Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a\n Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost\n to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.
\nTo copy an AMI from one Region to another, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tdestination Region using its endpoint. Copies of encrypted backing snapshots for\n \t\tthe AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, \n \t\tunless you set Encrypted during the copy operation. You cannot \n \t\tcreate an unencrypted copy of an encrypted backing snapshot.
To copy an AMI from a Region to an Outpost, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tARN of the destination Outpost using DestinationOutpostArn. \n \t\tBacking snapshots copied to an Outpost are encrypted by default using the default\n \t\tencryption key for the Region, or a different key that you specify in the request using \n \t\tKmsKeyId. Outposts do not support unencrypted \n \t snapshots. For more information, \n \t\t\tAmazon EBS local snapshots on Outposts in the Amazon EBS User Guide.
\nFor more information about the prerequisites and limits when copying an AMI, see Copy an AMI in the\n Amazon EC2 User Guide.
", + "smithy.api#documentation": "Initiates an AMI copy operation. You can copy an AMI from one Region to another, or from a\n Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to\n another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.
\nWhen you copy an AMI from one Region to another, the destination Region is the \n \tcurrent Region.
\nWhen you copy an AMI from a Region to an Outpost, specify the ARN of the Outpost as\n \t the destination. Backing snapshots copied to an Outpost are encrypted by default using \n \t the default encryption key for the Region or the key that you specify. Outposts do not \n \t support unencrypted snapshots.
\nFor information about the prerequisites when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.
", "smithy.api#examples": [ { "title": "To copy an AMI to another region", @@ -13557,7 +13557,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "Encrypted", - "smithy.api#documentation": "Specifies whether the destination snapshots of the copied image should be encrypted. You\n can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an\n encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default\n Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption in the\n Amazon EBS User Guide.
Specifies whether the destination snapshots of the copied image should be encrypted. You\n can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an\n encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default\n Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Use encryption with \n EBS-backed AMIs in the Amazon EC2 User Guide.
The metric, aggregation-latency, indicating that network latency is aggregated for the query. This is the only supported metric.
The metric used for the network performance request.
" } }, "Statistic": { "target": "com.amazonaws.ec2#StatisticType", "traits": { - "smithy.api#documentation": "The metric data aggregation period, p50, between the specified startDate and endDate. For example, a metric of five_minutes is the median of all the data points gathered within those five minutes. p50 is the only supported metric.
The metric data aggregation period, p50, between the specified startDate \n and endDate. For example, a metric of five_minutes is the median of all \n the data points gathered within those five minutes. p50 is the only supported metric.
The metric used for the network performance request. Only aggregate-latency is supported, which shows network latency during a specified period.
The metric used for the network performance request.
", "smithy.api#xmlName": "metric" } }, @@ -24929,7 +24929,7 @@ "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Deletes a security group.
\nIf you attempt to delete a security group that is associated with an instance or network interface or is\n\t\t\t referenced by another security group, the operation fails with\n\t\t\t\tDependencyViolation.
Deletes a security group.
\nIf you attempt to delete a security group that is associated with an instance or network interface or is\n\t\t\t referenced by another security group in the same VPC, the operation fails with\n\t\t\t\tDependencyViolation.
The filters.
\n\n availability-zone - The Availability Zone of the instance.
\n event.code - The code for the scheduled event\n (instance-reboot | system-reboot |\n system-maintenance | instance-retirement |\n instance-stop).
\n event.description - A description of the event.
\n event.instance-event-id - The ID of the event whose date and time\n you are modifying.
\n event.not-after - The latest end time for the scheduled event\n (for example, 2014-09-15T17:15:20.000Z).
\n event.not-before - The earliest start time for the scheduled\n event (for example, 2014-09-15T17:15:20.000Z).
\n event.not-before-deadline - The deadline for starting the event\n (for example, 2014-09-15T17:15:20.000Z).
\n instance-state-code - The code for the instance state, as a\n 16-bit unsigned integer. The high byte is used for internal purposes and should\n be ignored. The low byte is set based on the state represented. The valid values\n are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64\n (stopping), and 80 (stopped).
\n instance-state-name - The state of the instance\n (pending | running | shutting-down |\n terminated | stopping |\n stopped).
\n instance-status.reachability - Filters on instance status where\n the name is reachability (passed | failed\n | initializing | insufficient-data).
\n instance-status.status - The status of the instance\n (ok | impaired | initializing |\n insufficient-data | not-applicable).
\n system-status.reachability - Filters on system status where the\n name is reachability (passed | failed |\n initializing | insufficient-data).
\n system-status.status - The system status of the instance\n (ok | impaired | initializing |\n insufficient-data | not-applicable).
The filters.
\n\n availability-zone - The Availability Zone of the instance.
\n event.code - The code for the scheduled event\n (instance-reboot | system-reboot |\n system-maintenance | instance-retirement |\n instance-stop).
\n event.description - A description of the event.
\n event.instance-event-id - The ID of the event whose date and time\n you are modifying.
\n event.not-after - The latest end time for the scheduled event\n (for example, 2014-09-15T17:15:20.000Z).
\n event.not-before - The earliest start time for the scheduled\n event (for example, 2014-09-15T17:15:20.000Z).
\n event.not-before-deadline - The deadline for starting the event\n (for example, 2014-09-15T17:15:20.000Z).
\n instance-state-code - The code for the instance state, as a\n 16-bit unsigned integer. The high byte is used for internal purposes and should\n be ignored. The low byte is set based on the state represented. The valid values\n are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64\n (stopping), and 80 (stopped).
\n instance-state-name - The state of the instance\n (pending | running | shutting-down |\n terminated | stopping |\n stopped).
\n instance-status.reachability - Filters on instance status where\n the name is reachability (passed | failed\n | initializing | insufficient-data).
\n instance-status.status - The status of the instance\n (ok | impaired | initializing |\n insufficient-data | not-applicable).
\n system-status.reachability - Filters on system status where the\n name is reachability (passed | failed |\n initializing | insufficient-data).
\n system-status.status - The system status of the instance\n (ok | impaired | initializing |\n insufficient-data | not-applicable).
\n attached-ebs-status.status - The status of the attached EBS volume \n for the instance (ok | impaired | initializing | \n insufficient-data | not-applicable).
One or more filters.
\n\n association.allocation-id - The allocation ID returned when you\n\t\t allocated the Elastic IP address (IPv4) for your network interface.
\n association.association-id - The association ID returned when the\n\t\t network interface was associated with an IPv4 address.
\n addresses.association.owner-id - The owner ID of the addresses associated with the network interface.
\n addresses.association.public-ip - The association ID returned when\n\t\t the network interface was associated with the Elastic IP address\n\t\t (IPv4).
\n addresses.primary - Whether the private IPv4 address is the primary\n IP address associated with the network interface.
\n addresses.private-ip-address - The private IPv4 addresses\n\t\t associated with the network interface.
\n association.ip-owner-id - The owner of the Elastic IP address\n (IPv4) associated with the network interface.
\n association.public-ip - The address of the Elastic IP address\n (IPv4) bound to the network interface.
\n association.public-dns-name - The public DNS name for the network\n interface (IPv4).
\n attachment.attach-time - The time that the network interface was attached to an instance.
\n attachment.attachment-id - The ID of the interface attachment.
\n attachment.delete-on-termination - Indicates whether the attachment is deleted when an instance is terminated.
\n attachment.device-index - The device index to which the network interface is attached.
\n attachment.instance-id - The ID of the instance to which the network interface is attached.
\n attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.
\n attachment.status - The status of the attachment (attaching | attached | detaching | detached).
\n availability-zone - The Availability Zone of the network interface.
\n description - The description of the network interface.
\n group-id - The ID of a security group associated with the network interface.
\n ipv6-addresses.ipv6-address - An IPv6 address associated with\n the network interface.
\n interface-type - The type of network interface (api_gateway_managed | \n\t\t aws_codestar_connections_managed | branch | \n\t\t ec2_instance_connect_endpoint | efa | efs | \n\t\t gateway_load_balancer | gateway_load_balancer_endpoint | \n\t\t global_accelerator_managed | \n\t\t interface | iot_rules_managed | \n\t\t lambda | load_balancer | \n\t\t nat_gateway | network_load_balancer | \n\t\t quicksight | \n\t\t transit_gateway | trunk | \n\t\t vpc_endpoint).
\n mac-address - The MAC address of the network interface.
\n network-interface-id - The ID of the network interface.
\n owner-id - The Amazon Web Services account ID of the network interface owner.
\n private-dns-name - The private DNS name of the network interface (IPv4).
\n private-ip-address - The private IPv4 address or addresses of the\n network interface.
\n requester-id - The alias or Amazon Web Services account ID of the principal or service that created the network interface.
\n requester-managed - Indicates whether the network interface is being managed by an Amazon Web Services service \n\t\t (for example, Amazon Web Services Management Console, Auto Scaling, and so on).
\n source-dest-check - Indicates whether the network interface performs source/destination checking. \n\t\t A value of true means checking is enabled, and false means checking is disabled. \n\t\t The value must be false for the network interface to perform network address translation (NAT) in your VPC.
\n status - The status of the network interface. If the network interface is not attached to an instance, the status is available; \n\t\t if a network interface is attached to an instance the status is in-use.
\n subnet-id - The ID of the subnet for the network interface.
\n tag:Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
\n vpc-id - The ID of the VPC for the network interface.
One or more filters.
\n\n association.allocation-id - The allocation ID returned when you\n\t\t allocated the Elastic IP address (IPv4) for your network interface.
\n association.association-id - The association ID returned when the\n\t\t network interface was associated with an IPv4 address.
\n addresses.association.owner-id - The owner ID of the addresses associated with the network interface.
\n addresses.association.public-ip - The association ID returned when\n\t\t the network interface was associated with the Elastic IP address\n\t\t (IPv4).
\n addresses.primary - Whether the private IPv4 address is the primary\n IP address associated with the network interface.
\n addresses.private-ip-address - The private IPv4 addresses\n\t\t associated with the network interface.
\n association.ip-owner-id - The owner of the Elastic IP address\n (IPv4) associated with the network interface.
\n association.public-ip - The address of the Elastic IP address\n (IPv4) bound to the network interface.
\n association.public-dns-name - The public DNS name for the network\n interface (IPv4).
\n attachment.attach-time - The time that the network interface was attached to an instance.
\n attachment.attachment-id - The ID of the interface attachment.
\n attachment.delete-on-termination - Indicates whether the attachment is deleted when an instance is terminated.
\n attachment.device-index - The device index to which the network interface is attached.
\n attachment.instance-id - The ID of the instance to which the network interface is attached.
\n attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.
\n attachment.status - The status of the attachment (attaching | attached | detaching | detached).
\n availability-zone - The Availability Zone of the network interface.
\n description - The description of the network interface.
\n group-id - The ID of a security group associated with the network interface.
\n ipv6-addresses.ipv6-address - An IPv6 address associated with\n the network interface.
\n interface-type - The type of network interface (api_gateway_managed | \n\t\t aws_codestar_connections_managed | branch | \n\t\t ec2_instance_connect_endpoint | efa | efs | \n\t\t gateway_load_balancer | gateway_load_balancer_endpoint | \n\t\t global_accelerator_managed | \n\t\t interface | iot_rules_managed | \n\t\t lambda | load_balancer | \n\t\t nat_gateway | network_load_balancer | \n\t\t quicksight | \n\t\t transit_gateway | trunk | \n\t\t vpc_endpoint).
\n mac-address - The MAC address of the network interface.
\n network-interface-id - The ID of the network interface.
\n owner-id - The Amazon Web Services account ID of the network interface owner.
\n private-dns-name - The private DNS name of the network interface (IPv4).
\n private-ip-address - The private IPv4 address or addresses of the\n network interface.
\n requester-id - The alias or Amazon Web Services account ID of the principal or service that created the network interface.
\n requester-managed - Indicates whether the network interface is being managed by an Amazon Web Services \n\t\t service (for example, Amazon Web Services Management Console, Auto Scaling, and so on).
\n source-dest-check - Indicates whether the network interface performs source/destination checking. \n\t\t A value of true means checking is enabled, and false means checking is disabled. \n\t\t The value must be false for the network interface to perform network address translation (NAT) in your VPC.
\n status - The status of the network interface. If the network interface is not attached to an instance, the status is available; \n\t\t if a network interface is attached to an instance the status is in-use.
\n subnet-id - The ID of the subnet for the network interface.
\n tag:Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
\n vpc-id - The ID of the VPC for the network interface.
The filters.
\n\n association.gateway-id - The ID of the gateway involved in the\n\t\t association.
\n association.route-table-association-id - The ID of an association\n ID for the route table.
\n association.route-table-id - The ID of the route table involved in\n the association.
\n association.subnet-id - The ID of the subnet involved in the\n association.
\n association.main - Indicates whether the route table is the main\n route table for the VPC (true | false). Route tables\n that do not have an association ID are not returned in the response.
\n owner-id - The ID of the Amazon Web Services account that owns the route table.
\n route-table-id - The ID of the route table.
\n route.destination-cidr-block - The IPv4 CIDR range specified in a\n route in the table.
\n route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.
\n route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Services service\n specified in a route in the table.
\n route.egress-only-internet-gateway-id - The ID of an\n egress-only Internet gateway specified in a route in the route table.
\n route.gateway-id - The ID of a gateway specified in a route in the table.
\n route.instance-id - The ID of an instance specified in a route in the table.
\n route.nat-gateway-id - The ID of a NAT gateway.
\n route.transit-gateway-id - The ID of a transit gateway.
\n route.origin - Describes how the route was created. \n CreateRouteTable indicates that the route was automatically\n created when the route table was created; CreateRoute indicates\n that the route was manually added to the route table;\n EnableVgwRoutePropagation indicates that the route was\n propagated by route propagation.
\n route.state - The state of a route in the route table\n (active | blackhole). The blackhole state\n indicates that the route's target isn't available (for example, the specified\n gateway isn't attached to the VPC, the specified NAT instance has been\n terminated, and so on).
\n route.vpc-peering-connection-id - The ID of a VPC peering\n\t\t connection specified in a route in the table.
\n tag:Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
\n vpc-id - The ID of the VPC for the route table.
The filters.
\n\n association.gateway-id - The ID of the gateway involved in the\n\t\t association.
\n association.route-table-association-id - The ID of an association\n ID for the route table.
\n association.route-table-id - The ID of the route table involved in\n the association.
\n association.subnet-id - The ID of the subnet involved in the\n association.
\n association.main - Indicates whether the route table is the main\n route table for the VPC (true | false). Route tables\n that do not have an association ID are not returned in the response.
\n owner-id - The ID of the Amazon Web Services account that owns the route table.
\n route-table-id - The ID of the route table.
\n route.destination-cidr-block - The IPv4 CIDR range specified in a\n route in the table.
\n route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.
\n route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Services \n\t\t\t\t service specified in a route in the table.
\n route.egress-only-internet-gateway-id - The ID of an\n egress-only Internet gateway specified in a route in the route table.
\n route.gateway-id - The ID of a gateway specified in a route in the table.
\n route.instance-id - The ID of an instance specified in a route in the table.
\n route.nat-gateway-id - The ID of a NAT gateway.
\n route.transit-gateway-id - The ID of a transit gateway.
\n route.origin - Describes how the route was created. \n CreateRouteTable indicates that the route was automatically\n created when the route table was created; CreateRoute indicates\n that the route was manually added to the route table;\n EnableVgwRoutePropagation indicates that the route was\n propagated by route propagation.
\n route.state - The state of a route in the route table\n (active | blackhole). The blackhole state\n indicates that the route's target isn't available (for example, the specified\n gateway isn't attached to the VPC, the specified NAT instance has been\n terminated, and so on).
\n route.vpc-peering-connection-id - The ID of a VPC peering\n\t\t connection specified in a route in the table.
\n tag:Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
\n vpc-id - The ID of the VPC for the route table.
Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in the same VPC or peered VPC. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted.
", + "smithy.api#documentation": "Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in a peered VPC. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -44023,7 +44023,7 @@ "target": "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessResult" }, "traits": { - "smithy.api#documentation": "Disables the block public access for snapshots setting at \n the account level for the specified Amazon Web Services Region. After you disable block public \n access for snapshots in a Region, users can publicly share snapshots in that Region.
\nIf block public access is enabled in block-all-sharing mode, and \n you disable block public access, all snapshots that were previously publicly shared \n are no longer treated as private and they become publicly accessible again.
For more information, see \n Block public access for snapshots in the Amazon EBS User Guide .
\n " + "smithy.api#documentation": "Disables the block public access for snapshots setting at \n the account level for the specified Amazon Web Services Region. After you disable block public \n access for snapshots in a Region, users can publicly share snapshots in that Region.
\nEnabling block public access for snapshots in block-all-sharing \n mode does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.
\nIf you disable block public access , these snapshots will become publicly available \n again.
\nFor more information, see \n Block public access for snapshots in the Amazon EBS User Guide .
\n " } }, "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessRequest": { @@ -45915,6 +45915,71 @@ } } }, + "com.amazonaws.ec2#EbsStatusDetails": { + "type": "structure", + "members": { + "ImpairedSince": { + "target": "com.amazonaws.ec2#MillisecondDateTime", + "traits": { + "aws.protocols#ec2QueryName": "ImpairedSince", + "smithy.api#documentation": "The date and time when the attached EBS status check failed.
", + "smithy.api#xmlName": "impairedSince" + } + }, + "Name": { + "target": "com.amazonaws.ec2#StatusName", + "traits": { + "aws.protocols#ec2QueryName": "Name", + "smithy.api#documentation": "The name of the attached EBS status check.
", + "smithy.api#xmlName": "name" + } + }, + "Status": { + "target": "com.amazonaws.ec2#StatusType", + "traits": { + "aws.protocols#ec2QueryName": "Status", + "smithy.api#documentation": "The result of the attached EBS status check.
", + "smithy.api#xmlName": "status" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the attached EBS status check for an instance.
" + } + }, + "com.amazonaws.ec2#EbsStatusDetailsList": { + "type": "list", + "member": { + "target": "com.amazonaws.ec2#EbsStatusDetails", + "traits": { + "smithy.api#xmlName": "item" + } + } + }, + "com.amazonaws.ec2#EbsStatusSummary": { + "type": "structure", + "members": { + "Details": { + "target": "com.amazonaws.ec2#EbsStatusDetailsList", + "traits": { + "aws.protocols#ec2QueryName": "Details", + "smithy.api#documentation": "Details about the attached EBS status check for an instance.
", + "smithy.api#xmlName": "details" + } + }, + "Status": { + "target": "com.amazonaws.ec2#SummaryStatus", + "traits": { + "aws.protocols#ec2QueryName": "Status", + "smithy.api#documentation": "The current status.
", + "smithy.api#xmlName": "status" + } + } + }, + "traits": { + "smithy.api#documentation": "Provides a summary of the attached EBS volume status for an instance.
" + } + }, "com.amazonaws.ec2#Ec2InstanceConnectEndpoint": { "type": "structure", "members": { @@ -47554,7 +47619,7 @@ "target": "com.amazonaws.ec2#EnableSnapshotBlockPublicAccessResult" }, "traits": { - "smithy.api#documentation": "Enables or modifies the block public access for snapshots \n setting at the account level for the specified Amazon Web Services Region. After you enable block \n public access for snapshots in a Region, users can no longer request public sharing \n for snapshots in that Region. Snapshots that are already publicly shared are either \n treated as private or they remain publicly shared, depending on the \n State that you specify.
\nIf block public access is enabled in block-all-sharing mode, and \n you change the mode to block-new-sharing, all snapshots that were \n previously publicly shared are no longer treated as private and they become publicly \n accessible again.
For more information, see \n Block public access for snapshots in the Amazon EBS User Guide.
" + "smithy.api#documentation": "Enables or modifies the block public access for snapshots \n setting at the account level for the specified Amazon Web Services Region. After you enable block \n public access for snapshots in a Region, users can no longer request public sharing \n for snapshots in that Region. Snapshots that are already publicly shared are either \n treated as private or they remain publicly shared, depending on the \n State that you specify.
\nEnabling block public access for snapshots in block all sharing \n mode does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.
\nIf you later disable block public access or change the mode to block new \n sharing, these snapshots will become publicly available again.
\nFor more information, see \n Block public access for snapshots in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#EnableSnapshotBlockPublicAccessRequest": { @@ -47564,7 +47629,7 @@ "target": "com.amazonaws.ec2#SnapshotBlockPublicAccessState", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The mode in which to enable block public access for snapshots for the Region. \n Specify one of the following values:
\n\n block-all-sharing - Prevents all public sharing of snapshots in \n the Region. Users in the account will no longer be able to request new public \n sharing. Additionally, snapshots that are already publicly shared are treated as \n private and they are no longer publicly available.
If you enable block public access for snapshots in block-all-sharing \n mode, it does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.
\n block-new-sharing - Prevents only new public sharing of snapshots \n in the Region. Users in the account will no longer be able to request new public \n sharing. However, snapshots that are already publicly shared, remain publicly \n available.
\n unblocked is not a valid value for EnableSnapshotBlockPublicAccess.
The mode in which to enable block public access for snapshots for the Region. \n Specify one of the following values:
\n\n block-all-sharing - Prevents all public sharing of snapshots in \n the Region. Users in the account will no longer be able to request new public \n sharing. Additionally, snapshots that are already publicly shared are treated as \n private and they are no longer publicly available.
\n block-new-sharing - Prevents only new public sharing of snapshots \n in the Region. Users in the account will no longer be able to request new public \n sharing. However, snapshots that are already publicly shared, remain publicly \n available.
\n unblocked is not a valid value for EnableSnapshotBlockPublicAccess.
Reports impaired functionality that stems from issues related to the systems that\n support an instance, such as hardware failures and network connectivity problems.
", "smithy.api#xmlName": "systemStatus" } + }, + "AttachedEbsStatus": { + "target": "com.amazonaws.ec2#EbsStatusSummary", + "traits": { + "aws.protocols#ec2QueryName": "AttachedEbsStatus", + "smithy.api#documentation": "Reports impaired functionality that stems from an attached Amazon EBS volume that is \n unreachable and unable to complete I/O operations.
", + "smithy.api#xmlName": "attachedEbsStatus" + } } }, "traits": { @@ -77899,7 +77972,7 @@ "EnableDns64": { "target": "com.amazonaws.ec2#AttributeBooleanValue", "traits": { - "smithy.api#documentation": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet \n should return synthetic IPv6 addresses for IPv4-only destinations.
" + "smithy.api#documentation": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet \n should return synthetic IPv6 addresses for IPv4-only destinations.
\nYou must first configure a NAT gateway in a public subnet (separate from the subnet containing the IPv6-only workloads). For example, the subnet containing the NAT gateway should have a 0.0.0.0/0 route pointing to the internet gateway. For more information, see Configure DNS64 and NAT64 in the Amazon VPC User Guide.
A private Autonomous System Number (ASN) for the Amazon side of a BGP session. \n The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.
\nThe modify ASN operation is not allowed on a transit gateway with active BGP sessions. You must first delete all transit gateway attachments that have BGP configured prior to modifying the ASN on the transit gateway.
" + "smithy.api#documentation": "A private Autonomous System Number (ASN) for the Amazon side of a BGP session. \n The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.
\nThe modify ASN operation is not allowed on a transit gateway if it has the following attachments:
\nDynamic VPN
\nStatic VPN
\nDirect Connect Gateway
\nConnect
\nYou must first delete all transit gateway attachments configured prior to modifying the ASN on\n the transit gateway.
" } } }, @@ -88806,7 +88879,7 @@ "ImageId": { "target": "com.amazonaws.ec2#ImageId", "traits": { - "smithy.api#documentation": "The ID of the AMI in the format ami-17characters00000.
Alternatively, you can specify a Systems Manager parameter, using one of the following\n formats. The Systems Manager parameter will resolve to an AMI ID on launch.
\nTo reference a public parameter:
\n\n resolve:ssm:public-parameter\n \n
To reference a parameter stored in the same account:
\n\n resolve:ssm:parameter-name\n \n
\n resolve:ssm:parameter-name:version-number\n \n
\n resolve:ssm:parameter-name:label\n \n
To reference a parameter shared from another Amazon Web Services account:
\n\n resolve:ssm:parameter-ARN\n \n
\n resolve:ssm:parameter-ARN:version-number\n \n
\n resolve:ssm:parameter-ARN:label\n \n
For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.
\nIf the launch template will be used for an EC2 Fleet or Spot Fleet, note the\n following:
\nOnly EC2 Fleets of type instant support specifying a Systems\n Manager parameter.
For EC2 Fleets of type maintain or request, or\n for Spot Fleets, you must specify the AMI ID.
The ID of the AMI in the format ami-0ac394d6a3example.
Alternatively, you can specify a Systems Manager parameter, using one of the following\n formats. The Systems Manager parameter will resolve to an AMI ID on launch.
\nTo reference a public parameter:
\n\n resolve:ssm:public-parameter\n \n
To reference a parameter stored in the same account:
\n\n resolve:ssm:parameter-name\n \n
\n resolve:ssm:parameter-name:version-number\n \n
\n resolve:ssm:parameter-name:label\n \n
To reference a parameter shared from another Amazon Web Services account:
\n\n resolve:ssm:parameter-ARN\n \n
\n resolve:ssm:parameter-ARN:version-number\n \n
\n resolve:ssm:parameter-ARN:label\n \n
For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.
\nIf the launch template will be used for an EC2 Fleet or Spot Fleet, note the\n following:
\nOnly EC2 Fleets of type instant support specifying a Systems\n Manager parameter.
For EC2 Fleets of type maintain or request, or\n for Spot Fleets, you must specify the AMI ID.
A mode that describes how a job was created. Valid values are:
\n\n SCRIPT - The job was created using the Glue Studio script editor.
\n VISUAL - The job was created using the Glue Studio visual editor.
\n NOTEBOOK - The job was created using an interactive sessions notebook.
When the JobMode field is missing or null, SCRIPT is assigned as the default value.
Specifies whether job run queuing is enabled for the job runs for this job.
\nA value of true means job run queuing is enabled for the job runs. If false or not populated, the job runs will not be considered for queueing.
\nIf this field does not match the value set in the job run, then the value from the job run field will be used.
" + } + }, "Description": { "target": "com.amazonaws.glue#DescriptionString", "traits": { @@ -22978,6 +22984,12 @@ "smithy.api#documentation": "A mode that describes how a job was created. Valid values are:
\n\n SCRIPT - The job was created using the Glue Studio script editor.
\n VISUAL - The job was created using the Glue Studio visual editor.
\n NOTEBOOK - The job was created using an interactive sessions notebook.
When the JobMode field is missing or null, SCRIPT is assigned as the default value.
Specifies whether job run queuing is enabled for the job runs for this job.
\nA value of true means job run queuing is enabled for the job runs. If false or not populated, the job runs will not be considered for queueing.
\nIf this field does not match the value set in the job run, then the value from the job run field will be used.
" + } + }, "Description": { "target": "com.amazonaws.glue#DescriptionString", "traits": { @@ -23346,6 +23358,12 @@ "smithy.api#documentation": "A mode that describes how a job was created. Valid values are:
\n\n SCRIPT - The job was created using the Glue Studio script editor.
\n VISUAL - The job was created using the Glue Studio visual editor.
\n NOTEBOOK - The job was created using an interactive sessions notebook.
When the JobMode field is missing or null, SCRIPT is assigned as the default value.
Specifies whether job run queuing is enabled for the job run.
\nA value of true means job run queuing is enabled for the job run. If false or not populated, the job run will not be considered for queueing.
" + } + }, "StartedOn": { "target": "com.amazonaws.glue#TimestampValue", "traits": { @@ -23476,6 +23494,12 @@ "traits": { "smithy.api#documentation": "The name of an Glue usage profile associated with the job run.
" } + }, + "StateDetail": { + "target": "com.amazonaws.glue#OrchestrationMessageString", + "traits": { + "smithy.api#documentation": "This field holds details that pertain to the state of a job run. The field is nullable.
\nFor example, when a job run is in a WAITING state as a result of job run queuing, the field has the reason why the job run is in that state.
" + } } }, "traits": { @@ -23562,6 +23586,12 @@ "smithy.api#documentation": "A mode that describes how a job was created. Valid values are:
\n\n SCRIPT - The job was created using the Glue Studio script editor.
\n VISUAL - The job was created using the Glue Studio visual editor.
\n NOTEBOOK - The job was created using an interactive sessions notebook.
When the JobMode field is missing or null, SCRIPT is assigned as the default value.
Specifies whether job run queuing is enabled for the job runs for this job.
\nA value of true means job run queuing is enabled for the job runs. If false or not populated, the job runs will not be considered for queueing.
\nIf this field does not match the value set in the job run, then the value from the job run field will be used.
" + } + }, "Description": { "target": "com.amazonaws.glue#DescriptionString", "traits": { @@ -27596,6 +27626,15 @@ "smithy.api#pattern": "^arn:aws[^:]*:iam::[0-9]*:role/.+$" } }, + "com.amazonaws.glue#OrchestrationMessageString": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400000 + } + } + }, "com.amazonaws.glue#OrchestrationNameString": { "type": "string", "traits": { @@ -33569,6 +33608,12 @@ "smithy.api#required": {} } }, + "JobRunQueuingEnabled": { + "target": "com.amazonaws.glue#NullableBoolean", + "traits": { + "smithy.api#documentation": "Specifies whether job run queuing is enabled for the job run.
\nA value of true means job run queuing is enabled for the job run. If false or not populated, the job run will not be considered for queueing.
" + } + }, "JobRunId": { "target": "com.amazonaws.glue#IdString", "traits": { diff --git a/codegen/sdk-codegen/aws-models/lambda.json b/codegen/sdk-codegen/aws-models/lambda.json index 1a2a4476d7f..3a15790aada 100644 --- a/codegen/sdk-codegen/aws-models/lambda.json +++ b/codegen/sdk-codegen/aws-models/lambda.json @@ -1753,7 +1753,7 @@ } ], "traits": { - "smithy.api#documentation": "Grants an Amazon Web Service, Amazon Web Services account, or Amazon Web Services organization\n permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict\n access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name\n (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies\n to version $LATEST.
\nTo grant permission to another account, specify the account ID as the Principal. To grant\n permission to an organization defined in Organizations, specify the organization ID as the\n PrincipalOrgID. For Amazon Web Services, the principal is a domain-style identifier that\n the service defines, such as s3.amazonaws.com or sns.amazonaws.com. For Amazon Web Services, you can also specify the ARN of the associated resource as the SourceArn. If\n you grant permission to a service principal without specifying the source, other accounts could potentially\n configure resources in their account to invoke your Lambda function.
This operation adds a statement to a resource-based permissions policy for the function. For more information\n about function policies, see Using resource-based policies for Lambda.
", + "smithy.api#documentation": "Grants an Amazon Web Servicesservice, Amazon Web Services account, or Amazon Web Services organization\n permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict\n access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name\n (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies\n to version $LATEST.
\nTo grant permission to another account, specify the account ID as the Principal. To grant\n permission to an organization defined in Organizations, specify the organization ID as the\n PrincipalOrgID. For Amazon Web Servicesservices, the principal is a domain-style identifier that\n the service defines, such as s3.amazonaws.com or sns.amazonaws.com. For Amazon Web Servicesservices, you can also specify the ARN of the associated resource as the SourceArn. If\n you grant permission to a service principal without specifying the source, other accounts could potentially\n configure resources in their account to invoke your Lambda function.
This operation adds a statement to a resource-based permissions policy for the function. For more information\n about function policies, see Using resource-based policies for Lambda.
", "smithy.api#http": { "method": "POST", "uri": "/2015-03-31/functions/{FunctionName}/policy", @@ -1789,20 +1789,20 @@ "Principal": { "target": "com.amazonaws.lambda#Principal", "traits": { - "smithy.api#documentation": "The Amazon Web Service or Amazon Web Services account that invokes the function. If you specify a\n service, use SourceArn or SourceAccount to limit who can invoke the function through\n that service.
The Amazon Web Servicesservice or Amazon Web Services account that invokes the function. If you specify a\n service, use SourceArn or SourceAccount to limit who can invoke the function through\n that service.
For Amazon Web Services, the ARN of the Amazon Web Services resource that invokes the function. For\n example, an Amazon S3 bucket or Amazon SNS topic.
\nNote that Lambda configures the comparison using the StringLike operator.
For Amazon Web Servicesservices, the ARN of the Amazon Web Services resource that invokes the function. For\n example, an Amazon S3 bucket or Amazon SNS topic.
\nNote that Lambda configures the comparison using the StringLike operator.
For Amazon Web Service, the ID of the Amazon Web Services account that owns the resource. Use this\n together with SourceArn to ensure that the specified account owns the resource. It is possible for an\n Amazon S3 bucket to be deleted by its owner and recreated by another account.
For Amazon Web Servicesservice, the ID of the Amazon Web Services account that owns the resource. Use this\n together with SourceArn to ensure that the specified account owns the resource. It is possible for an\n Amazon S3 bucket to be deleted by its owner and recreated by another account.
Specific configuration settings for a DocumentDB event source.
" } + }, + "KMSKeyArn": { + "target": "com.amazonaws.lambda#KMSKeyArn", + "traits": { + "smithy.api#documentation": "\n The ARN of the Key Management Service (KMS) customer managed key that Lambda\n uses to encrypt your function's filter criteria.\n By default, Lambda does not encrypt your filter criteria object. Specify this\n property to encrypt data using your own customer managed key.\n
" + } } }, "traits": { @@ -2714,7 +2720,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a Lambda function. To create a function, you need a deployment package and an execution role. The\n deployment package is a .zip file archive or container image that contains your function code. The execution role\n grants the function permission to use Amazon Web Services, such as Amazon CloudWatch Logs for log\n streaming and X-Ray for request tracing.
\nIf the deployment package is a container\n image, then you set the package type to Image. For a container image, the code property\n must include the URI of a container image in the Amazon ECR registry. You do not need to specify the\n handler and runtime properties.
If the deployment package is a .zip file archive, then\n you set the package type to Zip. For a .zip file archive, the code property specifies the location of\n the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must\n be compatible with the target instruction set architecture of the function (x86-64 or\n arm64). If you do not specify the architecture, then the default value is\n x86-64.
When you create a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't\n invoke or modify the function. The State, StateReason, and StateReasonCode\n fields in the response from GetFunctionConfiguration indicate when the function is ready to\n invoke. For more information, see Lambda function states.
A function has an unpublished version, and can have published versions and aliases. The unpublished version\n changes when you update your function's code and configuration. A published version is a snapshot of your function\n code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be\n changed to map to a different version. Use the Publish parameter to create version 1 of\n your function from its initial configuration.
The other parameters let you configure version-specific and function-level settings. You can modify\n version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply\n to both the unpublished and published versions of the function, and include tags (TagResource)\n and per-function concurrency limits (PutFunctionConcurrency).
\nYou can use code signing if your deployment package is a .zip file archive. To enable code signing for this\n function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with\n UpdateFunctionCode, Lambda checks that the code package has a valid signature from\n a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted\n publishers for this function.
\nIf another Amazon Web Services account or an Amazon Web Service invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.
\nTo invoke your function directly, use Invoke. To invoke your function in response to events\n in other Amazon Web Services, create an event source mapping (CreateEventSourceMapping),\n or configure a function trigger in the other service. For more information, see Invoking Lambda\n functions.
", + "smithy.api#documentation": "Creates a Lambda function. To create a function, you need a deployment package and an execution role. The\n deployment package is a .zip file archive or container image that contains your function code. The execution role\n grants the function permission to use Amazon Web Servicesservices, such as Amazon CloudWatch Logs for log\n streaming and X-Ray for request tracing.
\nIf the deployment package is a container\n image, then you set the package type to Image. For a container image, the code property\n must include the URI of a container image in the Amazon ECR registry. You do not need to specify the\n handler and runtime properties.
If the deployment package is a .zip file archive, then\n you set the package type to Zip. For a .zip file archive, the code property specifies the location of\n the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must\n be compatible with the target instruction set architecture of the function (x86-64 or\n arm64). If you do not specify the architecture, then the default value is\n x86-64.
When you create a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't\n invoke or modify the function. The State, StateReason, and StateReasonCode\n fields in the response from GetFunctionConfiguration indicate when the function is ready to\n invoke. For more information, see Lambda function states.
A function has an unpublished version, and can have published versions and aliases. The unpublished version\n changes when you update your function's code and configuration. A published version is a snapshot of your function\n code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be\n changed to map to a different version. Use the Publish parameter to create version 1 of\n your function from its initial configuration.
The other parameters let you configure version-specific and function-level settings. You can modify\n version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply\n to both the unpublished and published versions of the function, and include tags (TagResource)\n and per-function concurrency limits (PutFunctionConcurrency).
\nYou can use code signing if your deployment package is a .zip file archive. To enable code signing for this\n function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with\n UpdateFunctionCode, Lambda checks that the code package has a valid signature from\n a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted\n publishers for this function.
\nIf another Amazon Web Services account or an Amazon Web Servicesservice invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.
\nTo invoke your function directly, use Invoke. To invoke your function in response to events\n in other Amazon Web Servicesservices, create an event source mapping (CreateEventSourceMapping),\n or configure a function trigger in the other service. For more information, see Invoking Lambda\n functions.
", "smithy.api#http": { "method": "POST", "uri": "/2015-03-31/functions", @@ -3217,7 +3223,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter.\n Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit\n permissions for DeleteAlias.
To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Services and resources that invoke your function\n directly, delete the trigger in the service where you originally configured it.
", + "smithy.api#documentation": "Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter.\n Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit\n permissions for DeleteAlias.
To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Servicesservices and resources that invoke your function\n directly, delete the trigger in the service where you originally configured it.
", "smithy.api#http": { "method": "DELETE", "uri": "/2015-03-31/functions/{FunctionName}", @@ -3968,7 +3974,7 @@ "FilterCriteria": { "target": "com.amazonaws.lambda#FilterCriteria", "traits": { - "smithy.api#documentation": "An object that defines the filter criteria that\n determine whether Lambda should process an event. For more information, see Lambda event filtering.
" + "smithy.api#documentation": "An object that defines the filter criteria that\n determine whether Lambda should process an event. For more information, see Lambda event filtering.
\nIf filter criteria is encrypted, this field shows up as null in the response\n of ListEventSourceMapping API calls. You can view this field in plaintext in the response of\n GetEventSourceMapping and DeleteEventSourceMapping calls if you have\n kms:Decrypt permissions for the correct KMS key.
Specific configuration settings for a DocumentDB event source.
" } + }, + "KMSKeyArn": { + "target": "com.amazonaws.lambda#KMSKeyArn", + "traits": { + "smithy.api#documentation": "\n The ARN of the Key Management Service (KMS) customer managed key that Lambda\n uses to encrypt your function's filter criteria.
" + } + }, + "FilterCriteriaError": { + "target": "com.amazonaws.lambda#FilterCriteriaError", + "traits": { + "smithy.api#documentation": "An object that contains details about an error related to filter criteria encryption.
" + } } }, "traits": { @@ -4201,6 +4219,46 @@ "smithy.api#documentation": "\n An object that contains the filters for an event source.\n
" } }, + "com.amazonaws.lambda#FilterCriteriaError": { + "type": "structure", + "members": { + "ErrorCode": { + "target": "com.amazonaws.lambda#FilterCriteriaErrorCode", + "traits": { + "smithy.api#documentation": "The KMS exception that resulted from filter criteria encryption or decryption.
" + } + }, + "Message": { + "target": "com.amazonaws.lambda#FilterCriteriaErrorMessage", + "traits": { + "smithy.api#documentation": "The error message.
" + } + } + }, + "traits": { + "smithy.api#documentation": "An object that contains details about an error related to filter criteria encryption.
" + } + }, + "com.amazonaws.lambda#FilterCriteriaErrorCode": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 10, + "max": 50 + }, + "smithy.api#pattern": "^[A-Za-z]+Exception$" + } + }, + "com.amazonaws.lambda#FilterCriteriaErrorMessage": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 10, + "max": 2048 + }, + "smithy.api#pattern": ".*" + } + }, "com.amazonaws.lambda#FilterList": { "type": "list", "member": { @@ -9850,7 +9908,7 @@ } ], "traits": { - "smithy.api#documentation": "Revokes function-use permission from an Amazon Web Service or another Amazon Web Services account. You\n can get the ID of the statement from the output of GetPolicy.
", + "smithy.api#documentation": "Revokes function-use permission from an Amazon Web Servicesservice or another Amazon Web Services account. You\n can get the ID of the statement from the output of GetPolicy.
", "smithy.api#http": { "method": "DELETE", "uri": "/2015-03-31/functions/{FunctionName}/policy/{StatementId}", @@ -11531,6 +11589,12 @@ "traits": { "smithy.api#documentation": "Specific configuration settings for a DocumentDB event source.
" } + }, + "KMSKeyArn": { + "target": "com.amazonaws.lambda#KMSKeyArn", + "traits": { + "smithy.api#documentation": "\n The ARN of the Key Management Service (KMS) customer managed key that Lambda\n uses to encrypt your function's filter criteria.\n By default, Lambda does not encrypt your filter criteria object. Specify this\n property to encrypt data using your own customer managed key.\n
" + } } }, "traits": { @@ -11696,7 +11760,7 @@ } ], "traits": { - "smithy.api#documentation": "Modify the version-specific settings of a Lambda function.
\nWhen you update a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute. During this time, you can't modify\n the function, but you can still invoke it. The LastUpdateStatus, LastUpdateStatusReason,\n and LastUpdateStatusReasonCode fields in the response from GetFunctionConfiguration\n indicate when the update is complete and the function is processing events with the new configuration. For more\n information, see Lambda\n function states.
These settings can vary between versions of a function and are locked when you publish a version. You can't\n modify the configuration of a published version, only the unpublished version.
\nTo configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions\n to an Amazon Web Services account or Amazon Web Service, use AddPermission.
", + "smithy.api#documentation": "Modify the version-specific settings of a Lambda function.
\nWhen you update a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute. During this time, you can't modify\n the function, but you can still invoke it. The LastUpdateStatus, LastUpdateStatusReason,\n and LastUpdateStatusReasonCode fields in the response from GetFunctionConfiguration\n indicate when the update is complete and the function is processing events with the new configuration. For more\n information, see Lambda\n function states.
These settings can vary between versions of a function and are locked when you publish a version. You can't\n modify the configuration of a published version, only the unpublished version.
\nTo configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions\n to an Amazon Web Services account or Amazon Web Servicesservice, use AddPermission.
", "smithy.api#http": { "method": "PUT", "uri": "/2015-03-31/functions/{FunctionName}/configuration", diff --git a/codegen/sdk-codegen/aws-models/securityhub.json b/codegen/sdk-codegen/aws-models/securityhub.json index e85e0d76284..cd074c914e4 100644 --- a/codegen/sdk-codegen/aws-models/securityhub.json +++ b/codegen/sdk-codegen/aws-models/securityhub.json @@ -958,7 +958,7 @@ "ResourceId": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Service that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n
\n\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t
" + "smithy.api#documentation": "\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Servicesservice that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n
\n\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t
" } }, "ResourcePartition": { @@ -19082,7 +19082,7 @@ "ComplianceSecurityControlId": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n
" + "smithy.api#documentation": "\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n
" } }, "ComplianceAssociatedStandardsId": { @@ -22198,7 +22198,7 @@ "SecurityControlId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n
" + "smithy.api#documentation": "\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n
" } }, "AssociatedStandards": { @@ -23095,14 +23095,14 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.
\nThe selected option also determines how to use the Regions provided in the Regions list.
\nThe options are as follows:
\n\n ALL_REGIONS - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n ALL_REGIONS_EXCEPT_SPECIFIED - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n SPECIFIED_REGIONS - Indicates to aggregate findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.\n
Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.
\nThe selected option also determines how to use the Regions provided in the Regions list.
\nThe options are as follows:
\n\n ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.\n
\n NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.\n
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n
An InvalidInputException error results if you populate this field while RegionLinkingMode is \n NO_REGIONS.
Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Service or third-party partner integration may call \n BatchImportFindings\n , or an Security Hub customer\n may call \n BatchUpdateFindings\n .
Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Servicesservice or third-party partner integration may call \n BatchImportFindings\n , or an Security Hub customer\n may call \n BatchUpdateFindings\n .
\n Describes the type of finding change event, such as a call to \n BatchImportFindings\n (by an integrated Amazon Web Service or third party partner integration) or \n BatchUpdateFindings\n (by a Security Hub customer). \n
\n Describes the type of finding change event, such as a call to \n BatchImportFindings\n (by an integrated Amazon Web Servicesservice or third party partner integration) or \n BatchUpdateFindings\n (by a Security Hub customer). \n
\n The Amazon Web Service that the configuration policy applies to.\n
" + "smithy.api#documentation": "\n The Amazon Web Servicesservice that the configuration policy applies to.\n
" } } }, @@ -30927,7 +30927,7 @@ "DestinationPrefixListId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "\n The prefix of the destination Amazon Web Service.\n
" + "smithy.api#documentation": "\n The prefix of the destination Amazon Web Servicesservice.\n
" } }, "EgressOnlyInternetGatewayId": { @@ -31534,7 +31534,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a \n number, such as APIGateway.3.\n
", + "smithy.api#documentation": "\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a \n number, such as APIGateway.3.\n
", "smithy.api#required": {} } }, @@ -31589,7 +31589,7 @@ "UpdateStatus": { "target": "com.amazonaws.securityhub#UpdateStatus", "traits": { - "smithy.api#documentation": "\n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \nREADY indicates findings include the current parameter values. A status of UPDATING indicates that \nall findings may not include the current parameter values.\n
\n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \nREADY indicates that Security Hub uses the current control parameter values when running security checks of the control. \nA status of UPDATING indicates that all security checks might not use the current parameter values.\n
\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n
\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.
\nSecurity Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.
\nTo help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.
\nIn addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Services and supported third-party products.
\nSecurity Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.
\nThis guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Services.
\nIn addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.
\nWith the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.
\nThe following throttling limits apply to Security Hub API operations.
\n\n BatchEnableStandards - RateLimit of 1 request per\n second. BurstLimit of 1 request per second.
\n GetFindings - RateLimit of 3 requests per second.\n BurstLimit of 6 requests per second.
\n BatchImportFindings - RateLimit of 10 requests per second.\n BurstLimit of 30 requests per second.
\n BatchUpdateFindings - RateLimit of 10 requests per second.\n BurstLimit of 30 requests per second.
\n UpdateStandardsControl - RateLimit of 1 request per\n second. BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second.\n BurstLimit of 30 requests per second.
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.
\nSecurity Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.
\nTo help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.
\nIn addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.
\nSecurity Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.
\nThis guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Servicesservices.
\nIn addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.
\nWith the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.
\nThe following throttling limits apply to Security Hub API operations.
\n\n BatchEnableStandards - RateLimit of 1 request per\n second. BurstLimit of 1 request per second.
\n GetFindings - RateLimit of 3 requests per second.\n BurstLimit of 6 requests per second.
\n BatchImportFindings - RateLimit of 10 requests per second.\n BurstLimit of 30 requests per second.
\n BatchUpdateFindings - RateLimit of 10 requests per second.\n BurstLimit of 30 requests per second.
\n UpdateStandardsControl - RateLimit of 1 request per\n second. BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second.\n BurstLimit of 30 requests per second.
\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service \n name and a number, such as APIGateway.3.\n
", + "smithy.api#documentation": "\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice \n name and a number, such as APIGateway.3.\n
", "smithy.api#required": {} } }, @@ -33610,7 +33610,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n
", + "smithy.api#documentation": "\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n
", "smithy.api#required": {} } }, @@ -35407,14 +35407,14 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.
\nThe selected option also determines how to use the Regions provided in the Regions list.
\nThe options are as follows:
\n\n ALL_REGIONS - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n ALL_REGIONS_EXCEPT_SPECIFIED - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n SPECIFIED_REGIONS - Indicates to aggregate findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.\n
Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.
\nThe selected option also determines how to use the Regions provided in the Regions list.
\nThe options are as follows:
\n\n ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.\n
\n SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.\n
\n NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.\n
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
An InvalidInputException error results if you populate this field while RegionLinkingMode is \n NO_REGIONS.
\n UpdateFindings is a deprecated operation. Instead of UpdateFindings, use\n the BatchUpdateFindings operation.
Updates the Note and RecordState of the Security Hub-aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n also sees the update to the finding.
Finding updates made with UpdateFindings might not be persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings operation.
\n UpdateFindings is a deprecated operation. Instead of UpdateFindings, use\n the BatchUpdateFindings operation.
The UpdateFindings operation updates the Note and RecordState of the Security Hub aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n can also see the update to the finding.
Finding updates made with UpdateFindings aren't persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings operation. In addition, Security Hub doesn't \n record updates made with UpdateFindings in the finding history.
The customer master key that Amazon SES should use to encrypt your emails before saving\n them to the Amazon S3 bucket. You can use the default master key or a custom master key that\n you created in Amazon Web Services KMS as follows:
\nTo use the default master key, provide an ARN in the form of\n arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses.\n For example, if your Amazon Web Services account ID is 123456789012 and you want to use the\n default master key in the US West (Oregon) Region, the ARN of the default master\n key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses. If\n you use the default master key, you don't need to perform any extra steps to\n give Amazon SES permission to use the key.
To use a custom master key that you created in Amazon Web Services KMS, provide the ARN of\n the master key and ensure that you add a statement to your key's policy to give\n Amazon SES permission to use it. For more information about giving permissions, see\n the Amazon SES Developer\n Guide.
\nFor more information about key policies, see the Amazon Web Services KMS Developer Guide. If\n you do not specify a master key, Amazon SES does not encrypt your emails.
\nYour mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail\n is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side\n encryption. This means that you must use the Amazon S3 encryption client to decrypt the\n email after retrieving it from Amazon S3, as the service has no access to use your\n Amazon Web Services KMS keys for decryption. This encryption client is currently available with\n the Amazon Web Services SDK for Java and\n Amazon Web Services SDK for Ruby only. For\n more information about client-side encryption using Amazon Web Services KMS master keys, see the\n Amazon S3 Developer Guide.
\nThe customer managed key that Amazon SES should use to encrypt your emails before saving\n them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that\n you created in Amazon Web Services KMS as follows:
\nTo use the default managed key, provide an ARN in the form of\n arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses.\n For example, if your Amazon Web Services account ID is 123456789012 and you want to use the\n default managed key in the US West (Oregon) Region, the ARN of the default master\n key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses. If\n you use the default managed key, you don't need to perform any extra steps to\n give Amazon SES permission to use the key.
To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of\n the managed key and ensure that you add a statement to your key's policy to give\n Amazon SES permission to use it. For more information about giving permissions, see\n the Amazon SES Developer\n Guide.
\nFor more information about key policies, see the Amazon Web Services KMS Developer Guide. If\n you do not specify a managed key, Amazon SES does not encrypt your emails.
\nYour mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail\n is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side\n encryption. This means that you must use the Amazon S3 encryption client to decrypt the\n email after retrieving it from Amazon S3, as the service has no access to use your\n Amazon Web Services KMS keys for decryption. This encryption client is currently available with\n the Amazon Web Services SDK for Java and\n Amazon Web Services SDK for Ruby only. For\n more information about client-side encryption using Amazon Web Services KMS managed keys, see the\n Amazon S3 Developer Guide.
\nThe ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket,\n optionally encrypting your mail via the provided customer managed key, and publishing to\n the Amazon SNS topic.\n This role should have access to the following APIs:\n
\n\n s3:PutObject, kms:Encrypt and\n kms:GenerateDataKey for the given Amazon S3 bucket.
\n kms:GenerateDataKey for the given Amazon Web Services KMS customer managed key.\n
\n sns:Publish for the given Amazon SNS topic.
If an IAM role ARN is provided, the role (and only the role) is used to access all\n the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic).\n Therefore, setting up individual resource access permissions is not required.
\nA list of replacement values to apply to the template when replacement data is not\n specified in a Destination object. These values act as a default or fallback option when\n no other data is available.
\nThe template data is a JSON object, typically consisting of key-value pairs in which\n the keys correspond to replacement tags in the email template.
" + "smithy.api#documentation": "A list of replacement values to apply to the template when replacement data is not\n specified in a Destination object. These values act as a default or fallback option when\n no other data is available.
\nThe template data is a JSON object, typically consisting of key-value pairs in which\n the keys correspond to replacement tags in the email template.
", + "smithy.api#required": {} } }, "Destinations": {