Release v1.38.48 (2021-05-26) (#3927)

Release v1.38.48 (2021-05-26) === ### Service Client Updates * `service/acm-pca`: Updates service API and documentation * `service/cloudfront`: Updates service documentation * Documentation fix for CloudFront * `service/ec2`: Updates service API, documentation, and paginators * This release adds resource ids and tagging support for VPC security group rules. * `service/ecs`: Updates service API and documentation * The release adds support for registering External instances to your Amazon ECS clusters. * `service/mwaa`: Updates service API and documentation * `service/outposts`: Updates service API and documentation * `service/qldb`: Updates service API and documentation
aws · May 26, 2021 · 1e220aa · 1e220aa
1 parent 88f39b4
commit 1e220aa
Show file tree

Hide file tree

Showing 28 changed files with 2,570 additions and 472 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,18 @@
+Release v1.38.48 (2021-05-26)
+===
+
+### Service Client Updates
+* `service/acm-pca`: Updates service API and documentation
+* `service/cloudfront`: Updates service documentation
+  * Documentation fix for CloudFront
+* `service/ec2`: Updates service API, documentation, and paginators
+  * This release adds resource ids and tagging support for VPC security group rules.
+* `service/ecs`: Updates service API and documentation
+  * The release adds support for registering External instances to your Amazon ECS clusters.
+* `service/mwaa`: Updates service API and documentation
+* `service/outposts`: Updates service API and documentation
+* `service/qldb`: Updates service API and documentation
+
 Release v1.38.47 (2021-05-25)
 ===
 

diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go
diff --git a/aws/version.go b/aws/version.go
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.38.47"
+const SDKVersion = "1.38.48"
diff --git a/models/apis/acm-pca/2017-08-22/api-2.json b/models/apis/acm-pca/2017-08-22/api-2.json
@@ -649,7 +649,8 @@
           "box":true
         },
         "CustomCname":{"shape":"String253"},
-        "S3BucketName":{"shape":"String3To255"}
+        "S3BucketName":{"shape":"String3To255"},
+        "S3ObjectAcl":{"shape":"S3ObjectAcl"}
       }
     },
     "CsrBlob":{
@@ -1251,6 +1252,13 @@
       "type":"string",
       "max":1024
     },
+    "S3ObjectAcl":{
+      "type":"string",
+      "enum":[
+        "PUBLIC_READ",
+        "BUCKET_OWNER_FULL_CONTROL"
+      ]
+    },
     "SigningAlgorithm":{
       "type":"string",
       "enum":[

diff --git a/models/apis/acm-pca/2017-08-22/docs-2.json b/models/apis/acm-pca/2017-08-22/docs-2.json
@@ -506,7 +506,7 @@
       "base": null,
       "refs": {
         "CertificateAuthority$KeyStorageSecurityStandard": "<p>Defines a cryptographic key management compliance standard used for handling CA keys. </p> <p>Default: FIPS_140_2_LEVEL_3_OR_HIGHER</p> <p>Note: AWS Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an <code>InvalidArgsException</code> with the message \"A certificate authority cannot be created in this region with the specified security standard.\"</p>",
-        "CreateCertificateAuthorityRequest$KeyStorageSecurityStandard": "<p>Specifies a cryptographic key management compliance standard used for handling CA keys.</p> <p>Default: FIPS_140_2_LEVEL_3_OR_HIGHER</p> <p>Note: AWS Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an <code>InvalidArgsException</code> with the message \"A certificate authority cannot be created in this region with the specified security standard.\"</p>"
+        "CreateCertificateAuthorityRequest$KeyStorageSecurityStandard": "<p>Specifies a cryptographic key management compliance standard used for handling CA keys.</p> <p>Default: FIPS_140_2_LEVEL_3_OR_HIGHER</p> <p>Note: <code>FIPS_140_2_LEVEL_3_OR_HIGHER</code> is not supported in Region ap-northeast-3. When creating a CA in the ap-northeast-3, you must provide <code>FIPS_140_2_LEVEL_2_OR_HIGHER</code> as the argument for <code>KeyStorageSecurityStandard</code>. Failure to do this results in an <code>InvalidArgsException</code> with the message, \"A certificate authority cannot be created in this region with the specified security standard.\"</p>"
       }
     },
     "KeyUsage": {
@@ -727,6 +727,12 @@
         "DescribeCertificateAuthorityAuditReportResponse$S3Key": "<p>S3 <b>key</b> that uniquely identifies the report file in your S3 bucket.</p>"
       }
     },
+    "S3ObjectAcl": {
+      "base": null,
+      "refs": {
+        "CrlConfiguration$S3ObjectAcl": "<p>Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access. </p> <p>If no value is specified, the default is <code>PUBLIC_READ</code>.</p> <p> <i>Note:</i> This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as <code>BUCKET_OWNER_FULL_CONTROL</code>, and not doing so results in an error. If you have disabled BPA in S3, then you can specify either <code>BUCKET_OWNER_FULL_CONTROL</code> or <code>PUBLIC_READ</code> as the value.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa\">Blocking public access to the S3 bucket</a>.</p>"
+      }
+    },
     "SigningAlgorithm": {
       "base": null,
       "refs": {
@@ -807,7 +813,7 @@
     "String3To255": {
       "base": null,
       "refs": {
-        "CrlConfiguration$S3BucketName": "<p>Name of the S3 bucket that contains the CRL. If you do not provide a value for the <b>CustomCname</b> argument, the name of your S3 bucket is placed into the <b>CRL Distribution Points</b> extension of the issued certificate. You can change the name of your bucket by calling the <a href=\"https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html\">UpdateCertificateAuthority</a> action. You must specify a bucket policy that allows ACM Private CA to write the CRL to your bucket.</p>"
+        "CrlConfiguration$S3BucketName": "<p>Name of the S3 bucket that contains the CRL. If you do not provide a value for the <b>CustomCname</b> argument, the name of your S3 bucket is placed into the <b>CRL Distribution Points</b> extension of the issued certificate. You can change the name of your bucket by calling the <a href=\"https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html\">UpdateCertificateAuthority</a> action. You must specify a <a href=\"https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies\">bucket policy</a> that allows ACM Private CA to write the CRL to your bucket.</p>"
       }
     },
     "String40": {

diff --git a/models/apis/cloudfront/2020-05-31/docs-2.json b/models/apis/cloudfront/2020-05-31/docs-2.json
@@ -2942,7 +2942,7 @@
         "CloudFrontOriginAccessIdentity$S3CanonicalUserId": "<p>The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3. </p>",
         "CloudFrontOriginAccessIdentityAlreadyExists$Message": null,
         "CloudFrontOriginAccessIdentityConfig$CallerReference": "<p>A unique value (for example, a date-time stamp) that ensures that the request can't be replayed.</p> <p>If the value of <code>CallerReference</code> is new (regardless of the content of the <code>CloudFrontOriginAccessIdentityConfig</code> object), a new origin access identity is created.</p> <p>If the <code>CallerReference</code> is a value already sent in a previous identity request, and the content of the <code>CloudFrontOriginAccessIdentityConfig</code> is identical to the original request (ignoring white space), the response includes the same information returned to the original request. </p> <p>If the <code>CallerReference</code> is a value you already sent in a previous request to create an identity, but the content of the <code>CloudFrontOriginAccessIdentityConfig</code> is different from the original request, CloudFront returns a <code>CloudFrontOriginAccessIdentityAlreadyExists</code> error. </p>",
-        "CloudFrontOriginAccessIdentityConfig$Comment": "<p>An optional comment to describe the origin access identity. The comment cannot be longer than 128 characters.</p>",
+        "CloudFrontOriginAccessIdentityConfig$Comment": "<p>A comment to describe the origin access identity. The comment cannot be longer than 128 characters.</p>",
         "CloudFrontOriginAccessIdentityInUse$Message": null,
         "CloudFrontOriginAccessIdentityList$Marker": "<p>Use this when paginating results to indicate where to begin in your list of origin access identities. The results include identities in the list that occur after the marker. To get the next page of results, set the <code>Marker</code> to the value of the <code>NextMarker</code> from the current page's response (which is also the ID of the last identity on that page). </p>",
         "CloudFrontOriginAccessIdentityList$NextMarker": "<p>If <code>IsTruncated</code> is <code>true</code>, this element is present and contains the value you can use for the <code>Marker</code> request parameter to continue listing your origin access identities where they left off. </p>",