The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
", "PutOrganizationConfigRuleResponse$OrganizationConfigRuleArn": "The Amazon Resource Name (ARN) of an organization Config rule.
", "PutOrganizationConformancePackResponse$OrganizationConformancePackArn": "ARN of the organization conformance pack.
", - "RemediationConfiguration$TargetId": "Target ID is the name of the public document.
", + "RemediationConfiguration$TargetId": "Target ID is the name of the SSM document.
", "RemediationException$ResourceType": "The type of a resource.
", "RemediationExceptionResourceKey$ResourceType": "The type of a resource.
", "RemediationParameters$key": null, diff --git a/models/apis/config/2014-11-12/endpoint-tests-1.json b/models/apis/config/2014-11-12/endpoint-tests-1.json index 160da5eb4eb..792ec6fb1e1 100644 --- a/models/apis/config/2014-11-12/endpoint-tests-1.json +++ b/models/apis/config/2014-11-12/endpoint-tests-1.json @@ -8,8 +8,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "af-south-1" } }, @@ -21,8 +21,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-east-1" } }, @@ -34,8 +34,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-northeast-1" } }, @@ -47,8 +47,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-northeast-2" } }, @@ -60,8 +60,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-northeast-3" } }, @@ -73,8 +73,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-south-1" } }, @@ -86,8 +86,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-southeast-1" } }, @@ -99,8 +99,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-southeast-2" } }, @@ -112,8 +112,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ap-southeast-3" } }, @@ -125,8 +125,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "ca-central-1" } }, @@ -138,8 +138,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "eu-central-1" } }, @@ -151,8 +151,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "eu-north-1" } }, @@ -164,8 +164,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "eu-south-1" } }, @@ -177,8 +177,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "eu-west-1" } }, @@ -190,8 +190,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "eu-west-2" } }, @@ -203,8 +203,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "eu-west-3" } }, @@ -216,8 +216,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "me-south-1" } }, @@ -229,8 +229,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "sa-east-1" } }, @@ -242,8 +242,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-east-1" } }, @@ -255,8 +255,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "us-east-1" } }, @@ -268,8 +268,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-east-2" } }, @@ -281,8 +281,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "us-east-2" } }, @@ -294,8 +294,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-west-1" } }, @@ -307,8 +307,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "us-west-1" } }, @@ -320,8 +320,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-west-2" } }, @@ -333,8 +333,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "us-west-2" } }, @@ -346,8 +346,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": true, + "UseFIPS": true, "Region": "us-east-1" } }, @@ -359,8 +359,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": true, + "UseFIPS": false, "Region": "us-east-1" } }, @@ -372,8 +372,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "cn-north-1" } }, @@ -385,8 +385,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "cn-northwest-1" } }, @@ -398,8 +398,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": true, + "UseFIPS": true, "Region": "cn-north-1" } }, @@ -411,8 +411,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "cn-north-1" } }, @@ -424,8 +424,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": true, + "UseFIPS": false, "Region": "cn-north-1" } }, @@ -437,8 +437,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-gov-east-1" } }, @@ -450,8 +450,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "us-gov-east-1" } }, @@ -463,8 +463,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-gov-west-1" } }, @@ -476,8 +476,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "us-gov-west-1" } }, @@ -489,8 +489,8 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": true, + "UseFIPS": true, "Region": "us-gov-east-1" } }, @@ -502,8 +502,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": true, + "UseFIPS": false, "Region": "us-gov-east-1" } }, @@ -515,8 +515,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-iso-east-1" } }, @@ -528,11 +528,22 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-iso-west-1" } }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseDualStack": true, + "UseFIPS": true, + "Region": "us-iso-east-1" + } + }, { "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { @@ -541,8 +552,19 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, + "Region": "us-iso-east-1" + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseDualStack": true, + "UseFIPS": false, "Region": "us-iso-east-1" } }, @@ -554,8 +576,19 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, + "Region": "us-isob-east-1" + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseDualStack": true, + "UseFIPS": true, "Region": "us-isob-east-1" } }, @@ -567,8 +600,19 @@ } }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, + "Region": "us-isob-east-1" + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseDualStack": true, + "UseFIPS": false, "Region": "us-isob-east-1" } }, @@ -580,8 +624,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Region": "us-east-1", "Endpoint": "https://example.com" } @@ -594,8 +638,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Endpoint": "https://example.com" } }, @@ -605,8 +649,8 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, "Region": "us-east-1", "Endpoint": "https://example.com" } @@ -617,11 +661,17 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseFIPS": false, "UseDualStack": true, + "UseFIPS": false, "Region": "us-east-1", "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/apis/ecs/2014-11-13/docs-2.json b/models/apis/ecs/2014-11-13/docs-2.json index 5cb615fda28..995dc046ef6 100644 --- a/models/apis/ecs/2014-11-13/docs-2.json +++ b/models/apis/ecs/2014-11-13/docs-2.json @@ -4,7 +4,7 @@ "operations": { "CreateCapacityProvider": "Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.
Only capacity providers that use an Auto Scaling group can be created. Amazon ECS tasks on Fargate use the FARGATE and FARGATE_SPOT capacity providers. These providers are available to all accounts in the Amazon Web Services Regions that Fargate supports.
Creates a new Amazon ECS cluster. By default, your account receives a default cluster when you launch your first container instance. However, you can create your own cluster with a unique name with the CreateCluster action.
When you call the CreateCluster API operation, Amazon ECS attempts to create the Amazon ECS service-linked role for your account. This is so that it can manage required resources in other Amazon Web Services services on your behalf. However, if the user that makes the call doesn't have permissions to create the service-linked role, it isn't created. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
Runs and maintains your desired number of tasks from a specified task definition. If the number of tasks running in a service drops below the desiredCount, Amazon ECS runs another copy of the task in the specified cluster. To update an existing service, see the UpdateService action.
In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind one or more load balancers. The load balancers distribute traffic across the tasks that are associated with the service. For more information, see Service load balancing in the Amazon Elastic Container Service Developer Guide.
Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.
There are two service scheduler strategies available:
REPLICA - The replica scheduling strategy places and maintains your desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
DAEMON - The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks. It also stops tasks that don't meet the placement constraints. When using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
You can optionally specify a deployment configuration for your service. The deployment is initiated by changing properties. For example, the deployment might be initiated by the task definition or by your desired count of a service. This is done with an UpdateService operation. The default value for a replica service for minimumHealthyPercent is 100%. The default value for a daemon service for minimumHealthyPercent is 0%.
If a service uses the ECS deployment controller, the minimum healthy percent represents a lower limit on the number of tasks in a service that must remain in the RUNNING state during a deployment. Specifically, it represents it as a percentage of your desired number of tasks (rounded up to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can deploy without using additional cluster capacity. For example, if you set your service to have desired number of four tasks and a minimum healthy percent of 50%, the scheduler might stop two existing tasks to free up cluster capacity before starting two new tasks. If they're in the RUNNING state, tasks for services that don't use a load balancer are considered healthy . If they're in the RUNNING state and reported as healthy by the load balancer, tasks for services that do use a load balancer are considered healthy . The default value for minimum healthy percent is 100%.
If a service uses the ECS deployment controller, the maximum percent parameter represents an upper limit on the number of tasks in a service that are allowed in the RUNNING or PENDING state during a deployment. Specifically, it represents it as a percentage of the desired number of tasks (rounded down to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can define the deployment batch size. For example, if your service has a desired number of four tasks and a maximum percent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default value for maximum percent is 200%.
If a service uses either the CODE_DEPLOY or EXTERNAL deployment controller types and tasks that use the EC2 launch type, the minimum healthy percent and maximum percent values are used only to define the lower and upper limit on the number of the tasks in the service that remain in the RUNNING state. This is while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the minimum healthy percent and maximum percent values aren't used. This is the case even if they're currently visible when describing your service.
When creating a service that uses the EXTERNAL deployment controller, you can specify only parameters that aren't controlled at the task set level. The only required parameter is the service name. You control your services using the CreateTaskSet operation. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
When the service scheduler launches new tasks, it determines task placement. For information about task placement and task placement strategies, see Amazon ECS task placement in the Amazon Elastic Container Service Developer Guide.
", + "CreateService": "Runs and maintains your desired number of tasks from a specified task definition. If the number of tasks running in a service drops below the desiredCount, Amazon ECS runs another copy of the task in the specified cluster. To update an existing service, see the UpdateService action.
Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind one or more load balancers. The load balancers distribute traffic across the tasks that are associated with the service. For more information, see Service load balancing in the Amazon Elastic Container Service Developer Guide.
Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.
There are two service scheduler strategies available:
REPLICA - The replica scheduling strategy places and maintains your desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
DAEMON - The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks. It also stops tasks that don't meet the placement constraints. When using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
You can optionally specify a deployment configuration for your service. The deployment is initiated by changing properties. For example, the deployment might be initiated by the task definition or by your desired count of a service. This is done with an UpdateService operation. The default value for a replica service for minimumHealthyPercent is 100%. The default value for a daemon service for minimumHealthyPercent is 0%.
If a service uses the ECS deployment controller, the minimum healthy percent represents a lower limit on the number of tasks in a service that must remain in the RUNNING state during a deployment. Specifically, it represents it as a percentage of your desired number of tasks (rounded up to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can deploy without using additional cluster capacity. For example, if you set your service to have desired number of four tasks and a minimum healthy percent of 50%, the scheduler might stop two existing tasks to free up cluster capacity before starting two new tasks. If they're in the RUNNING state, tasks for services that don't use a load balancer are considered healthy . If they're in the RUNNING state and reported as healthy by the load balancer, tasks for services that do use a load balancer are considered healthy . The default value for minimum healthy percent is 100%.
If a service uses the ECS deployment controller, the maximum percent parameter represents an upper limit on the number of tasks in a service that are allowed in the RUNNING or PENDING state during a deployment. Specifically, it represents it as a percentage of the desired number of tasks (rounded down to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can define the deployment batch size. For example, if your service has a desired number of four tasks and a maximum percent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default value for maximum percent is 200%.
If a service uses either the CODE_DEPLOY or EXTERNAL deployment controller types and tasks that use the EC2 launch type, the minimum healthy percent and maximum percent values are used only to define the lower and upper limit on the number of the tasks in the service that remain in the RUNNING state. This is while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the minimum healthy percent and maximum percent values aren't used. This is the case even if they're currently visible when describing your service.
When creating a service that uses the EXTERNAL deployment controller, you can specify only parameters that aren't controlled at the task set level. The only required parameter is the service name. You control your services using the CreateTaskSet operation. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
When the service scheduler launches new tasks, it determines task placement. For information about task placement and task placement strategies, see Amazon ECS task placement in the Amazon Elastic Container Service Developer Guide.
", "CreateTaskSet": "Create a task set in the specified cluster and service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
Disables an account setting for a specified user, role, or the root user for an account.
", "DeleteAttributes": "Deletes one or more custom attributes from an Amazon ECS resource.
", @@ -41,8 +41,8 @@ "PutClusterCapacityProviders": "Modifies the available capacity providers and the default capacity provider strategy for a cluster.
You must specify both the available capacity providers and a default capacity provider strategy for the cluster. If the specified cluster has existing capacity providers associated with it, you must specify all existing capacity providers in addition to any new ones you want to add. Any existing capacity providers that are associated with a cluster that are omitted from a PutClusterCapacityProviders API call will be disassociated with the cluster. You can only disassociate an existing capacity provider from a cluster if it's not being used by any existing tasks.
When creating a service or running a task on a cluster, if no capacity provider or launch type is specified, then the cluster's default capacity provider strategy is used. We recommend that you define a default capacity provider strategy for your cluster. However, you must specify an empty array ([]) to bypass defining a default strategy.
This action is only used by the Amazon ECS agent, and it is not intended for use outside of the agent.
Registers an EC2 instance into the specified cluster. This instance becomes available to place containers on.
", "RegisterTaskDefinition": "Registers a new task definition from the supplied family and containerDefinitions. Optionally, you can add data volumes to your containers with the volumes parameter. For more information about task definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide.
You can specify a role for your task with the taskRoleArn parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the Amazon Web Services services that are specified in the policy that's associated with the role. For more information, see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide.
You can specify a Docker networking mode for the containers in your task definition with the networkMode parameter. The available network modes correspond to those described in Network settings in the Docker run reference. If you specify the awsvpc network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.
Starts a new task using the specified task definition.
You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places tasks using placement constraints and placement strategies. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
Alternatively, you can use StartTask to use your own scheduler or place tasks manually on specific container instances.
The Amazon ECS API follows an eventual consistency model. This is because of the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your Amazon ECS resources might not be immediately visible to all subsequent commands you run. Keep this in mind when you carry out an API command that immediately follows a previous API command.
To manage eventual consistency, you can do the following:
Confirm the state of the resource before you run a command to modify it. Run the DescribeTasks command using an exponential backoff algorithm to ensure that you allow enough time for the previous command to propagate through the system. To do this, run the DescribeTasks command repeatedly, starting with a couple of seconds of wait time and increasing gradually up to five minutes of wait time.
Add wait time between subsequent commands, even if the DescribeTasks command returns an accurate response. Apply an exponential backoff algorithm starting with a couple of seconds of wait time, and increase gradually up to about five minutes of wait time.
Starts a new task from the specified task definition on the specified container instance or instances.
Alternatively, you can use RunTask to place tasks for you. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
", + "RunTask": "Starts a new task using the specified task definition.
You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places tasks using placement constraints and placement strategies. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
Alternatively, you can use StartTask to use your own scheduler or place tasks manually on specific container instances.
Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
The Amazon ECS API follows an eventual consistency model. This is because of the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your Amazon ECS resources might not be immediately visible to all subsequent commands you run. Keep this in mind when you carry out an API command that immediately follows a previous API command.
To manage eventual consistency, you can do the following:
Confirm the state of the resource before you run a command to modify it. Run the DescribeTasks command using an exponential backoff algorithm to ensure that you allow enough time for the previous command to propagate through the system. To do this, run the DescribeTasks command repeatedly, starting with a couple of seconds of wait time and increasing gradually up to five minutes of wait time.
Add wait time between subsequent commands, even if the DescribeTasks command returns an accurate response. Apply an exponential backoff algorithm starting with a couple of seconds of wait time, and increase gradually up to about five minutes of wait time.
Starts a new task from the specified task definition on the specified container instance or instances.
Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
Alternatively, you can use RunTask to place tasks for you. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
", "StopTask": "Stops a running task. Any tags associated with the task will be deleted.
When StopTask is called on a task, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM value and a default 30-second timeout, after which the SIGKILL value is sent and the containers are forcibly stopped. If the container handles the SIGTERM value gracefully and exits within 30 seconds from receiving it, no SIGKILL value is sent.
The default 30-second timeout can be configured on the Amazon ECS container agent with the ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.
This action is only used by the Amazon ECS agent, and it is not intended for use outside of the agent.
Sent to acknowledge that an attachment changed states.
", "SubmitContainerStateChange": "This action is only used by the Amazon ECS agent, and it is not intended for use outside of the agent.
Sent to acknowledge that a container changed states.
", @@ -250,7 +250,7 @@ "NetworkBinding$containerPort": "The port number on the container that's used with the network binding.
", "NetworkBinding$hostPort": "The port number on the host that's used with the network binding.
", "PortMapping$containerPort": "The port number on the container that's bound to the user-specified or automatically assigned host port.
If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort.
If you use containers in a task with the bridge network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see hostPort. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
The port number on the container instance to reserve for your container.
If you specify a containerPortRange, leave this field empty and the value of the hostPort is set as follows:
For containers in a task with the awsvpc network mode, the hostPort is set to the same value as the containerPort. This is a static mapping strategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open ports on the host and automaticaly binds them to the container ports. This is a dynamic mapping strategy.
If you use containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort.
If you use containers in a task with the bridge network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the hostPort (or set it to 0) while specifying a containerPort and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.
The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under /proc/sys/net/ipv4/ip_local_port_range. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the remainingResources of DescribeContainerInstances output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
The port number on the container instance to reserve for your container.
If you specify a containerPortRange, leave this field empty and the value of the hostPort is set as follows:
For containers in a task with the awsvpc network mode, the hostPort is set to the same value as the containerPort. This is a static mapping strategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open ports on the host and automaticaly binds them to the container ports. This is a dynamic mapping strategy.
If you use containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort.
If you use containers in a task with the bridge network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the hostPort (or set it to 0) while specifying a containerPort and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.
The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under /proc/sys/net/ipv4/ip_local_port_range. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the remainingResources of DescribeContainerInstances output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
The number of instantiations of the specified task to place on your cluster. You can specify up to 10 tasks for each call.
", "Service$healthCheckGracePeriodSeconds": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started.
", "ServiceRegistry$port": "The port value used if your service discovery service specified an SRV record. This field might be used if both the awsvpc network mode and SRV records are used.
The task launch type that Amazon ECS validates the task definition against. A client exception is returned if the task definition doesn't validate against the compatibilities specified. If no value is specified, the parameter is omitted from the response.
", "TaskDefinition$compatibilities": "The task launch types the task definition validated against during task definition registration. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.
", - "TaskDefinition$requiresCompatibilities": "The task launch types the task definition was validated against. To determine which task launch types the task definition is validated for, see the TaskDefinition$compatibilities parameter.
" + "TaskDefinition$requiresCompatibilities": "The task launch types the task definition was validated against. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.
" } }, "Connectivity": { @@ -1030,7 +1030,7 @@ } }, "HealthCheck": { - "base": "An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile).
The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.
You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console.
The following describes the possible healthStatus values for a container:
HEALTHY-The container health check has passed successfully.
UNHEALTHY-The container health check has failed.
UNKNOWN-The container health check is being evaluated or there's no container health check defined.
The following describes the possible healthStatus values for a task. The container health check status of nonessential containers only affects the health status of a task if no essential containers have health checks defined.
HEALTHY-All essential containers within the task have passed their health checks.
UNHEALTHY-One or more essential containers have failed their health check.
UNKNOWN-The essential containers within the task are still having their health checks evaluated or there are only nonessential containers with health checks defined.
If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.
For tasks that are a part of a service and the service uses the ECS rolling deployment type, the deployment is paused while the new tasks have the UNKNOWN task health check status. For example, tasks that define health checks for nonessential containers when no essential containers have health checks will have the UNKNOWN health check status indefinitely which prevents the deployment from completing.
The following are notes about container health check support:
Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent.
Container health checks are supported for Fargate tasks if you're using platform version 1.1.0 or greater. For more information, see Fargate platform versions.
Container health checks aren't supported for tasks that are part of a service that's configured to use a Classic Load Balancer.
An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.
The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.
You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console.
The following describes the possible healthStatus values for a container:
HEALTHY-The container health check has passed successfully.
UNHEALTHY-The container health check has failed.
UNKNOWN-The container health check is being evaluated or there's no container health check defined.
The following describes the possible healthStatus values for a task. The container health check status of non-essential containers don't have an effect on the health status of a task.
HEALTHY-All essential containers within the task have passed their health checks.
UNHEALTHY-One or more essential containers have failed their health check.
UNKNOWN-The essential containers within the task are still having their health checks evaluated, there are only nonessential containers with health checks defined, or there are no container health checks defined.
If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.
The following are notes about container health check support:
Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent.
Container health checks are supported for Fargate tasks if you're using platform version 1.1.0 or greater. For more information, see Fargate platform versions.
Container health checks aren't supported for tasks that are part of a service that's configured to use a Classic Load Balancer.
The container health check command and associated configuration parameters for the container. This parameter maps to HealthCheck in the Create a container section of the Docker Remote API and the HEALTHCHECK parameter of docker run.
Linux-specific options that are applied to the container, such as Linux KernelCapabilities.
", + "base": "The Linux-specific options that are applied to the container, such as Linux KernelCapabilities.
", "refs": { "ContainerDefinition$linuxParameters": "Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see KernelCapabilities.
This parameter is not supported for Windows containers.
The load balancer configuration to use with a service or task set.
For specific notes and restrictions regarding the use of load balancers with services and task sets, see the CreateService and CreateTaskSet actions.
When you add, update, or remove a load balancer configuration, Amazon ECS starts a new deployment with the updated Elastic Load Balancing configuration. This causes tasks to register to and deregister from load balancers.
We recommend that you verify this on a test environment before you update the Elastic Load Balancing configuration.
A service-linked role is required for services that use multiple target groups. For more information, see Using service-linked roles in the Amazon Elastic Container Service Developer Guide.
", + "base": "The load balancer configuration to use with a service or task set.
When you add, update, or remove a load balancer configuration, Amazon ECS starts a new deployment with the updated Elastic Load Balancing configuration. This causes tasks to register to and deregister from load balancers.
We recommend that you verify this on a test environment before you update the Elastic Load Balancing configuration.
A service-linked role is required for services that use multiple target groups. For more information, see Using service-linked roles in the Amazon Elastic Container Service Developer Guide.
", "refs": { "LoadBalancers$member": null } @@ -1395,7 +1395,7 @@ "ManagedScalingTargetCapacity": { "base": null, "refs": { - "ManagedScaling$targetCapacity": "The target capacity value for the capacity provider. The specified value must be greater than 0 and less than or equal to 100. A value of 100 results in the Amazon EC2 instances in your Auto Scaling group being completely used.
The target capacity utilization as a percentage for the capacity provider. The specified value must be greater than 0 and less than or equal to 100. For example, if you want the capacity provider to maintain 10% spare capacity, then that means the utilization is 90%, so use a targetCapacity of 90. The default value of 100 percent results in the Amazon EC2 instances in your Auto Scaling group being completely used.
Details for a volume mount point that's used in a container definition.
", + "base": "The details for a volume mount point that's used in a container definition.
", "refs": { "MountPointList$member": null } @@ -1583,7 +1583,7 @@ "PropagateTags": { "base": null, "refs": { - "CreateServiceRequest$propagateTags": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the TagResource API action.
", + "CreateServiceRequest$propagateTags": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the TagResource API action.
", "RunTaskRequest$propagateTags": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the TagResource API action.
An error will be received if you specify the SERVICE option when running a task.
Determines whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags aren't propagated.
", "StartTaskRequest$propagateTags": "Specifies whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags aren't propagated.
", @@ -1711,7 +1711,7 @@ } }, "ResourceRequirement": { - "base": "The type and amount of a resource to assign to a container. The supported resource types are GPUs and Elastic Inference accelerators. For more information, see Working with GPUs on Amazon ECS or Working with Amazon Elastic Inference on Amazon ECS in the Amazon Elastic Container Service Developer Guide
", + "base": "The type and amount of a resource to assign to a container. The supported resource types are GPUs and Elastic Inference accelerators. For more information, see Working with GPUs on Amazon ECS or Working with Amazon Elastic Inference on Amazon ECS in the Amazon Elastic Container Service Developer Guide
", "refs": { "ResourceRequirements$member": null } @@ -1807,7 +1807,7 @@ } }, "Service": { - "base": "Details on a service within a cluster
", + "base": "Details on a service within a cluster.
", "refs": { "CreateServiceResponse$service": "The full description of your service following the create call.
A service will return either a capacityProviderStrategy or launchType parameter, but not both, depending where one was specified when it was created.
If a service is using the ECS deployment controller, the deploymentController and taskSets parameters will not be returned.
if the service uses the CODE_DEPLOY deployment controller, the deploymentController, taskSets and deployments parameters will be returned, however the deployments parameter will be an empty list.
The full description of the deleted service.
", @@ -2116,7 +2116,7 @@ "HostEntry$hostname": "The hostname to use in the /etc/hosts entry.
The IP address to use in the /etc/hosts entry.
When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.
If you're using the Fargate launch type, the sourcePath parameter is not supported.
The Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement.
The Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement.
The Elastic Inference accelerator type to use.
", "InferenceAcceleratorOverride$deviceName": "The Elastic Inference accelerator device name to override for the task. This parameter must match a deviceName specified in the task definition.
The Elastic Inference accelerator type to use.
", @@ -2199,7 +2199,7 @@ "RepositoryCredentials$credentialsParameter": "The Amazon Resource Name (ARN) of the secret containing the private repository credentials.
When you use the Amazon ECS API, CLI, or Amazon Web Services SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the Amazon Web Services Management Console, you must specify the full ARN of the secret.
The name of the resource, such as CPU, MEMORY, PORTS, PORTS_UDP, or a user-defined resource.
The type of the resource. Valid values: INTEGER, DOUBLE, LONG, or STRINGSET.
The value for the specified resource type.
If the GPU type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.
If the InferenceAccelerator type is used, the value matches the deviceName for an InferenceAccelerator specified in a task definition.
The value for the specified resource type.
If the GPU type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.
If the InferenceAccelerator type is used, the value matches the deviceName for an InferenceAccelerator specified in a task definition.
The short name or full Amazon Resource Name (ARN) of the cluster to run your task on. If you do not specify a cluster, the default cluster is assumed.
", "RunTaskRequest$group": "The name of the task group to associate with the task. The default value is the family name of the task definition (for example, family:my-family-name).
The platform version the task uses. A platform version is only specified for tasks hosted on Fargate. If one isn't specified, the LATEST platform version is used. For more information, see Fargate platform versions in the Amazon Elastic Container Service Developer Guide.
The dnsName is the name that you use in the applications of client tasks to connect to this service. The name must be a valid DNS name but doesn't need to be fully-qualified. The name can include up to 127 characters. The name can include lowercase letters, numbers, underscores (_), hyphens (-), and periods (.). The name can't start with a hyphen.
If this parameter isn't specified, the default value of discoveryName.namespace is used. If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace.
To avoid changing your applications in client Amazon ECS services, set this to the same name that the client application uses by default. For example, a few common names are database, db, or the lowercase name of a database, such as mysql or redis. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.
The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace for use with Service Connect. The namespace must be in the same Amazon Web Services Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about Cloud Map, see Working with Services in the Cloud Map Developer Guide.
", "ServiceConnectService$portName": "The portName must match the name of one of the portMappings from all the containers in the task definition of this Amazon ECS service.
The discoveryName is the name of the new Cloud Map service that Amazon ECS creates for this Amazon ECS service. This must be unique within the Cloud Map namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
If this parameter isn't specified, the default value of discoveryName.namespace is used. If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace.
The discovery name of this Service Connect resource.
The discoveryName is the name of the new Cloud Map service that Amazon ECS creates for this Amazon ECS service. This must be unique within the Cloud Map namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
If this parameter isn't specified, the default value of discoveryName.namespace is used. If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace.
The discoveryName is the name of the new Cloud Map service that Amazon ECS creates for this Amazon ECS service. This must be unique within the Cloud Map namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace.
The discovery name of this Service Connect resource.
The discoveryName is the name of the new Cloud Map service that Amazon ECS creates for this Amazon ECS service. This must be unique within the Cloud Map namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace.
The Amazon Resource Name (ARN) for the namespace in Cloud Map that matches the discovery name for this Service Connect resource. You can use this ARN in other integrations with Cloud Map. However, Service Connect can't ensure connectivity outside of Amazon ECS.
", "ServiceEvent$id": "The ID string for the event.
", "ServiceEvent$message": "The event message.
", diff --git a/models/apis/ecs/2014-11-13/endpoint-tests-1.json b/models/apis/ecs/2014-11-13/endpoint-tests-1.json index cb553946eda..698d37c250a 100644 --- a/models/apis/ecs/2014-11-13/endpoint-tests-1.json +++ b/models/apis/ecs/2014-11-13/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "af-south-1" + "Region": "af-south-1", + "UseDualStack": false } }, { @@ -21,9 +21,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-east-1" + "Region": "ap-east-1", + "UseDualStack": false } }, { @@ -34,9 +34,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-northeast-1" + "Region": "ap-northeast-1", + "UseDualStack": false } }, { @@ -47,9 +47,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-northeast-2" + "Region": "ap-northeast-2", + "UseDualStack": false } }, { @@ -60,9 +60,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-northeast-3" + "Region": "ap-northeast-3", + "UseDualStack": false } }, { @@ -73,9 +73,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-south-1" + "Region": "ap-south-1", + "UseDualStack": false } }, { @@ -86,9 +86,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-southeast-1" + "Region": "ap-southeast-1", + "UseDualStack": false } }, { @@ -99,9 +99,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-southeast-2" + "Region": "ap-southeast-2", + "UseDualStack": false } }, { @@ -112,9 +112,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ap-southeast-3" + "Region": "ap-southeast-3", + "UseDualStack": false } }, { @@ -125,9 +125,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "ca-central-1" + "Region": "ca-central-1", + "UseDualStack": false } }, { @@ -138,9 +138,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "eu-central-1" + "Region": "eu-central-1", + "UseDualStack": false } }, { @@ -151,9 +151,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "eu-north-1" + "Region": "eu-north-1", + "UseDualStack": false } }, { @@ -164,9 +164,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "eu-south-1" + "Region": "eu-south-1", + "UseDualStack": false } }, { @@ -177,9 +177,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "eu-west-1" + "Region": "eu-west-1", + "UseDualStack": false } }, { @@ -190,9 +190,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "eu-west-2" + "Region": "eu-west-2", + "UseDualStack": false } }, { @@ -203,9 +203,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "eu-west-3" + "Region": "eu-west-3", + "UseDualStack": false } }, { @@ -216,9 +216,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "me-south-1" + "Region": "me-south-1", + "UseDualStack": false } }, { @@ -229,9 +229,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "sa-east-1" + "Region": "sa-east-1", + "UseDualStack": false } }, { @@ -242,9 +242,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": false } }, { @@ -255,9 +255,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": false } }, { @@ -268,9 +268,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-2" + "Region": "us-east-2", + "UseDualStack": false } }, { @@ -281,9 +281,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-east-2" + "Region": "us-east-2", + "UseDualStack": false } }, { @@ -294,9 +294,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-west-1" + "Region": "us-west-1", + "UseDualStack": false } }, { @@ -307,9 +307,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-west-1" + "Region": "us-west-1", + "UseDualStack": false } }, { @@ -320,9 +320,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-west-2" + "Region": "us-west-2", + "UseDualStack": false } }, { @@ -333,9 +333,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-west-2" + "Region": "us-west-2", + "UseDualStack": false } }, { @@ -346,9 +346,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": true } }, { @@ -359,9 +359,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": true } }, { @@ -372,9 +372,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": false } }, { @@ -385,9 +385,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "cn-northwest-1" + "Region": "cn-northwest-1", + "UseDualStack": false } }, { @@ -398,9 +398,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": true } }, { @@ -411,9 +411,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": false } }, { @@ -424,9 +424,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": true } }, { @@ -437,9 +437,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": false } }, { @@ -450,9 +450,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": false } }, { @@ -463,9 +463,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-gov-west-1" + "Region": "us-gov-west-1", + "UseDualStack": false } }, { @@ -476,9 +476,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-gov-west-1" + "Region": "us-gov-west-1", + "UseDualStack": false } }, { @@ -489,9 +489,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": true } }, { @@ -502,9 +502,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": true } }, { @@ -515,9 +515,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": false } }, { @@ -528,9 +528,20 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-iso-west-1" + "Region": "us-iso-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": true } }, { @@ -541,9 +552,20 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": true } }, { @@ -554,9 +576,20 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": true } }, { @@ -567,9 +600,20 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": true } }, { @@ -580,9 +624,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -594,8 +638,8 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -605,9 +649,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseDualStack": false, "UseFIPS": true, "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -617,11 +661,17 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseDualStack": true, "UseFIPS": false, "Region": "us-east-1", + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/apis/identitystore/2020-06-15/docs-2.json b/models/apis/identitystore/2020-06-15/docs-2.json index 4c76b722b29..b5a0ed02dc9 100644 --- a/models/apis/identitystore/2020-06-15/docs-2.json +++ b/models/apis/identitystore/2020-06-15/docs-2.json @@ -1,10 +1,10 @@ { "version": "2.0", - "service": "The Identity Store service used by AWS IAM Identity Center (successor to AWS Single Sign-On) provides a single place to retrieve all of your identities (users and groups). For more information, see the IAM Identity Center User Guide.
<note> <p>Although AWS Single Sign-On was renamed, the <code>sso</code> and <code>identitystore</code> API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed">IAM Identity Center rename</a>.</p> </note> <p>This reference guide describes the identity store operations that you can call programatically and includes detailed information on data types and errors.</p> The Identity Store service used by AWS IAM Identity Center (successor to AWS Single Sign-On) provides a single place to retrieve all of your identities (users and groups). For more information, see the IAM Identity Center User Guide.
<note> <p>Although AWS Single Sign-On was renamed, the <code>sso</code> and <code>identitystore</code> API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed">IAM Identity Center rename</a>.</p> </note> <p>This reference guide describes the identity store operations that you can call programatically and includes detailed information about data types and errors.</p> Creates a group within the specified identity store.
", "CreateGroupMembership": "Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId.
Creates a new user within the specified identity store.
", + "CreateUser": "Creates a user within the specified identity store.
", "DeleteGroup": "Delete a group within an identity store given GroupId.
Delete a membership within a group given MembershipId.
Deletes a user within an identity store given UserId.
A list of Address objects containing addresses associated with the user.
The user's physical address.
", + "DescribeUserResponse$Addresses": "The physical address of the user.
", "User$Addresses": "A list of Address objects containing addresses associated with the user.
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For example, a unique GroupDisplayName.
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute.
", "refs": { - "GetGroupIdRequest$AlternateIdentifier": "A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For example, a unique GroupDisplayName.
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For example, a unique UserDisplayName.
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid path is displayName.
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid paths are userName and emails.value.
A list of Email objects containing email addresses associated with the user.
The user's email value.
", + "DescribeUserResponse$Emails": "The email address of the user.
", "User$Emails": "A list of Email objects containing email addresses associated with the user.
A group object that contains a specified group’s metadata and attributes.
", + "base": "A group object that contains the metadata and attributes for a specified group.
", "refs": { "Groups$member": null } @@ -284,9 +284,9 @@ "GroupDisplayName": { "base": null, "refs": { - "CreateGroupRequest$DisplayName": "A string containing the name of the group. This value is commonly displayed when the group is referenced.
", + "CreateGroupRequest$DisplayName": "A string containing the name of the group. This value is commonly displayed when the group is referenced. \"Administrator\" and \"AWSAdministrators\" are reserved names and can't be used for users or groups.
", "DescribeGroupResponse$DisplayName": "The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store.
", - "Group$DisplayName": "The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.
" + "Group$DisplayName": "The display name value for the group. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.
" } }, "GroupIds": { @@ -441,9 +441,9 @@ "Name": { "base": "The full name of the user.
", "refs": { - "CreateUserRequest$Name": "An object containing the user's name.
", + "CreateUserRequest$Name": "An object containing the name of the user.
", "DescribeUserResponse$Name": "The name of the user.
", - "User$Name": "An object containing the user's name.
" + "User$Name": "An object containing the name of the user.
" } }, "NextToken": { @@ -533,8 +533,8 @@ "RetryAfterSeconds": { "base": null, "refs": { - "InternalServerException$RetryAfterSeconds": "The number of seconds that you would like to wait before retrying the next request.
", - "ThrottlingException$RetryAfterSeconds": "The number of seconds that you would like to wait before retrying the next request.
" + "InternalServerException$RetryAfterSeconds": "The number of seconds to wait before retrying the next request.
", + "ThrottlingException$RetryAfterSeconds": "The number of seconds to wait before retrying the next request.
" } }, "SensitiveBooleanType": { @@ -557,22 +557,22 @@ "Address$Formatted": "A string containing a formatted version of the address for display.
", "Address$Type": "A string representing the type of address. For example, \"Home.\"
", "CreateGroupRequest$Description": "A string containing the description of the group.
", - "CreateUserRequest$DisplayName": "A string containing the user's name. This value is typically formatted for display when the user is referenced. For example, \"John Doe.\"
", + "CreateUserRequest$DisplayName": "A string containing the name of the user. This value is typically formatted for display when the user is referenced. For example, \"John Doe.\"
", "CreateUserRequest$NickName": "A string containing an alternate name for the user.
", - "CreateUserRequest$ProfileUrl": "A string containing a URL that may be associated with the user.
", - "CreateUserRequest$UserType": "A string indicating the user's type. Possible values depend on each customer's specific needs, so they are left unspecified.
", - "CreateUserRequest$Title": "A string containing the user's title. Possible values are left unspecified given that they depend on each customer's specific needs.
", + "CreateUserRequest$ProfileUrl": "A string containing a URL that might be associated with the user.
", + "CreateUserRequest$UserType": "A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case.
", + "CreateUserRequest$Title": "A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case.
", "CreateUserRequest$PreferredLanguage": "A string containing the preferred language of the user. For example, \"American English\" or \"en-us.\"
", - "CreateUserRequest$Locale": "A string containing the user's geographical region or location.
", - "CreateUserRequest$Timezone": "A string containing the user's time zone.
", + "CreateUserRequest$Locale": "A string containing the geographical region or location of the user.
", + "CreateUserRequest$Timezone": "A string containing the time zone of the user.
", "DescribeGroupResponse$Description": "A string containing a description of the group.
", - "DescribeUserResponse$DisplayName": "The user's name value for display.
", + "DescribeUserResponse$DisplayName": "The display name of the user.
", "DescribeUserResponse$NickName": "An alternative descriptive name for the user.
", "DescribeUserResponse$ProfileUrl": "A URL link for the user's profile.
", - "DescribeUserResponse$UserType": "A string indicating the user's type.
", - "DescribeUserResponse$Title": "A string containing the user's title.
", + "DescribeUserResponse$UserType": "A string indicating the type of user.
", + "DescribeUserResponse$Title": "A string containing the title of the user.
", "DescribeUserResponse$PreferredLanguage": "The preferred language of the user.
", - "DescribeUserResponse$Locale": "A string containing the user's geographical region or location.
", + "DescribeUserResponse$Locale": "A string containing the geographical region or location of the user.
", "DescribeUserResponse$Timezone": "The time zone for a user.
", "Email$Value": "A string containing an email address. For example, \"johndoe@amazon.com.\"
", "Email$Type": "A string representing the type of address. For example, \"Work.\"
", @@ -586,14 +586,14 @@ "Name$HonorificSuffix": "The honorific suffix of the user. For example, \"M.D.\"
", "PhoneNumber$Value": "A string containing a phone number. For example, \"8675309\" or \"+1 (800) 123-4567\".
", "PhoneNumber$Type": "A string representing the type of a phone number. For example, \"Mobile.\"
", - "User$DisplayName": "A string containing the user's name that's formatted for display when the user is referenced. For example, \"John Doe.\"
", + "User$DisplayName": "A string containing the name of the user that is formatted for display when the user is referenced. For example, \"John Doe.\"
", "User$NickName": "A string containing an alternate name for the user.
", - "User$ProfileUrl": "A string containing a URL that may be associated with the user.
", - "User$UserType": "A string indicating the user's type. Possible values depend on each customer's specific needs, so they are left unspecified.
", - "User$Title": "A string containing the user's title. Possible values depend on each customer's specific needs, so they are left unspecified.
", + "User$ProfileUrl": "A string containing a URL that might be associated with the user.
", + "User$UserType": "A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case.
", + "User$Title": "A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case.
", "User$PreferredLanguage": "A string containing the preferred language of the user. For example, \"American English\" or \"en-us.\"
", - "User$Locale": "A string containing the user's geographical region or location.
", - "User$Timezone": "A string containing the user's time zone.
" + "User$Locale": "A string containing the geographical region or location of the user.
", + "User$Timezone": "A string containing the time zone of the user.
" } }, "ServiceQuotaExceededException": { @@ -633,7 +633,7 @@ } }, "User": { - "base": "A user object that contains a specified user’s metadata and attributes.
", + "base": "A user object that contains the metadata and attributes for a specified user.
", "refs": { "Users$member": null } @@ -641,7 +641,7 @@ "UserName": { "base": null, "refs": { - "CreateUserRequest$UserName": "A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
", + "CreateUserRequest$UserName": "A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. \"Administrator\" and \"AWSAdministrators\" are reserved names and can't be used for users or groups.
", "DescribeUserResponse$UserName": "A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
", "User$UserName": "A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
" } diff --git a/models/apis/identitystore/2020-06-15/endpoint-rule-set-1.json b/models/apis/identitystore/2020-06-15/endpoint-rule-set-1.json new file mode 100644 index 00000000000..4c57a148229 --- /dev/null +++ b/models/apis/identitystore/2020-06-15/endpoint-rule-set-1.json @@ -0,0 +1,375 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://identitystore-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://identitystore.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://identitystore-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://identitystore.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://identitystore.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + } + ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/identitystore/2020-06-15/endpoint-tests-1.json b/models/apis/identitystore/2020-06-15/endpoint-tests-1.json new file mode 100644 index 00000000000..128082116cc --- /dev/null +++ b/models/apis/identitystore/2020-06-15/endpoint-tests-1.json @@ -0,0 +1,496 @@ +{ + "testCases": [ + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-2", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.ap-south-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-south-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-2", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.ca-central-1.amazonaws.com" + } + }, + "params": { + "Region": "ca-central-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.eu-central-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-central-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.eu-north-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-north-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.eu-west-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.eu-west-2.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-2", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-east-2.amazonaws.com" + } + }, + "params": { + "Region": "us-east-2", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://identitystore-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseDualStack": true, + "UseFIPS": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseDualStack": false, + "UseFIPS": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseDualStack": true, + "UseFIPS": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://identitystore-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseDualStack": true, + "UseFIPS": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseDualStack": false, + "UseFIPS": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://identitystore.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseDualStack": true, + "UseFIPS": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseDualStack": false, + "UseFIPS": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseDualStack": false, + "UseFIPS": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://identitystore-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseDualStack": true, + "UseFIPS": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseDualStack": true, + "UseFIPS": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseDualStack": true, + "UseFIPS": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseDualStack": false, + "UseFIPS": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseDualStack": true, + "UseFIPS": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseDualStack": true, + "UseFIPS": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseDualStack": false, + "UseFIPS": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseDualStack": true, + "UseFIPS": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://identitystore.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseDualStack": false, + "UseFIPS": false + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Region": "us-east-1", + "UseDualStack": false, + "UseFIPS": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseDualStack": false, + "UseFIPS": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseDualStack": false, + "UseFIPS": true, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseDualStack": true, + "UseFIPS": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/ivs-realtime/2020-07-14/api-2.json b/models/apis/ivs-realtime/2020-07-14/api-2.json index 303d8c33286..27858086e6c 100644 --- a/models/apis/ivs-realtime/2020-07-14/api-2.json +++ b/models/apis/ivs-realtime/2020-07-14/api-2.json @@ -378,13 +378,19 @@ "max":20160, "min":1 }, - "ParticipantTokenExpirationTime":{"type":"timestamp"}, + "ParticipantTokenExpirationTime":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, "ParticipantTokenId":{"type":"string"}, "ParticipantTokenList":{ "type":"list", "member":{"shape":"ParticipantToken"} }, - "ParticipantTokenString":{"type":"string"}, + "ParticipantTokenString":{ + "type":"string", + "sensitive":true + }, "ParticipantTokenUserId":{ "type":"string", "max":128, diff --git a/models/apis/ivs-realtime/2020-07-14/endpoint-tests-1.json b/models/apis/ivs-realtime/2020-07-14/endpoint-tests-1.json index 20bb7ce0205..aa2d6d179c1 100644 --- a/models/apis/ivs-realtime/2020-07-14/endpoint-tests-1.json +++ b/models/apis/ivs-realtime/2020-07-14/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": true } }, { @@ -21,9 +21,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": false } }, { @@ -34,9 +34,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": true } }, { @@ -47,9 +47,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": false } }, { @@ -60,9 +60,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": true } }, { @@ -73,9 +73,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": false } }, { @@ -86,9 +86,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": true } }, { @@ -99,9 +99,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": false } }, { @@ -110,9 +110,9 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": true } }, { @@ -123,9 +123,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": false } }, { @@ -134,9 +134,9 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": true } }, { @@ -147,9 +147,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": false } }, { @@ -160,9 +160,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": true } }, { @@ -173,9 +173,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": false } }, { @@ -186,9 +186,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": true } }, { @@ -199,9 +199,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": false } }, { @@ -210,9 +210,9 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": true } }, { @@ -223,9 +223,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": false } }, { @@ -234,9 +234,9 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": true } }, { @@ -247,9 +247,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": false } }, { @@ -260,9 +260,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -272,9 +272,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseDualStack": false, "UseFIPS": true, "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -284,9 +284,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseDualStack": true, "UseFIPS": false, "Region": "us-east-1", + "UseDualStack": true, "Endpoint": "https://example.com" } } diff --git a/models/apis/network-firewall/2020-11-12/api-2.json b/models/apis/network-firewall/2020-11-12/api-2.json index 85cd27cbfd2..77fd820a7ae 100644 --- a/models/apis/network-firewall/2020-11-12/api-2.json +++ b/models/apis/network-firewall/2020-11-12/api-2.json @@ -1248,7 +1248,8 @@ "type":"string", "enum":[ "DUALSTACK", - "IPV4" + "IPV4", + "IPV6" ] }, "IPSet":{ diff --git a/models/apis/network-firewall/2020-11-12/docs-2.json b/models/apis/network-firewall/2020-11-12/docs-2.json index 10c76cc973b..90e28bad2d9 100644 --- a/models/apis/network-firewall/2020-11-12/docs-2.json +++ b/models/apis/network-firewall/2020-11-12/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "This is the API Reference for Network Firewall. This guide is for developers who need detailed information about the Network Firewall API actions, data types, and errors.
The REST API requires you to handle connection details, such as calculating signatures, handling request retries, and error handling. For general information about using the Amazon Web Services REST APIs, see Amazon Web Services APIs.
To access Network Firewall using the REST API endpoint: https://network-firewall.<region>.amazonaws.com
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
For descriptions of Network Firewall features, including and step-by-step instructions on how to use them through the Network Firewall console, see the Network Firewall Developer Guide.
Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible with Suricata, a free, open source network analysis and threat detection engine. Network Firewall supports Suricata version 5.0.2. For information about Suricata, see the Suricata website.
You can use Network Firewall to monitor and protect your VPC traffic in a number of ways. The following are just a few examples:
Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and block all other forms of traffic.
Use custom lists of known bad domains to limit the types of domain names that your applications can access.
Perform deep packet inspection on traffic entering or leaving your VPC.
Use stateful protocol detection to filter protocols like HTTPS, regardless of the port used.
To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide.
To start using Network Firewall, do the following:
(Optional) If you don't already have a VPC that you want to protect, create it in Amazon VPC.
In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a subnet for the sole use of Network Firewall.
In Network Firewall, create stateless and stateful rule groups, to define the components of the network traffic filtering behavior that you want your firewall to have.
In Network Firewall, create a firewall policy that uses your rule groups and specifies additional default traffic filtering behavior.
In Network Firewall, create a firewall and specify your new firewall policy and VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you specify, with the behavior that's defined in the firewall policy.
In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall endpoints.
This is the API Reference for Network Firewall. This guide is for developers who need detailed information about the Network Firewall API actions, data types, and errors.
The REST API requires you to handle connection details, such as calculating signatures, handling request retries, and error handling. For general information about using the Amazon Web Services REST APIs, see Amazon Web Services APIs.
To access Network Firewall using the REST API endpoint: https://network-firewall.<region>.amazonaws.com
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
For descriptions of Network Firewall features, including and step-by-step instructions on how to use them through the Network Firewall console, see the Network Firewall Developer Guide.
Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible with Suricata, a free, open source network analysis and threat detection engine. Network Firewall supports Suricata version 6.0.9. For information about Suricata, see the Suricata website.
You can use Network Firewall to monitor and protect your VPC traffic in a number of ways. The following are just a few examples:
Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and block all other forms of traffic.
Use custom lists of known bad domains to limit the types of domain names that your applications can access.
Perform deep packet inspection on traffic entering or leaving your VPC.
Use stateful protocol detection to filter protocols like HTTPS, regardless of the port used.
To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide.
To start using Network Firewall, do the following:
(Optional) If you don't already have a VPC that you want to protect, create it in Amazon VPC.
In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a subnet for the sole use of Network Firewall.
In Network Firewall, create stateless and stateful rule groups, to define the components of the network traffic filtering behavior that you want your firewall to have.
In Network Firewall, create a firewall policy that uses your rule groups and specifies additional default traffic filtering behavior.
In Network Firewall, create a firewall and specify your new firewall policy and VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you specify, with the behavior that's defined in the firewall policy.
In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall endpoints.
Associates a FirewallPolicy to a Firewall.
A firewall policy defines how to monitor and manage your VPC network traffic, using a collection of inspection rule groups and other settings. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.
", "AssociateSubnets": "Associates the specified subnets in the Amazon VPC to the firewall. You can specify one subnet for each of the Availability Zones that the VPC spans.
This request creates an Network Firewall firewall endpoint in each of the subnets. To enable the firewall's protections, you must also modify the VPC's route tables for each subnet's Availability Zone, to redirect the traffic that's coming into and going out of the zone through the firewall endpoint.
", @@ -1256,7 +1256,7 @@ } }, "StatefulRule": { - "base": "A single Suricata rules specification, for use in a stateful rule group. Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.
A single Suricata rules specification, for use in a stateful rule group. Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.
An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.
An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.
Creates a service. A service is any software application that can run on instances containers, or serverless functions within an account or virtual private cloud (VPC).
For more information, see Services in the Amazon VPC Lattice User Guide.
", "CreateServiceNetwork": "Creates a service network. A service network is a logical boundary for a collection of services. You can associate services and VPCs with a service network.
For more information, see Service networks in the Amazon VPC Lattice User Guide.
", "CreateServiceNetworkServiceAssociation": "Associates a service with a service network.
You can't use this operation if the service and service network are already associated or if there is a disassociation or deletion in progress. If the association fails, you can retry the operation by deleting the association and recreating it.
You cannot associate a service and service network that are shared with a caller. The caller must own either the service or the service network.
As a result of this operation, the association is created in the service network account and the association owner account.
", - "CreateServiceNetworkVpcAssociation": "Associates a VPC with a service network. When you associate a VPC with the service network, it enables all the resources within that VPC to be clients and communicate with other services in the service network. For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.
You can't use this operation if there is a disassociation in progress. If the association fails, retry by deleting the association and recreating it.
As a result of this operation, the association gets created in the service network account and the VPC owner account.
Once a security group is added to the VPC association it cannot be removed. You can add or update the security groups being used for the VPC association once a security group is attached. To remove all security groups you must reassociate the VPC.
", + "CreateServiceNetworkVpcAssociation": "Associates a VPC with a service network. When you associate a VPC with the service network, it enables all the resources within that VPC to be clients and communicate with other services in the service network. For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.
You can't use this operation if there is a disassociation in progress. If the association fails, retry by deleting the association and recreating it.
As a result of this operation, the association gets created in the service network account and the VPC owner account.
If you add a security group to the service network and VPC association, the association must continue to always have at least one security group. You can add or edit security groups at any time. However, to remove all security groups, you must first delete the association and recreate it without security groups.
", "CreateTargetGroup": "Creates a target group. A target group is a collection of targets, or compute resources, that run your application or service. A target group can only be used by a single service.
For more information, see Target groups in the Amazon VPC Lattice User Guide.
", "DeleteAccessLogSubscription": "Deletes the specified access log subscription.
", - "DeleteAuthPolicy": "Deletes the specified auth policy. If an auth is set to Amazon Web Services_IAM and the auth policy is deleted, all requests will be denied by default. If you are trying to remove the auth policy completely, you must set the auth_type to NONE. If auth is enabled on the resource, but no auth policy is set, all requests will be denied.
Deletes the specified auth policy. If an auth is set to AWS_IAM and the auth policy is deleted, all requests will be denied by default. If you are trying to remove the auth policy completely, you must set the auth_type to NONE. If auth is enabled on the resource, but no auth policy is set, all requests will be denied.
Deletes the specified listener.
", "DeleteResourcePolicy": "Deletes the specified resource policy.
", "DeleteRule": "Deletes a listener rule. Each listener has a default rule for checking connection requests, but you can define additional rules. Each rule consists of a priority, one or more actions, and one or more conditions. You can delete additional listener rules, but you cannot delete the default rule.
For more information, see Listener rules in the Amazon VPC Lattice User Guide.
", @@ -25,7 +25,7 @@ "GetAccessLogSubscription": "Retrieves information about the specified access log subscription.
", "GetAuthPolicy": "Retrieves information about the auth policy for the specified service or service network.
", "GetListener": "Retrieves information about the specified listener for the specified service.
", - "GetResourcePolicy": "Retrieves information about the resource policy. The resource policy is an IAM policy created by AWS RAM on behalf of the resource owner when they share a resource.
", + "GetResourcePolicy": "Retrieves information about the resource policy. The resource policy is an IAM policy created on behalf of the resource owner when they share a resource.
", "GetRule": "Retrieves information about listener rules. You can also retrieve information about the default listener rule. For more information, see Listener rules in the Amazon VPC Lattice User Guide.
", "GetService": "Retrieves information about the specified service.
", "GetServiceNetwork": "Retrieves information about the specified service network.
", @@ -42,7 +42,7 @@ "ListTagsForResource": "Lists the tags for the specified resource.
", "ListTargetGroups": "Lists your target groups. You can narrow your search by using the filters below in your request.
", "ListTargets": "Lists the targets for the target group. By default, all targets are included. You can use this API to check the health status of targets. You can also filter the results by target.
", - "PutAuthPolicy": "Creates or updates the auth policy.
", + "PutAuthPolicy": "Creates or updates the auth policy. The policy string in JSON must not contain newlines or blank lines.
", "PutResourcePolicy": "Attaches a resource-based permission policy to a service or service network. The policy must contain the same actions and condition statements as the Amazon Web Services Resource Access Manager permission for sharing services and service networks.
", "RegisterTargets": "Registers the targets with the target group. If it's a Lambda target, you can only have one target in a target group.
", "TagResource": "Adds the specified tags to the specified resource.
", @@ -52,7 +52,7 @@ "UpdateRule": "Updates a rule for the listener. You can't modify a default listener rule. To modify a default listener rule, use UpdateListener.
Updates the specified service.
", "UpdateServiceNetwork": "Updates the specified service network.
", - "UpdateServiceNetworkVpcAssociation": "Updates the service network and VPC association. Once you add a security group, it cannot be removed.
", + "UpdateServiceNetworkVpcAssociation": "Updates the service network and VPC association. If you add a security group to the service network and VPC association, the association must continue to always have at least one security group. You can add or edit security groups at any time. However, to remove all security groups, you must first delete the association and recreate it without security groups.
", "UpdateTargetGroup": "Updates the specified target group.
" }, "shapes": { @@ -133,16 +133,16 @@ "AuthPolicyState": { "base": null, "refs": { - "GetAuthPolicyResponse$state": "The state of the auth policy. The auth policy is only active when the auth type is set to Amazon Web Services_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the auth type is NONE, then any auth policy you provide will remain inactive. For more information, see Create a service network in the Amazon VPC Lattice User Guide.
The state of the auth policy. The auth policy is only active when the auth type is set to Amazon Web Services_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the Auth type is NONE, then, any auth policy you provide will remain inactive. For more information, see Create a service network in the Amazon VPC Lattice User Guide.
The state of the auth policy. The auth policy is only active when the auth type is set to AWS_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the auth type is NONE, then any auth policy you provide will remain inactive. For more information, see Create a service network in the Amazon VPC Lattice User Guide.
The state of the auth policy. The auth policy is only active when the auth type is set to AWS_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the Auth type is NONE, then, any auth policy you provide will remain inactive. For more information, see Create a service network in the Amazon VPC Lattice User Guide.
The auth policy.
", - "PutAuthPolicyRequest$policy": "The auth policy.
", - "PutAuthPolicyResponse$policy": "The auth policy.
" + "PutAuthPolicyRequest$policy": "The auth policy. The policy string in JSON must not contain newlines or blank lines.
", + "PutAuthPolicyResponse$policy": "The auth policy. The policy string in JSON must not contain newlines or blank lines.
" } }, "AuthType": { @@ -926,8 +926,8 @@ "PolicyString": { "base": null, "refs": { - "GetResourcePolicyResponse$policy": "The Amazon Resource Name (ARN) of the service network or service.
", - "PutResourcePolicyRequest$policy": "An IAM policy.
" + "GetResourcePolicyResponse$policy": "An IAM policy.
", + "PutResourcePolicyRequest$policy": "An IAM policy. The policy string in JSON must not contain newlines or blank lines.
" } }, "Port": { @@ -988,7 +988,7 @@ "CreateAccessLogSubscriptionResponse$resourceArn": "The Amazon Resource Name (ARN) of the service network or service.
", "DeleteResourcePolicyRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource.
", "GetAccessLogSubscriptionResponse$resourceArn": "The Amazon Resource Name (ARN) of the service network or service.
", - "GetResourcePolicyRequest$resourceArn": "An IAM policy.
", + "GetResourcePolicyRequest$resourceArn": "The Amazon Resource Name (ARN) of the service network or service.
", "PutResourcePolicyRequest$resourceArn": "The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
", "UpdateAccessLogSubscriptionResponse$resourceArn": "The Amazon Resource Name (ARN) of the access log subscription.
" } @@ -1774,7 +1774,7 @@ "UpdateServiceNetworkVpcAssociationRequestSecurityGroupIdsList": { "base": null, "refs": { - "UpdateServiceNetworkVpcAssociationRequest$securityGroupIds": "The IDs of the security groups. Once you add a security group, it cannot be removed.
" + "UpdateServiceNetworkVpcAssociationRequest$securityGroupIds": "The IDs of the security groups.
" } }, "UpdateServiceNetworkVpcAssociationResponse": { diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index ec332785196..49f53b8f556 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -1821,7 +1821,9 @@ }, "arc-zonal-shift" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, + "ap-northeast-2" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, @@ -2787,13 +2789,16 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -7485,6 +7490,7 @@ "protocols" : [ "https" ] }, "endpoints" : { + "ap-south-1" : { }, "us-east-1" : { }, "us-east-2" : { }, "us-west-2" : { } @@ -12714,6 +12720,7 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, @@ -18858,6 +18865,19 @@ "deprecated" : true, "hostname" : "appstream2-fips.us-gov-west-1.amazonaws.com" }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "appstream2-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-east-1-fips" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "appstream2-fips.us-gov-east-1.amazonaws.com" + }, "us-gov-west-1" : { "variants" : [ { "hostname" : "appstream2-fips.us-gov-west-1.amazonaws.com", diff --git a/service/apprunner/api.go b/service/apprunner/api.go index 160e00d6ce1..0e0ef96a198 100644 --- a/service/apprunner/api.go +++ b/service/apprunner/api.go @@ -7274,7 +7274,7 @@ type InstanceConfiguration struct { // The number of CPU units reserved for each instance of your App Runner service. // // Default: 1 vCPU - Cpu *string `min:"4" type:"string"` + Cpu *string `min:"3" type:"string"` // The Amazon Resource Name (ARN) of an IAM role that provides permissions to // your App Runner service. These are permissions that your code needs when @@ -7285,7 +7285,7 @@ type InstanceConfiguration struct { // Runner service. // // Default: 2 GB - Memory *string `min:"4" type:"string"` + Memory *string `min:"3" type:"string"` } // String returns the string representation. @@ -7309,14 +7309,14 @@ func (s InstanceConfiguration) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *InstanceConfiguration) Validate() error { invalidParams := request.ErrInvalidParams{Context: "InstanceConfiguration"} - if s.Cpu != nil && len(*s.Cpu) < 4 { - invalidParams.Add(request.NewErrParamMinLen("Cpu", 4)) + if s.Cpu != nil && len(*s.Cpu) < 3 { + invalidParams.Add(request.NewErrParamMinLen("Cpu", 3)) } if s.InstanceRoleArn != nil && len(*s.InstanceRoleArn) < 29 { invalidParams.Add(request.NewErrParamMinLen("InstanceRoleArn", 29)) } - if s.Memory != nil && len(*s.Memory) < 4 { - invalidParams.Add(request.NewErrParamMinLen("Memory", 4)) + if s.Memory != nil && len(*s.Memory) < 3 { + invalidParams.Add(request.NewErrParamMinLen("Memory", 3)) } if invalidParams.Len() > 0 { diff --git a/service/configservice/api.go b/service/configservice/api.go index 411eaa3a75c..a619a0ef665 100644 --- a/service/configservice/api.go +++ b/service/configservice/api.go @@ -29563,7 +29563,7 @@ type RemediationConfiguration struct { // throwing an exception. RetryAttemptSeconds *int64 `min:"1" type:"long"` - // Target ID is the name of the public document. + // Target ID is the name of the SSM document. // // TargetId is a required field TargetId *string `min:"1" type:"string" required:"true"` @@ -34305,6 +34305,75 @@ const ( // ResourceTypeAwsMediaPackagePackagingConfiguration is a ResourceType enum value ResourceTypeAwsMediaPackagePackagingConfiguration = "AWS::MediaPackage::PackagingConfiguration" + + // ResourceTypeAwsKinesisVideoSignalingChannel is a ResourceType enum value + ResourceTypeAwsKinesisVideoSignalingChannel = "AWS::KinesisVideo::SignalingChannel" + + // ResourceTypeAwsAppStreamDirectoryConfig is a ResourceType enum value + ResourceTypeAwsAppStreamDirectoryConfig = "AWS::AppStream::DirectoryConfig" + + // ResourceTypeAwsLookoutVisionProject is a ResourceType enum value + ResourceTypeAwsLookoutVisionProject = "AWS::LookoutVision::Project" + + // ResourceTypeAwsRoute53recoveryControlCluster is a ResourceType enum value + ResourceTypeAwsRoute53recoveryControlCluster = "AWS::Route53RecoveryControl::Cluster" + + // ResourceTypeAwsRoute53recoveryControlSafetyRule is a ResourceType enum value + ResourceTypeAwsRoute53recoveryControlSafetyRule = "AWS::Route53RecoveryControl::SafetyRule" + + // ResourceTypeAwsRoute53recoveryControlControlPanel is a ResourceType enum value + ResourceTypeAwsRoute53recoveryControlControlPanel = "AWS::Route53RecoveryControl::ControlPanel" + + // ResourceTypeAwsRoute53recoveryControlRoutingControl is a ResourceType enum value + ResourceTypeAwsRoute53recoveryControlRoutingControl = "AWS::Route53RecoveryControl::RoutingControl" + + // ResourceTypeAwsRoute53recoveryReadinessResourceSet is a ResourceType enum value + ResourceTypeAwsRoute53recoveryReadinessResourceSet = "AWS::Route53RecoveryReadiness::ResourceSet" + + // ResourceTypeAwsRoboMakerSimulationApplication is a ResourceType enum value + ResourceTypeAwsRoboMakerSimulationApplication = "AWS::RoboMaker::SimulationApplication" + + // ResourceTypeAwsRoboMakerRobotApplication is a ResourceType enum value + ResourceTypeAwsRoboMakerRobotApplication = "AWS::RoboMaker::RobotApplication" + + // ResourceTypeAwsHealthLakeFhirdatastore is a ResourceType enum value + ResourceTypeAwsHealthLakeFhirdatastore = "AWS::HealthLake::FHIRDatastore" + + // ResourceTypeAwsPinpointSegment is a ResourceType enum value + ResourceTypeAwsPinpointSegment = "AWS::Pinpoint::Segment" + + // ResourceTypeAwsPinpointApplicationSettings is a ResourceType enum value + ResourceTypeAwsPinpointApplicationSettings = "AWS::Pinpoint::ApplicationSettings" + + // ResourceTypeAwsEventsRule is a ResourceType enum value + ResourceTypeAwsEventsRule = "AWS::Events::Rule" + + // ResourceTypeAwsEc2Dhcpoptions is a ResourceType enum value + ResourceTypeAwsEc2Dhcpoptions = "AWS::EC2::DHCPOptions" + + // ResourceTypeAwsEc2NetworkInsightsPath is a ResourceType enum value + ResourceTypeAwsEc2NetworkInsightsPath = "AWS::EC2::NetworkInsightsPath" + + // ResourceTypeAwsEc2TrafficMirrorFilter is a ResourceType enum value + ResourceTypeAwsEc2TrafficMirrorFilter = "AWS::EC2::TrafficMirrorFilter" + + // ResourceTypeAwsEc2Ipam is a ResourceType enum value + ResourceTypeAwsEc2Ipam = "AWS::EC2::IPAM" + + // ResourceTypeAwsIoTtwinMakerScene is a ResourceType enum value + ResourceTypeAwsIoTtwinMakerScene = "AWS::IoTTwinMaker::Scene" + + // ResourceTypeAwsNetworkManagerTransitGatewayRegistration is a ResourceType enum value + ResourceTypeAwsNetworkManagerTransitGatewayRegistration = "AWS::NetworkManager::TransitGatewayRegistration" + + // ResourceTypeAwsCustomerProfilesDomain is a ResourceType enum value + ResourceTypeAwsCustomerProfilesDomain = "AWS::CustomerProfiles::Domain" + + // ResourceTypeAwsAutoScalingWarmPool is a ResourceType enum value + ResourceTypeAwsAutoScalingWarmPool = "AWS::AutoScaling::WarmPool" + + // ResourceTypeAwsConnectPhoneNumber is a ResourceType enum value + ResourceTypeAwsConnectPhoneNumber = "AWS::Connect::PhoneNumber" ) // ResourceType_Values returns all elements of the ResourceType enum @@ -34561,6 +34630,29 @@ func ResourceType_Values() []string { ResourceTypeAwsEventsConnection, ResourceTypeAwsEventSchemasSchema, ResourceTypeAwsMediaPackagePackagingConfiguration, + ResourceTypeAwsKinesisVideoSignalingChannel, + ResourceTypeAwsAppStreamDirectoryConfig, + ResourceTypeAwsLookoutVisionProject, + ResourceTypeAwsRoute53recoveryControlCluster, + ResourceTypeAwsRoute53recoveryControlSafetyRule, + ResourceTypeAwsRoute53recoveryControlControlPanel, + ResourceTypeAwsRoute53recoveryControlRoutingControl, + ResourceTypeAwsRoute53recoveryReadinessResourceSet, + ResourceTypeAwsRoboMakerSimulationApplication, + ResourceTypeAwsRoboMakerRobotApplication, + ResourceTypeAwsHealthLakeFhirdatastore, + ResourceTypeAwsPinpointSegment, + ResourceTypeAwsPinpointApplicationSettings, + ResourceTypeAwsEventsRule, + ResourceTypeAwsEc2Dhcpoptions, + ResourceTypeAwsEc2NetworkInsightsPath, + ResourceTypeAwsEc2TrafficMirrorFilter, + ResourceTypeAwsEc2Ipam, + ResourceTypeAwsIoTtwinMakerScene, + ResourceTypeAwsNetworkManagerTransitGatewayRegistration, + ResourceTypeAwsCustomerProfilesDomain, + ResourceTypeAwsAutoScalingWarmPool, + ResourceTypeAwsConnectPhoneNumber, } } diff --git a/service/ecs/api.go b/service/ecs/api.go index b52c92aa9b5..8a049ae0af5 100644 --- a/service/ecs/api.go +++ b/service/ecs/api.go @@ -266,6 +266,14 @@ func (c *ECS) CreateServiceRequest(input *CreateServiceInput) (req *request.Requ // Amazon ECS runs another copy of the task in the specified cluster. To update // an existing service, see the UpdateService action. // +// Starting April 15, 2023, Amazon Web Services will not onboard new customers +// to Amazon Elastic Inference (EI), and will help current customers migrate +// their workloads to options that offer better price and performance. After +// April 15, 2023, new customers will not be able to launch instances with Amazon +// EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, +// customers who have used Amazon EI at least once during the past 30-day period +// are considered current customers and will be able to continue using the service. +// // In addition to maintaining the desired count of tasks in your service, you // can optionally run your service behind one or more load balancers. The load // balancers distribute traffic across the tasks that are associated with the @@ -4594,6 +4602,14 @@ func (c *ECS) RunTaskRequest(input *RunTaskInput) (req *request.Request, output // Alternatively, you can use StartTask to use your own scheduler or place tasks // manually on specific container instances. // +// Starting April 15, 2023, Amazon Web Services will not onboard new customers +// to Amazon Elastic Inference (EI), and will help current customers migrate +// their workloads to options that offer better price and performance. After +// April 15, 2023, new customers will not be able to launch instances with Amazon +// EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, +// customers who have used Amazon EI at least once during the past 30-day period +// are considered current customers and will be able to continue using the service. +// // The Amazon ECS API follows an eventual consistency model. This is because // of the distributed nature of the system supporting the API. This means that // the result of an API command you run that affects your Amazon ECS resources @@ -4726,6 +4742,14 @@ func (c *ECS) StartTaskRequest(input *StartTaskInput) (req *request.Request, out // Starts a new task from the specified task definition on the specified container // instance or instances. // +// Starting April 15, 2023, Amazon Web Services will not onboard new customers +// to Amazon Elastic Inference (EI), and will help current customers migrate +// their workloads to options that offer better price and performance. After +// April 15, 2023, new customers will not be able to launch instances with Amazon +// EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, +// customers who have used Amazon EI at least once during the past 30-day period +// are considered current customers and will be able to continue using the service. +// // Alternatively, you can use RunTask to place tasks for you. For more information, // see Scheduling Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/scheduling_tasks.html) // in the Amazon Elastic Container Service Developer Guide. @@ -10439,7 +10463,8 @@ type CreateServiceInput struct { // Specifies whether to propagate the tags from the task definition to the task. // If no value is specified, the tags aren't propagated. Tags can only be propagated // to the task during task creation. To add tags to a task after task creation, - // use the TagResource API action. + // use the TagResource (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) + // API action. PropagateTags *string `locationName:"propagateTags" type:"string" enum:"PropagateTags"` // The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon @@ -14593,7 +14618,8 @@ func (s *GetTaskProtectionOutput) SetProtectedTasks(v []*ProtectedTask) *GetTask // An object representing a container health check. Health check parameters // that are specified in a container definition override any Docker health checks // that exist in the container image (such as those specified in a parent image -// or from the image's Dockerfile). +// or from the image's Dockerfile). This configuration maps to the HEALTHCHECK +// parameter of docker run (https://docs.docker.com/engine/reference/run/). // // The Amazon ECS container agent only monitors and reports on the health checks // specified in the task definition. Amazon ECS does not monitor Docker health @@ -14614,8 +14640,8 @@ func (s *GetTaskProtectionOutput) SetProtectedTasks(v []*ProtectedTask) *GetTask // container health check defined. // // The following describes the possible healthStatus values for a task. The -// container health check status of nonessential containers only affects the -// health status of a task if no essential containers have health checks defined. +// container health check status of non-essential containers don't have an effect +// on the health status of a task. // // - HEALTHY-All essential containers within the task have passed their health // checks. @@ -14624,21 +14650,14 @@ func (s *GetTaskProtectionOutput) SetProtectedTasks(v []*ProtectedTask) *GetTask // check. // // - UNKNOWN-The essential containers within the task are still having their -// health checks evaluated or there are only nonessential containers with -// health checks defined. +// health checks evaluated, there are only nonessential containers with health +// checks defined, or there are no container health checks defined. // // If a task is run manually, and not as part of a service, the task will continue // its lifecycle regardless of its health status. For tasks that are part of // a service, if the task reports as unhealthy then the task will be stopped // and the service scheduler will replace it. // -// For tasks that are a part of a service and the service uses the ECS rolling -// deployment type, the deployment is paused while the new tasks have the UNKNOWN -// task health check status. For example, tasks that define health checks for -// nonessential containers when no essential containers have health checks will -// have the UNKNOWN health check status indefinitely which prevents the deployment -// from completing. -// // The following are notes about container health check support: // // - Container health checks require version 1.17.0 or greater of the Amazon @@ -14873,7 +14892,7 @@ type InferenceAccelerator struct { _ struct{} `type:"structure"` // The Elastic Inference accelerator device name. The deviceName must also be - // referenced in a container definition as a ResourceRequirement. + // referenced in a container definition as a ResourceRequirement (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html). // // DeviceName is a required field DeviceName *string `locationName:"deviceName" type:"string" required:"true"` @@ -15283,7 +15302,8 @@ func (s *LimitExceededException) RequestID() string { return s.RespMetadata.RequestID } -// Linux-specific options that are applied to the container, such as Linux KernelCapabilities. +// The Linux-specific options that are applied to the container, such as Linux +// KernelCapabilities (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). type LinuxParameters struct { _ struct{} `type:"structure"` @@ -16726,9 +16746,6 @@ func (s *ListTasksOutput) SetTaskArns(v []*string) *ListTasksOutput { // The load balancer configuration to use with a service or task set. // -// For specific notes and restrictions regarding the use of load balancers with -// services and task sets, see the CreateService and CreateTaskSet actions. -// // When you add, update, or remove a load balancer configuration, Amazon ECS // starts a new deployment with the updated Elastic Load Balancing configuration. // This causes tasks to register to and deregister from load balancers. @@ -17147,9 +17164,12 @@ type ManagedScaling struct { // Determines whether to use managed scaling for the capacity provider. Status *string `locationName:"status" type:"string" enum:"ManagedScalingStatus"` - // The target capacity value for the capacity provider. The specified value - // must be greater than 0 and less than or equal to 100. A value of 100 results - // in the Amazon EC2 instances in your Auto Scaling group being completely used. + // The target capacity utilization as a percentage for the capacity provider. + // The specified value must be greater than 0 and less than or equal to 100. + // For example, if you want the capacity provider to maintain 10% spare capacity, + // then that means the utilization is 90%, so use a targetCapacity of 90. The + // default value of 100 percent results in the Amazon EC2 instances in your + // Auto Scaling group being completely used. TargetCapacity *int64 `locationName:"targetCapacity" min:"1" type:"integer"` } @@ -17287,7 +17307,7 @@ func (s *MissingVersionException) RequestID() string { return s.RespMetadata.RequestID } -// Details for a volume mount point that's used in a container definition. +// The details for a volume mount point that's used in a container definition. type MountPoint struct { _ struct{} `type:"structure"` @@ -18119,6 +18139,7 @@ type PortMapping struct { // was previously specified in a running task is also reserved while the task // is running. That is, after a task stops, the host port is released. The current // reserved ports are displayed in the remainingResources of DescribeContainerInstances + // (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html) // output. A container instance can have up to 100 reserved ports at a time. // This number includes the default reserved ports. Automatically assigned ports // aren't included in the 100 reserved ports quota. @@ -19776,7 +19797,7 @@ func (s *ResourceNotFoundException) RequestID() string { // The type and amount of a resource to assign to a container. The supported // resource types are GPUs and Elastic Inference accelerators. For more information, // see Working with GPUs on Amazon ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html) -// or Working with Amazon Elastic Inference on Amazon ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) +// or Working with Amazon Elastic Inference on Amazon ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/url-ecs-dev;ecs-inference.html) // in the Amazon Elastic Container Service Developer Guide type ResourceRequirement struct { _ struct{} `type:"structure"` @@ -19795,7 +19816,8 @@ type ResourceRequirement struct { // GPUs on the container instance that the task is launched on. // // If the InferenceAccelerator type is used, the value matches the deviceName - // for an InferenceAccelerator specified in a task definition. + // for an InferenceAccelerator (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html) + // specified in a task definition. // // Value is a required field Value *string `locationName:"value" type:"string" required:"true"` @@ -20466,7 +20488,7 @@ func (s *ServerException) RequestID() string { return s.RespMetadata.RequestID } -// Details on a service within a cluster +// Details on a service within a cluster. type Service struct { _ struct{} `type:"structure"` @@ -21106,9 +21128,8 @@ type ServiceConnectService struct { // lowercase letters, numbers, underscores (_), and hyphens (-). The name can't // start with a hyphen. // - // If this parameter isn't specified, the default value of discoveryName.namespace - // is used. If the discoveryName isn't specified, the port mapping name from - // the task definition is used in portName.namespace. + // If the discoveryName isn't specified, the port mapping name from the task + // definition is used in portName.namespace. DiscoveryName *string `locationName:"discoveryName" type:"string"` // The port number for the Service Connect proxy to listen on. @@ -21222,9 +21243,8 @@ type ServiceConnectServiceResource struct { // lowercase letters, numbers, underscores (_), and hyphens (-). The name can't // start with a hyphen. // - // If this parameter isn't specified, the default value of discoveryName.namespace - // is used. If the discoveryName isn't specified, the port mapping name from - // the task definition is used in portName.namespace. + // If the discoveryName isn't specified, the port mapping name from the task + // definition is used in portName.namespace. DiscoveryName *string `locationName:"discoveryName" type:"string"` } @@ -23500,9 +23520,9 @@ type TaskDefinition struct { // This parameter isn't supported for tasks run on Fargate. RequiresAttributes []*Attribute `locationName:"requiresAttributes" type:"list"` - // The task launch types the task definition was validated against. To determine - // which task launch types the task definition is validated for, see the TaskDefinition$compatibilities - // parameter. + // The task launch types the task definition was validated against. For more + // information, see Amazon ECS launch types (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) + // in the Amazon Elastic Container Service Developer Guide. RequiresCompatibilities []*string `locationName:"requiresCompatibilities" type:"list" enum:"Compatibility"` // The revision of the task in a particular family. The revision is a version diff --git a/service/identitystore/api.go b/service/identitystore/api.go index ec210feb413..6caa1016d3b 100644 --- a/service/identitystore/api.go +++ b/service/identitystore/api.go @@ -268,7 +268,7 @@ func (c *IdentityStore) CreateUserRequest(input *CreateUserInput) (req *request. // CreateUser API operation for AWS SSO Identity Store. // -// Creates a new user within the specified identity store. +// Creates a user within the specified identity store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2346,8 +2346,7 @@ func (s *Address) SetType(v string) *Address { // A unique identifier for a user or group that is not the primary identifier. // This value can be an identifier from an external identity provider (IdP) -// that is associated with the user, the group, or a unique attribute. For example, -// a unique GroupDisplayName. +// that is associated with the user, the group, or a unique attribute. type AlternateIdentifier struct { _ struct{} `type:"structure"` @@ -2541,7 +2540,8 @@ type CreateGroupInput struct { Description *string `min:"1" type:"string" sensitive:"true"` // A string containing the name of the group. This value is commonly displayed - // when the group is referenced. + // when the group is referenced. "Administrator" and "AWSAdministrators" are + // reserved names and can't be used for users or groups. // // DisplayName is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateGroupInput's @@ -2793,8 +2793,8 @@ type CreateUserInput struct { // A list of Address objects containing addresses associated with the user. Addresses []*Address `min:"1" type:"list"` - // A string containing the user's name. This value is typically formatted for - // display when the user is referenced. For example, "John Doe." + // A string containing the name of the user. This value is typically formatted + // for display when the user is referenced. For example, "John Doe." // // DisplayName is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateUserInput's @@ -2809,14 +2809,14 @@ type CreateUserInput struct { // IdentityStoreId is a required field IdentityStoreId *string `min:"1" type:"string" required:"true"` - // A string containing the user's geographical region or location. + // A string containing the geographical region or location of the user. // // Locale is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateUserInput's // String and GoString methods. Locale *string `min:"1" type:"string" sensitive:"true"` - // An object containing the user's name. + // An object containing the name of the user. Name *Name `type:"structure"` // A string containing an alternate name for the user. @@ -2838,22 +2838,22 @@ type CreateUserInput struct { // String and GoString methods. PreferredLanguage *string `min:"1" type:"string" sensitive:"true"` - // A string containing a URL that may be associated with the user. + // A string containing a URL that might be associated with the user. // // ProfileUrl is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateUserInput's // String and GoString methods. ProfileUrl *string `min:"1" type:"string" sensitive:"true"` - // A string containing the user's time zone. + // A string containing the time zone of the user. // // Timezone is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateUserInput's // String and GoString methods. Timezone *string `min:"1" type:"string" sensitive:"true"` - // A string containing the user's title. Possible values are left unspecified - // given that they depend on each customer's specific needs. + // A string containing the title of the user. Possible values are left unspecified. + // The value can vary based on your specific use case. // // Title is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateUserInput's @@ -2863,15 +2863,17 @@ type CreateUserInput struct { // A unique string used to identify the user. The length limit is 128 characters. // This value can consist of letters, accented characters, symbols, numbers, // and punctuation. This value is specified at the time the user is created - // and stored as an attribute of the user object in the identity store. + // and stored as an attribute of the user object in the identity store. "Administrator" + // and "AWSAdministrators" are reserved names and can't be used for users or + // groups. // // UserName is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateUserInput's // String and GoString methods. UserName *string `min:"1" type:"string" sensitive:"true"` - // A string indicating the user's type. Possible values depend on each customer's - // specific needs, so they are left unspecified. + // A string indicating the type of user. Possible values are left unspecified. + // The value can vary based on your specific use case. // // UserType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateUserInput's @@ -3733,17 +3735,17 @@ func (s *DescribeUserInput) SetUserId(v string) *DescribeUserInput { type DescribeUserOutput struct { _ struct{} `type:"structure"` - // The user's physical address. + // The physical address of the user. Addresses []*Address `min:"1" type:"list"` - // The user's name value for display. + // The display name of the user. // // DisplayName is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DescribeUserOutput's // String and GoString methods. DisplayName *string `min:"1" type:"string" sensitive:"true"` - // The user's email value. + // The email address of the user. Emails []*Email `min:"1" type:"list"` // A list of ExternalId objects that contains the identifiers issued to this @@ -3755,7 +3757,7 @@ type DescribeUserOutput struct { // IdentityStoreId is a required field IdentityStoreId *string `min:"1" type:"string" required:"true"` - // A string containing the user's geographical region or location. + // A string containing the geographical region or location of the user. // // Locale is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DescribeUserOutput's @@ -3796,7 +3798,7 @@ type DescribeUserOutput struct { // String and GoString methods. Timezone *string `min:"1" type:"string" sensitive:"true"` - // A string containing the user's title. + // A string containing the title of the user. // // Title is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DescribeUserOutput's @@ -3818,7 +3820,7 @@ type DescribeUserOutput struct { // String and GoString methods. UserName *string `min:"1" type:"string" sensitive:"true"` - // A string indicating the user's type. + // A string indicating the type of user. // // UserType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DescribeUserOutput's @@ -4175,8 +4177,8 @@ type GetGroupIdInput struct { // A unique identifier for a user or group that is not the primary identifier. // This value can be an identifier from an external identity provider (IdP) - // that is associated with the user, the group, or a unique attribute. For example, - // a unique GroupDisplayName. + // that is associated with the user, the group, or a unique attribute. For the + // unique attribute, the only valid path is displayName. // // AlternateIdentifier is a required field AlternateIdentifier *AlternateIdentifier `type:"structure" required:"true"` @@ -4421,8 +4423,8 @@ type GetUserIdInput struct { // A unique identifier for a user or group that is not the primary identifier. // This value can be an identifier from an external identity provider (IdP) - // that is associated with the user, the group, or a unique attribute. For example, - // a unique UserDisplayName. + // that is associated with the user, the group, or a unique attribute. For the + // unique attribute, the only valid paths are userName and emails.value. // // AlternateIdentifier is a required field AlternateIdentifier *AlternateIdentifier `type:"structure" required:"true"` @@ -4531,7 +4533,8 @@ func (s *GetUserIdOutput) SetUserId(v string) *GetUserIdOutput { return s } -// A group object that contains a specified group’s metadata and attributes. +// A group object that contains the metadata and attributes for a specified +// group. type Group struct { _ struct{} `type:"structure"` @@ -4542,11 +4545,11 @@ type Group struct { // String and GoString methods. Description *string `min:"1" type:"string" sensitive:"true"` - // The group’s display name value. The length limit is 1,024 characters. This - // value can consist of letters, accented characters, symbols, numbers, punctuation, - // tab, new line, carriage return, space, and nonbreaking space in this attribute. - // This value is specified at the time the group is created and stored as an - // attribute of the group object in the identity store. + // The display name value for the group. The length limit is 1,024 characters. + // This value can consist of letters, accented characters, symbols, numbers, + // punctuation, tab, new line, carriage return, space, and nonbreaking space + // in this attribute. This value is specified at the time the group is created + // and stored as an attribute of the group object in the identity store. // // DisplayName is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by Group's @@ -4749,8 +4752,7 @@ type InternalServerException struct { // then returned inside the exception if the request fails. RequestId *string `min:"1" type:"string"` - // The number of seconds that you would like to wait before retrying the next - // request. + // The number of seconds to wait before retrying the next request. RetryAfterSeconds *int64 `type:"integer"` } @@ -5932,8 +5934,7 @@ type ThrottlingException struct { // then returned inside the exception if the request fails. RequestId *string `min:"1" type:"string"` - // The number of seconds that you would like to wait before retrying the next - // request. + // The number of seconds to wait before retrying the next request. RetryAfterSeconds *int64 `type:"integer"` } @@ -6225,15 +6226,15 @@ func (s UpdateUserOutput) GoString() string { return s.String() } -// A user object that contains a specified user’s metadata and attributes. +// A user object that contains the metadata and attributes for a specified user. type User struct { _ struct{} `type:"structure"` // A list of Address objects containing addresses associated with the user. Addresses []*Address `min:"1" type:"list"` - // A string containing the user's name that's formatted for display when the - // user is referenced. For example, "John Doe." + // A string containing the name of the user that is formatted for display when + // the user is referenced. For example, "John Doe." // // DisplayName is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by User's @@ -6252,14 +6253,14 @@ type User struct { // IdentityStoreId is a required field IdentityStoreId *string `min:"1" type:"string" required:"true"` - // A string containing the user's geographical region or location. + // A string containing the geographical region or location of the user. // // Locale is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by User's // String and GoString methods. Locale *string `min:"1" type:"string" sensitive:"true"` - // An object containing the user's name. + // An object containing the name of the user. Name *Name `type:"structure"` // A string containing an alternate name for the user. @@ -6281,22 +6282,22 @@ type User struct { // String and GoString methods. PreferredLanguage *string `min:"1" type:"string" sensitive:"true"` - // A string containing a URL that may be associated with the user. + // A string containing a URL that might be associated with the user. // // ProfileUrl is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by User's // String and GoString methods. ProfileUrl *string `min:"1" type:"string" sensitive:"true"` - // A string containing the user's time zone. + // A string containing the time zone of the user. // // Timezone is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by User's // String and GoString methods. Timezone *string `min:"1" type:"string" sensitive:"true"` - // A string containing the user's title. Possible values depend on each customer's - // specific needs, so they are left unspecified. + // A string containing the title of the user. Possible values are left unspecified. + // The value can vary based on your specific use case. // // Title is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by User's @@ -6318,8 +6319,8 @@ type User struct { // String and GoString methods. UserName *string `min:"1" type:"string" sensitive:"true"` - // A string indicating the user's type. Possible values depend on each customer's - // specific needs, so they are left unspecified. + // A string indicating the type of user. Possible values are left unspecified. + // The value can vary based on your specific use case. // // UserType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by User's diff --git a/service/identitystore/doc.go b/service/identitystore/doc.go index 31313b236c5..5b4710740bd 100644 --- a/service/identitystore/doc.go +++ b/service/identitystore/doc.go @@ -14,7 +14,7 @@ // see IAM // Identity Center rename.This reference guide describes // the identity store operations that you can call programatically and includes -// detailed information on data types and errors.
+// detailed information about data types and errors. // // See https://docs.aws.amazon.com/goto/WebAPI/identitystore-2020-06-15 for more information on this service. // diff --git a/service/ivsrealtime/api.go b/service/ivsrealtime/api.go index a3519fd091d..7277d998a4b 100644 --- a/service/ivsrealtime/api.go +++ b/service/ivsrealtime/api.go @@ -1796,13 +1796,17 @@ type ParticipantToken struct { Duration *int64 `locationName:"duration" min:"1" type:"integer"` // ISO 8601 timestamp (returned as a string) for when this token expires. - ExpirationTime *time.Time `locationName:"expirationTime" type:"timestamp"` + ExpirationTime *time.Time `locationName:"expirationTime" type:"timestamp" timestampFormat:"iso8601"` // Unique identifier for this participant token, assigned by IVS. ParticipantId *string `locationName:"participantId" type:"string"` // The issued client token, encrypted. - Token *string `locationName:"token" type:"string"` + // + // Token is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ParticipantToken's + // String and GoString methods. + Token *string `locationName:"token" type:"string" sensitive:"true"` // Name to help identify the token. This can be any UTF-8 encoded text. This // field is exposed to all stage participants and should not be used for personally diff --git a/service/networkfirewall/api.go b/service/networkfirewall/api.go index 7199c5e336e..2bf3f66dc7f 100644 --- a/service/networkfirewall/api.go +++ b/service/networkfirewall/api.go @@ -10883,7 +10883,7 @@ type RulesSource struct { // An array of individual stateful rules inspection criteria to be used together // in a stateful rule group. Use this option to specify simple Suricata rules // with protocol, source and destination, ports, direction, and rule options. - // For information about the Suricata Rules format, see Rules Format (https://suricata.readthedocs.io/rules/intro.html#). + // For information about the Suricata Rules format, see Rules Format (https://suricata.readthedocs.iorules/intro.html#). StatefulRules []*StatefulRule `type:"list"` // Stateless inspection criteria to be used in a stateless rule group. @@ -11453,7 +11453,7 @@ func (s *StatefulEngineOptions) SetStreamExceptionPolicy(v string) *StatefulEngi // A single Suricata rules specification, for use in a stateful rule group. // Use this option to specify a simple Suricata rule with protocol, source and // destination, ports, direction, and rule options. For information about the -// Suricata Rules format, see Rules Format (https://suricata.readthedocs.io/rules/intro.html#). +// Suricata Rules format, see Rules Format (https://suricata.readthedocs.iorules/intro.html#). type StatefulRule struct { _ struct{} `type:"structure"` @@ -14594,6 +14594,9 @@ const ( // IPAddressTypeIpv4 is a IPAddressType enum value IPAddressTypeIpv4 = "IPV4" + + // IPAddressTypeIpv6 is a IPAddressType enum value + IPAddressTypeIpv6 = "IPV6" ) // IPAddressType_Values returns all elements of the IPAddressType enum @@ -14601,6 +14604,7 @@ func IPAddressType_Values() []string { return []string{ IPAddressTypeDualstack, IPAddressTypeIpv4, + IPAddressTypeIpv6, } } diff --git a/service/networkfirewall/doc.go b/service/networkfirewall/doc.go index 4791e1e2220..506eeafb020 100644 --- a/service/networkfirewall/doc.go +++ b/service/networkfirewall/doc.go @@ -27,7 +27,7 @@ // includes filtering traffic going to and coming from an internet gateway, // NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that // are compatible with Suricata, a free, open source network analysis and threat -// detection engine. Network Firewall supports Suricata version 5.0.2. For information +// detection engine. Network Firewall supports Suricata version 6.0.9. For information // about Suricata, see the Suricata website (https://suricata.io/). // // You can use Network Firewall to monitor and protect your VPC traffic in a diff --git a/service/servicecatalog/api.go b/service/servicecatalog/api.go index 497754f6fbb..2412142205e 100644 --- a/service/servicecatalog/api.go +++ b/service/servicecatalog/api.go @@ -25717,9 +25717,6 @@ const ( // ProductTypeMarketplace is a ProductType enum value ProductTypeMarketplace = "MARKETPLACE" - // ProductTypeDefaultCustom is a ProductType enum value - ProductTypeDefaultCustom = "DEFAULT_CUSTOM" - // ProductTypeTerraformOpenSource is a ProductType enum value ProductTypeTerraformOpenSource = "TERRAFORM_OPEN_SOURCE" ) @@ -25729,7 +25726,6 @@ func ProductType_Values() []string { return []string{ ProductTypeCloudFormationTemplate, ProductTypeMarketplace, - ProductTypeDefaultCustom, ProductTypeTerraformOpenSource, } } @@ -25916,9 +25912,6 @@ const ( // ProvisioningArtifactTypeMarketplaceCar is a ProvisioningArtifactType enum value ProvisioningArtifactTypeMarketplaceCar = "MARKETPLACE_CAR" - // ProvisioningArtifactTypeDefaultCustom is a ProvisioningArtifactType enum value - ProvisioningArtifactTypeDefaultCustom = "DEFAULT_CUSTOM" - // ProvisioningArtifactTypeTerraformOpenSource is a ProvisioningArtifactType enum value ProvisioningArtifactTypeTerraformOpenSource = "TERRAFORM_OPEN_SOURCE" ) @@ -25929,7 +25922,6 @@ func ProvisioningArtifactType_Values() []string { ProvisioningArtifactTypeCloudFormationTemplate, ProvisioningArtifactTypeMarketplaceAmi, ProvisioningArtifactTypeMarketplaceCar, - ProvisioningArtifactTypeDefaultCustom, ProvisioningArtifactTypeTerraformOpenSource, } } diff --git a/service/vpclattice/api.go b/service/vpclattice/api.go index 426f80f4db0..bb53f79caec 100644 --- a/service/vpclattice/api.go +++ b/service/vpclattice/api.go @@ -789,10 +789,11 @@ func (c *VPCLattice) CreateServiceNetworkVpcAssociationRequest(input *CreateServ // As a result of this operation, the association gets created in the service // network account and the VPC owner account. // -// Once a security group is added to the VPC association it cannot be removed. -// You can add or update the security groups being used for the VPC association -// once a security group is attached. To remove all security groups you must -// reassociate the VPC. +// If you add a security group to the service network and VPC association, the +// association must continue to always have at least one security group. You +// can add or edit security groups at any time. However, to remove all security +// groups, you must first delete the association and recreate it without security +// groups. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1089,11 +1090,11 @@ func (c *VPCLattice) DeleteAuthPolicyRequest(input *DeleteAuthPolicyInput) (req // DeleteAuthPolicy API operation for Amazon VPC Lattice. // -// Deletes the specified auth policy. If an auth is set to Amazon Web Services_IAM -// and the auth policy is deleted, all requests will be denied by default. If -// you are trying to remove the auth policy completely, you must set the auth_type -// to NONE. If auth is enabled on the resource, but no auth policy is set, all -// requests will be denied. +// Deletes the specified auth policy. If an auth is set to AWS_IAM and the auth +// policy is deleted, all requests will be denied by default. If you are trying +// to remove the auth policy completely, you must set the auth_type to NONE. +// If auth is enabled on the resource, but no auth policy is set, all requests +// will be denied. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2343,8 +2344,7 @@ func (c *VPCLattice) GetResourcePolicyRequest(input *GetResourcePolicyInput) (re // GetResourcePolicy API operation for Amazon VPC Lattice. // // Retrieves information about the resource policy. The resource policy is an -// IAM policy created by AWS RAM on behalf of the resource owner when they share -// a resource. +// IAM policy created on behalf of the resource owner when they share a resource. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4413,7 +4413,8 @@ func (c *VPCLattice) PutAuthPolicyRequest(input *PutAuthPolicyInput) (req *reque // PutAuthPolicy API operation for Amazon VPC Lattice. // -// Creates or updates the auth policy. +// Creates or updates the auth policy. The policy string in JSON must not contain +// newlines or blank lines. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5362,8 +5363,11 @@ func (c *VPCLattice) UpdateServiceNetworkVpcAssociationRequest(input *UpdateServ // UpdateServiceNetworkVpcAssociation API operation for Amazon VPC Lattice. // -// Updates the service network and VPC association. Once you add a security -// group, it cannot be removed. +// Updates the service network and VPC association. If you add a security group +// to the service network and VPC association, the association must continue +// to always have at least one security group. You can add or edit security +// groups at any time. However, to remove all security groups, you must first +// delete the association and recreate it without security groups. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8785,10 +8789,10 @@ type GetAuthPolicyOutput struct { Policy *string `locationName:"policy" type:"string"` // The state of the auth policy. The auth policy is only active when the auth - // type is set to Amazon Web Services_IAM. If you provide a policy, then authentication - // and authorization decisions are made based on this policy and the client's - // IAM policy. If the auth type is NONE, then any auth policy you provide will - // remain inactive. For more information, see Create a service network (https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-networks.html#create-service-network) + // type is set to AWS_IAM. If you provide a policy, then authentication and + // authorization decisions are made based on this policy and the client's IAM + // policy. If the auth type is NONE, then any auth policy you provide will remain + // inactive. For more information, see Create a service network (https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-networks.html#create-service-network) // in the Amazon VPC Lattice User Guide. State *string `locationName:"state" type:"string" enum:"AuthPolicyState"` } @@ -9017,7 +9021,7 @@ func (s *GetListenerOutput) SetServiceId(v string) *GetListenerOutput { type GetResourcePolicyInput struct { _ struct{} `type:"structure" nopayload:"true"` - // An IAM policy. + // The Amazon Resource Name (ARN) of the service network or service. // // ResourceArn is a required field ResourceArn *string `location:"uri" locationName:"resourceArn" min:"20" type:"string" required:"true"` @@ -9066,7 +9070,7 @@ func (s *GetResourcePolicyInput) SetResourceArn(v string) *GetResourcePolicyInpu type GetResourcePolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the service network or service. + // An IAM policy. Policy *string `locationName:"policy" min:"1" type:"string"` } @@ -11976,7 +11980,8 @@ func (s *PathMatchType) SetPrefix(v string) *PathMatchType { type PutAuthPolicyInput struct { _ struct{} `type:"structure"` - // The auth policy. + // The auth policy. The policy string in JSON must not contain newlines or blank + // lines. // // Policy is a required field Policy *string `locationName:"policy" type:"string" required:"true"` @@ -12040,13 +12045,14 @@ func (s *PutAuthPolicyInput) SetResourceIdentifier(v string) *PutAuthPolicyInput type PutAuthPolicyOutput struct { _ struct{} `type:"structure"` - // The auth policy. + // The auth policy. The policy string in JSON must not contain newlines or blank + // lines. Policy *string `locationName:"policy" type:"string"` // The state of the auth policy. The auth policy is only active when the auth - // type is set to Amazon Web Services_IAM. If you provide a policy, then authentication - // and authorization decisions are made based on this policy and the client's - // IAM policy. If the Auth type is NONE, then, any auth policy you provide will + // type is set to AWS_IAM. If you provide a policy, then authentication and + // authorization decisions are made based on this policy and the client's IAM + // policy. If the Auth type is NONE, then, any auth policy you provide will // remain inactive. For more information, see Create a service network (https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-networks.html#create-service-network) // in the Amazon VPC Lattice User Guide. State *string `locationName:"state" type:"string" enum:"AuthPolicyState"` @@ -12085,7 +12091,8 @@ func (s *PutAuthPolicyOutput) SetState(v string) *PutAuthPolicyOutput { type PutResourcePolicyInput struct { _ struct{} `type:"structure"` - // An IAM policy. + // An IAM policy. The policy string in JSON must not contain newlines or blank + // lines. // // Policy is a required field Policy *string `locationName:"policy" min:"1" type:"string" required:"true"` @@ -14738,8 +14745,7 @@ func (s *UpdateServiceNetworkOutput) SetName(v string) *UpdateServiceNetworkOutp type UpdateServiceNetworkVpcAssociationInput struct { _ struct{} `type:"structure"` - // The IDs of the security groups. Once you add a security group, it cannot - // be removed. + // The IDs of the security groups. // // SecurityGroupIds is a required field SecurityGroupIds []*string `locationName:"securityGroupIds" min:"1" type:"list" required:"true"`