you know what processing\n the macro performs.
\nEach macro relies on an underlying Lambda service function for processing stack templates. Be\n aware that the Lambda function owner can update the function operation without CloudFormation being\n notified.
\nFor more information, see Using CloudFormation macros to perform custom\n processing on templates.
\nIn some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order\n for CloudFormation to create the stack.
\n\n CAPABILITY_IAM and CAPABILITY_NAMED_IAM\n
Some stack templates might include resources that can affect permissions in your Amazon Web Services account;\n for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must\n explicitly acknowledge this by specifying one of these capabilities.
\nThe following IAM resources require you to specify either the CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
\nIf you have IAM resources with custom names, you must specify\n CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an\n InsufficientCapabilities error.
If your stack template contains these resources, we recommend that you review all permissions associated with\n them and edit their permissions if necessary.
\n\n \n AWS::IAM::Group\n
\n\n \n AWS::IAM::Policy\n
\n\n \n AWS::IAM::Role\n
\n\n \n AWS::IAM::User\n
\nFor more information, see Acknowledging IAM\n Resources in CloudFormation Templates.
\n\n CAPABILITY_AUTO_EXPAND\n
Some template contain macros. Macros perform custom processing on templates; this can include simple actions\n like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this,\n users typically create a change set from the processed template, so that they can review the changes resulting from\n the macros before actually creating the stack. If your stack template contains one or more macros, and you choose\n to create a stack directly from the processed template, without first reviewing the resulting changes in a change\n set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which\n are macros hosted by CloudFormation.
\nIf you want to create a stack from a stack template that contains macros and nested\n stacks, you must create the stack directly from the template using this capability.
\nYou should only create stacks directly from a stack template that contains macros if you know what processing\n the macro performs.
\nEach macro relies on an underlying Lambda service function for processing stack templates. Be\n aware that the Lambda function owner can update the function operation without CloudFormation being\n notified.
\nFor more information, see Using CloudFormation macros to perform custom\n processing on templates.
\nOnly one of the Capabilities and ResourceType parameters can be specified.
The template resource types that you have permissions to work with for this create stack action, such as\n AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance. Use the\n following syntax to describe template resource types: AWS::* (for all Amazon Web Services resources),\n Custom::* (for all custom resources), Custom::logical_ID\n (for a specific custom resource), AWS::service_name::* (for all resources\n of a particular Amazon Web Services service), and\n AWS::service_name::resource_logical_ID\n (for a specific Amazon Web Services resource).
If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By\n default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM)\n uses this parameter for CloudFormation-specific condition keys in IAM policies. For more\n information, see Controlling Access with Identity and Access Management.
" + "smithy.api#documentation": "The template resource types that you have permissions to work with for this create stack action, such as\n AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance. Use the\n following syntax to describe template resource types: AWS::* (for all Amazon Web Services resources),\n Custom::* (for all custom resources), Custom::logical_ID\n (for a specific custom resource), AWS::service_name::* (for all resources\n of a particular Amazon Web Services service), and\n AWS::service_name::resource_logical_ID\n (for a specific Amazon Web Services resource).
If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By\n default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM)\n uses this parameter for CloudFormation-specific condition keys in IAM policies. For more\n information, see Controlling Access with Identity and Access Management.
\nOnly one of the Capabilities and ResourceType parameters can be specified.
The names of one or more Amazon Web Services accounts for which you want to deploy stack set updates.
" + "smithy.api#documentation": "The names of one or more Amazon Web Services accounts for which you want to deploy stack set\n updates.
" } }, "AccountsUrl": { @@ -3347,12 +3375,12 @@ "AccountFilterType": { "target": "com.amazonaws.cloudformation#AccountFilterType", "traits": { - "smithy.api#documentation": "Limit deployment targets to individual accounts or include additional accounts with provided OUs.
\nThe following is a list of possible values for the AccountFilterType operation.
\n INTERSECTION: StackSets deploys to the accounts specified in Accounts parameter.\n
\n DIFFERENCE: StackSets excludes the accounts specified in Accounts parameter. This\n enables user to avoid certain accounts within an OU such as suspended accounts.
\n UNION: StackSets includes additional accounts deployment targets.
This is the default value if AccountFilterType is not provided. This enables user to update an\n entire OU and individual accounts from a different OU in one request, which used to be two separate\n requests.
\n NONE: Deploys to all the accounts in specified organizational units (OU).
Limit deployment targets to individual accounts or include additional accounts with provided\n OUs.
\nThe following is a list of possible values for the AccountFilterType\n operation.
\n INTERSECTION: StackSets deploys to the accounts specified in\n Accounts parameter.
\n DIFFERENCE: StackSets excludes the accounts specified in\n Accounts parameter. This enables user to avoid certain accounts within an OU such\n as suspended accounts.
\n UNION: StackSets includes additional accounts deployment targets.
This is the default value if AccountFilterType is not provided. This enables\n user to update an entire OU and individual accounts from a different OU in one request, which\n used to be two separate requests.
\n NONE: Deploys to all the accounts in specified organizational units\n (OU).
[Service-managed permissions] The Organizations accounts to which StackSets deploys. StackSets doesn't\n deploy stack instances to the organization management account, even if the organization management account is in your organization or in an OU in your organization.
\nFor update operations, you can specify either Accounts or OrganizationalUnitIds. For\n create and delete operations, specify OrganizationalUnitIds.
[Service-managed permissions] The Organizations accounts to which StackSets deploys.\n StackSets doesn't deploy stack instances to the organization management account, even\n if the organization management account is in your organization or in an OU in your\n organization.
\nFor update operations, you can specify either Accounts or\n OrganizationalUnitIds. For create and delete operations, specify\n OrganizationalUnitIds.
Returns the description for the specified stack; if no stack name was specified, then it returns the description\n for all the stacks created.
\nIf the stack doesn't exist, an ValidationError is returned.
Returns the description for the specified stack; if no stack name was specified, then it returns the description\n for all the stacks created.
\nIf the stack doesn't exist, a ValidationError is returned.
When true, StackSets performs non-conflicting operations concurrently and queues conflicting\n operations. After conflicting operations finish, StackSets starts queued operations in request order.
If there are already running or queued operations, StackSets queues all incoming operations even if they are\n non-conflicting.
\nYou can't modify your stack set's execution configuration while there are running or queued operations for that\n stack set.
\nWhen false (default), StackSets performs one operation at a time in request order.
When true, StackSets performs non-conflicting operations concurrently and\n queues conflicting operations. After conflicting operations finish, StackSets starts queued\n operations in request order.
If there are already running or queued operations, StackSets queues all incoming operations\n even if they are non-conflicting.
\nYou can't modify your stack set's execution configuration while there are running or queued\n operations for that stack set.
\nWhen false (default), StackSets performs one operation at a time in request\n order.
Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting\n operations.
" + "smithy.api#documentation": "Describes whether StackSets performs non-conflicting operations concurrently and queues\n conflicting operations.
" } }, "com.amazonaws.cloudformation#ManagedExecutionNullable": { @@ -8494,7 +8522,7 @@ "ExecutionRoleArn": { "target": "com.amazonaws.cloudformation#RoleARN2", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role for CloudFormation to assume when\n invoking the extension.
\nFor CloudFormation to assume the specified execution role, the role must contain a trust relationship\n with the CloudFormation service principle (resources.cloudformation.amazonaws.com). For more\n information about adding trust relationships, see Modifying a\n role trust policy in the Identity and Access Management User Guide.
If your extension calls Amazon Web Services APIs in any of its handlers, you must create an \n IAM execution role\n \n that includes the necessary permissions to call those Amazon Web Services APIs, and provision that execution role in\n your account. When CloudFormation needs to invoke the resource type handler, CloudFormation assumes this\n execution role to create a temporary session token, which it then passes to the resource type handler, thereby\n supplying your resource type with the appropriate credentials.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role for CloudFormation to assume when\n invoking the extension.
\nFor CloudFormation to assume the specified execution role, the role must contain a trust relationship\n with the CloudFormation service principal (resources.cloudformation.amazonaws.com). For more\n information about adding trust relationships, see Modifying a\n role trust policy in the Identity and Access Management User Guide.
If your extension calls Amazon Web Services APIs in any of its handlers, you must create an \n IAM execution role\n \n that includes the necessary permissions to call those Amazon Web Services APIs, and provision that execution role in\n your account. When CloudFormation needs to invoke the resource type handler, CloudFormation assumes this\n execution role to create a temporary session token, which it then passes to the resource type handler, thereby\n supplying your resource type with the appropriate credentials.
" } }, "ClientRequestToken": { @@ -9997,7 +10025,7 @@ "Account": { "target": "com.amazonaws.cloudformation#Account", "traits": { - "smithy.api#documentation": "[Self-managed permissions] The name of the Amazon Web Services account that the stack instance is associated\n with.
" + "smithy.api#documentation": "[Self-managed permissions] The name of the Amazon Web Services account that the stack\n instance is associated with.
" } }, "StackId": { @@ -10009,13 +10037,13 @@ "ParameterOverrides": { "target": "com.amazonaws.cloudformation#Parameters", "traits": { - "smithy.api#documentation": "A list of parameters from the stack set template whose values have been overridden in this stack\n instance.
" + "smithy.api#documentation": "A list of parameters from the stack set template whose values have been overridden in this\n stack instance.
" } }, "Status": { "target": "com.amazonaws.cloudformation#StackInstanceStatus", "traits": { - "smithy.api#documentation": "The status of the stack instance, in terms of its synchronization with its associated stack set.
\n\n INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an\n unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might\n need to perform a DeleteStackInstances operation, with RetainStacks set to\n true, to delete the stack instance, and then delete the stack manually.
\n OUTDATED: The stack isn't currently up to date with the stack set because:
The associated stack failed during a CreateStackSet or UpdateStackSet\n operation.
The stack was part of a CreateStackSet or UpdateStackSet operation that failed or\n was stopped before the stack was created or updated.
\n CURRENT: The stack is currently up to date with the stack set.
The status of the stack instance, in terms of its synchronization with its associated stack\n set.
\n\n INOPERABLE: A DeleteStackInstances operation has failed and left\n the stack in an unstable state. Stacks in this state are excluded from further\n UpdateStackSet operations. You might need to perform a\n DeleteStackInstances operation, with RetainStacks set to\n true, to delete the stack instance, and then delete the stack manually.
\n OUTDATED: The stack isn't currently up to date with the stack set\n because:
The associated stack failed during a CreateStackSet or\n UpdateStackSet operation.
The stack was part of a CreateStackSet or UpdateStackSet\n operation that failed or was stopped before the stack was created or updated.
\n CURRENT: The stack is currently up to date with the stack set.
[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that you specified for\n DeploymentTargets.
" + "smithy.api#documentation": "[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that\n you specified for DeploymentTargets.
" } }, "DriftStatus": { "target": "com.amazonaws.cloudformation#StackDriftStatus", "traits": { - "smithy.api#documentation": "Status of the stack instance's actual configuration compared to the expected template and parameter\n configuration of the stack set to which it belongs.
\n\n DRIFTED: The stack differs from the expected template and parameter configuration of the stack\n set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the\n associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected stack set\n configuration.
\n IN_SYNC: The stack instance's actual configuration matches its expected stack set\n configuration.
\n UNKNOWN: This value is reserved for future use.
Status of the stack instance's actual configuration compared to the expected template and\n parameter configuration of the stack set to which it belongs.
\n\n DRIFTED: The stack differs from the expected template and parameter\n configuration of the stack set to which it belongs. A stack instance is considered to have\n drifted if one or more of the resources in the associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its\n expected stack set configuration.
\n IN_SYNC: The stack instance's actual configuration matches its expected stack\n set configuration.
\n UNKNOWN: This value is reserved for future use.
Most recent time when CloudFormation performed a drift detection operation on the stack instance. This\n value will be NULL for any stack instance on which drift detection hasn't yet been performed.
Most recent time when CloudFormation performed a drift detection operation on the\n stack instance. This value will be NULL for any stack instance on which drift\n detection hasn't yet been performed.
An CloudFormation stack, in a specific account and Region, that's part of a stack set operation. A stack\n instance is a reference to an attempted or actual stack in a given account within a given Region. A stack instance\n can exist without a stack—for example, if the stack couldn't be created for some reason. A stack instance is\n associated with only one stack set. Each stack instance contains the ID of its associated stack set, in addition to\n the ID of the actual stack and the stack status.
" + "smithy.api#documentation": "An CloudFormation stack, in a specific account and Region, that's part of a stack set\n operation. A stack instance is a reference to an attempted or actual stack in a given account\n within a given Region. A stack instance can exist without a stack—for example, if the stack\n couldn't be created for some reason. A stack instance is associated with only one stack set. Each\n stack instance contains the ID of its associated stack set, in addition to the ID of the actual\n stack and the stack status.
" } }, "com.amazonaws.cloudformation#StackInstanceComprehensiveStatus": { @@ -10065,7 +10093,7 @@ "DetailedStatus": { "target": "com.amazonaws.cloudformation#StackInstanceDetailedStatus", "traits": { - "smithy.api#documentation": "\n CANCELLED: The operation in the specified account and Region has been canceled. This is either\n because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has\n been exceeded.
\n FAILED: The operation in the specified account and Region failed. If the stack set operation\n fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be\n exceeded.
\n INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an\n unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might\n need to perform a DeleteStackInstances operation, with RetainStacks set to\n true, to delete the stack instance, and then delete the stack manually.
\n PENDING: The operation in the specified account and Region has yet to start.
\n RUNNING: The operation in the specified account and Region is currently in progress.
\n SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region has been skipped\n because the account was suspended at the time of the operation.
\n SUCCEEDED: The operation in the specified account and Region completed successfully.
\n CANCELLED: The operation in the specified account and Region has been\n canceled. This is either because a user has stopped the stack set operation, or because the\n failure tolerance of the stack set operation has been exceeded.
\n FAILED: The operation in the specified account and Region failed. If the\n stack set operation fails in enough accounts within a Region, the failure tolerance for the\n stack set operation as a whole might be exceeded.
\n INOPERABLE: A DeleteStackInstances operation has failed and left\n the stack in an unstable state. Stacks in this state are excluded from further\n UpdateStackSet operations. You might need to perform a\n DeleteStackInstances operation, with RetainStacks set to\n true, to delete the stack instance, and then delete the stack manually.
\n PENDING: The operation in the specified account and Region has yet to\n start.
\n RUNNING: The operation in the specified account and Region is currently in\n progress.
\n SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region\n has been skipped because the account was suspended at the time of the operation.
\n SUCCEEDED: The operation in the specified account and Region completed\n successfully.
Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses\n context key-value pairs in cases where a resource's logical and physical IDs aren't enough\n to uniquely identify that resource. Each context key-value pair specifies a unique resource\n that contains the targeted resource.
" + "smithy.api#documentation": "Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context\n key-value pairs in cases where a resource's logical and physical IDs aren't enough to uniquely\n identify that resource. Each context key-value pair specifies a unique resource that contains the\n targeted resource.
" } }, "ResourceType": { "target": "com.amazonaws.cloudformation#ResourceType", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "Type of resource. For more information, go to Amazon Web Services Resource Types Reference in the CloudFormation User\n Guide.
", + "smithy.api#documentation": "Type of resource. For more information, go to Amazon Web Services\n Resource Types Reference in the CloudFormation User Guide.
", "smithy.api#required": {} } }, "PropertyDifferences": { "target": "com.amazonaws.cloudformation#PropertyDifferences", "traits": { - "smithy.api#documentation": "Status of the actual configuration of the resource compared to its expected\n configuration. These will be present only for resources whose\n StackInstanceResourceDriftStatus is MODIFIED.
Status of the actual configuration of the resource compared to its expected configuration.\n These will be present only for resources whose StackInstanceResourceDriftStatus is\n MODIFIED.
The drift status of the resource in a stack instance.
\n\n DELETED: The resource differs from its expected template\n configuration in that the resource has been deleted.
\n MODIFIED: One or more resource properties differ from their expected\n template values.
\n IN_SYNC: The resource's actual configuration matches its expected\n template configuration.
\n NOT_CHECKED: CloudFormation doesn't currently return this value.
The drift status of the resource in a stack instance.
\n\n DELETED: The resource differs from its expected template configuration in\n that the resource has been deleted.
\n MODIFIED: One or more resource properties differ from their expected template\n values.
\n IN_SYNC: The resource's actual configuration matches its expected template\n configuration.
\n NOT_CHECKED: CloudFormation doesn't currently return this value.
[Self-managed permissions] The name of the Amazon Web Services account that the stack instance is associated\n with.
" + "smithy.api#documentation": "[Self-managed permissions] The name of the Amazon Web Services account that the stack\n instance is associated with.
" } }, "StackId": { @@ -10333,7 +10361,7 @@ "Status": { "target": "com.amazonaws.cloudformation#StackInstanceStatus", "traits": { - "smithy.api#documentation": "The status of the stack instance, in terms of its synchronization with its associated stack set.
\n\n INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an\n unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might\n need to perform a DeleteStackInstances operation, with RetainStacks set to\n true, to delete the stack instance, and then delete the stack manually.
\n OUTDATED: The stack isn't currently up to date with the stack set because:
The associated stack failed during a CreateStackSet or UpdateStackSet\n operation.
The stack was part of a CreateStackSet or UpdateStackSet operation that failed or\n was stopped before the stack was created or updated.
\n CURRENT: The stack is currently up to date with the stack set.
The status of the stack instance, in terms of its synchronization with its associated stack\n set.
\n\n INOPERABLE: A DeleteStackInstances operation has failed and left\n the stack in an unstable state. Stacks in this state are excluded from further\n UpdateStackSet operations. You might need to perform a\n DeleteStackInstances operation, with RetainStacks set to\n true, to delete the stack instance, and then delete the stack manually.
\n OUTDATED: The stack isn't currently up to date with the stack set\n because:
The associated stack failed during a CreateStackSet or\n UpdateStackSet operation.
The stack was part of a CreateStackSet or UpdateStackSet\n operation that failed or was stopped before the stack was created or updated.
\n CURRENT: The stack is currently up to date with the stack set.
[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that you specified for\n DeploymentTargets.
" + "smithy.api#documentation": "[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that\n you specified for DeploymentTargets.
" } }, "DriftStatus": { "target": "com.amazonaws.cloudformation#StackDriftStatus", "traits": { - "smithy.api#documentation": "Status of the stack instance's actual configuration compared to the expected template and parameter\n configuration of the stack set to which it belongs.
\n\n DRIFTED: The stack differs from the expected template and parameter configuration of the stack\n set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the\n associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected stack set\n configuration.
\n IN_SYNC: The stack instance's actual configuration matches its expected stack set\n configuration.
\n UNKNOWN: This value is reserved for future use.
Status of the stack instance's actual configuration compared to the expected template and\n parameter configuration of the stack set to which it belongs.
\n\n DRIFTED: The stack differs from the expected template and parameter\n configuration of the stack set to which it belongs. A stack instance is considered to have\n drifted if one or more of the resources in the associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its\n expected stack set configuration.
\n IN_SYNC: The stack instance's actual configuration matches its expected stack\n set configuration.
\n UNKNOWN: This value is reserved for future use.
Most recent time when CloudFormation performed a drift detection operation on the stack instance. This\n value will be NULL for any stack instance on which drift detection hasn't yet been performed.
Most recent time when CloudFormation performed a drift detection operation on the\n stack instance. This value will be NULL for any stack instance on which drift\n detection hasn't yet been performed.
A description of the stack set that you specify when the stack set is created or updated.
" + "smithy.api#documentation": "A description of the stack set that you specify when the stack set is created or\n updated.
" } }, "Status": { @@ -10893,7 +10921,7 @@ "TemplateBody": { "target": "com.amazonaws.cloudformation#TemplateBody", "traits": { - "smithy.api#documentation": "The structure that contains the body of the template that was used to create or update the stack set.
" + "smithy.api#documentation": "The structure that contains the body of the template that was used to create or update the\n stack set.
" } }, "Parameters": { @@ -10905,13 +10933,13 @@ "Capabilities": { "target": "com.amazonaws.cloudformation#Capabilities", "traits": { - "smithy.api#documentation": "The capabilities that are allowed in the stack set. Some stack set templates might include resources that can\n affect permissions in your Amazon Web Services account—for example, by creating new Identity and Access Management (IAM) users. For more information, see Acknowledging IAM\n Resources in CloudFormation Templates.\n
" + "smithy.api#documentation": "The capabilities that are allowed in the stack set. Some stack set templates might include\n resources that can affect permissions in your Amazon Web Services account—for example, by creating\n new Identity and Access Management (IAM) users. For more information, see Acknowledging\n IAM Resources in CloudFormation Templates.\n
" } }, "Tags": { "target": "com.amazonaws.cloudformation#Tags", "traits": { - "smithy.api#documentation": "A list of tags that specify information about the stack set. A maximum number of 50 tags can be\n specified.
" + "smithy.api#documentation": "A list of tags that specify information about the stack set. A maximum number of 50 tags can\n be specified.
" } }, "StackSetARN": { @@ -10923,54 +10951,54 @@ "AdministrationRoleARN": { "target": "com.amazonaws.cloudformation#RoleARN", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role used to create or update the stack set.
\nUse customized administrator roles to control which users or groups can manage specific stack sets within the\n same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations\n in the CloudFormation User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role used to create or update the\n stack set.
\nUse customized administrator roles to control which users or groups can manage specific\n stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the\n CloudFormation User Guide.
" } }, "ExecutionRoleName": { "target": "com.amazonaws.cloudformation#ExecutionRoleName", "traits": { - "smithy.api#documentation": "The name of the IAM execution role used to create or update the stack set.
\nUse customized execution roles to control which stack resources users and groups can include in their stack\n sets.
" + "smithy.api#documentation": "The name of the IAM execution role used to create or update the stack\n set.
\nUse customized execution roles to control which stack resources users and groups can include\n in their stack sets.
" } }, "StackSetDriftDetectionDetails": { "target": "com.amazonaws.cloudformation#StackSetDriftDetectionDetails", "traits": { - "smithy.api#documentation": "Detailed information about the drift status of the stack set.
\nFor stack sets, contains information about the last completed drift operation performed on\n the stack set. Information about drift operations currently in progress isn't included.
" + "smithy.api#documentation": "Detailed information about the drift status of the stack set.
\nFor stack sets, contains information about the last completed drift\n operation performed on the stack set. Information about drift operations currently in progress\n isn't included.
" } }, "AutoDeployment": { "target": "com.amazonaws.cloudformation#AutoDeployment", "traits": { - "smithy.api#documentation": "[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations\n accounts that are added to a target organization or organizational unit (OU).
" + "smithy.api#documentation": "[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit\n (OU).
" } }, "PermissionModel": { "target": "com.amazonaws.cloudformation#PermissionModels", "traits": { - "smithy.api#documentation": "Describes how the IAM roles required for stack set operations are created.
\nWith self-managed permissions, you must create the administrator and execution roles required to\n deploy to target accounts. For more information, see Grant Self-Managed Stack Set\n Permissions.
With service-managed permissions, StackSets automatically creates the IAM roles\n required to deploy to accounts managed by Organizations. For more information, see Grant\n Service-Managed Stack Set Permissions.
Describes how the IAM roles required for stack set operations are\n created.
\nWith self-managed permissions, you must create the administrator and\n execution roles required to deploy to target accounts. For more information, see Grant\n Self-Managed Stack Set Permissions.
With service-managed permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by Organizations. For more\n information, see Grant\n Service-Managed Stack Set Permissions.
[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that you specified for\n DeploymentTargets.
" + "smithy.api#documentation": "[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that\n you specified for DeploymentTargets.
" } }, "ManagedExecution": { "target": "com.amazonaws.cloudformation#ManagedExecution", "traits": { - "smithy.api#documentation": "Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting\n operations.
" + "smithy.api#documentation": "Describes whether StackSets performs non-conflicting operations concurrently and queues\n conflicting operations.
" } }, "Regions": { "target": "com.amazonaws.cloudformation#RegionList", "traits": { - "smithy.api#documentation": "Returns a list of all Amazon Web Services Regions the given StackSet has stack instances deployed in. The Amazon Web Services Regions list output is in no particular order.
" + "smithy.api#documentation": "Returns a list of all Amazon Web Services Regions the given StackSet has stack instances\n deployed in. The Amazon Web Services Regions list output is in no particular order.
" } } }, "traits": { - "smithy.api#documentation": "A structure that contains information about a stack set. A stack set enables you to provision stacks into\n Amazon Web Services accounts and across Regions by using a single CloudFormation template. In the stack set,\n you specify the template to use, in addition to any parameters and capabilities that the template requires.
" + "smithy.api#documentation": "A structure that contains information about a stack set. A stack set enables you to\n provision stacks into Amazon Web Services accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, in addition to any\n parameters and capabilities that the template requires.
" } }, "com.amazonaws.cloudformation#StackSetARN": { @@ -10982,19 +11010,19 @@ "DriftStatus": { "target": "com.amazonaws.cloudformation#StackSetDriftStatus", "traits": { - "smithy.api#documentation": "Status of the stack set's actual configuration compared to its expected template and parameter configuration. A\n stack set is considered to have drifted if one or more of its stack instances have drifted from their expected\n template and parameter configuration.
\n\n DRIFTED: One or more of the stack instances belonging to the stack set stack differs from the\n expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the\n resources in the associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked the stack set for drift.
\n IN_SYNC: All of the stack instances belonging to the stack set stack match from the expected\n template and parameter configuration.
Status of the stack set's actual configuration compared to its expected template and\n parameter configuration. A stack set is considered to have drifted if one or more of its stack\n instances have drifted from their expected template and parameter configuration.
\n\n DRIFTED: One or more of the stack instances belonging to the stack set stack\n differs from the expected template and parameter configuration. A stack instance is considered\n to have drifted if one or more of the resources in the associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked the stack set for drift.
\n IN_SYNC: All of the stack instances belonging to the stack set stack match\n from the expected template and parameter configuration.
The status of the stack set drift detection operation.
\n\n COMPLETED: The drift detection operation completed without failing on any stack instances.
\n FAILED: The drift detection operation exceeded the specified failure tolerance.
\n PARTIAL_SUCCESS: The drift detection operation completed without exceeding the failure tolerance\n for the operation.
\n IN_PROGRESS: The drift detection operation is currently being performed.
\n STOPPED: The user has canceled the drift detection operation.
The status of the stack set drift detection operation.
\n\n COMPLETED: The drift detection operation completed without failing on any\n stack instances.
\n FAILED: The drift detection operation exceeded the specified failure\n tolerance.
\n PARTIAL_SUCCESS: The drift detection operation completed without exceeding\n the failure tolerance for the operation.
\n IN_PROGRESS: The drift detection operation is currently being\n performed.
\n STOPPED: The user has canceled the drift detection operation.
Most recent time when CloudFormation performed a drift detection operation on the stack set. This value\n will be NULL for any stack set on which drift detection hasn't yet been performed.
Most recent time when CloudFormation performed a drift detection operation on the\n stack set. This value will be NULL for any stack set on which drift detection hasn't\n yet been performed.
The number of stack instances that have drifted from the expected template and parameter configuration of the\n stack set. A stack instance is considered to have drifted if one or more of the resources in the associated stack\n don't match their expected configuration.
" + "smithy.api#documentation": "The number of stack instances that have drifted from the expected template and parameter\n configuration of the stack set. A stack instance is considered to have drifted if one or more of\n the resources in the associated stack don't match their expected configuration.
" } }, "InSyncStackInstancesCount": { "target": "com.amazonaws.cloudformation#InSyncStackInstancesCount", "traits": { - "smithy.api#documentation": "The number of stack instances which match the expected template and parameter configuration of the stack\n set.
" + "smithy.api#documentation": "The number of stack instances which match the expected template and parameter configuration\n of the stack set.
" } }, "InProgressStackInstancesCount": { @@ -11029,7 +11057,7 @@ } }, "traits": { - "smithy.api#documentation": "Detailed information about the drift status of the stack set.
\nFor stack sets, contains information about the last completed drift operation performed on\n the stack set. Information about drift operations in-progress isn't included.
\nFor stack set operations, includes information about drift operations currently being performed on the stack\n set.
\nFor more information, see Detecting unmanaged changes in stack sets in\n the CloudFormation User Guide.
" + "smithy.api#documentation": "Detailed information about the drift status of the stack set.
\nFor stack sets, contains information about the last completed drift\n operation performed on the stack set. Information about drift operations in-progress isn't\n included.
\nFor stack set operations, includes information about drift operations currently being\n performed on the stack set.
\nFor more information, see Detecting unmanaged changes in\n stack sets in the CloudFormation User Guide.
" } }, "com.amazonaws.cloudformation#StackSetDriftDetectionStatus": { @@ -11154,13 +11182,13 @@ "Action": { "target": "com.amazonaws.cloudformation#StackSetOperationAction", "traits": { - "smithy.api#documentation": "The type of stack set operation: CREATE, UPDATE, or DELETE. Create and\n delete operations affect only the specified stack set instances that are associated with the specified stack set.\n Update operations affect both the stack set itself, in addition to all associated stack set\n instances.
The type of stack set operation: CREATE, UPDATE, or\n DELETE. Create and delete operations affect only the specified stack set instances\n that are associated with the specified stack set. Update operations affect both the stack set\n itself, in addition to all associated stack set instances.
The status of the operation.
\n\n FAILED: The operation exceeded the specified failure tolerance. The failure tolerance value that\n you've set for an operation is applied for each Region during stack create and update operations. If the number of\n failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to\n FAILED. This in turn sets the status of the operation as a whole to FAILED, and CloudFormation cancels the operation in any remaining Regions.
\n QUEUED: [Service-managed permissions] For automatic deployments that require a sequence of\n operations, the operation is queued to be performed. For more information, see the stack set operation status\n codes in the CloudFormation User Guide.
\n RUNNING: The operation is currently being performed.
\n STOPPED: The user has canceled the operation.
\n STOPPING: The operation is in the process of stopping, at user request.
\n SUCCEEDED: The operation completed creating or updating all the specified stacks without\n exceeding the failure tolerance for the operation.
The status of the operation.
\n\n FAILED: The operation exceeded the specified failure tolerance. The failure\n tolerance value that you've set for an operation is applied for each Region during stack create\n and update operations. If the number of failed stacks within a Region exceeds the failure\n tolerance, the status of the operation in the Region is set to FAILED. This in\n turn sets the status of the operation as a whole to FAILED, and CloudFormation\n cancels the operation in any remaining Regions.
\n QUEUED: [Service-managed permissions] For automatic deployments that require\n a sequence of operations, the operation is queued to be performed. For more information, see\n the stack\n set operation status codes in the CloudFormation User Guide.
\n RUNNING: The operation is currently being performed.
\n STOPPED: The user has canceled the operation.
\n STOPPING: The operation is in the process of stopping, at user\n request.
\n SUCCEEDED: The operation completed creating or updating all the specified\n stacks without exceeding the failure tolerance for the operation.
For stack set operations of action type DELETE, specifies whether to remove the stack instances\n from the specified stack set, but doesn't delete the stacks. You can't re-associate a retained stack, or add an\n existing, saved stack to a new stack set.
For stack set operations of action type DELETE, specifies whether to remove the\n stack instances from the specified stack set, but doesn't delete the stacks. You can't\n re-associate a retained stack, or add an existing, saved stack to a new stack set.
The Amazon Resource Name (ARN) of the IAM role used to perform this stack set operation.
\nUse customized administrator roles to control which users or groups can manage specific stack sets within the\n same administrator account. For more information, see Define Permissions for Multiple Administrators in the\n CloudFormation User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role used to perform this stack set\n operation.
\nUse customized administrator roles to control which users or groups can manage specific\n stack sets within the same administrator account. For more information, see Define\n Permissions for Multiple Administrators in the\n CloudFormation User Guide.
" } }, "ExecutionRoleName": { "target": "com.amazonaws.cloudformation#ExecutionRoleName", "traits": { - "smithy.api#documentation": "The name of the IAM execution role used to create or update the stack set.
\nUse customized execution roles to control which stack resources users and groups can include in their stack\n sets.
" + "smithy.api#documentation": "The name of the IAM execution role used to create or update the stack\n set.
\nUse customized execution roles to control which stack resources users and groups can include\n in their stack sets.
" } }, "CreationTimestamp": { "target": "com.amazonaws.cloudformation#Timestamp", "traits": { - "smithy.api#documentation": "The time at which the operation was initiated. Note that the creation times for the stack set operation might\n differ from the creation time of the individual stacks themselves. This is because CloudFormation needs to\n perform preparatory work for the operation, such as dispatching the work to the requested Regions, before actually\n creating the first stacks.
" + "smithy.api#documentation": "The time at which the operation was initiated. Note that the creation times for the stack\n set operation might differ from the creation time of the individual stacks themselves. This is\n because CloudFormation needs to perform preparatory work for the operation, such as\n dispatching the work to the requested Regions, before actually creating the first stacks.
" } }, "EndTimestamp": { "target": "com.amazonaws.cloudformation#Timestamp", "traits": { - "smithy.api#documentation": "The time at which the stack set operation ended, across all accounts and Regions specified. Note that this\n doesn't necessarily mean that the stack set operation was successful, or even attempted, in each account or\n Region.
" + "smithy.api#documentation": "The time at which the stack set operation ended, across all accounts and Regions specified.\n Note that this doesn't necessarily mean that the stack set operation was successful, or even\n attempted, in each account or Region.
" } }, "DeploymentTargets": { "target": "com.amazonaws.cloudformation#DeploymentTargets", "traits": { - "smithy.api#documentation": "[Service-managed permissions] The Organizations accounts affected by the stack operation.
" + "smithy.api#documentation": "[Service-managed permissions] The Organizations accounts affected by the stack\n operation.
" } }, "StackSetDriftDetectionDetails": { "target": "com.amazonaws.cloudformation#StackSetDriftDetectionDetails", "traits": { - "smithy.api#documentation": "Detailed information about the drift status of the stack set. This includes information about drift operations\n currently being performed on the stack set.
\nThis information will only be present for stack set operations whose Action type is\n DETECT_DRIFT.
For more information, see Detecting Unmanaged Changes in Stack Sets in\n the CloudFormation User Guide.
" + "smithy.api#documentation": "Detailed information about the drift status of the stack set. This includes information\n about drift operations currently being performed on the stack set.
\nThis information will only be present for stack set operations whose Action\n type is DETECT_DRIFT.
For more information, see Detecting Unmanaged Changes in\n Stack Sets in the CloudFormation User Guide.
" } }, "StatusReason": { @@ -11263,7 +11291,7 @@ "RegionConcurrencyType": { "target": "com.amazonaws.cloudformation#RegionConcurrencyType", "traits": { - "smithy.api#documentation": "The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a\n time.
" + "smithy.api#documentation": "The concurrency type of deploying StackSets operations in Regions, could be in parallel or\n one Region at a time.
" } }, "RegionOrder": { @@ -11275,30 +11303,36 @@ "FailureToleranceCount": { "target": "com.amazonaws.cloudformation#FailureToleranceCount", "traits": { - "smithy.api#documentation": "The number of accounts, per Region, for which this operation can fail before CloudFormation stops the\n operation in that Region. If the operation is stopped in a Region, CloudFormation doesn't attempt the operation\n in any subsequent Regions.
\nConditional: You must specify either FailureToleranceCount or\n FailureTolerancePercentage (but not both).
By default, 0 is specified.
The number of accounts, per Region, for which this operation can fail before CloudFormation stops the operation in that Region. If the operation is stopped in a Region,\n CloudFormation doesn't attempt the operation in any subsequent Regions.
\nConditional: You must specify either FailureToleranceCount or\n FailureTolerancePercentage (but not both).
By default, 0 is specified.
The percentage of accounts, per Region, for which this stack operation can fail before CloudFormation stops\n the operation in that Region. If the operation is stopped in a Region, CloudFormation doesn't attempt the\n operation in any subsequent Regions.
\nWhen calculating the number of accounts based on the specified percentage, CloudFormation rounds\n down to the next whole number.
\nConditional: You must specify either FailureToleranceCount or\n FailureTolerancePercentage, but not both.
By default, 0 is specified.
The percentage of accounts, per Region, for which this stack operation can fail before\n CloudFormation stops the operation in that Region. If the operation is stopped in a Region,\n CloudFormation doesn't attempt the operation in any subsequent Regions.
\nWhen calculating the number of accounts based on the specified percentage, CloudFormation rounds down to the next whole number.
\nConditional: You must specify either FailureToleranceCount or\n FailureTolerancePercentage, but not both.
By default, 0 is specified.
The maximum number of accounts in which to perform this operation at one time. This is dependent on the value of\n FailureToleranceCount.MaxConcurrentCount is at most one more than the\n FailureToleranceCount.
Note that this setting lets you specify the maximum for operations. For large deployments,\n under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service\n throttling.
\nConditional: You must specify either MaxConcurrentCount or MaxConcurrentPercentage,\n but not both.
By default, 1 is specified.
The maximum number of accounts in which to perform this operation at one time. This can\n depend on the value of FailureToleranceCount depending on your\n ConcurrencyMode. MaxConcurrentCount is at most one more than the\n FailureToleranceCount if you're using STRICT_FAILURE_TOLERANCE.
Note that this setting lets you specify the maximum for operations. For\n large deployments, under certain circumstances the actual number of accounts acted upon\n concurrently may be lower due to service throttling.
\nConditional: You must specify either MaxConcurrentCount or\n MaxConcurrentPercentage, but not both.
By default, 1 is specified.
The maximum percentage of accounts in which to perform this operation at one time.
\nWhen calculating the number of accounts based on the specified percentage, CloudFormation rounds down to\n the next whole number. This is true except in cases where rounding down would result is zero. In this case, CloudFormation sets the number as one instead.
\nNote that this setting lets you specify the maximum for operations. For large deployments,\n under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service\n throttling.
\nConditional: You must specify either MaxConcurrentCount or MaxConcurrentPercentage,\n but not both.
By default, 1 is specified.
The maximum percentage of accounts in which to perform this operation at one time.
\nWhen calculating the number of accounts based on the specified percentage, CloudFormation rounds down to the next whole number. This is true except in cases where rounding\n down would result is zero. In this case, CloudFormation sets the number as one\n instead.
\nNote that this setting lets you specify the maximum for operations. For\n large deployments, under certain circumstances the actual number of accounts acted upon\n concurrently may be lower due to service throttling.
\nConditional: You must specify either MaxConcurrentCount or\n MaxConcurrentPercentage, but not both.
By default, 1 is specified.
Specifies how the concurrency level behaves during the operation execution.
\n\n STRICT_FAILURE_TOLERANCE: Dynamically lowers the concurrency level to ensure\n the number of failed accounts never exceeds the FailureToleranceCount +1.\n StackSets will set the actual concurrency of your deployment as the minimum value between the\n MaxConcurrentCount and the FailureToleranceCount +1. This is the\n default behavior.
If failure tolerance or Maximum concurrent accounts are set to percentages, the behavior\n is similar.
\n\n SOFT_FAILURE_TOLERANCE: Always run at the concurrency level set by the user\n in the MaxConcurrentCount or MaxConcurrentPercentage, regardless of\n the number of failures.
The user-specified preferences for how CloudFormation performs a stack set operation.
\nFor more information about maximum concurrent accounts and failure tolerance, see Stack set operation\n options.
" + "smithy.api#documentation": "The user-specified preferences for how CloudFormation performs a stack set\n operation.
\nFor more information about maximum concurrent accounts and failure tolerance, see Stack set\n operation options.
" } }, "com.amazonaws.cloudformation#StackSetOperationResultStatus": { @@ -11348,7 +11382,7 @@ "Account": { "target": "com.amazonaws.cloudformation#Account", "traits": { - "smithy.api#documentation": "[Self-managed permissions] The name of the Amazon Web Services account for this operation result.
" + "smithy.api#documentation": "[Self-managed permissions] The name of the Amazon Web Services account for this operation\n result.
" } }, "Region": { @@ -11360,7 +11394,7 @@ "Status": { "target": "com.amazonaws.cloudformation#StackSetOperationResultStatus", "traits": { - "smithy.api#documentation": "The result status of the stack set operation for the given account in the given Region.
\n\n CANCELLED: The operation in the specified account and Region has been canceled. This is either\n because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has\n been exceeded.
\n FAILED: The operation in the specified account and Region failed.
If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set\n operation as a whole might be exceeded.
\n\n RUNNING: The operation in the specified account and Region is currently in progress.
\n PENDING: The operation in the specified account and Region has yet to start.
\n SUCCEEDED: The operation in the specified account and Region completed successfully.
The result status of the stack set operation for the given account in the given\n Region.
\n\n CANCELLED: The operation in the specified account and Region has been\n canceled. This is either because a user has stopped the stack set operation, or because the\n failure tolerance of the stack set operation has been exceeded.
\n FAILED: The operation in the specified account and Region failed.
If the stack set operation fails in enough accounts within a Region, the failure tolerance\n for the stack set operation as a whole might be exceeded.
\n\n RUNNING: The operation in the specified account and Region is currently in\n progress.
\n PENDING: The operation in the specified account and Region has yet to\n start.
\n SUCCEEDED: The operation in the specified account and Region completed\n successfully.
The results of the account gate function CloudFormation invokes, if present, before proceeding with stack\n set operations in an account.
" + "smithy.api#documentation": "The results of the account gate function CloudFormation invokes, if present, before\n proceeding with stack set operations in an account.
" } }, "OrganizationalUnitId": { "target": "com.amazonaws.cloudformation#OrganizationalUnitId", "traits": { - "smithy.api#documentation": "[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that you specified for\n DeploymentTargets.
" + "smithy.api#documentation": "[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that\n you specified for DeploymentTargets.
" } } }, "traits": { - "smithy.api#documentation": "The structure that contains information about a specified operation's results for a given account in a given\n Region.
" + "smithy.api#documentation": "The structure that contains information about a specified operation's results for a given\n account in a given Region.
" } }, "com.amazonaws.cloudformation#StackSetOperationStatus": { @@ -11462,25 +11496,25 @@ "Action": { "target": "com.amazonaws.cloudformation#StackSetOperationAction", "traits": { - "smithy.api#documentation": "The type of operation: CREATE, UPDATE, or DELETE. Create and delete\n operations affect only the specified stack instances that are associated with the specified stack set. Update\n operations affect both the stack set itself and all associated stack set instances.
The type of operation: CREATE, UPDATE, or DELETE.\n Create and delete operations affect only the specified stack instances that are associated with\n the specified stack set. Update operations affect both the stack set itself and\n all associated stack set instances.
The overall status of the operation.
\n\n FAILED: The operation exceeded the specified failure tolerance. The failure tolerance value that\n you've set for an operation is applied for each Region during stack create and update operations. If the number of\n failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to\n FAILED. This in turn sets the status of the operation as a whole to FAILED, and CloudFormation cancels the operation in any remaining Regions.
\n QUEUED: [Service-managed permissions] For automatic deployments that require a sequence of\n operations, the operation is queued to be performed. For more information, see the stack set operation status\n codes in the CloudFormation User Guide.
\n RUNNING: The operation is currently being performed.
\n STOPPED: The user has canceled the operation.
\n STOPPING: The operation is in the process of stopping, at user request.
\n SUCCEEDED: The operation completed creating or updating all the specified stacks without\n exceeding the failure tolerance for the operation.
The overall status of the operation.
\n\n FAILED: The operation exceeded the specified failure tolerance. The failure\n tolerance value that you've set for an operation is applied for each Region during stack create\n and update operations. If the number of failed stacks within a Region exceeds the failure\n tolerance, the status of the operation in the Region is set to FAILED. This in\n turn sets the status of the operation as a whole to FAILED, and CloudFormation\n cancels the operation in any remaining Regions.
\n QUEUED: [Service-managed permissions] For automatic deployments that require\n a sequence of operations, the operation is queued to be performed. For more information, see\n the stack\n set operation status codes in the CloudFormation User Guide.
\n RUNNING: The operation is currently being performed.
\n STOPPED: The user has canceled the operation.
\n STOPPING: The operation is in the process of stopping, at user\n request.
\n SUCCEEDED: The operation completed creating or updating all the specified\n stacks without exceeding the failure tolerance for the operation.
The time at which the operation was initiated. Note that the creation times for the stack set operation might\n differ from the creation time of the individual stacks themselves. This is because CloudFormation needs to\n perform preparatory work for the operation, such as dispatching the work to the requested Regions, before actually\n creating the first stacks.
" + "smithy.api#documentation": "The time at which the operation was initiated. Note that the creation times for the stack\n set operation might differ from the creation time of the individual stacks themselves. This is\n because CloudFormation needs to perform preparatory work for the operation, such as\n dispatching the work to the requested Regions, before actually creating the first stacks.
" } }, "EndTimestamp": { "target": "com.amazonaws.cloudformation#Timestamp", "traits": { - "smithy.api#documentation": "The time at which the stack set operation ended, across all accounts and Regions specified. Note that this\n doesn't necessarily mean that the stack set operation was successful, or even attempted, in each account or\n Region.
" + "smithy.api#documentation": "The time at which the stack set operation ended, across all accounts and Regions specified.\n Note that this doesn't necessarily mean that the stack set operation was successful, or even\n attempted, in each account or Region.
" } }, "StatusReason": { @@ -11498,7 +11532,7 @@ "OperationPreferences": { "target": "com.amazonaws.cloudformation#StackSetOperationPreferences", "traits": { - "smithy.api#documentation": "The user-specified preferences for how CloudFormation performs a stack set operation.
\nFor more information about maximum concurrent accounts and failure tolerance, see Stack set operation\n options.
" + "smithy.api#documentation": "The user-specified preferences for how CloudFormation performs a stack set\n operation.
\nFor more information about maximum concurrent accounts and failure tolerance, see Stack set\n operation options.
" } } }, @@ -11547,7 +11581,7 @@ "Description": { "target": "com.amazonaws.cloudformation#Description", "traits": { - "smithy.api#documentation": "A description of the stack set that you specify when the stack set is created or updated.
" + "smithy.api#documentation": "A description of the stack set that you specify when the stack set is created or\n updated.
" } }, "Status": { @@ -11559,31 +11593,31 @@ "AutoDeployment": { "target": "com.amazonaws.cloudformation#AutoDeployment", "traits": { - "smithy.api#documentation": "[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations\n accounts that are added to a target organizational unit (OU).
" + "smithy.api#documentation": "[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organizational unit (OU).
" } }, "PermissionModel": { "target": "com.amazonaws.cloudformation#PermissionModels", "traits": { - "smithy.api#documentation": "Describes how the IAM roles required for stack set operations are created.
\nWith self-managed permissions, you must create the administrator and execution roles required to\n deploy to target accounts. For more information, see Grant Self-Managed Stack Set\n Permissions.
With service-managed permissions, StackSets automatically creates the IAM roles\n required to deploy to accounts managed by Organizations. For more information, see Grant\n Service-Managed Stack Set Permissions.
Describes how the IAM roles required for stack set operations are\n created.
\nWith self-managed permissions, you must create the administrator and\n execution roles required to deploy to target accounts. For more information, see Grant\n Self-Managed Stack Set Permissions.
With service-managed permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by Organizations. For more\n information, see Grant\n Service-Managed Stack Set Permissions.
Status of the stack set's actual configuration compared to its expected template and parameter configuration. A\n stack set is considered to have drifted if one or more of its stack instances have drifted from their expected\n template and parameter configuration.
\n\n DRIFTED: One or more of the stack instances belonging to the stack set stack differs from the\n expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the\n resources in the associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked the stack set for drift.
\n IN_SYNC: All the stack instances belonging to the stack set stack match from the expected\n template and parameter configuration.
\n UNKNOWN: This value is reserved for future use.
Status of the stack set's actual configuration compared to its expected template and\n parameter configuration. A stack set is considered to have drifted if one or more of its stack\n instances have drifted from their expected template and parameter configuration.
\n\n DRIFTED: One or more of the stack instances belonging to the stack set stack\n differs from the expected template and parameter configuration. A stack instance is considered\n to have drifted if one or more of the resources in the associated stack have drifted.
\n NOT_CHECKED: CloudFormation hasn't checked the stack set for drift.
\n IN_SYNC: All the stack instances belonging to the stack set stack match from\n the expected template and parameter configuration.
\n UNKNOWN: This value is reserved for future use.
Most recent time when CloudFormation performed a drift detection operation on the stack set. This value\n will be NULL for any stack set on which drift detection hasn't yet been performed.
Most recent time when CloudFormation performed a drift detection operation on the\n stack set. This value will be NULL for any stack set on which drift detection hasn't\n yet been performed.
Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting\n operations.
" + "smithy.api#documentation": "Describes whether StackSets performs non-conflicting operations concurrently and queues\n conflicting operations.
" } } }, @@ -11887,7 +11921,7 @@ } ], "traits": { - "smithy.api#documentation": "Stops an in-progress operation on a stack set and its associated stack instances. StackSets will cancel all the\n unstarted stack instance deployments and wait for those are in-progress to complete.
" + "smithy.api#documentation": "Stops an in-progress operation on a stack set and its associated stack instances. StackSets\n will cancel all the unstarted stack instance deployments and wait for those are in-progress to\n complete.
" } }, "com.amazonaws.cloudformation#StopStackSetOperationInput": { @@ -11912,7 +11946,7 @@ "CallAs": { "target": "com.amazonaws.cloudformation#CallAs", "traits": { - "smithy.api#documentation": "[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's\n management account or as a delegated administrator in a member account.
\nBy default, SELF is specified. Use SELF for stack sets with self-managed\n permissions.
If you are signed in to the management account, specify SELF.
If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.
Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated\n administrator in the CloudFormation User Guide.
\n[Service-managed permissions] Specifies whether you are acting as an account administrator\n in the organization's management account or as a delegated administrator in a member\n account.
\nBy default, SELF is specified. Use SELF for stack sets with\n self-managed permissions.
If you are signed in to the management account, specify\n SELF.
If you are signed in to a delegated administrator account, specify\n DELEGATED_ADMIN.
Your Amazon Web Services account must be registered as a delegated administrator in the\n management account. For more information, see Register a\n delegated administrator in the CloudFormation User\n Guide.
\nIn some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order\n for CloudFormation to update the stack.
\n\n CAPABILITY_IAM and CAPABILITY_NAMED_IAM\n
Some stack templates might include resources that can affect permissions in your Amazon Web Services account;\n for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must\n explicitly acknowledge this by specifying one of these capabilities.
\nThe following IAM resources require you to specify either the CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
\nIf you have IAM resources with custom names, you must specify\n CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an\n InsufficientCapabilities error.
If your stack template contains these resources, we suggest that you review all permissions associated with\n them and edit their permissions if necessary.
\n\n \n AWS::IAM::Group\n
\n\n \n AWS::IAM::Policy\n
\n\n \n AWS::IAM::Role\n
\n\n \n AWS::IAM::User\n
\nFor more information, see Acknowledging IAM\n Resources in CloudFormation Templates.
\n\n CAPABILITY_AUTO_EXPAND\n
Some template contain macros. Macros perform custom processing on templates; this can include simple actions\n like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this,\n users typically create a change set from the processed template, so that they can review the changes resulting from\n the macros before actually updating the stack. If your stack template contains one or more macros, and you choose\n to update a stack directly from the processed template, without first reviewing the resulting changes in a change\n set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which\n are macros hosted by CloudFormation.
\nIf you want to update a stack from a stack template that contains macros and nested\n stacks, you must update the stack directly from the template using this capability.
\nYou should only update stacks directly from a stack template that contains macros if you know what processing\n the macro performs.
\nEach macro relies on an underlying Lambda service function for processing stack templates. Be\n aware that the Lambda function owner can update the function operation without CloudFormation being\n notified.
\nFor more information, see Using CloudFormation Macros to Perform Custom\n Processing on Templates.
\nIn some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order\n for CloudFormation to update the stack.
\n\n CAPABILITY_IAM and CAPABILITY_NAMED_IAM\n
Some stack templates might include resources that can affect permissions in your Amazon Web Services account;\n for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must\n explicitly acknowledge this by specifying one of these capabilities.
\nThe following IAM resources require you to specify either the CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
\nIf you have IAM resources with custom names, you must specify\n CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an\n InsufficientCapabilities error.
If your stack template contains these resources, we suggest that you review all permissions associated with\n them and edit their permissions if necessary.
\n\n \n AWS::IAM::Group\n
\n\n \n AWS::IAM::Policy\n
\n\n \n AWS::IAM::Role\n
\n\n \n AWS::IAM::User\n
\nFor more information, see Acknowledging IAM\n Resources in CloudFormation Templates.
\n\n CAPABILITY_AUTO_EXPAND\n
Some template contain macros. Macros perform custom processing on templates; this can include simple actions\n like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this,\n users typically create a change set from the processed template, so that they can review the changes resulting from\n the macros before actually updating the stack. If your stack template contains one or more macros, and you choose\n to update a stack directly from the processed template, without first reviewing the resulting changes in a change\n set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which\n are macros hosted by CloudFormation.
\nIf you want to update a stack from a stack template that contains macros and nested\n stacks, you must update the stack directly from the template using this capability.
\nYou should only update stacks directly from a stack template that contains macros if you know what processing\n the macro performs.
\nEach macro relies on an underlying Lambda service function for processing stack templates. Be\n aware that the Lambda function owner can update the function operation without CloudFormation being\n notified.
\nFor more information, see Using CloudFormation Macros to Perform Custom\n Processing on Templates.
\nOnly one of the Capabilities and ResourceType parameters can be specified.
The template resource types that you have permissions to work with for this update stack action, such as\n AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource that you're updating, the stack update fails. By\n default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM)\n uses this parameter for CloudFormation-specific condition keys in IAM policies. For more\n information, see Controlling Access with Identity and Access Management.
" + "smithy.api#documentation": "The template resource types that you have permissions to work with for this update stack action, such as\n AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource that you're updating, the stack update fails. By\n default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM)\n uses this parameter for CloudFormation-specific condition keys in IAM policies. For more\n information, see Controlling Access with Identity and Access Management.
\nOnly one of the Capabilities and ResourceType parameters can be specified.
A field in a CloudTrail event record on which to filter events to be logged. For\n event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used only for\n selecting events as filtering is not supported.
\n For CloudTrail event records, supported fields include readOnly,\n eventCategory, eventSource (for management events),\n eventName, resources.type, and resources.ARN.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the only supported field is\n eventCategory.
\n \n readOnly\n - Optional. Can be set to\n Equals a value of true or false. If you do\n not add this field, CloudTrail logs both read and\n write events. A value of true logs only\n read events. A value of false logs only\n write events.
\n \n eventSource\n - For filtering\n management events only. This can be set only to NotEquals\n kms.amazonaws.com.
\n \n eventName\n - Can use any operator.\n You can use it to filter in or filter out any data event logged to CloudTrail,\n such as PutBucket or GetSnapshotBlock. You can have\n multiple values for this field, separated by commas.
\n \n eventCategory\n - This is required and\n must be set to Equals. \n
\n For CloudTrail event records, the value\n must be Management or Data. \n
\n For Config\n configuration items, the value must be ConfigurationItem.\n
\n For Audit Manager evidence, the value must be Evidence.\n
\n For non-Amazon Web Services events, the value must be ActivityAuditLog.\n
\n \n resources.type\n - This field is\n required for CloudTrail data events. resources.type can only\n use the Equals operator, and the value can be one of the\n following:
\n AWS::DynamoDB::Table\n
\n AWS::Lambda::Function\n
\n AWS::S3::Object\n
\n AWS::CloudTrail::Channel\n
\n AWS::CodeWhisperer::Profile\n
\n AWS::Cognito::IdentityPool\n
\n AWS::DynamoDB::Stream\n
\n AWS::EC2::Snapshot\n
\n AWS::EMRWAL::Workspace\n
\n AWS::FinSpace::Environment\n
\n AWS::Glue::Table\n
\n AWS::GuardDuty::Detector\n
\n AWS::KendraRanking::ExecutionPlan\n
\n AWS::ManagedBlockchain::Network\n
\n AWS::ManagedBlockchain::Node\n
\n AWS::MedicalImaging::Datastore\n
\n AWS::SageMaker::ExperimentTrialComponent\n
\n AWS::SageMaker::FeatureGroup\n
\n AWS::S3::AccessPoint\n
\n AWS::S3ObjectLambda::AccessPoint\n
\n AWS::S3Outposts::Object\n
\n AWS::SSMMessages::ControlChannel\n
\n AWS::VerifiedPermissions::PolicyStore\n
You can have only one resources.type field per selector. To log data\n events on more than one resource type, add another selector.
\n \n resources.ARN\n - You can use any\n operator with resources.ARN, but if you use Equals or\n NotEquals, the value must exactly match the ARN of a valid resource\n of the type you've specified in the template as the value of resources.type. For\n example, if resources.type equals AWS::S3::Object, the ARN must be in\n one of the following formats. To log all data events for all objects in a specific S3\n bucket, use the StartsWith operator, and include only the bucket ARN as\n the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between\n less than and greater than symbols (<>) with resource-specific information.
\n\n arn:\n
\n arn:\n
When resources.type equals AWS::DynamoDB::Table, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Lambda::Function, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CloudTrail::Channel, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Cognito::IdentityPool, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::DynamoDB::Stream, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::EC2::Snapshot, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::EMRWAL::Workspace, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::FinSpace::Environment,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::Glue::Table, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::GuardDuty::Detector, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Network,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Node,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::MedicalImaging::Datastore,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::S3::AccessPoint, and the\n operator is set to Equals or NotEquals, the ARN must be in\n one of the following formats. To log events on all objects in an S3 access point, we\n recommend that you use only the access point ARN, don’t include the object path, and\n use the StartsWith or NotStartsWith operators.
\n arn:\n
\n arn:\n
When resources.type equals\n AWS::S3ObjectLambda::AccessPoint, and the operator is set to\n Equals or NotEquals, the ARN must be in the following\n format:
\n arn:\n
When resources.type equals AWS::S3Outposts::Object, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::SSMMessages::ControlChannel, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::VerifiedPermissions::PolicyStore, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
A field in a CloudTrail event record on which to filter events to be logged. For\n event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used only for\n selecting events as filtering is not supported.
\n For CloudTrail event records, supported fields include readOnly,\n eventCategory, eventSource (for management events),\n eventName, resources.type, and resources.ARN.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the only supported field is\n eventCategory.
\n \n readOnly\n - Optional. Can be set to\n Equals a value of true or false. If you do\n not add this field, CloudTrail logs both read and\n write events. A value of true logs only\n read events. A value of false logs only\n write events.
\n \n eventSource\n - For filtering\n management events only. This can be set to NotEquals\n kms.amazonaws.com or NotEquals\n rdsdata.amazonaws.com.
\n \n eventName\n - Can use any operator.\n You can use it to filter in or filter out any data event logged to CloudTrail,\n such as PutBucket or GetSnapshotBlock. You can have\n multiple values for this field, separated by commas.
\n \n eventCategory\n - This is required and\n must be set to Equals. \n
\n For CloudTrail event records, the value\n must be Management or Data. \n
\n For CloudTrail Insights event records, the value\n must be Insight. \n
\n For Config\n configuration items, the value must be ConfigurationItem.\n
\n For Audit Manager evidence, the value must be Evidence.\n
\n For non-Amazon Web Services events, the value must be ActivityAuditLog.\n
\n \n resources.type\n - This field is\n required for CloudTrail data events. resources.type can only\n use the Equals operator, and the value can be one of the\n following:
\n AWS::DynamoDB::Table\n
\n AWS::Lambda::Function\n
\n AWS::S3::Object\n
\n AWS::CloudTrail::Channel\n
\n AWS::CodeWhisperer::Customization\n
\n AWS::CodeWhisperer::Profile\n
\n AWS::Cognito::IdentityPool\n
\n AWS::DynamoDB::Stream\n
\n AWS::EC2::Snapshot\n
\n AWS::EMRWAL::Workspace\n
\n AWS::FinSpace::Environment\n
\n AWS::Glue::Table\n
\n AWS::GuardDuty::Detector\n
\n AWS::KendraRanking::ExecutionPlan\n
\n AWS::KinesisVideo::Stream\n
\n AWS::ManagedBlockchain::Network\n
\n AWS::ManagedBlockchain::Node\n
\n AWS::MedicalImaging::Datastore\n
\n AWS::PCAConnectorAD::Connector\n
\n AWS::SageMaker::Endpoint\n
\n AWS::SageMaker::ExperimentTrialComponent\n
\n AWS::SageMaker::FeatureGroup\n
\n AWS::SNS::PlatformEndpoint\n
\n AWS::SNS::Topic\n
\n AWS::S3::AccessPoint\n
\n AWS::S3ObjectLambda::AccessPoint\n
\n AWS::S3Outposts::Object\n
\n AWS::SSMMessages::ControlChannel\n
\n AWS::Timestream::Database\n
\n AWS::Timestream::Table\n
\n AWS::VerifiedPermissions::PolicyStore\n
You can have only one resources.type field per selector. To log data\n events on more than one resource type, add another selector.
\n \n resources.ARN\n - You can use any\n operator with resources.ARN, but if you use Equals or\n NotEquals, the value must exactly match the ARN of a valid resource\n of the type you've specified in the template as the value of resources.type. For\n example, if resources.type equals AWS::S3::Object, the ARN must be in\n one of the following formats. To log all data events for all objects in a specific S3\n bucket, use the StartsWith operator, and include only the bucket ARN as\n the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between\n less than and greater than symbols (<>) with resource-specific information.
\n\n arn:\n
\n arn:\n
When resources.type equals AWS::DynamoDB::Table, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Lambda::Function, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CloudTrail::Channel, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CodeWhisperer::Customization, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Cognito::IdentityPool, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::DynamoDB::Stream, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::EC2::Snapshot, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::EMRWAL::Workspace, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::FinSpace::Environment,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::Glue::Table, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::GuardDuty::Detector, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::KinesisVideo::Stream, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Network,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Node,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::MedicalImaging::Datastore,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::PCAConnectorAD::Connector,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::Endpoint, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SNS::PlatformEndpoint,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SNS::Topic,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::S3::AccessPoint, and the\n operator is set to Equals or NotEquals, the ARN must be in\n one of the following formats. To log events on all objects in an S3 access point, we\n recommend that you use only the access point ARN, don’t include the object path, and\n use the StartsWith or NotStartsWith operators.
\n arn:\n
\n arn:\n
When resources.type equals\n AWS::S3ObjectLambda::AccessPoint, and the operator is set to\n Equals or NotEquals, the ARN must be in the following\n format:
\n arn:\n
When resources.type equals AWS::S3Outposts::Object, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::SSMMessages::ControlChannel, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::Timestream::Database,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::Timestream::Table,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::VerifiedPermissions::PolicyStore, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
This exception is thrown when an operation is called with a trail ARN that is not valid.\n The following is the format of a trail ARN.
\n\n arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail\n
This exception is also thrown when you call AddTags or RemoveTags on a trail, event data store, or channel with a resource ARN that is not valid.
The following is the format of an event data store ARN:\n arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE\n
The following is the format of a channel ARN:\n arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890\n
This exception is thrown when an operation is called with an ARN that is not valid.
\nThe following is the format of a trail ARN: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail\n
The following is the format of an event data store ARN:\n arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE\n
The following is the format of a channel ARN:\n arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890\n
Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that\n represents the log group to which CloudTrail logs will be delivered. You must use a\n log group that exists in your account.
\nNot required unless you specify CloudWatchLogsRoleArn.
Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that\n represents the log group to which CloudTrail logs will be delivered. You must use a\n log group that exists in your account.
\nNot required unless you specify CloudWatchLogsRoleArn.
Only the management account can configure a CloudWatch Logs log group for an organization trail.
\nThe resource type in which you want to log data events. You can specify the following\n basic event selector resource types:
\n\n AWS::DynamoDB::Table\n
\n AWS::Lambda::Function\n
\n AWS::S3::Object\n
The following resource types are also available through advanced\n event selectors. Basic event selector resource types are valid in advanced event selectors,\n but advanced event selector resource types are not valid in basic event selectors. For more\n information, see AdvancedFieldSelector.
\n\n AWS::CloudTrail::Channel\n
\n AWS::CodeWhisperer::Profile\n
\n AWS::Cognito::IdentityPool\n
\n AWS::DynamoDB::Stream\n
\n AWS::EC2::Snapshot\n
\n AWS::EMRWAL::Workspace\n
\n AWS::FinSpace::Environment\n
\n AWS::Glue::Table\n
\n AWS::GuardDuty::Detector\n
\n AWS::KendraRanking::ExecutionPlan\n
\n AWS::ManagedBlockchain::Network\n
\n AWS::ManagedBlockchain::Node\n
\n AWS::MedicalImaging::Datastore\n
\n AWS::SageMaker::ExperimentTrialComponent\n
\n AWS::SageMaker::FeatureGroup\n
\n AWS::S3::AccessPoint\n
\n AWS::S3ObjectLambda::AccessPoint\n
\n AWS::S3Outposts::Object\n
\n AWS::SSMMessages::ControlChannel\n
\n AWS::VerifiedPermissions::PolicyStore\n
The resource type in which you want to log data events. You can specify the following\n basic event selector resource types:
\n\n AWS::DynamoDB::Table\n
\n AWS::Lambda::Function\n
\n AWS::S3::Object\n
The following resource types are also available through advanced\n event selectors. Basic event selector resource types are valid in advanced event selectors,\n but advanced event selector resource types are not valid in basic event selectors. For more\n information, see AdvancedFieldSelector.
\n\n AWS::CloudTrail::Channel\n
\n AWS::CodeWhisperer::Customization\n
\n AWS::CodeWhisperer::Profile\n
\n AWS::Cognito::IdentityPool\n
\n AWS::DynamoDB::Stream\n
\n AWS::EC2::Snapshot\n
\n AWS::EMRWAL::Workspace\n
\n AWS::FinSpace::Environment\n
\n AWS::Glue::Table\n
\n AWS::GuardDuty::Detector\n
\n AWS::KendraRanking::ExecutionPlan\n
\n AWS::KinesisVideo::Stream\n
\n AWS::ManagedBlockchain::Network\n
\n AWS::ManagedBlockchain::Node\n
\n AWS::MedicalImaging::Datastore\n
\n AWS::PCAConnectorAD::Connector\n
\n AWS::SageMaker::Endpoint\n
\n AWS::SageMaker::ExperimentTrialComponent\n
\n AWS::SageMaker::FeatureGroup\n
\n AWS::SNS::PlatformEndpoint\n
\n AWS::SNS::Topic\n
\n AWS::S3::AccessPoint\n
\n AWS::S3ObjectLambda::AccessPoint\n
\n AWS::S3Outposts::Object\n
\n AWS::SSMMessages::ControlChannel\n
\n AWS::Timestream::Database\n
\n AWS::Timestream::Table\n
\n AWS::VerifiedPermissions::PolicyStore\n
Describes the settings for the Insights event selectors that you configured for your\n trail. GetInsightSelectors shows if CloudTrail Insights event logging\n is enabled on the trail, and if it is, which insight types are enabled. If you run\n GetInsightSelectors on a trail that does not have Insights events enabled,\n the operation throws the exception InsightNotEnabledException\n
For more information, see Logging CloudTrail Insights Events for Trails in the CloudTrail User Guide.
", + "smithy.api#documentation": "Describes the settings for the Insights event selectors that you configured for your\n trail or event data store. GetInsightSelectors shows if CloudTrail Insights event logging\n is enabled on the trail or event data store, and if it is, which Insights types are enabled. If you run\n GetInsightSelectors on a trail or event data store that does not have Insights events enabled,\n the operation throws the exception InsightNotEnabledException\n
Specify either the EventDataStore parameter to get Insights event selectors for an event data store, \n or the TrailName parameter to the get Insights event selectors for a trail. You cannot specify these parameters together.
For more information, see Logging CloudTrail Insights events in the CloudTrail User Guide.
", "smithy.api#idempotent": {} } }, @@ -3985,8 +3991,13 @@ "TrailName": { "target": "com.amazonaws.cloudtrail#String", "traits": { - "smithy.api#documentation": "Specifies the name of the trail or trail ARN. If you specify a trail name, the string\n must meet the following requirements:
\nContain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores\n (_), or dashes (-)
\nStart with a letter or number, and end with a letter or number
\nBe between 3 and 128 characters
\nHave no adjacent periods, underscores or dashes. Names like\n my-_namespace and my--namespace are not valid.
Not be in IP address format (for example, 192.168.5.4)
\nIf you specify a trail ARN, it must be in the format:
\n\n arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail\n
Specifies the name of the trail or trail ARN. If you specify a trail name, the string\n must meet the following requirements:
\nContain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores\n (_), or dashes (-)
\nStart with a letter or number, and end with a letter or number
\nBe between 3 and 128 characters
\nHave no adjacent periods, underscores or dashes. Names like\n my-_namespace and my--namespace are not valid.
Not be in IP address format (for example, 192.168.5.4)
\nIf you specify a trail ARN, it must be in the format:
\n\n arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail\n
You cannot use this parameter with the EventDataStore parameter.
\n Specifies the ARN (or ID suffix of the ARN) of the event data store for which you want to get Insights\n selectors.\n
\nYou cannot use this parameter with the TrailName parameter.
A JSON string that contains the insight types you want to log on a trail. In this\n release, ApiErrorRateInsight and ApiCallRateInsight are supported\n as insight types.
A JSON string that contains the Insight types you want to log on a trail or event data store. ApiErrorRateInsight and ApiCallRateInsight are supported\n as Insights types.
\n The ARN of the source event data store that enabled Insights events.\n
" + } + }, + "InsightsDestination": { + "target": "com.amazonaws.cloudtrail#EventDataStoreArn", + "traits": { + "smithy.api#documentation": "\n The ARN of the destination event data store that logs Insights events.\n
" } } }, @@ -4744,7 +4767,7 @@ "code": "InsightNotEnabled", "httpResponseCode": 400 }, - "smithy.api#documentation": "If you run GetInsightSelectors on a trail that does not have Insights\n events enabled, the operation throws the exception\n InsightNotEnabledException.
If you run GetInsightSelectors on a trail or event data store that does not have Insights\n events enabled, the operation throws the exception\n InsightNotEnabledException.
The type of Insights events to log on a trail. ApiCallRateInsight and\n ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only\n management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management\n API calls that result in error codes. The error is shown if the API call is\n unsuccessful.
The type of Insights events to log on a trail or event data store. ApiCallRateInsight and\n ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only\n management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management\n API calls that result in error codes. The error is shown if the API call is\n unsuccessful.
A JSON string that contains a list of Insights types that are logged on a trail.
" + "smithy.api#documentation": "A JSON string that contains a list of Insights types that are logged on a trail or event data store.
" } }, "com.amazonaws.cloudtrail#InsightSelectors": { @@ -5064,7 +5087,7 @@ "code": "InvalidInsightSelectors", "httpResponseCode": 400 }, - "smithy.api#documentation": "The formatting or syntax of the InsightSelectors JSON statement in your\n PutInsightSelectors or GetInsightSelectors request is not\n valid, or the specified insight type in the InsightSelectors statement is not\n a valid insight type.
For PutInsightSelectors, this exception is thrown when the formatting or syntax of the InsightSelectors JSON statement is not\n valid, or the specified InsightType in the InsightSelectors statement is not\n valid. Valid values for InsightType are ApiCallRateInsight and ApiErrorRateInsight. To enable Insights on an event data store, the destination event data store specified by the \n InsightsDestination parameter must log Insights events and the source event data \n store specified by the EventDataStore parameter must log management events.
For UpdateEventDataStore, this exception is thrown if Insights are enabled on the event data store and the updated \n advanced event selectors are not compatible with the configured InsightSelectors. \n If the InsightSelectors includes an InsightType of ApiCallRateInsight, the source event data store must log write management events. \n If the InsightSelectors includes an InsightType of ApiErrorRateInsight, the source event data store must log management events.
Looks up management events or CloudTrail Insights events that are captured by CloudTrail.\n You can look up events that occurred in a Region within the last 90 days. Lookup supports\n the following attributes for management events:
\nAmazon Web Services access key
\nEvent ID
\nEvent name
\nEvent source
\nRead only
\nResource name
\nResource type
\nUser name
\nLookup supports the following attributes for Insights events:
\nEvent ID
\nEvent name
\nEvent source
\nAll attributes are optional. The default number of results returned is 50, with a\n maximum of 50 possible. The response includes a token that you can use to get the next page\n of results.
\nThe rate of lookup requests is limited to two per second, per account, per Region. If\n this limit is exceeded, a throttling error occurs.
\nLooks up management events or CloudTrail Insights events that are captured by CloudTrail. \n You can look up events that occurred in a Region within the last 90 days.
\n\n LookupEvents returns recent Insights events for trails that enable Insights. To view Insights events for an event data store, you can run queries on your \n Insights event data store, and you can also view the Lake dashboard for Insights.
Lookup supports the following attributes for management events:
\nAmazon Web Services access key
\nEvent ID
\nEvent name
\nEvent source
\nRead only
\nResource name
\nResource type
\nUser name
\nLookup supports the following attributes for Insights events:
\nEvent ID
\nEvent name
\nEvent source
\nAll attributes are optional. The default number of results returned is 50, with a\n maximum of 50 possible. The response includes a token that you can use to get the next page\n of results.
\nThe rate of lookup requests is limited to two per second, per account, per Region. If\n this limit is exceeded, a throttling error occurs.
\nLets you enable Insights event logging by specifying the Insights selectors that you\n want to enable on an existing trail. You also use PutInsightSelectors to turn\n off Insights event logging, by passing an empty list of insight types. The valid Insights\n event types in this release are ApiErrorRateInsight and\n ApiCallRateInsight.
To log CloudTrail Insights events on API call volume, the trail\n must log write management events. To log CloudTrail\n Insights events on API error rate, the trail must log read or\n write management events. You can call GetEventSelectors on a trail \n to check whether the trail logs management events.
Lets you enable Insights event logging by specifying the Insights selectors that you\n want to enable on an existing trail or event data store. You also use PutInsightSelectors to turn\n off Insights event logging, by passing an empty list of Insights types. The valid Insights\n event types are ApiErrorRateInsight and\n ApiCallRateInsight.
To enable Insights on an event data store, you must specify the ARNs (or ID suffix of the ARNs) for the source event data store (EventDataStore) and the destination event data store (InsightsDestination). The source event data store logs management events and enables Insights. \n The destination event data store logs Insights events based upon the management event activity of the source event data store. The source and destination event data stores must belong to the same Amazon Web Services account.
To log Insights events for a trail, you must specify the name (TrailName) of the CloudTrail trail for which you want to change or add Insights\n selectors.
To log CloudTrail Insights events on API call volume, the trail or event data store\n must log write management events. To log CloudTrail\n Insights events on API error rate, the trail or event data store must log read or\n write management events. You can call GetEventSelectors on a trail \n to check whether the trail logs management events. You can call GetEventDataStore on an \n event data store to check whether the event data store logs management events.
For more information, see Logging CloudTrail Insights events in the CloudTrail User Guide.
", "smithy.api#idempotent": {} } }, @@ -6789,16 +6818,27 @@ "TrailName": { "target": "com.amazonaws.cloudtrail#String", "traits": { - "smithy.api#documentation": "The name of the CloudTrail trail for which you want to change or add Insights\n selectors.
", - "smithy.api#required": {} + "smithy.api#documentation": "The name of the CloudTrail trail for which you want to change or add Insights\n selectors.
\nYou cannot use this parameter with the EventDataStore and InsightsDestination parameters.
A JSON string that contains the insight types you want to log on a trail.\n ApiCallRateInsight and ApiErrorRateInsight are valid Insight\n types.
The ApiCallRateInsight Insights type analyzes write-only\n management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management\n API calls that result in error codes. The error is shown if the API call is\n unsuccessful.
A JSON string that contains the Insights types you want to log on a trail or event data store.\n ApiCallRateInsight and ApiErrorRateInsight are valid Insight\n types.
The ApiCallRateInsight Insights type analyzes write-only\n management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management\n API calls that result in error codes. The error is shown if the API call is\n unsuccessful.
The ARN (or ID suffix of the ARN) of the source event data store for which you want to change or add Insights\n selectors. To enable Insights on an event data store, you must provide both the \n EventDataStore and InsightsDestination parameters.
You cannot use this parameter with the TrailName parameter.
\n The ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events. To enable Insights on an event data store, you must provide both the \n EventDataStore and InsightsDestination parameters.\n
You cannot use this parameter with the TrailName parameter.
A JSON string that contains the Insights event types that you want to log on a trail.\n The valid Insights types in this release are ApiErrorRateInsight and\n ApiCallRateInsight.
A JSON string that contains the Insights event types that you want to log on a trail or event data store.\n The valid Insights types are ApiErrorRateInsight and\n ApiCallRateInsight.
The Amazon Resource Name (ARN) of the source event data store for which you want to change or add Insights\n selectors.
" + } + }, + "InsightsDestination": { + "target": "com.amazonaws.cloudtrail#EventDataStoreArn", + "traits": { + "smithy.api#documentation": "\n The ARN of the destination event data store that logs Insights events.\n
" } } }, @@ -7199,7 +7251,7 @@ } ], "traits": { - "smithy.api#documentation": "Registers an organization’s member account as the CloudTrail delegated\n administrator.
", + "smithy.api#documentation": "Registers an organization’s member account as the CloudTrail delegated administrator.
", "smithy.api#idempotent": {} } }, @@ -8848,6 +8900,9 @@ { "target": "com.amazonaws.cloudtrail#InvalidEventSelectorsException" }, + { + "target": "com.amazonaws.cloudtrail#InvalidInsightSelectorsException" + }, { "target": "com.amazonaws.cloudtrail#InvalidKmsKeyIdException" }, @@ -8880,7 +8935,7 @@ } ], "traits": { - "smithy.api#documentation": "Updates an event data store. The required EventDataStore value is an ARN or\n the ID portion of the ARN. Other parameters are optional, but at least one optional\n parameter must be specified, or CloudTrail throws an error.\n RetentionPeriod is in days, and valid values are integers between 90 and\n 2557. By default, TerminationProtection is enabled.
For event data stores for CloudTrail events, AdvancedEventSelectors\n includes or excludes management and data events in your event data store. For more\n information about AdvancedEventSelectors, see \n AdvancedEventSelectors.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events,\n AdvancedEventSelectors includes events of that type in your event data store.
Updates an event data store. The required EventDataStore value is an ARN or\n the ID portion of the ARN. Other parameters are optional, but at least one optional\n parameter must be specified, or CloudTrail throws an error.\n RetentionPeriod is in days, and valid values are integers between 90 and\n 2557. By default, TerminationProtection is enabled.
For event data stores for CloudTrail events, AdvancedEventSelectors\n includes or excludes management, data, or Insights events in your event data store. For more\n information about AdvancedEventSelectors, see AdvancedEventSelectors.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events,\n AdvancedEventSelectors includes events of that type in your event data store.
Specifies whether an event data store collects events logged for an organization in\n Organizations.
" + "smithy.api#documentation": "Specifies whether an event data store collects events logged for an organization in\n Organizations.
\nOnly the management account for the organization can convert an organization event data store to a non-organization event data store, or convert a non-organization event data store to \n an organization event data store.
\nSpecifies a log group name using an Amazon Resource Name (ARN), a unique identifier that\n represents the log group to which CloudTrail logs are delivered. You must use a log\n group that exists in your account.
\nNot required unless you specify CloudWatchLogsRoleArn.
Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that\n represents the log group to which CloudTrail logs are delivered. You must use a log\n group that exists in your account.
\nNot required unless you specify CloudWatchLogsRoleArn.
Only the management account can configure a CloudWatch Logs log group for an organization trail.
\nSpecifies whether the trail is applied to all accounts in an organization in Organizations, or only for the current Amazon Web Services account. The default is false,\n and cannot be true unless the call is made on behalf of an Amazon Web Services account that\n is the management account or delegated administrator account for an organization in Organizations. If the trail is not an organization trail and this is set to\n true, the trail will be created in all Amazon Web Services accounts that\n belong to the organization. If the trail is an organization trail and this is set to\n false, the trail will remain in the current Amazon Web Services account but\n be deleted from all member accounts in the organization.
Specifies whether the trail is applied to all accounts in an organization in Organizations, or only for the current Amazon Web Services account. The default is false,\n and cannot be true unless the call is made on behalf of an Amazon Web Services account that\n is the management account for an organization in Organizations. If the trail is not an organization trail and this is set to\n true, the trail will be created in all Amazon Web Services accounts that\n belong to the organization. If the trail is an organization trail and this is set to\n false, the trail will remain in the current Amazon Web Services account but\n be deleted from all member accounts in the organization.
Only the management account for the organization can convert an organization trail to a non-organization trail, or convert a non-organization trail to \n an organization trail.
\nYou don't have sufficient permissions to perform this action.
", + "smithy.api#error": "client" + } + }, "com.amazonaws.cloudwatchlogs#AccessPolicy": { "type": "string", "traits": { @@ -229,6 +241,95 @@ "smithy.api#pattern": "^\\S{36,128}$" } }, + "com.amazonaws.cloudwatchlogs#ConflictException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.cloudwatchlogs#Message" + } + }, + "traits": { + "smithy.api#documentation": "This operation attempted to create a resource that already exists.
", + "smithy.api#error": "client" + } + }, + "com.amazonaws.cloudwatchlogs#CreateDelivery": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#CreateDeliveryRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#CreateDeliveryResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#AccessDeniedException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ConflictException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Creates a delivery. A delivery is a connection between a logical delivery source and a logical\n delivery destination\n that you have already created.
\nOnly some Amazon Web Services services support being configured as a delivery source using this operation. These services are listed\n as Supported [V2 Permissions] in the table at \n Enabling \n logging from Amazon Web Services services.\n
\nA delivery destination can represent a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Kinesis Data Firehose.
\nTo configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:
\nCreate a delivery source, which is a logical object that represents the resource that is actually\n sending the logs. For more \n information, see PutDeliverySource.
\nCreate a delivery destination, which is a logical object that represents the actual\n delivery destination. For more \n information, see PutDeliveryDestination.
\nIf you are delivering logs cross-account, you must use \n PutDeliveryDestinationPolicy\n in the destination account to assign an IAM policy to the \n destination. This policy allows delivery to that destination.\n
\nUse CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination.\n
You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You \n can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
\nYou can't update an existing delivery. You can only create and delete deliveries.
" + } + }, + "com.amazonaws.cloudwatchlogs#CreateDeliveryRequest": { + "type": "structure", + "members": { + "deliverySourceName": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySourceName", + "traits": { + "smithy.api#documentation": "The name of the delivery source to use for this delivery.
", + "smithy.api#required": {} + } + }, + "deliveryDestinationArn": { + "target": "com.amazonaws.cloudwatchlogs#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the delivery destination to use for this delivery.
", + "smithy.api#required": {} + } + }, + "tags": { + "target": "com.amazonaws.cloudwatchlogs#Tags", + "traits": { + "smithy.api#documentation": "An optional list of key-value pairs to associate with the resource.
\nFor more information about tagging, see \n Tagging Amazon Web Services resources\n
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#CreateDeliveryResponse": { + "type": "structure", + "members": { + "delivery": { + "target": "com.amazonaws.cloudwatchlogs#Delivery", + "traits": { + "smithy.api#documentation": "A structure that contains information about the delivery that you just created.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.cloudwatchlogs#CreateExportTask": { "type": "operation", "input": { @@ -578,6 +679,188 @@ "smithy.api#input": {} } }, + "com.amazonaws.cloudwatchlogs#DeleteDelivery": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DeleteDeliveryRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ConflictException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Deletes s delivery. A delivery is a connection between a logical delivery source and a logical\n delivery destination. Deleting a delivery only deletes the connection between the delivery source and delivery destination. It does\n not delete the delivery destination or the delivery source.
" + } + }, + "com.amazonaws.cloudwatchlogs#DeleteDeliveryDestination": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DeleteDeliveryDestinationRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ConflictException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Deletes a delivery destination. A delivery is a connection between a logical delivery source and a logical\n delivery destination.
\nYou can't delete a delivery destination if any current deliveries are associated with it. To find whether any deliveries are associated with \n this delivery destination, use the DescribeDeliveries operation and check the deliveryDestinationArn field in the results.
Deletes a delivery destination policy. For more information about these policies,\n see PutDeliveryDestinationPolicy.
" + } + }, + "com.amazonaws.cloudwatchlogs#DeleteDeliveryDestinationPolicyRequest": { + "type": "structure", + "members": { + "deliveryDestinationName": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationName", + "traits": { + "smithy.api#documentation": "The name of the delivery destination that you want to delete the policy for.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#DeleteDeliveryDestinationRequest": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationName", + "traits": { + "smithy.api#documentation": "The name of the delivery destination that you want to delete. You can find a list of delivery destionation names\n by using the DescribeDeliveryDestinations\n operation.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#DeleteDeliveryRequest": { + "type": "structure", + "members": { + "id": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryId", + "traits": { + "smithy.api#documentation": "The unique ID of the delivery to delete. You can find the ID of a delivery with the \n DescribeDeliveries operation.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#DeleteDeliverySource": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DeleteDeliverySourceRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ConflictException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Deletes a delivery source. A delivery is a connection between a logical delivery source and a logical\n delivery destination.
\nYou can't delete a delivery source if any current deliveries are associated with it. To find whether any deliveries are associated with \n this delivery source, use the DescribeDeliveries operation and check the deliverySourceName field in the results.
The name of the delivery source that you want to delete.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, "com.amazonaws.cloudwatchlogs#DeleteDestination": { "type": "operation", "input": { @@ -932,58 +1215,480 @@ } }, "traits": { - "smithy.api#input": {} + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#Deliveries": { + "type": "list", + "member": { + "target": "com.amazonaws.cloudwatchlogs#Delivery" + } + }, + "com.amazonaws.cloudwatchlogs#Delivery": { + "type": "structure", + "members": { + "id": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryId", + "traits": { + "smithy.api#documentation": "The unique ID that identifies this delivery in your account.
" + } + }, + "arn": { + "target": "com.amazonaws.cloudwatchlogs#Arn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) that uniquely identifies this delivery.
" + } + }, + "deliverySourceName": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySourceName", + "traits": { + "smithy.api#documentation": "The name of the delivery source that is associated with this delivery.
" + } + }, + "deliveryDestinationArn": { + "target": "com.amazonaws.cloudwatchlogs#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the delivery destination that is associated with this delivery.
" + } + }, + "deliveryDestinationType": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationType", + "traits": { + "smithy.api#documentation": "Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, or Kinesis Data Firehose.
" + } + }, + "tags": { + "target": "com.amazonaws.cloudwatchlogs#Tags", + "traits": { + "smithy.api#documentation": "The tags that have been assigned to this delivery.
" + } + } + }, + "traits": { + "smithy.api#documentation": "This structure contains information about one delivery in your account.
\nA delivery is a connection between a logical delivery source and a logical\n delivery destination.
\nFor more information, see CreateDelivery.
\nYou can't update an existing delivery. You can only create and delete deliveries.
" + } + }, + "com.amazonaws.cloudwatchlogs#DeliveryDestination": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationName", + "traits": { + "smithy.api#documentation": "The name of this delivery destination.
" + } + }, + "arn": { + "target": "com.amazonaws.cloudwatchlogs#Arn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) that uniquely identifies this delivery destination.
" + } + }, + "deliveryDestinationType": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationType", + "traits": { + "smithy.api#documentation": "Displays whether this delivery destination is CloudWatch Logs, Amazon S3, or Kinesis Data Firehose.
" + } + }, + "outputFormat": { + "target": "com.amazonaws.cloudwatchlogs#OutputFormat", + "traits": { + "smithy.api#documentation": "The format of the logs that are sent to this delivery destination.
" + } + }, + "deliveryDestinationConfiguration": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationConfiguration", + "traits": { + "smithy.api#documentation": "A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
" + } + }, + "tags": { + "target": "com.amazonaws.cloudwatchlogs#Tags", + "traits": { + "smithy.api#documentation": "The tags that have been assigned to this delivery destination.
" + } + } + }, + "traits": { + "smithy.api#documentation": "This structure contains information about one delivery destination in your account. \n A delivery destination is an Amazon Web Services resource that represents an \n shared id=\"AWS\"/> service that logs can be sent to. CloudWatch Logs, Amazon S3, are supported as Kinesis Data Firehose delivery destinations.
\nTo configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:
\nCreate a delivery source, which is a logical object that represents the resource that is actually\n sending the logs. For more \n information, see PutDeliverySource.
\nCreate a delivery destination, which is a logical object that represents the actual\n delivery destination.
\nIf you are delivering logs cross-account, you must use \n PutDeliveryDestinationPolicy\n in the destination account to assign an IAM policy to the \n destination. This policy allows delivery to that destination.\n
\nCreate a delivery by pairing exactly one delivery source and one delivery destination.\n For more information, see CreateDelivery.
\nYou can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You \n can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
" + } + }, + "com.amazonaws.cloudwatchlogs#DeliveryDestinationConfiguration": { + "type": "structure", + "members": { + "destinationResourceArn": { + "target": "com.amazonaws.cloudwatchlogs#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination\n can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Kinesis Data Firehose.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "A structure that contains information about one logs delivery destination.
" + } + }, + "com.amazonaws.cloudwatchlogs#DeliveryDestinationName": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 60 + }, + "smithy.api#pattern": "^[\\w-]*$" + } + }, + "com.amazonaws.cloudwatchlogs#DeliveryDestinationPolicy": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 51200 + } + } + }, + "com.amazonaws.cloudwatchlogs#DeliveryDestinationType": { + "type": "enum", + "members": { + "S3": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "S3" + } + }, + "CWL": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CWL" + } + }, + "FH": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "FH" + } + } + } + }, + "com.amazonaws.cloudwatchlogs#DeliveryDestinations": { + "type": "list", + "member": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestination" + } + }, + "com.amazonaws.cloudwatchlogs#DeliveryId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 64 + }, + "smithy.api#pattern": "^[0-9A-Za-z]+$" + } + }, + "com.amazonaws.cloudwatchlogs#DeliverySource": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySourceName", + "traits": { + "smithy.api#documentation": "The unique name of the delivery source.
" + } + }, + "arn": { + "target": "com.amazonaws.cloudwatchlogs#Arn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) that uniquely identifies this delivery source.
" + } + }, + "resourceArns": { + "target": "com.amazonaws.cloudwatchlogs#ResourceArns", + "traits": { + "smithy.api#documentation": "This array contains the ARN of the Amazon Web Services resource that sends logs and is represented by \n this delivery source. Currently, only one ARN can be in the array.
" + } + }, + "service": { + "target": "com.amazonaws.cloudwatchlogs#Service", + "traits": { + "smithy.api#documentation": "The Amazon Web Services service that is sending logs.
" + } + }, + "logType": { + "target": "com.amazonaws.cloudwatchlogs#LogType", + "traits": { + "smithy.api#documentation": "The type of log that the source is sending. For valid values for this parameter, see the documentation for\n the source service.
" + } + }, + "tags": { + "target": "com.amazonaws.cloudwatchlogs#Tags", + "traits": { + "smithy.api#documentation": "The tags that have been assigned to this delivery source.
" + } + } + }, + "traits": { + "smithy.api#documentation": "This structure contains information about one delivery source in your account. \n A delivery source is an Amazon Web Services resource that sends logs to an\n Amazon Web Services destination. The destination can be CloudWatch Logs, Amazon S3, or Kinesis Data Firehose.
\nOnly some Amazon Web Services services support being configured as a delivery source. These services are listed\n as Supported [V2 Permissions] in the table at \n Enabling \n logging from Amazon Web Services services.\n
\nTo configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:
\nCreate a delivery source, which is a logical object that represents the resource that is actually\n sending the logs. For more \n information, see PutDeliverySource.
\nCreate a delivery destination, which is a logical object that represents the actual\n delivery destination. For more \n information, see PutDeliveryDestination.
\nIf you are delivering logs cross-account, you must use \n PutDeliveryDestinationPolicy\n in the destination account to assign an IAM policy to the \n destination. This policy allows delivery to that destination.\n
\nCreate a delivery by pairing exactly one delivery source and one delivery destination.\n For more information, see CreateDelivery.
\nYou can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You \n can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
" + } + }, + "com.amazonaws.cloudwatchlogs#DeliverySourceName": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 60 + }, + "smithy.api#pattern": "^[\\w-]*$" + } + }, + "com.amazonaws.cloudwatchlogs#DeliverySources": { + "type": "list", + "member": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySource" + } + }, + "com.amazonaws.cloudwatchlogs#Descending": { + "type": "boolean" + }, + "com.amazonaws.cloudwatchlogs#DescribeAccountPolicies": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#InvalidParameterException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#OperationAbortedException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + } + ], + "traits": { + "smithy.api#documentation": "Returns a list of all CloudWatch Logs account policies in the account.
" + } + }, + "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesRequest": { + "type": "structure", + "members": { + "policyType": { + "target": "com.amazonaws.cloudwatchlogs#PolicyType", + "traits": { + "smithy.api#documentation": "Use this parameter to limit the returned policies to only the policies that match the policy type that you\n specify. Currently, the only valid value is DATA_PROTECTION_POLICY.
Use this parameter to limit the returned policies to only the policy with the name that you specify.
" + } + }, + "accountIdentifiers": { + "target": "com.amazonaws.cloudwatchlogs#AccountIds", + "traits": { + "smithy.api#documentation": "If you are using an account that is set up as a monitoring account for CloudWatch unified cross-account\n observability, you can use this to specify the account ID of a source account. If you do, \n the operation returns the account policy for the specified account. Currently, you can specify only\n one account ID in this parameter.
\nIf you\n omit this parameter, only the policy in the current account is returned.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesResponse": { + "type": "structure", + "members": { + "accountPolicies": { + "target": "com.amazonaws.cloudwatchlogs#AccountPolicies", + "traits": { + "smithy.api#documentation": "An array of structures that contain information about the CloudWatch Logs account policies that match \n the specified filters.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudwatchlogs#DescribeDeliveries": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliveriesRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliveriesResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Retrieves a list of the deliveries that have been created in the account.
", + "smithy.api#paginated": { + "inputToken": "nextToken", + "outputToken": "nextToken", + "items": "deliveries", + "pageSize": "limit" + } + } + }, + "com.amazonaws.cloudwatchlogs#DescribeDeliveriesRequest": { + "type": "structure", + "members": { + "nextToken": { + "target": "com.amazonaws.cloudwatchlogs#NextToken" + }, + "limit": { + "target": "com.amazonaws.cloudwatchlogs#DescribeLimit", + "traits": { + "smithy.api#documentation": "Optionally specify the maximum number of deliveries to return in the response.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#DescribeDeliveriesResponse": { + "type": "structure", + "members": { + "deliveries": { + "target": "com.amazonaws.cloudwatchlogs#Deliveries", + "traits": { + "smithy.api#documentation": "An array of structures. Each structure contains information about one delivery in the account.
" + } + }, + "nextToken": { + "target": "com.amazonaws.cloudwatchlogs#NextToken" + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudwatchlogs#DescribeDeliveryDestinations": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliveryDestinationsRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliveryDestinationsResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Retrieves a list of the delivery destinations that have been created in the account.
", + "smithy.api#paginated": { + "inputToken": "nextToken", + "outputToken": "nextToken", + "items": "deliveryDestinations", + "pageSize": "limit" + } + } + }, + "com.amazonaws.cloudwatchlogs#DescribeDeliveryDestinationsRequest": { + "type": "structure", + "members": { + "nextToken": { + "target": "com.amazonaws.cloudwatchlogs#NextToken" + }, + "limit": { + "target": "com.amazonaws.cloudwatchlogs#DescribeLimit", + "traits": { + "smithy.api#documentation": "Optionally specify the maximum number of delivery destinations to return in the response.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#DescribeDeliveryDestinationsResponse": { + "type": "structure", + "members": { + "deliveryDestinations": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinations", + "traits": { + "smithy.api#documentation": "An array of structures. Each structure contains information about one delivery destination in the account.
" + } + }, + "nextToken": { + "target": "com.amazonaws.cloudwatchlogs#NextToken" + } + }, + "traits": { + "smithy.api#output": {} } }, - "com.amazonaws.cloudwatchlogs#Descending": { - "type": "boolean" - }, - "com.amazonaws.cloudwatchlogs#DescribeAccountPolicies": { + "com.amazonaws.cloudwatchlogs#DescribeDeliverySources": { "type": "operation", "input": { - "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesRequest" + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliverySourcesRequest" }, "output": { - "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesResponse" + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliverySourcesResponse" }, "errors": [ { - "target": "com.amazonaws.cloudwatchlogs#InvalidParameterException" + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" }, { - "target": "com.amazonaws.cloudwatchlogs#OperationAbortedException" + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" }, { - "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" }, { - "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + "target": "com.amazonaws.cloudwatchlogs#ValidationException" } ], "traits": { - "smithy.api#documentation": "Returns a list of all CloudWatch Logs account policies in the account.
" + "smithy.api#documentation": "Retrieves a list of the delivery sources that have been created in the account.
", + "smithy.api#paginated": { + "inputToken": "nextToken", + "outputToken": "nextToken", + "items": "deliverySources", + "pageSize": "limit" + } } }, - "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesRequest": { + "com.amazonaws.cloudwatchlogs#DescribeDeliverySourcesRequest": { "type": "structure", "members": { - "policyType": { - "target": "com.amazonaws.cloudwatchlogs#PolicyType", - "traits": { - "smithy.api#documentation": "Use this parameter to limit the returned policies to only the policies that match the policy type that you\n specify. Currently, the only valid value is DATA_PROTECTION_POLICY.
Use this parameter to limit the returned policies to only the policy with the name that you specify.
" - } + "nextToken": { + "target": "com.amazonaws.cloudwatchlogs#NextToken" }, - "accountIdentifiers": { - "target": "com.amazonaws.cloudwatchlogs#AccountIds", + "limit": { + "target": "com.amazonaws.cloudwatchlogs#DescribeLimit", "traits": { - "smithy.api#documentation": "If you are using an account that is set up as a monitoring account for CloudWatch unified cross-account\n observability, you can use this to specify the account ID of a source account. If you do, \n the operation returns the account policy for the specified account. Currently, you can specify only\n one account ID in this parameter.
\nIf you\n omit this parameter, only the policy in the current account is returned.
" + "smithy.api#documentation": "Optionally specify the maximum number of delivery sources to return in the response.
" } } }, @@ -991,14 +1696,17 @@ "smithy.api#input": {} } }, - "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesResponse": { + "com.amazonaws.cloudwatchlogs#DescribeDeliverySourcesResponse": { "type": "structure", "members": { - "accountPolicies": { - "target": "com.amazonaws.cloudwatchlogs#AccountPolicies", + "deliverySources": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySources", "traits": { - "smithy.api#documentation": "An array of structures that contain information about the CloudWatch Logs account policies that match \n the specified filters.
" + "smithy.api#documentation": "An array of structures. Each structure contains information about one delivery source in the account.
" } + }, + "nextToken": { + "target": "com.amazonaws.cloudwatchlogs#NextToken" } }, "traits": { @@ -2355,6 +3063,232 @@ "smithy.api#output": {} } }, + "com.amazonaws.cloudwatchlogs#GetDelivery": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#GetDeliveryRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#GetDeliveryResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Returns complete information about one delivery. A delivery is a connection between a logical delivery source and a logical\n delivery destination\n
\nYou need to specify the delivery id in this operation. You can find the IDs of the deliveries in your account with the \n DescribeDeliveries operation.
Retrieves complete information about one delivery destination.
" + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationPolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationPolicyRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationPolicyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Retrieves the delivery destination policy assigned to the delivery destination that you specify.\n For more information about delivery destinations and their policies, see \n PutDeliveryDestinationPolicy.
" + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationPolicyRequest": { + "type": "structure", + "members": { + "deliveryDestinationName": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationName", + "traits": { + "smithy.api#documentation": "The name of the delivery destination that you want to retrieve the policy of.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationPolicyResponse": { + "type": "structure", + "members": { + "policy": { + "target": "com.amazonaws.cloudwatchlogs#Policy", + "traits": { + "smithy.api#documentation": "The IAM policy for this delivery destination.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationRequest": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationName", + "traits": { + "smithy.api#documentation": "The name of the delivery destination that you want to retrieve.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationResponse": { + "type": "structure", + "members": { + "deliveryDestination": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestination", + "traits": { + "smithy.api#documentation": "A structure containing information about the delivery destination.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliveryRequest": { + "type": "structure", + "members": { + "id": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryId", + "traits": { + "smithy.api#documentation": "The ID of the delivery that you want to retrieve.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliveryResponse": { + "type": "structure", + "members": { + "delivery": { + "target": "com.amazonaws.cloudwatchlogs#Delivery", + "traits": { + "smithy.api#documentation": "A structure that contains information about the delivery.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliverySource": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#GetDeliverySourceRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#GetDeliverySourceResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Retrieves complete information about one delivery source.
" + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliverySourceRequest": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySourceName", + "traits": { + "smithy.api#documentation": "The name of the delivery source that you want to retrieve.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#GetDeliverySourceResponse": { + "type": "structure", + "members": { + "deliverySource": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySource", + "traits": { + "smithy.api#documentation": "A structure containing information about the delivery source.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.cloudwatchlogs#GetLogEvents": { "type": "operation", "input": { @@ -2622,7 +3556,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns the results from the specified query.
\nOnly the fields requested in the query are returned, along with a @ptr\n field, which is the identifier for the log record. You can use the value of @ptr\n in a GetLogRecord\n operation to get the full log record.
\n GetQueryResults does not start running a query. To run a query, use StartQuery.
If the value of the Status field in the output is Running, this operation \n returns only partial results. If you see a value of Scheduled or Running for the status, \n you can retry the operation later to see the final results.
If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account to start \n queries in linked source accounts. For more information, see \n CloudWatch cross-account observability.
" + "smithy.api#documentation": "Returns the results from the specified query.
\nOnly the fields requested in the query are returned, along with a @ptr\n field, which is the identifier for the log record. You can use the value of @ptr\n in a GetLogRecord\n operation to get the full log record.
\n GetQueryResults does not start running a query. To run a query, use StartQuery. For more information about how long results of previous queries\n are available, see CloudWatch Logs quotas.
If the value of the Status field in the output is Running, this operation \n returns only partial results. If you see a value of Scheduled or Running for the status, \n you can retry the operation later to see the final results.
If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account to start \n queries in linked source accounts. For more information, see \n CloudWatch cross-account observability.
" } }, "com.amazonaws.cloudwatchlogs#GetQueryResultsRequest": { @@ -3138,6 +4072,16 @@ "target": "com.amazonaws.cloudwatchlogs#LogStream" } }, + "com.amazonaws.cloudwatchlogs#LogType": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 255 + }, + "smithy.api#pattern": "^[\\w]*$" + } + }, "com.amazonaws.cloudwatchlogs#Logs_20140328": { "type": "service", "version": "2014-03-28", @@ -3148,6 +4092,9 @@ { "target": "com.amazonaws.cloudwatchlogs#CancelExportTask" }, + { + "target": "com.amazonaws.cloudwatchlogs#CreateDelivery" + }, { "target": "com.amazonaws.cloudwatchlogs#CreateExportTask" }, @@ -3163,6 +4110,18 @@ { "target": "com.amazonaws.cloudwatchlogs#DeleteDataProtectionPolicy" }, + { + "target": "com.amazonaws.cloudwatchlogs#DeleteDelivery" + }, + { + "target": "com.amazonaws.cloudwatchlogs#DeleteDeliveryDestination" + }, + { + "target": "com.amazonaws.cloudwatchlogs#DeleteDeliveryDestinationPolicy" + }, + { + "target": "com.amazonaws.cloudwatchlogs#DeleteDeliverySource" + }, { "target": "com.amazonaws.cloudwatchlogs#DeleteDestination" }, @@ -3190,6 +4149,15 @@ { "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPolicies" }, + { + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliveries" + }, + { + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliveryDestinations" + }, + { + "target": "com.amazonaws.cloudwatchlogs#DescribeDeliverySources" + }, { "target": "com.amazonaws.cloudwatchlogs#DescribeDestinations" }, @@ -3226,6 +4194,18 @@ { "target": "com.amazonaws.cloudwatchlogs#GetDataProtectionPolicy" }, + { + "target": "com.amazonaws.cloudwatchlogs#GetDelivery" + }, + { + "target": "com.amazonaws.cloudwatchlogs#GetDeliveryDestination" + }, + { + "target": "com.amazonaws.cloudwatchlogs#GetDeliveryDestinationPolicy" + }, + { + "target": "com.amazonaws.cloudwatchlogs#GetDeliverySource" + }, { "target": "com.amazonaws.cloudwatchlogs#GetLogEvents" }, @@ -3250,6 +4230,15 @@ { "target": "com.amazonaws.cloudwatchlogs#PutDataProtectionPolicy" }, + { + "target": "com.amazonaws.cloudwatchlogs#PutDeliveryDestination" + }, + { + "target": "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationPolicy" + }, + { + "target": "com.amazonaws.cloudwatchlogs#PutDeliverySource" + }, { "target": "com.amazonaws.cloudwatchlogs#PutDestination" }, @@ -3356,7 +4345,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3399,7 +4387,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -3412,7 +4401,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3426,7 +4414,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3449,7 +4436,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3484,7 +4470,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -3495,14 +4480,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -3516,14 +4503,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -3532,11 +4517,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3585,14 +4570,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -3606,7 +4593,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3626,7 +4612,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -3637,14 +4622,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -3655,9 +4642,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -4566,6 +5555,41 @@ } } }, + "com.amazonaws.cloudwatchlogs#OutputFormat": { + "type": "enum", + "members": { + "JSON": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "json" + } + }, + "PLAIN": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "plain" + } + }, + "W3C": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "w3c" + } + }, + "RAW": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "raw" + } + }, + "PARQUET": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "parquet" + } + } + } + }, "com.amazonaws.cloudwatchlogs#OutputLogEvent": { "type": "structure", "members": { @@ -4608,6 +5632,20 @@ } } }, + "com.amazonaws.cloudwatchlogs#Policy": { + "type": "structure", + "members": { + "deliveryDestinationPolicy": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationPolicy", + "traits": { + "smithy.api#documentation": "The contents of the delivery destination policy.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A structure that contains information about one delivery destination policy.
" + } + }, "com.amazonaws.cloudwatchlogs#PolicyDocument": { "type": "string", "traits": { @@ -4783,6 +5821,229 @@ "smithy.api#output": {} } }, + "com.amazonaws.cloudwatchlogs#PutDeliveryDestination": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ConflictException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Creates or updates a logical delivery destination. A delivery destination is an Amazon Web Services resource that represents an \n Amazon Web Services service that logs can be sent to. CloudWatch Logs, Amazon S3, and\n Kinesis Data Firehose are supported as logs delivery destinations.
\nTo configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:
\nCreate a delivery source, which is a logical object that represents the resource that is actually\n sending the logs. For more \n information, see PutDeliverySource.
\nUse PutDeliveryDestination to create a delivery destination, which is a logical object that represents the actual\n delivery destination.
If you are delivering logs cross-account, you must use \n PutDeliveryDestinationPolicy\n in the destination account to assign an IAM policy to the \n destination. This policy allows delivery to that destination.\n
\nUse CreateDelivery to create a delivery by pairing exactly \n one delivery source and one delivery destination. For more \n information, see CreateDelivery.\n
You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You \n can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
\nOnly some Amazon Web Services services support being configured as a delivery source. These services are listed\n as Supported [V2 Permissions] in the table at \n Enabling \n logging from Amazon Web Services services.\n
\nIf you use this operation to update an existing delivery destination, all the current delivery destination parameters are overwritten\n with the new parameter values that you specify.
" + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationPolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationPolicyRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationPolicyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ConflictException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Creates and assigns an IAM policy that grants permissions to CloudWatch Logs to deliver \n logs cross-account to a specified destination in this account. To configure the delivery of logs from an \n Amazon Web Services service in another account to a logs delivery destination in the current account, you must do the following:
\nCreate a delivery source, which is a logical object that represents the resource that is actually\n sending the logs. For more \n information, see PutDeliverySource.
\nCreate a delivery destination, which is a logical object that represents the actual\n delivery destination. For more \n information, see PutDeliveryDestination.
\nUse this operation in the destination account to assign an IAM policy to the \n destination. This policy allows delivery to that destination.\n
\nCreate a delivery by pairing exactly one delivery source and one delivery destination.\n For more information, see CreateDelivery.
\nOnly some Amazon Web Services services support being configured as a delivery source. These services are listed\n as Supported [V2 Permissions] in the table at \n Enabling \n logging from Amazon Web Services services.\n
\nThe contents of the policy must include two statements. One statement enables general logs delivery, and the other\n allows delivery to the chosen destination. See the examples for the needed policies.
" + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationPolicyRequest": { + "type": "structure", + "members": { + "deliveryDestinationName": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationName", + "traits": { + "smithy.api#documentation": "The name of the delivery destination to assign this policy to.
", + "smithy.api#required": {} + } + }, + "deliveryDestinationPolicy": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationPolicy", + "traits": { + "smithy.api#documentation": "The contents of the policy.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationPolicyResponse": { + "type": "structure", + "members": { + "policy": { + "target": "com.amazonaws.cloudwatchlogs#Policy", + "traits": { + "smithy.api#documentation": "The contents of the policy that you just created.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationRequest": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationName", + "traits": { + "smithy.api#documentation": "A name for this delivery destination. This name must be unique for all delivery destinations in your account.
", + "smithy.api#required": {} + } + }, + "outputFormat": { + "target": "com.amazonaws.cloudwatchlogs#OutputFormat", + "traits": { + "smithy.api#documentation": "The format for the logs that this delivery destination will receive.
" + } + }, + "deliveryDestinationConfiguration": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestinationConfiguration", + "traits": { + "smithy.api#documentation": "A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
", + "smithy.api#required": {} + } + }, + "tags": { + "target": "com.amazonaws.cloudwatchlogs#Tags", + "traits": { + "smithy.api#documentation": "An optional list of key-value pairs to associate with the resource.
\nFor more information about tagging, see \n Tagging Amazon Web Services resources\n
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliveryDestinationResponse": { + "type": "structure", + "members": { + "deliveryDestination": { + "target": "com.amazonaws.cloudwatchlogs#DeliveryDestination", + "traits": { + "smithy.api#documentation": "A structure containing information about the delivery destination that you just created or updated.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliverySource": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#PutDeliverySourceRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#PutDeliverySourceResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#ConflictException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ThrottlingException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Creates or updates a logical delivery source. A delivery source represents an Amazon Web Services resource that sends logs to an\n logs delivery destination. The destination can be CloudWatch Logs, Amazon S3, or Kinesis Data Firehose.
\nTo configure logs delivery between a delivery destination and an Amazon Web Services service that is supported as a delivery source, you must do the following:
\nUse PutDeliverySource to create a delivery source, which is a logical object that represents the resource that is actually\n sending the logs.
Use PutDeliveryDestination to create a delivery destination, which is a logical object that represents the actual\n delivery destination. For more \n information, see PutDeliveryDestination.
If you are delivering logs cross-account, you must use \n PutDeliveryDestinationPolicy\n in the destination account to assign an IAM policy to the \n destination. This policy allows delivery to that destination.\n
\nUse CreateDelivery to create a delivery by pairing exactly \n one delivery source and one delivery destination. For more \n information, see CreateDelivery.\n
You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You \n can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
\nOnly some Amazon Web Services services support being configured as a delivery source. These services are listed\n as Supported [V2 Permissions] in the table at \n Enabling \n logging from Amazon Web Services services.\n
\nIf you use this operation to update an existing delivery source, all the current delivery source parameters are overwritten\n with the new parameter values that you specify.
" + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliverySourceRequest": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySourceName", + "traits": { + "smithy.api#documentation": "A name for this delivery source. This name must be unique for all delivery sources in your account.
", + "smithy.api#required": {} + } + }, + "resourceArn": { + "target": "com.amazonaws.cloudwatchlogs#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the Amazon Web Services resource that is generating and sending logs. \n For example, arn:aws:workmail:us-east-1:123456789012:organization/m-1234EXAMPLEabcd1234abcd1234abcd1234\n
Defines the type of log that the source is sending. For valid values for this parameter, see the documentation for\n the source service.
", + "smithy.api#required": {} + } + }, + "tags": { + "target": "com.amazonaws.cloudwatchlogs#Tags", + "traits": { + "smithy.api#documentation": "An optional list of key-value pairs to associate with the resource.
\nFor more information about tagging, see \n Tagging Amazon Web Services resources\n
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#PutDeliverySourceResponse": { + "type": "structure", + "members": { + "deliverySource": { + "target": "com.amazonaws.cloudwatchlogs#DeliverySource", + "traits": { + "smithy.api#documentation": "A structure containing information about the delivery source that was just created or updated.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.cloudwatchlogs#PutDestination": { "type": "operation", "input": { @@ -5616,6 +6877,12 @@ "smithy.api#error": "client" } }, + "com.amazonaws.cloudwatchlogs#ResourceArns": { + "type": "list", + "member": { + "target": "com.amazonaws.cloudwatchlogs#Arn" + } + }, "com.amazonaws.cloudwatchlogs#ResourceIdentifier": { "type": "string", "traits": { @@ -5749,6 +7016,28 @@ } } }, + "com.amazonaws.cloudwatchlogs#Service": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 255 + }, + "smithy.api#pattern": "^[\\w]*$" + } + }, + "com.amazonaws.cloudwatchlogs#ServiceQuotaExceededException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.cloudwatchlogs#Message" + } + }, + "traits": { + "smithy.api#documentation": "This request exceeds a service quota.
", + "smithy.api#error": "client" + } + }, "com.amazonaws.cloudwatchlogs#ServiceUnavailableException": { "type": "structure", "members": { @@ -6379,6 +7668,18 @@ "smithy.api#output": {} } }, + "com.amazonaws.cloudwatchlogs#ThrottlingException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.cloudwatchlogs#Message" + } + }, + "traits": { + "smithy.api#documentation": "The request was throttled because of quota limits.
", + "smithy.api#error": "client" + } + }, "com.amazonaws.cloudwatchlogs#Timestamp": { "type": "long", "traits": { @@ -6517,6 +7818,18 @@ "smithy.api#input": {} } }, + "com.amazonaws.cloudwatchlogs#ValidationException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.cloudwatchlogs#Message" + } + }, + "traits": { + "smithy.api#documentation": "One of the parameters for the request is not valid.
", + "smithy.api#error": "client" + } + }, "com.amazonaws.cloudwatchlogs#Value": { "type": "string" } diff --git a/codegen/sdk-codegen/aws-models/comprehend.json b/codegen/sdk-codegen/aws-models/comprehend.json index 4b5591f9fe6..d694042e56f 100644 --- a/codegen/sdk-codegen/aws-models/comprehend.json +++ b/codegen/sdk-codegen/aws-models/comprehend.json @@ -603,7 +603,7 @@ } ], "traits": { - "smithy.api#documentation": "Inspects a batch of documents and returns a sentiment analysis\n for each entity identified in the documents.
\nFor more information about targeted sentiment, see Targeted sentiment.
" + "smithy.api#documentation": "Inspects a batch of documents and returns a sentiment analysis\n for each entity identified in the documents.
\nFor more information about targeted sentiment, see Targeted sentiment in the Amazon Comprehend Developer Guide.
" } }, "com.amazonaws.comprehend#BatchDetectTargetedSentimentItemResult": { @@ -979,7 +979,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a new document classification request to analyze a single document in real-time,\n using a previously created and trained custom model and an endpoint.
\nYou can input plain text or you can upload a single-page input document (text, PDF, Word, or image).
\nIf the system detects errors while processing a page in the input document,\n the API response includes an entry in Errors that describes the errors.
If the system detects a document-level error in your input document, the API returns an\n InvalidRequestException error response.\n For details about this exception, see\n \n Errors in semi-structured documents in the Comprehend Developer Guide.\n
Creates a classification request to analyze a single document in real-time. ClassifyDocument \n supports the following model types:
Custom classifier - a custom model that you have created and trained. \n For input, you can provide plain text, a single-page document (PDF, Word, or image), or Textract API output.\n For more information, see Custom classification in the Amazon Comprehend Developer Guide.
\nPrompt classifier - Amazon Comprehend provides a model for classifying prompts. \n For input, you provide English plain text input.\n For prompt classification, the response includes only the Classes field.\n For more information about prompt classifiers, see Prompt classifiers in the Amazon Comprehend Developer Guide.
If the system detects errors while processing a page in the input document,\n the API response includes an entry in Errors that describes the errors.
If the system detects a document-level error in your input document, the API returns an\n InvalidRequestException error response.\n For details about this exception, see\n \n Errors in semi-structured documents in the Comprehend Developer Guide.\n
The Amazon Resource Number (ARN) of the endpoint. For information about endpoints, see Managing endpoints.
", + "smithy.api#documentation": "The Amazon Resource Number (ARN) of the endpoint.
\nFor prompt classification, Amazon Comprehend provides the endpoint ARN: zzz.
For custom classification, you create an endpoint for your custom model. For more information, \n see Using Amazon Comprehend endpoints.
", "smithy.api#required": {} } }, "Bytes": { "target": "com.amazonaws.comprehend#SemiStructuredDocumentBlob", "traits": { - "smithy.api#documentation": "Use the Bytes parameter to input a text, PDF, Word or image file.\n You can also use the Bytes parameter to input an Amazon Textract DetectDocumentText\n or AnalyzeDocument output file.
Provide the input document as a sequence of base64-encoded bytes.\n If your code uses an Amazon Web Services SDK to classify documents, the SDK may encode\n the document file bytes for you.
\nThe maximum length of this field depends on the input document type. For details, see\n \n Inputs for real-time custom analysis in the Comprehend Developer Guide.
\nIf you use the Bytes parameter, do not use the Text parameter.
Use the Bytes parameter to input a text, PDF, Word or image file.
When you classify a document using a custom model, you can also use the Bytes parameter to input an Amazon Textract DetectDocumentText\n or AnalyzeDocument output file.
To classify a document using the prompt classifier, use the Text parameter for input.
Provide the input document as a sequence of base64-encoded bytes.\n If your code uses an Amazon Web Services SDK to classify documents, the SDK may encode\n the document file bytes for you.
\nThe maximum length of this field depends on the input document type. For details, see\n \n Inputs for real-time custom analysis in the Comprehend Developer Guide.
\nIf you use the Bytes parameter, do not use the Text parameter.
The classes used by the document being analyzed. These are used for multi-class trained\n models. Individual classes are mutually exclusive and each document is expected to have only a\n single class assigned to it. For example, an animal can be a dog or a cat, but not both at the\n same time.
" + "smithy.api#documentation": "The classes used by the document being analyzed. These are used for multi-class trained\n models. Individual classes are mutually exclusive and each document is expected to have only a\n single class assigned to it. For example, an animal can be a dog or a cat, but not both at the\n same time.
\nFor prompt classification, the response includes a single class (UNDESIRED_PROMPT), along with a confidence score. \n A higher confidence score indicates that the input prompt is undesired in nature.
Specifies the location for the output files from a custom classifier job.\n This parameter is required for a request that creates a native classifier model.
" + "smithy.api#documentation": "Specifies the location for the output files from a custom classifier job.\n This parameter is required for a request that creates a native document model.
" } }, "ClientRequestToken": { @@ -2856,7 +2859,7 @@ "ActiveModelArn": { "target": "com.amazonaws.comprehend#ComprehendModelArn", "traits": { - "smithy.api#documentation": "To associate an existing model with the flywheel, specify the Amazon Resource Number (ARN) of the model version.
" + "smithy.api#documentation": "To associate an existing model with the flywheel, specify the Amazon Resource Number (ARN) of the model version.\n Do not set TaskConfig or ModelType if you specify an ActiveModelArn.
Configuration about the custom classifier associated with the flywheel.
" + "smithy.api#documentation": "Configuration about the model associated with the flywheel.\n You need to set TaskConfig if you are creating a flywheel for a new model.
The model type.
" + "smithy.api#documentation": "The model type. You need to set ModelType if you are creating a flywheel for a new model.
Inspects the input text and returns a sentiment analysis for each entity identified in the text.
\nFor more information about targeted sentiment, see Targeted sentiment.
" + "smithy.api#documentation": "Inspects the input text and returns a sentiment analysis for each entity identified in the text.
\nFor more information about targeted sentiment, see Targeted sentiment in the Amazon Comprehend Developer Guide.
" } }, "com.amazonaws.comprehend#DetectTargetedSentimentRequest": { @@ -4971,6 +4974,68 @@ "smithy.api#sensitive": {} } }, + "com.amazonaws.comprehend#DetectToxicContent": { + "type": "operation", + "input": { + "target": "com.amazonaws.comprehend#DetectToxicContentRequest" + }, + "output": { + "target": "com.amazonaws.comprehend#DetectToxicContentResponse" + }, + "errors": [ + { + "target": "com.amazonaws.comprehend#InternalServerException" + }, + { + "target": "com.amazonaws.comprehend#InvalidRequestException" + }, + { + "target": "com.amazonaws.comprehend#TextSizeLimitExceededException" + }, + { + "target": "com.amazonaws.comprehend#UnsupportedLanguageException" + } + ], + "traits": { + "smithy.api#documentation": "Performs toxicity analysis on the list of text strings that you provide as input.\n The analysis uses the order of strings in the list to determine context when predicting toxicity.\n The API response contains a results list that matches the size of the input list.\n For more information about toxicity detection, see Toxicity detection in the Amazon Comprehend Developer Guide\n
" + } + }, + "com.amazonaws.comprehend#DetectToxicContentRequest": { + "type": "structure", + "members": { + "TextSegments": { + "target": "com.amazonaws.comprehend#ListOfTextSegments", + "traits": { + "smithy.api#documentation": "A list of up to 10 text strings. The maximum size for the list is 10 KB.
", + "smithy.api#required": {} + } + }, + "LanguageCode": { + "target": "com.amazonaws.comprehend#LanguageCode", + "traits": { + "smithy.api#documentation": "The language of the input text. Currently, English is the only supported language.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.comprehend#DetectToxicContentResponse": { + "type": "structure", + "members": { + "ResultList": { + "target": "com.amazonaws.comprehend#ListOfToxicLabels", + "traits": { + "smithy.api#documentation": "Results of the content moderation analysis.\n Each entry in the results list contains a list of toxic content types identified in \n the text, along with a confidence score for each content type. \n The results list also includes a toxicity score for each entry in the results list.\n
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.comprehend#DocumentClass": { "type": "structure", "members": { @@ -5015,7 +5080,7 @@ } }, "traits": { - "smithy.api#documentation": "Configuration required for a custom classification model.
" + "smithy.api#documentation": "Configuration required for a document classification model.
" } }, "com.amazonaws.comprehend#DocumentClassificationJobFilter": { @@ -5128,7 +5193,7 @@ "VpcConfig": { "target": "com.amazonaws.comprehend#VpcConfig", "traits": { - "smithy.api#documentation": "Configuration parameters for a private Virtual Private Cloud (VPC) containing the\n resources you are using for your document classification job. For more information, see Amazon\n VPC.
" + "smithy.api#documentation": "Configuration parameters for a private Virtual Private Cloud (VPC) containing the\n resources you are using for your document classification job. For more information, see Amazon\n VPC.
" } }, "FlywheelArn": { @@ -5216,7 +5281,7 @@ } }, "traits": { - "smithy.api#documentation": "The location of the training documents. This parameter is required in a request to create a native classifier model.
" + "smithy.api#documentation": "The location of the training documents. This parameter is required in a request to create a semi-structured document classification model.
" } }, "com.amazonaws.comprehend#DocumentClassifierEndpointArn": { @@ -5226,7 +5291,7 @@ "min": 0, "max": 256 }, - "smithy.api#pattern": "^arn:aws(-[^:]+)?:comprehend:[a-zA-Z0-9-]*:[0-9]{12}:document-classifier-endpoint/[a-zA-Z0-9](-*[a-zA-Z0-9])*$" + "smithy.api#pattern": "^arn:aws(-[^:]+)?:comprehend:[a-zA-Z0-9-]*:([0-9]{12}|aws):document-classifier-endpoint/[a-zA-Z0-9](-*[a-zA-Z0-9])*$" } }, "com.amazonaws.comprehend#DocumentClassifierFilter": { @@ -5279,7 +5344,7 @@ "TestS3Uri": { "target": "com.amazonaws.comprehend#S3Uri", "traits": { - "smithy.api#documentation": "This specifies the Amazon S3 location where the test annotations for an entity recognizer\n are located. The URI must be in the same Amazon Web Services Region as the API endpoint that you are\n calling.
" + "smithy.api#documentation": "This specifies the Amazon S3 location that contains the test annotations for the document classifier. \n The URI must be in the same Amazon Web Services Region as the API endpoint that you are calling.
" } }, "LabelDelimiter": { @@ -5297,13 +5362,13 @@ "DocumentType": { "target": "com.amazonaws.comprehend#DocumentClassifierDocumentTypeFormat", "traits": { - "smithy.api#documentation": "The type of input documents for training the model. Provide plain-text documents to create a plain-text model, and\n provide semi-structured documents to create a native model.
" + "smithy.api#documentation": "The type of input documents for training the model. Provide plain-text documents to create a plain-text model, and\n provide semi-structured documents to create a native document model.
" } }, "Documents": { "target": "com.amazonaws.comprehend#DocumentClassifierDocuments", "traits": { - "smithy.api#documentation": "The S3 location of the training documents. \n This parameter is required in a request to create a native classifier model.
" + "smithy.api#documentation": "The S3 location of the training documents. \n This parameter is required in a request to create a native document model.
" } }, "DocumentReaderConfig": { @@ -5354,7 +5419,7 @@ } }, "traits": { - "smithy.api#documentation": "Provide the location for output data from a custom classifier job. This field is mandatory \n if you are training a native classifier model.
" + "smithy.api#documentation": "Provide the location for output data from a custom classifier job. This field is mandatory \n if you are training a native document model.
" } }, "com.amazonaws.comprehend#DocumentClassifierProperties": { @@ -5441,7 +5506,7 @@ "VpcConfig": { "target": "com.amazonaws.comprehend#VpcConfig", "traits": { - "smithy.api#documentation": "Configuration parameters for a private Virtual Private Cloud (VPC) containing the\n resources you are using for your custom classifier. For more information, see Amazon\n VPC.
" + "smithy.api#documentation": "Configuration parameters for a private Virtual Private Cloud (VPC) containing the\n resources you are using for your custom classifier. For more information, see Amazon\n VPC.
" } }, "Mode": { @@ -7209,7 +7274,7 @@ "TaskConfig": { "target": "com.amazonaws.comprehend#TaskConfig", "traits": { - "smithy.api#documentation": "Configuration about the custom classifier associated with the flywheel.
" + "smithy.api#documentation": "Configuration about the model associated with a flywheel.
" } }, "DataLakeS3Uri": { @@ -9186,6 +9251,30 @@ "target": "com.amazonaws.comprehend#TargetedSentimentEntity" } }, + "com.amazonaws.comprehend#ListOfTextSegments": { + "type": "list", + "member": { + "target": "com.amazonaws.comprehend#TextSegment" + }, + "traits": { + "smithy.api#length": { + "min": 1 + }, + "smithy.api#sensitive": {} + } + }, + "com.amazonaws.comprehend#ListOfToxicContent": { + "type": "list", + "member": { + "target": "com.amazonaws.comprehend#ToxicContent" + } + }, + "com.amazonaws.comprehend#ListOfToxicLabels": { + "type": "list", + "member": { + "target": "com.amazonaws.comprehend#ToxicLabels" + } + }, "com.amazonaws.comprehend#ListOfWarnings": { "type": "list", "member": { @@ -9592,7 +9681,7 @@ } }, "traits": { - "smithy.api#documentation": "Contains the sentiment and sentiment score for one mention of an entity.
\nFor more information about targeted sentiment, see Targeted sentiment.
" + "smithy.api#documentation": "Contains the sentiment and sentiment score for one mention of an entity.
\nFor more information about targeted sentiment, see Targeted sentiment in the Amazon Comprehend Developer Guide.
" } }, "com.amazonaws.comprehend#ModelStatus": { @@ -9690,7 +9779,7 @@ "KmsKeyId": { "target": "com.amazonaws.comprehend#KmsKeyId", "traits": { - "smithy.api#documentation": "ID for the Amazon Web Services Key Management Service (KMS) key that Amazon Comprehend uses to encrypt the\n output results from an analysis job. The KmsKeyId can be one of the following formats:
\nKMS Key ID: \"1234abcd-12ab-34cd-56ef-1234567890ab\"\n
Amazon Resource Name (ARN) of a KMS Key:\n \"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\"\n
KMS Key Alias: \"alias/ExampleAlias\"\n
ARN of a KMS Key Alias:\n \"arn:aws:kms:us-west-2:111122223333:alias/ExampleAlias\"\n
ID for the Amazon Web Services Key Management Service (KMS) key that Amazon Comprehend uses to encrypt the\n output results from an analysis job. Specify the Key Id of a symmetric key, because you cannot use an asymmetric\n key for uploading data to S3.
\nThe KmsKeyId can be one of the following formats:
\nKMS Key ID: \"1234abcd-12ab-34cd-56ef-1234567890ab\"\n
Amazon Resource Name (ARN) of a KMS Key:\n \"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\"\n
KMS Key Alias: \"alias/ExampleAlias\"\n
ARN of a KMS Key Alias:\n \"arn:aws:kms:us-west-2:111122223333:alias/ExampleAlias\"\n
The Amazon Resource Name (ARN) of the IAM role that\n grants Amazon Comprehend read access to your input data. For more information, see Role-based permissions.
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role that\n grants Amazon Comprehend read access to your input data. For more information, see Role-based permissions.
", "smithy.api#required": {} } }, @@ -12872,7 +12961,7 @@ } }, "traits": { - "smithy.api#documentation": "Information about one of the entities found by targeted sentiment analysis.
\nFor more information about targeted sentiment, see Targeted sentiment.
" + "smithy.api#documentation": "Information about one of the entities found by targeted sentiment analysis.
\nFor more information about targeted sentiment, see Targeted sentiment in the Amazon Comprehend Developer Guide.
" } }, "com.amazonaws.comprehend#TargetedSentimentEntityType": { @@ -13029,7 +13118,7 @@ } }, "traits": { - "smithy.api#documentation": "Information about one mention of an entity. The mention information includes the location of the mention\n in the text and the sentiment of the mention.
\nFor more information about targeted sentiment, see Targeted sentiment.
" + "smithy.api#documentation": "Information about one mention of an entity. The mention information includes the location of the mention\n in the text and the sentiment of the mention.
\nFor more information about targeted sentiment, see Targeted sentiment in the Amazon Comprehend Developer Guide.
" } }, "com.amazonaws.comprehend#TaskConfig": { @@ -13045,7 +13134,7 @@ "DocumentClassificationConfig": { "target": "com.amazonaws.comprehend#DocumentClassificationConfig", "traits": { - "smithy.api#documentation": "Configuration required for a classification model.
" + "smithy.api#documentation": "Configuration required for a document classification model.
" } }, "EntityRecognitionConfig": { @@ -13056,7 +13145,22 @@ } }, "traits": { - "smithy.api#documentation": "Configuration about the custom classifier associated with the flywheel.
" + "smithy.api#documentation": "Configuration about the model associated with a flywheel.
" + } + }, + "com.amazonaws.comprehend#TextSegment": { + "type": "structure", + "members": { + "Text": { + "target": "com.amazonaws.comprehend#CustomerInputString", + "traits": { + "smithy.api#documentation": "The text content.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "One of the of text strings. Each string has a size limit of 1KB.
" } }, "com.amazonaws.comprehend#TextSizeLimitExceededException": { @@ -13238,6 +13342,93 @@ "target": "com.amazonaws.comprehend#TopicsDetectionJobProperties" } }, + "com.amazonaws.comprehend#ToxicContent": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.comprehend#ToxicContentType", + "traits": { + "smithy.api#documentation": "The name of the toxic content type.
" + } + }, + "Score": { + "target": "com.amazonaws.comprehend#Float", + "traits": { + "smithy.api#documentation": "\n Model confidence in the detected content type. Value range is zero to one, where one is highest confidence.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Toxic content analysis result for one string. For more information about toxicity detection, see Toxicity detection in the Amazon Comprehend Developer Guide\n
" + } + }, + "com.amazonaws.comprehend#ToxicContentType": { + "type": "enum", + "members": { + "GRAPHIC": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "GRAPHIC" + } + }, + "HARASSMENT_OR_ABUSE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "HARASSMENT_OR_ABUSE" + } + }, + "HATE_SPEECH": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "HATE_SPEECH" + } + }, + "INSULT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "INSULT" + } + }, + "PROFANITY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PROFANITY" + } + }, + "SEXUAL": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SEXUAL" + } + }, + "VIOLENCE_OR_THREAT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "VIOLENCE_OR_THREAT" + } + } + } + }, + "com.amazonaws.comprehend#ToxicLabels": { + "type": "structure", + "members": { + "Labels": { + "target": "com.amazonaws.comprehend#ListOfToxicContent", + "traits": { + "smithy.api#documentation": "Array of toxic content types identified in the string.
" + } + }, + "Toxicity": { + "target": "com.amazonaws.comprehend#Float", + "traits": { + "smithy.api#documentation": "Overall toxicity score for the string.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Toxicity analysis result for one string. For more information about toxicity detection, see Toxicity detection in the Amazon Comprehend Developer Guide\n
" + } + }, "com.amazonaws.comprehend#UnsupportedLanguageException": { "type": "structure", "members": { @@ -13551,7 +13742,7 @@ } }, "traits": { - "smithy.api#documentation": "The system identified one of the following warnings while processing the input document:
\nThe document to classify is plain text, but the classifier is a native model.
\nThe document to classify is semi-structured, but the classifier is a plain-text model.
\nThe system identified one of the following warnings while processing the input document:
\nThe document to classify is plain text, but the classifier is a native document model.
\nThe document to classify is semi-structured, but the classifier is a plain-text model.
\nThe maximum number of results to return per page.
", "smithy.api#httpQuery": "maxResults" } + }, + "IntegrationArn": { + "target": "com.amazonaws.connect#ARN", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the integration.
", + "smithy.api#httpQuery": "integrationArn" + } } }, "traits": { diff --git a/codegen/sdk-codegen/aws-models/ec2.json b/codegen/sdk-codegen/aws-models/ec2.json index d0f537aec20..3e10fc979c7 100644 --- a/codegen/sdk-codegen/aws-models/ec2.json +++ b/codegen/sdk-codegen/aws-models/ec2.json @@ -3229,6 +3229,9 @@ { "target": "com.amazonaws.ec2#DisableSerialConsoleAccess" }, + { + "target": "com.amazonaws.ec2#DisableSnapshotBlockPublicAccess" + }, { "target": "com.amazonaws.ec2#DisableTransitGatewayRouteTablePropagation" }, @@ -3316,6 +3319,9 @@ { "target": "com.amazonaws.ec2#EnableSerialConsoleAccess" }, + { + "target": "com.amazonaws.ec2#EnableSnapshotBlockPublicAccess" + }, { "target": "com.amazonaws.ec2#EnableTransitGatewayRouteTablePropagation" }, @@ -3436,6 +3442,9 @@ { "target": "com.amazonaws.ec2#GetSerialConsoleAccessStatus" }, + { + "target": "com.amazonaws.ec2#GetSnapshotBlockPublicAccessState" + }, { "target": "com.amazonaws.ec2#GetSpotPlacementScores" }, @@ -41996,6 +42005,48 @@ "smithy.api#output": {} } }, + "com.amazonaws.ec2#DisableSnapshotBlockPublicAccess": { + "type": "operation", + "input": { + "target": "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessRequest" + }, + "output": { + "target": "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessResult" + }, + "traits": { + "smithy.api#documentation": "Disables the block public access for snapshots setting at \n the account level for the specified Amazon Web Services Region. After you disable block public \n access for snapshots in a Region, users can publicly share snapshots in that Region.
\nIf block public access is enabled in block-all-sharing mode, and \n you disable block public access, all snapshots that were previously publicly shared \n are no longer treated as private and they become publicly accessible again.
For more information, see \n Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide .
\n " + } + }, + "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessRequest": { + "type": "structure", + "members": { + "DryRun": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Checks whether you have the required permissions for the action, without actually making the request, \n and provides an error response. If you have the required permissions, the error response is DryRunOperation. \n Otherwise, it is UnauthorizedOperation.
Returns unblocked if the request succeeds.
Enables or modifies the block public access for snapshots \n setting at the account level for the specified Amazon Web Services Region. After you enable block \n public access for snapshots in a Region, users can no longer request public sharing \n for snapshots in that Region. Snapshots that are already publicly shared are either \n treated as private or they remain publicly shared, depending on the \n State that you specify.
\nIf block public access is enabled in block-all-sharing mode, and \n you change the mode to block-new-sharing, all snapshots that were \n previously publicly shared are no longer treated as private and they become publicly \n accessible again.
For more information, see \n Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide.
" + } + }, + "com.amazonaws.ec2#EnableSnapshotBlockPublicAccessRequest": { + "type": "structure", + "members": { + "State": { + "target": "com.amazonaws.ec2#SnapshotBlockPublicAccessState", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "The mode in which to enable block public access for snapshots for the Region. \n Specify one of the following values:
\n\n block-all-sharing - Prevents all public sharing of snapshots in \n the Region. Users in the account will no longer be able to request new public \n sharing. Additionally, snapshots that are already publicly shared are treated as \n private and they are no longer publicly available.
If you enable block public access for snapshots in block-all-sharing \n mode, it does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.
\n block-new-sharing - Prevents only new public sharing of snapshots \n in the Region. Users in the account will no longer be able to request new public \n sharing. However, snapshots that are already publicly shared, remain publicly \n available.
Checks whether you have the required permissions for the action, without actually making the request, \n and provides an error response. If you have the required permissions, the error response is DryRunOperation. \n Otherwise, it is UnauthorizedOperation.
The state of block public access for snapshots for the account and Region. Returns \n either block-all-sharing or block-new-sharing if the request \n succeeds.
Gets the current state of block public access for snapshots setting \n for the account and Region.
\nFor more information, see \n Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide.
" + } + }, + "com.amazonaws.ec2#GetSnapshotBlockPublicAccessStateRequest": { + "type": "structure", + "members": { + "DryRun": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Checks whether you have the required permissions for the action, without actually making the request, \n and provides an error response. If you have the required permissions, the error response is DryRunOperation. \n Otherwise, it is UnauthorizedOperation.
The current state of block public access for snapshots. Possible values include:
\n\n block-all-sharing - All public sharing of snapshots is blocked. Users in \n the account can't request new public sharing. Additionally, snapshots that were already \n publicly shared are treated as private and are not publicly available.
\n block-new-sharing - Only new public sharing of snapshots is blocked. \n Users in the account can't request new public sharing. However, snapshots that were \n already publicly shared, remain publicly available.
\n unblocked - Public sharing is not blocked. Users can publicly share \n snapshots.
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy\n for you to run Kubernetes on Amazon Web Services without needing to stand up or maintain\n your own Kubernetes control plane. Kubernetes is an open-source system for automating\n the deployment, scaling, and management of containerized applications.
\nAmazon EKS runs up-to-date versions of the open-source Kubernetes software, so\n you can use all the existing plugins and tooling from the Kubernetes community.\n Applications running on Amazon EKS are fully compatible with applications\n running on any standard Kubernetes environment, whether running in on-premises data\n centers or public clouds. This means that you can easily migrate any standard Kubernetes\n application to Amazon EKS without any code modification required.
", + "smithy.api#documentation": "Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy\n for you to run Kubernetes on Amazon Web Services without needing to stand up or maintain your\n own Kubernetes control plane. Kubernetes is an open-source system for automating the deployment,\n scaling, and management of containerized applications.
\nAmazon EKS runs up-to-date versions of the open-source Kubernetes software, so you\n can use all the existing plugins and tooling from the Kubernetes community. Applications\n running on Amazon EKS are fully compatible with applications running on any\n standard Kubernetes environment, whether running in on-premises data centers or public\n clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without any code modification required.
", "smithy.api#title": "Amazon Elastic Kubernetes Service", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -1269,7 +1284,7 @@ } }, "traits": { - "smithy.api#documentation": "You don't have permissions to perform the requested operation. The user or role that\n is making the request must have at least one IAM permissions policy\n attached that grants the required permissions. For more information, see Access\n Management in the IAM User Guide.
", + "smithy.api#documentation": "You don't have permissions to perform the requested operation. The IAM principal\n making the request must have at least one IAM permissions policy attached\n that grants the required permissions. For more information, see Access\n management in the IAM User Guide.\n
", "smithy.api#error": "client", "smithy.api#httpError": 403 } @@ -1877,12 +1892,18 @@ "addonName": { "target": "com.amazonaws.eks#String" }, + "subscriptionId": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The Amazon EKS subscription ID with the exception.
" + } + }, "message": { "target": "com.amazonaws.eks#String" } }, "traits": { - "smithy.api#documentation": "These errors are usually caused by a client action. Actions can include using an\n action or resource on behalf of a user that doesn't have permissions to use the action\n or resource or specifying an identifier that is not valid.
", + "smithy.api#documentation": "These errors are usually caused by a client action. Actions can include using an\n action or resource on behalf of an IAM principal that doesn't have permissions to use\n the action or resource or specifying an identifier that is not valid.
", "smithy.api#error": "client", "smithy.api#httpError": 400 } @@ -1923,13 +1944,13 @@ "roleArn": { "target": "com.amazonaws.eks#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the\n Kubernetes control plane to make calls to Amazon Web Services API operations on your\n behalf.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes\n control plane to make calls to Amazon Web Services API operations on your behalf.
" } }, "resourcesVpcConfig": { "target": "com.amazonaws.eks#VpcConfigResponse", "traits": { - "smithy.api#documentation": "The VPC configuration used by the cluster control plane. Amazon EKS VPC\n resources have specific requirements to work properly with Kubernetes. For more\n information, see Cluster VPC Considerations and Cluster Security\n Group Considerations in the Amazon EKS User Guide.
" + "smithy.api#documentation": "The VPC configuration used by the cluster control plane. Amazon EKS VPC\n resources have specific requirements to work properly with Kubernetes. For more information,\n see Cluster VPC\n Considerations and Cluster Security Group Considerations in the\n Amazon EKS User Guide.
" } }, "kubernetesNetworkConfig": { @@ -2394,7 +2415,7 @@ } }, "traits": { - "smithy.api#documentation": "The placement configuration for all the control plane instances of your local Amazon EKS cluster on an Amazon Web Services Outpost. For more information, see\n Capacity\n considerations in the Amazon EKS User Guide\n
" + "smithy.api#documentation": "The placement configuration for all the control plane instances of your local Amazon EKS cluster on an Amazon Web Services Outpost. For more information, see\n Capacity\n considerations in the Amazon EKS User Guide.
" } }, "com.amazonaws.eks#ControlPlanePlacementResponse": { @@ -2481,7 +2502,7 @@ "resolveConflicts": { "target": "com.amazonaws.eks#ResolveConflicts", "traits": { - "smithy.api#documentation": "How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are\n handled based on the value you choose:
\n\n None – If the self-managed version of\n the add-on is installed on your cluster, Amazon EKS doesn't change the\n value. Creation of the add-on might fail.
\n\n Overwrite – If the self-managed\n version of the add-on is installed on your cluster and the Amazon EKS\n default value is different than the existing value, Amazon EKS changes\n the value to the Amazon EKS default value.
\n\n Preserve – Not supported. You can set\n this value when updating an add-on though. For more information, see UpdateAddon.
\nIf you don't currently have the self-managed version of the add-on installed on your\n cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values\n to default values, regardless of the option that you specify.
" + "smithy.api#documentation": "How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are\n handled based on the value you choose:
\n\n None – If the self-managed version of\n the add-on is installed on your cluster, Amazon EKS doesn't change the\n value. Creation of the add-on might fail.
\n\n Overwrite – If the self-managed\n version of the add-on is installed on your cluster and the Amazon EKS\n default value is different than the existing value, Amazon EKS changes\n the value to the Amazon EKS default value.
\n\n Preserve – This is similar to the NONE\n option. If the self-managed version of the add-on is installed on your cluster\n Amazon EKS doesn't change the add-on resource properties. Creation\n of the add-on might fail if conflicts are detected. This option works\n differently during the update operation. For more information, see UpdateAddon.
\nIf you don't currently have the self-managed version of the add-on installed on your\n cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values\n to default values, regardless of the option that you specify.
" } }, "clientRequestToken": { @@ -2551,7 +2572,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates an Amazon EKS control plane.
\nThe Amazon EKS control plane consists of control plane instances that run the\n Kubernetes software, such as etcd and the API server. The control plane\n runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by\n the Amazon EKS API server endpoint. Each Amazon EKS cluster control\n plane is single tenant and unique. It runs on its own set of Amazon EC2\n instances.
The cluster control plane is provisioned across multiple Availability Zones and\n fronted by an Elastic Load Balancing\n Network Load Balancer. Amazon EKS also provisions elastic network interfaces in\n your VPC subnets to provide connectivity from the control plane instances to the nodes\n (for example, to support kubectl exec, logs, and\n proxy data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your\n cluster's control plane over the Kubernetes API server endpoint and a certificate file\n that is created for your cluster.
\nIn most cases, it takes several minutes to create a cluster. After you create an\n Amazon EKS cluster, you must configure your Kubernetes tooling to\n communicate with the API server and launch nodes into your cluster. For more\n information, see Managing Cluster Authentication and Launching\n Amazon EKS nodes in the Amazon EKS User Guide.
", + "smithy.api#documentation": "Creates an Amazon EKS control plane.
\nThe Amazon EKS control plane consists of control plane instances that run the\n Kubernetes software, such as etcd and the API server. The control plane runs in\n an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is\n single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and\n fronted by an Elastic Load Balancing\n Network Load Balancer. Amazon EKS also provisions elastic network interfaces in\n your VPC subnets to provide connectivity from the control plane instances to the nodes\n (for example, to support kubectl exec, logs, and\n proxy data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your\n cluster's control plane over the Kubernetes API server endpoint and a certificate file that\n is created for your cluster.
\nIn most cases, it takes several minutes to create a cluster. After you create an\n Amazon EKS cluster, you must configure your Kubernetes tooling to communicate\n with the API server and launch nodes into your cluster. For more information, see Managing Cluster\n Authentication and Launching Amazon EKS nodes in the\n Amazon EKS User Guide.
", "smithy.api#examples": [ { "title": "To create a new cluster", @@ -2594,20 +2615,20 @@ "version": { "target": "com.amazonaws.eks#String", "traits": { - "smithy.api#documentation": "The desired Kubernetes version for your cluster. If you don't specify a value here,\n the default version available in Amazon EKS is used.
\nThe default version might not be the latest version available.
\nThe desired Kubernetes version for your cluster. If you don't specify a value here, the\n default version available in Amazon EKS is used.
\nThe default version might not be the latest version available.
\nThe Amazon Resource Name (ARN) of the IAM role that provides permissions for the\n Kubernetes control plane to make calls to Amazon Web Services API operations on your\n behalf. For more information, see Amazon EKS Service IAM Role in the \n Amazon EKS User Guide\n .
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes\n control plane to make calls to Amazon Web Services API operations on your behalf. For\n more information, see Amazon EKS Service IAM Role in the \n Amazon EKS User Guide\n .
", "smithy.api#required": {} } }, "resourcesVpcConfig": { "target": "com.amazonaws.eks#VpcConfigRequest", "traits": { - "smithy.api#documentation": "The VPC configuration that's used by the cluster control plane. Amazon EKS VPC\n resources have specific requirements to work properly with Kubernetes. For more\n information, see Cluster VPC Considerations and Cluster Security\n Group Considerations in the Amazon EKS User Guide. You must specify at least two\n subnets. You can specify up to five security groups. However, we recommend that you use\n a dedicated security group for your cluster control plane.
", + "smithy.api#documentation": "The VPC configuration that's used by the cluster control plane. Amazon EKS VPC\n resources have specific requirements to work properly with Kubernetes. For more information,\n see Cluster VPC\n Considerations and Cluster Security Group Considerations in the\n Amazon EKS User Guide. You must specify at least two subnets. You can specify up to five\n security groups. However, we recommend that you use a dedicated security group for your\n cluster control plane.
", "smithy.api#required": {} } }, @@ -2620,7 +2641,7 @@ "logging": { "target": "com.amazonaws.eks#Logging", "traits": { - "smithy.api#documentation": "Enable or disable exporting the Kubernetes control plane logs for your cluster to\n CloudWatch Logs. By default, cluster control plane logs aren't exported to\n CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the\n \n Amazon EKS User Guide\n .
\nCloudWatch Logs ingestion, archive storage, and data scanning rates apply to\n exported control plane logs. For more information, see CloudWatch\n Pricing.
\nEnable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the\n \n Amazon EKS User Guide\n .
\nCloudWatch Logs ingestion, archive storage, and data scanning rates apply to\n exported control plane logs. For more information, see CloudWatch\n Pricing.
\nCreates an EKS Anywhere subscription. When a subscription is created, it is a contract\n agreement for the length of the term specified in the request. Licenses that are used to\n validate support are provisioned in Amazon Web Services License Manager and the caller account is\n granted access to EKS Anywhere Curated Packages.
", + "smithy.api#http": { + "method": "POST", + "uri": "/eks-anywhere-subscriptions", + "code": 200 + } + } + }, + "com.amazonaws.eks#CreateEksAnywhereSubscriptionRequest": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionName", + "traits": { + "smithy.api#documentation": "The unique name for your subscription. It must be unique in your Amazon Web Services account in the\n Amazon Web Services Region you're creating the subscription in. The name can contain only alphanumeric\n characters (case-sensitive), hyphens, and underscores. It must start with an alphabetic\n character and can't be longer than 100 characters.
", + "smithy.api#required": {} + } + }, + "term": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionTerm", + "traits": { + "smithy.api#documentation": "An object representing the term duration and term unit type of your subscription. This\n determines the term length of your subscription. Valid values are MONTHS for term unit\n and 12 or 36 for term duration, indicating a 12 month or 36 month subscription. This\n value cannot be changed after creating the subscription.
", + "smithy.api#required": {} + } + }, + "licenseQuantity": { + "target": "com.amazonaws.eks#Integer", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The number of licenses to purchase with the subscription. Valid values are between 1\n and 1000. This value cannot be changed after creating the subscription.
" + } + }, + "licenseType": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionLicenseType", + "traits": { + "smithy.api#documentation": "The license type for all licenses in the subscription. Valid value is CLUSTER. With\n the CLUSTER license type, each license covers support for a single EKS Anywhere\n cluster.
" + } + }, + "autoRenew": { + "target": "com.amazonaws.eks#Boolean", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "A boolean indicating whether the subscription auto renews at the end of the\n term.
" + } + }, + "clientRequestToken": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", + "smithy.api#idempotencyToken": {} + } + }, + "tags": { + "target": "com.amazonaws.eks#TagMap", + "traits": { + "smithy.api#documentation": "The metadata for a subscription to assist with categorization and organization. Each\n tag consists of a key and an optional value. Subscription tags do not propagate to any\n other resources associated with the subscription.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.eks#CreateEksAnywhereSubscriptionResponse": { + "type": "structure", + "members": { + "subscription": { + "target": "com.amazonaws.eks#EksAnywhereSubscription", + "traits": { + "smithy.api#documentation": "The full description of the subscription.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.eks#CreateFargateProfile": { "type": "operation", "input": { @@ -2696,7 +2820,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates an Fargate profile for your Amazon EKS cluster. You\n must have at least one Fargate profile in a cluster to be able to run\n pods on Fargate.
\nThe Fargate profile allows an administrator to declare which pods run\n on Fargate and specify which pods run on which Fargate\n profile. This declaration is done through the profile’s selectors. Each profile can have\n up to five selectors that contain a namespace and labels. A namespace is required for\n every selector. The label field consists of multiple optional key-value pairs. Pods that\n match the selectors are scheduled on Fargate. If a to-be-scheduled pod\n matches any of the selectors in the Fargate profile, then that pod is run\n on Fargate.
\nWhen you create a Fargate profile, you must specify a pod execution\n role to use with the pods that are scheduled with the profile. This role is added to the\n cluster's Kubernetes Role Based Access Control (RBAC) for authorization so that the\n kubelet that is running on the Fargate infrastructure\n can register with your Amazon EKS cluster so that it can appear in your cluster\n as a node. The pod execution role also provides IAM permissions to the\n Fargate infrastructure to allow read access to Amazon ECR\n image repositories. For more information, see Pod\n Execution Role in the Amazon EKS User Guide.
Fargate profiles are immutable. However, you can create a new updated\n profile to replace an existing profile and then delete the original after the updated\n profile has finished creating.
\nIf any Fargate profiles in a cluster are in the DELETING\n status, you must wait for that Fargate profile to finish deleting before\n you can create any other profiles in that cluster.
For more information, see Fargate Profile in the\n Amazon EKS User Guide.
", + "smithy.api#documentation": "Creates an Fargate profile for your Amazon EKS cluster. You\n must have at least one Fargate profile in a cluster to be able to run\n pods on Fargate.
\nThe Fargate profile allows an administrator to declare which pods run\n on Fargate and specify which pods run on which Fargate\n profile. This declaration is done through the profile’s selectors. Each profile can have\n up to five selectors that contain a namespace and labels. A namespace is required for\n every selector. The label field consists of multiple optional key-value pairs. Pods that\n match the selectors are scheduled on Fargate. If a to-be-scheduled pod\n matches any of the selectors in the Fargate profile, then that pod is run\n on Fargate.
\nWhen you create a Fargate profile, you must specify a pod execution\n role to use with the pods that are scheduled with the profile. This role is added to the\n cluster's Kubernetes Role Based\n Access Control (RBAC) for authorization so that the kubelet\n that is running on the Fargate infrastructure can register with your\n Amazon EKS cluster so that it can appear in your cluster as a node. The pod\n execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For\n more information, see Pod Execution Role in the Amazon EKS User Guide.
Fargate profiles are immutable. However, you can create a new updated\n profile to replace an existing profile and then delete the original after the updated\n profile has finished creating.
\nIf any Fargate profiles in a cluster are in the DELETING\n status, you must wait for that Fargate profile to finish deleting before\n you can create any other profiles in that cluster.
For more information, see Fargate Profile in the\n Amazon EKS User Guide.
", "smithy.api#http": { "method": "POST", "uri": "/clusters/{clusterName}/fargate-profiles", @@ -2805,7 +2929,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a managed node group for an Amazon EKS cluster. You can only create a\n node group for your cluster that is equal to the current Kubernetes version for the\n cluster. All node groups are created with the latest AMI release version for the\n respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using\n a launch template. For more information about using launch templates, see Launch\n template support.
\nAn Amazon EKS managed node group is an Amazon EC2\n Auto Scaling group and associated Amazon EC2 instances that are managed by\n Amazon Web Services for an Amazon EKS cluster. For more information, see\n Managed node groups in the Amazon EKS User Guide.
\nWindows AMI types are only supported for commercial Regions that support Windows\n Amazon EKS.
\nCreates a managed node group for an Amazon EKS cluster. You can only create a\n node group for your cluster that is equal to the current Kubernetes version for the\n cluster.
\nAn Amazon EKS managed node group is an Amazon EC2\n Auto Scaling group and associated Amazon EC2 instances that are managed by\n Amazon Web Services for an Amazon EKS cluster. For more information, see\n Managed node groups in the Amazon EKS User Guide.
\nWindows AMI types are only supported for commercial Regions that support Windows\n Amazon EKS.
\nThe remote access configuration to use with your node group.\n For Linux, the protocol is SSH. For Windows, the protocol is RDP.\n If you specify launchTemplate, then don't specify \n remoteAccess, or the node group deployment will fail.\n For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The remote access configuration to use with your node group. For Linux, the protocol\n is SSH. For Windows, the protocol is RDP. If you specify launchTemplate, then don't specify \n remoteAccess, or the node group deployment will fail.\n For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The Kubernetes taints to be applied to the nodes in the node group. For more\n information, see Node taints on\n managed node groups.
" + "smithy.api#documentation": "The Kubernetes taints to be applied to the nodes in the node group. For more information,\n see Node taints on\n managed node groups.
" } }, "tags": { @@ -2921,7 +3045,7 @@ "version": { "target": "com.amazonaws.eks#String", "traits": { - "smithy.api#documentation": "The Kubernetes version to use for your managed nodes. By default, the Kubernetes\n version of the cluster is used, and this is the only accepted specified value.\n If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version,\n or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the\n cluster is used, and this is the only accepted specified value. If you specify launchTemplate,\n and your launch template uses a custom AMI, then don't specify version, or the node group \n deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
Deletes an expired / inactive subscription. Deleting inactive subscriptions removes\n them from the Amazon Web Services Management Console view and from list/describe API responses.\n Subscriptions can only be cancelled within 7 days of creation, and are cancelled by\n creating a ticket in the Amazon Web Services Support Center.
", + "smithy.api#http": { + "method": "DELETE", + "uri": "/eks-anywhere-subscriptions/{id}", + "code": 200 + } + } + }, + "com.amazonaws.eks#DeleteEksAnywhereSubscriptionRequest": { + "type": "structure", + "members": { + "id": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The ID of the subscription.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.eks#DeleteEksAnywhereSubscriptionResponse": { + "type": "structure", + "members": { + "subscription": { + "target": "com.amazonaws.eks#EksAnywhereSubscription", + "traits": { + "smithy.api#documentation": "The full description of the subscription to be deleted.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.eks#DeleteFargateProfile": { "type": "operation", "input": { @@ -3805,6 +3990,67 @@ "smithy.api#output": {} } }, + "com.amazonaws.eks#DescribeEksAnywhereSubscription": { + "type": "operation", + "input": { + "target": "com.amazonaws.eks#DescribeEksAnywhereSubscriptionRequest" + }, + "output": { + "target": "com.amazonaws.eks#DescribeEksAnywhereSubscriptionResponse" + }, + "errors": [ + { + "target": "com.amazonaws.eks#ClientException" + }, + { + "target": "com.amazonaws.eks#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.eks#ServerException" + }, + { + "target": "com.amazonaws.eks#ServiceUnavailableException" + } + ], + "traits": { + "smithy.api#documentation": "Returns descriptive information about a subscription.
", + "smithy.api#http": { + "method": "GET", + "uri": "/eks-anywhere-subscriptions/{id}", + "code": 200 + } + } + }, + "com.amazonaws.eks#DescribeEksAnywhereSubscriptionRequest": { + "type": "structure", + "members": { + "id": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The ID of the subscription.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.eks#DescribeEksAnywhereSubscriptionResponse": { + "type": "structure", + "members": { + "subscription": { + "target": "com.amazonaws.eks#EksAnywhereSubscription", + "traits": { + "smithy.api#documentation": "The full description of the subscription.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.eks#DescribeFargateProfile": { "type": "operation", "input": { @@ -4225,7 +4471,7 @@ } ], "traits": { - "smithy.api#documentation": "Disassociates an identity provider configuration from a cluster. If you disassociate\n an identity provider from your cluster, users included in the provider can no longer\n access the cluster. However, you can still access the cluster with Amazon Web Services\n IAM users.
", + "smithy.api#documentation": "Disassociates an identity provider configuration from a cluster. If you disassociate\n an identity provider from your cluster, users included in the provider can no longer\n access the cluster. However, you can still access the cluster with\n IAM principals.
", "smithy.api#http": { "method": "POST", "uri": "/clusters/{clusterName}/identity-provider-configs/disassociate", @@ -4274,6 +4520,194 @@ "smithy.api#output": {} } }, + "com.amazonaws.eks#EksAnywhereSubscription": { + "type": "structure", + "members": { + "id": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "UUID identifying a subscription.
" + } + }, + "arn": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) for the subscription.
" + } + }, + "createdAt": { + "target": "com.amazonaws.eks#Timestamp", + "traits": { + "smithy.api#documentation": "The Unix timestamp in seconds for when the subscription was created.
" + } + }, + "effectiveDate": { + "target": "com.amazonaws.eks#Timestamp", + "traits": { + "smithy.api#documentation": "The Unix timestamp in seconds for when the subscription is effective.
" + } + }, + "expirationDate": { + "target": "com.amazonaws.eks#Timestamp", + "traits": { + "smithy.api#documentation": "The Unix timestamp in seconds for when the subscription will expire or auto renew,\n depending on the auto renew configuration of the subscription object.
" + } + }, + "licenseQuantity": { + "target": "com.amazonaws.eks#Integer", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The number of licenses included in a subscription. Valid values are between 1 and\n 1000.
" + } + }, + "licenseType": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionLicenseType", + "traits": { + "smithy.api#documentation": "The type of licenses included in the subscription. Valid value is CLUSTER. With the\n CLUSTER license type, each license covers support for a single EKS Anywhere\n cluster.
" + } + }, + "term": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionTerm", + "traits": { + "smithy.api#documentation": "An EksAnywhereSubscriptionTerm object.
" + } + }, + "status": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The status of a subscription.
" + } + }, + "autoRenew": { + "target": "com.amazonaws.eks#Boolean", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "A boolean indicating whether or not a subscription will auto renew when it\n expires.
" + } + }, + "licenseArns": { + "target": "com.amazonaws.eks#StringList", + "traits": { + "smithy.api#documentation": "License Manager License ARNs associated with the subscription.
" + } + }, + "tags": { + "target": "com.amazonaws.eks#TagMap", + "traits": { + "smithy.api#documentation": "The metadata for a subscription to assist with categorization and organization. Each\n tag consists of a key and an optional value. Subscription tags do not propagate to any\n other resources associated with the subscription.
" + } + } + }, + "traits": { + "smithy.api#documentation": "An EKS Anywhere subscription authorizing the customer to support for licensed clusters\n and access to EKS Anywhere Curated Packages.
" + } + }, + "com.amazonaws.eks#EksAnywhereSubscriptionLicenseType": { + "type": "enum", + "members": { + "Cluster": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Cluster" + } + } + } + }, + "com.amazonaws.eks#EksAnywhereSubscriptionList": { + "type": "list", + "member": { + "target": "com.amazonaws.eks#EksAnywhereSubscription" + } + }, + "com.amazonaws.eks#EksAnywhereSubscriptionName": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 100 + }, + "smithy.api#pattern": "^[0-9A-Za-z][A-Za-z0-9\\-_]*$" + } + }, + "com.amazonaws.eks#EksAnywhereSubscriptionStatus": { + "type": "enum", + "members": { + "CREATING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CREATING" + } + }, + "ACTIVE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ACTIVE" + } + }, + "UPDATING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UPDATING" + } + }, + "EXPIRING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "EXPIRING" + } + }, + "EXPIRED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "EXPIRED" + } + }, + "DELETING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DELETING" + } + } + } + }, + "com.amazonaws.eks#EksAnywhereSubscriptionStatusValues": { + "type": "list", + "member": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionStatus" + } + }, + "com.amazonaws.eks#EksAnywhereSubscriptionTerm": { + "type": "structure", + "members": { + "duration": { + "target": "com.amazonaws.eks#Integer", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The duration of the subscription term. Valid values are 12 and 36, indicating a 12 month or 36 month subscription.
" + } + }, + "unit": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionTermUnit", + "traits": { + "smithy.api#documentation": "The term unit of the subscription. Valid value is MONTHS.
" + } + } + }, + "traits": { + "smithy.api#documentation": "An object representing the term duration and term unit type of your subscription. This\n determines the term length of your subscription. Valid values are MONTHS for term unit\n and 12 or 36 for term duration, indicating a 12 month or 36 month subscription.
" + } + }, + "com.amazonaws.eks#EksAnywhereSubscriptionTermUnit": { + "type": "enum", + "members": { + "MONTHS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "MONTHS" + } + } + } + }, "com.amazonaws.eks#EncryptionConfig": { "type": "structure", "members": { @@ -4528,7 +4962,7 @@ "labels": { "target": "com.amazonaws.eks#FargateProfileLabel", "traits": { - "smithy.api#documentation": "The Kubernetes labels that the selector should match. A pod must contain all of the\n labels that are specified in the selector for it to be considered a match.
" + "smithy.api#documentation": "The Kubernetes labels that the selector should match. A pod must contain all of the labels\n that are specified in the selector for it to be considered a match.
" } } }, @@ -4648,6 +5082,12 @@ "target": "com.amazonaws.eks#String" } }, + "com.amazonaws.eks#Integer": { + "type": "integer", + "traits": { + "smithy.api#default": 0 + } + }, "com.amazonaws.eks#InvalidParameterException": { "type": "structure", "members": { @@ -4672,6 +5112,12 @@ "addonName": { "target": "com.amazonaws.eks#String" }, + "subscriptionId": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The Amazon EKS subscription ID with the exception.
" + } + }, "message": { "target": "com.amazonaws.eks#String" } @@ -4700,6 +5146,12 @@ "addonName": { "target": "com.amazonaws.eks#String" }, + "subscriptionId": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The Amazon EKS subscription ID with the exception.
" + } + }, "message": { "target": "com.amazonaws.eks#String" } @@ -4765,13 +5217,13 @@ "serviceIpv4Cidr": { "target": "com.amazonaws.eks#String", "traits": { - "smithy.api#documentation": "Don't specify a value if you select ipv6 for ipFamily. The CIDR block to assign Kubernetes service IP addresses from.\n If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16\n or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not\n overlap with resources in other networks that are peered or connected to your VPC. The\n block must meet the following requirements:
Within one of the following private IP address blocks: 10.0.0.0/8,\n 172.16.0.0/12, or 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for\n VPC.
\nBetween /24 and /12.
\nYou can only specify a custom CIDR block when you create a cluster and can't\n change this value once the cluster is created.
\nDon't specify a value if you select ipv6 for ipFamily. The CIDR block to assign Kubernetes service IP addresses from. If\n you don't specify a block, Kubernetes assigns addresses from either the\n 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend\n that you specify a block that does not overlap with resources in other networks that are\n peered or connected to your VPC. The block must meet the following requirements:
Within one of the following private IP address blocks:\n 10.0.0.0/8, 172.16.0.0/12, or\n 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for\n VPC.
\nBetween /24 and /12.
\nYou can only specify a custom CIDR block when you create a cluster and can't\n change this value once the cluster is created.
\nSpecify which IP family is used to assign Kubernetes pod and service IP addresses. If\n you don't specify a value, ipv4 is used by default. You can only specify an\n IP family when you create a cluster and can't change this value once the cluster is\n created. If you specify ipv6, the VPC and subnets that you specify for\n cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to them. You can't\n specify ipv6 for clusters in China Regions.
You can only specify ipv6 for 1.21 and later clusters that use version\n 1.10.1 or later of the Amazon VPC CNI add-on. If you specify ipv6, then ensure\n that your VPC meets the requirements listed in the considerations listed in Assigning IPv6\n addresses to pods and services in the Amazon EKS User Guide.\n Kubernetes assigns services IPv6 addresses from the unique local address range\n (fc00::/7). You can't specify a custom IPv6 CIDR block. Pod addresses are assigned from\n the subnet's IPv6 CIDR.
Specify which IP family is used to assign Kubernetes pod and service IP addresses. If you\n don't specify a value, ipv4 is used by default. You can only specify an IP\n family when you create a cluster and can't change this value once the cluster is\n created. If you specify ipv6, the VPC and subnets that you specify for\n cluster creation must have both IPv4 and IPv6 CIDR blocks\n assigned to them. You can't specify ipv6 for clusters in China\n Regions.
You can only specify ipv6 for 1.21 and later clusters that\n use version 1.10.1 or later of the Amazon VPC CNI add-on. If you specify\n ipv6, then ensure that your VPC meets the requirements listed in the\n considerations listed in Assigning IPv6 addresses to pods and\n services in the Amazon EKS User Guide. Kubernetes assigns services\n IPv6 addresses from the unique local address range\n (fc00::/7). You can't specify a custom IPv6 CIDR block.\n Pod addresses are assigned from the subnet's IPv6 CIDR.
The CIDR block that Kubernetes pod and service IP addresses are assigned from if you\n created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and\n specified ipv6 for ipFamily when you\n created the cluster. Kubernetes assigns service addresses from the unique local address\n range (fc00::/7) because you can't specify a custom IPv6 CIDR block when\n you create the cluster.
The CIDR block that Kubernetes pod and service IP addresses are assigned from if you\n created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and\n specified ipv6 for ipFamily when you\n created the cluster. Kubernetes assigns service addresses from the unique local address range\n (fc00::/7) because you can't specify a custom IPv6 CIDR block when you\n create the cluster.
The Kubernetes network configuration for the cluster. The response contains a value\n for serviceIpv6Cidr or serviceIpv4Cidr, but not both.
" + "smithy.api#documentation": "The Kubernetes network configuration for the cluster. The response contains a value for\n serviceIpv6Cidr or serviceIpv4Cidr, but not both.
" } }, "com.amazonaws.eks#LaunchTemplateSpecification": { @@ -4857,7 +5309,7 @@ } ], "traits": { - "smithy.api#documentation": "Lists the available add-ons.
", + "smithy.api#documentation": "Lists the installed add-ons.
", "smithy.api#http": { "method": "GET", "uri": "/clusters/{clusterName}/addons", @@ -4916,7 +5368,7 @@ "addons": { "target": "com.amazonaws.eks#StringList", "traits": { - "smithy.api#documentation": "A list of available add-ons.
" + "smithy.api#documentation": "A list of installed add-ons.
" } }, "nextToken": { @@ -5037,6 +5489,95 @@ "smithy.api#output": {} } }, + "com.amazonaws.eks#ListEksAnywhereSubscriptions": { + "type": "operation", + "input": { + "target": "com.amazonaws.eks#ListEksAnywhereSubscriptionsRequest" + }, + "output": { + "target": "com.amazonaws.eks#ListEksAnywhereSubscriptionsResponse" + }, + "errors": [ + { + "target": "com.amazonaws.eks#ClientException" + }, + { + "target": "com.amazonaws.eks#InvalidParameterException" + }, + { + "target": "com.amazonaws.eks#ServerException" + }, + { + "target": "com.amazonaws.eks#ServiceUnavailableException" + } + ], + "traits": { + "smithy.api#documentation": "Displays the full description of the subscription.
", + "smithy.api#http": { + "method": "GET", + "uri": "/eks-anywhere-subscriptions", + "code": 200 + } + } + }, + "com.amazonaws.eks#ListEksAnywhereSubscriptionsRequest": { + "type": "structure", + "members": { + "maxResults": { + "target": "com.amazonaws.eks#ListEksAnywhereSubscriptionsRequestMaxResults", + "traits": { + "smithy.api#documentation": "The maximum number of cluster results returned by ListEksAnywhereSubscriptions in\n paginated output. When you use this parameter, ListEksAnywhereSubscriptions returns only\n maxResults results in a single page along with a nextToken response element. You can see\n the remaining results of the initial request by sending another\n ListEksAnywhereSubscriptions request with the returned nextToken value. This value can\n be between 1 and 100. If you don't use this parameter, ListEksAnywhereSubscriptions\n returns up to 10 results and a nextToken value if applicable.
", + "smithy.api#httpQuery": "maxResults" + } + }, + "nextToken": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The nextToken value to include in a future ListEksAnywhereSubscriptions request. When\n the results of a ListEksAnywhereSubscriptions request exceed maxResults, you can use\n this value to retrieve the next page of results. This value is null when there are no\n more results to return.
", + "smithy.api#httpQuery": "nextToken" + } + }, + "includeStatus": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionStatusValues", + "traits": { + "smithy.api#documentation": "An array of subscription statuses to filter on.
", + "smithy.api#httpQuery": "includeStatus" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.eks#ListEksAnywhereSubscriptionsRequestMaxResults": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 1, + "max": 100 + } + } + }, + "com.amazonaws.eks#ListEksAnywhereSubscriptionsResponse": { + "type": "structure", + "members": { + "subscriptions": { + "target": "com.amazonaws.eks#EksAnywhereSubscriptionList", + "traits": { + "smithy.api#documentation": "A list of all subscription objects in the region, filtered by includeStatus and\n paginated by nextToken and maxResults.
" + } + }, + "nextToken": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The nextToken value to include in a future ListEksAnywhereSubscriptions request. When\n the results of a ListEksAnywhereSubscriptions request exceed maxResults, you can use\n this value to retrieve the next page of results. This value is null when there are no\n more results to return.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.eks#ListFargateProfiles": { "type": "operation", "input": { @@ -5704,7 +6245,7 @@ "taints": { "target": "com.amazonaws.eks#taintsList", "traits": { - "smithy.api#documentation": "The Kubernetes taints to be applied to the nodes in the node group when they are\n created. Effect is one of No_Schedule, Prefer_No_Schedule, or\n No_Execute. Kubernetes taints can be used together with tolerations to\n control how workloads are scheduled to your nodes. For more information, see Node taints on managed node groups.
The Kubernetes taints to be applied to the nodes in the node group when they are created.\n Effect is one of No_Schedule, Prefer_No_Schedule, or\n No_Execute. Kubernetes taints can be used together with tolerations to\n control how workloads are scheduled to your nodes. For more information, see Node taints on managed node groups.
Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same\n region as the cluster, and if the KMS key was created in a different account, the user\n must have access to the KMS key. For more information, see Allowing\n Users in Other Accounts to Use a KMS key in the Key Management Service Developer Guide.
" + "smithy.api#documentation": "Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be\n symmetric and created in the same Amazon Web Services Region as the cluster. If the\n KMS key was created in a different account, the IAM principal must\n have access to the KMS key. For more information, see Allowing\n users in other accounts to use a KMS key in the\n Key Management Service Developer Guide.
" } } }, @@ -6366,7 +6907,7 @@ } ], "traits": { - "smithy.api#documentation": "Connects a Kubernetes cluster to the Amazon EKS control plane.
\nAny Kubernetes cluster can be connected to the Amazon EKS control plane to\n view current information about the cluster and its nodes.
\nCluster connection requires two steps. First, send a \n RegisterClusterRequest\n to add it to the Amazon EKS\n control plane.
Second, a Manifest containing the activationID and\n activationCode must be applied to the Kubernetes cluster through it's\n native provider to provide visibility.
After the Manifest is updated and applied, then the connected cluster is visible to\n the Amazon EKS control plane. If the Manifest is not applied within three days,\n then the connected cluster will no longer be visible and must be deregistered. See DeregisterCluster.
", + "smithy.api#documentation": "Connects a Kubernetes cluster to the Amazon EKS control plane.
\nAny Kubernetes cluster can be connected to the Amazon EKS control plane to view\n current information about the cluster and its nodes.
\nCluster connection requires two steps. First, send a \n RegisterClusterRequest\n to add it to the Amazon EKS\n control plane.
Second, a Manifest containing the activationID and\n activationCode must be applied to the Kubernetes cluster through it's native\n provider to provide visibility.
After the Manifest is updated and applied, then the connected cluster is visible to\n the Amazon EKS control plane. If the Manifest is not applied within three days,\n then the connected cluster will no longer be visible and must be deregistered. See DeregisterCluster.
", "smithy.api#http": { "method": "POST", "uri": "/cluster-registrations", @@ -6506,6 +7047,12 @@ "smithy.api#documentation": "The Amazon EKS managed node group associated with the exception.
" } }, + "subscriptionId": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The Amazon EKS subscription ID with the exception.
" + } + }, "message": { "target": "com.amazonaws.eks#String" } @@ -6540,6 +7087,12 @@ "addonName": { "target": "com.amazonaws.eks#String" }, + "subscriptionId": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The Amazon EKS subscription ID with the exception.
" + } + }, "message": { "target": "com.amazonaws.eks#String" } @@ -6590,6 +7143,12 @@ "addonName": { "target": "com.amazonaws.eks#String" }, + "subscriptionId": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "The Amazon EKS subscription ID with the exception.
" + } + }, "message": { "target": "com.amazonaws.eks#String" } @@ -7037,7 +7596,7 @@ } ], "traits": { - "smithy.api#documentation": "Updates an Amazon EKS cluster configuration. Your cluster continues to\n function during the update. The response output includes an update ID that you can use\n to track the status of your cluster update with the DescribeUpdate API\n operation.
\nYou can use this API operation to enable or disable exporting the Kubernetes control\n plane logs for your cluster to CloudWatch Logs. By default, cluster control plane\n logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the\n \n Amazon EKS User Guide\n .
\nCloudWatch Logs ingestion, archive storage, and data scanning rates apply to\n exported control plane logs. For more information, see CloudWatch\n Pricing.
\nYou can also use this API operation to enable or disable public and private access to\n your cluster's Kubernetes API server endpoint. By default, public access is enabled, and\n private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the\n \n Amazon EKS User Guide\n .
\nYou can't update the subnets or security group IDs for an existing cluster.
\nCluster updates are asynchronous, and they should finish within a few minutes. During\n an update, the cluster status moves to UPDATING (this status transition is\n eventually consistent). When the update is complete (either Failed or\n Successful), the cluster status moves to Active.
Updates an Amazon EKS cluster configuration. Your cluster continues to\n function during the update. The response output includes an update ID that you can use\n to track the status of your cluster update with the DescribeUpdate API\n operation.
\nYou can use this API operation to enable or disable exporting the Kubernetes control plane\n logs for your cluster to CloudWatch Logs. By default, cluster control plane logs\n aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the\n \n Amazon EKS User Guide\n .
\nCloudWatch Logs ingestion, archive storage, and data scanning rates apply to\n exported control plane logs. For more information, see CloudWatch\n Pricing.
\nYou can also use this API operation to enable or disable public and private access to\n your cluster's Kubernetes API server endpoint. By default, public access is enabled, and\n private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the\n \n Amazon EKS User Guide\n .
\nYou can't update the subnets or security group IDs for an existing cluster.
\nCluster updates are asynchronous, and they should finish within a few minutes. During\n an update, the cluster status moves to UPDATING (this status transition is\n eventually consistent). When the update is complete (either Failed or\n Successful), the cluster status moves to Active.
Enable or disable exporting the Kubernetes control plane logs for your cluster to\n CloudWatch Logs. By default, cluster control plane logs aren't exported to\n CloudWatch Logs. For more information, see Amazon EKS cluster control plane logs in the\n \n Amazon EKS User Guide\n .
\nCloudWatch Logs ingestion, archive storage, and data scanning rates apply to\n exported control plane logs. For more information, see CloudWatch\n Pricing.
\nEnable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS cluster control plane logs in the\n \n Amazon EKS User Guide\n .
\nCloudWatch Logs ingestion, archive storage, and data scanning rates apply to\n exported control plane logs. For more information, see CloudWatch\n Pricing.
\nUpdates an Amazon EKS cluster to the specified Kubernetes version. Your\n cluster continues to function during the update. The response output includes an update\n ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.
\nCluster updates are asynchronous, and they should finish within a few minutes. During\n an update, the cluster status moves to UPDATING (this status transition is\n eventually consistent). When the update is complete (either Failed or\n Successful), the cluster status moves to Active.
If your cluster has managed node groups attached to it, all of your node groups’\n Kubernetes versions must match the cluster’s Kubernetes version in order to update the\n cluster to a new Kubernetes version.
", + "smithy.api#documentation": "Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster\n continues to function during the update. The response output includes an update ID that\n you can use to track the status of your cluster update with the DescribeUpdate API operation.
\nCluster updates are asynchronous, and they should finish within a few minutes. During\n an update, the cluster status moves to UPDATING (this status transition is\n eventually consistent). When the update is complete (either Failed or\n Successful), the cluster status moves to Active.
If your cluster has managed node groups attached to it, all of your node groups’ Kubernetes\n versions must match the cluster’s Kubernetes version in order to update the cluster to a new\n Kubernetes version.
", "smithy.api#http": { "method": "POST", "uri": "/clusters/{name}/updates", @@ -7169,6 +7728,85 @@ "smithy.api#output": {} } }, + "com.amazonaws.eks#UpdateEksAnywhereSubscription": { + "type": "operation", + "input": { + "target": "com.amazonaws.eks#UpdateEksAnywhereSubscriptionRequest" + }, + "output": { + "target": "com.amazonaws.eks#UpdateEksAnywhereSubscriptionResponse" + }, + "errors": [ + { + "target": "com.amazonaws.eks#ClientException" + }, + { + "target": "com.amazonaws.eks#InvalidParameterException" + }, + { + "target": "com.amazonaws.eks#InvalidRequestException" + }, + { + "target": "com.amazonaws.eks#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.eks#ServerException" + } + ], + "traits": { + "smithy.api#documentation": "Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated after\n subscription creation.
", + "smithy.api#http": { + "method": "POST", + "uri": "/eks-anywhere-subscriptions/{id}", + "code": 200 + } + } + }, + "com.amazonaws.eks#UpdateEksAnywhereSubscriptionRequest": { + "type": "structure", + "members": { + "id": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "autoRenew": { + "target": "com.amazonaws.eks#Boolean", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "A boolean indicating whether or not to automatically renew the subscription.
", + "smithy.api#required": {} + } + }, + "clientRequestToken": { + "target": "com.amazonaws.eks#String", + "traits": { + "smithy.api#documentation": "Unique, case-sensitive identifier to ensure the idempotency of the request.
", + "smithy.api#idempotencyToken": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.eks#UpdateEksAnywhereSubscriptionResponse": { + "type": "structure", + "members": { + "subscription": { + "target": "com.amazonaws.eks#EksAnywhereSubscription", + "traits": { + "smithy.api#documentation": "The full description of the updated subscription.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.eks#UpdateLabelsPayload": { "type": "structure", "members": { @@ -7218,7 +7856,7 @@ } ], "traits": { - "smithy.api#documentation": "Updates an Amazon EKS managed node group configuration. Your node group\n continues to function during the update. The response output includes an update ID that\n you can use to track the status of your node group update with the DescribeUpdate API operation. Currently you can update the Kubernetes\n labels for a node group or the scaling configuration.
", + "smithy.api#documentation": "Updates an Amazon EKS managed node group configuration. Your node group\n continues to function during the update. The response output includes an update ID that\n you can use to track the status of your node group update with the DescribeUpdate API operation. Currently you can update the Kubernetes labels\n for a node group or the scaling configuration.
", "smithy.api#http": { "method": "POST", "uri": "/clusters/{clusterName}/node-groups/{nodegroupName}/update-config", @@ -7248,13 +7886,13 @@ "labels": { "target": "com.amazonaws.eks#UpdateLabelsPayload", "traits": { - "smithy.api#documentation": "The Kubernetes labels to be applied to the nodes in the node group after the\n update.
" + "smithy.api#documentation": "The Kubernetes labels to be applied to the nodes in the node group after the update.
" } }, "taints": { "target": "com.amazonaws.eks#UpdateTaintsPayload", "traits": { - "smithy.api#documentation": "The Kubernetes taints to be applied to the nodes in the node group after the update.\n For more information, see Node taints on\n managed node groups.
" + "smithy.api#documentation": "The Kubernetes taints to be applied to the nodes in the node group after the update. For\n more information, see Node taints on\n managed node groups.
" } }, "scalingConfig": { @@ -7321,7 +7959,7 @@ } ], "traits": { - "smithy.api#documentation": "Updates the Kubernetes version or AMI version of an Amazon EKS managed node\n group.
\nYou can update a node group using a launch template only if the node group was\n originally deployed with a launch template. If you need to update a custom AMI in a node\n group that was deployed with a launch template, then update your custom AMI, specify the\n new ID in a new version of the launch template, and then update the node group to the\n new version of the launch template.
\nIf you update without a launch template, then you can update to the latest available\n AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in\n the request. You can update to the latest AMI version of your cluster's current Kubernetes\n version by specifying your cluster's Kubernetes version in the request. For information about\n Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the\n Amazon EKS User Guide. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the\n Amazon EKS User Guide.
\nYou cannot roll back a node group to an earlier Kubernetes version or AMI\n version.
\nWhen a node in a managed node group is terminated due to a scaling action or update,\n the pods in that node are drained first. Amazon EKS attempts to drain the nodes\n gracefully and will fail if it is unable to do so. You can force the update\n if Amazon EKS is unable to drain the nodes as a result of a pod disruption\n budget issue.
Updates the Kubernetes version or AMI version of an Amazon EKS managed node\n group.
\nYou can update a node group using a launch template only if the node group was\n originally deployed with a launch template. If you need to update a custom AMI in a node\n group that was deployed with a launch template, then update your custom AMI, specify the\n new ID in a new version of the launch template, and then update the node group to the\n new version of the launch template.
\nIf you update without a launch template, then you can update to the latest available\n AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in\n the request. You can update to the latest AMI version of your cluster's current Kubernetes\n version by specifying your cluster's Kubernetes version in the request. For information about\n Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the\n Amazon EKS User Guide. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the\n Amazon EKS User Guide.
\nYou cannot roll back a node group to an earlier Kubernetes version or AMI version.
\nWhen a node in a managed node group is terminated due to a scaling action or update,\n the pods in that node are drained first. Amazon EKS attempts to drain the nodes\n gracefully and will fail if it is unable to do so. You can force the update\n if Amazon EKS is unable to drain the nodes as a result of a pod disruption\n budget issue.
The Kubernetes version to update to. If no version is specified, then the Kubernetes\n version of the node group does not change. You can specify the Kubernetes version of the\n cluster to update the node group to the latest AMI version of the cluster's Kubernetes\n version. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify \n version, or the node group update will fail.\n For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The Kubernetes version to update to. If no version is specified, then the Kubernetes version of\n the node group does not change. You can specify the Kubernetes version of the cluster to\n update the node group to the latest AMI version of the cluster's Kubernetes version.\n If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version,\n or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
Set this value to false to disable public access to your cluster's\n Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes\n API server can only receive requests from within the cluster VPC. The default value for\n this parameter is true, which enables public access for your Kubernetes API\n server. For more information, see Amazon EKS cluster endpoint access control in the\n \n Amazon EKS User Guide\n .
Set this value to false to disable public access to your cluster's Kubernetes\n API server endpoint. If you disable public access, your cluster's Kubernetes API server can\n only receive requests from within the cluster VPC. The default value for this parameter\n is true, which enables public access for your Kubernetes API server. For more\n information, see Amazon EKS cluster endpoint access control in\n the \n Amazon EKS User Guide\n .
Set this value to true to enable private access for your cluster's\n Kubernetes API server endpoint. If you enable private access, Kubernetes API requests\n from within your cluster's VPC use the private VPC endpoint. The default value for this\n parameter is false, which disables private access for your Kubernetes API\n server. If you disable private access and you have nodes or Fargate\n pods in the cluster, then ensure that publicAccessCidrs includes the\n necessary CIDR blocks for communication with the nodes or Fargate pods.\n For more information, see Amazon EKS cluster endpoint access control in\n the \n Amazon EKS User Guide\n .
Set this value to true to enable private access for your cluster's Kubernetes\n API server endpoint. If you enable private access, Kubernetes API requests from within your\n cluster's VPC use the private VPC endpoint. The default value for this parameter is\n false, which disables private access for your Kubernetes API server. If you\n disable private access and you have nodes or Fargate pods in the\n cluster, then ensure that publicAccessCidrs includes the necessary CIDR\n blocks for communication with the nodes or Fargate pods. For more\n information, see Amazon EKS cluster endpoint access control in\n the \n Amazon EKS User Guide\n .
The security groups associated with the cross-account elastic network interfaces that\n are used to allow communication between your nodes and the Kubernetes control\n plane.
" + "smithy.api#documentation": "The security groups associated with the cross-account elastic network interfaces that\n are used to allow communication between your nodes and the Kubernetes control plane.
" } }, "clusterSecurityGroupId": { @@ -7767,7 +8405,7 @@ "target": "com.amazonaws.eks#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "This parameter indicates whether the Amazon EKS private API server endpoint is\n enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes\n API requests that originate from within your cluster's VPC use the private VPC endpoint\n instead of traversing the internet. If this value is disabled and you have nodes or\n Fargate pods in the cluster, then ensure that\n publicAccessCidrs includes the necessary CIDR blocks for communication\n with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the\n \n Amazon EKS User Guide\n .
This parameter indicates whether the Amazon EKS private API server endpoint is\n enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes API\n requests that originate from within your cluster's VPC use the private VPC endpoint\n instead of traversing the internet. If this value is disabled and you have nodes or\n Fargate pods in the cluster, then ensure that\n publicAccessCidrs includes the necessary CIDR blocks for communication\n with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the\n \n Amazon EKS User Guide\n .
\n The ARN of the reference.\n
", - "smithy.api#required": {} + "smithy.api#documentation": "\n The ARN of the reference.\n
" } }, "name": { @@ -3565,6 +3564,10 @@ { "value": "CRAM", "name": "CRAM" + }, + { + "value": "UBAM", + "name": "UBAM" } ] } @@ -11454,7 +11457,7 @@ } }, "referenceArn": { - "target": "com.amazonaws.omics#ReferenceArn", + "target": "com.amazonaws.omics#ReferenceArnFilter", "traits": { "smithy.api#documentation": "A genome reference ARN to filter on.
" } @@ -11912,6 +11915,16 @@ "smithy.api#pattern": "^arn:.+$" } }, + "com.amazonaws.omics#ReferenceArnFilter": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 127 + }, + "smithy.api#pattern": "^$|^arn:.+$" + } + }, "com.amazonaws.omics#ReferenceDescription": { "type": "string", "traits": { @@ -14145,8 +14158,7 @@ "referenceArn": { "target": "com.amazonaws.omics#ReferenceArn", "traits": { - "smithy.api#documentation": "The source's reference ARN.
", - "smithy.api#required": {} + "smithy.api#documentation": "The source's reference ARN.
" } }, "name": {