Specifies the Lambda function or functions to use for the data catalog. This is a mapping whose values depend on the catalog type.
For the HIVE data catalog type, use the following syntax. The metadata-function parameter is required. The sdk-version parameter is optional and defaults to the currently supported version.
metadata-function=lambda_arn, sdk-version=version_number
For the LAMBDA data catalog type, use one of the following sets of required parameters, but not both.
If you have one Lambda function that processes metadata and another for reading the actual data, use the following syntax. Both parameters are required.
metadata-function=lambda_arn, record-function=lambda_arn
If you have a composite Lambda function that processes both metadata and data, use the following syntax to specify your Lambda function.
function=lambda_arn
The GLUE type takes a catalog ID parameter and is required. The catalog_id is the account ID of the Amazon Web Services account to which the Glue catalog belongs.
catalog-id=catalog_id
The GLUE data catalog type also applies to the default AwsDataCatalog that already exists in your account, of which you can have only one and cannot modify.
Queries that specify a Glue Data Catalog other than the default AwsDataCatalog must be run on Athena engine version 2.
A set of custom key/value pairs.
", "EngineConfiguration$AdditionalConfigs": "Contains additional notebook engine MAP<string, string> parameter mappings in the form of key-value pairs. To specify an Athena notebook that the Jupyter server will download and serve, specify a value for the StartSessionRequest$NotebookVersion field, and then add a key named NotebookId to AdditionalConfigs that has the value of the Athena notebook ID.
Specifies custom jar files and Spark properties for use cases like cluster encryption, table formats, and general Spark tuning.
", "TableMetadata$Parameters": "A set of custom key/value pairs for table properties.
", "UpdateDataCatalogInput$Parameters": "Specifies the Lambda function or functions to use for updating the data catalog. This is a mapping whose values depend on the catalog type.
For the HIVE data catalog type, use the following syntax. The metadata-function parameter is required. The sdk-version parameter is optional and defaults to the currently supported version.
metadata-function=lambda_arn, sdk-version=version_number
For the LAMBDA data catalog type, use one of the following sets of required parameters, but not both.
If you have one Lambda function that processes metadata and another for reading the actual data, use the following syntax. Both parameters are required.
metadata-function=lambda_arn, record-function=lambda_arn
If you have a composite Lambda function that processes both metadata and data, use the following syntax to specify your Lambda function.
function=lambda_arn
Value representing eye direction on the yaw axis.
", + "EyeDirection$Pitch": "Value representing eye direction on the pitch axis.
", "Pose$Roll": "Value representing the face rotation on the roll axis.
", "Pose$Yaw": "Value representing the face rotation on the yaw axis.
", "Pose$Pitch": "Value representing the face rotation on the pitch axis.
" @@ -969,6 +971,12 @@ "IndexFacesRequest$ExternalImageId": "The ID you want to assign to all the faces detected in the image.
" } }, + "EyeDirection": { + "base": "Indicates the direction the eyes are gazing in (independent of the head pose) as determined by its pitch and yaw.
", + "refs": { + "FaceDetail$EyeDirection": "Indicates the direction the eyes are gazing in, as defined by pitch and yaw.
" + } + }, "EyeOpen": { "base": "Indicates whether or not the eyes on the face are open, and the confidence level in the determination.
", "refs": { @@ -1975,6 +1983,7 @@ "DominantColor$PixelPercent": "The percentage of image pixels that have a given dominant color.
", "Emotion$Confidence": "Level of confidence in the determination.
", "EquipmentDetection$Confidence": "The confidence that Amazon Rekognition has that the bounding box (BoundingBox) contains an item of PPE.
The confidence that the service has in its predicted eye direction.
", "EyeOpen$Confidence": "Level of confidence in the determination.
", "Eyeglasses$Confidence": "Level of confidence in the determination.
", "Face$Confidence": "Confidence level that the bounding box contains a face (and not a different object such as a tree).
", diff --git a/models/apis/rolesanywhere/2018-05-10/api-2.json b/models/apis/rolesanywhere/2018-05-10/api-2.json index 0e2414e2381..825f9748194 100644 --- a/models/apis/rolesanywhere/2018-05-10/api-2.json +++ b/models/apis/rolesanywhere/2018-05-10/api-2.json @@ -310,6 +310,36 @@ {"shape":"AccessDeniedException"} ] }, + "PutNotificationSettings":{ + "name":"PutNotificationSettings", + "http":{ + "method":"PATCH", + "requestUri":"/put-notifications-settings", + "responseCode":200 + }, + "input":{"shape":"PutNotificationSettingsRequest"}, + "output":{"shape":"PutNotificationSettingsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "ResetNotificationSettings":{ + "name":"ResetNotificationSettings", + "http":{ + "method":"PATCH", + "requestUri":"/reset-notifications-settings", + "responseCode":200 + }, + "input":{"shape":"ResetNotificationSettingsRequest"}, + "output":{"shape":"ResetNotificationSettingsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, "TagResource":{ "name":"TagResource", "http":{ @@ -431,7 +461,7 @@ "CreateProfileRequestDurationSecondsInteger":{ "type":"integer", "box":true, - "max":43200, + "max":3600, "min":900 }, "CreateTrustAnchorRequest":{ @@ -443,6 +473,7 @@ "members":{ "enabled":{"shape":"Boolean"}, "name":{"shape":"ResourceName"}, + "notificationSettings":{"shape":"NotificationSettings"}, "source":{"shape":"Source"}, "tags":{"shape":"TagList"} } @@ -615,6 +646,87 @@ "max":200, "min":1 }, + "NotificationChannel":{ + "type":"string", + "enum":["ALL"] + }, + "NotificationEvent":{ + "type":"string", + "enum":[ + "CA_CERTIFICATE_EXPIRY", + "END_ENTITY_CERTIFICATE_EXPIRY" + ] + }, + "NotificationSetting":{ + "type":"structure", + "required":[ + "enabled", + "event" + ], + "members":{ + "channel":{"shape":"NotificationChannel"}, + "enabled":{"shape":"Boolean"}, + "event":{"shape":"NotificationEvent"}, + "threshold":{"shape":"NotificationSettingThresholdInteger"} + } + }, + "NotificationSettingDetail":{ + "type":"structure", + "required":[ + "enabled", + "event" + ], + "members":{ + "channel":{"shape":"NotificationChannel"}, + "configuredBy":{"shape":"NotificationSettingDetailConfiguredByString"}, + "enabled":{"shape":"Boolean"}, + "event":{"shape":"NotificationEvent"}, + "threshold":{"shape":"NotificationSettingDetailThresholdInteger"} + } + }, + "NotificationSettingDetailConfiguredByString":{ + "type":"string", + "max":200, + "min":1 + }, + "NotificationSettingDetailThresholdInteger":{ + "type":"integer", + "box":true, + "max":360, + "min":1 + }, + "NotificationSettingDetails":{ + "type":"list", + "member":{"shape":"NotificationSettingDetail"}, + "max":50, + "min":0 + }, + "NotificationSettingKey":{ + "type":"structure", + "required":["event"], + "members":{ + "channel":{"shape":"NotificationChannel"}, + "event":{"shape":"NotificationEvent"} + } + }, + "NotificationSettingKeys":{ + "type":"list", + "member":{"shape":"NotificationSettingKey"}, + "max":50, + "min":0 + }, + "NotificationSettingThresholdInteger":{ + "type":"integer", + "box":true, + "max":360, + "min":1 + }, + "NotificationSettings":{ + "type":"list", + "member":{"shape":"NotificationSetting"}, + "max":50, + "min":0 + }, "ProfileArn":{ "type":"string", "max":1011, @@ -648,6 +760,42 @@ "type":"list", "member":{"shape":"ProfileDetail"} }, + "PutNotificationSettingsRequest":{ + "type":"structure", + "required":[ + "notificationSettings", + "trustAnchorId" + ], + "members":{ + "notificationSettings":{"shape":"NotificationSettings"}, + "trustAnchorId":{"shape":"Uuid"} + } + }, + "PutNotificationSettingsResponse":{ + "type":"structure", + "required":["trustAnchor"], + "members":{ + "trustAnchor":{"shape":"TrustAnchorDetail"} + } + }, + "ResetNotificationSettingsRequest":{ + "type":"structure", + "required":[ + "notificationSettingKeys", + "trustAnchorId" + ], + "members":{ + "notificationSettingKeys":{"shape":"NotificationSettingKeys"}, + "trustAnchorId":{"shape":"Uuid"} + } + }, + "ResetNotificationSettingsResponse":{ + "type":"structure", + "required":["trustAnchor"], + "members":{ + "trustAnchor":{"shape":"TrustAnchorDetail"} + } + }, "ResourceName":{ "type":"string", "max":255, @@ -732,10 +880,15 @@ "type":"structure", "members":{ "acmPcaArn":{"shape":"String"}, - "x509CertificateData":{"shape":"String"} + "x509CertificateData":{"shape":"SourceDataX509CertificateDataString"} }, "union":true }, + "SourceDataX509CertificateDataString":{ + "type":"string", + "max":8000, + "min":1 + }, "String":{"type":"string"}, "SubjectDetail":{ "type":"structure", @@ -798,13 +951,13 @@ "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"}, - "max":50, + "max":200, "min":0 }, "TagList":{ "type":"list", "member":{"shape":"Tag"}, - "max":50, + "max":200, "min":0 }, "TagResourceRequest":{ @@ -853,6 +1006,7 @@ "createdAt":{"shape":"SyntheticTimestamp_date_time"}, "enabled":{"shape":"Boolean"}, "name":{"shape":"ResourceName"}, + "notificationSettings":{"shape":"NotificationSettingDetails"}, "source":{"shape":"Source"}, "trustAnchorArn":{"shape":"String"}, "trustAnchorId":{"shape":"Uuid"}, @@ -931,7 +1085,7 @@ "UpdateProfileRequestDurationSecondsInteger":{ "type":"integer", "box":true, - "max":43200, + "max":3600, "min":900 }, "UpdateProfileRequestSessionPolicyString":{ diff --git a/models/apis/rolesanywhere/2018-05-10/docs-2.json b/models/apis/rolesanywhere/2018-05-10/docs-2.json index dca96bf084f..7d0827b20d8 100644 --- a/models/apis/rolesanywhere/2018-05-10/docs-2.json +++ b/models/apis/rolesanywhere/2018-05-10/docs-2.json @@ -1,33 +1,35 @@ { "version": "2.0", - "service": "AWS Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications running outside of AWS to obtain Temporary AWS credentials. Your workloads can use the same IAM policies and roles that you have configured with native AWS applications to access AWS resources. Using IAM Roles Anywhere will eliminate the need to manage long term credentials for workloads running outside of AWS.
To use IAM Roles Anywhere customer workloads will need to use X.509 certificates issued by their Certificate Authority (CA) . The Certificate Authority (CA) needs to be registered with IAM Roles Anywhere as a trust anchor to establish trust between customer PKI and IAM Roles Anywhere. Customers who do not manage their own PKI system can use AWS Certificate Manager Private Certificate Authority (ACM PCA) to create a Certificate Authority and use that to establish trust with IAM Roles Anywhere
This guide describes the IAM rolesanywhere operations that you can call programmatically. For general information about IAM Roles Anywhere see https://docs.aws.amazon.com/
", + "service": "Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials. Your workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon Web Services.
To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.
This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.
", "operations": { - "CreateProfile": "Creates a profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies.
Required permissions: rolesanywhere:CreateProfile.
Creates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.
Required permissions: rolesanywhere:CreateTrustAnchor.
Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.
Required permissions: rolesanywhere:CreateProfile.
Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.
Required permissions: rolesanywhere:CreateTrustAnchor.
Deletes a certificate revocation list (CRL).
Required permissions: rolesanywhere:DeleteCrl.
Deletes a profile.
Required permissions: rolesanywhere:DeleteProfile.
Deletes a trust anchor.
Required permissions: rolesanywhere:DeleteTrustAnchor.
Disables a certificate revocation list (CRL).
Required permissions: rolesanywhere:DisableCrl.
Disables a profile. When disabled, CreateSession requests with this profile fail.
Required permissions: rolesanywhere:DisableProfile.
Disables a trust anchor. When disabled, CreateSession requests specifying this trust anchor are unauthorized.
Required permissions: rolesanywhere:DisableTrustAnchor.
Disables a profile. When disabled, temporary credential requests with this profile fail.
Required permissions: rolesanywhere:DisableProfile.
Disables a trust anchor. When disabled, temporary credential requests specifying this trust anchor are unauthorized.
Required permissions: rolesanywhere:DisableTrustAnchor.
Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.
Required permissions: rolesanywhere:EnableCrl.
Enables the roles in a profile to receive session credentials in CreateSession.
Required permissions: rolesanywhere:EnableProfile.
Enables temporary credential requests for a profile.
Required permissions: rolesanywhere:EnableProfile.
Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.
Required permissions: rolesanywhere:EnableTrustAnchor.
Gets a certificate revocation list (CRL).
Required permissions: rolesanywhere:GetCrl.
Gets a profile.
Required permissions: rolesanywhere:GetProfile.
Gets a Subject. A Subject associates a certificate identity with authentication attempts by CreateSession. The Subject resources stores audit information such as status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.
Required permissions: rolesanywhere:GetSubject.
Gets a subject, which associates a certificate identity with authentication attempts. The subject stores auditing information such as the status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.
Required permissions: rolesanywhere:GetSubject.
Gets a trust anchor.
Required permissions: rolesanywhere:GetTrustAnchor.
Imports the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.
Required permissions: rolesanywhere:ImportCrl.
Lists all Crls in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListCrls.
Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.
Required permissions: rolesanywhere:ImportCrl.
Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListCrls.
Lists all profiles in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListProfiles.
Lists the subjects in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListSubjects.
Lists the tags attached to the resource.
Required permissions: rolesanywhere:ListTagsForResource.
Lists the trust anchors in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListTrustAnchors.
Attaches a list of notification settings to a trust anchor.
A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.
Required permissions: rolesanywhere:PutNotificationSettings.
Resets the custom notification setting to IAM Roles Anywhere default setting.
Required permissions: rolesanywhere:ResetNotificationSettings.
Attaches tags to a resource.
Required permissions: rolesanywhere:TagResource.
Removes tags from the resource.
Required permissions: rolesanywhere:UntagResource.
Updates the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.
Required permissions: rolesanywhere:UpdateCrl.
Updates the profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can scope-down permissions with IAM managed policies.
Required permissions: rolesanywhere:UpdateProfile.
Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.
Required permissions: rolesanywhere:UpdateTrustAnchor.
Updates the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.
Required permissions: rolesanywhere:UpdateCrl.
Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.
Required permissions: rolesanywhere:UpdateProfile.
Updates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.
Required permissions: rolesanywhere:UpdateTrustAnchor.
Specifies whether the profile is enabled.
", - "CreateProfileRequest$requireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.
", + "CreateProfileRequest$requireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.
", "CreateTrustAnchorRequest$enabled": "Specifies whether the trust anchor is enabled.
", "CredentialSummary$enabled": "Indicates whether the credential is enabled.
", - "CredentialSummary$failed": "Indicates whether the CreateSession operation was successful.
", + "CredentialSummary$failed": "Indicates whether the temporary credential request was successful.
", "CrlDetail$enabled": "Indicates whether the certificate revocation list (CRL) is enabled.
", "ImportCrlRequest$enabled": "Specifies whether the certificate revocation list (CRL) is enabled.
", - "InstanceProperty$failed": "Indicates whether the CreateSession operation was successful.
", + "InstanceProperty$failed": "Indicates whether the temporary credential request was successful.
", + "NotificationSetting$enabled": "Indicates whether the notification setting is enabled.
", + "NotificationSettingDetail$enabled": "Indicates whether the notification setting is enabled.
", "ProfileDetail$enabled": "Indicates whether the profile is enabled.
", - "ProfileDetail$requireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.
", + "ProfileDetail$requireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.
", "SubjectDetail$enabled": "The enabled status of the subject.
", - "SubjectSummary$enabled": "The enabled status of the Subject.
", + "SubjectSummary$enabled": "The enabled status of the subject.
", "TrustAnchorDetail$enabled": "Indicates whether the trust anchor is enabled.
" } }, @@ -86,11 +90,11 @@ "CredentialSummaries": { "base": null, "refs": { - "SubjectDetail$credentials": "The temporary session credentials vended at the last authenticating call with this Subject.
" + "SubjectDetail$credentials": "The temporary session credentials vended at the last authenticating call with this subject.
" } }, "CredentialSummary": { - "base": "A record of a presented X509 credential to CreateSession.
", + "base": "A record of a presented X509 credential from a temporary credential request.
", "refs": { "CredentialSummaries$member": null } @@ -121,7 +125,7 @@ "ImportCrlRequestCrlDataBlob": { "base": null, "refs": { - "ImportCrlRequest$crlData": "The x509 v3 specified certificate revocation list
" + "ImportCrlRequest$crlData": "The x509 v3 specified certificate revocation list (CRL).
" } }, "InstanceProperties": { @@ -179,7 +183,7 @@ "ListRequestNextTokenString": { "base": null, "refs": { - "ListRequest$nextToken": "A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
" + "ListRequest$nextToken": "A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.
" } }, "ListSubjectsResponse": { @@ -216,6 +220,77 @@ "ManagedPolicyList$member": null } }, + "NotificationChannel": { + "base": null, + "refs": { + "NotificationSetting$channel": "The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and Health Dashboard to notify for an event.
In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.
The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and Health Dashboard to notify for an event.
In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.
The specified channel of notification.
" + } + }, + "NotificationEvent": { + "base": null, + "refs": { + "NotificationSetting$event": "The event to which this notification setting is applied.
", + "NotificationSettingDetail$event": "The event to which this notification setting is applied.
", + "NotificationSettingKey$event": "The notification setting event to reset.
" + } + }, + "NotificationSetting": { + "base": "Customizable notification settings that will be applied to notification events. IAM Roles Anywhere consumes these settings while notifying across multiple channels - CloudWatch metrics, EventBridge, and Health Dashboard.
", + "refs": { + "NotificationSettings$member": null + } + }, + "NotificationSettingDetail": { + "base": "The state of a notification setting.
A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.
", + "refs": { + "NotificationSettingDetails$member": null + } + }, + "NotificationSettingDetailConfiguredByString": { + "base": null, + "refs": { + "NotificationSettingDetail$configuredBy": "The principal that configured the notification setting. For default settings configured by IAM Roles Anywhere, the value is rolesanywhere.amazonaws.com, and for customized notifications settings, it is the respective account ID.
The number of days before a notification event.
" + } + }, + "NotificationSettingDetails": { + "base": null, + "refs": { + "TrustAnchorDetail$notificationSettings": "A list of notification settings to be associated to the trust anchor.
" + } + }, + "NotificationSettingKey": { + "base": "A notification setting key to reset. A notification setting key includes the event and the channel.
", + "refs": { + "NotificationSettingKeys$member": null + } + }, + "NotificationSettingKeys": { + "base": null, + "refs": { + "ResetNotificationSettingsRequest$notificationSettingKeys": "A list of notification setting keys to reset. A notification setting key includes the event and the channel.
" + } + }, + "NotificationSettingThresholdInteger": { + "base": null, + "refs": { + "NotificationSetting$threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled.
" + } + }, + "NotificationSettings": { + "base": null, + "refs": { + "CreateTrustAnchorRequest$notificationSettings": "A list of notification settings to be associated to the trust anchor.
", + "PutNotificationSettingsRequest$notificationSettings": "A list of notification settings to be associated to the trust anchor.
" + } + }, "ProfileArn": { "base": null, "refs": { @@ -240,6 +315,26 @@ "ListProfilesResponse$profiles": "A list of profiles.
" } }, + "PutNotificationSettingsRequest": { + "base": null, + "refs": { + } + }, + "PutNotificationSettingsResponse": { + "base": null, + "refs": { + } + }, + "ResetNotificationSettingsRequest": { + "base": null, + "refs": { + } + }, + "ResetNotificationSettingsResponse": { + "base": null, + "refs": { + } + }, "ResourceName": { "base": null, "refs": { @@ -267,9 +362,9 @@ "RoleArnList": { "base": null, "refs": { - "CreateProfileRequest$roleArns": "A list of IAM roles that this profile can assume in a CreateSession operation.
", - "ProfileDetail$roleArns": "A list of IAM roles that this profile can assume in a CreateSession operation.
", - "UpdateProfileRequest$roleArns": "A list of IAM roles that this profile can assume in a CreateSession operation.
" + "CreateProfileRequest$roleArns": "A list of IAM roles that this profile can assume in a temporary credential request.
", + "ProfileDetail$roleArns": "A list of IAM roles that this profile can assume in a temporary credential request.
", + "UpdateProfileRequest$roleArns": "A list of IAM roles that this profile can assume in a temporary credential request.
" } }, "ScalarCrlRequest": { @@ -306,6 +401,12 @@ "Source$sourceData": "The data field of the trust anchor depending on its type.
" } }, + "SourceDataX509CertificateDataString": { + "base": null, + "refs": { + "SourceData$x509CertificateData": "The PEM-encoded data for the certificate anchor. Included for trust anchors of type CERTIFICATE_BUNDLE.
The ARN of the certificate revocation list (CRL).
", "CrlDetail$name": "The name of the certificate revocation list (CRL).
", "CrlDetail$trustAnchorArn": "The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.
", - "ListCrlsResponse$nextToken": "A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
", - "ListProfilesResponse$nextToken": "A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
", - "ListSubjectsResponse$nextToken": "A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
", - "ListTrustAnchorsResponse$nextToken": "A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
", + "ListCrlsResponse$nextToken": "A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.
", + "ListProfilesResponse$nextToken": "A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.
", + "ListSubjectsResponse$nextToken": "A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.
", + "ListTrustAnchorsResponse$nextToken": "A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.
", "ProfileDetail$createdBy": "The Amazon Web Services account that created the profile.
", "ProfileDetail$sessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.
", "ResourceNotFoundException$message": null, - "SourceData$acmPcaArn": "The root certificate of the Certificate Manager Private Certificate Authority specified by this ARN is used in trust validation for CreateSession operations. Included for trust anchors of type AWS_ACM_PCA.
The PEM-encoded data for the certificate anchor. Included for trust anchors of type CERTIFICATE_BUNDLE.
The root certificate of the Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type AWS_ACM_PCA.
The ARN of the resource.
", "SubjectDetail$x509Subject": "The x509 principal identifier of the authenticating certificate.
", "SubjectSummary$subjectArn": "The ARN of the resource.
", @@ -353,7 +453,7 @@ } }, "SubjectSummary": { - "base": "A summary representation of Subject resources returned in read operations; primarily ListSubjects.
", + "base": "A summary representation of subjects.
", "refs": { "SubjectSummaries$member": null } @@ -361,17 +461,17 @@ "SyntheticTimestamp_date_time": { "base": null, "refs": { - "CredentialSummary$seenAt": "The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.
", + "CredentialSummary$seenAt": "The ISO-8601 time stamp of when the certificate was last used in a temporary credential request.
", "CrlDetail$createdAt": "The ISO-8601 timestamp when the certificate revocation list (CRL) was created.
", "CrlDetail$updatedAt": "The ISO-8601 timestamp when the certificate revocation list (CRL) was last updated.
", - "InstanceProperty$seenAt": "The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.
", + "InstanceProperty$seenAt": "The ISO-8601 time stamp of when the certificate was last used in a temporary credential request.
", "ProfileDetail$createdAt": "The ISO-8601 timestamp when the profile was created.
", "ProfileDetail$updatedAt": "The ISO-8601 timestamp when the profile was last updated.
", "SubjectDetail$createdAt": "The ISO-8601 timestamp when the subject was created.
", - "SubjectDetail$lastSeenAt": "The ISO-8601 timestamp of the last time this Subject requested temporary session credentials.
", + "SubjectDetail$lastSeenAt": "The ISO-8601 timestamp of the last time this subject requested temporary session credentials.
", "SubjectDetail$updatedAt": "The ISO-8601 timestamp when the subject was last updated.
", - "SubjectSummary$createdAt": "The ISO-8601 time stamp of when the certificate was first used in a CreateSession operation.
", - "SubjectSummary$lastSeenAt": "The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.
", + "SubjectSummary$createdAt": "The ISO-8601 time stamp of when the certificate was first used in a temporary credential request.
", + "SubjectSummary$lastSeenAt": "The ISO-8601 time stamp of when the certificate was last used in a temporary credential request.
", "SubjectSummary$updatedAt": "The ISO-8601 timestamp when the subject was last updated.
", "TrustAnchorDetail$createdAt": "The ISO-8601 timestamp when the trust anchor was created.
", "TrustAnchorDetail$updatedAt": "The ISO-8601 timestamp when the trust anchor was last updated.
" @@ -436,6 +536,8 @@ "TrustAnchorDetail": { "base": "The state of the trust anchor after a read or write operation.
", "refs": { + "PutNotificationSettingsResponse$trustAnchor": null, + "ResetNotificationSettingsResponse$trustAnchor": null, "TrustAnchorDetailResponse$trustAnchor": "The state of the trust anchor after a read or write operation.
", "TrustAnchorDetails$member": null } @@ -475,7 +577,7 @@ "UpdateCrlRequestCrlDataBlob": { "base": null, "refs": { - "UpdateCrlRequest$crlData": "The x509 v3 specified certificate revocation list
" + "UpdateCrlRequest$crlData": "The x509 v3 specified certificate revocation list (CRL).
" } }, "UpdateProfileRequest": { @@ -505,6 +607,8 @@ "refs": { "CrlDetail$crlId": "The unique identifier of the certificate revocation list (CRL).
", "ProfileDetail$profileId": "The unique identifier of the profile.
", + "PutNotificationSettingsRequest$trustAnchorId": "The unique identifier of the trust anchor.
", + "ResetNotificationSettingsRequest$trustAnchorId": "The unique identifier of the trust anchor.
", "ScalarCrlRequest$crlId": "The unique identifier of the certificate revocation list (CRL).
", "ScalarProfileRequest$profileId": "The unique identifier of the profile.
", "ScalarSubjectRequest$subjectId": "The unique identifier of the subject.
", diff --git a/models/apis/rolesanywhere/2018-05-10/endpoint-rule-set-1.json b/models/apis/rolesanywhere/2018-05-10/endpoint-rule-set-1.json new file mode 100644 index 00000000000..8c80f513d77 --- /dev/null +++ b/models/apis/rolesanywhere/2018-05-10/endpoint-rule-set-1.json @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://rolesanywhere-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://rolesanywhere-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://rolesanywhere.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://rolesanywhere.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + } + ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/rolesanywhere/2018-05-10/endpoint-tests-1.json b/models/apis/rolesanywhere/2018-05-10/endpoint-tests-1.json new file mode 100644 index 00000000000..b5000b3a39f --- /dev/null +++ b/models/apis/rolesanywhere/2018-05-10/endpoint-tests-1.json @@ -0,0 +1,548 @@ +{ + "testCases": [ + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ap-east-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-3", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ap-south-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-south-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.ca-central-1.amazonaws.com" + } + }, + "params": { + "Region": "ca-central-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.eu-central-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-central-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.eu-north-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-north-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.eu-west-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.eu-west-2.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.eu-west-3.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-3", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.me-south-1.amazonaws.com" + } + }, + "params": { + "Region": "me-south-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.sa-east-1.amazonaws.com" + } + }, + "params": { + "Region": "sa-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-east-2.amazonaws.com" + } + }, + "params": { + "Region": "us-east-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-west-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://rolesanywhere.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/transfer/2018-11-05/api-2.json b/models/apis/transfer/2018-11-05/api-2.json index 107cd0d3214..1c979999a5b 100644 --- a/models/apis/transfer/2018-11-05/api-2.json +++ b/models/apis/transfer/2018-11-05/api-2.json @@ -1951,7 +1951,8 @@ "Url":{"shape":"Url"}, "InvocationRole":{"shape":"Role"}, "DirectoryId":{"shape":"DirectoryId"}, - "Function":{"shape":"Function"} + "Function":{"shape":"Function"}, + "SftpAuthenticationMethods":{"shape":"SftpAuthenticationMethods"} } }, "IdentityProviderType":{ @@ -2777,6 +2778,15 @@ "ENABLE_NO_OP" ] }, + "SftpAuthenticationMethods":{ + "type":"string", + "enum":[ + "PASSWORD", + "PUBLIC_KEY", + "PUBLIC_KEY_OR_PASSWORD", + "PUBLIC_KEY_AND_PASSWORD" + ] + }, "SigningAlg":{ "type":"string", "enum":[ diff --git a/models/apis/transfer/2018-11-05/docs-2.json b/models/apis/transfer/2018-11-05/docs-2.json index 0d31bc8dceb..39c3344daae 100644 --- a/models/apis/transfer/2018-11-05/docs-2.json +++ b/models/apis/transfer/2018-11-05/docs-2.json @@ -13,7 +13,7 @@ "DeleteAgreement": "Delete the agreement that's specified in the provided AgreementId.
Deletes the certificate that's specified in the CertificateId parameter.
Deletes the agreement that's specified in the provided ConnectorId.
Deletes the host key that's specified in the HoskKeyId parameter.
Deletes the host key that's specified in the HostKeyId parameter.
Deletes the profile that's specified in the ProfileId parameter.
Deletes the file transfer protocol-enabled server that you specify.
No response returns from this operation.
", "DeleteSshPublicKey": "Deletes a user's Secure Shell (SSH) public key.
", @@ -23,7 +23,7 @@ "DescribeAgreement": "Describes the agreement that's identified by the AgreementId.
Describes the certificate that's identified by the CertificateId.
Describes the connector that's identified by the ConnectorId.
You can use DescribeExecution to check the details of the execution of the specified workflow.
You can use DescribeExecution to check the details of the execution of the specified workflow.
This API call only returns details for in-progress workflows.
If you provide an ID for an execution that is not in progress, or if the execution doesn't match the specified workflow ID, you receive a ResourceNotFound exception.
Returns the details of the host key that's specified by the HostKeyId and ServerId.
Returns the details of the profile that's specified by the ProfileId.
Describes the security policy that is attached to your file transfer protocol-enabled server. The response contains a description of the security policy's properties. For more information about security policies, see Working with security policies.
", @@ -32,25 +32,25 @@ "DescribeWorkflow": "Describes the specified workflow.
", "ImportCertificate": "Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.
", "ImportHostKey": "Adds a host key to the server that's specified by the ServerId parameter.
Adds a Secure Shell (SSH) public key to a user account identified by a UserName value assigned to the specific file transfer protocol-enabled server, identified by ServerId.
The response returns the UserName value, the ServerId value, and the name of the SshPublicKeyId.
Adds a Secure Shell (SSH) public key to a Transfer Family user identified by a UserName value assigned to the specific file transfer protocol-enabled server, identified by ServerId.
The response returns the UserName value, the ServerId value, and the name of the SshPublicKeyId.
Lists the details for all the accesses you have on your server.
", "ListAgreements": "Returns a list of the agreements for the server that's identified by the ServerId that you supply. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing agreements from where you left off.
Returns a list of the current certificates that have been imported into Transfer Family. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for the NextToken parameter, you can supply that value to continue listing certificates from where you left off.
Lists the connectors for the specified Region.
", - "ListExecutions": "Lists all executions for the specified workflow.
", + "ListExecutions": "Lists all in-progress executions for the specified workflow.
If the specified workflow ID cannot be found, ListExecutions returns a ResourceNotFound exception.
Returns a list of host keys for the server that's specified by the ServerId parameter.
Returns a list of the profiles for your system. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing profiles from where you left off.
Lists the security policies that are attached to your file transfer protocol-enabled servers.
", "ListServers": "Lists the file transfer protocol-enabled servers that are associated with your Amazon Web Services account.
", "ListTagsForResource": "Lists all of the tags associated with the Amazon Resource Name (ARN) that you specify. The resource can be a user, server, or role.
", "ListUsers": "Lists the users for a file transfer protocol-enabled server that you specify by passing the ServerId parameter.
Lists all of your workflows.
", + "ListWorkflows": "Lists all workflows associated with your Amazon Web Services account for your current region.
", "SendWorkflowStepState": "Sends a callback for asynchronous custom steps.
The ExecutionId, WorkflowId, and Token are passed to the target resource during execution of a custom step of a workflow. You must include those with their callback as well as providing a status.
Begins an outbound file transfer to a remote AS2 server. You specify the ConnectorId and the file paths for where to send the files.
Changes the state of a file transfer protocol-enabled server from OFFLINE to ONLINE. It has no impact on a server that is already ONLINE. An ONLINE server can accept and process file transfer jobs.
The state of STARTING indicates that the server is in an intermediate state, either not fully able to respond, or not fully online. The values of START_FAILED can indicate an error condition.
No response is returned from this call.
", "StopServer": "Changes the state of a file transfer protocol-enabled server from ONLINE to OFFLINE. An OFFLINE server cannot accept and process file transfer jobs. Information tied to your server, such as server and user properties, are not affected by stopping your server.
Stopping the server does not reduce or impact your file transfer protocol endpoint billing; you must delete the server to stop being billed.
The state of STOPPING indicates that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of STOP_FAILED can indicate an error condition.
No response is returned from this call.
", "TagResource": "Attaches a key-value pair to a resource, as identified by its Amazon Resource Name (ARN). Resources are users, servers, roles, and other entities.
There is no response returned from this call.
", - "TestIdentityProvider": "If the IdentityProviderType of a file transfer protocol-enabled server is AWS_DIRECTORY_SERVICE or API_Gateway, tests whether your identity provider is set up successfully. We highly recommend that you call this operation to test your authentication method as soon as you create your server. By doing so, you can troubleshoot issues with the identity provider integration to ensure that your users can successfully use the service.
The ServerId and UserName parameters are required. The ServerProtocol, SourceIp, and UserPassword are all optional.
You cannot use TestIdentityProvider if the IdentityProviderType of your server is SERVICE_MANAGED.
If you provide any incorrect values for any parameters, the Response field is empty.
If you provide a server ID for a server that uses service-managed users, you get an error:
An error occurred (InvalidRequestException) when calling the TestIdentityProvider operation: s-server-ID not configured for external auth
If you enter a Server ID for the --server-id parameter that does not identify an actual Transfer server, you receive the following error:
An error occurred (ResourceNotFoundException) when calling the TestIdentityProvider operation: Unknown server
If the IdentityProviderType of a file transfer protocol-enabled server is AWS_DIRECTORY_SERVICE or API_Gateway, tests whether your identity provider is set up successfully. We highly recommend that you call this operation to test your authentication method as soon as you create your server. By doing so, you can troubleshoot issues with the identity provider integration to ensure that your users can successfully use the service.
The ServerId and UserName parameters are required. The ServerProtocol, SourceIp, and UserPassword are all optional.
Note the following:
You cannot use TestIdentityProvider if the IdentityProviderType of your server is SERVICE_MANAGED.
TestIdentityProvider does not work with keys: it only accepts passwords.
TestIdentityProvider can test the password operation for a custom Identity Provider that handles keys and passwords.
If you provide any incorrect values for any parameters, the Response field is empty.
If you provide a server ID for a server that uses service-managed users, you get an error:
An error occurred (InvalidRequestException) when calling the TestIdentityProvider operation: s-server-ID not configured for external auth
If you enter a Server ID for the --server-id parameter that does not identify an actual Transfer server, you receive the following error:
An error occurred (ResourceNotFoundException) when calling the TestIdentityProvider operation: Unknown server.
It is possible your sever is in a different region. You can specify a region by adding the following: --region region-code, such as --region us-east-2 to specify a server in US East (Ohio).
Detaches a key-value pair from a resource, as identified by its Amazon Resource Name (ARN). Resources are users, servers, roles, and other entities.
No response is returned from this call.
", "UpdateAccess": "Allows you to update parameters for the access specified in the ServerID and ExternalID parameters.
Updates some of the parameters for an existing agreement. Provide the AgreementId and the ServerId for the agreement that you want to update, along with the new values for the parameters to update.
The ARN for the lambda function that is being called.
" + "CustomStepDetails$Target": "The ARN for the Lambda function that is being called.
" } }, "CustomStepTimeoutSeconds": { @@ -374,7 +374,7 @@ "refs": { "DescribedHostKey$DateImported": "The date on which the host key was added to the server.
", "ListedHostKey$DateImported": "The date on which the host key was added to the server.
", - "SshPublicKey$DateImported": "Specifies the date that the public key was added to the user account.
" + "SshPublicKey$DateImported": "Specifies the date that the public key was added to the Transfer Family user.
" } }, "DecryptStepDetails": { @@ -606,7 +606,7 @@ "DescribedUser": { "base": "Describes the properties of a user that was specified.
", "refs": { - "DescribeUserResponse$User": "An array containing the properties of the user account for the ServerID value that you specified.
An array containing the properties of the Transfer Family user for the ServerID value that you specified.
The ARN for a lambda function to use for the Identity provider.
" + "IdentityProviderDetails$Function": "The ARN for a Lambda function to use for the Identity provider.
" } }, "HomeDirectory": { @@ -880,17 +880,17 @@ "IdentityProviderDetails": { "base": "Returns information related to the type of user authentication that is in use for a file transfer protocol-enabled server's users. A server can have only one method of authentication.
", "refs": { - "CreateServerRequest$IdentityProviderDetails": "Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when IdentityProviderType is set to SERVICE_MANAGED.
Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, Amazon Web Services_LAMBDA or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when IdentityProviderType is set to SERVICE_MANAGED.
Specifies information to call a customer-supplied authentication API. This field is not populated when the IdentityProviderType of a server is AWS_DIRECTORY_SERVICE or SERVICE_MANAGED.
An array containing all of the information required to call a customer's authentication API method.
" } }, "IdentityProviderType": { - "base": "Returns information related to the type of user authentication that is in use for a file transfer protocol-enabled server's users. For AWS_DIRECTORY_SERVICE or SERVICE_MANAGED authentication, the Secure Shell (SSH) public keys are stored with a user on the server instance. For API_GATEWAY authentication, your custom authentication method is implemented by using an API call. The server can have only one method of authentication.
The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter for the IdentityProviderDetails data type.
The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter or the IdentityProviderDetails data type.
The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter or the IdentityProviderDetails data type.
The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter or the IdentityProviderDetails data type.
The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter for the IdentityProviderDetails data type.
The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter for the IdentityProviderDetails data type.
The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter for the IdentityProviderDetails data type.
Specifies the location for the file that's being processed.
", "refs": { - "CopyStepDetails$DestinationFileLocation": "Specifies the location for the file being copied. Use ${Transfer:username} or ${Transfer:UploadDate} in this field to parametrize the destination prefix by username or uploaded date.
Set the value of DestinationFileLocation to ${Transfer:username} to copy uploaded files to an Amazon S3 bucket that is prefixed with the name of the Transfer Family user that uploaded the file.
Set the value of DestinationFileLocation to ${Transfer:UploadDate} to copy uploaded files to an Amazon S3 bucket that is prefixed with the date of the upload.
The system resolves UploadDate to a date format of YYYY-MM-DD, based on the date the file is uploaded.
Specifies the location for the file being copied. Use ${Transfer:UserName} or ${Transfer:UploadDate} in this field to parametrize the destination prefix by username or uploaded date.
Set the value of DestinationFileLocation to ${Transfer:UserName} to copy uploaded files to an Amazon S3 bucket that is prefixed with the name of the Transfer Family user that uploaded the file.
Set the value of DestinationFileLocation to ${Transfer:UploadDate} to copy uploaded files to an Amazon S3 bucket that is prefixed with the date of the upload.
The system resolves UploadDate to a date format of YYYY-MM-DD, based on the date the file is uploaded in UTC.
Specifies the location for the file being decrypted. Use ${Transfer:UserName} or ${Transfer:UploadDate} in this field to parametrize the destination prefix by username or uploaded date.
Set the value of DestinationFileLocation to ${Transfer:UserName} to decrypt uploaded files to an Amazon S3 bucket that is prefixed with the name of the Transfer Family user that uploaded the file.
Set the value of DestinationFileLocation to ${Transfer:UploadDate} to decrypt uploaded files to an Amazon S3 bucket that is prefixed with the date of the upload.
The system resolves UploadDate to a date format of YYYY-MM-DD, based on the date the file is uploaded in UTC.
Returns the details for each execution.
NextToken: returned from a call to several APIs, you can use pass it to a subsequent command to continue listing additional executions.
StartTime: timestamp indicating when the execution began.
Executions: details of the execution, including the execution ID, initial file location, and Service metadata.
Status: one of the following values: IN_PROGRESS, COMPLETED, EXCEPTION, HANDLING_EXEPTION.
Returns the details for each execution, in a ListedExecution array.
Returns the user accounts and their properties for the ServerId value that you specify.
Returns the Transfer Family users and their properties for the ServerId value that you specify.
A flag that indicates whether to overwrite an existing file of the same name. The default is FALSE.
A flag that indicates whether to overwrite an existing file of the same name. The default is FALSE.
A flag that indicates whether to overwrite an existing file of the same name. The default is FALSE.
If the workflow is processing a file that has the same name as an existing file, the behavior is as follows:
If OverwriteExisting is TRUE, the existing file is replaced with the file being processed.
If OverwriteExisting is FALSE, nothing happens, and the workflow processing stops.
A flag that indicates whether to overwrite an existing file of the same name. The default is FALSE.
If the workflow is processing a file that has the same name as an existing file, the behavior is as follows:
If OverwriteExisting is TRUE, the existing file is replaced with the file being processed.
If OverwriteExisting is FALSE, nothing happens, and the workflow processing stops.
The type of file transfer protocol to be tested.
The available protocols are:
Secure Shell (SSH) File Transfer Protocol (SFTP)
File Transfer Protocol Secure (FTPS)
File Transfer Protocol (FTP)
The type of file transfer protocol to be tested.
The available protocols are:
Secure Shell (SSH) File Transfer Protocol (SFTP)
File Transfer Protocol Secure (FTPS)
File Transfer Protocol (FTP)
Applicability Statement 2 (AS2)
The response that is returned from your API Gateway.
" + "TestIdentityProviderResponse$Response": "The response that is returned from your API Gateway or your Lambda function.
" } }, "RetryAfterSeconds": { @@ -1475,7 +1475,7 @@ "DescribedExecution$ExecutionRole": "The IAM role associated with the execution.
", "DescribedServer$LoggingRole": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
", "DescribedUser$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
", - "IdentityProviderDetails$InvocationRole": "Provides the type of InvocationRole used to authenticate the user account.
This parameter is only applicable if your IdentityProviderType is API_GATEWAY. Provides the type of InvocationRole used to authenticate the user account.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
", "ListedServer$LoggingRole": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
", "ListedUser$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
The IAM role that controls your users' access to your Amazon S3 bucket for servers with Domain=S3, or your EFS file system for servers with Domain=EFS.
The policies attached to this role determine the level of access you want to provide your users when transferring files into and out of your S3 buckets or EFS file systems.
A system-assigned unique identifier for a server instance. This is the specific server that the agreement uses.
", "UpdateHostKeyRequest$ServerId": "The identifier of the server that contains the host key that you are updating.
", "UpdateHostKeyResponse$ServerId": "Returns the server identifier for the server that contains the updated host key.
", - "UpdateServerRequest$ServerId": "A system-assigned unique identifier for a server instance that the user account is assigned to.
", - "UpdateServerResponse$ServerId": "A system-assigned unique identifier for a server that the user account is assigned to.
", - "UpdateUserRequest$ServerId": "A system-assigned unique identifier for a server instance that the user account is assigned to.
", - "UpdateUserResponse$ServerId": "A system-assigned unique identifier for a server instance that the user account is assigned to.
", + "UpdateServerRequest$ServerId": "A system-assigned unique identifier for a server instance that the Transfer Family user is assigned to.
", + "UpdateServerResponse$ServerId": "A system-assigned unique identifier for a server that the Transfer Family user is assigned to.
", + "UpdateUserRequest$ServerId": "A system-assigned unique identifier for a Transfer Family server instance that the user is assigned to.
", + "UpdateUserResponse$ServerId": "A system-assigned unique identifier for a Transfer Family server instance that the account is assigned to.
", "UserDetails$ServerId": "The system-assigned unique identifier for a Transfer server instance.
" } }, @@ -1693,6 +1693,12 @@ "ProtocolDetails$SetStatOption": "Use the SetStatOption to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket.
Some SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as SETSTAT when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.
Set the value to ENABLE_NO_OP to have the Transfer Family server ignore the SETSTAT command, and upload files without needing to make any changes to your SFTP client. While the SetStatOption ENABLE_NO_OP setting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making a SETSTAT call.
If you want to preserve the original timestamp for your file, and modify other file attributes using SETSTAT, you can use Amazon EFS as backend storage with Transfer Family.
For SFTP-enabled servers, and for custom identity providers only, you can specify whether to authenticate using a password, SSH key pair, or both.
PASSWORD - users must provide their password to connect.
PUBLIC_KEY - users must provide their private key to connect.
PUBLIC_KEY_OR_PASSWORD - users can authenticate with either their password or their key. This is the default value.
PUBLIC_KEY_AND_PASSWORD - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.
The source IP address of the user account to be tested.
" + "TestIdentityProviderRequest$SourceIp": "The source IP address of the account to be tested.
" } }, "SshPublicKey": { - "base": "Provides information about the public Secure Shell (SSH) key that is associated with a user account for the specific file transfer protocol-enabled server (as identified by ServerId). The information returned includes the date the key was imported, the public key contents, and the public key ID. A user can store more than one SSH public key associated with their user name on a specific server.
Provides information about the public Secure Shell (SSH) key that is associated with a Transfer Family user for the specific file transfer protocol-enabled server (as identified by ServerId). The information returned includes the date the key was imported, the public key contents, and the public key ID. A user can store more than one SSH public key associated with their user name on a specific server.
The HTTP status code that is the response from your API Gateway.
" + "TestIdentityProviderResponse$StatusCode": "The HTTP status code that is the response from your API Gateway or your Lambda function.
" } }, "StepResultOutputsJson": { @@ -1856,7 +1862,7 @@ "ImportCertificateRequest$Tags": "Key-value pairs that can be used to group and search for certificates.
", "ImportHostKeyRequest$Tags": "Key-value pairs that can be used to group and search for host keys.
", "ListTagsForResourceResponse$Tags": "Key-value pairs that are assigned to a resource, usually for the purpose of grouping and searching for items. Tags are metadata that you define.
", - "TagResourceRequest$Tags": "Key-value pairs assigned to ARNs that you can use to group and search for resources by type. You can attach this metadata to user accounts for any purpose.
" + "TagResourceRequest$Tags": "Key-value pairs assigned to ARNs that you can use to group and search for resources by type. You can attach this metadata to resources (servers, users, workflows, and so on) for any purpose.
" } }, "TestIdentityProviderRequest": { @@ -1999,24 +2005,24 @@ "base": null, "refs": { "CreateUserRequest$UserName": "A unique string that identifies a user and is associated with a ServerId. This user name must be a minimum of 3 and a maximum of 100 characters long. The following are valid characters: a-z, A-Z, 0-9, underscore '_', hyphen '-', period '.', and at sign '@'. The user name can't start with a hyphen, period, or at sign.
A unique string that identifies a user account associated with a server.
", + "CreateUserResponse$UserName": "A unique string that identifies a Transfer Family user.
", "DeleteSshPublicKeyRequest$UserName": "A unique string that identifies a user whose public key is being deleted.
", "DeleteUserRequest$UserName": "A unique string that identifies a user that is being deleted from a server.
", "DescribeUserRequest$UserName": "The name of the user assigned to one or more servers. User names are part of the sign-in credentials to use the Transfer Family service and perform file transfer tasks.
", "DescribedUser$UserName": "Specifies the name of the user that was requested to be described. User names are used for authentication purposes. This is the string that will be used by your user when they log in to your server.
", - "ImportSshPublicKeyRequest$UserName": "The name of the user account that is assigned to one or more servers.
", + "ImportSshPublicKeyRequest$UserName": "The name of the Transfer Family user that is assigned to one or more servers.
", "ImportSshPublicKeyResponse$UserName": "A user name assigned to the ServerID value that you specified.
Specifies the name of the user whose ARN was specified. User names are used for authentication purposes.
", - "TestIdentityProviderRequest$UserName": "The name of the user account to be tested.
", + "TestIdentityProviderRequest$UserName": "The name of the account to be tested.
", "UpdateUserRequest$UserName": "A unique string that identifies a user and is associated with a server as specified by the ServerId. This user name must be a minimum of 3 and a maximum of 100 characters long. The following are valid characters: a-z, A-Z, 0-9, underscore '_', hyphen '-', period '.', and at sign '@'. The user name can't start with a hyphen, period, or at sign.
The unique identifier for a user that is assigned to a server instance that was specified in the request.
", - "UserDetails$UserName": "A unique string that identifies a user account associated with a server.
" + "UserDetails$UserName": "A unique string that identifies a Transfer Family user associated with a server.
" } }, "UserPassword": { "base": null, "refs": { - "TestIdentityProviderRequest$UserPassword": "The password of the user account to be tested.
" + "TestIdentityProviderRequest$UserPassword": "The password of the account to be tested.
" } }, "VpcEndpointId": { @@ -2040,7 +2046,7 @@ } }, "WorkflowDetail": { - "base": "Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects.
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when the server session disconnects while the file is still being uploaded.
Container for the WorkflowDetail data type. It is used by actions that trigger a workflow to begin execution.
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects.
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects.
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects.
To remove an associated workflow from a server, you can provide an empty OnUpload object, as in the following example.
aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{\"OnUpload\":[]}'
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when the server session disconnects while the file is still being uploaded.
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when the server session disconnects while the file is still being uploaded.
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when the server session disconnects while the file is still being uploaded.
To remove an associated workflow from a server, you can provide an empty OnUpload object, as in the following example.
aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{\"OnUpload\":[]}'
Specifies the details for the steps that are in the specified workflow.
The TYPE specifies which of the following actions is being taken for this step.
COPY - Copy the file to another location.
CUSTOM - Perform a custom step with an Lambda function target.
DECRYPT - Decrypt a file that was encrypted before it was uploaded.
DELETE - Delete the file.
TAG - Add a tag to the file.
Currently, copying and tagging are supported only on S3.
For file location, you specify either the Amazon S3 bucket and key, or the Amazon EFS file system ID and path.
", - "CreateWorkflowRequest$OnExceptionSteps": "Specifies the steps (actions) to take if errors are encountered during execution of the workflow.
For custom steps, the lambda function needs to send FAILURE to the call back API to kick off the exception steps. Additionally, if the lambda does not send SUCCESS before it times out, the exception steps are executed.
Specifies the steps (actions) to take if errors are encountered during execution of the workflow.
For custom steps, the Lambda function needs to send FAILURE to the call back API to kick off the exception steps. Additionally, if the Lambda does not send SUCCESS before it times out, the exception steps are executed.
Specifies the details for the steps that are in the specified workflow.
", "DescribedWorkflow$OnExceptionSteps": "Specifies the steps (actions) to take if errors are encountered during execution of the workflow.
" } diff --git a/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json b/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json index 62e04723b35..6f1477c015b 100644 --- a/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json +++ b/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,154 +111,215 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://transfer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://transfer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://transfer-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://transfer-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://transfer.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -286,7 +327,7 @@ { "conditions": [], "endpoint": { - "url": "https://transfer.{Region}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://transfer.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -295,28 +336,13 @@ ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://transfer.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/transfer/2018-11-05/endpoint-tests-1.json b/models/apis/transfer/2018-11-05/endpoint-tests-1.json index 28a47d68408..5dffbbb040e 100644 --- a/models/apis/transfer/2018-11-05/endpoint-tests-1.json +++ b/models/apis/transfer/2018-11-05/endpoint-tests-1.json @@ -9,8 +9,8 @@ }, "params": { "Region": "af-south-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -22,8 +22,8 @@ }, "params": { "Region": "ap-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -35,8 +35,8 @@ }, "params": { "Region": "ap-northeast-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -48,8 +48,8 @@ }, "params": { "Region": "ap-northeast-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -61,8 +61,8 @@ }, "params": { "Region": "ap-northeast-3", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -74,8 +74,8 @@ }, "params": { "Region": "ap-south-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -87,8 +87,8 @@ }, "params": { "Region": "ap-southeast-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -100,8 +100,8 @@ }, "params": { "Region": "ap-southeast-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -113,8 +113,8 @@ }, "params": { "Region": "ca-central-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -126,8 +126,8 @@ }, "params": { "Region": "ca-central-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -139,8 +139,8 @@ }, "params": { "Region": "eu-central-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -152,8 +152,8 @@ }, "params": { "Region": "eu-north-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -165,8 +165,8 @@ }, "params": { "Region": "eu-south-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -178,8 +178,8 @@ }, "params": { "Region": "eu-west-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -191,8 +191,8 @@ }, "params": { "Region": "eu-west-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -204,8 +204,8 @@ }, "params": { "Region": "eu-west-3", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -217,8 +217,8 @@ }, "params": { "Region": "me-south-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -230,8 +230,8 @@ }, "params": { "Region": "sa-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -243,8 +243,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -256,8 +256,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -269,8 +269,8 @@ }, "params": { "Region": "us-east-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -282,8 +282,8 @@ }, "params": { "Region": "us-east-2", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -295,8 +295,8 @@ }, "params": { "Region": "us-west-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -308,8 +308,8 @@ }, "params": { "Region": "us-west-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -321,8 +321,8 @@ }, "params": { "Region": "us-west-2", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -334,8 +334,8 @@ }, "params": { "Region": "us-west-2", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -347,8 +347,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -360,8 +360,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -373,8 +373,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -386,8 +386,8 @@ }, "params": { "Region": "cn-northwest-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -399,8 +399,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -412,8 +412,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -425,8 +425,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -438,8 +438,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -451,8 +451,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -464,8 +464,8 @@ }, "params": { "Region": "us-gov-west-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { @@ -477,8 +477,8 @@ }, "params": { "Region": "us-gov-west-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -490,8 +490,8 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -503,8 +503,19 @@ }, "params": { "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { @@ -516,8 +527,19 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { @@ -529,8 +551,19 @@ }, "params": { "Region": "us-iso-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { @@ -542,8 +575,19 @@ }, "params": { "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { @@ -555,12 +599,12 @@ }, "params": { "Region": "us-isob-east-1", - "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" @@ -568,8 +612,21 @@ }, "params": { "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -580,8 +637,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -592,10 +649,16 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index ce59619357a..59da1fba439 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -21990,8 +21990,26 @@ }, "route53resolver" : { "endpoints" : { - "us-gov-east-1" : { }, - "us-gov-west-1" : { } + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "route53resolver.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-east-1-fips" : { + "deprecated" : true, + "hostname" : "route53resolver.us-gov-east-1.amazonaws.com" + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "route53resolver.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1-fips" : { + "deprecated" : true, + "hostname" : "route53resolver.us-gov-west-1.amazonaws.com" + } } }, "runtime.lex" : { diff --git a/service/athena/api.go b/service/athena/api.go index dfa7eea7f16..f6a8e45fe6d 100644 --- a/service/athena/api.go +++ b/service/athena/api.go @@ -9557,6 +9557,10 @@ type EngineConfiguration struct { // // MaxConcurrentDpus is a required field MaxConcurrentDpus *int64 `min:"2" type:"integer" required:"true"` + + // Specifies custom jar files and Spark properties for use cases like cluster + // encryption, table formats, and general Spark tuning. + SparkProperties map[string]*string `type:"map"` } // String returns the string representation. @@ -9623,6 +9627,12 @@ func (s *EngineConfiguration) SetMaxConcurrentDpus(v int64) *EngineConfiguration return s } +// SetSparkProperties sets the SparkProperties field's value. +func (s *EngineConfiguration) SetSparkProperties(v map[string]*string) *EngineConfiguration { + s.SparkProperties = v + return s +} + // The Athena engine version for running queries, or the PySpark engine version // for running sessions. type EngineVersion struct { diff --git a/service/rekognition/api.go b/service/rekognition/api.go index 33a02feab4c..9ffd7fa2809 100644 --- a/service/rekognition/api.go +++ b/service/rekognition/api.go @@ -14435,6 +14435,57 @@ func (s *EvaluationResult) SetSummary(v *Summary) *EvaluationResult { return s } +// Indicates the direction the eyes are gazing in (independent of the head pose) +// as determined by its pitch and yaw. +type EyeDirection struct { + _ struct{} `type:"structure"` + + // The confidence that the service has in its predicted eye direction. + Confidence *float64 `type:"float"` + + // Value representing eye direction on the pitch axis. + Pitch *float64 `type:"float"` + + // Value representing eye direction on the yaw axis. + Yaw *float64 `type:"float"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EyeDirection) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EyeDirection) GoString() string { + return s.String() +} + +// SetConfidence sets the Confidence field's value. +func (s *EyeDirection) SetConfidence(v float64) *EyeDirection { + s.Confidence = &v + return s +} + +// SetPitch sets the Pitch field's value. +func (s *EyeDirection) SetPitch(v float64) *EyeDirection { + s.Pitch = &v + return s +} + +// SetYaw sets the Yaw field's value. +func (s *EyeDirection) SetYaw(v float64) *EyeDirection { + s.Yaw = &v + return s +} + // Indicates whether or not the eyes on the face are open, and the confidence // level in the determination. type EyeOpen struct { @@ -14647,6 +14698,9 @@ type FaceDetail struct { // For example, a person pretending to have a sad face might not be sad emotionally. Emotions []*Emotion `type:"list"` + // Indicates the direction the eyes are gazing in, as defined by pitch and yaw. + EyeDirection *EyeDirection `type:"structure"` + // Indicates whether or not the face is wearing eye glasses, and the confidence // level in the determination. Eyeglasses *Eyeglasses `type:"structure"` @@ -14741,6 +14795,12 @@ func (s *FaceDetail) SetEmotions(v []*Emotion) *FaceDetail { return s } +// SetEyeDirection sets the EyeDirection field's value. +func (s *FaceDetail) SetEyeDirection(v *EyeDirection) *FaceDetail { + s.EyeDirection = v + return s +} + // SetEyeglasses sets the Eyeglasses field's value. func (s *FaceDetail) SetEyeglasses(v *Eyeglasses) *FaceDetail { s.Eyeglasses = v @@ -25920,6 +25980,9 @@ const ( // AttributeEmotions is a Attribute enum value AttributeEmotions = "EMOTIONS" + // AttributeEyeDirection is a Attribute enum value + AttributeEyeDirection = "EYE_DIRECTION" + // AttributeEyeglasses is a Attribute enum value AttributeEyeglasses = "EYEGLASSES" @@ -25953,6 +26016,7 @@ func Attribute_Values() []string { AttributeAgeRange, AttributeBeard, AttributeEmotions, + AttributeEyeDirection, AttributeEyeglasses, AttributeEyesOpen, AttributeGender, diff --git a/service/rolesanywhere/api.go b/service/rolesanywhere/api.go index b58b045d4fd..734f90b5b07 100644 --- a/service/rolesanywhere/api.go +++ b/service/rolesanywhere/api.go @@ -56,9 +56,8 @@ func (c *RolesAnywhere) CreateProfileRequest(input *CreateProfileInput) (req *re // CreateProfile API operation for IAM Roles Anywhere. // -// Creates a profile. A profile is configuration resource to list the roles -// that RolesAnywhere service is trusted to assume. In addition, by applying -// a profile you can intersect permissions with IAM managed policies. +// Creates a profile, a list of the roles that Roles Anywhere service is trusted +// to assume. You use profiles to intersect permissions with IAM managed policies. // // Required permissions: rolesanywhere:CreateProfile. // @@ -142,13 +141,12 @@ func (c *RolesAnywhere) CreateTrustAnchorRequest(input *CreateTrustAnchorInput) // CreateTrustAnchor API operation for IAM Roles Anywhere. // -// Creates a trust anchor. You establish trust between IAM Roles Anywhere and -// your certificate authority (CA) by configuring a trust anchor. A Trust Anchor -// is defined either as a reference to a AWS Certificate Manager Private Certificate -// Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. -// Your AWS workloads can authenticate with the trust anchor using certificates -// issued by the trusted Certificate Authority (CA) in exchange for temporary -// AWS credentials. +// Creates a trust anchor to establish trust between IAM Roles Anywhere and +// your certificate authority (CA). You can define a trust anchor as a reference +// to an Private Certificate Authority (Private CA) or by uploading a CA certificate. +// Your Amazon Web Services workloads can authenticate with the trust anchor +// using certificates issued by the CA in exchange for temporary Amazon Web +// Services credentials. // // Required permissions: rolesanywhere:CreateTrustAnchor. // @@ -568,8 +566,8 @@ func (c *RolesAnywhere) DisableProfileRequest(input *DisableProfileInput) (req * // DisableProfile API operation for IAM Roles Anywhere. // -// Disables a profile. When disabled, CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) -// requests with this profile fail. +// Disables a profile. When disabled, temporary credential requests with this +// profile fail. // // Required permissions: rolesanywhere:DisableProfile. // @@ -653,8 +651,8 @@ func (c *RolesAnywhere) DisableTrustAnchorRequest(input *DisableTrustAnchorInput // DisableTrustAnchor API operation for IAM Roles Anywhere. // -// Disables a trust anchor. When disabled, CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) -// requests specifying this trust anchor are unauthorized. +// Disables a trust anchor. When disabled, temporary credential requests specifying +// this trust anchor are unauthorized. // // Required permissions: rolesanywhere:DisableTrustAnchor. // @@ -823,8 +821,7 @@ func (c *RolesAnywhere) EnableProfileRequest(input *EnableProfileInput) (req *re // EnableProfile API operation for IAM Roles Anywhere. // -// Enables the roles in a profile to receive session credentials in CreateSession -// (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html). +// Enables temporary credential requests for a profile. // // Required permissions: rolesanywhere:EnableProfile. // @@ -1157,10 +1154,10 @@ func (c *RolesAnywhere) GetSubjectRequest(input *GetSubjectInput) (req *request. // GetSubject API operation for IAM Roles Anywhere. // -// Gets a Subject. A Subject associates a certificate identity with authentication -// attempts by CreateSession. The Subject resources stores audit information -// such as status of the last authentication attempt, the certificate data used -// in the attempt, and the last time the associated identity attempted authentication. +// Gets a subject, which associates a certificate identity with authentication +// attempts. The subject stores auditing information such as the status of the +// last authentication attempt, the certificate data used in the attempt, and +// the last time the associated identity attempted authentication. // // Required permissions: rolesanywhere:GetSubject. // @@ -1331,9 +1328,9 @@ func (c *RolesAnywhere) ImportCrlRequest(input *ImportCrlInput) (req *request.Re // ImportCrl API operation for IAM Roles Anywhere. // -// Imports the certificate revocation list (CRL). CRl is a list of certificates +// Imports the certificate revocation list (CRL). A CRL is a list of certificates // that have been revoked by the issuing certificate Authority (CA). IAM Roles -// Anywhere validates against the crl list before issuing credentials. +// Anywhere validates against the CRL before issuing credentials. // // Required permissions: rolesanywhere:ImportCrl. // @@ -1423,7 +1420,8 @@ func (c *RolesAnywhere) ListCrlsRequest(input *ListCrlsInput) (req *request.Requ // ListCrls API operation for IAM Roles Anywhere. // -// Lists all Crls in the authenticated account and Amazon Web Services Region. +// Lists all certificate revocation lists (CRL) in the authenticated account +// and Amazon Web Services Region. // // Required permissions: rolesanywhere:ListCrls. // @@ -2026,6 +2024,183 @@ func (c *RolesAnywhere) ListTrustAnchorsPagesWithContext(ctx aws.Context, input return p.Err() } +const opPutNotificationSettings = "PutNotificationSettings" + +// PutNotificationSettingsRequest generates a "aws/request.Request" representing the +// client's request for the PutNotificationSettings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutNotificationSettings for more information on using the PutNotificationSettings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutNotificationSettingsRequest method. +// req, resp := client.PutNotificationSettingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/PutNotificationSettings +func (c *RolesAnywhere) PutNotificationSettingsRequest(input *PutNotificationSettingsInput) (req *request.Request, output *PutNotificationSettingsOutput) { + op := &request.Operation{ + Name: opPutNotificationSettings, + HTTPMethod: "PATCH", + HTTPPath: "/put-notifications-settings", + } + + if input == nil { + input = &PutNotificationSettingsInput{} + } + + output = &PutNotificationSettingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutNotificationSettings API operation for IAM Roles Anywhere. +// +// Attaches a list of notification settings to a trust anchor. +// +// A notification setting includes information such as event name, threshold, +// status of the notification setting, and the channel to notify. +// +// Required permissions: rolesanywhere:PutNotificationSettings. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation PutNotificationSettings for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// Validation exception error. +// +// - ResourceNotFoundException +// The resource could not be found. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/PutNotificationSettings +func (c *RolesAnywhere) PutNotificationSettings(input *PutNotificationSettingsInput) (*PutNotificationSettingsOutput, error) { + req, out := c.PutNotificationSettingsRequest(input) + return out, req.Send() +} + +// PutNotificationSettingsWithContext is the same as PutNotificationSettings with the addition of +// the ability to pass a context and additional request options. +// +// See PutNotificationSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) PutNotificationSettingsWithContext(ctx aws.Context, input *PutNotificationSettingsInput, opts ...request.Option) (*PutNotificationSettingsOutput, error) { + req, out := c.PutNotificationSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opResetNotificationSettings = "ResetNotificationSettings" + +// ResetNotificationSettingsRequest generates a "aws/request.Request" representing the +// client's request for the ResetNotificationSettings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ResetNotificationSettings for more information on using the ResetNotificationSettings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ResetNotificationSettingsRequest method. +// req, resp := client.ResetNotificationSettingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ResetNotificationSettings +func (c *RolesAnywhere) ResetNotificationSettingsRequest(input *ResetNotificationSettingsInput) (req *request.Request, output *ResetNotificationSettingsOutput) { + op := &request.Operation{ + Name: opResetNotificationSettings, + HTTPMethod: "PATCH", + HTTPPath: "/reset-notifications-settings", + } + + if input == nil { + input = &ResetNotificationSettingsInput{} + } + + output = &ResetNotificationSettingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ResetNotificationSettings API operation for IAM Roles Anywhere. +// +// Resets the custom notification setting to IAM Roles Anywhere default setting. +// +// Required permissions: rolesanywhere:ResetNotificationSettings. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation ResetNotificationSettings for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// Validation exception error. +// +// - ResourceNotFoundException +// The resource could not be found. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ResetNotificationSettings +func (c *RolesAnywhere) ResetNotificationSettings(input *ResetNotificationSettingsInput) (*ResetNotificationSettingsOutput, error) { + req, out := c.ResetNotificationSettingsRequest(input) + return out, req.Send() +} + +// ResetNotificationSettingsWithContext is the same as ResetNotificationSettings with the addition of +// the ability to pass a context and additional request options. +// +// See ResetNotificationSettings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ResetNotificationSettingsWithContext(ctx aws.Context, input *ResetNotificationSettingsInput, opts ...request.Option) (*ResetNotificationSettingsOutput, error) { + req, out := c.ResetNotificationSettingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opTagResource = "TagResource" // TagResourceRequest generates a "aws/request.Request" representing the @@ -2248,9 +2423,9 @@ func (c *RolesAnywhere) UpdateCrlRequest(input *UpdateCrlInput) (req *request.Re // UpdateCrl API operation for IAM Roles Anywhere. // -// Updates the certificate revocation list (CRL). CRl is a list of certificates -// that have been revoked by the issuing certificate Authority (CA). IAM Roles -// Anywhere validates against the crl list before issuing credentials. +// Updates the certificate revocation list (CRL). A CRL is a list of certificates +// that have been revoked by the issuing certificate authority (CA). IAM Roles +// Anywhere validates against the CRL before issuing credentials. // // Required permissions: rolesanywhere:UpdateCrl. // @@ -2337,9 +2512,9 @@ func (c *RolesAnywhere) UpdateProfileRequest(input *UpdateProfileInput) (req *re // UpdateProfile API operation for IAM Roles Anywhere. // -// Updates the profile. A profile is configuration resource to list the roles -// that RolesAnywhere service is trusted to assume. In addition, by applying -// a profile you can scope-down permissions with IAM managed policies. +// Updates a profile, a list of the roles that IAM Roles Anywhere service is +// trusted to assume. You use profiles to intersect permissions with IAM managed +// policies. // // Required permissions: rolesanywhere:UpdateProfile. // @@ -2426,13 +2601,12 @@ func (c *RolesAnywhere) UpdateTrustAnchorRequest(input *UpdateTrustAnchorInput) // UpdateTrustAnchor API operation for IAM Roles Anywhere. // -// Updates the trust anchor.You establish trust between IAM Roles Anywhere and -// your certificate authority (CA) by configuring a trust anchor. A Trust Anchor -// is defined either as a reference to a AWS Certificate Manager Private Certificate -// Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. -// Your AWS workloads can authenticate with the trust anchor using certificates -// issued by the trusted Certificate Authority (CA) in exchange for temporary -// AWS credentials. +// Updates a trust anchor. You establish trust between IAM Roles Anywhere and +// your certificate authority (CA) by configuring a trust anchor. You can define +// a trust anchor as a reference to an Private Certificate Authority (Private +// CA) or by uploading a CA certificate. Your Amazon Web Services workloads +// can authenticate with the trust anchor using certificates issued by the CA +// in exchange for temporary Amazon Web Services credentials. // // Required permissions: rolesanywhere:UpdateTrustAnchor. // @@ -2557,12 +2731,12 @@ type CreateProfileInput struct { // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` - // Specifies whether instance properties are required in CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // Specifies whether instance properties are required in temporary credential // requests with this profile. RequireInstanceProperties *bool `locationName:"requireInstanceProperties" type:"boolean"` - // A list of IAM roles that this profile can assume in a CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation. + // A list of IAM roles that this profile can assume in a temporary credential + // request. // // RoleArns is a required field RoleArns []*string `locationName:"roleArns" type:"list" required:"true"` @@ -2715,6 +2889,9 @@ type CreateTrustAnchorInput struct { // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` + // A list of notification settings to be associated to the trust anchor. + NotificationSettings []*NotificationSetting `locationName:"notificationSettings" type:"list"` + // The trust anchor type and its related certificate data. // // Source is a required field @@ -2754,6 +2931,21 @@ func (s *CreateTrustAnchorInput) Validate() error { if s.Source == nil { invalidParams.Add(request.NewErrParamRequired("Source")) } + if s.NotificationSettings != nil { + for i, v := range s.NotificationSettings { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "NotificationSettings", i), err.(request.ErrInvalidParams)) + } + } + } + if s.Source != nil { + if err := s.Source.Validate(); err != nil { + invalidParams.AddNested("Source", err.(request.ErrInvalidParams)) + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -2783,6 +2975,12 @@ func (s *CreateTrustAnchorInput) SetName(v string) *CreateTrustAnchorInput { return s } +// SetNotificationSettings sets the NotificationSettings field's value. +func (s *CreateTrustAnchorInput) SetNotificationSettings(v []*NotificationSetting) *CreateTrustAnchorInput { + s.NotificationSettings = v + return s +} + // SetSource sets the Source field's value. func (s *CreateTrustAnchorInput) SetSource(v *Source) *CreateTrustAnchorInput { s.Source = v @@ -2828,24 +3026,22 @@ func (s *CreateTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *CreateTr return s } -// A record of a presented X509 credential to CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html). +// A record of a presented X509 credential from a temporary credential request. type CredentialSummary struct { _ struct{} `type:"structure"` // Indicates whether the credential is enabled. Enabled *bool `locationName:"enabled" type:"boolean"` - // Indicates whether the CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation was successful. + // Indicates whether the temporary credential request was successful. Failed *bool `locationName:"failed" type:"boolean"` // The fully qualified domain name of the issuing certificate for the presented // end-entity certificate. Issuer *string `locationName:"issuer" type:"string"` - // The ISO-8601 time stamp of when the certificate was last used in a CreateSession - // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation. + // The ISO-8601 time stamp of when the certificate was last used in a temporary + // credential request. SeenAt *time.Time `locationName:"seenAt" type:"timestamp" timestampFormat:"iso8601"` // The serial number of the certificate. @@ -4072,7 +4268,7 @@ func (s *GetTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *GetTrustAnc type ImportCrlInput struct { _ struct{} `type:"structure"` - // The x509 v3 specified certificate revocation list + // The x509 v3 specified certificate revocation list (CRL). // CrlData is automatically base64 encoded/decoded by the SDK. // // CrlData is a required field @@ -4221,16 +4417,14 @@ func (s *ImportCrlOutput) SetCrl(v *CrlDetail) *ImportCrlOutput { type InstanceProperty struct { _ struct{} `type:"structure"` - // Indicates whether the CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation was successful. + // Indicates whether the temporary credential request was successful. Failed *bool `locationName:"failed" type:"boolean"` // A list of instanceProperty objects. Properties map[string]*string `locationName:"properties" type:"map"` - // The ISO-8601 time stamp of when the certificate was last used in a CreateSession - // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation. + // The ISO-8601 time stamp of when the certificate was last used in a temporary + // credential request. SeenAt *time.Time `locationName:"seenAt" type:"timestamp" timestampFormat:"iso8601"` } @@ -4274,7 +4468,7 @@ type ListCrlsInput struct { _ struct{} `type:"structure" nopayload:"true"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` @@ -4332,7 +4526,7 @@ type ListCrlsOutput struct { Crls []*CrlDetail `locationName:"crls" type:"list"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `locationName:"nextToken" type:"string"` } @@ -4371,7 +4565,7 @@ type ListProfilesInput struct { _ struct{} `type:"structure" nopayload:"true"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` @@ -4426,7 +4620,7 @@ type ListProfilesOutput struct { _ struct{} `type:"structure"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `locationName:"nextToken" type:"string"` @@ -4468,7 +4662,7 @@ type ListSubjectsInput struct { _ struct{} `type:"structure" nopayload:"true"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` @@ -4523,7 +4717,7 @@ type ListSubjectsOutput struct { _ struct{} `type:"structure"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `locationName:"nextToken" type:"string"` @@ -4645,7 +4839,7 @@ type ListTrustAnchorsInput struct { _ struct{} `type:"structure" nopayload:"true"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` @@ -4700,7 +4894,7 @@ type ListTrustAnchorsOutput struct { _ struct{} `type:"structure"` // A token that indicates where the output should continue from, if a previous - // operation did not show all results. To get the next results, call the operation + // request did not show all results. To get the next results, make the request // again with this value. NextToken *string `locationName:"nextToken" type:"string"` @@ -4738,6 +4932,233 @@ func (s *ListTrustAnchorsOutput) SetTrustAnchors(v []*TrustAnchorDetail) *ListTr return s } +// Customizable notification settings that will be applied to notification events. +// IAM Roles Anywhere consumes these settings while notifying across multiple +// channels - CloudWatch metrics, EventBridge, and Health Dashboard. +type NotificationSetting struct { + _ struct{} `type:"structure"` + + // The specified channel of notification. IAM Roles Anywhere uses CloudWatch + // metrics, EventBridge, and Health Dashboard to notify for an event. + // + // In the absence of a specific channel, IAM Roles Anywhere applies this setting + // to 'ALL' channels. + Channel *string `locationName:"channel" type:"string" enum:"NotificationChannel"` + + // Indicates whether the notification setting is enabled. + // + // Enabled is a required field + Enabled *bool `locationName:"enabled" type:"boolean" required:"true"` + + // The event to which this notification setting is applied. + // + // Event is a required field + Event *string `locationName:"event" type:"string" required:"true" enum:"NotificationEvent"` + + // The number of days before a notification event. This value is required for + // a notification setting that is enabled. + Threshold *int64 `locationName:"threshold" min:"1" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NotificationSetting) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NotificationSetting) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *NotificationSetting) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "NotificationSetting"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + if s.Event == nil { + invalidParams.Add(request.NewErrParamRequired("Event")) + } + if s.Threshold != nil && *s.Threshold < 1 { + invalidParams.Add(request.NewErrParamMinValue("Threshold", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetChannel sets the Channel field's value. +func (s *NotificationSetting) SetChannel(v string) *NotificationSetting { + s.Channel = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *NotificationSetting) SetEnabled(v bool) *NotificationSetting { + s.Enabled = &v + return s +} + +// SetEvent sets the Event field's value. +func (s *NotificationSetting) SetEvent(v string) *NotificationSetting { + s.Event = &v + return s +} + +// SetThreshold sets the Threshold field's value. +func (s *NotificationSetting) SetThreshold(v int64) *NotificationSetting { + s.Threshold = &v + return s +} + +// The state of a notification setting. +// +// A notification setting includes information such as event name, threshold, +// status of the notification setting, and the channel to notify. +type NotificationSettingDetail struct { + _ struct{} `type:"structure"` + + // The specified channel of notification. IAM Roles Anywhere uses CloudWatch + // metrics, EventBridge, and Health Dashboard to notify for an event. + // + // In the absence of a specific channel, IAM Roles Anywhere applies this setting + // to 'ALL' channels. + Channel *string `locationName:"channel" type:"string" enum:"NotificationChannel"` + + // The principal that configured the notification setting. For default settings + // configured by IAM Roles Anywhere, the value is rolesanywhere.amazonaws.com, + // and for customized notifications settings, it is the respective account ID. + ConfiguredBy *string `locationName:"configuredBy" min:"1" type:"string"` + + // Indicates whether the notification setting is enabled. + // + // Enabled is a required field + Enabled *bool `locationName:"enabled" type:"boolean" required:"true"` + + // The event to which this notification setting is applied. + // + // Event is a required field + Event *string `locationName:"event" type:"string" required:"true" enum:"NotificationEvent"` + + // The number of days before a notification event. + Threshold *int64 `locationName:"threshold" min:"1" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NotificationSettingDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NotificationSettingDetail) GoString() string { + return s.String() +} + +// SetChannel sets the Channel field's value. +func (s *NotificationSettingDetail) SetChannel(v string) *NotificationSettingDetail { + s.Channel = &v + return s +} + +// SetConfiguredBy sets the ConfiguredBy field's value. +func (s *NotificationSettingDetail) SetConfiguredBy(v string) *NotificationSettingDetail { + s.ConfiguredBy = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *NotificationSettingDetail) SetEnabled(v bool) *NotificationSettingDetail { + s.Enabled = &v + return s +} + +// SetEvent sets the Event field's value. +func (s *NotificationSettingDetail) SetEvent(v string) *NotificationSettingDetail { + s.Event = &v + return s +} + +// SetThreshold sets the Threshold field's value. +func (s *NotificationSettingDetail) SetThreshold(v int64) *NotificationSettingDetail { + s.Threshold = &v + return s +} + +// A notification setting key to reset. A notification setting key includes +// the event and the channel. +type NotificationSettingKey struct { + _ struct{} `type:"structure"` + + // The specified channel of notification. + Channel *string `locationName:"channel" type:"string" enum:"NotificationChannel"` + + // The notification setting event to reset. + // + // Event is a required field + Event *string `locationName:"event" type:"string" required:"true" enum:"NotificationEvent"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NotificationSettingKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NotificationSettingKey) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *NotificationSettingKey) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "NotificationSettingKey"} + if s.Event == nil { + invalidParams.Add(request.NewErrParamRequired("Event")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetChannel sets the Channel field's value. +func (s *NotificationSettingKey) SetChannel(v string) *NotificationSettingKey { + s.Channel = &v + return s +} + +// SetEvent sets the Event field's value. +func (s *NotificationSettingKey) SetEvent(v string) *NotificationSettingKey { + s.Event = &v + return s +} + // The state of the profile after a read or write operation. type ProfileDetail struct { _ struct{} `type:"structure"` @@ -4766,12 +5187,12 @@ type ProfileDetail struct { // The unique identifier of the profile. ProfileId *string `locationName:"profileId" min:"36" type:"string"` - // Specifies whether instance properties are required in CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // Specifies whether instance properties are required in temporary credential // requests with this profile. RequireInstanceProperties *bool `locationName:"requireInstanceProperties" type:"boolean"` - // A list of IAM roles that this profile can assume in a CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation. + // A list of IAM roles that this profile can assume in a temporary credential + // request. RoleArns []*string `locationName:"roleArns" type:"list"` // A session policy that applies to the trust boundary of the vended session @@ -4872,6 +5293,219 @@ func (s *ProfileDetail) SetUpdatedAt(v time.Time) *ProfileDetail { return s } +type PutNotificationSettingsInput struct { + _ struct{} `type:"structure"` + + // A list of notification settings to be associated to the trust anchor. + // + // NotificationSettings is a required field + NotificationSettings []*NotificationSetting `locationName:"notificationSettings" type:"list" required:"true"` + + // The unique identifier of the trust anchor. + // + // TrustAnchorId is a required field + TrustAnchorId *string `locationName:"trustAnchorId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutNotificationSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutNotificationSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutNotificationSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutNotificationSettingsInput"} + if s.NotificationSettings == nil { + invalidParams.Add(request.NewErrParamRequired("NotificationSettings")) + } + if s.TrustAnchorId == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorId")) + } + if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) + } + if s.NotificationSettings != nil { + for i, v := range s.NotificationSettings { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "NotificationSettings", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNotificationSettings sets the NotificationSettings field's value. +func (s *PutNotificationSettingsInput) SetNotificationSettings(v []*NotificationSetting) *PutNotificationSettingsInput { + s.NotificationSettings = v + return s +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *PutNotificationSettingsInput) SetTrustAnchorId(v string) *PutNotificationSettingsInput { + s.TrustAnchorId = &v + return s +} + +type PutNotificationSettingsOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutNotificationSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutNotificationSettingsOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *PutNotificationSettingsOutput) SetTrustAnchor(v *TrustAnchorDetail) *PutNotificationSettingsOutput { + s.TrustAnchor = v + return s +} + +type ResetNotificationSettingsInput struct { + _ struct{} `type:"structure"` + + // A list of notification setting keys to reset. A notification setting key + // includes the event and the channel. + // + // NotificationSettingKeys is a required field + NotificationSettingKeys []*NotificationSettingKey `locationName:"notificationSettingKeys" type:"list" required:"true"` + + // The unique identifier of the trust anchor. + // + // TrustAnchorId is a required field + TrustAnchorId *string `locationName:"trustAnchorId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResetNotificationSettingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResetNotificationSettingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ResetNotificationSettingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ResetNotificationSettingsInput"} + if s.NotificationSettingKeys == nil { + invalidParams.Add(request.NewErrParamRequired("NotificationSettingKeys")) + } + if s.TrustAnchorId == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorId")) + } + if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) + } + if s.NotificationSettingKeys != nil { + for i, v := range s.NotificationSettingKeys { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "NotificationSettingKeys", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNotificationSettingKeys sets the NotificationSettingKeys field's value. +func (s *ResetNotificationSettingsInput) SetNotificationSettingKeys(v []*NotificationSettingKey) *ResetNotificationSettingsInput { + s.NotificationSettingKeys = v + return s +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *ResetNotificationSettingsInput) SetTrustAnchorId(v string) *ResetNotificationSettingsInput { + s.TrustAnchorId = &v + return s +} + +type ResetNotificationSettingsOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResetNotificationSettingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResetNotificationSettingsOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *ResetNotificationSettingsOutput) SetTrustAnchor(v *TrustAnchorDetail) *ResetNotificationSettingsOutput { + s.TrustAnchor = v + return s +} + // The resource could not be found. type ResourceNotFoundException struct { _ struct{} `type:"structure"` @@ -4965,6 +5599,21 @@ func (s Source) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *Source) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Source"} + if s.SourceData != nil { + if err := s.SourceData.Validate(); err != nil { + invalidParams.AddNested("SourceData", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetSourceData sets the SourceData field's value. func (s *Source) SetSourceData(v *SourceData) *Source { s.SourceData = v @@ -4981,14 +5630,14 @@ func (s *Source) SetSourceType(v string) *Source { type SourceData struct { _ struct{} `type:"structure"` - // The root certificate of the Certificate Manager Private Certificate Authority - // specified by this ARN is used in trust validation for CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operations. Included for trust anchors of type AWS_ACM_PCA. + // The root certificate of the Private Certificate Authority specified by this + // ARN is used in trust validation for temporary credential requests. Included + // for trust anchors of type AWS_ACM_PCA. AcmPcaArn *string `locationName:"acmPcaArn" type:"string"` // The PEM-encoded data for the certificate anchor. Included for trust anchors // of type CERTIFICATE_BUNDLE. - X509CertificateData *string `locationName:"x509CertificateData" type:"string"` + X509CertificateData *string `locationName:"x509CertificateData" min:"1" type:"string"` } // String returns the string representation. @@ -5009,6 +5658,19 @@ func (s SourceData) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *SourceData) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SourceData"} + if s.X509CertificateData != nil && len(*s.X509CertificateData) < 1 { + invalidParams.Add(request.NewErrParamMinLen("X509CertificateData", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetAcmPcaArn sets the AcmPcaArn field's value. func (s *SourceData) SetAcmPcaArn(v string) *SourceData { s.AcmPcaArn = &v @@ -5029,7 +5691,7 @@ type SubjectDetail struct { CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"` // The temporary session credentials vended at the last authenticating call - // with this Subject. + // with this subject. Credentials []*CredentialSummary `locationName:"credentials" type:"list"` // The enabled status of the subject. @@ -5038,7 +5700,7 @@ type SubjectDetail struct { // The specified instance properties associated with the request. InstanceProperties []*InstanceProperty `locationName:"instanceProperties" type:"list"` - // The ISO-8601 timestamp of the last time this Subject requested temporary + // The ISO-8601 timestamp of the last time this subject requested temporary // session credentials. LastSeenAt *time.Time `locationName:"lastSeenAt" type:"timestamp" timestampFormat:"iso8601"` @@ -5127,22 +5789,19 @@ func (s *SubjectDetail) SetX509Subject(v string) *SubjectDetail { return s } -// A summary representation of Subject resources returned in read operations; -// primarily ListSubjects. +// A summary representation of subjects. type SubjectSummary struct { _ struct{} `type:"structure"` - // The ISO-8601 time stamp of when the certificate was first used in a CreateSession - // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation. + // The ISO-8601 time stamp of when the certificate was first used in a temporary + // credential request. CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"` - // The enabled status of the Subject. + // The enabled status of the subject. Enabled *bool `locationName:"enabled" type:"boolean"` - // The ISO-8601 time stamp of when the certificate was last used in a CreateSession - // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation. + // The ISO-8601 time stamp of when the certificate was last used in a temporary + // credential request. LastSeenAt *time.Time `locationName:"lastSeenAt" type:"timestamp" timestampFormat:"iso8601"` // The ARN of the resource. @@ -5462,6 +6121,9 @@ type TrustAnchorDetail struct { // The name of the trust anchor. Name *string `locationName:"name" min:"1" type:"string"` + // A list of notification settings to be associated to the trust anchor. + NotificationSettings []*NotificationSettingDetail `locationName:"notificationSettings" type:"list"` + // The trust anchor type and its related certificate data. Source *Source `locationName:"source" type:"structure"` @@ -5511,6 +6173,12 @@ func (s *TrustAnchorDetail) SetName(v string) *TrustAnchorDetail { return s } +// SetNotificationSettings sets the NotificationSettings field's value. +func (s *TrustAnchorDetail) SetNotificationSettings(v []*NotificationSettingDetail) *TrustAnchorDetail { + s.NotificationSettings = v + return s +} + // SetSource sets the Source field's value. func (s *TrustAnchorDetail) SetSource(v *Source) *TrustAnchorDetail { s.Source = v @@ -5623,7 +6291,7 @@ func (s UntagResourceOutput) GoString() string { type UpdateCrlInput struct { _ struct{} `type:"structure"` - // The x509 v3 specified certificate revocation list + // The x509 v3 specified certificate revocation list (CRL). // CrlData is automatically base64 encoded/decoded by the SDK. CrlData []byte `locationName:"crlData" min:"1" type:"blob"` @@ -5745,8 +6413,8 @@ type UpdateProfileInput struct { // ProfileId is a required field ProfileId *string `location:"uri" locationName:"profileId" min:"36" type:"string" required:"true"` - // A list of IAM roles that this profile can assume in a CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) - // operation. + // A list of IAM roles that this profile can assume in a temporary credential + // request. RoleArns []*string `locationName:"roleArns" type:"list"` // A session policy that applies to the trust boundary of the vended session @@ -5909,6 +6577,11 @@ func (s *UpdateTrustAnchorInput) Validate() error { if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) } + if s.Source != nil { + if err := s.Source.Validate(); err != nil { + invalidParams.AddNested("Source", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -6031,6 +6704,34 @@ func (s *ValidationException) RequestID() string { return s.RespMetadata.RequestID } +const ( + // NotificationChannelAll is a NotificationChannel enum value + NotificationChannelAll = "ALL" +) + +// NotificationChannel_Values returns all elements of the NotificationChannel enum +func NotificationChannel_Values() []string { + return []string{ + NotificationChannelAll, + } +} + +const ( + // NotificationEventCaCertificateExpiry is a NotificationEvent enum value + NotificationEventCaCertificateExpiry = "CA_CERTIFICATE_EXPIRY" + + // NotificationEventEndEntityCertificateExpiry is a NotificationEvent enum value + NotificationEventEndEntityCertificateExpiry = "END_ENTITY_CERTIFICATE_EXPIRY" +) + +// NotificationEvent_Values returns all elements of the NotificationEvent enum +func NotificationEvent_Values() []string { + return []string{ + NotificationEventCaCertificateExpiry, + NotificationEventEndEntityCertificateExpiry, + } +} + const ( // TrustAnchorTypeAwsAcmPca is a TrustAnchorType enum value TrustAnchorTypeAwsAcmPca = "AWS_ACM_PCA" diff --git a/service/rolesanywhere/doc.go b/service/rolesanywhere/doc.go index b04369d5646..816b353d7cb 100644 --- a/service/rolesanywhere/doc.go +++ b/service/rolesanywhere/doc.go @@ -3,24 +3,24 @@ // Package rolesanywhere provides the client and types for making API // requests to IAM Roles Anywhere. // -// AWS Identity and Access Management Roles Anywhere provides a secure way for -// your workloads such as servers, containers, and applications running outside -// of AWS to obtain Temporary AWS credentials. Your workloads can use the same -// IAM policies and roles that you have configured with native AWS applications -// to access AWS resources. Using IAM Roles Anywhere will eliminate the need -// to manage long term credentials for workloads running outside of AWS. -// -// To use IAM Roles Anywhere customer workloads will need to use X.509 certificates -// issued by their Certificate Authority (CA) . The Certificate Authority (CA) -// needs to be registered with IAM Roles Anywhere as a trust anchor to establish -// trust between customer PKI and IAM Roles Anywhere. Customers who do not manage -// their own PKI system can use AWS Certificate Manager Private Certificate -// Authority (ACM PCA) to create a Certificate Authority and use that to establish -// trust with IAM Roles Anywhere -// -// This guide describes the IAM rolesanywhere operations that you can call programmatically. -// For general information about IAM Roles Anywhere see https://docs.aws.amazon.com/ -// (https://docs.aws.amazon.com/) +// Identity and Access Management Roles Anywhere provides a secure way for your +// workloads such as servers, containers, and applications that run outside +// of Amazon Web Services to obtain temporary Amazon Web Services credentials. +// Your workloads can use the same IAM policies and roles you have for native +// Amazon Web Services applications to access Amazon Web Services resources. +// Using IAM Roles Anywhere eliminates the need to manage long-term credentials +// for workloads running outside of Amazon Web Services. +// +// To use IAM Roles Anywhere, your workloads must use X.509 certificates issued +// by their certificate authority (CA). You register the CA with IAM Roles Anywhere +// as a trust anchor to establish trust between your public key infrastructure +// (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you +// can use Private Certificate Authority to create a CA and then use that to +// establish trust with IAM Roles Anywhere. +// +// This guide describes the IAM Roles Anywhere operations that you can call +// programmatically. For more information about IAM Roles Anywhere, see the +// IAM Roles Anywhere User Guide (https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html). // // See https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10 for more information on this service. // diff --git a/service/rolesanywhere/rolesanywhereiface/interface.go b/service/rolesanywhere/rolesanywhereiface/interface.go index 1ba4cc8bd11..0b16a7d4757 100644 --- a/service/rolesanywhere/rolesanywhereiface/interface.go +++ b/service/rolesanywhere/rolesanywhereiface/interface.go @@ -156,6 +156,14 @@ type RolesAnywhereAPI interface { ListTrustAnchorsPages(*rolesanywhere.ListTrustAnchorsInput, func(*rolesanywhere.ListTrustAnchorsOutput, bool) bool) error ListTrustAnchorsPagesWithContext(aws.Context, *rolesanywhere.ListTrustAnchorsInput, func(*rolesanywhere.ListTrustAnchorsOutput, bool) bool, ...request.Option) error + PutNotificationSettings(*rolesanywhere.PutNotificationSettingsInput) (*rolesanywhere.PutNotificationSettingsOutput, error) + PutNotificationSettingsWithContext(aws.Context, *rolesanywhere.PutNotificationSettingsInput, ...request.Option) (*rolesanywhere.PutNotificationSettingsOutput, error) + PutNotificationSettingsRequest(*rolesanywhere.PutNotificationSettingsInput) (*request.Request, *rolesanywhere.PutNotificationSettingsOutput) + + ResetNotificationSettings(*rolesanywhere.ResetNotificationSettingsInput) (*rolesanywhere.ResetNotificationSettingsOutput, error) + ResetNotificationSettingsWithContext(aws.Context, *rolesanywhere.ResetNotificationSettingsInput, ...request.Option) (*rolesanywhere.ResetNotificationSettingsOutput, error) + ResetNotificationSettingsRequest(*rolesanywhere.ResetNotificationSettingsInput) (*request.Request, *rolesanywhere.ResetNotificationSettingsOutput) + TagResource(*rolesanywhere.TagResourceInput) (*rolesanywhere.TagResourceOutput, error) TagResourceWithContext(aws.Context, *rolesanywhere.TagResourceInput, ...request.Option) (*rolesanywhere.TagResourceOutput, error) TagResourceRequest(*rolesanywhere.TagResourceInput) (*request.Request, *rolesanywhere.TagResourceOutput) diff --git a/service/transfer/api.go b/service/transfer/api.go index 6f364250119..0d02fa7cf90 100644 --- a/service/transfer/api.go +++ b/service/transfer/api.go @@ -1125,7 +1125,7 @@ func (c *Transfer) DeleteHostKeyRequest(input *DeleteHostKeyInput) (req *request // DeleteHostKey API operation for AWS Transfer Family. // -// Deletes the host key that's specified in the HoskKeyId parameter. +// Deletes the host key that's specified in the HostKeyId parameter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2066,6 +2066,12 @@ func (c *Transfer) DescribeExecutionRequest(input *DescribeExecutionInput) (req // You can use DescribeExecution to check the details of the execution of the // specified workflow. // +// This API call only returns details for in-progress workflows. +// +// If you provide an ID for an execution that is not in progress, or if the +// execution doesn't match the specified workflow ID, you receive a ResourceNotFound +// exception. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2902,9 +2908,9 @@ func (c *Transfer) ImportSshPublicKeyRequest(input *ImportSshPublicKeyInput) (re // ImportSshPublicKey API operation for AWS Transfer Family. // -// Adds a Secure Shell (SSH) public key to a user account identified by a UserName -// value assigned to the specific file transfer protocol-enabled server, identified -// by ServerId. +// Adds a Secure Shell (SSH) public key to a Transfer Family user identified +// by a UserName value assigned to the specific file transfer protocol-enabled +// server, identified by ServerId. // // The response returns the UserName value, the ServerId value, and the name // of the SshPublicKeyId. @@ -3622,7 +3628,10 @@ func (c *Transfer) ListExecutionsRequest(input *ListExecutionsInput) (req *reque // ListExecutions API operation for AWS Transfer Family. // -// Lists all executions for the specified workflow. +// Lists all in-progress executions for the specified workflow. +// +// If the specified workflow ID cannot be found, ListExecutions returns a ResourceNotFound +// exception. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4618,7 +4627,8 @@ func (c *Transfer) ListWorkflowsRequest(input *ListWorkflowsInput) (req *request // ListWorkflows API operation for AWS Transfer Family. // -// Lists all of your workflows. +// Lists all workflows associated with your Amazon Web Services account for +// your current region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5271,8 +5281,15 @@ func (c *Transfer) TestIdentityProviderRequest(input *TestIdentityProviderInput) // The ServerId and UserName parameters are required. The ServerProtocol, SourceIp, // and UserPassword are all optional. // -// You cannot use TestIdentityProvider if the IdentityProviderType of your server -// is SERVICE_MANAGED. +// Note the following: +// +// - You cannot use TestIdentityProvider if the IdentityProviderType of your +// server is SERVICE_MANAGED. +// +// - TestIdentityProvider does not work with keys: it only accepts passwords. +// +// - TestIdentityProvider can test the password operation for a custom Identity +// Provider that handles keys and passwords. // // - If you provide any incorrect values for any parameters, the Response // field is empty. @@ -5285,7 +5302,9 @@ func (c *Transfer) TestIdentityProviderRequest(input *TestIdentityProviderInput) // - If you enter a Server ID for the --server-id parameter that does not // identify an actual Transfer server, you receive the following error: An // error occurred (ResourceNotFoundException) when calling the TestIdentityProvider -// operation: Unknown server +// operation: Unknown server. It is possible your sever is in a different +// region. You can specify a region by adding the following: --region region-code, +// such as --region us-east-2 to specify a server in US East (Ohio). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6479,18 +6498,18 @@ func (s *ConflictException) RequestID() string { type CopyStepDetails struct { _ struct{} `type:"structure"` - // Specifies the location for the file being copied. Use ${Transfer:username} + // Specifies the location for the file being copied. Use ${Transfer:UserName} // or ${Transfer:UploadDate} in this field to parametrize the destination prefix // by username or uploaded date. // - // * Set the value of DestinationFileLocation to ${Transfer:username} to + // * Set the value of DestinationFileLocation to ${Transfer:UserName} to // copy uploaded files to an Amazon S3 bucket that is prefixed with the name // of the Transfer Family user that uploaded the file. // // * Set the value of DestinationFileLocation to ${Transfer:UploadDate} to // copy uploaded files to an Amazon S3 bucket that is prefixed with the date // of the upload. The system resolves UploadDate to a date format of YYYY-MM-DD, - // based on the date the file is uploaded. + // based on the date the file is uploaded in UTC. DestinationFileLocation *InputFileLocation `type:"structure"` // The name of the step, used as an identifier. @@ -6498,6 +6517,15 @@ type CopyStepDetails struct { // A flag that indicates whether to overwrite an existing file of the same name. // The default is FALSE. + // + // If the workflow is processing a file that has the same name as an existing + // file, the behavior is as follows: + // + // * If OverwriteExisting is TRUE, the existing file is replaced with the + // file being processed. + // + // * If OverwriteExisting is FALSE, nothing happens, and the workflow processing + // stops. OverwriteExisting *string `type:"string" enum:"OverwriteExisting"` // Specifies which file to use as input to the workflow step: either the output @@ -7436,11 +7464,11 @@ type CreateServerInput struct { // String and GoString methods. HostKey *string `type:"string" sensitive:"true"` - // Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE or API_GATEWAY. - // Accepts an array containing all of the information required to use a directory - // in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, - // including the API Gateway URL. Not required when IdentityProviderType is - // set to SERVICE_MANAGED. + // Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, Amazon + // Web Services_LAMBDA or API_GATEWAY. Accepts an array containing all of the + // information required to use a directory in AWS_DIRECTORY_SERVICE or invoke + // a customer-supplied authentication API, including the API Gateway URL. Not + // required when IdentityProviderType is set to SERVICE_MANAGED. IdentityProviderDetails *IdentityProviderDetails `type:"structure"` // The mode of authentication for a server. The default value is SERVICE_MANAGED, @@ -7460,7 +7488,7 @@ type CreateServerInput struct { // // Use the AWS_LAMBDA value to directly use an Lambda function as your identity // provider. If you choose this value, you must specify the ARN for the Lambda - // function in the Function parameter or the IdentityProviderDetails data type. + // function in the Function parameter for the IdentityProviderDetails data type. IdentityProviderType *string `type:"string" enum:"IdentityProviderType"` // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) @@ -7551,8 +7579,8 @@ type CreateServerInput struct { // // In addition to a workflow to execute when a file is uploaded completely, // WorkflowDetails can also contain a workflow ID (and execution role) for a - // workflow to execute on partial upload. A partial upload occurs when a file - // is open when the session disconnects. + // workflow to execute on partial upload. A partial upload occurs when the server + // session disconnects while the file is still being uploaded. WorkflowDetails *WorkflowDetails `type:"structure"` } @@ -8002,7 +8030,7 @@ type CreateUserOutput struct { // ServerId is a required field ServerId *string `min:"19" type:"string" required:"true"` - // A unique string that identifies a user account associated with a server. + // A unique string that identifies a Transfer Family user. // // UserName is a required field UserName *string `min:"3" type:"string" required:"true"` @@ -8047,8 +8075,8 @@ type CreateWorkflowInput struct { // Specifies the steps (actions) to take if errors are encountered during execution // of the workflow. // - // For custom steps, the lambda function needs to send FAILURE to the call back - // API to kick off the exception steps. Additionally, if the lambda does not + // For custom steps, the Lambda function needs to send FAILURE to the call back + // API to kick off the exception steps. Additionally, if the Lambda does not // send SUCCESS before it times out, the exception steps are executed. OnExceptionSteps []*WorkflowStep `type:"list"` @@ -8219,7 +8247,7 @@ type CustomStepDetails struct { // enter ${original.file}. SourceFileLocation *string `type:"string"` - // The ARN for the lambda function that is being called. + // The ARN for the Lambda function that is being called. Target *string `type:"string"` // Timeout, in seconds, for the step. @@ -8285,7 +8313,18 @@ func (s *CustomStepDetails) SetTimeoutSeconds(v int64) *CustomStepDetails { type DecryptStepDetails struct { _ struct{} `type:"structure"` - // Specifies the location for the file that's being processed. + // Specifies the location for the file being decrypted. Use ${Transfer:UserName} + // or ${Transfer:UploadDate} in this field to parametrize the destination prefix + // by username or uploaded date. + // + // * Set the value of DestinationFileLocation to ${Transfer:UserName} to + // decrypt uploaded files to an Amazon S3 bucket that is prefixed with the + // name of the Transfer Family user that uploaded the file. + // + // * Set the value of DestinationFileLocation to ${Transfer:UploadDate} to + // decrypt uploaded files to an Amazon S3 bucket that is prefixed with the + // date of the upload. The system resolves UploadDate to a date format of + // YYYY-MM-DD, based on the date the file is uploaded in UTC. // // DestinationFileLocation is a required field DestinationFileLocation *InputFileLocation `type:"structure" required:"true"` @@ -8295,6 +8334,15 @@ type DecryptStepDetails struct { // A flag that indicates whether to overwrite an existing file of the same name. // The default is FALSE. + // + // If the workflow is processing a file that has the same name as an existing + // file, the behavior is as follows: + // + // * If OverwriteExisting is TRUE, the existing file is replaced with the + // file being processed. + // + // * If OverwriteExisting is FALSE, nothing happens, and the workflow processing + // stops. OverwriteExisting *string `type:"string" enum:"OverwriteExisting"` // Specifies which file to use as input to the workflow step: either the output @@ -10179,8 +10227,8 @@ type DescribeUserOutput struct { // ServerId is a required field ServerId *string `min:"19" type:"string" required:"true"` - // An array containing the properties of the user account for the ServerID value - // that you specified. + // An array containing the properties of the Transfer Family user for the ServerID + // value that you specified. // // User is a required field User *DescribedUser `type:"structure" required:"true"` @@ -11251,7 +11299,7 @@ type DescribedServer struct { // // Use the AWS_LAMBDA value to directly use an Lambda function as your identity // provider. If you choose this value, you must specify the ARN for the Lambda - // function in the Function parameter or the IdentityProviderDetails data type. + // function in the Function parameter for the IdentityProviderDetails data type. IdentityProviderType *string `type:"string" enum:"IdentityProviderType"` // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) @@ -11359,8 +11407,8 @@ type DescribedServer struct { // // In addition to a workflow to execute when a file is uploaded completely, // WorkflowDetails can also contain a workflow ID (and execution role) for a - // workflow to execute on partial upload. A partial upload occurs when a file - // is open when the session disconnects. + // workflow to execute on partial upload. A partial upload occurs when the server + // session disconnects while the file is still being uploaded. WorkflowDetails *WorkflowDetails `type:"structure"` } @@ -12193,12 +12241,30 @@ type IdentityProviderDetails struct { // The identifier of the Directory Service directory that you want to stop sharing. DirectoryId *string `min:"12" type:"string"` - // The ARN for a lambda function to use for the Identity provider. + // The ARN for a Lambda function to use for the Identity provider. Function *string `min:"1" type:"string"` + // This parameter is only applicable if your IdentityProviderType is API_GATEWAY. // Provides the type of InvocationRole used to authenticate the user account. InvocationRole *string `min:"20" type:"string"` + // For SFTP-enabled servers, and for custom identity providers only, you can + // specify whether to authenticate using a password, SSH key pair, or both. + // + // * PASSWORD - users must provide their password to connect. + // + // * PUBLIC_KEY - users must provide their private key to connect. + // + // * PUBLIC_KEY_OR_PASSWORD - users can authenticate with either their password + // or their key. This is the default value. + // + // * PUBLIC_KEY_AND_PASSWORD - users must provide both their private key + // and their password to connect. The server checks the key first, and then + // if the key is valid, the system prompts for a password. If the private + // key provided does not match the public key that is stored, authentication + // fails. + SftpAuthenticationMethods *string `type:"string" enum:"SftpAuthenticationMethods"` + // Provides the location of the service endpoint used to authenticate users. Url *string `type:"string"` } @@ -12258,6 +12324,12 @@ func (s *IdentityProviderDetails) SetInvocationRole(v string) *IdentityProviderD return s } +// SetSftpAuthenticationMethods sets the SftpAuthenticationMethods field's value. +func (s *IdentityProviderDetails) SetSftpAuthenticationMethods(v string) *IdentityProviderDetails { + s.SftpAuthenticationMethods = &v + return s +} + // SetUrl sets the Url field's value. func (s *IdentityProviderDetails) SetUrl(v string) *IdentityProviderDetails { s.Url = &v @@ -12619,7 +12691,7 @@ type ImportSshPublicKeyInput struct { // SshPublicKeyBody is a required field SshPublicKeyBody *string `type:"string" required:"true"` - // The name of the user account that is assigned to one or more servers. + // The name of the Transfer Family user that is assigned to one or more servers. // // UserName is a required field UserName *string `min:"3" type:"string" required:"true"` @@ -13546,18 +13618,7 @@ func (s *ListExecutionsInput) SetWorkflowId(v string) *ListExecutionsInput { type ListExecutionsOutput struct { _ struct{} `type:"structure"` - // Returns the details for each execution. - // - // * NextToken: returned from a call to several APIs, you can use pass it - // to a subsequent command to continue listing additional executions. - // - // * StartTime: timestamp indicating when the execution began. - // - // * Executions: details of the execution, including the execution ID, initial - // file location, and Service metadata. - // - // * Status: one of the following values: IN_PROGRESS, COMPLETED, EXCEPTION, - // HANDLING_EXEPTION. + // Returns the details for each execution, in a ListedExecution array. // // Executions is a required field Executions []*ListedExecution `type:"list" required:"true"` @@ -14277,8 +14338,8 @@ type ListUsersOutput struct { // ServerId is a required field ServerId *string `min:"19" type:"string" required:"true"` - // Returns the user accounts and their properties for the ServerId value that - // you specify. + // Returns the Transfer Family users and their properties for the ServerId value + // that you specify. // // Users is a required field Users []*ListedUser `type:"list" required:"true"` @@ -14999,7 +15060,7 @@ type ListedServer struct { // // Use the AWS_LAMBDA value to directly use an Lambda function as your identity // provider. If you choose this value, you must specify the ARN for the Lambda - // function in the Function parameter or the IdentityProviderDetails data type. + // function in the Function parameter for the IdentityProviderDetails data type. IdentityProviderType *string `type:"string" enum:"IdentityProviderType"` // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) @@ -16062,15 +16123,15 @@ func (s *ServiceUnavailableException) RequestID() string { } // Provides information about the public Secure Shell (SSH) key that is associated -// with a user account for the specific file transfer protocol-enabled server -// (as identified by ServerId). The information returned includes the date the -// key was imported, the public key contents, and the public key ID. A user -// can store more than one SSH public key associated with their user name on -// a specific server. +// with a Transfer Family user for the specific file transfer protocol-enabled +// server (as identified by ServerId). The information returned includes the +// date the key was imported, the public key contents, and the public key ID. +// A user can store more than one SSH public key associated with their user +// name on a specific server. type SshPublicKey struct { _ struct{} `type:"structure"` - // Specifies the date that the public key was added to the user account. + // Specifies the date that the public key was added to the Transfer Family user. // // DateImported is a required field DateImported *time.Time `type:"timestamp" required:"true"` @@ -16443,8 +16504,8 @@ type TagResourceInput struct { Arn *string `min:"20" type:"string" required:"true"` // Key-value pairs assigned to ARNs that you can use to group and search for - // resources by type. You can attach this metadata to user accounts for any - // purpose. + // resources by type. You can attach this metadata to resources (servers, users, + // workflows, and so on) for any purpose. // // Tags is a required field Tags []*Tag `min:"1" type:"list" required:"true"` @@ -16636,17 +16697,19 @@ type TestIdentityProviderInput struct { // * File Transfer Protocol Secure (FTPS) // // * File Transfer Protocol (FTP) + // + // * Applicability Statement 2 (AS2) ServerProtocol *string `type:"string" enum:"Protocol"` - // The source IP address of the user account to be tested. + // The source IP address of the account to be tested. SourceIp *string `type:"string"` - // The name of the user account to be tested. + // The name of the account to be tested. // // UserName is a required field UserName *string `min:"3" type:"string" required:"true"` - // The password of the user account to be tested. + // The password of the account to be tested. // // UserPassword is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by TestIdentityProviderInput's @@ -16733,10 +16796,11 @@ type TestIdentityProviderOutput struct { // failed due to an incorrect username or password. Message *string `type:"string"` - // The response that is returned from your API Gateway. + // The response that is returned from your API Gateway or your Lambda function. Response *string `type:"string"` - // The HTTP status code that is the response from your API Gateway. + // The HTTP status code that is the response from your API Gateway or your Lambda + // function. // // StatusCode is a required field StatusCode *int64 `type:"integer" required:"true"` @@ -18036,8 +18100,8 @@ type UpdateServerInput struct { // Specifies the name of the security policy that is attached to the server. SecurityPolicyName *string `type:"string"` - // A system-assigned unique identifier for a server instance that the user account - // is assigned to. + // A system-assigned unique identifier for a server instance that the Transfer + // Family user is assigned to. // // ServerId is a required field ServerId *string `min:"19" type:"string" required:"true"` @@ -18047,8 +18111,8 @@ type UpdateServerInput struct { // // In addition to a workflow to execute when a file is uploaded completely, // WorkflowDetails can also contain a workflow ID (and execution role) for a - // workflow to execute on partial upload. A partial upload occurs when a file - // is open when the session disconnects. + // workflow to execute on partial upload. A partial upload occurs when the server + // session disconnects while the file is still being uploaded. // // To remove an associated workflow from a server, you can provide an empty // OnUpload object, as in the following example. @@ -18196,8 +18260,8 @@ func (s *UpdateServerInput) SetWorkflowDetails(v *WorkflowDetails) *UpdateServer type UpdateServerOutput struct { _ struct{} `type:"structure"` - // A system-assigned unique identifier for a server that the user account is - // assigned to. + // A system-assigned unique identifier for a server that the Transfer Family + // user is assigned to. // // ServerId is a required field ServerId *string `min:"19" type:"string" required:"true"` @@ -18301,8 +18365,8 @@ type UpdateUserInput struct { // when servicing your users' transfer requests. Role *string `min:"20" type:"string"` - // A system-assigned unique identifier for a server instance that the user account - // is assigned to. + // A system-assigned unique identifier for a Transfer Family server instance + // that the user is assigned to. // // ServerId is a required field ServerId *string `min:"19" type:"string" required:"true"` @@ -18431,8 +18495,8 @@ func (s *UpdateUserInput) SetUserName(v string) *UpdateUserInput { type UpdateUserOutput struct { _ struct{} `type:"structure"` - // A system-assigned unique identifier for a server instance that the user account - // is assigned to. + // A system-assigned unique identifier for a Transfer Family server instance + // that the account is assigned to. // // ServerId is a required field ServerId *string `min:"19" type:"string" required:"true"` @@ -18487,7 +18551,8 @@ type UserDetails struct { // workflow. SessionId *string `min:"3" type:"string"` - // A unique string that identifies a user account associated with a server. + // A unique string that identifies a Transfer Family user associated with a + // server. // // UserName is a required field UserName *string `min:"3" type:"string" required:"true"` @@ -18534,8 +18599,8 @@ func (s *UserDetails) SetUserName(v string) *UserDetails { // // In addition to a workflow to execute when a file is uploaded completely, // WorkflowDetails can also contain a workflow ID (and execution role) for a -// workflow to execute on partial upload. A partial upload occurs when a file -// is open when the session disconnects. +// workflow to execute on partial upload. A partial upload occurs when the server +// session disconnects while the file is still being uploaded. type WorkflowDetail struct { _ struct{} `type:"structure"` @@ -19096,12 +19161,24 @@ func HomeDirectoryType_Values() []string { } } -// Returns information related to the type of user authentication that is in -// use for a file transfer protocol-enabled server's users. For AWS_DIRECTORY_SERVICE -// or SERVICE_MANAGED authentication, the Secure Shell (SSH) public keys are -// stored with a user on the server instance. For API_GATEWAY authentication, -// your custom authentication method is implemented by using an API call. The -// server can have only one method of authentication. +// The mode of authentication for a server. The default value is SERVICE_MANAGED, +// which allows you to store and access user credentials within the Transfer +// Family service. +// +// Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in +// Directory Service for Microsoft Active Directory or Microsoft Active Directory +// in your on-premises environment or in Amazon Web Services using AD Connector. +// This option also requires you to provide a Directory ID by using the IdentityProviderDetails +// parameter. +// +// Use the API_GATEWAY value to integrate with an identity provider of your +// choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway +// endpoint URL to call for authentication by using the IdentityProviderDetails +// parameter. +// +// Use the AWS_LAMBDA value to directly use an Lambda function as your identity +// provider. If you choose this value, you must specify the ARN for the Lambda +// function in the Function parameter for the IdentityProviderDetails data type. const ( // IdentityProviderTypeServiceManaged is a IdentityProviderType enum value IdentityProviderTypeServiceManaged = "SERVICE_MANAGED" @@ -19246,6 +19323,30 @@ func SetStatOption_Values() []string { } } +const ( + // SftpAuthenticationMethodsPassword is a SftpAuthenticationMethods enum value + SftpAuthenticationMethodsPassword = "PASSWORD" + + // SftpAuthenticationMethodsPublicKey is a SftpAuthenticationMethods enum value + SftpAuthenticationMethodsPublicKey = "PUBLIC_KEY" + + // SftpAuthenticationMethodsPublicKeyOrPassword is a SftpAuthenticationMethods enum value + SftpAuthenticationMethodsPublicKeyOrPassword = "PUBLIC_KEY_OR_PASSWORD" + + // SftpAuthenticationMethodsPublicKeyAndPassword is a SftpAuthenticationMethods enum value + SftpAuthenticationMethodsPublicKeyAndPassword = "PUBLIC_KEY_AND_PASSWORD" +) + +// SftpAuthenticationMethods_Values returns all elements of the SftpAuthenticationMethods enum +func SftpAuthenticationMethods_Values() []string { + return []string{ + SftpAuthenticationMethodsPassword, + SftpAuthenticationMethodsPublicKey, + SftpAuthenticationMethodsPublicKeyOrPassword, + SftpAuthenticationMethodsPublicKeyAndPassword, + } +} + const ( // SigningAlgSha256 is a SigningAlg enum value SigningAlgSha256 = "SHA256"