<p>This API reference provides descriptions, syntax, and other details about each of the actions and data types for Migration Hub Strategy Recommendations (Strategy Recommendations). The topic for each action shows the API request parameters and the response. Alternatively, you can use one of the AWS SDKs to access an API that is tailored to the programming language or platform that you're using. For more information, see <a href="http://aws.amazon.com/tools/#SDKs">AWS SDKs</a>.</p> This API reference provides descriptions, syntax, and other details about each of the actions and data types for Migration Hub Strategy Recommendations (Strategy Recommendations). The topic for each action shows the API request parameters and the response. Alternatively, you can use one of the AWS SDKs to access an API that is tailored to the programming language or platform that you're using. For more information, see AWS SDKs.
", "operations": { "GetApplicationComponentDetails": "Retrieves details about an application component.
", "GetApplicationComponentStrategies": "Retrieves a list of all the recommended strategies and tools for an application component running on a server.
", @@ -26,13 +26,44 @@ }, "shapes": { "AccessDeniedException": { - "base": "The AWS user account does not have permission to perform the action. Check the AWS Identity and Access Management (IAM) policy associated with this account.
", + "base": "The user does not have permission to perform the action. Check the AWS Identity and Access Management (IAM) policy associated with this user.
", "refs": { } }, + "AnalysisStatusUnion": { + "base": "A combination of existing analysis statuses.
", + "refs": { + "Result$analysisStatus": "The error in server analysis.
" + } + }, + "AnalysisType": { + "base": null, + "refs": { + "Result$analysisType": "The error in server analysis.
" + } + }, + "AnalyzerNameUnion": { + "base": "The combination of the existing analyzers.
", + "refs": { + "AntipatternReportResult$analyzerName": "The analyzer name.
" + } + }, + "AntipatternReportResult": { + "base": "The anti-pattern report result.
", + "refs": { + "AntipatternReportResultList$member": null + } + }, + "AntipatternReportResultList": { + "base": null, + "refs": { + "Result$antipatternReportResultList": "The error in server analysis.
" + } + }, "AntipatternReportStatus": { "base": null, "refs": { + "AntipatternReportResult$antipatternReportStatus": "The status of the anti-pattern report generation.
", "ApplicationComponentDetail$antipatternReportStatus": "The status of the anti-pattern report generation.
", "AssessmentSummary$antipatternReportStatus": "The status of the anti-pattern report.
", "ServerDetail$antipatternReportStatus": "The status of the anti-pattern report generation.
" @@ -219,6 +250,12 @@ "AwsManagedResources$targetDestination": "The choice of application destination that you specify.
" } }, + "BinaryAnalyzerName": { + "base": null, + "refs": { + "AnalyzerNameUnion$binaryAnalyzerName": "The binary analyzer names.
" + } + }, "Boolean": { "base": null, "refs": { @@ -862,6 +899,24 @@ "ApplicationComponentDetail$resourceSubType": "The application component subtype.
" } }, + "Result": { + "base": "The error in server analysis.
", + "refs": { + "ResultList$member": null + } + }, + "ResultList": { + "base": null, + "refs": { + "ApplicationComponentDetail$resultList": "A list of the analysis results.
" + } + }, + "RunTimeAnalyzerName": { + "base": null, + "refs": { + "AnalyzerNameUnion$runTimeAnalyzerName": "The assessment analyzer names.
" + } + }, "RunTimeAssessmentStatus": { "base": null, "refs": { @@ -872,6 +927,7 @@ "RuntimeAnalysisStatus": { "base": null, "refs": { + "AnalysisStatusUnion$runtimeAnalysisStatus": "The status of the analysis.
", "ApplicationComponentDetail$runtimeStatus": "The status of the application unit.
" } }, @@ -896,6 +952,7 @@ "S3Object": { "base": "Contains the S3 bucket name and the Amazon S3 key name.
", "refs": { + "AntipatternReportResult$antiPatternReportS3Object": null, "ApplicationComponentDetail$antipatternReportS3Object": "The S3 bucket name and the Amazon S3 key name for the anti-pattern report.
", "AssessmentSummary$antipatternReportS3Object": "The Amazon S3 object containing the anti-pattern report.
", "ServerDetail$antipatternReportS3Object": "The S3 bucket name and Amazon S3 key name for anti-pattern report.
" @@ -1024,6 +1081,12 @@ "SourceCodeList$member": null } }, + "SourceCodeAnalyzerName": { + "base": null, + "refs": { + "AnalyzerNameUnion$sourceCodeAnalyzerName": "The source code analyzer names.
" + } + }, "SourceCodeList": { "base": null, "refs": { @@ -1051,6 +1114,7 @@ "SrcCodeOrDbAnalysisStatus": { "base": null, "refs": { + "AnalysisStatusUnion$srcCodeOrDbAnalysisStatus": "The status of the source code or database analysis.
", "ApplicationComponentDetail$analysisStatus": "The status of analysis, if the application component has source code or an associated database.
", "ApplicationComponentStatusSummary$srcCodeOrDbAnalysisStatus": "The status of database analysis.
" } @@ -1112,10 +1176,12 @@ "StatusMessage": { "base": null, "refs": { + "AntipatternReportResult$antipatternReportStatusMessage": "The status message for the anti-pattern.
", "ApplicationComponentDetail$antipatternReportStatusMessage": "The status message for the anti-pattern.
", "ApplicationComponentDetail$runtimeStatusMessage": "The status message for the application unit.
", "ApplicationComponentDetail$statusMessage": "A detailed description of the analysis status and any failure message.
", "AssessmentSummary$antipatternReportStatusMessage": "The status message of the anti-pattern report.
", + "Result$statusMessage": "The error in server analysis.
", "ServerDetail$antipatternReportStatusMessage": "A message about the status of the anti-pattern report generation.
", "ServerDetail$statusMessage": "A message about the status of data collection, which contains detailed descriptions of any error messages.
" } diff --git a/models/apis/migrationhubstrategy/2020-02-19/endpoint-tests-1.json b/models/apis/migrationhubstrategy/2020-02-19/endpoint-tests-1.json index 26060e5e0fe..bca07ef21bd 100644 --- a/models/apis/migrationhubstrategy/2020-02-19/endpoint-tests-1.json +++ b/models/apis/migrationhubstrategy/2020-02-19/endpoint-tests-1.json @@ -9,8 +9,8 @@ }, "params": { "Region": "ap-northeast-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -22,8 +22,8 @@ }, "params": { "Region": "ap-southeast-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -35,8 +35,8 @@ }, "params": { "Region": "eu-central-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -48,8 +48,8 @@ }, "params": { "Region": "eu-west-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -61,8 +61,8 @@ }, "params": { "Region": "eu-west-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -74,8 +74,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -87,8 +87,8 @@ }, "params": { "Region": "us-west-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -100,8 +100,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -113,8 +113,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -126,8 +126,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -139,8 +139,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -152,8 +152,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -165,8 +165,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -178,8 +178,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -191,8 +191,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -204,8 +204,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -217,8 +217,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -230,8 +230,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -243,8 +243,8 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -256,8 +256,8 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -269,8 +269,8 @@ }, "params": { "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -282,8 +282,8 @@ }, "params": { "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -295,8 +295,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -308,8 +308,8 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -320,8 +320,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -332,8 +332,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } } diff --git a/models/apis/s3control/2018-08-20/api-2.json b/models/apis/s3control/2018-08-20/api-2.json index e7b4e3de330..18a7745fe47 100644 --- a/models/apis/s3control/2018-08-20/api-2.json +++ b/models/apis/s3control/2018-08-20/api-2.json @@ -1336,7 +1336,8 @@ "CreateAccessPointForObjectLambdaResult":{ "type":"structure", "members":{ - "ObjectLambdaAccessPointArn":{"shape":"ObjectLambdaAccessPointArn"} + "ObjectLambdaAccessPointArn":{"shape":"ObjectLambdaAccessPointArn"}, + "Alias":{"shape":"ObjectLambdaAccessPointAlias"} } }, "CreateAccessPointRequest":{ @@ -2082,7 +2083,8 @@ "members":{ "Name":{"shape":"ObjectLambdaAccessPointName"}, "PublicAccessBlockConfiguration":{"shape":"PublicAccessBlockConfiguration"}, - "CreationDate":{"shape":"CreationDate"} + "CreationDate":{"shape":"CreationDate"}, + "Alias":{"shape":"ObjectLambdaAccessPointAlias"} } }, "GetAccessPointPolicyForObjectLambdaRequest":{ @@ -3510,9 +3512,32 @@ "required":["Name"], "members":{ "Name":{"shape":"ObjectLambdaAccessPointName"}, - "ObjectLambdaAccessPointArn":{"shape":"ObjectLambdaAccessPointArn"} + "ObjectLambdaAccessPointArn":{"shape":"ObjectLambdaAccessPointArn"}, + "Alias":{"shape":"ObjectLambdaAccessPointAlias"} } }, + "ObjectLambdaAccessPointAlias":{ + "type":"structure", + "members":{ + "Value":{"shape":"ObjectLambdaAccessPointAliasValue"}, + "Status":{"shape":"ObjectLambdaAccessPointAliasStatus"} + } + }, + "ObjectLambdaAccessPointAliasStatus":{ + "type":"string", + "enum":[ + "PROVISIONING", + "READY" + ], + "max":16, + "min":2 + }, + "ObjectLambdaAccessPointAliasValue":{ + "type":"string", + "max":63, + "min":3, + "pattern":"^[0-9a-z\\\\-]{3,63}" + }, "ObjectLambdaAccessPointArn":{ "type":"string", "max":2048, diff --git a/models/apis/s3control/2018-08-20/docs-2.json b/models/apis/s3control/2018-08-20/docs-2.json index 3d05c24096e..8a27d4dcde0 100644 --- a/models/apis/s3control/2018-08-20/docs-2.json +++ b/models/apis/s3control/2018-08-20/docs-2.json @@ -14,7 +14,7 @@ "DeleteBucket": "This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.
Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
Related Resources
", "DeleteBucketLifecycleConfiguration": "This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.
Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
To use this action, you must have permission to perform the s3-outposts:DeleteLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions.
Related actions include:
", "DeleteBucketPolicy": "This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy:
This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.
Deletes the replication configuration from the specified S3 on Outposts bucket.
To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For information about S3 replication on Outposts configuration, see Replicating objects for Amazon Web Services Outposts in the Amazon S3 User Guide.
The following operations are related to DeleteBucketReplication:
This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.
Deletes the replication configuration from the specified S3 on Outposts bucket.
To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
The following operations are related to DeleteBucketReplication:
This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.
Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging:
Removes the entire tag set from the specified S3 Batch Operations job. To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
Related actions include:
", "DeleteMultiRegionAccessPoint": "Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.
The following actions are related to DeleteMultiRegionAccessPoint:
Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
The following actions are related to GetBucket for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.
Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.
To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
GetBucketLifecycleConfiguration has the following special error:
Error code: NoSuchLifecycleConfiguration
Description: The lifecycle configuration does not exist.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
The following actions are related to GetBucketLifecycleConfiguration:
This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.
Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.
Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy:
This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.
Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for Amazon Web Services Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
The following operations are related to GetBucketReplication:
This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.
Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
The following operations are related to GetBucketReplication:
This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.
Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging has the following special error:
Error code: NoSuchTagSetError
Description: There is no tag set associated with the bucket.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging:
This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.
Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning request does not return a versioning state value.
For more information about versioning, see Versioning in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to GetBucketVersioning for S3 on Outposts.
Returns the tags on an S3 Batch Operations job. To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
Related actions include:
", @@ -55,9 +55,9 @@ "PutAccessPointPolicyForObjectLambda": "Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.
The following actions are related to PutAccessPointPolicyForObjectLambda:
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.
Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketLifecycleConfiguration:
This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.
Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.
If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketPolicy:
This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.
Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for Amazon Web Services Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
Specify the replication configuration in the request body. In the replication configuration, you provide the following information:
The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects
The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf
Other relevant information, such as replication rules
A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.
To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.
Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
Handling Replication of Encrypted Objects
Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.
Permissions
To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.
To perform this operation, the user or role must also have the iam:PassRole permission.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketReplication:
This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.
Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
Specify the replication configuration in the request body. In the replication configuration, you provide the following information:
The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects
The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf
Other relevant information, such as replication rules
A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.
To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.
Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
Handling Replication of Encrypted Objects
Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.
Permissions
To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.
To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketReplication:
This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.
Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.
Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags.
To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.
PutBucketTagging has the following special errors:
Error code: InvalidTagError
Description: The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For information about tag restrictions, see User-Defined Tag Restrictions and Amazon Web Services-Generated Cost Allocation Tag Restrictions.
Error code: MalformedXMLError
Description: The XML provided does not match the schema.
Error code: OperationAbortedError
Description: A conflicting conditional action is currently in progress against this resource. Try again.
Error code: InternalError
Description: The service was unable to apply the provided tag to the bucket.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketTagging:
This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.
Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
You can set the versioning state to one of the following:
Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.
Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.
If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.
When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.
If you have an object expiration lifecycle policy in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle policy will manage the deletions of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketVersioning for S3 on Outposts.
This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.
Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
You can set the versioning state to one of the following:
Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.
Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.
If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.
When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.
If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketVersioning for S3 on Outposts.
Sets the supplied tag-set on an S3 Batch Operations job.
A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this action to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.
For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.
A few things to consider about using tags:
Amazon S3 limits the maximum number of tags to 50 tags per job.
You can associate up to 50 tags with a job as long as they have unique tag keys.
A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.
The key and values are case sensitive.
For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.
Related actions include:
", "PutMultiRegionAccessPointPolicy": "Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to PutMultiRegionAccessPointPolicy:
Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see Using Amazon S3 block public access.
Related actions include:
", @@ -71,7 +71,7 @@ "AbortIncompleteMultipartUpload": { "base": "The container for abort incomplete multipart upload
", "refs": { - "LifecycleRule$AbortIncompleteMultipartUpload": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the Amazon S3 User Guide.
" + "LifecycleRule$AbortIncompleteMultipartUpload": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the Amazon S3 User Guide.
" } }, "AccessControlTranslation": { @@ -1664,6 +1664,26 @@ "ObjectLambdaAccessPointList$member": null } }, + "ObjectLambdaAccessPointAlias": { + "base": "The alias of an Object Lambda Access Point. For more information, see How to use a bucket-style alias for your S3 bucket Object Lambda Access Point.
", + "refs": { + "CreateAccessPointForObjectLambdaResult$Alias": "The alias of the Object Lambda Access Point.
", + "GetAccessPointForObjectLambdaResult$Alias": "The alias of the Object Lambda Access Point.
", + "ObjectLambdaAccessPoint$Alias": "The alias of the Object Lambda Access Point.
" + } + }, + "ObjectLambdaAccessPointAliasStatus": { + "base": null, + "refs": { + "ObjectLambdaAccessPointAlias$Status": "The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.
The alias value of the Object Lambda Access Point.
" + } + }, "ObjectLambdaAccessPointArn": { "base": null, "refs": { @@ -1840,7 +1860,7 @@ "Priority": { "base": null, "refs": { - "ReplicationRule$Priority": "The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.
For more information, see Creating replication rules between Outposts in the Amazon S3 User Guide.
" + "ReplicationRule$Priority": "The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.
For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide.
" } }, "ProposedMultiRegionAccessPointPolicy": { diff --git a/models/apis/securitylake/2018-05-10/api-2.json b/models/apis/securitylake/2018-05-10/api-2.json index 73e1bd3a572..90f4c1a0b9e 100644 --- a/models/apis/securitylake/2018-05-10/api-2.json +++ b/models/apis/securitylake/2018-05-10/api-2.json @@ -544,6 +544,7 @@ "type":"structure", "required":["message"], "members":{ + "errorCode":{"shape":"String"}, "message":{"shape":"String"} }, "error":{ @@ -835,6 +836,8 @@ "type":"structure", "required":["subscriptionId"], "members":{ + "resourceShareArn":{"shape":"ResourceShareArn"}, + "resourceShareName":{"shape":"ResourceShareName"}, "roleArn":{"shape":"RoleArn"}, "s3BucketArn":{"shape":"S3BucketArn"}, "snsArn":{"shape":"SnsTopicArn"}, @@ -1200,7 +1203,8 @@ "retentionSettings":{"shape":"RetentionSettingList"}, "s3BucketArn":{"shape":"S3BucketArn"}, "status":{"shape":"settingsStatus"}, - "tagsMap":{"shape":"TagsMap"} + "tagsMap":{"shape":"TagsMap"}, + "updateStatus":{"shape":"UpdateStatus"} } }, "LakeConfigurationResponseMap":{ @@ -1208,6 +1212,13 @@ "key":{"shape":"Region"}, "value":{"shape":"LakeConfigurationResponse"} }, + "LastUpdateFailure":{ + "type":"structure", + "members":{ + "code":{"shape":"String"}, + "reason":{"shape":"String"} + } + }, "ListDatalakeExceptionsRequest":{ "type":"structure", "members":{ @@ -1368,6 +1379,11 @@ }, "exception":true }, + "ResourceShareArn":{"type":"string"}, + "ResourceShareName":{ + "type":"string", + "pattern":"^LakeFormation(?:-V[0-9]+)-([a-zA-Z0-9]+)-([\\\\\\w\\-_:/.@=+]*)$" + }, "RetentionSetting":{ "type":"structure", "members":{ @@ -1477,6 +1493,8 @@ "accountId":{"shape":"AwsAccountId"}, "createdAt":{"shape":"SyntheticTimestamp_date_time"}, "externalId":{"shape":"SafeString"}, + "resourceShareArn":{"shape":"ResourceShareArn"}, + "resourceShareName":{"shape":"ResourceShareName"}, "roleArn":{"shape":"RoleArn"}, "s3BucketArn":{"shape":"S3BucketArn"}, "snsArn":{"shape":"SnsTopicArn"}, @@ -1596,6 +1614,14 @@ "members":{ } }, + "UpdateStatus":{ + "type":"structure", + "members":{ + "lastUpdateFailure":{"shape":"LastUpdateFailure"}, + "lastUpdateRequestId":{"shape":"String"}, + "lastUpdateStatus":{"shape":"settingsStatus"} + } + }, "UpdateSubscriberRequest":{ "type":"structure", "required":[ diff --git a/models/apis/securitylake/2018-05-10/docs-2.json b/models/apis/securitylake/2018-05-10/docs-2.json index 709321aaa2f..67cbb2ecb69 100644 --- a/models/apis/securitylake/2018-05-10/docs-2.json +++ b/models/apis/securitylake/2018-05-10/docs-2.json @@ -9,11 +9,11 @@ "CreateDatalakeDelegatedAdmin": "Designates the Amazon Security Lake delegated administrator account for the organization. This API can only be called by the organization management account. The organization management account cannot be the delegated administrator account.
", "CreateDatalakeExceptionsSubscription": "Creates the specified notification subscription in Amazon Security Lake for the organization you specify.
", "CreateSubscriber": "Creates a subscription permission for accounts that are already enabled in Amazon Security Lake. You can create a subscriber with access to data in the current Amazon Web Services Region.
", - "CreateSubscriptionNotificationConfiguration": "Notifies the subscriber when new data is written to the data lake for the sources that the subscriber consumes in Security Lake.
", + "CreateSubscriptionNotificationConfiguration": "Notifies the subscriber when new data is written to the data lake for the sources that the subscriber consumes in Security Lake. You can create only one subscriber notification per subscriber.
", "DeleteAwsLogSource": "Removes a natively supported Amazon Web Service as an Amazon Security Lake source. When you remove the source, Security Lake stops collecting data from that source, and subscribers can no longer consume new data from the source. Subscribers can still consume data that Security Lake collected from the source before disablement.
You can choose any source type in any Amazon Web Services Region for either accounts that are part of a trusted organization or standalone accounts. At least one of the three dimensions is a mandatory input to this API. However, you can supply any combination of the three dimensions to this API.
By default, a dimension refers to the entire set. This is overridden when you supply any one of the inputs. For instance, when you do not specify members, the API disables all Security Lake member accounts for sources. Similarly, when you do not specify Regions, Security Lake is disabled for all the Regions where Security Lake is available as a service.
When you don't provide a dimension, Security Lake assumes that the missing dimension refers to the entire set. For example, if you don't provide specific accounts, the API applies to the entire set of accounts in your organization.
", "DeleteCustomLogSource": "Removes a custom log source from Amazon Security Lake.
", "DeleteDatalake": "When you delete Amazon Security Lake from your account, Security Lake is disabled in all Amazon Web Services Regions. Also, this API automatically takes steps to remove the account from Security Lake .
This operation disables security data collection from sources, deletes data stored, and stops making data accessible to subscribers. Security Lake also deletes all the existing settings and resources that it stores or maintains for your Amazon Web Services account in the current Region, including security log and event data. The DeleteDatalake operation does not delete the Amazon S3 bucket, which is owned by your Amazon Web Services account. For more information, see the Amazon Security Lake User Guide.
Automatically deletes Amazon Security Lake to stop collecting security data. When you delete Amazon Security Lake from your account, Security Lake is disabled in all Regions. Also, this API automatically takes steps to remove the account from Security Lake .
This operation disables security data collection from sources, deletes data stored, and stops making data accessible to subscribers. Security Lake also deletes all the existing settings and resources that it stores or maintains for your Amazon Web Services account in the current Region, including security log and event data. The DeleteDatalake operation does not delete the Amazon S3 bucket, which is owned by your Amazon Web Services account. For more information, see the Amazon Security Lake User Guide.
DeleteDatalakeAutoEnable removes automatic enablement of configuration settings for new member accounts (but keeps settings for the delegated administrator) from Amazon Security Lake. You must run this API using credentials of the delegated administrator. When you run this API, new member accounts that are added after the organization enables Security Lake won't contribute to the data lake.
Deletes the Amazon Security Lake delegated administrator account for the organization. This API can only be called by the organization management account. The organization management account cannot be the delegated administrator account.
", "DeleteDatalakeExceptionsSubscription": "Deletes the specified notification subscription in Amazon Security Lake for the organization you specify.
", "DeleteSubscriber": "Deletes the subscription permission for accounts that are already enabled in Amazon Security Lake. You can delete a subscriber and remove access to data in the current Amazon Web Services Region.
", @@ -31,7 +31,7 @@ "UpdateDatalakeExceptionsExpiry": "Update the expiration period for the exception message to your preferred time, and control the time-to-live (TTL) for the exception message to remain. Exceptions are stored by default for 2 weeks from when a record was created in Amazon Security Lake.
", "UpdateDatalakeExceptionsSubscription": "Updates the specified notification subscription in Amazon Security Lake for the organization you specify.
", "UpdateSubscriber": "Updates an existing subscription for the given Amazon Security Lake account ID. You can update a subscriber by changing the sources that the subscriber consumes data from.
", - "UpdateSubscriptionNotificationConfiguration": "Creates a new subscription notification or adds the existing subscription notification setting for the specified subscription ID.
" + "UpdateSubscriptionNotificationConfiguration": "Updates an existing notification method for the subscription (SQS or HTTPs endpoint) or switches the notification subscription endpoint for a subscriber.
" }, "shapes": { "AccessDeniedException": { @@ -97,7 +97,7 @@ "base": null, "refs": { "CreateDatalakeAutoEnableRequest$configurationForNewAccounts": "Enable Security Lake with the specified configuration settings to begin collecting security data for new accounts in your organization.
", - "DeleteDatalakeAutoEnableRequest$removeFromConfigurationForNewAccounts": "Delete Amazon Security Lake with the specified configuration settings to stop ingesting security data for new accounts in Security Lake.
", + "DeleteDatalakeAutoEnableRequest$removeFromConfigurationForNewAccounts": "Remove automatic enablement of configuration settings for new member accounts in Security Lake.
", "GetDatalakeAutoEnableResponse$autoEnableNewAccounts": "The configuration for new accounts.
" } }, @@ -512,6 +512,12 @@ "GetDatalakeResponse$configurations": "Retrieves the Security Lake configuration object.
" } }, + "LastUpdateFailure": { + "base": "The details of the last UpdateDatalake or DeleteDatalake API request which failed.
The details of the last UpdateDatalakeor DeleteDatalake API request which failed.
The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before accepting the RAM resource share invitation, you can view details related to the RAM resource share.
", + "SubscriberResource$resourceShareArn": "The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before accepting the RAM resource share invitation, you can view details related to the RAM resource share.
This field is available only for Lake Formation subscribers created after March 8, 2023.
" + } + }, + "ResourceShareName": { + "base": null, + "refs": { + "CreateSubscriberResponse$resourceShareName": "The name of the resource share.
", + "SubscriberResource$resourceShareName": "The name of the resource share.
" + } + }, "RetentionSetting": { "base": "Retention settings for the destination Amazon S3 buckets in Amazon Security Lake.
", "refs": { @@ -626,12 +646,12 @@ "refs": { "CreateCustomLogSourceRequest$glueInvocationRoleArn": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role to be used by the Glue crawler. The recommended IAM policies are:
The managed policy AWSGlueServiceRole
A custom policy granting access to your Amazon S3 Data Lake
The Amazon Resource Name (ARN) used to create and update the Glue table. This table contains partitions generated by the ingestion and normalization of Amazon Web Services log sources and custom sources.
", - "CreateSubscriberResponse$roleArn": "The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see IAM identifiers in the Identity and Access Management (IAM) User Guide. .
", - "CreateSubscriptionNotificationConfigurationRequest$roleArn": "The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you created.
", + "CreateSubscriberResponse$roleArn": "The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see Amazon Security Lake User Guide.
", + "CreateSubscriptionNotificationConfigurationRequest$roleArn": "The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you created. For more information about ARNs and how to use them in policies, see Managing data access and Amazon Web Services Managed Policies in the Amazon Security Lake User Guide.
", "LakeConfigurationRequest$replicationRoleArn": "Replication settings for the Amazon S3 buckets. This parameter uses the Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
", "LakeConfigurationResponse$replicationRoleArn": "Replication settings for the Amazon S3 buckets. This parameter uses the IAM role you created that is managed by Security Lake, to ensure the replication setting is correct.
", "SubscriberResource$roleArn": "The Amazon Resource Name (ARN) specifying the role of the subscriber.
", - "UpdateSubscriptionNotificationConfigurationRequest$roleArn": "The Amazon Resource Name (ARN) specifying the role of the subscriber.
" + "UpdateSubscriptionNotificationConfigurationRequest$roleArn": "The Amazon Resource Name (ARN) specifying the role of the subscriber. For more information about ARNs and how to use them in policies, see, see the Managing data access and Amazon Web Services Managed Policiesin the Amazon Security Lake User Guide.
" } }, "S3BucketArn": { @@ -716,6 +736,7 @@ "String": { "base": null, "refs": { + "AccessDeniedException$errorCode": "A coded string to provide more information about the access denied exception. You can use the error code to check the exception type.
", "AccessDeniedException$message": null, "AccountList$member": null, "AccountNotFoundException$message": null, @@ -745,6 +766,8 @@ "InvalidInputException$message": null, "LakeConfigurationRequest$encryptionKey": "The type of encryption key used by Amazon Security Lake to encrypt the Security Lake configuration object.
", "LakeConfigurationResponse$encryptionKey": "The type of encryption key used by secure the Security Lake configuration object.
", + "LastUpdateFailure$code": "The reason code for the failure of the last UpdateDatalake or DeleteDatalake API request.
The reason for the failure of the last UpdateDatalakeor DeleteDatalake API request.
If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
", "ListSubscribersRequest$nextToken": "If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
", "ListSubscribersResponse$nextToken": "If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
", @@ -765,6 +788,7 @@ "ThrottlingException$quotaCode": "That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
", "ThrottlingException$serviceCode": "The code for the service in Service Quotas.
", "TwoDimensionsMap$key": null, + "UpdateStatus$lastUpdateRequestId": "The unique ID for the UpdateDatalake or DeleteDatalake API request.
A value created by Security Lake that uniquely identifies your subscription.
", "UpdateSubscriptionNotificationConfigurationRequest$httpsApiKeyName": "The key name for the subscription notification.
", "UpdateSubscriptionNotificationConfigurationRequest$httpsApiKeyValue": "The key value for the subscription notification.
", @@ -834,7 +858,7 @@ "base": null, "refs": { "CreateSubscriberResponse$subscriptionId": "The subscriptionId created by the CreateSubscriber API call.
The subscription ID for the notification subscription/
", + "CreateSubscriptionNotificationConfigurationRequest$subscriptionId": "The subscription ID for the notification subscription.
", "DeleteSubscriptionNotificationConfigurationRequest$subscriptionId": "The ID of the Security Lake subscriber account.
", "SubscriberResource$subscriptionId": "The subscription ID of the Amazon Security Lake subscriber account.
", "UpdateSubscriptionNotificationConfigurationRequest$subscriptionId": "The subscription ID for which the subscription notification is specified.
" @@ -876,6 +900,12 @@ "refs": { } }, + "UpdateStatus": { + "base": "The status of the last UpdateDatalake or DeleteDatalake API request. This is set to Completed after the configuration is updated, or removed if deletion of the data lake is successful.
The status of the last UpdateDatalake or DeleteDatalake API request.
Retrieves the status of the configuration operation for an account in Amazon Security Lake.
" + "LakeConfigurationResponse$status": "Retrieves the status of the configuration operation for an account in Amazon Security Lake.
", + "UpdateStatus$lastUpdateStatus": "The status of the last UpdateDatalake or DeleteDatalake API request that was requested.
This API reference provides descriptions, syntax, and other details -// about each of the actions and data types for Migration Hub Strategy Recommendations -// (Strategy Recommendations). The topic for each action shows the API request -// parameters and the response. Alternatively, you can use one of the AWS -// SDKs to access an API that is tailored to the programming language or -// platform that you're using. For more information, see AWS -// SDKs.
+// This API reference provides descriptions, syntax, and other details about +// each of the actions and data types for Migration Hub Strategy Recommendations +// (Strategy Recommendations). The topic for each action shows the API request +// parameters and the response. Alternatively, you can use one of the AWS SDKs +// to access an API that is tailored to the programming language or platform +// that you're using. For more information, see AWS SDKs (http://aws.amazon.com/tools/#SDKs). // // See https://docs.aws.amazon.com/goto/WebAPI/migrationhubstrategy-2020-02-19 for more information on this service. // diff --git a/service/migrationhubstrategyrecommendations/errors.go b/service/migrationhubstrategyrecommendations/errors.go index 762a05c8d31..9c749043118 100644 --- a/service/migrationhubstrategyrecommendations/errors.go +++ b/service/migrationhubstrategyrecommendations/errors.go @@ -11,9 +11,8 @@ const ( // ErrCodeAccessDeniedException for service response error code // "AccessDeniedException". // - // The AWS user account does not have permission to perform the action. Check - // the AWS Identity and Access Management (IAM) policy associated with this - // account. + // The user does not have permission to perform the action. Check the AWS Identity + // and Access Management (IAM) policy associated with this user. ErrCodeAccessDeniedException = "AccessDeniedException" // ErrCodeConflictException for service response error code diff --git a/service/s3control/api.go b/service/s3control/api.go index 9f34802f9eb..195f14306f9 100644 --- a/service/s3control/api.go +++ b/service/s3control/api.go @@ -1293,7 +1293,7 @@ func (c *S3Control) DeleteBucketReplicationRequest(input *DeleteBucketReplicatio // section. // // For information about S3 replication on Outposts configuration, see Replicating -// objects for Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html) +// objects for S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html) // in the Amazon S3 User Guide. // // The following operations are related to DeleteBucketReplication: @@ -3041,7 +3041,7 @@ func (c *S3Control) GetBucketReplicationRequest(input *GetBucketReplicationInput // Returns the replication configuration of an S3 on Outposts bucket. For more // information about S3 on Outposts, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. For information about S3 replication on Outposts -// configuration, see Replicating objects for Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html) +// configuration, see Replicating objects for S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html) // in the Amazon S3 User Guide. // // It can take a while to propagate PUT or DELETE requests for a replication @@ -5477,7 +5477,7 @@ func (c *S3Control) PutBucketReplicationRequest(input *PutBucketReplicationInput // // Creates a replication configuration or replaces an existing one. For information // about S3 replication on Outposts configuration, see Replicating objects for -// Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/AmazonS3/latest/userguide/S3OutpostsReplication.html) +// S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html) // in the Amazon S3 User Guide. // // It can take a while to propagate PUT or DELETE requests for a replication @@ -5534,16 +5534,16 @@ func (c *S3Control) PutBucketReplicationRequest(input *PutBucketReplicationInput // see Setting up IAM with S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsIAM.html) // and Managing access to S3 on Outposts buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsBucketPolicy.html). // -// To perform this operation, the user or role must also have the iam:PassRole -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html) -// permission. +// To perform this operation, the user or role must also have the iam:CreateRole +// and iam:PassRole permissions. For more information, see Granting a user permissions +// to pass a role to an Amazon Web Services service (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html). // // All Amazon S3 on Outposts REST API requests for this action require an additional // parameter of x-amz-outpost-id to be passed with the request. In addition, // you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. // For an example of the request syntax for Amazon S3 on Outposts that uses // the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived -// by using the access point ARN, see the Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html#API_control_GetBucketLifecycleConfiguration_Examples) +// by using the access point ARN, see the Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html#API_control_PutBucketReplication_Examples) // section. // // The following operations are related to PutBucketReplication: @@ -5799,11 +5799,12 @@ func (c *S3Control) PutBucketVersioningRequest(input *PutBucketVersioningInput) // configuration for your S3 on Outposts bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsLifecycleManaging.html) // in the Amazon S3 User Guide. // -// If you have an object expiration lifecycle policy in your non-versioned bucket -// and you want to maintain the same permanent delete behavior when you enable -// versioning, you must add a noncurrent expiration policy. The noncurrent expiration -// lifecycle policy will manage the deletions of the noncurrent object versions -// in the version-enabled bucket. For more information, see Versioning (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html) +// If you have an object expiration lifecycle configuration in your non-versioned +// bucket and you want to maintain the same permanent delete behavior when you +// enable versioning, you must add a noncurrent expiration policy. The noncurrent +// expiration lifecycle configuration will manage the deletes of the noncurrent +// object versions in the version-enabled bucket. For more information, see +// Versioning (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html) // in the Amazon S3 User Guide. // // All Amazon S3 on Outposts REST API requests for this action require an additional @@ -7565,6 +7566,9 @@ func (s *CreateAccessPointForObjectLambdaInput) hostLabels() map[string]string { type CreateAccessPointForObjectLambdaOutput struct { _ struct{} `type:"structure"` + // The alias of the Object Lambda Access Point. + Alias *ObjectLambdaAccessPointAlias `type:"structure"` + // Specifies the ARN for the Object Lambda Access Point. ObjectLambdaAccessPointArn *string `min:"1" type:"string"` } @@ -7587,6 +7591,12 @@ func (s CreateAccessPointForObjectLambdaOutput) GoString() string { return s.String() } +// SetAlias sets the Alias field's value. +func (s *CreateAccessPointForObjectLambdaOutput) SetAlias(v *ObjectLambdaAccessPointAlias) *CreateAccessPointForObjectLambdaOutput { + s.Alias = v + return s +} + // SetObjectLambdaAccessPointArn sets the ObjectLambdaAccessPointArn field's value. func (s *CreateAccessPointForObjectLambdaOutput) SetObjectLambdaAccessPointArn(v string) *CreateAccessPointForObjectLambdaOutput { s.ObjectLambdaAccessPointArn = &v @@ -11124,6 +11134,9 @@ func (s *GetAccessPointForObjectLambdaInput) hostLabels() map[string]string { type GetAccessPointForObjectLambdaOutput struct { _ struct{} `type:"structure"` + // The alias of the Object Lambda Access Point. + Alias *ObjectLambdaAccessPointAlias `type:"structure"` + // The date and time when the specified Object Lambda Access Point was created. CreationDate *time.Time `type:"timestamp"` @@ -11153,6 +11166,12 @@ func (s GetAccessPointForObjectLambdaOutput) GoString() string { return s.String() } +// SetAlias sets the Alias field's value. +func (s *GetAccessPointForObjectLambdaOutput) SetAlias(v *ObjectLambdaAccessPointAlias) *GetAccessPointForObjectLambdaOutput { + s.Alias = v + return s +} + // SetCreationDate sets the CreationDate field's value. func (s *GetAccessPointForObjectLambdaOutput) SetCreationDate(v time.Time) *GetAccessPointForObjectLambdaOutput { s.CreationDate = &v @@ -14902,7 +14921,7 @@ type LifecycleRule struct { // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 waits before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // in the Amazon S3 User Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` @@ -16551,6 +16570,9 @@ func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersi type ObjectLambdaAccessPoint struct { _ struct{} `type:"structure"` + // The alias of the Object Lambda Access Point. + Alias *ObjectLambdaAccessPointAlias `type:"structure"` + // The name of the Object Lambda Access Point. // // Name is a required field @@ -16578,6 +16600,12 @@ func (s ObjectLambdaAccessPoint) GoString() string { return s.String() } +// SetAlias sets the Alias field's value. +func (s *ObjectLambdaAccessPoint) SetAlias(v *ObjectLambdaAccessPointAlias) *ObjectLambdaAccessPoint { + s.Alias = v + return s +} + // SetName sets the Name field's value. func (s *ObjectLambdaAccessPoint) SetName(v string) *ObjectLambdaAccessPoint { s.Name = &v @@ -16590,6 +16618,52 @@ func (s *ObjectLambdaAccessPoint) SetObjectLambdaAccessPointArn(v string) *Objec return s } +// The alias of an Object Lambda Access Point. For more information, see How +// to use a bucket-style alias for your S3 bucket Object Lambda Access Point +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html#ol-access-points-alias). +type ObjectLambdaAccessPointAlias struct { + _ struct{} `type:"structure"` + + // The status of the Object Lambda Access Point alias. If the status is PROVISIONING, + // the Object Lambda Access Point is provisioning the alias and the alias is + // not ready for use yet. If the status is READY, the Object Lambda Access Point + // alias is successfully provisioned and ready for use. + Status *string `min:"2" type:"string" enum:"ObjectLambdaAccessPointAliasStatus"` + + // The alias value of the Object Lambda Access Point. + Value *string `min:"3" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ObjectLambdaAccessPointAlias) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ObjectLambdaAccessPointAlias) GoString() string { + return s.String() +} + +// SetStatus sets the Status field's value. +func (s *ObjectLambdaAccessPointAlias) SetStatus(v string) *ObjectLambdaAccessPointAlias { + s.Status = &v + return s +} + +// SetValue sets the Value field's value. +func (s *ObjectLambdaAccessPointAlias) SetValue(v string) *ObjectLambdaAccessPointAlias { + s.Value = &v + return s +} + // A configuration used when creating an Object Lambda Access Point. type ObjectLambdaConfiguration struct { _ struct{} `type:"structure"` @@ -19301,7 +19375,7 @@ type ReplicationRule struct { // the rule with the highest priority. The higher the number, the higher the // priority. // - // For more information, see Creating replication rules between Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-between-outposts.html) + // For more information, see Creating replication rules on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-between-outposts.html) // in the Amazon S3 User Guide. Priority *int64 `type:"integer"` @@ -22959,6 +23033,22 @@ func NetworkOrigin_Values() []string { } } +const ( + // ObjectLambdaAccessPointAliasStatusProvisioning is a ObjectLambdaAccessPointAliasStatus enum value + ObjectLambdaAccessPointAliasStatusProvisioning = "PROVISIONING" + + // ObjectLambdaAccessPointAliasStatusReady is a ObjectLambdaAccessPointAliasStatus enum value + ObjectLambdaAccessPointAliasStatusReady = "READY" +) + +// ObjectLambdaAccessPointAliasStatus_Values returns all elements of the ObjectLambdaAccessPointAliasStatus enum +func ObjectLambdaAccessPointAliasStatus_Values() []string { + return []string{ + ObjectLambdaAccessPointAliasStatusProvisioning, + ObjectLambdaAccessPointAliasStatusReady, + } +} + const ( // ObjectLambdaAllowedFeatureGetObjectRange is a ObjectLambdaAllowedFeature enum value ObjectLambdaAllowedFeatureGetObjectRange = "GetObject-Range" diff --git a/service/securitylake/api.go b/service/securitylake/api.go index cb3d0fe68d2..4d774771cf2 100644 --- a/service/securitylake/api.go +++ b/service/securitylake/api.go @@ -821,7 +821,8 @@ func (c *SecurityLake) CreateSubscriptionNotificationConfigurationRequest(input // CreateSubscriptionNotificationConfiguration API operation for Amazon Security Lake. // // Notifies the subscriber when new data is written to the data lake for the -// sources that the subscriber consumes in Security Lake. +// sources that the subscriber consumes in Security Lake. You can create only +// one subscriber notification per subscriber. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1265,18 +1266,12 @@ func (c *SecurityLake) DeleteDatalakeAutoEnableRequest(input *DeleteDatalakeAuto // DeleteDatalakeAutoEnable API operation for Amazon Security Lake. // -// Automatically deletes Amazon Security Lake to stop collecting security data. -// When you delete Amazon Security Lake from your account, Security Lake is -// disabled in all Regions. Also, this API automatically takes steps to remove -// the account from Security Lake . -// -// This operation disables security data collection from sources, deletes data -// stored, and stops making data accessible to subscribers. Security Lake also -// deletes all the existing settings and resources that it stores or maintains -// for your Amazon Web Services account in the current Region, including security -// log and event data. The DeleteDatalake operation does not delete the Amazon -// S3 bucket, which is owned by your Amazon Web Services account. For more information, -// see the Amazon Security Lake User Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/disable-security-lake.html). +// DeleteDatalakeAutoEnable removes automatic enablement of configuration settings +// for new member accounts (but keeps settings for the delegated administrator) +// from Amazon Security Lake. You must run this API using credentials of the +// delegated administrator. When you run this API, new member accounts that +// are added after the organization enables Security Lake won't contribute to +// the data lake. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3299,8 +3294,8 @@ func (c *SecurityLake) UpdateSubscriptionNotificationConfigurationRequest(input // UpdateSubscriptionNotificationConfiguration API operation for Amazon Security Lake. // -// Creates a new subscription notification or adds the existing subscription -// notification setting for the specified subscription ID. +// Updates an existing notification method for the subscription (SQS or HTTPs +// endpoint) or switches the notification subscription endpoint for a subscriber. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3371,6 +3366,10 @@ type AccessDeniedException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // A coded string to provide more information about the access denied exception. + // You can use the error code to check the exception type. + ErrorCode *string `locationName:"errorCode" type:"string"` + Message_ *string `locationName:"message" type:"string"` } @@ -3417,7 +3416,7 @@ func (s *AccessDeniedException) OrigErr() error { } func (s *AccessDeniedException) Error() string { - return fmt.Sprintf("%s: %s", s.Code(), s.Message()) + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) } // Status code returns the HTTP status code for the request's response error. @@ -4713,9 +4712,17 @@ func (s *CreateSubscriberInput) SetSubscriberName(v string) *CreateSubscriberInp type CreateSubscriberOutput struct { _ struct{} `type:"structure"` + // The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource + // share. Before accepting the RAM resource share invitation, you can view details + // related to the RAM resource share. + ResourceShareArn *string `locationName:"resourceShareArn" type:"string"` + + // The name of the resource share. + ResourceShareName *string `locationName:"resourceShareName" type:"string"` + // The Amazon Resource Name (ARN) created by you to provide to the subscriber. - // For more information about ARNs and how to use them in policies, see IAM - // identifiers in the Identity and Access Management (IAM) User Guide (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html). . + // For more information about ARNs and how to use them in policies, see Amazon + // Security Lake User Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html). RoleArn *string `locationName:"roleArn" type:"string"` // The ARN for the Amazon S3 bucket. @@ -4748,6 +4755,18 @@ func (s CreateSubscriberOutput) GoString() string { return s.String() } +// SetResourceShareArn sets the ResourceShareArn field's value. +func (s *CreateSubscriberOutput) SetResourceShareArn(v string) *CreateSubscriberOutput { + s.ResourceShareArn = &v + return s +} + +// SetResourceShareName sets the ResourceShareName field's value. +func (s *CreateSubscriberOutput) SetResourceShareName(v string) *CreateSubscriberOutput { + s.ResourceShareName = &v + return s +} + // SetRoleArn sets the RoleArn field's value. func (s *CreateSubscriberOutput) SetRoleArn(v string) *CreateSubscriberOutput { s.RoleArn = &v @@ -4788,14 +4807,17 @@ type CreateSubscriptionNotificationConfigurationInput struct { HttpsMethod *string `locationName:"httpsMethod" type:"string" enum:"HttpsMethod"` // The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role - // that you created. + // that you created. For more information about ARNs and how to use them in + // policies, see Managing data access (https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html) + // and Amazon Web Services Managed Policies (https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html) + // in the Amazon Security Lake User Guide. RoleArn *string `locationName:"roleArn" type:"string"` // The subscription endpoint in Security Lake. If you prefer notification with // an HTTPs endpoint, populate this field. SubscriptionEndpoint *string `locationName:"subscriptionEndpoint" type:"string"` - // The subscription ID for the notification subscription/ + // The subscription ID for the notification subscription. // // SubscriptionId is a required field SubscriptionId *string `location:"uri" locationName:"subscriptionId" type:"string" required:"true"` @@ -5107,8 +5129,8 @@ func (s *DeleteCustomLogSourceOutput) SetCustomDataLocation(v string) *DeleteCus type DeleteDatalakeAutoEnableInput struct { _ struct{} `type:"structure"` - // Delete Amazon Security Lake with the specified configuration settings to - // stop ingesting security data for new accounts in Security Lake. + // Remove automatic enablement of configuration settings for new member accounts + // in Security Lake. // // RemoveFromConfigurationForNewAccounts is a required field RemoveFromConfigurationForNewAccounts []*AutoEnableNewRegionConfiguration `locationName:"removeFromConfigurationForNewAccounts" type:"list" required:"true"` @@ -6334,6 +6356,9 @@ type LakeConfigurationResponse struct { // A tag is a label that you assign to an Amazon Web Services resource. Each // tag consists of a key and an optional value, both of which you define. TagsMap map[string]*string `locationName:"tagsMap" type:"map"` + + // The status of the last UpdateDatalake or DeleteDatalake API request. + UpdateStatus *UpdateStatus `locationName:"updateStatus" type:"structure"` } // String returns the string representation. @@ -6396,6 +6421,56 @@ func (s *LakeConfigurationResponse) SetTagsMap(v map[string]*string) *LakeConfig return s } +// SetUpdateStatus sets the UpdateStatus field's value. +func (s *LakeConfigurationResponse) SetUpdateStatus(v *UpdateStatus) *LakeConfigurationResponse { + s.UpdateStatus = v + return s +} + +// The details of the last UpdateDatalake or DeleteDatalake API request which +// failed. +type LastUpdateFailure struct { + _ struct{} `type:"structure"` + + // The reason code for the failure of the last UpdateDatalake or DeleteDatalake + // API request. + Code *string `locationName:"code" type:"string"` + + // The reason for the failure of the last UpdateDatalakeor DeleteDatalake API + // request. + Reason *string `locationName:"reason" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LastUpdateFailure) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LastUpdateFailure) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *LastUpdateFailure) SetCode(v string) *LastUpdateFailure { + s.Code = &v + return s +} + +// SetReason sets the Reason field's value. +func (s *LastUpdateFailure) SetReason(v string) *LastUpdateFailure { + s.Reason = &v + return s +} + type ListDatalakeExceptionsInput struct { _ struct{} `type:"structure"` @@ -7156,6 +7231,17 @@ type SubscriberResource struct { // only under specific circumstances. ExternalId *string `locationName:"externalId" type:"string"` + // The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource + // share. Before accepting the RAM resource share invitation, you can view details + // related to the RAM resource share. + // + // This field is available only for Lake Formation subscribers created after + // March 8, 2023. + ResourceShareArn *string `locationName:"resourceShareArn" type:"string"` + + // The name of the resource share. + ResourceShareName *string `locationName:"resourceShareName" type:"string"` + // The Amazon Resource Name (ARN) specifying the role of the subscriber. RoleArn *string `locationName:"roleArn" type:"string"` @@ -7239,6 +7325,18 @@ func (s *SubscriberResource) SetExternalId(v string) *SubscriberResource { return s } +// SetResourceShareArn sets the ResourceShareArn field's value. +func (s *SubscriberResource) SetResourceShareArn(v string) *SubscriberResource { + s.ResourceShareArn = &v + return s +} + +// SetResourceShareName sets the ResourceShareName field's value. +func (s *SubscriberResource) SetResourceShareName(v string) *SubscriberResource { + s.ResourceShareName = &v + return s +} + // SetRoleArn sets the RoleArn field's value. func (s *SubscriberResource) SetRoleArn(v string) *SubscriberResource { s.RoleArn = &v @@ -7610,6 +7708,60 @@ func (s UpdateDatalakeOutput) GoString() string { return s.String() } +// The status of the last UpdateDatalake or DeleteDatalake API request. This +// is set to Completed after the configuration is updated, or removed if deletion +// of the data lake is successful. +type UpdateStatus struct { + _ struct{} `type:"structure"` + + // The details of the last UpdateDatalakeor DeleteDatalake API request which + // failed. + LastUpdateFailure *LastUpdateFailure `locationName:"lastUpdateFailure" type:"structure"` + + // The unique ID for the UpdateDatalake or DeleteDatalake API request. + LastUpdateRequestId *string `locationName:"lastUpdateRequestId" type:"string"` + + // The status of the last UpdateDatalake or DeleteDatalake API request that + // was requested. + LastUpdateStatus *string `locationName:"lastUpdateStatus" type:"string" enum:"SettingsStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateStatus) GoString() string { + return s.String() +} + +// SetLastUpdateFailure sets the LastUpdateFailure field's value. +func (s *UpdateStatus) SetLastUpdateFailure(v *LastUpdateFailure) *UpdateStatus { + s.LastUpdateFailure = v + return s +} + +// SetLastUpdateRequestId sets the LastUpdateRequestId field's value. +func (s *UpdateStatus) SetLastUpdateRequestId(v string) *UpdateStatus { + s.LastUpdateRequestId = &v + return s +} + +// SetLastUpdateStatus sets the LastUpdateStatus field's value. +func (s *UpdateStatus) SetLastUpdateStatus(v string) *UpdateStatus { + s.LastUpdateStatus = &v + return s +} + type UpdateSubscriberInput struct { _ struct{} `type:"structure"` @@ -7749,7 +7901,11 @@ type UpdateSubscriptionNotificationConfigurationInput struct { // The HTTPS method used for the subscription notification. HttpsMethod *string `locationName:"httpsMethod" type:"string" enum:"HttpsMethod"` - // The Amazon Resource Name (ARN) specifying the role of the subscriber. + // The Amazon Resource Name (ARN) specifying the role of the subscriber. For + // more information about ARNs and how to use them in policies, see, see the + // Managing data access (https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html) + // and Amazon Web Services Managed Policies (https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html)in + // the Amazon Security Lake User Guide. RoleArn *string `locationName:"roleArn" type:"string"` // The subscription endpoint in Security Lake.