Welcome to the Audit Manager API reference. This guide is for developers who need detailed information about the Audit Manager API operations, data types, and errors.
Audit Manager is a service that provides automated evidence collection so that you can continuously audit your Amazon Web Services usage, and assess the effectiveness of your controls to better manage risk and simplify compliance.
Audit Manager provides pre-built frameworks that structure and automate assessments for a given compliance standard. Frameworks include a pre-built collection of controls with descriptions and testing procedures, which are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with unique requirements.
Use the following links to get started with the Audit Manager API:
Actions: An alphabetical list of all Audit Manager API operations.
Data types: An alphabetical list of all Audit Manager data types.
Common parameters: Parameters that all Query operations can use.
Common errors: Client and server errors that all operations can return.
If you're new to Audit Manager, we recommend that you review the Audit Manager User Guide.
", + "service": "Welcome to the Audit Manager API reference. This guide is for developers who need detailed information about the Audit Manager API operations, data types, and errors.
Audit Manager is a service that provides automated evidence collection so that you can continually audit your Amazon Web Services usage. You can use it to assess the effectiveness of your controls, manage risk, and simplify compliance.
Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard. Frameworks include a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with specific requirements.
Use the following links to get started with the Audit Manager API:
Actions: An alphabetical list of all Audit Manager API operations.
Data types: An alphabetical list of all Audit Manager data types.
Common parameters: Parameters that all Query operations can use.
Common errors: Client and server errors that all operations can return.
If you're new to Audit Manager, we recommend that you review the Audit Manager User Guide.
", "operations": { - "AssociateAssessmentReportEvidenceFolder": "Associates an evidence folder to the specified assessment report in Audit Manager.
", + "AssociateAssessmentReportEvidenceFolder": "Associates an evidence folder to an assessment report in a Audit Manager assessment.
", "BatchAssociateAssessmentReportEvidence": "Associates a list of evidence to an assessment report in an Audit Manager assessment.
", - "BatchCreateDelegationByAssessment": "Create a batch of delegations for a specified assessment in Audit Manager.
", - "BatchDeleteDelegationByAssessment": "Deletes the delegations in the specified Audit Manager assessment.
", - "BatchDisassociateAssessmentReportEvidence": "Disassociates a list of evidence from the specified assessment report in Audit Manager.
", - "BatchImportEvidenceToAssessmentControl": "Uploads one or more pieces of evidence to the specified control in the assessment in Audit Manager.
", + "BatchCreateDelegationByAssessment": "Creates a batch of delegations for an assessment in Audit Manager.
", + "BatchDeleteDelegationByAssessment": "Deletes a batch of delegations for an assessment in Audit Manager.
", + "BatchDisassociateAssessmentReportEvidence": "Disassociates a list of evidence from an assessment report in Audit Manager.
", + "BatchImportEvidenceToAssessmentControl": "Uploads one or more pieces of evidence to a control in an Audit Manager assessment.
", "CreateAssessment": "Creates an assessment in Audit Manager.
", "CreateAssessmentFramework": "Creates a custom framework in Audit Manager.
", "CreateAssessmentReport": "Creates an assessment report for the specified assessment.
", "CreateControl": "Creates a new custom control in Audit Manager.
", "DeleteAssessment": "Deletes an assessment in Audit Manager.
", "DeleteAssessmentFramework": "Deletes a custom framework in Audit Manager.
", + "DeleteAssessmentFrameworkShare": "Deletes a share request for a custom framework in Audit Manager.
", "DeleteAssessmentReport": "Deletes an assessment report from an assessment in Audit Manager.
", "DeleteControl": "Deletes a custom control in Audit Manager.
", "DeregisterAccount": "Deregisters an account in Audit Manager.
", - "DeregisterOrganizationAdminAccount": "Removes the specified member Amazon Web Services account as a delegated administrator for Audit Manager.
When you remove a delegated administrator from your Audit Manager settings, or when you deregister a delegated administrator from Organizations, you continue to have access to the evidence that you previously collected under that account. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.
Removes the specified member Amazon Web Services account as a delegated administrator for Audit Manager.
When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Audit Manager. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.
Disassociates an evidence folder from the specified assessment report in Audit Manager.
", "GetAccountStatus": "Returns the registration status of an account in Audit Manager.
", "GetAssessment": "Returns an assessment from Audit Manager.
", "GetAssessmentFramework": "Returns a framework from Audit Manager.
", - "GetAssessmentReportUrl": "Returns the URL of a specified assessment report in Audit Manager.
", + "GetAssessmentReportUrl": "Returns the URL of an assessment report in Audit Manager.
", "GetChangeLogs": "Returns a list of changelogs from Audit Manager.
", "GetControl": "Returns a control from Audit Manager.
", "GetDelegations": "Returns a list of delegations from an audit owner to a delegate.
", @@ -30,25 +31,28 @@ "GetEvidenceByEvidenceFolder": "Returns all evidence from a specified evidence folder in Audit Manager.
", "GetEvidenceFolder": "Returns an evidence folder from the specified assessment in Audit Manager.
", "GetEvidenceFoldersByAssessment": "Returns the evidence folders from a specified assessment in Audit Manager.
", - "GetEvidenceFoldersByAssessmentControl": "Returns a list of evidence folders associated with a specified control of an assessment in Audit Manager.
", + "GetEvidenceFoldersByAssessmentControl": "Returns a list of evidence folders that are associated with a specified control of an assessment in Audit Manager.
", "GetOrganizationAdminAccount": "Returns the name of the delegated Amazon Web Services administrator account for the organization.
", "GetServicesInScope": "Returns a list of the in-scope Amazon Web Services services for the specified assessment.
", "GetSettings": "Returns the settings for the specified Amazon Web Services account.
", - "ListAssessmentFrameworks": "Returns a list of the frameworks available in the Audit Manager framework library.
", + "ListAssessmentFrameworkShareRequests": "Returns a list of sent or received share requests for custom frameworks in Audit Manager.
", + "ListAssessmentFrameworks": "Returns a list of the frameworks that are available in the Audit Manager framework library.
", "ListAssessmentReports": "Returns a list of assessment reports created in Audit Manager.
", "ListAssessments": "Returns a list of current and past assessments from Audit Manager.
", "ListControls": "Returns a list of controls from Audit Manager.
", - "ListKeywordsForDataSource": "Returns a list of keywords that pre-mapped to the specified control data source.
", + "ListKeywordsForDataSource": "Returns a list of keywords that are pre-mapped to the specified control data source.
", "ListNotifications": "Returns a list of all Audit Manager notifications.
", "ListTagsForResource": "Returns a list of tags for the specified resource in Audit Manager.
", "RegisterAccount": "Enables Audit Manager for the specified Amazon Web Services account.
", "RegisterOrganizationAdminAccount": "Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.
", + "StartAssessmentFrameworkShare": "Creates a share request for a custom framework in Audit Manager.
The share request specifies a recipient and notifies them that a custom framework is available. Recipients have 120 days to accept or decline the request. If no action is taken, the share request expires.
When you invoke the StartAssessmentFrameworkShare API, you are about to share a custom framework with another Amazon Web Services account. You may not share a custom framework that is derived from a standard framework if the standard framework is designated as not eligible for sharing by Amazon Web Services, unless you have obtained permission to do so from the owner of the standard framework. To learn more about which standard frameworks are eligible for sharing, see Framework sharing eligibility in the Audit Manager User Guide.
Tags the specified resource in Audit Manager.
", "UntagResource": "Removes a tag from a resource in Audit Manager.
", "UpdateAssessment": "Edits an Audit Manager assessment.
", "UpdateAssessmentControl": "Updates a control within an assessment in Audit Manager.
", "UpdateAssessmentControlSetStatus": "Updates the status of a control set in an Audit Manager assessment.
", "UpdateAssessmentFramework": "Updates a custom framework in Audit Manager.
", + "UpdateAssessmentFrameworkShare": "Updates a share request for a custom framework in Audit Manager.
", "UpdateAssessmentStatus": "Updates the status of an assessment in Audit Manager.
", "UpdateControl": "Updates a custom control in Audit Manager.
", "UpdateSettings": "Updates Audit Manager settings for the current user account.
", @@ -56,20 +60,20 @@ }, "shapes": { "AWSAccount": { - "base": "The wrapper of Amazon Web Services account details, such as account ID, email address, and so on.
", + "base": "The wrapper of Amazon Web Services account details, such as account ID or email address.
", "refs": { "AWSAccounts$member": null, - "Assessment$awsAccount": "The Amazon Web Services account associated with the assessment.
" + "Assessment$awsAccount": "The Amazon Web Services account that's associated with the assessment.
" } }, "AWSAccounts": { "base": null, "refs": { - "Scope$awsAccounts": "The Amazon Web Services accounts included in the scope of the assessment.
" + "Scope$awsAccounts": "The Amazon Web Services accounts that are included in the scope of the assessment.
" } }, "AWSService": { - "base": "An Amazon Web Service such as Amazon S3, CloudTrail, and so on.
", + "base": "An Amazon Web Service such as Amazon S3 or CloudTrail.
", "refs": { "AWSServices$member": null } @@ -78,61 +82,64 @@ "base": null, "refs": { "AWSService$serviceName": "The name of the Amazon Web Service.
", - "Evidence$eventSource": "The Amazon Web Service from which the evidence is collected.
", + "Evidence$eventSource": "The Amazon Web Service that the evidence is collected from.
", "ServiceMetadata$name": "The name of the Amazon Web Service.
" } }, "AWSServices": { "base": null, "refs": { - "Scope$awsServices": "The Amazon Web Services services included in the scope of the assessment.
" + "Scope$awsServices": "The Amazon Web Services services that are included in the scope of the assessment.
" } }, "AccessDeniedException": { - "base": "Your account is not registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
", + "base": "Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
", "refs": { } }, "AccountId": { "base": null, "refs": { - "AWSAccount$id": "The identifier for the specified Amazon Web Services account.
", + "AWSAccount$id": "The identifier for the Amazon Web Services account.
", + "AssessmentFrameworkShareRequest$sourceAccount": "The Amazon Web Services account of the sender.
", + "AssessmentFrameworkShareRequest$destinationAccount": "The Amazon Web Services account of the recipient.
", "AssessmentReport$awsAccountId": "The identifier for the specified Amazon Web Services account.
", - "DeregisterOrganizationAdminAccountRequest$adminAccountId": "The identifier for the specified administrator account.
", - "Evidence$evidenceAwsAccountId": "The identifier for the specified Amazon Web Services account.
", - "Evidence$awsAccountId": "The identifier for the specified Amazon Web Services account.
", - "GetOrganizationAdminAccountResponse$adminAccountId": "The identifier for the specified administrator account.
", + "DeregisterOrganizationAdminAccountRequest$adminAccountId": "The identifier for the administrator account.
", + "Evidence$evidenceAwsAccountId": "The identifier for the Amazon Web Services account.
", + "Evidence$awsAccountId": "The identifier for the Amazon Web Services account.
", + "GetOrganizationAdminAccountResponse$adminAccountId": "The identifier for the administrator account.
", "RegisterAccountRequest$delegatedAdminAccount": "The delegated administrator account for Audit Manager.
", - "RegisterOrganizationAdminAccountRequest$adminAccountId": "The identifier for the specified delegated administrator account.
", - "RegisterOrganizationAdminAccountResponse$adminAccountId": "The identifier for the specified delegated administrator account.
" + "RegisterOrganizationAdminAccountRequest$adminAccountId": "The identifier for the delegated administrator account.
", + "RegisterOrganizationAdminAccountResponse$adminAccountId": "The identifier for the delegated administrator account.
", + "StartAssessmentFrameworkShareRequest$destinationAccount": "The Amazon Web Services account of the recipient.
" } }, "AccountName": { "base": null, "refs": { - "AWSAccount$name": "The name of the specified Amazon Web Services account.
" + "AWSAccount$name": "The name of the Amazon Web Services account.
" } }, "AccountStatus": { "base": null, "refs": { "DeregisterAccountResponse$status": "The registration status of the account.
", - "GetAccountStatusResponse$status": "The status of the specified Amazon Web Services account.
", + "GetAccountStatusResponse$status": "The status of the Amazon Web Services account.
", "RegisterAccountResponse$status": "The status of the account registration request.
" } }, "ActionEnum": { "base": null, "refs": { - "ChangeLog$action": "The action performed.
" + "ChangeLog$action": "The action that was performed.
" } }, "ActionPlanInstructions": { "base": null, "refs": { - "Control$actionPlanInstructions": "The recommended actions to carry out if the control is not fulfilled.
", - "CreateControlRequest$actionPlanInstructions": "The recommended actions to carry out if the control is not fulfilled.
", - "UpdateControlRequest$actionPlanInstructions": "The recommended actions to carry out if the control is not fulfilled.
" + "Control$actionPlanInstructions": "The recommended actions to carry out if the control isn't fulfilled.
", + "CreateControlRequest$actionPlanInstructions": "The recommended actions to carry out if the control isn't fulfilled.
", + "UpdateControlRequest$actionPlanInstructions": "The recommended actions to carry out if the control isn't fulfilled.
" } }, "ActionPlanTitle": { @@ -148,34 +155,34 @@ "refs": { "CreateAssessmentResponse$assessment": null, "GetAssessmentResponse$assessment": null, - "UpdateAssessmentResponse$assessment": " The response object (name of the updated assessment) for the UpdateAssessmentRequest API.
The name of the updated assessment returned by the UpdateAssessmentStatus API.
The response object for the UpdateAssessmentRequest API. This is the name of the updated assessment.
The name of the updated assessment that the UpdateAssessmentStatus API returned.
The control entity that represents a standard or custom control used in an Audit Manager assessment.
", + "base": "The control entity that represents a standard control or a custom control in an Audit Manager assessment.
", "refs": { "AssessmentControls$member": null, - "UpdateAssessmentControlResponse$control": " The name of the updated control set returned by the UpdateAssessmentControl API.
The name of the updated control set that the UpdateAssessmentControl API returned.
Represents a set of controls in an Audit Manager assessment.
", "refs": { "AssessmentControlSets$member": null, - "UpdateAssessmentControlSetStatusResponse$controlSet": " The name of the updated control set returned by the UpdateAssessmentControlSetStatus API.
The name of the updated control set that the UpdateAssessmentControlSetStatus API returned.
The control sets associated with the framework.
" + "AssessmentFramework$controlSets": "The control sets that are associated with the framework.
" } }, "AssessmentControls": { "base": null, "refs": { - "AssessmentControlSet$controls": "The list of controls contained with the control set.
" + "AssessmentControlSet$controls": "The list of controls that's contained with the control set.
" } }, "AssessmentDescription": { @@ -183,33 +190,33 @@ "refs": { "AssessmentMetadata$description": "The description of the assessment.
", "CreateAssessmentRequest$description": "The optional description of the assessment to be created.
", - "UpdateAssessmentRequest$assessmentDescription": "The description of the specified assessment.
" + "UpdateAssessmentRequest$assessmentDescription": "The description of the assessment.
" } }, "AssessmentEvidenceFolder": { - "base": "The folder in which Audit Manager stores evidence for an assessment.
", + "base": "The folder where Audit Manager stores evidence for an assessment.
", "refs": { "AssessmentEvidenceFolders$member": null, - "GetEvidenceFolderResponse$evidenceFolder": "The folder in which evidence is stored.
" + "GetEvidenceFolderResponse$evidenceFolder": "The folder that the evidence is stored in.
" } }, "AssessmentEvidenceFolderName": { "base": null, "refs": { - "AssessmentEvidenceFolder$name": "The name of the specified evidence folder.
" + "AssessmentEvidenceFolder$name": "The name of the evidence folder.
" } }, "AssessmentEvidenceFolders": { "base": null, "refs": { - "GetEvidenceFoldersByAssessmentControlResponse$evidenceFolders": " The list of evidence folders returned by the GetEvidenceFoldersByAssessmentControl API.
The list of evidence folders returned by the GetEvidenceFoldersByAssessment API.
The list of evidence folders that the GetEvidenceFoldersByAssessmentControl API returned.
The list of evidence folders that the GetEvidenceFoldersByAssessment API returned.
The file used to structure and automate Audit Manager assessments for a given compliance standard.
", "refs": { - "Assessment$framework": "The framework from which the assessment was created.
" + "Assessment$framework": "The framework that the assessment was created from.
" } }, "AssessmentFrameworkDescription": { @@ -219,19 +226,33 @@ } }, "AssessmentFrameworkMetadata": { - "base": "The metadata associated with a standard or custom framework.
", + "base": "The metadata that's associated with a standard framework or a custom framework.
", "refs": { "FrameworkMetadataList$member": null } }, + "AssessmentFrameworkShareRequest": { + "base": "Represents a share request for a custom framework in Audit Manager.
", + "refs": { + "AssessmentFrameworkShareRequestList$member": null, + "StartAssessmentFrameworkShareResponse$assessmentFrameworkShareRequest": " The share request that's created by the StartAssessmentFrameworkShare API.
The updated share request that's returned by the UpdateAssessmentFrameworkShare operation.
The list of share requests that the ListAssessmentFrameworkShareRequests API returned.
The metadata associated with the specified assessment.
", + "base": "The metadata that's associated with the specified assessment.
", "refs": { - "Assessment$metadata": "The metadata for the specified assessment.
" + "Assessment$metadata": "The metadata for the assessment.
" } }, "AssessmentMetadataItem": { - "base": "A metadata object associated with an assessment in Audit Manager.
", + "base": "A metadata object that's associated with an assessment in Audit Manager.
", "refs": { "ListAssessmentMetadata$member": null } @@ -244,24 +265,24 @@ "AssessmentReport$assessmentName": "The name of the associated assessment.
", "AssessmentReportMetadata$assessmentName": "The name of the associated assessment.
", "CreateAssessmentRequest$name": "The name of the assessment to be created.
", - "Delegation$assessmentName": "The name of the associated assessment.
", + "Delegation$assessmentName": "The name of the assessment that's associated with the delegation.
", "DelegationMetadata$assessmentName": "The name of the associated assessment.
", "FrameworkMetadata$name": "The name of the framework.
", "Notification$assessmentName": "The name of the related assessment.
", - "UpdateAssessmentRequest$assessmentName": "The name of the specified assessment to be updated.
" + "UpdateAssessmentRequest$assessmentName": "The name of the assessment to be updated.
" } }, "AssessmentReport": { - "base": "A finalized document generated from an Audit Manager assessment. These reports summarize the relevant evidence collected for your audit, and link to the relevant evidence folders which are named and organized according to the controls specified in your assessment.
", + "base": "A finalized document that's generated from an Audit Manager assessment. These reports summarize the relevant evidence that was collected for your audit, and link to the relevant evidence folders. These evidence folders are named and organized according to the controls that are specified in your assessment.
", "refs": { - "CreateAssessmentReportResponse$assessmentReport": " The new assessment report returned by the CreateAssessmentReport API.
The new assessment report that the CreateAssessmentReport API returned.
The description of the specified assessment report.
", - "AssessmentReportMetadata$description": "The description of the specified assessment report.
", + "AssessmentReportMetadata$description": "The description of the assessment report.
", "CreateAssessmentReportRequest$description": "The description of the assessment report.
" } }, @@ -280,12 +301,12 @@ "AssessmentReportEvidenceErrors": { "base": null, "refs": { - "BatchAssociateAssessmentReportEvidenceResponse$errors": " A list of errors returned by the BatchAssociateAssessmentReportEvidence API.
A list of errors returned by the BatchDisassociateAssessmentReportEvidence API.
A list of errors that the BatchAssociateAssessmentReportEvidence API returned.
A list of errors that the BatchDisassociateAssessmentReportEvidence API returned.
The metadata objects associated with the specified assessment report.
", + "base": "The metadata objects that are associated with the specified assessment report.
", "refs": { "AssessmentReportsMetadata$member": null } @@ -293,7 +314,7 @@ "AssessmentReportName": { "base": null, "refs": { - "AssessmentReport$name": "The name given to the assessment report.
", + "AssessmentReport$name": "The name that's given to the assessment report.
", "AssessmentReportMetadata$name": "The name of the assessment report.
", "CreateAssessmentReportRequest$name": "The name of the new assessment report.
" } @@ -306,19 +327,19 @@ } }, "AssessmentReportsDestination": { - "base": "The location in which Audit Manager saves assessment reports for the given assessment.
", + "base": "The location where Audit Manager saves assessment reports for the given assessment.
", "refs": { - "AssessmentMetadata$assessmentReportsDestination": "The destination in which evidence reports are stored for the specified assessment.
", - "CreateAssessmentRequest$assessmentReportsDestination": "The assessment report storage destination for the specified assessment that is being created.
", + "AssessmentMetadata$assessmentReportsDestination": "The destination that evidence reports are stored in for the assessment.
", + "CreateAssessmentRequest$assessmentReportsDestination": "The assessment report storage destination for the assessment that's being created.
", "Settings$defaultAssessmentReportsDestination": "The default storage destination for assessment reports.
", - "UpdateAssessmentRequest$assessmentReportsDestination": "The assessment report storage destination for the specified assessment that is being updated.
", + "UpdateAssessmentRequest$assessmentReportsDestination": "The assessment report storage destination for the assessment that's being updated.
", "UpdateSettingsRequest$defaultAssessmentReportsDestination": "The default storage destination for assessment reports.
" } }, "AssessmentReportsMetadata": { "base": null, "refs": { - "ListAssessmentReportsResponse$assessmentReports": " The list of assessment reports returned by the ListAssessmentReports API.
The list of assessment reports that the ListAssessmentReports API returned.
The overall status of the assessment.
", "AssessmentMetadataItem$status": "The current status of the assessment.
", - "UpdateAssessmentStatusRequest$status": "The current status of the specified assessment.
" + "UpdateAssessmentStatusRequest$status": "The current status of the assessment.
" } }, "AssociateAssessmentReportEvidenceFolderRequest": { @@ -343,13 +364,13 @@ "base": null, "refs": { "Assessment$arn": "The Amazon Resource Name (ARN) of the assessment.
", - "AssessmentFramework$arn": "The Amazon Resource Name (ARN) of the specified framework.
", + "AssessmentFramework$arn": "The Amazon Resource Name (ARN) of the framework.
", "AssessmentFrameworkMetadata$arn": "The Amazon Resource Name (ARN) of the framework.
", - "Control$arn": "The Amazon Resource Name (ARN) of the specified control.
", - "ControlMetadata$arn": "The Amazon Resource Name (ARN) of the specified control.
", - "Framework$arn": "The Amazon Resource Name (ARN) of the specified framework.
", - "ListTagsForResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the specified resource.
", - "TagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the specified resource.
", + "Control$arn": "The Amazon Resource Name (ARN) of the control.
", + "ControlMetadata$arn": "The Amazon Resource Name (ARN) of the control.
", + "Framework$arn": "The Amazon Resource Name (ARN) of the framework.
", + "ListTagsForResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource.
", + "TagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource.
", "UntagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the specified resource.
" } }, @@ -372,7 +393,7 @@ "BatchCreateDelegationByAssessmentErrors": { "base": null, "refs": { - "BatchCreateDelegationByAssessmentResponse$errors": " A list of errors returned by the BatchCreateDelegationByAssessment API.
A list of errors that the BatchCreateDelegationByAssessment API returned.
A list of errors returned by the BatchDeleteDelegationByAssessment API.
A list of errors that the BatchDeleteDelegationByAssessment API returned.
A list of errors returned by the BatchImportEvidenceToAssessmentControl API.
A list of errors that the BatchImportEvidenceToAssessmentControl API returned.
The record of a change within Audit Manager, such as a modified assessment, a delegated control set, and so on.
", + "base": "The record of a change within Audit Manager. For example, this could be the status change of an assessment or the delegation of a control set.
", "refs": { "ChangeLogs$member": null } @@ -462,11 +483,12 @@ "base": null, "refs": { "AssessmentFrameworkMetadata$complianceType": "The compliance type that the new custom framework supports, such as CIS or HIPAA.
", - "AssessmentMetadata$complianceType": "The name of a compliance standard related to the assessment, such as PCI-DSS.
", - "AssessmentMetadataItem$complianceType": "The name of the compliance standard related to the assessment, such as PCI-DSS.
", + "AssessmentFrameworkShareRequest$complianceType": "The compliance type that the shared custom framework supports, such as CIS or HIPAA.
", + "AssessmentMetadata$complianceType": "The name of the compliance standard that's related to the assessment, such as PCI-DSS.
", + "AssessmentMetadataItem$complianceType": "The name of the compliance standard that's related to the assessment, such as PCI-DSS.
", "CreateAssessmentFrameworkRequest$complianceType": "The compliance type that the new custom framework supports, such as CIS or HIPAA.
", "Framework$complianceType": "The compliance type that the new custom framework supports, such as CIS or HIPAA.
", - "FrameworkMetadata$complianceType": "The compliance standard associated with the framework, such as PCI-DSS or HIPAA.
", + "FrameworkMetadata$complianceType": "The compliance standard that's associated with the framework. For example, this could be PCI DSS or HIPAA.
", "UpdateAssessmentFrameworkRequest$complianceType": "The compliance type that the new custom framework supports, such as CIS or HIPAA.
" } }, @@ -474,13 +496,13 @@ "base": "A control in Audit Manager.
", "refs": { "Controls$member": null, - "CreateControlResponse$control": " The new control returned by the CreateControl API.
The name of the control returned by the GetControl API.
The name of the updated control set returned by the UpdateControl API.
The new control that the CreateControl API returned.
The name of the control that the GetControl API returned.
The name of the updated control set that the UpdateControl API returned.
A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.
", + "base": "A comment that's posted by a user on a control. This includes the author's name, the comment text, and a timestamp.
", "refs": { "ControlComments$member": null } @@ -489,26 +511,26 @@ "base": null, "refs": { "ControlComment$commentBody": "The body text of a control comment.
", - "UpdateAssessmentControlRequest$commentBody": "The comment body text for the specified control.
" + "UpdateAssessmentControlRequest$commentBody": "The comment body text for the control.
" } }, "ControlComments": { "base": null, "refs": { - "AssessmentControl$comments": "The list of comments attached to the specified control.
" + "AssessmentControl$comments": "The list of comments that's attached to the control.
" } }, "ControlDescription": { "base": null, "refs": { - "AssessmentControl$description": "The description of the specified control.
", - "Control$description": "The description of the specified control.
", + "AssessmentControl$description": "The description of the control.
", + "Control$description": "The description of the control.
", "CreateControlRequest$description": "The description of the control.
", "UpdateControlRequest$description": "The optional description of the control.
" } }, "ControlMappingSource": { - "base": "The data source that determines from where Audit Manager collects evidence for the control.
", + "base": "The data source that determines where Audit Manager collects evidence from for the control.
", "refs": { "ControlMappingSources$member": null } @@ -516,12 +538,12 @@ "ControlMappingSources": { "base": null, "refs": { - "Control$controlMappingSources": "The data mapping sources for the specified control.
", - "UpdateControlRequest$controlMappingSources": "The data mapping sources for the specified control.
" + "Control$controlMappingSources": "The data mapping sources for the control.
", + "UpdateControlRequest$controlMappingSources": "The data mapping sources for the control.
" } }, "ControlMetadata": { - "base": "The metadata associated with the specified standard or custom control.
", + "base": "The metadata that's associated with the standard control or custom control.
", "refs": { "ControlMetadataList$member": null } @@ -529,24 +551,24 @@ "ControlMetadataList": { "base": null, "refs": { - "ListControlsResponse$controlMetadataList": " The list of control metadata objects returned by the ListControls API.
The list of control metadata objects that the ListControls API returned.
The name of the specified control.
", + "AssessmentControl$name": "The name of the control.
", "AssessmentEvidenceFolder$controlName": "The name of the control.
", - "Control$name": "The name of the specified control.
", - "ControlMetadata$name": "The name of the specified control.
", + "Control$name": "The name of the control.
", + "ControlMetadata$name": "The name of the control.
", "CreateControlRequest$name": "The name of the control.
", - "UpdateControlRequest$name": "The name of the control to be updated.
" + "UpdateControlRequest$name": "The name of the updated control.
" } }, "ControlResponse": { "base": null, "refs": { - "AssessmentControl$response": "The response of the specified control.
" + "AssessmentControl$response": "The response of the control.
" } }, "ControlSet": { @@ -560,23 +582,23 @@ "refs": { "AssessmentControlSet$id": "The identifier of the control set in the assessment. This is the control set name in a plain string format.
", "AssessmentEvidenceFolder$controlSetId": "The identifier for the control set.
", - "BatchImportEvidenceToAssessmentControlRequest$controlSetId": "The identifier for the specified control set.
", + "BatchImportEvidenceToAssessmentControlRequest$controlSetId": "The identifier for the control set.
", "CreateDelegationRequest$controlSetId": "The unique identifier for the control set.
", - "Delegation$controlSetId": "The identifier for the associated control set.
", - "GetChangeLogsRequest$controlSetId": "The identifier for the specified control set.
", + "Delegation$controlSetId": "The identifier for the control set that's associated with the delegation.
", + "GetChangeLogsRequest$controlSetId": "The identifier for the control set.
", "GetEvidenceByEvidenceFolderRequest$controlSetId": "The identifier for the control set.
", - "GetEvidenceFolderRequest$controlSetId": "The identifier for the specified control set.
", - "GetEvidenceFoldersByAssessmentControlRequest$controlSetId": "The identifier for the specified control set.
", - "GetEvidenceRequest$controlSetId": "The identifier for the specified control set.
", - "Notification$controlSetId": "The identifier for the specified control set.
", - "UpdateAssessmentControlRequest$controlSetId": "The identifier for the specified control set.
" + "GetEvidenceFolderRequest$controlSetId": "The identifier for the control set.
", + "GetEvidenceFoldersByAssessmentControlRequest$controlSetId": "The identifier for the control set.
", + "GetEvidenceRequest$controlSetId": "The identifier for the control set.
", + "Notification$controlSetId": "The identifier for the control set.
", + "UpdateAssessmentControlRequest$controlSetId": "The identifier for the control set.
" } }, "ControlSetName": { "base": null, "refs": { "ControlSet$name": "The name of the control set.
", - "CreateAssessmentFrameworkControlSet$name": "The name of the specified control set.
", + "CreateAssessmentFrameworkControlSet$name": "The name of the control set.
", "UpdateAssessmentFrameworkControlSet$id": "The unique identifier for the control set.
", "UpdateAssessmentFrameworkControlSet$name": "The name of the control set.
" } @@ -585,41 +607,41 @@ "base": null, "refs": { "AssessmentControlSet$status": "Specifies the current status of the control set.
", - "UpdateAssessmentControlSetStatusRequest$status": "The status of the control set that is being updated.
" + "UpdateAssessmentControlSetStatusRequest$status": "The status of the control set that's being updated.
" } }, "ControlSets": { "base": null, "refs": { - "Framework$controlSets": "The control sets associated with the framework.
" + "Framework$controlSets": "The control sets that are associated with the framework.
" } }, "ControlSetsCount": { "base": null, "refs": { - "AssessmentFrameworkMetadata$controlSetsCount": "The number of control sets associated with the specified framework.
" + "AssessmentFrameworkMetadata$controlSetsCount": "The number of control sets that are associated with the framework.
" } }, "ControlSources": { "base": null, "refs": { - "Control$controlSources": "The data source that determines from where Audit Manager collects evidence for the control.
", - "ControlMetadata$controlSources": "The data source that determines from where Audit Manager collects evidence for the control.
", - "Framework$controlSources": "The sources from which Audit Manager collects evidence for the control.
" + "Control$controlSources": "The data source that determines where Audit Manager collects evidence from for the control.
", + "ControlMetadata$controlSources": "The data source that determines where Audit Manager collects evidence from for the control.
", + "Framework$controlSources": "The sources that Audit Manager collects evidence from for the control.
" } }, "ControlStatus": { "base": null, "refs": { - "AssessmentControl$status": "The status of the specified control.
", - "UpdateAssessmentControlRequest$controlStatus": "The status of the specified control.
" + "AssessmentControl$status": "The status of the control.
", + "UpdateAssessmentControlRequest$controlStatus": "The status of the control.
" } }, "ControlType": { "base": null, "refs": { - "Control$type": "The type of control, such as custom or standard.
", - "ListControlsRequest$controlType": "The type of control, such as standard or custom.
" + "Control$type": "The type of control, such as a custom control or a standard control.
", + "ListControlsRequest$controlType": "The type of control, such as a standard control or a custom control.
" } }, "Controls": { @@ -631,17 +653,17 @@ "ControlsCount": { "base": null, "refs": { - "AssessmentFrameworkMetadata$controlsCount": "The number of controls associated with the specified framework.
" + "AssessmentFrameworkMetadata$controlsCount": "The number of controls that are associated with the framework.
" } }, "CreateAssessmentFrameworkControl": { - "base": "Control entity attributes that uniquely identify an existing control to be added to a framework in Audit Manager.
", + "base": "The control entity attributes that uniquely identify an existing control to be added to a framework in Audit Manager.
", "refs": { "CreateAssessmentFrameworkControls$member": null } }, "CreateAssessmentFrameworkControlSet": { - "base": " A controlSet entity that represents a collection of controls in Audit Manager. This does not contain the control set ID.
A controlSet entity that represents a collection of controls in Audit Manager. This doesn't contain the control set ID.
The control sets to be associated with the framework.
" + "CreateAssessmentFrameworkRequest$controlSets": "The control sets that are associated with the framework.
" } }, "CreateAssessmentFrameworkControls": { "base": null, "refs": { - "CreateAssessmentFrameworkControlSet$controls": "The list of controls within the control set. This does not contain the control set ID.
", - "UpdateAssessmentFrameworkControlSet$controls": "The list of controls contained within the control set.
" + "CreateAssessmentFrameworkControlSet$controls": "The list of controls within the control set. This doesn't contain the control set ID.
", + "UpdateAssessmentFrameworkControlSet$controls": "The list of controls that are contained within the control set.
" } }, "CreateAssessmentFrameworkRequest": { @@ -690,7 +712,7 @@ } }, "CreateControlMappingSource": { - "base": " Control mapping fields that represent the source for evidence collection, along with related parameters and metadata. This does not contain mappingID.
The control mapping fields that represent the source for evidence collection, along with related parameters and metadata. This doesn't contain mappingID.
The data mapping sources for the specified control.
" + "CreateControlRequest$controlMappingSources": "The data mapping sources for the control.
" } }, "CreateControlRequest": { @@ -712,7 +734,7 @@ } }, "CreateDelegationRequest": { - "base": "A collection of attributes used to create a delegation for an assessment in Audit Manager.
", + "base": "A collection of attributes that's used to create a delegation for an assessment in Audit Manager.
", "refs": { "BatchCreateDelegationByAssessmentError$createDelegationRequest": "The API request to batch create delegations in Audit Manager.
", "CreateDelegationRequests$member": null @@ -741,19 +763,19 @@ "DelegationComment": { "base": null, "refs": { - "CreateDelegationRequest$comment": "A comment related to the delegation request.
", - "Delegation$comment": "The comment related to the delegation.
", - "UpdateAssessmentControlSetStatusRequest$comment": "The comment related to the status update.
" + "CreateDelegationRequest$comment": "A comment that's related to the delegation request.
", + "Delegation$comment": "The comment that's related to the delegation.
", + "UpdateAssessmentControlSetStatusRequest$comment": "The comment that's related to the status update.
" } }, "DelegationIds": { "base": null, "refs": { - "BatchDeleteDelegationByAssessmentRequest$delegationIds": "The identifiers for the specified delegations.
" + "BatchDeleteDelegationByAssessmentRequest$delegationIds": "The identifiers for the delegations.
" } }, "DelegationMetadata": { - "base": "The metadata associated with the specified delegation.
", + "base": "The metadata that's associated with the delegation.
", "refs": { "DelegationMetadataList$member": null } @@ -761,23 +783,23 @@ "DelegationMetadataList": { "base": null, "refs": { - "GetDelegationsResponse$delegations": " The list of delegations returned by the GetDelegations API.
The list of delegations that the GetDelegations API returned.
The status of the delegation.
", - "DelegationMetadata$status": "The current status of the delgation.
" + "DelegationMetadata$status": "The current status of the delegation.
" } }, "Delegations": { "base": null, "refs": { - "AssessmentControlSet$delegations": "The delegations associated with the control set.
", - "AssessmentMetadata$delegations": "The delegations associated with the assessment.
", - "AssessmentMetadataItem$delegations": "The delegations associated with the assessment.
", - "BatchCreateDelegationByAssessmentResponse$delegations": "The delegations associated with the assessment.
" + "AssessmentControlSet$delegations": "The delegations that are associated with the control set.
", + "AssessmentMetadata$delegations": "The delegations that are associated with the assessment.
", + "AssessmentMetadataItem$delegations": "The delegations that are associated with the assessment.
", + "BatchCreateDelegationByAssessmentResponse$delegations": "The delegations that are associated with the assessment.
" } }, "DeleteAssessmentFrameworkRequest": { @@ -790,6 +812,16 @@ "refs": { } }, + "DeleteAssessmentFrameworkShareRequest": { + "base": null, + "refs": { + } + }, + "DeleteAssessmentFrameworkShareResponse": { + "base": null, + "refs": { + } + }, "DeleteAssessmentReportRequest": { "base": null, "refs": { @@ -853,38 +885,38 @@ "EmailAddress": { "base": null, "refs": { - "AWSAccount$emailAddress": "The email address associated with the specified Amazon Web Services account.
" + "AWSAccount$emailAddress": "The email address that's associated with the Amazon Web Services account.
" } }, "ErrorCode": { "base": null, "refs": { - "AssessmentReportEvidenceError$errorCode": " The error code returned by the AssessmentReportEvidence API.
The error code returned by the BatchCreateDelegationByAssessment API.
The error code returned by the BatchDeleteDelegationByAssessment API.
The error code returned by the BatchImportEvidenceToAssessmentControl API.
The error code that the AssessmentReportEvidence API returned.
The error code that the BatchCreateDelegationByAssessment API returned.
The error code that the BatchDeleteDelegationByAssessment API returned.
The error code that the BatchImportEvidenceToAssessmentControl API returned.
The error message returned by the AssessmentReportEvidence API.
The error message returned by the BatchCreateDelegationByAssessment API.
The error message returned by the BatchDeleteDelegationByAssessment API.
The error message returned by the BatchImportEvidenceToAssessmentControl API.
The error message that the AssessmentReportEvidence API returned.
The error message that the BatchCreateDelegationByAssessment API returned.
The error message that the BatchDeleteDelegationByAssessment API returned.
The error message that the BatchImportEvidenceToAssessmentControl API returned.
The name of the specified evidence event.
" + "Evidence$eventName": "The name of the evidence event.
" } }, "Evidence": { "base": "A record that contains the information needed to demonstrate compliance with the requirements specified by a control. Examples of evidence include change activity triggered by a user, or a system configuration snapshot.
", "refs": { "EvidenceList$member": null, - "GetEvidenceResponse$evidence": " The evidence returned by the GetEvidenceResponse API.
The evidence that the GetEvidenceResponse API returned.
The names and values used by the evidence event, including an attribute name (such as allowUsersToChangePassword) and value (such as true or false).
The names and values that are used by the evidence event. This includes an attribute name (such as allowUsersToChangePassword) and value (such as true or false).
The list of evidence identifiers.
", - "BatchAssociateAssessmentReportEvidenceResponse$evidenceIds": "The identifier for the evidence.
", + "BatchAssociateAssessmentReportEvidenceResponse$evidenceIds": "The list of evidence identifiers.
", "BatchDisassociateAssessmentReportEvidenceRequest$evidenceIds": "The list of evidence identifiers.
", "BatchDisassociateAssessmentReportEvidenceResponse$evidenceIds": "The identifier for the evidence.
" } @@ -917,42 +949,43 @@ "EvidenceList": { "base": null, "refs": { - "GetEvidenceByEvidenceFolderResponse$evidence": " The list of evidence returned by the GetEvidenceByEvidenceFolder API.
The list of evidence that the GetEvidenceByEvidenceFolder API returned.
The list of data sources for the specified evidence.
" + "AssessmentControl$evidenceSources": "The list of data sources for the evidence.
" } }, "Filename": { "base": null, "refs": { - "AssessmentFrameworkMetadata$logo": "The logo associated with the framework.
", - "Framework$logo": "The logo associated with the framework.
", - "FrameworkMetadata$logo": "The logo associated with the framework.
" + "AssessmentFrameworkMetadata$logo": "The logo that's associated with the framework.
", + "Framework$logo": "The logo that's associated with the framework.
", + "FrameworkMetadata$logo": "The logo that's associated with the framework.
" } }, "Framework": { - "base": "The file used to structure and automate Audit Manager assessments for a given compliance standard.
", + "base": "The file that's used to structure and automate Audit Manager assessments for a given compliance standard.
", "refs": { - "CreateAssessmentFrameworkResponse$framework": " The name of the new framework returned by the CreateAssessmentFramework API.
The framework returned by the GetAssessmentFramework API.
The name of the specified framework.
" + "CreateAssessmentFrameworkResponse$framework": " The name of the new framework that the CreateAssessmentFramework API returned.
The framework that the GetAssessmentFramework API returned.
The name of the framework.
" } }, "FrameworkDescription": { "base": null, "refs": { - "AssessmentFrameworkMetadata$description": "The description of the specified framework.
", + "AssessmentFrameworkMetadata$description": "The description of the framework.
", + "AssessmentFrameworkShareRequest$frameworkDescription": "The description of the shared custom framework.
", "CreateAssessmentFrameworkRequest$description": "An optional description for the new custom framework.
", - "Framework$description": "The description of the specified framework.
", - "UpdateAssessmentFrameworkRequest$description": "The description of the framework that is to be updated.
" + "Framework$description": "The description of the framework.
", + "UpdateAssessmentFrameworkRequest$description": "The description of the updated framework.
" } }, "FrameworkMetadata": { - "base": "The metadata of a framework, such as the name, ID, description, and so on.
", + "base": "The metadata of a framework, such as the name, ID, or description.
", "refs": { "AssessmentFramework$metadata": null } @@ -960,30 +993,31 @@ "FrameworkMetadataList": { "base": null, "refs": { - "ListAssessmentFrameworksResponse$frameworkMetadataList": "The list of metadata objects for the specified framework.
" + "ListAssessmentFrameworksResponse$frameworkMetadataList": "The list of metadata objects for the framework.
" } }, "FrameworkName": { "base": null, "refs": { - "AssessmentFrameworkMetadata$name": "The name of the specified framework.
", + "AssessmentFrameworkMetadata$name": "The name of the framework.
", + "AssessmentFrameworkShareRequest$frameworkName": "The name of the custom framework that the share request is for.
", "CreateAssessmentFrameworkRequest$name": "The name of the new custom framework.
", - "Framework$name": "The name of the specified framework.
", + "Framework$name": "The name of the framework.
", "UpdateAssessmentFrameworkRequest$name": "The name of the framework to be updated.
" } }, "FrameworkType": { "base": null, "refs": { - "AssessmentFrameworkMetadata$type": "The framework type, such as standard or custom.
", - "Framework$type": "The framework type, such as custom or standard.
", - "ListAssessmentFrameworksRequest$frameworkType": "The type of framework, such as standard or custom.
" + "AssessmentFrameworkMetadata$type": "The framework type, such as a standard framework or a custom framework.
", + "Framework$type": "The framework type, such as a custom framework or a standard framework.
", + "ListAssessmentFrameworksRequest$frameworkType": "The type of framework, such as a standard framework or a custom framework.
" } }, "GenericArn": { "base": null, "refs": { - "Resource$arn": "The Amazon Resource Name (ARN) for the specified resource.
" + "Resource$arn": "The Amazon Resource Name (ARN) for the resource.
" } }, "GetAccountStatusRequest": { @@ -1139,7 +1173,7 @@ "HyperlinkName": { "base": null, "refs": { - "URL$hyperlinkName": "The name or word used as a hyperlink to the URL.
" + "URL$hyperlinkName": "The name or word that's used as a hyperlink to the URL.
" } }, "IamArn": { @@ -1149,26 +1183,26 @@ "CreateDelegationRequest$roleArn": "The Amazon Resource Name (ARN) of the IAM role.
", "Delegation$roleArn": "The Amazon Resource Name (ARN) of the IAM role.
", "DelegationMetadata$roleArn": "The Amazon Resource Name (ARN) of the IAM role.
", - "Evidence$iamId": "The unique identifier for the IAM user or role associated with the evidence.
", + "Evidence$iamId": "The unique identifier for the IAM user or role that's associated with the evidence.
", "Role$roleArn": "The Amazon Resource Name (ARN) of the IAM role.
" } }, "Integer": { "base": null, "refs": { - "AssessmentControl$evidenceCount": "The amount of evidence generated for the control.
", + "AssessmentControl$evidenceCount": "The amount of evidence that's generated for the control.
", "AssessmentControl$assessmentReportEvidenceCount": "The amount of evidence in the assessment report.
", - "AssessmentControlSet$systemEvidenceCount": "The total number of evidence objects retrieved automatically for the control set.
", - "AssessmentControlSet$manualEvidenceCount": "The total number of evidence objects uploaded manually to the control set.
", + "AssessmentControlSet$systemEvidenceCount": "The total number of evidence objects that are retrieved automatically for the control set.
", + "AssessmentControlSet$manualEvidenceCount": "The total number of evidence objects that are uploaded manually to the control set.
", "AssessmentEvidenceFolder$totalEvidence": "The total amount of evidence in the evidence folder.
", - "AssessmentEvidenceFolder$assessmentReportSelectionCount": "The total count of evidence included in the assessment report.
", - "AssessmentEvidenceFolder$evidenceResourcesIncludedCount": "The amount of evidence included in the evidence folder.
", + "AssessmentEvidenceFolder$assessmentReportSelectionCount": "The total count of evidence that's included in the assessment report.
", + "AssessmentEvidenceFolder$evidenceResourcesIncludedCount": "The amount of evidence that's included in the evidence folder.
", "AssessmentEvidenceFolder$evidenceByTypeConfigurationDataCount": "The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other Amazon Web Services services such as Amazon EC2, Amazon S3, or IAM.
", "AssessmentEvidenceFolder$evidenceByTypeManualCount": "The number of evidence that falls under the manual category. This evidence is imported manually.
", "AssessmentEvidenceFolder$evidenceByTypeComplianceCheckCount": "The number of evidence that falls under the compliance check category. This evidence is collected from Config or Security Hub.
", "AssessmentEvidenceFolder$evidenceByTypeComplianceCheckIssuesCount": "The total number of issues that were reported directly from Security Hub, Config, or both.
", "AssessmentEvidenceFolder$evidenceByTypeUserActivityCount": "The number of evidence that falls under the user activity category. This evidence is collected from CloudTrail logs.
", - "AssessmentEvidenceFolder$evidenceAwsServiceSourceCount": "The total number of Amazon Web Services resources assessed to generate the evidence.
" + "AssessmentEvidenceFolder$evidenceAwsServiceSourceCount": "The total number of Amazon Web Services resources that were assessed to generate the evidence.
" } }, "InternalServerException": { @@ -1179,20 +1213,20 @@ "KeywordInputType": { "base": null, "refs": { - "SourceKeyword$keywordInputType": "The method of input for the specified keyword.
" + "SourceKeyword$keywordInputType": "The method of input for the keyword.
" } }, "KeywordValue": { "base": null, "refs": { "Keywords$member": null, - "SourceKeyword$keywordValue": "The value of the keyword used to search CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names when mapping a control data source.
" + "SourceKeyword$keywordValue": "The value of the keyword that's used to search CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names when mapping a control data source.
" } }, "Keywords": { "base": null, "refs": { - "ListKeywordsForDataSourceResponse$keywords": "The list of keywords for the specified event mapping source.
" + "ListKeywordsForDataSourceResponse$keywords": "The list of keywords for the event mapping source.
" } }, "KmsKey": { @@ -1210,6 +1244,16 @@ "Framework$lastUpdatedBy": "The IAM user or role that most recently updated the framework.
" } }, + "ListAssessmentFrameworkShareRequestsRequest": { + "base": null, + "refs": { + } + }, + "ListAssessmentFrameworkShareRequestsResponse": { + "base": null, + "refs": { + } + }, "ListAssessmentFrameworksRequest": { "base": null, "refs": { @@ -1223,7 +1267,7 @@ "ListAssessmentMetadata": { "base": null, "refs": { - "ListAssessmentsResponse$assessmentMetadata": "The metadata associated with the assessment.
" + "ListAssessmentsResponse$assessmentMetadata": "The metadata that's associated with the assessment.
" } }, "ListAssessmentReportsRequest": { @@ -1287,9 +1331,9 @@ } }, "ManualEvidence": { - "base": "Evidence that is uploaded to Audit Manager manually.
", + "base": "Evidence that's uploaded to Audit Manager manually.
", "refs": { - "BatchImportEvidenceToAssessmentControlError$manualEvidence": "Manual evidence that cannot be collected automatically by Audit Manager.
", + "BatchImportEvidenceToAssessmentControlError$manualEvidence": "Manual evidence that can't be collected automatically by Audit Manager.
", "ManualEvidenceList$member": null } }, @@ -1302,37 +1346,38 @@ "MaxResults": { "base": "Max results in the page.", "refs": { - "GetChangeLogsRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "GetDelegationsRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "GetEvidenceByEvidenceFolderRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "GetEvidenceFoldersByAssessmentControlRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "GetEvidenceFoldersByAssessmentRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "ListAssessmentFrameworksRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "ListAssessmentReportsRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "ListAssessmentsRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "ListControlsRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "ListKeywordsForDataSourceRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
", - "ListNotificationsRequest$maxResults": "Represents the maximum number of results per page, or per API request call.
" + "GetChangeLogsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "GetDelegationsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "GetEvidenceByEvidenceFolderRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "GetEvidenceFoldersByAssessmentControlRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "GetEvidenceFoldersByAssessmentRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListAssessmentFrameworkShareRequestsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListAssessmentFrameworksRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListAssessmentReportsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListAssessmentsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListControlsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListKeywordsForDataSourceRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListNotificationsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
" } }, "NonEmptyString": { "base": null, "refs": { "AssessmentControlSet$description": "The description for the control set.
", - "ChangeLog$objectName": "The name of the changelog object.
", - "DelegationMetadata$controlSetName": "Specifies the name of the control set delegated for review.
", + "ChangeLog$objectName": "The name of the object that changed. This could be the name of an assessment, control, or control set.
", + "DelegationMetadata$controlSetName": "Specifies the name of the control set that was delegated for review.
", "EvidenceSources$member": null, "Notification$controlSetName": "Specifies the name of the control set that the notification is about.
", "Notification$description": "The description of the notification.
", "Notification$source": "The sender of the notification.
", "ServiceMetadata$displayName": "The display name of the Amazon Web Service.
", - "ServiceMetadata$description": "The description of the specified Amazon Web Service.
", - "ServiceMetadata$category": "The category in which the Amazon Web Service belongs, such as compute, storage, database, and so on.
", + "ServiceMetadata$description": "The description of the Amazon Web Service.
", + "ServiceMetadata$category": "The category that the Amazon Web Service belongs to, such as compute, storage, or database.
", "ValidationErrors$member": null } }, "Notification": { - "base": "The notification used to inform a user of an update in Audit Manager. For example, this includes the notification that is sent when a control set is delegated for review.
", + "base": "The notification that informs a user of an update in Audit Manager. For example, this includes the notification that's sent when a control set is delegated for review.
", "refs": { "Notifications$member": null } @@ -1343,10 +1388,24 @@ "ListNotificationsResponse$notifications": "The returned list of notifications.
" } }, + "NullableInteger": { + "base": null, + "refs": { + "AssessmentFrameworkShareRequest$standardControlsCount": "The number of standard controls that are part of the shared custom framework.
", + "AssessmentFrameworkShareRequest$customControlsCount": "The number of custom controls that are part of the shared custom framework.
" + } + }, "ObjectTypeEnum": { "base": null, "refs": { - "ChangeLog$objectType": "The changelog object type, such as an assessment, control, or control set.
" + "ChangeLog$objectType": "The object that was changed, such as an assessment, control, or control set.
" + } + }, + "Region": { + "base": null, + "refs": { + "AssessmentFrameworkShareRequest$destinationRegion": "The Amazon Web Services Region of the recipient.
", + "StartAssessmentFrameworkShareRequest$destinationRegion": "The Amazon Web Services Region of the recipient.
" } }, "RegisterAccountRequest": { @@ -1370,24 +1429,24 @@ } }, "Resource": { - "base": "A system asset that is evaluated in an Audit Manager assessment.
", + "base": "A system asset that's evaluated in an Audit Manager assessment.
", "refs": { "Resources$member": null } }, "ResourceNotFoundException": { - "base": "The resource specified in the request cannot be found.
", + "base": "The resource that's specified in the request can't be found.
", "refs": { } }, "Resources": { "base": null, "refs": { - "Evidence$resourcesIncluded": "The list of resources assessed to generate the evidence.
" + "Evidence$resourcesIncluded": "The list of resources that are assessed to generate the evidence.
" } }, "Role": { - "base": "The wrapper that contains the Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).
", + "base": "The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).
", "refs": { "GetAssessmentResponse$userRole": null, "Roles$member": null @@ -1404,12 +1463,12 @@ "Roles": { "base": null, "refs": { - "AssessmentControlSet$roles": "The roles associated with the control set.
", - "AssessmentMetadata$roles": "The roles associated with the assessment.
", - "AssessmentMetadataItem$roles": "The roles associated with the assessment.
", - "CreateAssessmentRequest$roles": "The list of roles for the specified assessment.
", + "AssessmentControlSet$roles": "The roles that are associated with the control set.
", + "AssessmentMetadata$roles": "The roles that are associated with the assessment.
", + "AssessmentMetadataItem$roles": "The roles that are associated with the assessment.
", + "CreateAssessmentRequest$roles": "The list of roles for the assessment.
", "Settings$defaultProcessOwners": "The designated default audit owners.
", - "UpdateAssessmentRequest$roles": "The list of roles for the specified assessment.
", + "UpdateAssessmentRequest$roles": "The list of roles for the assessment.
", "UpdateSettingsRequest$defaultProcessOwners": "A list of the default audit owners.
" } }, @@ -1418,7 +1477,7 @@ "refs": { "AssessmentReportsDestination$destination": "The destination of the assessment report.
", "ManualEvidence$s3ResourcePath": "The Amazon S3 URL that points to a manual evidence object.
", - "ValidateAssessmentReportIntegrityRequest$s3RelativePath": "The relative path of the specified Amazon S3 bucket in which the assessment report is stored.
" + "ValidateAssessmentReportIntegrityRequest$s3RelativePath": "The relative path of the Amazon S3 bucket that the assessment report is stored in.
" } }, "SNSTopic": { @@ -1428,15 +1487,15 @@ } }, "Scope": { - "base": "The wrapper that contains the Amazon Web Services accounts and services in scope for the assessment.
", + "base": "The wrapper that contains the Amazon Web Services accounts and services that are in scope for the assessment.
", "refs": { - "AssessmentMetadata$scope": "The wrapper of Amazon Web Services accounts and services in scope for the assessment.
", + "AssessmentMetadata$scope": "The wrapper of Amazon Web Services accounts and services that are in scope for the assessment.
", "CreateAssessmentRequest$scope": null, - "UpdateAssessmentRequest$scope": "The scope of the specified assessment.
" + "UpdateAssessmentRequest$scope": "The scope of the assessment.
" } }, "ServiceMetadata": { - "base": "The metadata associated with the specified Amazon Web Service.
", + "base": "The metadata that's associated with the Amazon Web Service.
", "refs": { "ServiceMetadataList$member": null } @@ -1444,7 +1503,7 @@ "ServiceMetadataList": { "base": null, "refs": { - "GetServicesInScopeResponse$serviceMetadata": "The metadata associated with the Amazon Web Service.
" + "GetServicesInScopeResponse$serviceMetadata": "The metadata that's associated with the Amazon Web Service.
" } }, "SettingAttribute": { @@ -1460,24 +1519,51 @@ "UpdateSettingsResponse$settings": "The current list of settings.
" } }, + "ShareRequestAction": { + "base": null, + "refs": { + "UpdateAssessmentFrameworkShareRequest$action": "Specifies the update action for the share request.
" + } + }, + "ShareRequestComment": { + "base": null, + "refs": { + "AssessmentFrameworkShareRequest$comment": "An optional comment from the sender about the share request.
", + "StartAssessmentFrameworkShareRequest$comment": "An optional comment from the sender about the share request.
" + } + }, + "ShareRequestStatus": { + "base": null, + "refs": { + "AssessmentFrameworkShareRequest$status": "The status of the share request.
" + } + }, + "ShareRequestType": { + "base": null, + "refs": { + "DeleteAssessmentFrameworkShareRequest$requestType": "Specifies whether the share request is a sent request or a received request.
", + "ListAssessmentFrameworkShareRequestsRequest$requestType": "Specifies whether the share request is a sent request or a received request.
", + "UpdateAssessmentFrameworkShareRequest$requestType": "Specifies whether the share request is a sent request or a received request.
" + } + }, "SnsArn": { "base": null, "refs": { - "UpdateSettingsRequest$snsTopic": "The Amazon Simple Notification Service (Amazon SNS) topic to which Audit Manager sends notifications.
" + "UpdateSettingsRequest$snsTopic": "The Amazon Simple Notification Service (Amazon SNS) topic that Audit Manager sends notifications to.
" } }, "SourceDescription": { "base": null, "refs": { - "ControlMappingSource$sourceDescription": "The description of the specified source.
", - "CreateControlMappingSource$sourceDescription": "The description of the data source that determines from where Audit Manager collects evidence for the control.
" + "ControlMappingSource$sourceDescription": "The description of the source.
", + "CreateControlMappingSource$sourceDescription": "The description of the data source that determines where Audit Manager collects evidence from for the control.
" } }, "SourceFrequency": { "base": null, "refs": { - "ControlMappingSource$sourceFrequency": "The frequency of evidence collection for the specified control mapping source.
", - "CreateControlMappingSource$sourceFrequency": "The frequency of evidence collection for the specified control mapping source.
" + "ControlMappingSource$sourceFrequency": "The frequency of evidence collection for the control mapping source.
", + "CreateControlMappingSource$sourceFrequency": "The frequency of evidence collection for the control mapping source.
" } }, "SourceKeyword": { @@ -1490,14 +1576,14 @@ "SourceName": { "base": null, "refs": { - "ControlMappingSource$sourceName": "The name of the specified source.
", + "ControlMappingSource$sourceName": "The name of the source.
", "CreateControlMappingSource$sourceName": "The name of the control mapping data source.
" } }, "SourceSetUpOption": { "base": null, "refs": { - "ControlMappingSource$sourceSetUpOption": "The setup option for the data source, which reflects if the evidence collection is automated or manual.
", + "ControlMappingSource$sourceSetUpOption": "The setup option for the data source. This option reflects if the evidence collection is automated or manual.
", "CreateControlMappingSource$sourceSetUpOption": "The setup option for the data source, which reflects if the evidence collection is automated or manual.
" } }, @@ -1506,27 +1592,37 @@ "refs": { "ControlMappingSource$sourceType": "Specifies one of the five types of data sources for evidence collection.
", "CreateControlMappingSource$sourceType": "Specifies one of the five types of data sources for evidence collection.
", - "ListKeywordsForDataSourceRequest$source": "The control mapping data source to which the keywords apply.
" + "ListKeywordsForDataSourceRequest$source": "The control mapping data source that the keywords apply to.
" + } + }, + "StartAssessmentFrameworkShareRequest": { + "base": null, + "refs": { + } + }, + "StartAssessmentFrameworkShareResponse": { + "base": null, + "refs": { } }, "String": { "base": null, "refs": { "AccessDeniedException$message": null, - "AssessmentEvidenceFolder$dataSource": "The Amazon Web Service from which the evidence was collected.
", + "AssessmentEvidenceFolder$dataSource": "The Amazon Web Service that the evidence was collected from.
", "AssessmentEvidenceFolder$author": "The name of the user who created the evidence folder.
", - "Evidence$dataSource": "The data source from which the specified evidence was collected.
", + "Evidence$dataSource": "The data source where the evidence was collected from.
", "Evidence$evidenceByType": "The type of automated evidence.
", "Evidence$complianceCheck": "The evaluation status for evidence that falls under the compliance check category. For evidence collected from Security Hub, a Pass or Fail result is shown. For evidence collected from Config, a Compliant or Noncompliant result is shown.
", - "Evidence$awsOrganization": "The Amazon Web Services account from which the evidence is collected, and its organization path.
", + "Evidence$awsOrganization": "The Amazon Web Services account that the evidence is collected from, and its organization path.
", "Evidence$assessmentReportSelection": "Specifies whether the evidence is included in the assessment report.
", "InternalServerException$message": null, - "Resource$value": "The value of the specified resource.
", + "Resource$value": "The value of the resource.
", "ResourceNotFoundException$message": null, - "ResourceNotFoundException$resourceId": "The unique identifier for the specified resource.
", - "ResourceNotFoundException$resourceType": "The type of resource affected by the error.
", - "UpdateAssessmentControlSetStatusRequest$controlSetId": "The identifier for the specified control set.
", - "ValidateAssessmentReportIntegrityResponse$signatureAlgorithm": "The signature algorithm used to code sign the assessment report file.
", + "ResourceNotFoundException$resourceId": "The unique identifier for the resource.
", + "ResourceNotFoundException$resourceType": "The type of resource that's affected by the error.
", + "UpdateAssessmentControlSetStatusRequest$controlSetId": "The identifier for the control set.
", + "ValidateAssessmentReportIntegrityResponse$signatureAlgorithm": "The signature algorithm that's used to code sign the assessment report file.
", "ValidateAssessmentReportIntegrityResponse$signatureDateTime": "The date and time signature that specifies when the assessment report was created.
", "ValidateAssessmentReportIntegrityResponse$signatureKeyId": "The unique identifier for the validation signature key.
", "ValidationException$message": null, @@ -1550,14 +1646,14 @@ "TagMap": { "base": null, "refs": { - "Assessment$tags": "The tags associated with the assessment.
", + "Assessment$tags": "The tags that are associated with the assessment.
", "Control$tags": "The tags associated with the control.
", - "CreateAssessmentFrameworkRequest$tags": "The tags associated with the framework.
", - "CreateAssessmentRequest$tags": "The tags associated with the assessment.
", - "CreateControlRequest$tags": "The tags associated with the control.
", - "Framework$tags": "The tags associated with the framework.
", - "ListTagsForResourceResponse$tags": " The list of tags returned by the ListTagsForResource API.
The tags to be associated with the resource.
" + "CreateAssessmentFrameworkRequest$tags": "The tags that are associated with the framework.
", + "CreateAssessmentRequest$tags": "The tags that are associated with the assessment.
", + "CreateControlRequest$tags": "The tags that are associated with the control.
", + "Framework$tags": "The tags that are associated with the framework.
", + "ListTagsForResourceResponse$tags": " The list of tags that the ListTagsForResource API returned.
The tags that are associated with the resource.
" } }, "TagResourceRequest": { @@ -1579,9 +1675,9 @@ "TestingInformation": { "base": null, "refs": { - "Control$testingInformation": "The steps to follow to determine if the control has been satisfied.
", - "CreateControlRequest$testingInformation": "The steps to follow to determine if the control has been satisfied.
", - "UpdateControlRequest$testingInformation": "The steps that to follow to determine if the control has been satisfied.
" + "Control$testingInformation": "The steps that you should follow to determine if the control has been satisfied.
", + "CreateControlRequest$testingInformation": "The steps to follow to determine if the control is satisfied.
", + "UpdateControlRequest$testingInformation": "The steps that you should follow to determine if the control is met.
" } }, "Timestamp": { @@ -1590,13 +1686,16 @@ "AssessmentEvidenceFolder$date": "The date when the first evidence was added to the evidence folder.
", "AssessmentFrameworkMetadata$createdAt": "Specifies when the framework was created.
", "AssessmentFrameworkMetadata$lastUpdatedAt": "Specifies when the framework was most recently updated.
", + "AssessmentFrameworkShareRequest$expirationTime": "The time when the share request expires.
", + "AssessmentFrameworkShareRequest$creationTime": "The time when the share request was created.
", + "AssessmentFrameworkShareRequest$lastUpdated": "Specifies when the share request was last updated.
", "AssessmentMetadata$creationTime": "Specifies when the assessment was created.
", "AssessmentMetadata$lastUpdated": "The time of the most recent update.
", "AssessmentMetadataItem$creationTime": "Specifies when the assessment was created.
", "AssessmentMetadataItem$lastUpdated": "The time of the most recent update.
", "AssessmentReport$creationTime": "Specifies when the assessment report was created.
", "AssessmentReportMetadata$creationTime": "Specifies when the assessment report was created.
", - "ChangeLog$createdAt": "The time of creation for the changelog object.
", + "ChangeLog$createdAt": "The time when the action was performed and the changelog record was created.
", "Control$createdAt": "Specifies when the control was created.
", "Control$lastUpdatedAt": "Specifies when the control was most recently updated.
", "ControlComment$postedDate": "The time when the comment was posted.
", @@ -1620,39 +1719,41 @@ "Token": { "base": null, "refs": { - "GetChangeLogsRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "GetChangeLogsResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "GetDelegationsRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "GetDelegationsResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "GetEvidenceByEvidenceFolderRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "GetEvidenceByEvidenceFolderResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "GetEvidenceFoldersByAssessmentControlRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "GetEvidenceFoldersByAssessmentControlResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "GetEvidenceFoldersByAssessmentRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "GetEvidenceFoldersByAssessmentResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "ListAssessmentFrameworksRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "ListAssessmentFrameworksResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "ListAssessmentReportsRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "ListAssessmentReportsResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "ListAssessmentsRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "ListAssessmentsResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "ListControlsRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "ListControlsResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "ListKeywordsForDataSourceRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "ListKeywordsForDataSourceResponse$nextToken": "The pagination token used to fetch the next set of results.
", - "ListNotificationsRequest$nextToken": "The pagination token used to fetch the next set of results.
", - "ListNotificationsResponse$nextToken": "The pagination token used to fetch the next set of results.
" + "GetChangeLogsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetChangeLogsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetDelegationsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetDelegationsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetEvidenceByEvidenceFolderRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetEvidenceByEvidenceFolderResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetEvidenceFoldersByAssessmentControlRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetEvidenceFoldersByAssessmentControlResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetEvidenceFoldersByAssessmentRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "GetEvidenceFoldersByAssessmentResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentFrameworkShareRequestsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentFrameworkShareRequestsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentFrameworksRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentFrameworksResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentReportsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentReportsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListAssessmentsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListControlsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListControlsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListKeywordsForDataSourceRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListKeywordsForDataSourceResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListNotificationsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListNotificationsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
" } }, "TroubleshootingText": { "base": null, "refs": { - "ControlMappingSource$troubleshootingText": "The instructions for troubleshooting the specified control.
", - "CreateControlMappingSource$troubleshootingText": "The instructions for troubleshooting the specified control.
" + "ControlMappingSource$troubleshootingText": "The instructions for troubleshooting the control.
", + "CreateControlMappingSource$troubleshootingText": "The instructions for troubleshooting the control.
" } }, "URL": { - "base": "A uniform resource locator, used as a unique identifier to locate a resource on the internet.
", + "base": "Short for uniform resource locator. A URL is used as a unique identifier to locate a resource on the internet.
", "refs": { "GetAssessmentReportUrlResponse$preSignedUrl": null } @@ -1660,78 +1761,83 @@ "UUID": { "base": null, "refs": { - "AssessmentControl$id": "The identifier for the specified control.
", - "AssessmentEvidenceFolder$assessmentId": "The identifier for the specified assessment.
", - "AssessmentEvidenceFolder$controlId": "The unique identifier for the specified control.
", - "AssessmentEvidenceFolder$id": "The identifier for the folder in which evidence is stored.
", + "AssessmentControl$id": "The identifier for the control.
", + "AssessmentEvidenceFolder$assessmentId": "The identifier for the assessment.
", + "AssessmentEvidenceFolder$controlId": "The unique identifier for the control.
", + "AssessmentEvidenceFolder$id": "The identifier for the folder that the evidence is stored in.
", "AssessmentFramework$id": "The unique identifier for the framework.
", - "AssessmentFrameworkMetadata$id": "The unique identified for the specified framework.
", + "AssessmentFrameworkMetadata$id": "The unique identifier for the framework.
", + "AssessmentFrameworkShareRequest$id": "The unique identifier for the share request.
", + "AssessmentFrameworkShareRequest$frameworkId": "The unique identifier for the shared custom framework.
", "AssessmentMetadata$id": "The unique identifier for the assessment.
", "AssessmentMetadataItem$id": "The unique identifier for the assessment.
", - "AssessmentReport$id": "The unique identifier for the specified assessment report.
", + "AssessmentReport$id": "The unique identifier for the assessment report.
", "AssessmentReport$assessmentId": "The identifier for the specified assessment.
", "AssessmentReportEvidenceError$evidenceId": "The identifier for the evidence.
", "AssessmentReportMetadata$id": "The unique identifier for the assessment report.
", "AssessmentReportMetadata$assessmentId": "The unique identifier for the associated assessment.
", - "AssociateAssessmentReportEvidenceFolderRequest$assessmentId": "The identifier for the specified assessment.
", - "AssociateAssessmentReportEvidenceFolderRequest$evidenceFolderId": "The identifier for the folder in which evidence is stored.
", - "BatchAssociateAssessmentReportEvidenceRequest$assessmentId": "The unique identifier for the specified assessment.
", - "BatchAssociateAssessmentReportEvidenceRequest$evidenceFolderId": "The identifier for the folder in which the evidence is stored.
", - "BatchCreateDelegationByAssessmentRequest$assessmentId": "The identifier for the specified assessment.
", - "BatchDeleteDelegationByAssessmentError$delegationId": "The identifier for the specified delegation.
", - "BatchDeleteDelegationByAssessmentRequest$assessmentId": "The identifier for the specified assessment.
", - "BatchDisassociateAssessmentReportEvidenceRequest$assessmentId": "The identifier for the specified assessment.
", - "BatchDisassociateAssessmentReportEvidenceRequest$evidenceFolderId": "The identifier for the folder in which evidence is stored.
", - "BatchImportEvidenceToAssessmentControlRequest$assessmentId": "The identifier for the specified assessment.
", - "BatchImportEvidenceToAssessmentControlRequest$controlId": "The identifier for the specified control.
", + "AssociateAssessmentReportEvidenceFolderRequest$assessmentId": "The identifier for the assessment.
", + "AssociateAssessmentReportEvidenceFolderRequest$evidenceFolderId": "The identifier for the folder that the evidence is stored in.
", + "BatchAssociateAssessmentReportEvidenceRequest$assessmentId": "The identifier for the assessment.
", + "BatchAssociateAssessmentReportEvidenceRequest$evidenceFolderId": "The identifier for the folder that the evidence is stored in.
", + "BatchCreateDelegationByAssessmentRequest$assessmentId": "The identifier for the assessment.
", + "BatchDeleteDelegationByAssessmentError$delegationId": "The identifier for the delegation.
", + "BatchDeleteDelegationByAssessmentRequest$assessmentId": "The identifier for the assessment.
", + "BatchDisassociateAssessmentReportEvidenceRequest$assessmentId": "The identifier for the assessment.
", + "BatchDisassociateAssessmentReportEvidenceRequest$evidenceFolderId": "The identifier for the folder that the evidence is stored in.
", + "BatchImportEvidenceToAssessmentControlRequest$assessmentId": "The identifier for the assessment.
", + "BatchImportEvidenceToAssessmentControlRequest$controlId": "The identifier for the control.
", "Control$id": "The unique identifier for the control.
", - "ControlMappingSource$sourceId": "The unique identifier for the specified source.
", - "ControlMetadata$id": "The unique identifier for the specified control.
", + "ControlMappingSource$sourceId": "The unique identifier for the source.
", + "ControlMetadata$id": "The unique identifier for the control.
", "ControlSet$id": "The identifier of the control set in the assessment. This is the control set name in a plain string format.
", "CreateAssessmentFrameworkControl$id": "The unique identifier of the control.
", - "CreateAssessmentReportRequest$assessmentId": "The identifier for the specified assessment.
", - "CreateAssessmentRequest$frameworkId": "The identifier for the specified framework.
", + "CreateAssessmentReportRequest$assessmentId": "The identifier for the assessment.
", + "CreateAssessmentRequest$frameworkId": "The identifier for the framework that the assessment will be created from.
", "Delegation$id": "The unique identifier for the delegation.
", - "Delegation$assessmentId": "The identifier for the associated assessment.
", + "Delegation$assessmentId": "The identifier for the assessment that's associated with the delegation.
", "DelegationIds$member": null, "DelegationMetadata$id": "The unique identifier for the delegation.
", - "DelegationMetadata$assessmentId": "The unique identifier for the specified assessment.
", - "DeleteAssessmentFrameworkRequest$frameworkId": "The identifier for the specified framework.
", - "DeleteAssessmentReportRequest$assessmentId": "The identifier for the specified assessment.
", + "DelegationMetadata$assessmentId": "The unique identifier for the assessment.
", + "DeleteAssessmentFrameworkRequest$frameworkId": "The identifier for the framework.
", + "DeleteAssessmentFrameworkShareRequest$requestId": "The unique identifier for the share request to be deleted.
", + "DeleteAssessmentReportRequest$assessmentId": "The identifier for the assessment.
", "DeleteAssessmentReportRequest$assessmentReportId": "The unique identifier for the assessment report.
", - "DeleteAssessmentRequest$assessmentId": "The identifier for the specified assessment.
", - "DeleteControlRequest$controlId": "The identifier for the specified control.
", - "DisassociateAssessmentReportEvidenceFolderRequest$assessmentId": "The identifier for the specified assessment.
", + "DeleteAssessmentRequest$assessmentId": "The identifier for the assessment.
", + "DeleteControlRequest$controlId": "The identifier for the control.
", + "DisassociateAssessmentReportEvidenceFolderRequest$assessmentId": "The identifier for the assessment.
", "DisassociateAssessmentReportEvidenceFolderRequest$evidenceFolderId": "The identifier for the folder in which evidence is stored.
", - "Evidence$evidenceFolderId": "The identifier for the folder in which the evidence is stored.
", + "Evidence$evidenceFolderId": "The identifier for the folder that the evidence is stored in.
", "Evidence$id": "The identifier for the evidence.
", "EvidenceIds$member": null, - "Framework$id": "The unique identifier for the specified framework.
", - "GetAssessmentFrameworkRequest$frameworkId": "The identifier for the specified framework.
", + "Framework$id": "The unique identifier for the framework.
", + "GetAssessmentFrameworkRequest$frameworkId": "The identifier for the framework.
", "GetAssessmentReportUrlRequest$assessmentReportId": "The identifier for the assessment report.
", - "GetAssessmentReportUrlRequest$assessmentId": "The identifier for the specified assessment.
", - "GetAssessmentRequest$assessmentId": "The identifier for the specified assessment.
", - "GetChangeLogsRequest$assessmentId": "The identifier for the specified assessment.
", - "GetChangeLogsRequest$controlId": "The identifier for the specified control.
", - "GetControlRequest$controlId": "The identifier for the specified control.
", - "GetEvidenceByEvidenceFolderRequest$assessmentId": "The identifier for the specified assessment.
", - "GetEvidenceByEvidenceFolderRequest$evidenceFolderId": "The unique identifier for the folder in which the evidence is stored.
", - "GetEvidenceFolderRequest$assessmentId": "The identifier for the specified assessment.
", - "GetEvidenceFolderRequest$evidenceFolderId": "The identifier for the folder in which the evidence is stored.
", - "GetEvidenceFoldersByAssessmentControlRequest$assessmentId": "The identifier for the specified assessment.
", - "GetEvidenceFoldersByAssessmentControlRequest$controlId": "The identifier for the specified control.
", - "GetEvidenceFoldersByAssessmentRequest$assessmentId": "The identifier for the specified assessment.
", - "GetEvidenceRequest$assessmentId": "The identifier for the specified assessment.
", - "GetEvidenceRequest$evidenceFolderId": "The identifier for the folder in which the evidence is stored.
", + "GetAssessmentReportUrlRequest$assessmentId": "The identifier for the assessment.
", + "GetAssessmentRequest$assessmentId": "The identifier for the assessment.
", + "GetChangeLogsRequest$assessmentId": "The identifier for the assessment.
", + "GetChangeLogsRequest$controlId": "The identifier for the control.
", + "GetControlRequest$controlId": "The identifier for the control.
", + "GetEvidenceByEvidenceFolderRequest$assessmentId": "The identifier for the assessment.
", + "GetEvidenceByEvidenceFolderRequest$evidenceFolderId": "The unique identifier for the folder that the evidence is stored in.
", + "GetEvidenceFolderRequest$assessmentId": "The identifier for the assessment.
", + "GetEvidenceFolderRequest$evidenceFolderId": "The identifier for the folder that the evidence is stored in.
", + "GetEvidenceFoldersByAssessmentControlRequest$assessmentId": "The identifier for the assessment.
", + "GetEvidenceFoldersByAssessmentControlRequest$controlId": "The identifier for the control.
", + "GetEvidenceFoldersByAssessmentRequest$assessmentId": "The identifier for the assessment.
", + "GetEvidenceRequest$assessmentId": "The identifier for the assessment.
", + "GetEvidenceRequest$evidenceFolderId": "The identifier for the folder that the evidence is stored in.
", "GetEvidenceRequest$evidenceId": "The identifier for the evidence.
", - "Notification$assessmentId": "The identifier for the specified assessment.
", - "UpdateAssessmentControlRequest$assessmentId": "The identifier for the specified assessment.
", - "UpdateAssessmentControlRequest$controlId": "The identifier for the specified control.
", - "UpdateAssessmentControlSetStatusRequest$assessmentId": "The identifier for the specified assessment.
", - "UpdateAssessmentFrameworkRequest$frameworkId": "The identifier for the specified framework.
", - "UpdateAssessmentRequest$assessmentId": "The identifier for the specified assessment.
", - "UpdateAssessmentStatusRequest$assessmentId": "The identifier for the specified assessment.
", - "UpdateControlRequest$controlId": "The identifier for the specified control.
" + "Notification$assessmentId": "The identifier for the assessment.
", + "StartAssessmentFrameworkShareRequest$frameworkId": "The unique identifier for the custom framework to be shared.
", + "UpdateAssessmentControlRequest$assessmentId": "The identifier for the assessment.
", + "UpdateAssessmentControlRequest$controlId": "The identifier for the control.
", + "UpdateAssessmentControlSetStatusRequest$assessmentId": "The identifier for the assessment.
", + "UpdateAssessmentFrameworkRequest$frameworkId": "The identifier for the framework.
", + "UpdateAssessmentFrameworkShareRequest$requestId": "The unique identifier for the share request.
", + "UpdateAssessmentRequest$assessmentId": "The identifier for the assessment.
", + "UpdateAssessmentStatusRequest$assessmentId": "The identifier for the assessment.
", + "UpdateControlRequest$controlId": "The identifier for the control.
" } }, "UntagResourceRequest": { @@ -1765,7 +1871,7 @@ } }, "UpdateAssessmentFrameworkControlSet": { - "base": " A controlSet entity that represents a collection of controls in Audit Manager. This does not contain the control set ID.
A controlSet entity that represents a collection of controls in Audit Manager. This doesn't contain the control set ID.
The control sets associated with the framework.
" + "UpdateAssessmentFrameworkRequest$controlSets": "The control sets that are associated with the framework.
" } }, "UpdateAssessmentFrameworkRequest": { @@ -1786,6 +1892,16 @@ "refs": { } }, + "UpdateAssessmentFrameworkShareRequest": { + "base": null, + "refs": { + } + }, + "UpdateAssessmentFrameworkShareResponse": { + "base": null, + "refs": { + } + }, "UpdateAssessmentRequest": { "base": null, "refs": { @@ -1862,7 +1978,7 @@ } }, "ValidationExceptionField": { - "base": "Indicates that the request has invalid or missing parameters for the specified field.
", + "base": "Indicates that the request has invalid or missing parameters for the field.
", "refs": { "ValidationExceptionFieldList$member": null } @@ -1882,8 +1998,8 @@ "organizationId": { "base": null, "refs": { - "GetOrganizationAdminAccountResponse$organizationId": "The identifier for the specified organization.
", - "RegisterOrganizationAdminAccountResponse$organizationId": "The identifier for the specified organization.
" + "GetOrganizationAdminAccountResponse$organizationId": "The identifier for the organization.
", + "RegisterOrganizationAdminAccountResponse$organizationId": "The identifier for the organization.
" } } } diff --git a/models/apis/auditmanager/2017-07-25/paginators-1.json b/models/apis/auditmanager/2017-07-25/paginators-1.json index 33fc6b66d95..cd49a0ed782 100644 --- a/models/apis/auditmanager/2017-07-25/paginators-1.json +++ b/models/apis/auditmanager/2017-07-25/paginators-1.json @@ -25,6 +25,11 @@ "output_token": "nextToken", "limit_key": "maxResults" }, + "ListAssessmentFrameworkShareRequests": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults" + }, "ListAssessmentFrameworks": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index c741f1d9948..8ca3154ec16 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -35254,6 +35254,18 @@ "shape":"String", "locationName":"transitGatewayId" }, + "CoreNetworkArn":{ + "shape":"String", + "locationName":"coreNetworkArn" + }, + "CoreNetworkAttachmentArn":{ + "shape":"String", + "locationName":"coreNetworkAttachmentArn" + }, + "GatewayAssociationState":{ + "shape":"String", + "locationName":"gatewayAssociationState" + }, "Options":{ "shape":"VpnConnectionOptions", "locationName":"options" diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index cfa70980574..3c53b87ea2c 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -16046,6 +16046,9 @@ "VpnConnection$VpnConnectionId": "The ID of the VPN connection.
", "VpnConnection$VpnGatewayId": "The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.
", "VpnConnection$TransitGatewayId": "The ID of the transit gateway associated with the VPN connection.
", + "VpnConnection$CoreNetworkArn": "The ARN of the core network.
", + "VpnConnection$CoreNetworkAttachmentArn": "The ARN of the core network attachment.
", + "VpnConnection$GatewayAssociationState": "The current state of the gateway association.
", "VpnConnectionDeviceType$VpnConnectionDeviceTypeId": "Customer gateway device identifier.
", "VpnConnectionDeviceType$Vendor": "Customer gateway device vendor.
", "VpnConnectionDeviceType$Platform": "Customer gateway device platform.
", diff --git a/models/apis/rds/2014-10-31/api-2.json b/models/apis/rds/2014-10-31/api-2.json index 58c73331445..c82d4f93c25 100644 --- a/models/apis/rds/2014-10-31/api-2.json +++ b/models/apis/rds/2014-10-31/api-2.json @@ -246,6 +246,23 @@ {"shape":"KMSKeyNotAccessibleFault"} ] }, + "CreateCustomDBEngineVersion":{ + "name":"CreateCustomDBEngineVersion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateCustomDBEngineVersionMessage"}, + "output":{ + "shape":"DBEngineVersion", + "resultWrapper":"CreateCustomDBEngineVersionResult" + }, + "errors":[ + {"shape":"CustomDBEngineVersionAlreadyExistsFault"}, + {"shape":"CustomDBEngineVersionQuotaExceededFault"}, + {"shape":"KMSKeyNotAccessibleFault"} + ] + }, "CreateDBCluster":{ "name":"CreateDBCluster", "http":{ @@ -576,6 +593,22 @@ {"shape":"KMSKeyNotAccessibleFault"} ] }, + "DeleteCustomDBEngineVersion":{ + "name":"DeleteCustomDBEngineVersion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteCustomDBEngineVersionMessage"}, + "output":{ + "shape":"DBEngineVersion", + "resultWrapper":"DeleteCustomDBEngineVersionResult" + }, + "errors":[ + {"shape":"CustomDBEngineVersionNotFoundFault"}, + {"shape":"InvalidCustomDBEngineVersionStateFault"} + ] + }, "DeleteDBCluster":{ "name":"DeleteDBCluster", "http":{ @@ -1537,6 +1570,22 @@ {"shape":"InvalidDBClusterCapacityFault"} ] }, + "ModifyCustomDBEngineVersion":{ + "name":"ModifyCustomDBEngineVersion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyCustomDBEngineVersionMessage"}, + "output":{ + "shape":"DBEngineVersion", + "resultWrapper":"ModifyCustomDBEngineVersionResult" + }, + "errors":[ + {"shape":"CustomDBEngineVersionNotFoundFault"}, + {"shape":"InvalidCustomDBEngineVersionStateFault"} + ] + }, "ModifyDBCluster":{ "name":"ModifyDBCluster", "http":{ @@ -2585,6 +2634,13 @@ "DBSecurityGroup":{"shape":"DBSecurityGroup"} } }, + "AutomationMode":{ + "type":"string", + "enum":[ + "full", + "all-paused" + ] + }, "AvailabilityZone":{ "type":"structure", "members":{ @@ -2655,6 +2711,12 @@ }, "Boolean":{"type":"boolean"}, "BooleanOptional":{"type":"boolean"}, + "BucketName":{ + "type":"string", + "max":63, + "min":3, + "pattern":".*" + }, "CancelExportTaskMessage":{ "type":"structure", "required":["ExportTaskIdentifier"], @@ -2865,6 +2927,26 @@ "CustomAvailabilityZone":{"shape":"CustomAvailabilityZone"} } }, + "CreateCustomDBEngineVersionMessage":{ + "type":"structure", + "required":[ + "Engine", + "EngineVersion", + "DatabaseInstallationFilesS3BucketName", + "KMSKeyId", + "Manifest" + ], + "members":{ + "Engine":{"shape":"CustomEngineName"}, + "EngineVersion":{"shape":"CustomEngineVersion"}, + "DatabaseInstallationFilesS3BucketName":{"shape":"BucketName"}, + "DatabaseInstallationFilesS3Prefix":{"shape":"String255"}, + "KMSKeyId":{"shape":"KmsKeyIdOrArn"}, + "Description":{"shape":"Description"}, + "Manifest":{"shape":"CustomDBEngineVersionManifest"}, + "Tags":{"shape":"TagList"} + } + }, "CreateDBClusterEndpointMessage":{ "type":"structure", "required":[ @@ -3022,7 +3104,8 @@ "ProcessorFeatures":{"shape":"ProcessorFeatureList"}, "DeletionProtection":{"shape":"BooleanOptional"}, "MaxAllocatedStorage":{"shape":"IntegerOptional"}, - "EnableCustomerOwnedIp":{"shape":"BooleanOptional"} + "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, + "CustomIamInstanceProfile":{"shape":"String"} } }, "CreateDBInstanceReadReplicaMessage":{ @@ -3063,7 +3146,8 @@ "Domain":{"shape":"String"}, "DomainIAMRoleName":{"shape":"String"}, "ReplicaMode":{"shape":"ReplicaMode"}, - "MaxAllocatedStorage":{"shape":"IntegerOptional"} + "MaxAllocatedStorage":{"shape":"IntegerOptional"}, + "CustomIamInstanceProfile":{"shape":"String"} } }, "CreateDBInstanceReadReplicaResult":{ @@ -3323,6 +3407,65 @@ }, "exception":true }, + "CustomDBEngineVersionAlreadyExistsFault":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"CustomDBEngineVersionAlreadyExistsFault", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "CustomDBEngineVersionManifest":{ + "type":"string", + "max":51000, + "min":1, + "pattern":"[\\s\\S]*" + }, + "CustomDBEngineVersionNotFoundFault":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"CustomDBEngineVersionNotFoundFault", + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "CustomDBEngineVersionQuotaExceededFault":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"CustomDBEngineVersionQuotaExceededFault", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "CustomEngineName":{ + "type":"string", + "max":35, + "min":1, + "pattern":"^[A-Za-z0-9-]{1,35}$" + }, + "CustomEngineVersion":{ + "type":"string", + "max":60, + "min":1, + "pattern":"^(11\\.\\d{1}|12\\.\\d{1}|18|19)(\\.[a-zA-Z0-9_.-]{1,50})$" + }, + "CustomEngineVersionStatus":{ + "type":"string", + "enum":[ + "available", + "inactive", + "inactive-except-restore" + ] + }, "DBCluster":{ "type":"structure", "members":{ @@ -3780,7 +3923,14 @@ "SupportedFeatureNames":{"shape":"FeatureNameList"}, "Status":{"shape":"String"}, "SupportsParallelQuery":{"shape":"Boolean"}, - "SupportsGlobalDatabases":{"shape":"Boolean"} + "SupportsGlobalDatabases":{"shape":"Boolean"}, + "MajorEngineVersion":{"shape":"String"}, + "DatabaseInstallationFilesS3BucketName":{"shape":"String"}, + "DatabaseInstallationFilesS3Prefix":{"shape":"String"}, + "DBEngineVersionArn":{"shape":"String"}, + "KMSKeyId":{"shape":"String"}, + "CreateTime":{"shape":"TStamp"}, + "TagList":{"shape":"TagList"} } }, "DBEngineVersionList":{ @@ -3869,7 +4019,10 @@ "ActivityStreamKmsKeyId":{"shape":"String"}, "ActivityStreamKinesisStreamName":{"shape":"String"}, "ActivityStreamMode":{"shape":"ActivityStreamMode"}, - "ActivityStreamEngineNativeAuditFieldsIncluded":{"shape":"BooleanOptional"} + "ActivityStreamEngineNativeAuditFieldsIncluded":{"shape":"BooleanOptional"}, + "AutomationMode":{"shape":"AutomationMode"}, + "ResumeFullAutomationModeTime":{"shape":"TStamp"}, + "CustomIamInstanceProfile":{"shape":"String"} }, "wrapper":true }, @@ -4665,6 +4818,17 @@ "CustomAvailabilityZone":{"shape":"CustomAvailabilityZone"} } }, + "DeleteCustomDBEngineVersionMessage":{ + "type":"structure", + "required":[ + "Engine", + "EngineVersion" + ], + "members":{ + "Engine":{"shape":"CustomEngineName"}, + "EngineVersion":{"shape":"CustomEngineVersion"} + } + }, "DeleteDBClusterEndpointMessage":{ "type":"structure", "required":["DBClusterEndpointIdentifier"], @@ -5343,6 +5507,12 @@ "ValidDBInstanceModificationsMessage":{"shape":"ValidDBInstanceModificationsMessage"} } }, + "Description":{ + "type":"string", + "max":1000, + "min":1, + "pattern":".*" + }, "DomainMembership":{ "type":"structure", "members":{ @@ -5937,6 +6107,17 @@ }, "Integer":{"type":"integer"}, "IntegerOptional":{"type":"integer"}, + "InvalidCustomDBEngineVersionStateFault":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"InvalidCustomDBEngineVersionStateFault", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "InvalidDBClusterCapacityFault":{ "type":"structure", "members":{ @@ -6216,6 +6397,12 @@ "type":"list", "member":{"shape":"String"} }, + "KmsKeyIdOrArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"[a-zA-Z0-9_:\\-\\/]+" + }, "ListTagsForResourceMessage":{ "type":"structure", "required":["ResourceName"], @@ -6272,6 +6459,19 @@ "TimeoutAction":{"shape":"String"} } }, + "ModifyCustomDBEngineVersionMessage":{ + "type":"structure", + "required":[ + "Engine", + "EngineVersion" + ], + "members":{ + "Engine":{"shape":"CustomEngineName"}, + "EngineVersion":{"shape":"CustomEngineVersion"}, + "Description":{"shape":"Description"}, + "Status":{"shape":"CustomEngineVersionStatus"} + } + }, "ModifyDBClusterEndpointMessage":{ "type":"structure", "required":["DBClusterEndpointIdentifier"], @@ -6396,7 +6596,9 @@ "CertificateRotationRestart":{"shape":"BooleanOptional"}, "ReplicaMode":{"shape":"ReplicaMode"}, "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, - "AwsBackupRecoveryPointArn":{"shape":"AwsBackupRecoveryPointArn"} + "AwsBackupRecoveryPointArn":{"shape":"AwsBackupRecoveryPointArn"}, + "AutomationMode":{"shape":"AutomationMode"}, + "ResumeFullAutomationModeMinutes":{"shape":"IntegerOptional"} } }, "ModifyDBInstanceResult":{ @@ -6935,7 +7137,9 @@ "DBSubnetGroupName":{"shape":"String"}, "PendingCloudwatchLogsExports":{"shape":"PendingCloudwatchLogsExports"}, "ProcessorFeatures":{"shape":"ProcessorFeatureList"}, - "IAMDatabaseAuthenticationEnabled":{"shape":"BooleanOptional"} + "IAMDatabaseAuthenticationEnabled":{"shape":"BooleanOptional"}, + "AutomationMode":{"shape":"AutomationMode"}, + "ResumeFullAutomationModeTime":{"shape":"TStamp"} } }, "PointInTimeRestoreNotEnabledFault":{ @@ -7484,7 +7688,8 @@ "UseDefaultProcessorFeatures":{"shape":"BooleanOptional"}, "DBParameterGroupName":{"shape":"String"}, "DeletionProtection":{"shape":"BooleanOptional"}, - "EnableCustomerOwnedIp":{"shape":"BooleanOptional"} + "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, + "CustomIamInstanceProfile":{"shape":"String"} } }, "RestoreDBInstanceFromDBSnapshotResult":{ @@ -7594,7 +7799,8 @@ "SourceDbiResourceId":{"shape":"String"}, "MaxAllocatedStorage":{"shape":"IntegerOptional"}, "SourceDBInstanceAutomatedBackupsArn":{"shape":"String"}, - "EnableCustomerOwnedIp":{"shape":"BooleanOptional"} + "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, + "CustomIamInstanceProfile":{"shape":"String"} } }, "RestoreDBInstanceToPointInTimeResult":{ @@ -7753,7 +7959,8 @@ "db-security-group", "db-snapshot", "db-cluster", - "db-cluster-snapshot" + "db-cluster-snapshot", + "custom-engine-version" ] }, "StartActivityStreamRequest":{ @@ -7922,6 +8129,12 @@ "exception":true }, "String":{"type":"string"}, + "String255":{ + "type":"string", + "max":255, + "min":1, + "pattern":".*" + }, "StringList":{ "type":"list", "member":{"shape":"String"} diff --git a/models/apis/rds/2014-10-31/docs-2.json b/models/apis/rds/2014-10-31/docs-2.json index a6a557880cb..90db177f370 100644 --- a/models/apis/rds/2014-10-31/docs-2.json +++ b/models/apis/rds/2014-10-31/docs-2.json @@ -3,7 +3,7 @@ "service": "
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizeable capacity for an industry-standard relational database and manages common database administration tasks, freeing up developers to focus on what makes their applications and businesses unique.
Amazon RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server. These capabilities mean that the code, applications, and tools you already use today with your existing databases work with Amazon RDS without modification. Amazon RDS automatically backs up your database and maintains the database software that powers your DB instance. Amazon RDS is flexible: you can scale your DB instance's compute resources and storage capacity to meet your application's demand. As with all Amazon Web Services, there are no up-front investments, and you pay only for the resources you use.
This interface reference for Amazon RDS contains documentation for a programming or command line interface you can use to manage Amazon RDS. Amazon RDS is asynchronous, which means that some interfaces might require techniques such as polling or callback functions to determine when a command has been applied. In this reference, the parameter descriptions indicate whether a command is applied immediately, on the next instance reboot, or during the maintenance window. The reference structure is as follows, and we list following some related topics from the user guide.
Amazon RDS API Reference
For the alphabetical list of API actions, see API Actions.
For the alphabetical list of data types, see Data Types.
For a list of common query parameters, see Common Parameters.
For descriptions of the error codes, see Common Errors.
Amazon RDS User Guide
For a summary of the Amazon RDS interfaces, see Available RDS Interfaces.
For more information about how to use the Query API, see Using the Query API.
Associates an Identity and Access Management (IAM) role from an Amazon Aurora DB cluster. For more information, see Authorizing Amazon Aurora MySQL to Access Other Amazon Web Services Services on Your Behalf in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Associates an Amazon Web Services Identity and Access Management (IAM) role with a DB instance.
To add a role to a DB instance, the status of the DB instance must be available.
Associates an Amazon Web Services Identity and Access Management (IAM) role with a DB instance.
To add a role to a DB instance, the status of the DB instance must be available.
This command doesn't apply to RDS Custom.
", "AddSourceIdentifierToSubscription": "Adds a source identifier to an existing RDS event notification subscription.
", "AddTagsToResource": "Adds metadata tags to an Amazon RDS resource. These tags can also be used with cost allocation reporting to track cost associated with Amazon RDS resources, or used in a Condition statement in an IAM policy for Amazon RDS.
For an overview on tagging Amazon RDS resources, see Tagging Amazon RDS Resources.
", "ApplyPendingMaintenanceAction": "Applies a pending maintenance action to a resource (for example, to a DB instance).
", @@ -11,18 +11,19 @@ "BacktrackDBCluster": "Backtracks a DB cluster to a specific time, without creating a new DB cluster.
For more information on backtracking, see Backtracking an Aurora DB Cluster in the Amazon Aurora User Guide.
This action only applies to Aurora MySQL DB clusters.
Cancels an export task in progress that is exporting a snapshot to Amazon S3. Any data that has already been written to the S3 bucket isn't removed.
", "CopyDBClusterParameterGroup": "Copies the specified DB cluster parameter group.
This action only applies to Aurora DB clusters.
Copies a snapshot of a DB cluster.
To copy a DB cluster snapshot from a shared manual DB cluster snapshot, SourceDBClusterSnapshotIdentifier must be the Amazon Resource Name (ARN) of the shared DB cluster snapshot.
You can copy an encrypted DB cluster snapshot from another Amazon Web Services Region. In that case, the Amazon Web Services Region where you call the CopyDBClusterSnapshot action is the destination Amazon Web Services Region for the encrypted DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot from another Amazon Web Services Region, you must provide the following values:
KmsKeyId - The Amazon Web Services Key Management System (Amazon Web Services KMS) key identifier for the key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region.
PreSignedUrl - A URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot action to be called in the source Amazon Web Services Region where the DB cluster snapshot is copied from. The pre-signed URL must be a valid request for the CopyDBClusterSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to be copied.
The pre-signed URL request must contain the following parameter values:
KmsKeyId - The Amazon Web Services KMS key identifier for the customer master key (CMK) to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.
DestinationRegion - The name of the Amazon Web Services Region that the DB cluster snapshot is to be created in.
SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBClusterSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
TargetDBClusterSnapshotIdentifier - The identifier for the new copy of the DB cluster snapshot in the destination Amazon Web Services Region.
SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the ARN format for the source Amazon Web Services Region and is the same value as the SourceDBClusterSnapshotIdentifier in the pre-signed URL.
To cancel the copy operation once it is in progress, delete the target DB cluster snapshot identified by TargetDBClusterSnapshotIdentifier while that DB cluster snapshot is in \"copying\" status.
For more information on copying encrypted DB cluster snapshots from one Amazon Web Services Region to another, see Copying a Snapshot in the Amazon Aurora User Guide.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Copies a snapshot of a DB cluster.
To copy a DB cluster snapshot from a shared manual DB cluster snapshot, SourceDBClusterSnapshotIdentifier must be the Amazon Resource Name (ARN) of the shared DB cluster snapshot.
You can copy an encrypted DB cluster snapshot from another Amazon Web Services Region. In that case, the Amazon Web Services Region where you call the CopyDBClusterSnapshot action is the destination Amazon Web Services Region for the encrypted DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot from another Amazon Web Services Region, you must provide the following values:
KmsKeyId - The Amazon Web Services Key Management System (Amazon Web Services KMS) key identifier for the key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region.
PreSignedUrl - A URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot action to be called in the source Amazon Web Services Region where the DB cluster snapshot is copied from. The pre-signed URL must be a valid request for the CopyDBClusterSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to be copied.
The pre-signed URL request must contain the following parameter values:
KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.
DestinationRegion - The name of the Amazon Web Services Region that the DB cluster snapshot is to be created in.
SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBClusterSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
TargetDBClusterSnapshotIdentifier - The identifier for the new copy of the DB cluster snapshot in the destination Amazon Web Services Region.
SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the ARN format for the source Amazon Web Services Region and is the same value as the SourceDBClusterSnapshotIdentifier in the pre-signed URL.
To cancel the copy operation once it is in progress, delete the target DB cluster snapshot identified by TargetDBClusterSnapshotIdentifier while that DB cluster snapshot is in \"copying\" status.
For more information on copying encrypted DB cluster snapshots from one Amazon Web Services Region to another, see Copying a Snapshot in the Amazon Aurora User Guide.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Copies the specified DB parameter group.
", - "CopyDBSnapshot": "Copies the specified DB snapshot. The source DB snapshot must be in the available state.
You can copy a snapshot from one Amazon Web Services Region to another. In that case, the Amazon Web Services Region where you call the CopyDBSnapshot action is the destination Amazon Web Services Region for the DB snapshot copy.
For more information about copying snapshots, see Copying a DB Snapshot in the Amazon RDS User Guide.
", + "CopyDBSnapshot": "Copies the specified DB snapshot. The source DB snapshot must be in the available state.
You can copy a snapshot from one Amazon Web Services Region to another. In that case, the Amazon Web Services Region where you call the CopyDBSnapshot action is the destination Amazon Web Services Region for the DB snapshot copy.
This command doesn't apply to RDS Custom.
For more information about copying snapshots, see Copying a DB Snapshot in the Amazon RDS User Guide.
", "CopyOptionGroup": "Copies the specified option group.
", "CreateCustomAvailabilityZone": "Creates a custom Availability Zone (AZ).
A custom AZ is an on-premises AZ that is integrated with a VMware vSphere cluster.
For more information about RDS on VMware, see the RDS on VMware User Guide.
", + "CreateCustomDBEngineVersion": "Creates a custom DB engine version (CEV). A CEV is a binary volume snapshot of a database engine and specific AMI. The only supported engine is Oracle Database 19c Enterprise Edition with the January 2021 or later RU/RUR. For more information, see Amazon RDS Custom requirements and limitations in the Amazon RDS User Guide.
Amazon RDS, which is a fully managed service, supplies the Amazon Machine Image (AMI) and database software. The Amazon RDS database software is preinstalled, so you need only select a DB engine and version, and create your database. With Amazon RDS Custom, you upload your database installation files in Amazon S3. For more information, see Preparing to create a CEV in the Amazon RDS User Guide.
When you create a custom engine version, you specify the files in a JSON document called a CEV manifest. This document describes installation .zip files stored in Amazon S3. RDS Custom creates your CEV from the installation files that you provided. This service model is called Bring Your Own Media (BYOM).
Creation takes approximately two hours. If creation fails, RDS Custom issues RDS-EVENT-0196 with the message Creation failed for custom engine version, and includes details about the failure. For example, the event prints missing files.
After you create the CEV, it is available for use. You can create multiple CEVs, and create multiple RDS Custom instances from any CEV. You can also change the status of a CEV to make it available or inactive.
The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the CreateCustomDbEngineVersion event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the CreateCustomDbEngineVersion event.
For more information, see Creating a CEV in the Amazon RDS User Guide.
", "CreateDBCluster": "Creates a new Amazon Aurora DB cluster.
You can use the ReplicationSourceIdentifier parameter to create the DB cluster as a read replica of another DB cluster or Amazon RDS MySQL or PostgreSQL DB instance. For cross-region replication where the DB cluster identified by ReplicationSourceIdentifier is encrypted, you must also specify the PreSignedUrl parameter.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Creates a new custom endpoint and associates it with an Amazon Aurora DB cluster.
This action only applies to Aurora DB clusters.
Creates a new DB cluster parameter group.
Parameters in a DB cluster parameter group apply to all of the instances in a DB cluster.
A DB cluster parameter group is initially created with the default parameters for the database engine used by instances in the DB cluster. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBClusterParameterGroup. Once you've created a DB cluster parameter group, you need to associate it with your DB cluster using ModifyDBCluster. When you associate a new DB cluster parameter group with a running DB cluster, you need to reboot the DB instances in the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect.
After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the DB cluster parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters action to verify that your DB cluster parameter group has been created or modified.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Creates a snapshot of a DB cluster. For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Creates a new DB instance.
", "CreateDBInstanceReadReplica": "Creates a new DB instance that acts as a read replica for an existing source DB instance. You can create a read replica for a DB instance running MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server. For more information, see Working with Read Replicas in the Amazon RDS User Guide.
Amazon Aurora doesn't support this action. Call the CreateDBInstance action to create a DB instance for an Aurora DB cluster.
All read replica DB instances are created with backups disabled. All other DB instance attributes (including DB security groups and DB parameter groups) are inherited from the source DB instance, except as specified.
Your source DB instance must have backup retention enabled.
Creates a new DB parameter group.
A DB parameter group is initially created with the default parameters for the database engine used by the DB instance. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBParameterGroup. Once you've created a DB parameter group, you need to associate it with your DB instance using ModifyDBInstance. When you associate a new DB parameter group with a running DB instance, you need to reboot the DB instance without failover for the new DB parameter group and associated settings to take effect.
After you create a DB parameter group, you should wait at least 5 minutes before creating your first DB instance that uses that DB parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB instance. This is especially important for parameters that are critical when creating the default database for a DB instance, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBParameters command to verify that your DB parameter group has been created or modified.
Creates a new DB parameter group.
A DB parameter group is initially created with the default parameters for the database engine used by the DB instance. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBParameterGroup. Once you've created a DB parameter group, you need to associate it with your DB instance using ModifyDBInstance. When you associate a new DB parameter group with a running DB instance, you need to reboot the DB instance without failover for the new DB parameter group and associated settings to take effect.
This command doesn't apply to RDS Custom.
After you create a DB parameter group, you should wait at least 5 minutes before creating your first DB instance that uses that DB parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB instance. This is especially important for parameters that are critical when creating the default database for a DB instance, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBParameters command to verify that your DB parameter group has been created or modified.
Creates a new DB proxy.
", "CreateDBProxyEndpoint": " Creates a DBProxyEndpoint. Only applies to proxies that are associated with Aurora DB clusters. You can use DB proxy endpoints to specify read/write or read-only access to the DB cluster. You can also use DB proxy endpoints to access a DB proxy through a different VPC than the proxy's default VPC.
Creates a new DB security group. DB security groups control access to a DB instance.
A DB security group controls access to EC2-Classic DB instances that are not in a VPC.
Creates a new DB subnet group. DB subnet groups must contain at least one subnet in at least two AZs in the Amazon Web Services Region.
", "CreateEventSubscription": "Creates an RDS event notification subscription. This action requires a topic Amazon Resource Name (ARN) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.
You can specify the type of source (SourceType) that you want to be notified of and provide a list of RDS sources (SourceIds) that triggers the events. You can also provide a list of event categories (EventCategories) for events that you want to be notified of. For example, you can specify SourceType = db-instance, SourceIds = mydbinstance1, mydbinstance2 and EventCategories = Availability, Backup.
If you specify both the SourceType and SourceIds, such as SourceType = db-instance and SourceIdentifier = myDBInstance1, you are notified of all the db-instance events for the specified source. If you specify a SourceType but do not specify a SourceIdentifier, you receive notice of the events for that source type for all your RDS sources. If you don't specify either the SourceType or the SourceIdentifier, you are notified of events generated from all RDS sources belonging to your customer account.
RDS event notification is only available for unencrypted SNS topics. If you specify an encrypted SNS topic, event notifications aren't sent for the topic.
Creates an Aurora global database spread across multiple Amazon Web Services Regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.
You can create a global database that is initially empty, and then add a primary cluster and a secondary cluster to it. Or you can specify an existing Aurora cluster during the create operation, and this cluster becomes the primary cluster of the global database.
This action only applies to Aurora DB clusters.
Creates a new option group. You can create up to 20 option groups.
", + "CreateOptionGroup": "Creates a new option group. You can create up to 20 option groups.
This command doesn't apply to RDS Custom.
", "DeleteCustomAvailabilityZone": "Deletes a custom Availability Zone (AZ).
A custom AZ is an on-premises AZ that is integrated with a VMware vSphere cluster.
For more information about RDS on VMware, see the RDS on VMware User Guide.
", + "DeleteCustomDBEngineVersion": "Deletes a custom engine version. To run this command, make sure you meet the following prerequisites:
The CEV must not be the default for RDS Custom. If it is, change the default before running this command.
The CEV must not be associated with an RDS Custom DB instance, RDS Custom instance snapshot, or automated backup of your RDS Custom instance.
Typically, deletion takes a few minutes.
The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the DeleteCustomDbEngineVersion event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the DeleteCustomDbEngineVersion event.
For more information, see Deleting a CEV in the Amazon RDS User Guide.
", "DeleteDBCluster": "The DeleteDBCluster action deletes a previously provisioned DB cluster. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the specified DB cluster are not deleted.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Deletes a custom endpoint and removes it from an Amazon Aurora DB cluster.
This action only applies to Aurora DB clusters.
Deletes a specified DB cluster parameter group. The DB cluster parameter group to be deleted can't be associated with any DB clusters.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Returns a list of the available DB engines.
", "DescribeDBInstanceAutomatedBackups": "Displays backups for both current and deleted instances. For example, use this operation to find details about automated backups for previously deleted instances. Current instances with retention periods greater than zero (0) are returned for both the DescribeDBInstanceAutomatedBackups and DescribeDBInstances operations.
All parameters are optional.
", "DescribeDBInstances": "Returns information about provisioned RDS instances. This API supports pagination.
This operation can also return information for Amazon Neptune DB instances and Amazon DocumentDB instances.
Returns a list of DB log files for the DB instance.
", + "DescribeDBLogFiles": "Returns a list of DB log files for the DB instance.
This command doesn't apply to RDS Custom.
", "DescribeDBParameterGroups": " Returns a list of DBParameterGroup descriptions. If a DBParameterGroupName is specified, the list will contain only the description of the specified DB parameter group.
Returns the detailed parameter list for a particular DB parameter group.
", "DescribeDBProxies": "Returns information about DB proxies.
", @@ -88,14 +90,15 @@ "DescribeReservedDBInstances": "Returns information about reserved DB instances for this account, or about a specified reserved DB instance.
", "DescribeReservedDBInstancesOfferings": "Lists available reserved DB instance offerings.
", "DescribeSourceRegions": "Returns a list of the source Amazon Web Services Regions where the current Amazon Web Services Region can create a read replica, copy a DB snapshot from, or replicate automated backups from. This API action supports pagination.
", - "DescribeValidDBInstanceModifications": "You can call DescribeValidDBInstanceModifications to learn what modifications you can make to your DB instance. You can use this information when you call ModifyDBInstance.
Downloads all or a portion of the specified log file, up to 1 MB in size.
", + "DescribeValidDBInstanceModifications": "You can call DescribeValidDBInstanceModifications to learn what modifications you can make to your DB instance. You can use this information when you call ModifyDBInstance.
This command doesn't apply to RDS Custom.
", + "DownloadDBLogFilePortion": "Downloads all or a portion of the specified log file, up to 1 MB in size.
This command doesn't apply to RDS Custom.
", "FailoverDBCluster": "Forces a failover for a DB cluster.
A failover for a DB cluster promotes one of the Aurora Replicas (read-only instances) in the DB cluster to be the primary instance (the cluster writer).
Amazon Aurora will automatically fail over to an Aurora Replica, if one exists, when the primary instance fails. You can force a failover when you want to simulate a failure of a primary instance for testing. Because each instance in a DB cluster has its own endpoint address, you will need to clean up and re-establish any existing connections that use those endpoint addresses when the failover is complete.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Initiates the failover process for an Aurora global database (GlobalCluster).
A failover for an Aurora global database promotes one of secondary read-only DB clusters to be the primary DB cluster and demotes the primary DB cluster to being a secondary (read-only) DB cluster. In other words, the role of the current primary DB cluster and the selected (target) DB cluster are switched. The selected secondary DB cluster assumes full read/write capabilities for the Aurora global database.
For more information about failing over an Amazon Aurora global database, see Managed planned failover for Amazon Aurora global databases in the Amazon Aurora User Guide.
This action applies to GlobalCluster (Aurora global databases) only. Use this action only on healthy Aurora global databases with running Aurora DB clusters and no Region-wide outages, to test disaster recovery scenarios or to reconfigure your Aurora global database topology.
Imports the installation media for a DB engine that requires an on-premises customer provided license, such as SQL Server.
", "ListTagsForResource": "Lists all tags on an Amazon RDS resource.
For an overview on tagging an Amazon RDS resource, see Tagging Amazon RDS Resources in the Amazon RDS User Guide.
", "ModifyCertificates": "Override the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances temporarily, or remove the override.
By using this operation, you can specify an RDS-approved SSL/TLS certificate for new DB instances that is different from the default certificate provided by RDS. You can also use this operation to remove the override, so that new DB instances use the default certificate provided by RDS.
You might need to override the default certificate in the following situations:
You already migrated your applications to support the latest certificate authority (CA) certificate, but the new CA certificate is not yet the RDS default CA certificate for the specified Amazon Web Services Region.
RDS has already moved to a new default CA certificate for the specified Amazon Web Services Region, but you are still in the process of supporting the new CA certificate. In this case, you temporarily need additional time to finish your application changes.
For more information about rotating your SSL/TLS certificate for RDS DB engines, see Rotating Your SSL/TLS Certificate in the Amazon RDS User Guide.
For more information about rotating your SSL/TLS certificate for Aurora DB engines, see Rotating Your SSL/TLS Certificate in the Amazon Aurora User Guide.
", "ModifyCurrentDBClusterCapacity": "Set the capacity of an Aurora Serverless DB cluster to a specific value.
Aurora Serverless scales seamlessly based on the workload on the DB cluster. In some cases, the capacity might not scale fast enough to meet a sudden change in workload, such as a large number of new transactions. Call ModifyCurrentDBClusterCapacity to set the capacity explicitly.
After this call sets the DB cluster capacity, Aurora Serverless can automatically scale the DB cluster based on the cooldown period for scaling up and the cooldown period for scaling down.
For more information about Aurora Serverless, see Using Amazon Aurora Serverless in the Amazon Aurora User Guide.
If you call ModifyCurrentDBClusterCapacity with the default TimeoutAction, connections that prevent Aurora Serverless from finding a scaling point might be dropped. For more information about scaling points, see Autoscaling for Aurora Serverless in the Amazon Aurora User Guide.
This action only applies to Aurora Serverless DB clusters.
Modifies the status of a custom engine version (CEV). You can find CEVs to modify by calling DescribeDBEngineVersions.
The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the ModifyCustomDbEngineVersion event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the ModifyCustomDbEngineVersion event.
For more information, see Modifying CEV status in the Amazon RDS User Guide.
", "ModifyDBCluster": "Modify a setting for an Amazon Aurora DB cluster. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Modifies the properties of an endpoint in an Amazon Aurora DB cluster.
This action only applies to Aurora DB clusters.
Modifies the parameters of a DB cluster parameter group. To modify more than one parameter, submit a list of the following: ParameterName, ParameterValue, and ApplyMethod. A maximum of 20 parameters can be modified in a single request.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters action to verify that your DB cluster parameter group has been created or modified.
If the modified DB cluster parameter group is used by an Aurora Serverless cluster, Aurora applies the update immediately. The cluster restart might interrupt your workload. In that case, your application must reopen any connections and retry any transactions that were active when the parameter changes took effect.
This action only applies to Aurora DB clusters.
Changes the settings for an existing DB proxy.
", "ModifyDBProxyEndpoint": "Changes the settings for an existing DB proxy endpoint.
", "ModifyDBProxyTargetGroup": "Modifies the properties of a DBProxyTargetGroup.
Updates a manual DB snapshot with a new engine version. The snapshot can be encrypted or unencrypted, but not shared or public.
Amazon RDS supports upgrading DB snapshots for MySQL, Oracle, and PostgreSQL.
", + "ModifyDBSnapshot": "Updates a manual DB snapshot with a new engine version. The snapshot can be encrypted or unencrypted, but not shared or public.
Amazon RDS supports upgrading DB snapshots for MySQL, PostgreSQL, and Oracle. This command doesn't apply to RDS Custom.
", "ModifyDBSnapshotAttribute": "Adds an attribute and values to, or removes an attribute and values from, a manual DB snapshot.
To share a manual DB snapshot with other Amazon Web Services accounts, specify restore as the AttributeName and use the ValuesToAdd parameter to add a list of IDs of the Amazon Web Services accounts that are authorized to restore the manual DB snapshot. Uses the value all to make the manual DB snapshot public, which means it can be copied or restored by all Amazon Web Services accounts.
Don't add the all value for any manual DB snapshots that contain private information that you don't want available to all Amazon Web Services accounts.
If the manual DB snapshot is encrypted, it can be shared, but only by specifying a list of authorized Amazon Web Services account IDs for the ValuesToAdd parameter. You can't use all as a value for that parameter in this case.
To view which Amazon Web Services accounts have access to copy or restore a manual DB snapshot, or whether a manual DB snapshot public or private, use the DescribeDBSnapshotAttributes API action. The accounts are returned as values for the restore attribute.
Modifies an existing DB subnet group. DB subnet groups must contain at least one subnet in at least two AZs in the Amazon Web Services Region.
", "ModifyEventSubscription": "Modifies an existing RDS event notification subscription. You can't modify the source identifiers using this call. To change source identifiers for a subscription, use the AddSourceIdentifierToSubscription and RemoveSourceIdentifierFromSubscription calls.
You can see a list of the event categories for a given source type (SourceType) in Events in the Amazon RDS User Guide or by using the DescribeEventCategories operation.
Modify a setting for an Amazon Aurora global cluster. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Modifies an existing option group.
", - "PromoteReadReplica": "Promotes a read replica DB instance to a standalone DB instance.
Backup duration is a function of the amount of changes to the database since the previous backup. If you plan to promote a read replica to a standalone instance, we recommend that you enable backups and complete at least one backup prior to promotion. In addition, a read replica cannot be promoted to a standalone instance when it is in the backing-up status. If you have enabled backups on your read replica, configure the automated backup window so that daily backups do not interfere with read replica promotion.
This command doesn't apply to Aurora MySQL and Aurora PostgreSQL.
Promotes a read replica DB instance to a standalone DB instance.
Backup duration is a function of the amount of changes to the database since the previous backup. If you plan to promote a read replica to a standalone instance, we recommend that you enable backups and complete at least one backup prior to promotion. In addition, a read replica cannot be promoted to a standalone instance when it is in the backing-up status. If you have enabled backups on your read replica, configure the automated backup window so that daily backups do not interfere with read replica promotion.
This command doesn't apply to Aurora MySQL, Aurora PostgreSQL, or RDS Custom.
Promotes a read replica DB cluster to a standalone DB cluster.
This action only applies to Aurora DB clusters.
Purchases a reserved DB instance offering.
", - "RebootDBInstance": "You might need to reboot your DB instance, usually for maintenance reasons. For example, if you make certain modifications, or if you change the DB parameter group associated with the DB instance, you must reboot the instance for the changes to take effect.
Rebooting a DB instance restarts the database engine service. Rebooting a DB instance results in a momentary outage, during which the DB instance status is set to rebooting.
For more information about rebooting, see Rebooting a DB Instance in the Amazon RDS User Guide.
", + "RebootDBInstance": "You might need to reboot your DB instance, usually for maintenance reasons. For example, if you make certain modifications, or if you change the DB parameter group associated with the DB instance, you must reboot the instance for the changes to take effect.
Rebooting a DB instance restarts the database engine service. Rebooting a DB instance results in a momentary outage, during which the DB instance status is set to rebooting.
For more information about rebooting, see Rebooting a DB Instance in the Amazon RDS User Guide.
This command doesn't apply to RDS Custom.
", "RegisterDBProxyTargets": "Associate one or more DBProxyTarget data structures with a DBProxyTargetGroup.
Detaches an Aurora secondary cluster from an Aurora global database cluster. The cluster becomes a standalone cluster with read-write capability instead of being read-only and receiving data from a primary cluster in a different region.
This action only applies to Aurora DB clusters.
Disassociates an Amazon Web Services Identity and Access Management (IAM) role from an Amazon Aurora DB cluster. For more information, see Authorizing Amazon Aurora MySQL to Access Other Amazon Web Services Services on Your Behalf in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Creates a new DB cluster from a DB snapshot or DB cluster snapshot. This action only applies to Aurora DB clusters.
The target DB cluster is created from the source snapshot with a default configuration. If you don't specify a security group, the new DB cluster is associated with the default security group.
This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier. You can create DB instances only after the RestoreDBClusterFromSnapshot action has completed and the DB cluster is available.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Restores a DB cluster to an arbitrary point in time. Users can restore to any point in time before LatestRestorableTime for up to BackupRetentionPeriod days. The target DB cluster is created from the source DB cluster with the same configuration as the original DB cluster, except that the new DB cluster is created with the default DB security group.
This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier. You can create DB instances only after the RestoreDBClusterToPointInTime action has completed and the DB cluster is available.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Creates a new DB instance from a DB snapshot. The target database is created from the source database restore point with most of the source's original configuration, including the default security group and DB parameter group. By default, the new DB instance is created as a Single-AZ deployment, except when the instance is a SQL Server instance that has an option group associated with mirroring. In this case, the instance becomes a Multi-AZ deployment, not a Single-AZ deployment.
If you want to replace your original DB instance with the new, restored DB instance, then rename your original DB instance before you call the RestoreDBInstanceFromDBSnapshot action. RDS doesn't allow two DB instances with the same name. After you have renamed your original DB instance with a different identifier, then you can pass the original name of the DB instance as the DBInstanceIdentifier in the call to the RestoreDBInstanceFromDBSnapshot action. The result is that you replace the original DB instance with the DB instance created from the snapshot.
If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier must be the ARN of the shared DB snapshot.
This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, use RestoreDBClusterFromSnapshot.
Amazon Relational Database Service (Amazon RDS) supports importing MySQL databases by using backup files. You can create a backup of your on-premises database, store it on Amazon Simple Storage Service (Amazon S3), and then restore the backup file onto a new Amazon RDS DB instance running MySQL. For more information, see Importing Data into an Amazon RDS MySQL DB Instance in the Amazon RDS User Guide.
", + "RestoreDBInstanceFromS3": "Amazon Relational Database Service (Amazon RDS) supports importing MySQL databases by using backup files. You can create a backup of your on-premises database, store it on Amazon Simple Storage Service (Amazon S3), and then restore the backup file onto a new Amazon RDS DB instance running MySQL. For more information, see Importing Data into an Amazon RDS MySQL DB Instance in the Amazon RDS User Guide.
This command doesn't apply to RDS Custom.
", "RestoreDBInstanceToPointInTime": "Restores a DB instance to an arbitrary point in time. You can restore to any point in time before the time identified by the LatestRestorableTime property. You can restore to a point up to the number of days specified by the BackupRetentionPeriod property.
The target database is created with most of the original configuration, but in a system-selected Availability Zone, with the default security group, the default subnet group, and the default DB parameter group. By default, the new DB instance is created as a single-AZ deployment except when the instance is a SQL Server instance that has an option group that is associated with mirroring; in this case, the instance becomes a mirrored deployment and not a single-AZ deployment.
This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, use RestoreDBClusterToPointInTime.
Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC security groups. Required parameters for this API are one of CIDRIP, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId).
", "StartActivityStream": "Starts a database activity stream to monitor activity on the database. For more information, see Database Activity Streams in the Amazon Aurora User Guide.
", "StartDBCluster": "Starts an Amazon Aurora DB cluster that was stopped using the Amazon Web Services console, the stop-db-cluster CLI command, or the StopDBCluster action.
For more information, see Stopping and Starting an Aurora Cluster in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Starts an Amazon RDS DB instance that was stopped using the Amazon Web Services console, the stop-db-instance CLI command, or the StopDBInstance action.
For more information, see Starting an Amazon RDS DB instance That Was Previously Stopped in the Amazon RDS User Guide.
This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora DB clusters, use StartDBCluster instead.
Enables replication of automated backups to a different Amazon Web Services Region.
For more information, see Replicating Automated Backups to Another Amazon Web Services Region in the Amazon RDS User Guide.
", - "StartExportTask": "Starts an export of a snapshot to Amazon S3. The provided IAM role must have access to the S3 bucket.
", + "StartDBInstance": "Starts an Amazon RDS DB instance that was stopped using the Amazon Web Services console, the stop-db-instance CLI command, or the StopDBInstance action.
For more information, see Starting an Amazon RDS DB instance That Was Previously Stopped in the Amazon RDS User Guide.
This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. For Aurora DB clusters, use StartDBCluster instead.
Enables replication of automated backups to a different Amazon Web Services Region.
This command doesn't apply to RDS Custom.
For more information, see Replicating Automated Backups to Another Amazon Web Services Region in the Amazon RDS User Guide.
", + "StartExportTask": "Starts an export of a snapshot to Amazon S3. The provided IAM role must have access to the S3 bucket.
This command doesn't apply to RDS Custom.
", "StopActivityStream": "Stops a database activity stream that was started using the Amazon Web Services console, the start-activity-stream CLI command, or the StartActivityStream action.
For more information, see Database Activity Streams in the Amazon Aurora User Guide.
", "StopDBCluster": "Stops an Amazon Aurora DB cluster. When you stop a DB cluster, Aurora retains the DB cluster's metadata, including its endpoints and DB parameter groups. Aurora also retains the transaction logs so you can do a point-in-time restore if necessary.
For more information, see Stopping and Starting an Aurora Cluster in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Stops an Amazon RDS DB instance. When you stop a DB instance, Amazon RDS retains the DB instance's metadata, including its endpoint, DB parameter group, and option group membership. Amazon RDS also retains the transaction logs so you can do a point-in-time restore if necessary.
For more information, see Stopping an Amazon RDS DB Instance Temporarily in the Amazon RDS User Guide.
This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora clusters, use StopDBCluster instead.
Stops automated backup replication for a DB instance.
For more information, see Replicating Automated Backups to Another Amazon Web Services Region in the Amazon RDS User Guide.
" + "StopDBInstance": "Stops an Amazon RDS DB instance. When you stop a DB instance, Amazon RDS retains the DB instance's metadata, including its endpoint, DB parameter group, and option group membership. Amazon RDS also retains the transaction logs so you can do a point-in-time restore if necessary.
For more information, see Stopping an Amazon RDS DB Instance Temporarily in the Amazon RDS User Guide.
This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. For Aurora clusters, use StopDBCluster instead.
Stops automated backup replication for a DB instance.
This command doesn't apply to RDS Custom.
For more information, see Replicating Automated Backups to Another Amazon Web Services Region in the Amazon RDS User Guide.
" }, "shapes": { "AccountAttributesMessage": { @@ -266,6 +269,14 @@ "refs": { } }, + "AutomationMode": { + "base": null, + "refs": { + "DBInstance$AutomationMode": "The automation mode of the RDS Custom DB instance: full or all paused. If full, the DB instance automates monitoring and instance recovery. If all paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes.
The automation mode of the RDS Custom DB instance: full or all paused. If full, the DB instance automates monitoring and instance recovery. If all paused, the instance pauses automation for the duration set by ResumeFullAutomationModeMinutes.
The automation mode of the RDS Custom DB instance: full or all-paused. If full, the DB instance automates monitoring and instance recovery. If all-paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes.
Contains Availability Zone information.
This data type is used as an element in the OrderableDBInstanceOption data type.
The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.
" + "ModifyDBInstanceMessage$AwsBackupRecoveryPointArn": "The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.
This setting doesn't apply to RDS Custom.
" } }, "BacktrackDBClusterMessage": { @@ -331,7 +342,7 @@ "DBEngineVersion$SupportsReadReplica": "Indicates whether the database engine version supports read replicas.
", "DBEngineVersion$SupportsParallelQuery": "A value that indicates whether you can use Aurora parallel query with a specific DB engine version.
", "DBEngineVersion$SupportsGlobalDatabases": "A value that indicates whether you can use Aurora global databases with a specific DB engine version.
", - "DBInstance$MultiAZ": "Specifies if the DB instance is a Multi-AZ deployment.
", + "DBInstance$MultiAZ": "Specifies if the DB instance is a Multi-AZ deployment. This setting doesn't apply to RDS Custom.
", "DBInstance$AutoMinorVersionUpgrade": "A value that indicates that minor version patches are applied automatically.
", "DBInstance$PubliclyAccessible": "Specifies the accessibility options for the DB instance.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
For more information, see CreateDBInstance.
", "DBInstance$StorageEncrypted": "Specifies whether the DB instance is encrypted.
", @@ -348,20 +359,20 @@ "DBSnapshot$Encrypted": "Specifies whether the DB snapshot is encrypted.
", "DBSnapshot$IAMDatabaseAuthenticationEnabled": "True if mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.
", "DeleteDBClusterMessage$SkipFinalSnapshot": "A value that indicates whether to skip the creation of a final DB cluster snapshot before the DB cluster is deleted. If skip is specified, no DB cluster snapshot is created. If skip isn't specified, a DB cluster snapshot is created before the DB cluster is deleted. By default, skip isn't specified, and the DB cluster snapshot is created. By default, this parameter is disabled.
You must specify a FinalDBSnapshotIdentifier parameter if SkipFinalSnapshot is disabled.
A value that indicates whether to skip the creation of a final DB snapshot before the DB instance is deleted. If skip is specified, no DB snapshot is created. If skip isn't specified, a DB snapshot is created before the DB instance is deleted. By default, skip isn't specified, and the DB snapshot is created.
When a DB instance is in a failure state and has a status of 'failed', 'incompatible-restore', or 'incompatible-network', it can only be deleted when skip is specified.
Specify skip when deleting a read replica.
The FinalDBSnapshotIdentifier parameter must be specified if skip isn't specified.
A value that indicates whether to skip the creation of a final DB snapshot before deleting the instance. If you enable this parameter, RDS doesn't create a DB snapshot. If you don't enable this parameter, RDS creates a DB snapshot before the DB instance is deleted. By default, skip isn't enabled, and the DB snapshot is created.
If you don't enable this parameter, you must specify the FinalDBSnapshotIdentifier parameter.
When a DB instance is in a failure state and has a status of failed, incompatible-restore, or incompatible-network, RDS can delete the instance only if you enable this parameter.
If you delete a read replica or an RDS Custom instance, you must enable this setting.
This setting is required for RDS Custom.
", "DescribeDBClusterSnapshotsMessage$IncludeShared": "A value that indicates whether to include shared manual DB cluster snapshots from other Amazon Web Services accounts that this Amazon Web Services account has been given permission to copy or restore. By default, these snapshots are not included.
You can give an Amazon Web Services account permission to restore a manual DB cluster snapshot from another Amazon Web Services account by the ModifyDBClusterSnapshotAttribute API action.
A value that indicates whether to include manual DB cluster snapshots that are public and can be copied or restored by any Amazon Web Services account. By default, the public snapshots are not included.
You can share a manual DB cluster snapshot as public by using the ModifyDBClusterSnapshotAttribute API action.
", "DescribeDBClustersMessage$IncludeShared": "Optional Boolean parameter that specifies whether the output includes information about clusters shared from other Amazon Web Services accounts.
", "DescribeDBEngineVersionsMessage$DefaultOnly": "A value that indicates whether only the default version of the specified engine or engine and major version combination is returned.
", - "DescribeDBSnapshotsMessage$IncludeShared": "A value that indicates whether to include shared manual DB cluster snapshots from other Amazon Web Services accounts that this Amazon Web Services account has been given permission to copy or restore. By default, these snapshots are not included.
You can give an Amazon Web Services account permission to restore a manual DB snapshot from another Amazon Web Services account by using the ModifyDBSnapshotAttribute API action.
A value that indicates whether to include manual DB cluster snapshots that are public and can be copied or restored by any Amazon Web Services account. By default, the public snapshots are not included.
You can share a manual DB snapshot as public by using the ModifyDBSnapshotAttribute API.
", + "DescribeDBSnapshotsMessage$IncludeShared": "A value that indicates whether to include shared manual DB cluster snapshots from other Amazon Web Services accounts that this Amazon Web Services account has been given permission to copy or restore. By default, these snapshots are not included.
You can give an Amazon Web Services account permission to restore a manual DB snapshot from another Amazon Web Services account by using the ModifyDBSnapshotAttribute API action.
This setting doesn't apply to RDS Custom.
", + "DescribeDBSnapshotsMessage$IncludePublic": "A value that indicates whether to include manual DB cluster snapshots that are public and can be copied or restored by any Amazon Web Services account. By default, the public snapshots are not included.
You can share a manual DB snapshot as public by using the ModifyDBSnapshotAttribute API.
This setting doesn't apply to RDS Custom.
", "DownloadDBLogFilePortionDetails$AdditionalDataPending": "Boolean value that if true, indicates there is more data to be downloaded.
", "EventSubscription$Enabled": "A Boolean value indicating if the subscription is enabled. True indicates the subscription is enabled.
", "GlobalClusterMember$IsWriter": "Specifies whether the Aurora cluster is the primary cluster (that is, has read-write capability) for the Aurora global database with which it is associated.
", "ModifyDBClusterMessage$ApplyImmediately": "A value that indicates whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow setting for the DB cluster. If this parameter is disabled, changes to the DB cluster are applied during the next maintenance window.
The ApplyImmediately parameter only affects the EnableIAMDatabaseAuthentication, MasterUserPassword, and NewDBClusterIdentifier values. If the ApplyImmediately parameter is disabled, then changes to the EnableIAMDatabaseAuthentication, MasterUserPassword, and NewDBClusterIdentifier values are applied during the next maintenance window. All other changes are applied immediately, regardless of the value of the ApplyImmediately parameter.
By default, this parameter is disabled.
", "ModifyDBClusterMessage$AllowMajorVersionUpgrade": "A value that indicates whether major version upgrades are allowed.
Constraints: You must allow major version upgrades when specifying a value for the EngineVersion parameter that is a different major version than the DB cluster's current version.
A value that indicates whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow setting for the DB instance. By default, this parameter is disabled.
If this parameter is disabled, changes to the DB instance are applied during the next maintenance window. Some parameter changes can cause an outage and are applied on the next call to RebootDBInstance, or the next failure reboot. Review the table of parameters in Modifying a DB Instance in the Amazon RDS User Guide. to see the impact of enabling or disabling ApplyImmediately for each modified parameter and to determine when the changes are applied.
A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.
Constraints: Major version upgrades must be allowed when specifying a value for the EngineVersion parameter that is a different major version than the DB instance's current version.
", + "ModifyDBInstanceMessage$AllowMajorVersionUpgrade": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.
This setting doesn't apply to RDS Custom.
Constraints: Major version upgrades must be allowed when specifying a value for the EngineVersion parameter that is a different major version than the DB instance's current version.
", "ModifyOptionGroupMessage$ApplyImmediately": "A value that indicates whether to apply the change immediately or during the next maintenance window for each instance associated with the option group.
", "Option$Persistent": "Indicate if this option is persistent.
", "Option$Permanent": "Indicate if this option is permanent.
", @@ -415,22 +426,22 @@ "CreateDBClusterMessage$EnableHttpEndpoint": "A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled.
When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor.
For more information, see Using the Data API for Aurora Serverless in the Amazon Aurora User Guide.
", "CreateDBClusterMessage$CopyTagsToSnapshot": "A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.
", "CreateDBClusterMessage$EnableGlobalWriteForwarding": "A value that indicates whether to enable this DB cluster to forward write operations to the primary cluster of an Aurora global database (GlobalCluster). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.
You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by the FailoverGlobalCluster API operation, but it does nothing until then.
", - "CreateDBInstanceMessage$MultiAZ": "A value that indicates whether the DB instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.
", + "CreateDBInstanceMessage$MultiAZ": "A value that indicates whether the DB instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.
If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade to false.
A value that indicates whether the DB instance is publicly accessible.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
Default: The default behavior varies depending on whether DBSubnetGroupName is specified.
If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:
If the default VPC in the target region doesn’t have an Internet gateway attached to it, the DB instance is private.
If the default VPC in the target region has an Internet gateway attached to it, the DB instance is public.
If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:
If the subnets are part of a VPC that doesn’t have an Internet gateway attached to it, the DB instance is private.
If the subnets are part of a VPC that has an Internet gateway attached to it, the DB instance is public.
A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted.
Amazon Aurora
Not applicable. The encryption for DB instances is managed by the DB cluster.
", + "CreateDBInstanceMessage$StorageEncrypted": "A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted.
For RDS Custom Oracle instances, either set this parameter to true or leave it unset. If you set this parameter to false, RDS reports an error.
Amazon Aurora
Not applicable. The encryption for DB instances is managed by the DB cluster.
", "CreateDBInstanceMessage$CopyTagsToSnapshot": "A value that indicates whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied.
Amazon Aurora
Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.
", - "CreateDBInstanceMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.
For more information, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
", - "CreateDBInstanceMessage$EnablePerformanceInsights": "A value that indicates whether to enable Performance Insights for the DB instance.
For more information, see Using Amazon Performance Insights in the Amazon Relational Database Service User Guide.
", + "CreateDBInstanceMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
This setting doesn't apply to RDS Custom or Amazon Aurora. In Aurora, mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.
For more information, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
", + "CreateDBInstanceMessage$EnablePerformanceInsights": "A value that indicates whether to enable Performance Insights for the DB instance. For more information, see Using Amazon Performance Insights in the Amazon Relational Database Service User Guide.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceMessage$DeletionProtection": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance.
Amazon Aurora
Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see CreateDBCluster. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.
A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.
For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.
", - "CreateDBInstanceReadReplicaMessage$MultiAZ": "A value that indicates whether the read replica is in a Multi-AZ deployment.
You can create a read replica as a Multi-AZ DB instance. RDS creates a standby of your replica in another Availability Zone for failover support for the replica. Creating your read replica as a Multi-AZ DB instance is independent of whether the source database is a Multi-AZ DB instance.
", - "CreateDBInstanceReadReplicaMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the read replica during the maintenance window.
Default: Inherits from the source DB instance
", + "CreateDBInstanceReadReplicaMessage$MultiAZ": "A value that indicates whether the read replica is in a Multi-AZ deployment.
You can create a read replica as a Multi-AZ DB instance. RDS creates a standby of your replica in another Availability Zone for failover support for the replica. Creating your read replica as a Multi-AZ DB instance is independent of whether the source database is a Multi-AZ DB instance.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the read replica during the maintenance window.
This setting doesn't apply to RDS Custom.
Default: Inherits from the source DB instance
", "CreateDBInstanceReadReplicaMessage$PubliclyAccessible": "A value that indicates whether the DB instance is publicly accessible.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
For more information, see CreateDBInstance.
", "CreateDBInstanceReadReplicaMessage$CopyTagsToSnapshot": "A value that indicates whether to copy all tags from the read replica to snapshots of the read replica. By default, tags are not copied.
", - "CreateDBInstanceReadReplicaMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
", - "CreateDBInstanceReadReplicaMessage$EnablePerformanceInsights": "A value that indicates whether to enable Performance Insights for the read replica.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
", - "CreateDBInstanceReadReplicaMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
", + "CreateDBInstanceReadReplicaMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$EnablePerformanceInsights": "A value that indicates whether to enable Performance Insights for the read replica.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceReadReplicaMessage$DeletionProtection": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance.
", "CreateEventSubscriptionMessage$Enabled": "A value that indicates whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active.
", "CreateGlobalClusterMessage$DeletionProtection": "The deletion protection setting for the new global database. The global database can't be deleted when deletion protection is enabled.
", @@ -446,10 +457,10 @@ "DBInstance$CustomerOwnedIpEnabled": "Specifies whether a customer-owned IP address (CoIP) is enabled for an RDS on Outposts DB instance.
A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.
For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.
", "DBInstance$ActivityStreamEngineNativeAuditFieldsIncluded": "Indicates whether engine-native audit fields are included in the database activity stream.
", "DeleteDBInstanceMessage$DeleteAutomatedBackups": "A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted.
", - "DescribeDBEngineVersionsMessage$ListSupportedCharacterSets": "A value that indicates whether to list the supported character sets for each engine version.
If this parameter is enabled and the requested engine supports the CharacterSetName parameter for CreateDBInstance, the response includes a list of supported character sets for each engine version.
A value that indicates whether to list the supported time zones for each engine version.
If this parameter is enabled and the requested engine supports the TimeZone parameter for CreateDBInstance, the response includes a list of supported time zones for each engine version.
A value that indicates whether to list the supported character sets for each engine version.
If this parameter is enabled and the requested engine supports the CharacterSetName parameter for CreateDBInstance, the response includes a list of supported character sets for each engine version.
For RDS Custom, the default is not to list supported character sets. If you set ListSupportedCharacterSets to true, RDS Custom returns no results.
A value that indicates whether to list the supported time zones for each engine version.
If this parameter is enabled and the requested engine supports the TimeZone parameter for CreateDBInstance, the response includes a list of supported time zones for each engine version.
For RDS Custom, the default is not to list supported time zones. If you set ListSupportedTimezones to true, RDS Custom returns no results.
A value that indicates whether to include engine versions that aren't available in the list. The default is to list only available engine versions.
", - "DescribeOrderableDBInstanceOptionsMessage$Vpc": "A value that indicates whether to show only VPC or non-VPC offerings.
", + "DescribeOrderableDBInstanceOptionsMessage$Vpc": "A value that indicates whether to show only VPC or non-VPC offerings. RDS Custom supports only VPC offerings.
RDS Custom supports only VPC offerings. If you describe non-VPC offerings for RDS Custom, the output shows VPC offerings.
", "DescribeReservedDBInstancesMessage$MultiAZ": "A value that indicates whether to show only those reservations that support Multi-AZ.
", "DescribeReservedDBInstancesOfferingsMessage$MultiAZ": "A value that indicates whether to show only those reservations that support Multi-AZ.
", "GlobalCluster$StorageEncrypted": "The storage encryption setting for the global database cluster.
", @@ -460,15 +471,15 @@ "ModifyDBClusterMessage$EnableHttpEndpoint": "A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled.
When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor.
For more information, see Using the Data API for Aurora Serverless in the Amazon Aurora User Guide.
", "ModifyDBClusterMessage$CopyTagsToSnapshot": "A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.
", "ModifyDBClusterMessage$EnableGlobalWriteForwarding": "A value that indicates whether to enable this DB cluster to forward write operations to the primary cluster of an Aurora global database (GlobalCluster). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.
You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by the FailoverGlobalCluster API operation, but it does nothing until then.
", - "ModifyDBInstanceMessage$MultiAZ": "A value that indicates whether the DB instance is a Multi-AZ deployment. Changing this parameter doesn't result in an outage and the change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request.
A value that indicates whether minor version upgrades are applied automatically to the DB instance during the maintenance window. Changing this parameter doesn't result in an outage except in the following case and the change is asynchronously applied as soon as possible. An outage results if this parameter is enabled during the maintenance window, and a newer minor version is available, and RDS has enabled auto patching for that engine version.
", + "ModifyDBInstanceMessage$MultiAZ": "A value that indicates whether the DB instance is a Multi-AZ deployment. Changing this parameter doesn't result in an outage. The change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor version upgrades are applied automatically to the DB instance during the maintenance window. An outage occurs when all the following conditions are met:
The automatic upgrade is enabled for the maintenance window.
A newer minor version is available.
RDS has enabled automatic patching for the engine version.
If any of the preceding conditions isn't met, RDS applies the change as soon as possible and doesn't cause an outage.
For an RDS Custom DB instance, set AutoMinorVersionUpgrade to false. Otherwise, the operation returns an error.
A value that indicates whether to copy all tags from the DB instance to snapshots of the DB instance. By default, tags are not copied.
Amazon Aurora
Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. For more information, see ModifyDBCluster.
A value that indicates whether the DB instance is publicly accessible.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
PubliclyAccessible only applies to DB instances in a VPC. The DB instance must be part of a public subnet and PubliclyAccessible must be enabled for it to be publicly accessible.
Changes to the PubliclyAccessible parameter are applied immediately regardless of the value of the ApplyImmediately parameter.
A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
", - "ModifyDBInstanceMessage$EnablePerformanceInsights": "A value that indicates whether to enable Performance Insights for the DB instance.
For more information, see Using Amazon Performance Insights in the Amazon Relational Database Service User Guide.
", - "ModifyDBInstanceMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
", + "ModifyDBInstanceMessage$PubliclyAccessible": "A value that indicates whether the DB instance is publicly accessible.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
PubliclyAccessible only applies to DB instances in a VPC. The DB instance must be part of a public subnet and PubliclyAccessible must be enabled for it to be publicly accessible.
Changes to the PubliclyAccessible parameter are applied immediately regardless of the value of the ApplyImmediately parameter.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$EnablePerformanceInsights": "A value that indicates whether to enable Performance Insights for the DB instance.
For more information, see Using Amazon Performance Insights in the Amazon Relational Database Service User Guide.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
This setting doesn't apply to RDS Custom.
", "ModifyDBInstanceMessage$DeletionProtection": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance.
", - "ModifyDBInstanceMessage$CertificateRotationRestart": "A value that indicates whether the DB instance is restarted when you rotate your SSL/TLS certificate.
By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted.
Set this parameter only if you are not using SSL/TLS to connect to the DB instance.
If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate:
For more information about rotating your SSL/TLS certificate for RDS DB engines, see Rotating Your SSL/TLS Certificate. in the Amazon RDS User Guide.
For more information about rotating your SSL/TLS certificate for Aurora DB engines, see Rotating Your SSL/TLS Certificate in the Amazon Aurora User Guide.
A value that indicates whether the DB instance is restarted when you rotate your SSL/TLS certificate.
By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted.
Set this parameter only if you are not using SSL/TLS to connect to the DB instance.
If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate:
For more information about rotating your SSL/TLS certificate for RDS DB engines, see Rotating Your SSL/TLS Certificate. in the Amazon RDS User Guide.
For more information about rotating your SSL/TLS certificate for Aurora DB engines, see Rotating Your SSL/TLS Certificate in the Amazon Aurora User Guide.
This setting doesn't apply to RDS Custom.
", "ModifyDBInstanceMessage$EnableCustomerOwnedIp": "A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.
A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.
For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.
", "ModifyDBProxyRequest$RequireTLS": "Whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy, even if the associated database doesn't use TLS.
", "ModifyDBProxyRequest$DebugLogging": "Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.
", @@ -491,14 +502,14 @@ "RestoreDBClusterToPointInTimeMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
For more information, see IAM Database Authentication in the Amazon Aurora User Guide.
", "RestoreDBClusterToPointInTimeMessage$DeletionProtection": "A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.
", "RestoreDBClusterToPointInTimeMessage$CopyTagsToSnapshot": "A value that indicates whether to copy all tags from the restored DB cluster to snapshots of the restored DB cluster. The default is not to copy them.
", - "RestoreDBInstanceFromDBSnapshotMessage$MultiAZ": "A value that indicates whether the DB instance is a Multi-AZ deployment.
Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
A value that indicates whether the DB instance is a Multi-AZ deployment.
This setting doesn't apply to RDS Custom.
Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
A value that indicates whether the DB instance is publicly accessible.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
For more information, see CreateDBInstance.
", - "RestoreDBInstanceFromDBSnapshotMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor version upgrades are applied automatically to the DB instance during the maintenance window.
", + "RestoreDBInstanceFromDBSnapshotMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor version upgrades are applied automatically to the DB instance during the maintenance window.
If you restore an RDS Custom DB instance, you must disable this parameter.
", "RestoreDBInstanceFromDBSnapshotMessage$CopyTagsToSnapshot": "A value that indicates whether to copy all tags from the restored DB instance to snapshots of the DB instance. By default, tags are not copied.
", - "RestoreDBInstanceFromDBSnapshotMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
", - "RestoreDBInstanceFromDBSnapshotMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
", + "RestoreDBInstanceFromDBSnapshotMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceFromDBSnapshotMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceFromDBSnapshotMessage$DeletionProtection": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance.
", - "RestoreDBInstanceFromDBSnapshotMessage$EnableCustomerOwnedIp": "A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.
A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.
For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.
", + "RestoreDBInstanceFromDBSnapshotMessage$EnableCustomerOwnedIp": "A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.
A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.
This setting doesn't apply to RDS Custom.
For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.
", "RestoreDBInstanceFromS3Message$MultiAZ": "A value that indicates whether the DB instance is a Multi-AZ deployment. If the DB instance is a Multi-AZ deployment, you can't set the AvailabilityZone parameter.
A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are not applied automatically.
", "RestoreDBInstanceFromS3Message$PubliclyAccessible": "A value that indicates whether the DB instance is publicly accessible.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
For more information, see CreateDBInstance.
", @@ -508,14 +519,14 @@ "RestoreDBInstanceFromS3Message$EnablePerformanceInsights": "A value that indicates whether to enable Performance Insights for the DB instance.
For more information, see Using Amazon Performance Insights in the Amazon Relational Database Service User Guide.
", "RestoreDBInstanceFromS3Message$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
", "RestoreDBInstanceFromS3Message$DeletionProtection": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance.
", - "RestoreDBInstanceToPointInTimeMessage$MultiAZ": "A value that indicates whether the DB instance is a Multi-AZ deployment.
Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
A value that indicates whether the DB instance is a Multi-AZ deployment.
This setting doesn't apply to RDS Custom.
Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
A value that indicates whether the DB instance is publicly accessible.
When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
For more information, see CreateDBInstance.
", - "RestoreDBInstanceToPointInTimeMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor version upgrades are applied automatically to the DB instance during the maintenance window.
", + "RestoreDBInstanceToPointInTimeMessage$AutoMinorVersionUpgrade": "A value that indicates whether minor version upgrades are applied automatically to the DB instance during the maintenance window.
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceToPointInTimeMessage$CopyTagsToSnapshot": "A value that indicates whether to copy all tags from the restored DB instance to snapshots of the DB instance. By default, tags are not copied.
", - "RestoreDBInstanceToPointInTimeMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
", - "RestoreDBInstanceToPointInTimeMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
", + "RestoreDBInstanceToPointInTimeMessage$EnableIAMDatabaseAuthentication": "A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
This setting doesn't apply to RDS Custom.
For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.
", + "RestoreDBInstanceToPointInTimeMessage$UseDefaultProcessorFeatures": "A value that indicates whether the DB instance class of the DB instance uses its default processor features.
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceToPointInTimeMessage$DeletionProtection": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance.
", - "RestoreDBInstanceToPointInTimeMessage$EnableCustomerOwnedIp": "A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.
A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.
For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.
", + "RestoreDBInstanceToPointInTimeMessage$EnableCustomerOwnedIp": "A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.
A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.
This setting doesn't apply to RDS Custom.
For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.
", "ScalingConfiguration$AutoPause": "A value that indicates whether to allow or disallow automatic pause for an Aurora DB cluster in serverless DB engine mode. A DB cluster can be paused only when it's idle (it has no connections).
If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it.
A value that indicates whether automatic pause is allowed for the Aurora DB cluster in serverless DB engine mode.
When the value is set to false for an Aurora Serverless DB cluster, the DB cluster automatically resumes.
", "StartActivityStreamRequest$ApplyImmediately": "Specifies whether or not the database activity stream is to start as soon as possible, regardless of the maintenance window for the database.
", @@ -526,6 +537,12 @@ "UpgradeTarget$SupportsGlobalDatabases": "A value that indicates whether you can use Aurora global databases with the target engine version.
" } }, + "BucketName": { + "base": null, + "refs": { + "CreateCustomDBEngineVersionMessage$DatabaseInstallationFilesS3BucketName": "The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is my-custom-installation-files.
The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB instance or DB cluster.
The EnableLogTypes and DisableLogTypes arrays determine which logs will be exported (or not exported) to CloudWatch Logs. The values within these arrays depend on the DB engine being used.
For more information about exporting CloudWatch Logs for Amazon RDS DB instances, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
For more information about exporting CloudWatch Logs for Amazon Aurora DB clusters, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.
", "refs": { "ModifyDBClusterMessage$CloudwatchLogsExportConfiguration": "The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster.
", - "ModifyDBInstanceMessage$CloudwatchLogsExportConfiguration": "The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB instance.
A change to the CloudwatchLogsExportConfiguration parameter is always applied to the DB instance immediately. Therefore, the ApplyImmediately parameter has no effect.
The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB instance.
A change to the CloudwatchLogsExportConfiguration parameter is always applied to the DB instance immediately. Therefore, the ApplyImmediately parameter has no effect.
This setting doesn't apply to RDS Custom.
" } }, "ClusterPendingModifiedValues": { @@ -646,6 +663,11 @@ "refs": { } }, + "CreateCustomDBEngineVersionMessage": { + "base": null, + "refs": { + } + }, "CreateDBClusterEndpointMessage": { "base": null, "refs": { @@ -825,6 +847,49 @@ "refs": { } }, + "CustomDBEngineVersionAlreadyExistsFault": { + "base": "A CEV with the specified name already exists.
", + "refs": { + } + }, + "CustomDBEngineVersionManifest": { + "base": null, + "refs": { + "CreateCustomDBEngineVersionMessage$Manifest": "The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed.
The following JSON fields are valid:
Version of the CEV manifest. The date is in the format YYYY-MM-DD.
Ordered list of installation files for the CEV.
Ordered list of OPatch installers used for the Oracle DB engine.
The PSU and RU patches for this CEV.
The patches that are not in the list of PSU and RU patches. Amazon RDS applies these patches after applying the PSU and RU patches.
For more information, see Creating the CEV manifest in the Amazon RDS User Guide.
" + } + }, + "CustomDBEngineVersionNotFoundFault": { + "base": "The specified CEV was not found.
", + "refs": { + } + }, + "CustomDBEngineVersionQuotaExceededFault": { + "base": "You have exceeded your CEV quota.
", + "refs": { + } + }, + "CustomEngineName": { + "base": null, + "refs": { + "CreateCustomDBEngineVersionMessage$Engine": "The database engine to use for your custom engine version (CEV). The only supported value is custom-oracle-ee.
The database engine. The only supported engine is custom-oracle-ee.
The DB engine. The only supported value is custom-oracle-ee.
The name of your CEV. The name format is 19.customized_string . For example, a valid name is 19.my_cev1. This setting is required for RDS Custom, but optional for Amazon RDS. The combination of Engine and EngineVersion is unique per customer per Region.
The custom engine version (CEV) for your DB instance. This option is required for RDS Custom, but optional for Amazon RDS. The combination of Engine and EngineVersion is unique per customer per Amazon Web Services Region.
The custom engine version (CEV) that you want to modify. This option is required for RDS Custom, but optional for Amazon RDS. The combination of Engine and EngineVersion is unique per customer per Amazon Web Services Region.
The availability status to be assigned to the CEV. Valid values are as follows:
You can use this CEV to create a new RDS Custom DB instance.
You can create a new RDS Custom instance by restoring a DB snapshot with this CEV. You can't patch or create new instances with this CEV.
You can change any status to any status. A typical reason to change status is to prevent the accidental use of a CEV, or to make a deprecated CEV eligible for use again. For example, you might change the status of your CEV from available to inactive, and from inactive back to available. To change the availability status of the CEV, it must not currently be in use by an RDS Custom instance, snapshot, or automated backup.
Contains the details of an Amazon Aurora DB cluster.
This data type is used as a response element in the DescribeDBClusters, StopDBCluster, and StartDBCluster actions.
A list of DB security groups to associate with this DB instance.
Default: The default DB security group for the database engine.
", - "ModifyDBInstanceMessage$DBSecurityGroups": "A list of DB security groups to authorize on this DB instance. Changing this setting doesn't result in an outage and the change is asynchronously applied as soon as possible.
Constraints:
If supplied, must match existing DBSecurityGroups.
A list of DB security groups to authorize on this DB instance. Changing this setting doesn't result in an outage and the change is asynchronously applied as soon as possible.
This setting doesn't apply to RDS Custom.
Constraints:
If supplied, must match existing DBSecurityGroups.
A list of DBSecurityGroupMembership name strings used for this option.
", "RestoreDBInstanceFromS3Message$DBSecurityGroups": "A list of DB security groups to associate with this DB instance.
Default: The default DB security group for the database engine.
" } @@ -1565,6 +1630,11 @@ "refs": { } }, + "DeleteCustomDBEngineVersionMessage": { + "base": null, + "refs": { + } + }, "DeleteDBClusterEndpointMessage": { "base": null, "refs": { @@ -1962,6 +2032,13 @@ "refs": { } }, + "Description": { + "base": null, + "refs": { + "CreateCustomDBEngineVersionMessage$Description": "An optional description of your CEV.
", + "ModifyCustomDBEngineVersionMessage$Description": "An optional description of your CEV.
" + } + }, "DomainMembership": { "base": "An Active Directory Domain membership record associated with the DB instance or cluster.
", "refs": { @@ -2196,7 +2273,7 @@ "FeatureNameList": { "base": null, "refs": { - "DBEngineVersion$SupportedFeatureNames": "A list of features supported by the DB engine. Supported feature names include the following.
s3Import
A list of features supported by the DB engine.
The supported features vary by DB engine and DB engine version.
To determine the supported features for a specific DB engine and DB engine version using the CLI, use the following command:
aws rds describe-db-engine-versions --engine <engine_name> --engine-version <engine_version>
For example, to determine the supported features for RDS for PostgreSQL version 13.3 using the CLI, use the following command:
aws rds describe-db-engine-versions --engine postgres --engine-version 13.3
The supported features are listed under SupportedFeatureNames in the output.
This parameter isn't currently supported.
", "DescribeEventSubscriptionsMessage$Filters": "This parameter isn't currently supported.
", "DescribeEventsMessage$Filters": "This parameter isn't currently supported.
", - "DescribeExportTasksMessage$Filters": "Filters specify one or more snapshot exports to describe. The filters are specified as name-value pairs that define what to include in the output. Filter names and values are case-sensitive.
Supported filters include the following:
export-task-identifier - An identifier for the snapshot export task.
s3-bucket - The Amazon S3 bucket the snapshot is exported to.
source-arn - The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3
status - The status of the export task. Must be lowercase, for example, complete.
Filters specify one or more snapshot exports to describe. The filters are specified as name-value pairs that define what to include in the output. Filter names and values are case-sensitive.
Supported filters include the following:
export-task-identifier - An identifier for the snapshot export task.
s3-bucket - The Amazon S3 bucket the snapshot is exported to.
source-arn - The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3
status - The status of the export task. Must be lowercase. Valid statuses are the following:
canceled
canceling
complete
failed
starting
This parameter isn't currently supported.
", "DescribeInstallationMediaMessage$Filters": "A filter that specifies one or more installation media to describe. Supported filters include the following:
custom-availability-zone-id - Accepts custom Availability Zone (AZ) identifiers. The results list includes information about only the custom AZs identified by these identifiers.
engine - Accepts database engines. The results list includes information about only the database engines identified by these identifiers.
For more information about the valid engines for installation media, see ImportInstallationMedia.
This parameter isn't currently supported.
", @@ -2438,18 +2515,18 @@ "ConnectionPoolConfiguration$ConnectionBorrowTimeout": "The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions.
Default: 120
Constraints: between 1 and 3600, or 0 representing unlimited
", "CreateDBClusterMessage$BackupRetentionPeriod": "The number of days for which automated backups are retained.
Default: 1
Constraints:
Must be a value from 1 to 35
The port number on which the instances in the DB cluster accept connections.
Default: 3306 if engine is set as aurora or 5432 if set to aurora-postgresql.
The amount of storage in gibibytes (GiB) to allocate for the DB instance.
Type: Integer
Amazon Aurora
Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.
MySQL
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 5 to 3072.
MariaDB
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 5 to 3072.
PostgreSQL
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 5 to 3072.
Oracle
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 10 to 3072.
SQL Server
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2):
Enterprise and Standard editions: Must be an integer from 200 to 16384.
Web and Express editions: Must be an integer from 20 to 16384.
Provisioned IOPS storage (io1):
Enterprise and Standard editions: Must be an integer from 200 to 16384.
Web and Express editions: Must be an integer from 100 to 16384.
Magnetic storage (standard):
Enterprise and Standard editions: Must be an integer from 200 to 1024.
Web and Express editions: Must be an integer from 20 to 1024.
The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.
Amazon Aurora
Not applicable. The retention period for automated backups is managed by the DB cluster.
Default: 1
Constraints:
Must be a value from 0 to 35
Can't be set to 0 if the DB instance is a source to read replicas
The amount of storage in gibibytes (GiB) to allocate for the DB instance.
Type: Integer
Amazon Aurora
Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.
Amazon RDS Custom
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 40 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 40 to 65536.
MySQL
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 5 to 3072.
MariaDB
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 5 to 3072.
PostgreSQL
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 5 to 3072.
Oracle
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
Magnetic storage (standard): Must be an integer from 10 to 3072.
SQL Server
Constraints to the amount of storage for each storage type are the following:
General Purpose (SSD) storage (gp2):
Enterprise and Standard editions: Must be an integer from 200 to 16384.
Web and Express editions: Must be an integer from 20 to 16384.
Provisioned IOPS storage (io1):
Enterprise and Standard editions: Must be an integer from 200 to 16384.
Web and Express editions: Must be an integer from 100 to 16384.
Magnetic storage (standard):
Enterprise and Standard editions: Must be an integer from 200 to 1024.
Web and Express editions: Must be an integer from 20 to 1024.
The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.
Amazon Aurora
Not applicable. The retention period for automated backups is managed by the DB cluster.
Default: 1
Constraints:
Must be a value from 0 to 35
Can't be set to 0 if the DB instance is a source to read replicas
Can't be set to 0 or 35 for an RDS Custom DB instance
The port number on which the database accepts connections.
MySQL
Default: 3306
Valid values: 1150-65535
Type: Integer
MariaDB
Default: 3306
Valid values: 1150-65535
Type: Integer
PostgreSQL
Default: 5432
Valid values: 1150-65535
Type: Integer
Oracle
Default: 1521
Valid values: 1150-65535
SQL Server
Default: 1433
Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156.
Amazon Aurora
Default: 3306
Valid values: 1150-65535
Type: Integer
", "CreateDBInstanceMessage$Iops": "The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance. For information about valid Iops values, see Amazon RDS Provisioned IOPS Storage to Improve Performance in the Amazon RDS User Guide.
Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must be a multiple between .5 and 50 of the storage amount for the DB instance. For SQL Server DB instances, must be a multiple between 1 and 50 of the storage amount for the DB instance.
", - "CreateDBInstanceMessage$MonitoringInterval": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0.
If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0.
Valid Values: 0, 1, 5, 10, 15, 30, 60
A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.
Default: 1
Valid Values: 0 - 15
", - "CreateDBInstanceMessage$PerformanceInsightsRetentionPeriod": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).
", - "CreateDBInstanceMessage$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
", + "CreateDBInstanceMessage$MonitoringInterval": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0.
If MonitoringRoleArn is specified, then you must set MonitoringInterval to a value other than 0.
This setting doesn't apply to RDS Custom.
Valid Values: 0, 1, 5, 10, 15, 30, 60
A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.
This setting doesn't apply to RDS Custom.
Default: 1
Valid Values: 0 - 15
", + "CreateDBInstanceMessage$PerformanceInsightsRetentionPeriod": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceReadReplicaMessage$Port": "The port number that the DB instance uses for connections.
Default: Inherits from the source DB instance
Valid Values: 1150-65535
The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance.
", - "CreateDBInstanceReadReplicaMessage$MonitoringInterval": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the read replica. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0.
If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0.
Valid Values: 0, 1, 5, 10, 15, 30, 60
The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).
", + "CreateDBInstanceReadReplicaMessage$MonitoringInterval": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the read replica. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0.
If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0.
This setting doesn't apply to RDS Custom.
Valid Values: 0, 1, 5, 10, 15, 30, 60
The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceReadReplicaMessage$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
", "CreateDBProxyRequest$IdleClientTimeout": "The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.
", "DBCluster$AllocatedStorage": "For all database engines except Amazon Aurora, AllocatedStorage specifies the allocated storage size in gibibytes (GiB). For Aurora, AllocatedStorage always returns 1, because Aurora DB cluster storage size isn't fixed, but instead automatically adjusts as needed.
The number of days for which automated backups are retained. You must specify a minimum value of 1.
Default: 1
Constraints:
Must be a value from 1 to 35
The port number on which the DB cluster accepts connections.
Constraints: Value must be 1150-65535
Default: The same port as the original DB cluster.
", "ModifyDBInstanceMessage$AllocatedStorage": "The new amount of storage in gibibytes (GiB) to allocate for the DB instance.
For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied must be at least 10% greater than the current value. Values that are not at least 10% greater than the existing value are rounded up so that they are 10% greater than the current value.
For the valid values for allocated storage for each engine, see CreateDBInstance.
The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.
Enabling and disabling backups can result in a brief I/O suspension that lasts from a few seconds to a few minutes, depending on the size and class of your DB instance.
These changes are applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If you change the parameter from one non-zero value to another non-zero value, the change is asynchronously applied as soon as possible.
Amazon Aurora
Not applicable. The retention period for automated backups is managed by the DB cluster. For more information, see ModifyDBCluster.
Default: Uses existing setting
Constraints:
Must be a value from 0 to 35
Can be specified for a MySQL read replica only if the source is running MySQL 5.6 or later
Can be specified for a PostgreSQL read replica only if the source is running PostgreSQL 9.3.5
Can't be set to 0 if the DB instance is a source to read replicas
The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.
Enabling and disabling backups can result in a brief I/O suspension that lasts from a few seconds to a few minutes, depending on the size and class of your DB instance.
These changes are applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If you change the parameter from one non-zero value to another non-zero value, the change is asynchronously applied as soon as possible.
Amazon Aurora
Not applicable. The retention period for automated backups is managed by the DB cluster. For more information, see ModifyDBCluster.
Default: Uses existing setting
Constraints:
It must be a value from 0 to 35. It can't be set to 0 if the DB instance is a source to read replicas. It can't be set to 0 or 35 for an RDS Custom DB instance.
It can be specified for a MySQL read replica only if the source is running MySQL 5.6 or later.
It can be specified for a PostgreSQL read replica only if the source is running PostgreSQL 9.3.5.
The new Provisioned IOPS (I/O operations per second) value for the RDS instance.
Changing this setting doesn't result in an outage and the change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If you are migrating from Provisioned IOPS to standard storage, set this value to 0. The DB instance will require a reboot for the change in storage type to take effect.
If you choose to migrate your DB instance from using standard storage to using Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance.
Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied must be at least 10% greater than the current value. Values that are not at least 10% greater than the existing value are rounded up so that they are 10% greater than the current value.
Default: Uses existing setting
", - "ModifyDBInstanceMessage$MonitoringInterval": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0.
If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0.
Valid Values: 0, 1, 5, 10, 15, 30, 60
The port number on which the database accepts connections.
The value of the DBPortNumber parameter must not match any of the port values specified for options in the option group for the DB instance.
Your database will restart when you change the DBPortNumber value regardless of the value of the ApplyImmediately parameter.
MySQL
Default: 3306
Valid values: 1150-65535
MariaDB
Default: 3306
Valid values: 1150-65535
PostgreSQL
Default: 5432
Valid values: 1150-65535
Type: Integer
Oracle
Default: 1521
Valid values: 1150-65535
SQL Server
Default: 1433
Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156.
Amazon Aurora
Default: 3306
Valid values: 1150-65535
A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.
Default: 1
Valid Values: 0 - 15
", - "ModifyDBInstanceMessage$PerformanceInsightsRetentionPeriod": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).
", - "ModifyDBInstanceMessage$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
", + "ModifyDBInstanceMessage$MonitoringInterval": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0, which is the default.
If MonitoringRoleArn is specified, set MonitoringInterval to a value other than 0.
This setting doesn't apply to RDS Custom.
Valid Values: 0, 1, 5, 10, 15, 30, 60
The port number on which the database accepts connections.
The value of the DBPortNumber parameter must not match any of the port values specified for options in the option group for the DB instance.
If you change the DBPortNumber value, your database restarts regardless of the value of the ApplyImmediately parameter.
This setting doesn't apply to RDS Custom.
MySQL
Default: 3306
Valid values: 1150-65535
MariaDB
Default: 3306
Valid values: 1150-65535
PostgreSQL
Default: 5432
Valid values: 1150-65535
Type: Integer
Oracle
Default: 1521
Valid values: 1150-65535
SQL Server
Default: 1433
Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156.
Amazon Aurora
Default: 3306
Valid values: 1150-65535
A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.
This setting doesn't apply to RDS Custom.
Default: 1
Valid Values: 0 - 15
", + "ModifyDBInstanceMessage$PerformanceInsightsRetentionPeriod": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$ResumeFullAutomationModeMinutes": "The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440.
The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.
", "Option$Port": "If required, the port configured for this option to use.
", "OptionConfiguration$Port": "The optional port for the option.
", @@ -2541,7 +2619,7 @@ "RestoreDBInstanceFromS3Message$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
", "RestoreDBInstanceToPointInTimeMessage$Port": "The port number on which the database accepts connections.
Constraints: Value must be 1150-65535
Default: The same port as the original DB instance.
", "RestoreDBInstanceToPointInTimeMessage$Iops": "The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance.
Constraints: Must be an integer greater than 1000.
SQL Server
Setting the IOPS value for the SQL Server database engine isn't supported.
", - "RestoreDBInstanceToPointInTimeMessage$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
", + "RestoreDBInstanceToPointInTimeMessage$MaxAllocatedStorage": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", "ScalingConfiguration$MinCapacity": "The minimum capacity for an Aurora DB cluster in serverless DB engine mode.
For Aurora MySQL, valid capacity values are 1, 2, 4, 8, 16, 32, 64, 128, and 256.
For Aurora PostgreSQL, valid capacity values are 2, 4, 8, 16, 32, 64, 192, and 384.
The minimum capacity must be less than or equal to the maximum capacity.
", "ScalingConfiguration$MaxCapacity": "The maximum capacity for an Aurora DB cluster in serverless DB engine mode.
For Aurora MySQL, valid capacity values are 1, 2, 4, 8, 16, 32, 64, 128, and 256.
For Aurora PostgreSQL, valid capacity values are 2, 4, 8, 16, 32, 64, 192, and 384.
The maximum capacity must be greater than or equal to the minimum capacity.
", "ScalingConfiguration$SecondsUntilAutoPause": "The time, in seconds, before an Aurora DB cluster in serverless mode is paused.
Specify a value between 300 and 86,400 seconds.
", @@ -2553,6 +2631,11 @@ "StartDBInstanceAutomatedBackupsReplicationMessage$BackupRetentionPeriod": "The retention period for the replicated automated backups.
" } }, + "InvalidCustomDBEngineVersionStateFault": { + "base": "You can't delete the CEV.
", + "refs": { + } + }, "InvalidDBClusterCapacityFault": { "base": " Capacity isn't a valid Aurora Serverless DB cluster capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128, and 256.
The tag key (name) of the tag to be removed.
" } }, + "KmsKeyIdOrArn": { + "base": null, + "refs": { + "CreateCustomDBEngineVersionMessage$KMSKeyId": "The Amazon Web Services KMS key identifier for an encrypted CEV. A symmetric KMS key is required for RDS Custom, but optional for Amazon RDS.
If you have an existing symmetric KMS key in your account, you can use it with RDS Custom. No further action is necessary. If you don't already have a symmetric KMS key in your account, follow the instructions in Creating symmetric KMS keys in the Amazon Web Services Key Management Service Developer Guide.
You can choose the same symmetric key when you create a CEV and a DB instance, or choose different keys.
" + } + }, "ListTagsForResourceMessage": { "base": "", "refs": { @@ -2695,8 +2784,8 @@ "CloudwatchLogsExportConfiguration$EnableLogTypes": "The list of log types to enable.
", "CloudwatchLogsExportConfiguration$DisableLogTypes": "The list of log types to disable.
", "CreateDBClusterMessage$EnableCloudwatchLogsExports": "The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.
Aurora MySQL
Possible values are audit, error, general, and slowquery.
Aurora PostgreSQL
Possible value is postgresql.
The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Relational Database Service User Guide.
Amazon Aurora
Not applicable. CloudWatch Logs exports are managed by the DB cluster.
MariaDB
Possible values are audit, error, general, and slowquery.
Microsoft SQL Server
Possible values are agent and error.
MySQL
Possible values are audit, error, general, and slowquery.
Oracle
Possible values are alert, audit, listener, trace, and oemagent.
PostgreSQL
Possible values are postgresql and upgrade.
The list of logs that the new DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
", + "CreateDBInstanceMessage$EnableCloudwatchLogsExports": "The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Relational Database Service User Guide.
Amazon Aurora
Not applicable. CloudWatch Logs exports are managed by the DB cluster.
RDS Custom
Not applicable.
MariaDB
Possible values are audit, error, general, and slowquery.
Microsoft SQL Server
Possible values are agent and error.
MySQL
Possible values are audit, error, general, and slowquery.
Oracle
Possible values are alert, audit, listener, trace, and oemagent.
PostgreSQL
Possible values are postgresql and upgrade.
The list of logs that the new DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", "DBCluster$EnabledCloudwatchLogsExports": "A list of log types that this DB cluster is configured to export to CloudWatch Logs.
Log types vary by DB engine. For information about the log types for each DB engine, see Amazon RDS Database Log Files in the Amazon Aurora User Guide.
", "DBEngineVersion$ExportableLogTypes": "The types of logs that the database engine has available for export to CloudWatch Logs.
", "DBInstance$EnabledCloudwatchLogsExports": "A list of log types that this DB instance is configured to export to CloudWatch Logs.
Log types vary by DB engine. For information about the log types for each DB engine, see Amazon RDS Database Log Files in the Amazon RDS User Guide.
", @@ -2705,9 +2794,9 @@ "RestoreDBClusterFromS3Message$EnableCloudwatchLogsExports": "The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.
", "RestoreDBClusterFromSnapshotMessage$EnableCloudwatchLogsExports": "The list of logs that the restored DB cluster is to export to Amazon CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.
", "RestoreDBClusterToPointInTimeMessage$EnableCloudwatchLogsExports": "The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.
", - "RestoreDBInstanceFromDBSnapshotMessage$EnableCloudwatchLogsExports": "The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
", + "RestoreDBInstanceFromDBSnapshotMessage$EnableCloudwatchLogsExports": "The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceFromS3Message$EnableCloudwatchLogsExports": "The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
", - "RestoreDBInstanceToPointInTimeMessage$EnableCloudwatchLogsExports": "The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
" + "RestoreDBInstanceToPointInTimeMessage$EnableCloudwatchLogsExports": "The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
" } }, "Long": { @@ -2770,6 +2859,11 @@ "refs": { } }, + "ModifyCustomDBEngineVersionMessage": { + "base": null, + "refs": { + } + }, "ModifyDBClusterEndpointMessage": { "base": null, "refs": { @@ -3145,15 +3239,15 @@ "ProcessorFeatureList": { "base": null, "refs": { - "CreateDBInstanceMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
", - "CreateDBInstanceReadReplicaMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
", + "CreateDBInstanceMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
This setting doesn't apply to RDS Custom.
", "DBInstance$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
", "DBSnapshot$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance when the DB snapshot was created.
", - "ModifyDBInstanceMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
", + "ModifyDBInstanceMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
This setting doesn't apply to RDS Custom.
", "PendingModifiedValues$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
", - "RestoreDBInstanceFromDBSnapshotMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
", + "RestoreDBInstanceFromDBSnapshotMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceFromS3Message$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
", - "RestoreDBInstanceToPointInTimeMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
" + "RestoreDBInstanceToPointInTimeMessage$ProcessorFeatures": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
This setting doesn't apply to RDS Custom.
" } }, "PromoteReadReplicaDBClusterMessage": { @@ -3299,9 +3393,9 @@ "ReplicaMode": { "base": null, "refs": { - "CreateDBInstanceReadReplicaMessage$ReplicaMode": "The open mode of the replica database: mounted or read-only.
This parameter is only supported for Oracle DB instances.
Mounted DB replicas are included in Oracle Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload.
You can create a combination of mounted and read-only DB replicas for the same primary DB instance. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
", + "CreateDBInstanceReadReplicaMessage$ReplicaMode": "The open mode of the replica database: mounted or read-only.
This parameter is only supported for Oracle DB instances.
Mounted DB replicas are included in Oracle Database Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload.
You can create a combination of mounted and read-only DB replicas for the same primary DB instance. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
For RDS Custom, you must specify this parameter and set it to mounted. The value won't be set by default. After replica creation, you can manage the open mode manually.
The open mode of an Oracle read replica. The default is open-read-only. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
This attribute is only supported in RDS for Oracle.
A value that sets the open mode of a replica database to either mounted or read-only.
Currently, this parameter is only supported for Oracle DB instances.
Mounted DB replicas are included in Oracle Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
" + "ModifyDBInstanceMessage$ReplicaMode": "A value that sets the open mode of a replica database to either mounted or read-only.
Currently, this parameter is only supported for Oracle DB instances.
Mounted DB replicas are included in Oracle Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
" } }, "ReservedDBInstance": { @@ -3635,10 +3729,10 @@ "ActivityStreamModeList$member": null, "AddRoleToDBClusterMessage$DBClusterIdentifier": "The name of the DB cluster to associate the IAM role with.
", "AddRoleToDBClusterMessage$RoleArn": "The Amazon Resource Name (ARN) of the IAM role to associate with the Aurora DB cluster, for example, arn:aws:iam::123456789012:role/AuroraAccessRole.
The name of the feature for the DB cluster that the IAM role is to be associated with. For the list of supported feature names, see DBEngineVersion.
", + "AddRoleToDBClusterMessage$FeatureName": "The name of the feature for the DB cluster that the IAM role is to be associated with. For information about supported feature names, see DBEngineVersion.
", "AddRoleToDBInstanceMessage$DBInstanceIdentifier": "The name of the DB instance to associate the IAM role with.
", "AddRoleToDBInstanceMessage$RoleArn": "The Amazon Resource Name (ARN) of the IAM role to associate with the DB instance, for example arn:aws:iam::123456789012:role/AccessRole.
The name of the feature for the DB instance that the IAM role is to be associated with. For the list of supported feature names, see DBEngineVersion.
", + "AddRoleToDBInstanceMessage$FeatureName": "The name of the feature for the DB instance that the IAM role is to be associated with. For information about supported feature names, see DBEngineVersion.
", "AddSourceIdentifierToSubscriptionMessage$SubscriptionName": "The name of the RDS event notification subscription you want to add a source identifier to.
", "AddSourceIdentifierToSubscriptionMessage$SourceIdentifier": "The identifier of the event source to be added.
Constraints:
If the source type is a DB instance, a DBInstanceIdentifier value must be supplied.
If the source type is a DB cluster, a DBClusterIdentifier value must be supplied.
If the source type is a DB parameter group, a DBParameterGroupName value must be supplied.
If the source type is a DB security group, a DBSecurityGroupName value must be supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier value must be supplied.
If the source type is a DB cluster snapshot, a DBClusterSnapshotIdentifier value must be supplied.
The Amazon RDS resource that the tags are added to. This value is an Amazon Resource Name (ARN). For information about creating an ARN, see Constructing an RDS Amazon Resource Name (ARN).
", @@ -3675,15 +3769,15 @@ "CopyDBClusterParameterGroupMessage$TargetDBClusterParameterGroupDescription": "A description for the copied DB cluster parameter group.
", "CopyDBClusterSnapshotMessage$SourceDBClusterSnapshotIdentifier": "The identifier of the DB cluster snapshot to copy. This parameter isn't case-sensitive.
You can't copy an encrypted, shared DB cluster snapshot from one Amazon Web Services Region to another.
Constraints:
Must specify a valid system snapshot in the \"available\" state.
If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier.
If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB cluster snapshot ARN. For more information, go to Copying Snapshots Across Amazon Web Services Regions in the Amazon Aurora User Guide.
Example: my-cluster-snapshot1
The identifier of the new DB cluster snapshot to create from the source DB cluster snapshot. This parameter isn't case-sensitive.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: my-cluster-snapshot2
The Amazon Web Services KMS key identifier for an encrypted DB cluster snapshot. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
If you copy an encrypted DB cluster snapshot from your Amazon Web Services account, you can specify a value for KmsKeyId to encrypt the copy with a new Amazon Web Services KMS CMK. If you don't specify a value for KmsKeyId, then the copy of the DB cluster snapshot is encrypted with the same Amazon Web Services KMS key as the source DB cluster snapshot.
If you copy an encrypted DB cluster snapshot that is shared from another Amazon Web Services account, then you must specify a value for KmsKeyId.
To copy an encrypted DB cluster snapshot to another Amazon Web Services Region, you must set KmsKeyId to the Amazon Web Services KMS key identifier you want to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. Amazon Web Services KMS CMKs are specific to the Amazon Web Services Region that they are created in, and you can't use CMKs from one Amazon Web Services Region in another Amazon Web Services Region.
If you copy an unencrypted DB cluster snapshot and specify a value for the KmsKeyId parameter, an error is returned.
The URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot API action in the Amazon Web Services Region that contains the source DB cluster snapshot to copy. The PreSignedUrl parameter must be used when copying an encrypted DB cluster snapshot from another Amazon Web Services Region. Don't specify PreSignedUrl when you are copying an encrypted DB cluster snapshot in the same Amazon Web Services Region.
The pre-signed URL must be a valid request for the CopyDBClusterSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to be copied. The pre-signed URL request must contain the following parameter values:
KmsKeyId - The Amazon Web Services KMS key identifier for the customer master key (CMK) to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.
DestinationRegion - The name of the Amazon Web Services Region that the DB cluster snapshot is to be created in.
SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBClusterSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
The Amazon Web Services KMS key identifier for an encrypted DB cluster snapshot. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS key.
If you copy an encrypted DB cluster snapshot from your Amazon Web Services account, you can specify a value for KmsKeyId to encrypt the copy with a new KMS key. If you don't specify a value for KmsKeyId, then the copy of the DB cluster snapshot is encrypted with the same KMS key as the source DB cluster snapshot.
If you copy an encrypted DB cluster snapshot that is shared from another Amazon Web Services account, then you must specify a value for KmsKeyId.
To copy an encrypted DB cluster snapshot to another Amazon Web Services Region, you must set KmsKeyId to the Amazon Web Services KMS key identifier you want to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.
If you copy an unencrypted DB cluster snapshot and specify a value for the KmsKeyId parameter, an error is returned.
The URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot API action in the Amazon Web Services Region that contains the source DB cluster snapshot to copy. The PreSignedUrl parameter must be used when copying an encrypted DB cluster snapshot from another Amazon Web Services Region. Don't specify PreSignedUrl when you are copying an encrypted DB cluster snapshot in the same Amazon Web Services Region.
The pre-signed URL must be a valid request for the CopyDBClusterSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to be copied. The pre-signed URL request must contain the following parameter values:
KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.
DestinationRegion - The name of the Amazon Web Services Region that the DB cluster snapshot is to be created in.
SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBClusterSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
The identifier or ARN for the source DB parameter group. For information about creating an ARN, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide.
Constraints:
Must specify a valid DB parameter group.
The identifier for the copied DB parameter group.
Constraints:
Can't be null, empty, or blank
Must contain from 1 to 255 letters, numbers, or hyphens
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
Example: my-db-parameter-group
A description for the copied DB parameter group.
", "CopyDBSnapshotMessage$SourceDBSnapshotIdentifier": "The identifier for the source DB snapshot.
If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier. For example, you might specify rds:mysql-instance1-snapshot-20130805.
If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB snapshot ARN. For example, you might specify arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805.
If you are copying from a shared manual DB snapshot, this parameter must be the Amazon Resource Name (ARN) of the shared DB snapshot.
If you are copying an encrypted snapshot this parameter must be in the ARN format for the source Amazon Web Services Region, and must match the SourceDBSnapshotIdentifier in the PreSignedUrl parameter.
Constraints:
Must specify a valid system snapshot in the \"available\" state.
Example: rds:mydb-2012-04-02-00-01
Example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805
The identifier for the copy of the snapshot.
Constraints:
Can't be null, empty, or blank
Must contain from 1 to 255 letters, numbers, or hyphens
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
Example: my-db-snapshot
The Amazon Web Services KMS key identifier for an encrypted DB snapshot. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
If you copy an encrypted DB snapshot from your Amazon Web Services account, you can specify a value for this parameter to encrypt the copy with a new Amazon Web Services KMS CMK. If you don't specify a value for this parameter, then the copy of the DB snapshot is encrypted with the same Amazon Web Services KMS key as the source DB snapshot.
If you copy an encrypted DB snapshot that is shared from another Amazon Web Services account, then you must specify a value for this parameter.
If you specify this parameter when you copy an unencrypted snapshot, the copy is encrypted.
If you copy an encrypted snapshot to a different Amazon Web Services Region, then you must specify a Amazon Web Services KMS key identifier for the destination Amazon Web Services Region. Amazon Web Services KMS CMKs are specific to the Amazon Web Services Region that they are created in, and you can't use CMKs from one Amazon Web Services Region in another Amazon Web Services Region.
", - "CopyDBSnapshotMessage$PreSignedUrl": "The URL that contains a Signature Version 4 signed request for the CopyDBSnapshot API action in the source Amazon Web Services Region that contains the source DB snapshot to copy.
You must specify this parameter when you copy an encrypted DB snapshot from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are copying an encrypted DB snapshot in the same Amazon Web Services Region.
The presigned URL must be a valid request for the CopyDBSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB snapshot to be copied. The presigned URL request must contain the following parameter values:
DestinationRegion - The Amazon Web Services Region that the encrypted DB snapshot is copied to. This Amazon Web Services Region is the same one where the CopyDBSnapshot action is called that contains this presigned URL.
For example, if you copy an encrypted DB snapshot from the us-west-2 Amazon Web Services Region to the us-east-1 Amazon Web Services Region, then you call the CopyDBSnapshot action in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CopyDBSnapshot action in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.
KmsKeyId - The Amazon Web Services KMS key identifier for the customer master key (CMK) to use to encrypt the copy of the DB snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBSnapshot action that is called in the destination Amazon Web Services Region, and the action contained in the presigned URL.
SourceDBSnapshotIdentifier - The DB snapshot identifier for the encrypted snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
The Amazon Web Services KMS key identifier for an encrypted DB snapshot. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you copy an encrypted DB snapshot from your Amazon Web Services account, you can specify a value for this parameter to encrypt the copy with a new KMS key. If you don't specify a value for this parameter, then the copy of the DB snapshot is encrypted with the same Amazon Web Services KMS key as the source DB snapshot.
If you copy an encrypted DB snapshot that is shared from another Amazon Web Services account, then you must specify a value for this parameter.
If you specify this parameter when you copy an unencrypted snapshot, the copy is encrypted.
If you copy an encrypted snapshot to a different Amazon Web Services Region, then you must specify an Amazon Web Services KMS key identifier for the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.
", + "CopyDBSnapshotMessage$PreSignedUrl": "The URL that contains a Signature Version 4 signed request for the CopyDBSnapshot API action in the source Amazon Web Services Region that contains the source DB snapshot to copy.
You must specify this parameter when you copy an encrypted DB snapshot from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are copying an encrypted DB snapshot in the same Amazon Web Services Region.
The presigned URL must be a valid request for the CopyDBSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB snapshot to be copied. The presigned URL request must contain the following parameter values:
DestinationRegion - The Amazon Web Services Region that the encrypted DB snapshot is copied to. This Amazon Web Services Region is the same one where the CopyDBSnapshot action is called that contains this presigned URL.
For example, if you copy an encrypted DB snapshot from the us-west-2 Amazon Web Services Region to the us-east-1 Amazon Web Services Region, then you call the CopyDBSnapshot action in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CopyDBSnapshot action in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.
KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBSnapshot action that is called in the destination Amazon Web Services Region, and the action contained in the presigned URL.
SourceDBSnapshotIdentifier - The DB snapshot identifier for the encrypted snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
The name of an option group to associate with the copy of the snapshot.
Specify this option if you are copying a snapshot from one Amazon Web Services Region to another, and your DB instance uses a nondefault option group. If your source DB instance uses Transparent Data Encryption for Oracle or Microsoft SQL Server, you must specify this option when copying across Amazon Web Services Regions. For more information, see Option group considerations in the Amazon RDS User Guide.
", "CopyDBSnapshotMessage$TargetCustomAvailabilityZone": "The external custom Availability Zone (CAZ) identifier for the target CAZ.
Example: rds-caz-aiqhTgQv.
The identifier for the source option group.
Constraints:
Must specify a valid option group.
The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see Backup window in the Amazon Aurora User Guide.
Constraints:
Must be in the format hh24:mi-hh24:mi.
Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", "CreateDBClusterMessage$ReplicationSourceIdentifier": "The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.
", - "CreateDBClusterMessage$KmsKeyId": "The Amazon Web Services KMS key identifier for an encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). To use a CMK in a different Amazon Web Services account, specify the key ARN or alias ARN.
When a CMK isn't specified in KmsKeyId:
If ReplicationSourceIdentifier identifies an encrypted source, then Amazon RDS will use the CMK used to encrypt the source. Otherwise, Amazon RDS will use your default CMK.
If the StorageEncrypted parameter is enabled and ReplicationSourceIdentifier isn't specified, then Amazon RDS will use your default CMK.
There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
If you create a read replica of an encrypted DB cluster in another Amazon Web Services Region, you must set KmsKeyId to a Amazon Web Services KMS key identifier that is valid in the destination Amazon Web Services Region. This CMK is used to encrypt the read replica in that Amazon Web Services Region.
A URL that contains a Signature Version 4 signed request for the CreateDBCluster action to be called in the source Amazon Web Services Region where the DB cluster is replicated from. You only need to specify PreSignedUrl when you are performing cross-region replication from an encrypted DB cluster.
The pre-signed URL must be a valid request for the CreateDBCluster API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster to be copied.
The pre-signed URL request must contain the following parameter values:
KmsKeyId - The Amazon Web Services KMS key identifier for the key to use to encrypt the copy of the DB cluster in the destination Amazon Web Services Region. This should refer to the same Amazon Web Services KMS CMK for both the CreateDBCluster action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.
DestinationRegion - The name of the Amazon Web Services Region that Aurora read replica will be created in.
ReplicationSourceIdentifier - The DB cluster identifier for the encrypted DB cluster to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster from the us-west-2 Amazon Web Services Region, then your ReplicationSourceIdentifier would look like Example: arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
The Amazon Web Services KMS key identifier for an encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
When a KMS key isn't specified in KmsKeyId:
If ReplicationSourceIdentifier identifies an encrypted source, then Amazon RDS will use the KMS key used to encrypt the source. Otherwise, Amazon RDS will use your default KMS key.
If the StorageEncrypted parameter is enabled and ReplicationSourceIdentifier isn't specified, then Amazon RDS will use your default KMS key.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
If you create a read replica of an encrypted DB cluster in another Amazon Web Services Region, you must set KmsKeyId to a KMS key identifier that is valid in the destination Amazon Web Services Region. This KMS key is used to encrypt the read replica in that Amazon Web Services Region.
A URL that contains a Signature Version 4 signed request for the CreateDBCluster action to be called in the source Amazon Web Services Region where the DB cluster is replicated from. You only need to specify PreSignedUrl when you are performing cross-region replication from an encrypted DB cluster.
The pre-signed URL must be a valid request for the CreateDBCluster API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster to be copied.
The pre-signed URL request must contain the following parameter values:
KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster in the destination Amazon Web Services Region. This should refer to the same KMS key for both the CreateDBCluster action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.
DestinationRegion - The name of the Amazon Web Services Region that Aurora read replica will be created in.
ReplicationSourceIdentifier - The DB cluster identifier for the encrypted DB cluster to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster from the us-west-2 Amazon Web Services Region, then your ReplicationSourceIdentifier would look like Example: arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster.
The parallelquery engine mode isn't required for Aurora MySQL version 1.23 and higher 1.x versions, and version 2.09 and higher 2.x versions.
The global engine mode isn't required for Aurora MySQL version 1.22 and higher 1.x versions, and global engine mode isn't required for any 2.x versions.
The multimaster engine mode only applies for DB clusters created with Aurora MySQL version 5.6.10a.
For Aurora PostgreSQL, the global engine mode isn't required, and both the parallelquery and the multimaster engine modes currently aren't supported.
Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the Amazon Aurora User Guide:
The global cluster ID of an Aurora cluster that becomes the primary cluster in the new global database cluster.
", "CreateDBClusterMessage$Domain": "The Active Directory directory ID to create the DB cluster in.
For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB cluster. For more information, see Kerberos Authentication in the Amazon Aurora User Guide.
", @@ -3720,46 +3814,48 @@ "CreateDBClusterParameterGroupMessage$Description": "The description for the DB cluster parameter group.
", "CreateDBClusterSnapshotMessage$DBClusterSnapshotIdentifier": "The identifier of the DB cluster snapshot. This parameter is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: my-cluster1-snapshot1
The identifier of the DB cluster to create a snapshot for. This parameter isn't case-sensitive.
Constraints:
Must match the identifier of an existing DBCluster.
Example: my-cluster1
The meaning of this parameter differs according to the database engine you use.
MySQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
MariaDB
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
PostgreSQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, a database named postgres is created in the DB instance.
Constraints:
Must contain 1 to 63 letters, numbers, or underscores.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
Oracle
The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName.
Default: ORCL
Constraints:
Can't be longer than 8 characters
SQL Server
Not applicable. Must be null.
Amazon Aurora MySQL
The name of the database to create when the primary DB instance of the Aurora MySQL DB cluster is created. If this parameter isn't specified for an Aurora MySQL DB cluster, no database is created in the DB cluster.
Constraints:
It must contain 1 to 64 alphanumeric characters.
It can't be a word reserved by the database engine.
Amazon Aurora PostgreSQL
The name of the database to create when the primary DB instance of the Aurora PostgreSQL DB cluster is created. If this parameter isn't specified for an Aurora PostgreSQL DB cluster, a database named postgres is created in the DB cluster.
Constraints:
It must contain 1 to 63 alphanumeric characters.
It must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0 to 9).
It can't be a word reserved by the database engine.
The meaning of this parameter differs according to the database engine you use.
MySQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
MariaDB
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
PostgreSQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, a database named postgres is created in the DB instance.
Constraints:
Must contain 1 to 63 letters, numbers, or underscores.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
Oracle
The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName.
Default: ORCL
Constraints:
Can't be longer than 8 characters
Amazon RDS Custom
The Oracle System ID (SID) of the created RDS Custom DB instance. If you don't specify a value, the default value is ORCL.
Default: ORCL
Constraints:
It must contain 1 to 8 alphanumeric characters.
It must contain a letter.
It can't be a word reserved by the database engine.
SQL Server
Not applicable. Must be null.
Amazon Aurora MySQL
The name of the database to create when the primary DB instance of the Aurora MySQL DB cluster is created. If this parameter isn't specified for an Aurora MySQL DB cluster, no database is created in the DB cluster.
Constraints:
It must contain 1 to 64 alphanumeric characters.
It can't be a word reserved by the database engine.
Amazon Aurora PostgreSQL
The name of the database to create when the primary DB instance of the Aurora PostgreSQL DB cluster is created. If this parameter isn't specified for an Aurora PostgreSQL DB cluster, a database named postgres is created in the DB cluster.
Constraints:
It must contain 1 to 63 alphanumeric characters.
It must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0 to 9).
It can't be a word reserved by the database engine.
The DB instance identifier. This parameter is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
The compute and memory capacity of the DB instance, for example, db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
The name of the database engine to be used for this instance.
Not every database engine is available for every Amazon Web Services Region.
Valid Values:
aurora (for MySQL 5.6-compatible Aurora)
aurora-mysql (for MySQL 5.7-compatible Aurora)
aurora-postgresql
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The name of the database engine to be used for this instance.
Not every database engine is available for every Amazon Web Services Region.
Valid Values:
aurora (for MySQL 5.6-compatible Aurora)
aurora-mysql (for MySQL 5.7-compatible Aurora)
aurora-postgresql
custom-oracle-ee (for RDS Custom instances)
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The name for the master user.
Amazon Aurora
Not applicable. The name for the master user is managed by the DB cluster.
MariaDB
Constraints:
Required for MariaDB.
Must be 1 to 16 letters or numbers.
Can't be a reserved word for the chosen database engine.
Microsoft SQL Server
Constraints:
Required for SQL Server.
Must be 1 to 128 letters or numbers.
The first character must be a letter.
Can't be a reserved word for the chosen database engine.
MySQL
Constraints:
Required for MySQL.
Must be 1 to 16 letters or numbers.
First character must be a letter.
Can't be a reserved word for the chosen database engine.
Oracle
Constraints:
Required for Oracle.
Must be 1 to 30 letters or numbers.
First character must be a letter.
Can't be a reserved word for the chosen database engine.
PostgreSQL
Constraints:
Required for PostgreSQL.
Must be 1 to 63 letters or numbers.
First character must be a letter.
Can't be a reserved word for the chosen database engine.
The password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".
Amazon Aurora
Not applicable. The password for the master user is managed by the DB cluster.
MariaDB
Constraints: Must contain from 8 to 41 characters.
Microsoft SQL Server
Constraints: Must contain from 8 to 128 characters.
MySQL
Constraints: Must contain from 8 to 41 characters.
Oracle
Constraints: Must contain from 8 to 30 characters.
PostgreSQL
Constraints: Must contain from 8 to 128 characters.
", "CreateDBInstanceMessage$AvailabilityZone": "The Availability Zone (AZ) where the database will be created. For information on Amazon Web Services Regions and Availability Zones, see Regions and Availability Zones.
Default: A random, system-chosen Availability Zone in the endpoint's Amazon Web Services Region.
Example: us-east-1d
Constraint: The AvailabilityZone parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same Amazon Web Services Region as the current endpoint.
If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.
For more information about RDS on VMware, see the RDS on VMware User Guide.
A DB subnet group to associate with this DB instance.
If there is no DB subnet group, then it is a non-VPC DB instance.
", "CreateDBInstanceMessage$PreferredMaintenanceWindow": "The time range each week during which system maintenance can occur, in Universal Coordinated Time (UTC). For more information, see Amazon RDS Maintenance Window.
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", - "CreateDBInstanceMessage$DBParameterGroupName": "The name of the DB parameter group to associate with this DB instance. If you do not specify a value, then the default DB parameter group for the specified DB engine and version is used.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
The name of the DB parameter group to associate with this DB instance. If you do not specify a value, then the default DB parameter group for the specified DB engine and version is used.
This setting doesn't apply to RDS Custom.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. For more information, see Backup window in the Amazon RDS User Guide.
Amazon Aurora
Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
Constraints:
Must be in the format hh24:mi-hh24:mi.
Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
The version number of the database engine to use.
For a list of valid engine versions, use the DescribeDBEngineVersions action.
The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.
Amazon Aurora
Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.
MariaDB
See MariaDB on Amazon RDS Versions in the Amazon RDS User Guide.
Microsoft SQL Server
See Microsoft SQL Server Versions on Amazon RDS in the Amazon RDS User Guide.
MySQL
See MySQL on Amazon RDS Versions in the Amazon RDS User Guide.
Oracle
See Oracle Database Engine Release Notes in the Amazon RDS User Guide.
PostgreSQL
See Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.
", - "CreateDBInstanceMessage$LicenseModel": "License model information for this DB instance.
Valid values: license-included | bring-your-own-license | general-public-license
A value that indicates that the DB instance should be associated with the specified option group.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance
", - "CreateDBInstanceMessage$CharacterSetName": "For supported engines, indicates that the DB instance should be associated with the specified CharacterSet.
Amazon Aurora
Not applicable. The character set is managed by the DB cluster. For more information, see CreateDBCluster.
The name of the NCHAR character set for the Oracle DB instance.
", - "CreateDBInstanceMessage$DBClusterIdentifier": "The identifier of the DB cluster that the instance will belong to.
", + "CreateDBInstanceMessage$EngineVersion": "The version number of the database engine to use.
For a list of valid engine versions, use the DescribeDBEngineVersions action.
The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.
Amazon Aurora
Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.
Amazon RDS Custom
A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom. The CEV name has the following format: 19.customized_string . An example identifier is 19.my_cev1. For more information, see Creating an RDS Custom DB instance in the Amazon RDS User Guide..
MariaDB
See MariaDB on Amazon RDS Versions in the Amazon RDS User Guide.
Microsoft SQL Server
See Microsoft SQL Server Versions on Amazon RDS in the Amazon RDS User Guide.
MySQL
See MySQL on Amazon RDS Versions in the Amazon RDS User Guide.
Oracle
See Oracle Database Engine Release Notes in the Amazon RDS User Guide.
PostgreSQL
See Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.
", + "CreateDBInstanceMessage$LicenseModel": "License model information for this DB instance.
Valid values: license-included | bring-your-own-license | general-public-license
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$OptionGroupName": "A value that indicates that the DB instance should be associated with the specified option group.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance after it is associated with a DB instance.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$CharacterSetName": "For supported engines, this value indicates that the DB instance should be associated with the specified CharacterSet.
This setting doesn't apply to RDS Custom. However, if you need to change the character set, you can change it on the database itself.
Amazon Aurora
Not applicable. The character set is managed by the DB cluster. For more information, see CreateDBCluster.
The name of the NCHAR character set for the Oracle DB instance.
This parameter doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$DBClusterIdentifier": "The identifier of the DB cluster that the instance will belong to.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceMessage$StorageType": "Specifies the storage type to be associated with the DB instance.
Valid values: standard | gp2 | io1
If you specify io1, you must also include a value for the Iops parameter.
Default: io1 if the Iops parameter is specified, otherwise gp2
The ARN from the key store with which to associate the instance for TDE encryption.
", - "CreateDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
", - "CreateDBInstanceMessage$KmsKeyId": "The Amazon Web Services KMS key identifier for an encrypted DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). To use a CMK in a different Amazon Web Services account, specify the key ARN or alias ARN.
Amazon Aurora
Not applicable. The Amazon Web Services KMS key identifier is managed by the DB cluster. For more information, see CreateDBCluster.
If StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS uses your default CMK. There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
", - "CreateDBInstanceMessage$MonitoringRoleArn": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, go to Setting Up and Enabling Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
Specify the name of the IAM role to be used when making API calls to the Directory Service.
", + "CreateDBInstanceMessage$TdeCredentialArn": "The ARN from the key store with which to associate the instance for TDE encryption.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$KmsKeyId": "The Amazon Web Services KMS key identifier for an encrypted DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
Amazon Aurora
Not applicable. The Amazon Web Services KMS key identifier is managed by the DB cluster. For more information, see CreateDBCluster.
If StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Amazon RDS Custom
A KMS key is required for RDS Custom Oracle instances. For most RDS engines, if you leave this parameter empty while enabling StorageEncrypted, the engine uses the default KMS key. However, RDS Custom for Oracle doesn't use the default key when this parameter is empty. You must explicitly specify a key.
The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$MonitoringRoleArn": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see Setting Up and Enabling Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceMessage$Timezone": "The time zone of the DB instance. The time zone parameter is currently supported only by Microsoft SQL Server.
", - "CreateDBInstanceMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default CMK. There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceMessage$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon Relational Database Service User Guide.
This setting is required for RDS Custom.
", "CreateDBInstanceReadReplicaMessage$DBInstanceIdentifier": "The DB instance identifier of the read replica. This identifier is the unique key that identifies a DB instance. This parameter is stored as a lowercase string.
", - "CreateDBInstanceReadReplicaMessage$SourceDBInstanceIdentifier": "The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to five read replicas.
Constraints:
Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server DB instance.
Can specify a DB instance that is a MySQL read replica only if the source is running MySQL 5.6 or later.
For the limitations of Oracle read replicas, see Read Replica Limitations with Oracle in the Amazon RDS User Guide.
For the limitations of SQL Server read replicas, see Read Replica Limitations with Microsoft SQL Server in the Amazon RDS User Guide.
Can specify a PostgreSQL DB instance only if the source is running PostgreSQL 9.3.5 or later (9.4.7 and higher for cross-region replication).
The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.
If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.
If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide. This doesn't apply to SQL Server, which doesn't support cross-region replicas.
The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to five read replicas.
Constraints:
Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server DB instance.
Can specify a DB instance that is a MySQL read replica only if the source is running MySQL 5.6 or later.
For the limitations of Oracle read replicas, see Read Replica Limitations with Oracle in the Amazon RDS User Guide.
For the limitations of SQL Server read replicas, see Read Replica Limitations with Microsoft SQL Server in the Amazon RDS User Guide.
Can specify a PostgreSQL DB instance only if the source is running PostgreSQL 9.3.5 or later (9.4.7 and higher for cross-region replication).
The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.
If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.
If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS Custom, which don't support cross-Region replicas.
The compute and memory capacity of the read replica, for example, db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: Inherits from the source DB instance.
", "CreateDBInstanceReadReplicaMessage$AvailabilityZone": "The Availability Zone (AZ) where the read replica will be created.
Default: A random, system-chosen Availability Zone in the endpoint's Amazon Web Services Region.
Example: us-east-1d
The option group the DB instance is associated with. If omitted, the option group associated with the source instance is used.
For SQL Server, you must use the option group associated with the source instance.
The name of the DB parameter group to associate with this DB instance.
If you do not specify a value for DBParameterGroupName, then Amazon RDS uses the DBParameterGroup of source DB instance for a same region read replica, or the default DBParameterGroup for the specified DB engine for a cross region read replica.
Currently, specifying a parameter group for this operation is only supported for Oracle DB instances.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
The option group the DB instance is associated with. If omitted, the option group associated with the source instance is used.
For SQL Server, you must use the option group associated with the source instance.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$DBParameterGroupName": "The name of the DB parameter group to associate with this DB instance.
If you do not specify a value for DBParameterGroupName, then Amazon RDS uses the DBParameterGroup of source DB instance for a same region read replica, or the default DBParameterGroup for the specified DB engine for a cross region read replica.
Specifying a parameter group for this operation is only supported for Oracle DB instances. It isn't supported for RDS Custom.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
Specifies a DB subnet group for the DB instance. The new DB instance is created in the VPC associated with the DB subnet group. If no DB subnet group is specified, then the new DB instance isn't created in a VPC.
Constraints:
Can only be specified if the source DB instance identifier specifies a DB instance in another Amazon Web Services Region.
If supplied, must match the name of an existing DBSubnetGroup.
The specified DB subnet group must be in the same Amazon Web Services Region in which the operation is running.
All read replicas in one Amazon Web Services Region that are created from the same source DB instance must either:>
Specify DB subnet groups from the same VPC. All these read replicas are created in the same VPC.
Not specify a DB subnet group. All these read replicas are created outside of any VPC.
Example: mySubnetgroup
Specifies the storage type to be associated with the read replica.
Valid values: standard | gp2 | io1
If you specify io1, you must also include a value for the Iops parameter.
Default: io1 if the Iops parameter is specified, otherwise gp2
The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, go to To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
The Amazon Web Services KMS key identifier for an encrypted read replica.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS CMK.
If you create an encrypted read replica in the same Amazon Web Services Region as the source DB instance, then do not specify a value for this parameter. A read replica in the same Region is always encrypted with the same Amazon Web Services KMS CMK as the source DB instance.
If you create an encrypted read replica in a different Amazon Web Services Region, then you must specify a Amazon Web Services KMS key identifier for the destination Amazon Web Services Region. Amazon Web Services KMS CMKs are specific to the Amazon Web Services Region that they are created in, and you can't use CMKs from one Amazon Web Services Region in another Amazon Web Services Region.
You can't create an encrypted read replica from an unencrypted DB instance.
", - "CreateDBInstanceReadReplicaMessage$PreSignedUrl": "The URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API action in the source Amazon Web Services Region that contains the source DB instance.
You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are creating an encrypted read replica in the same Amazon Web Services Region.
The presigned URL must be a valid request for the CreateDBInstanceReadReplica API action that can be executed in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values:
DestinationRegion - The Amazon Web Services Region that the encrypted read replica is created in. This Amazon Web Services Region is the same one where the CreateDBInstanceReadReplica action is called that contains this presigned URL.
For example, if you create an encrypted DB instance in the us-west-1 Amazon Web Services Region, from a source DB instance in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica action in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CreateDBInstanceReadReplica action in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.
KmsKeyId - The Amazon Web Services KMS key identifier for the key to use to encrypt the read replica in the destination Amazon Web Services Region. This is the same identifier for both the CreateDBInstanceReadReplica action that is called in the destination Amazon Web Services Region, and the action contained in the presigned URL.
SourceDBInstanceIdentifier - The DB instance identifier for the encrypted DB instance to be replicated. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are creating an encrypted read replica from a DB instance in the us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
SourceRegion isn't supported for SQL Server, because SQL Server on Amazon RDS doesn't support cross-region read replicas.
The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default CMK. There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
", - "CreateDBInstanceReadReplicaMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
", + "CreateDBInstanceReadReplicaMessage$MonitoringRoleArn": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, go to To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$KmsKeyId": "The Amazon Web Services KMS key identifier for an encrypted read replica.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you create an encrypted read replica in the same Amazon Web Services Region as the source DB instance, then do not specify a value for this parameter. A read replica in the same Amazon Web Services Region is always encrypted with the same KMS key as the source DB instance.
If you create an encrypted read replica in a different Amazon Web Services Region, then you must specify a KMS key identifier for the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.
You can't create an encrypted read replica from an unencrypted DB instance.
This setting doesn't apply to RDS Custom, which uses the same KMS key as the primary replica.
", + "CreateDBInstanceReadReplicaMessage$PreSignedUrl": "The URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API action in the source Amazon Web Services Region that contains the source DB instance.
You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are creating an encrypted read replica in the same Amazon Web Services Region.
The presigned URL must be a valid request for the CreateDBInstanceReadReplica API action that can be executed in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values:
DestinationRegion - The Amazon Web Services Region that the encrypted read replica is created in. This Amazon Web Services Region is the same one where the CreateDBInstanceReadReplica action is called that contains this presigned URL.
For example, if you create an encrypted DB instance in the us-west-1 Amazon Web Services Region, from a source DB instance in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica action in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CreateDBInstanceReadReplica action in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.
KmsKeyId - The Amazon Web Services KMS key identifier for the key to use to encrypt the read replica in the destination Amazon Web Services Region. This is the same identifier for both the CreateDBInstanceReadReplica action that is called in the destination Amazon Web Services Region, and the action contained in the presigned URL.
SourceDBInstanceIdentifier - The DB instance identifier for the encrypted DB instance to be replicated. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are creating an encrypted read replica from a DB instance in the us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.
SourceRegion isn't supported for SQL Server, because SQL Server on Amazon RDS doesn't support cross-region read replicas.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$Domain": "The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
This setting doesn't apply to RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon Relational Database Service User Guide.
This setting is required for RDS Custom.
", "CreateDBParameterGroupMessage$DBParameterGroupName": "The name of the DB parameter group.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
This value is stored as a lowercase string.
The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine mysql
The output contains duplicates.
The following are the valid DB engine values:
aurora (for MySQL 5.6-compatible Aurora)
aurora-mysql (for MySQL 5.7-compatible Aurora)
aurora-postgresql
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The description for the DB parameter group.
", @@ -3803,12 +3899,12 @@ "DBCluster$PreferredMaintenanceWindow": "Specifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
", "DBCluster$ReplicationSourceIdentifier": "Contains the identifier of the source DB cluster if this DB cluster is a read replica.
", "DBCluster$HostedZoneId": "Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.
", - "DBCluster$KmsKeyId": "If StorageEncrypted is enabled, the Amazon Web Services KMS key identifier for the encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", - "DBCluster$DbClusterResourceId": "The Amazon Web Services Region-unique, immutable identifier for the DB cluster. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS CMK for the DB cluster is accessed.
", + "DBCluster$KmsKeyId": "If StorageEncrypted is enabled, the Amazon Web Services KMS key identifier for the encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", + "DBCluster$DbClusterResourceId": "The Amazon Web Services Region-unique, immutable identifier for the DB cluster. This identifier is found in Amazon Web Services CloudTrail log entries whenever the KMS key for the DB cluster is accessed.
", "DBCluster$DBClusterArn": "The Amazon Resource Name (ARN) for the DB cluster.
", "DBCluster$CloneGroupId": "Identifies the clone group to which the DB cluster is associated.
", "DBCluster$EngineMode": "The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster.
For more information, see CreateDBCluster.
", - "DBCluster$ActivityStreamKmsKeyId": "The Amazon Web Services KMS key identifier used for encrypting messages in the database activity stream.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "DBCluster$ActivityStreamKmsKeyId": "The Amazon Web Services KMS key identifier used for encrypting messages in the database activity stream.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "DBCluster$ActivityStreamKinesisStreamName": "The name of the Amazon Kinesis data stream used for the database activity stream.
", "DBClusterBacktrack$DBClusterIdentifier": "Contains a user-supplied DB cluster identifier. This identifier is the unique key that identifies a DB cluster.
", "DBClusterBacktrack$BacktrackIdentifier": "Contains the backtrack identifier.
", @@ -3839,7 +3935,7 @@ "DBClusterParameterGroupsMessage$Marker": " An optional pagination token provided by a previous DescribeDBClusterParameterGroups request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster.
", "DBClusterRole$Status": "Describes the state of association between the IAM role and the DB cluster. The Status property returns one of the following values:
ACTIVE - the IAM role ARN is associated with the DB cluster and can be used to access other Amazon Web Services on your behalf.
PENDING - the IAM role ARN is being associated with the DB cluster.
INVALID - the IAM role ARN is associated with the DB cluster, but the DB cluster is unable to assume the IAM role in order to access other Amazon Web Services on your behalf.
The name of the feature associated with the Amazon Web Services Identity and Access Management (IAM) role. For the list of supported feature names, see DBEngineVersion.
", + "DBClusterRole$FeatureName": "The name of the feature associated with the Amazon Web Services Identity and Access Management (IAM) role. For information about supported feature names, see DBEngineVersion.
", "DBClusterSnapshot$DBClusterSnapshotIdentifier": "Specifies the identifier for the DB cluster snapshot.
", "DBClusterSnapshot$DBClusterIdentifier": "Specifies the DB cluster identifier of the DB cluster that this DB cluster snapshot was created from.
", "DBClusterSnapshot$Engine": "Specifies the name of the database engine for this DB cluster snapshot.
", @@ -3850,7 +3946,7 @@ "DBClusterSnapshot$EngineVersion": "Provides the version of the database engine for this DB cluster snapshot.
", "DBClusterSnapshot$LicenseModel": "Provides the license model information for this DB cluster snapshot.
", "DBClusterSnapshot$SnapshotType": "Provides the type of the DB cluster snapshot.
", - "DBClusterSnapshot$KmsKeyId": "If StorageEncrypted is true, the Amazon Web Services KMS key identifier for the encrypted DB cluster snapshot.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "DBClusterSnapshot$KmsKeyId": "If StorageEncrypted is true, the Amazon Web Services KMS key identifier for the encrypted DB cluster snapshot.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "DBClusterSnapshot$DBClusterSnapshotArn": "The Amazon Resource Name (ARN) for the DB cluster snapshot.
", "DBClusterSnapshot$SourceDBClusterSnapshotArn": "If the DB cluster snapshot was copied from a source DB cluster snapshot, the Amazon Resource Name (ARN) for the source DB cluster snapshot, otherwise, a null value.
", "DBClusterSnapshotAttribute$AttributeName": "The name of the manual DB cluster snapshot attribute.
The attribute named restore refers to the list of Amazon Web Services accounts that have permission to copy or restore the manual DB cluster snapshot. For more information, see the ModifyDBClusterSnapshotAttribute API action.
The description of the database engine.
", "DBEngineVersion$DBEngineVersionDescription": "The description of the database engine version.
", "DBEngineVersion$Status": "The status of the DB engine version, either available or deprecated.
The major engine version of the CEV.
", + "DBEngineVersion$DatabaseInstallationFilesS3BucketName": "The name of the Amazon S3 bucket that contains your database installation files.
", + "DBEngineVersion$DatabaseInstallationFilesS3Prefix": "The Amazon S3 directory that contains the database installation files. If not specified, then no prefix is assumed.
", + "DBEngineVersion$DBEngineVersionArn": "The ARN of the custom engine version.
", + "DBEngineVersion$KMSKeyId": "The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter is required for RDS Custom, but optional for Amazon RDS.
", "DBEngineVersionMessage$Marker": " An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance.
", "DBInstance$DBInstanceClass": "Contains the name of the compute and memory capacity class of the DB instance.
", @@ -3874,24 +3975,25 @@ "DBInstance$PreferredMaintenanceWindow": "Specifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
", "DBInstance$EngineVersion": "Indicates the database engine version.
", "DBInstance$ReadReplicaSourceDBInstanceIdentifier": "Contains the identifier of the source DB instance if this DB instance is a read replica.
", - "DBInstance$LicenseModel": "License model information for this DB instance.
", + "DBInstance$LicenseModel": "License model information for this DB instance. This setting doesn't apply to RDS Custom.
", "DBInstance$CharacterSetName": "If present, specifies the name of the character set that this instance is associated with.
", "DBInstance$NcharCharacterSetName": "The name of the NCHAR character set for the Oracle DB instance. This character set specifies the Unicode encoding for data stored in table columns of type NCHAR, NCLOB, or NVARCHAR2.
", "DBInstance$SecondaryAvailabilityZone": "If present, specifies the name of the secondary Availability Zone for a DB instance with multi-AZ support.
", "DBInstance$StorageType": "Specifies the storage type associated with DB instance.
", "DBInstance$TdeCredentialArn": "The ARN from the key store with which the instance is associated for TDE encryption.
", "DBInstance$DBClusterIdentifier": "If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of.
", - "DBInstance$KmsKeyId": " If StorageEncrypted is true, the Amazon Web Services KMS key identifier for the encrypted DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", - "DBInstance$DbiResourceId": "The Amazon Web Services Region-unique, immutable identifier for the DB instance. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS customer master key (CMK) for the DB instance is accessed.
", + "DBInstance$KmsKeyId": " If StorageEncrypted is true, the Amazon Web Services KMS key identifier for the encrypted DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", + "DBInstance$DbiResourceId": "The Amazon Web Services Region-unique, immutable identifier for the DB instance. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS key for the DB instance is accessed.
", "DBInstance$CACertificateIdentifier": "The identifier of the CA certificate for this DB instance.
", "DBInstance$EnhancedMonitoringResourceArn": "The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log stream that receives the Enhanced Monitoring metrics data for the DB instance.
", "DBInstance$MonitoringRoleArn": "The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs.
", "DBInstance$DBInstanceArn": "The Amazon Resource Name (ARN) for the DB instance.
", "DBInstance$Timezone": "The time zone of the DB instance. In most cases, the Timezone element is empty. Timezone content appears only for Microsoft SQL Server DB instances that were created with a time zone specified.
The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "DBInstance$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "DBInstance$AwsBackupRecoveryPointArn": "The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.
", - "DBInstance$ActivityStreamKmsKeyId": "The Amazon Web Services KMS key identifier used for encrypting messages in the database activity stream. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "DBInstance$ActivityStreamKmsKeyId": "The Amazon Web Services KMS key identifier used for encrypting messages in the database activity stream. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "DBInstance$ActivityStreamKinesisStreamName": "The name of the Amazon Kinesis data stream used for the database activity stream.
", + "DBInstance$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon Relational Database Service User Guide.
", "DBInstanceAutomatedBackup$DBInstanceArn": "The Amazon Resource Name (ARN) for the automated backups.
", "DBInstanceAutomatedBackup$DbiResourceId": "The identifier for the source DB instance, which can't be changed and which is unique to an Amazon Web Services Region.
", "DBInstanceAutomatedBackup$Region": "The Amazon Web Services Region associated with the automated backup.
", @@ -3906,14 +4008,14 @@ "DBInstanceAutomatedBackup$OptionGroupName": "The option group the automated backup is associated with. If omitted, the default option group for the engine specified is used.
", "DBInstanceAutomatedBackup$TdeCredentialArn": "The ARN from the key store with which the automated backup is associated for TDE encryption.
", "DBInstanceAutomatedBackup$StorageType": "Specifies the storage type associated with the automated backup.
", - "DBInstanceAutomatedBackup$KmsKeyId": "The Amazon Web Services KMS key ID for an automated backup.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "DBInstanceAutomatedBackup$KmsKeyId": "The Amazon Web Services KMS key ID for an automated backup.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "DBInstanceAutomatedBackup$Timezone": "The time zone of the automated backup. In most cases, the Timezone element is empty. Timezone content appears only for Microsoft SQL Server DB instances that were created with a time zone specified.
The Amazon Resource Name (ARN) for the replicated automated backups.
", "DBInstanceAutomatedBackupMessage$Marker": " An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords .
The Amazon Resource Name (ARN) of the replicated automated backups.
", "DBInstanceMessage$Marker": " An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords .
The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance.
", - "DBInstanceRole$FeatureName": "The name of the feature associated with the Amazon Web Services Identity and Access Management (IAM) role. For the list of supported feature names, see DBEngineVersion.
The name of the feature associated with the Amazon Web Services Identity and Access Management (IAM) role. For information about supported feature names, see DBEngineVersion.
Describes the state of association between the IAM role and the DB instance. The Status property returns one of the following values:
ACTIVE - the IAM role ARN is associated with the DB instance and can be used to access other Amazon Web Services services on your behalf.
PENDING - the IAM role ARN is being associated with the DB instance.
INVALID - the IAM role ARN is associated with the DB instance, but the DB instance is unable to assume the IAM role in order to access other Amazon Web Services services on your behalf.
This value is currently \"read replication.\"
", "DBInstanceStatusInfo$Status": "Status of the DB instance. For a StatusType of read replica, the values can be replicating, replication stop point set, replication stop point reached, error, stopped, or terminated.
", @@ -3970,7 +4072,7 @@ "DBSnapshot$SourceDBSnapshotIdentifier": "The DB snapshot Amazon Resource Name (ARN) that the DB snapshot was copied from. It only has a value in the case of a cross-account or cross-Region copy.
", "DBSnapshot$StorageType": "Specifies the storage type associated with DB snapshot.
", "DBSnapshot$TdeCredentialArn": "The ARN from the key store with which to associate the instance for TDE encryption.
", - "DBSnapshot$KmsKeyId": " If Encrypted is true, the Amazon Web Services KMS key identifier for the encrypted DB snapshot.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "DBSnapshot$KmsKeyId": " If Encrypted is true, the Amazon Web Services KMS key identifier for the encrypted DB snapshot.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "DBSnapshot$DBSnapshotArn": "The Amazon Resource Name (ARN) for the DB snapshot.
", "DBSnapshot$Timezone": "The time zone of the DB snapshot. In most cases, the Timezone element is empty. Timezone content appears only for snapshots taken from Microsoft SQL Server DB instances that were created with a time zone specified.
The identifier for the source DB instance, which can't be changed and which is unique to an Amazon Web Services Region.
", @@ -3990,9 +4092,9 @@ "DeleteDBClusterParameterGroupMessage$DBClusterParameterGroupName": "The name of the DB cluster parameter group.
Constraints:
Must be the name of an existing DB cluster parameter group.
You can't delete a default DB cluster parameter group.
Can't be associated with any DB clusters.
The identifier of the DB cluster snapshot to delete.
Constraints: Must be the name of an existing DB cluster snapshot in the available state.
The identifier for the source DB instance, which can't be changed and which is unique to an Amazon Web Services Region.
", - "DeleteDBInstanceAutomatedBackupMessage$DBInstanceAutomatedBackupsArn": "The Amazon Resource Name (ARN) of the automated backups to delete, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
The Amazon Resource Name (ARN) of the automated backups to delete, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
This setting doesn't apply to RDS Custom.
", "DeleteDBInstanceMessage$DBInstanceIdentifier": "The DB instance identifier for the DB instance to be deleted. This parameter isn't case-sensitive.
Constraints:
Must match the name of an existing DB instance.
The DBSnapshotIdentifier of the new DBSnapshot created when the SkipFinalSnapshot parameter is disabled.
Specifying this parameter and also specifying to skip final DB snapshot creation in SkipFinalShapshot results in an error.
Constraints:
Must be 1 to 255 letters or numbers.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Can't be specified when deleting a read replica.
The DBSnapshotIdentifier of the new DBSnapshot created when the SkipFinalSnapshot parameter is disabled.
If you enable this parameter and also enable SkipFinalShapshot, the command results in an error.
This setting doesn't apply to RDS Custom.
Constraints:
Must be 1 to 255 letters or numbers.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Can't be specified when deleting a read replica.
The name of the DB parameter group.
Constraints:
Must be the name of an existing DB parameter group
You can't delete a default DB parameter group
Can't be associated with any DB instances
The name of the DB proxy to delete.
", "DeleteDBSecurityGroupMessage$DBSecurityGroupName": "The name of the DB security group to delete.
You can't delete the default DB security group.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
Must not be \"Default\"
The resource ID of the DB instance that is the source of the automated backup. This parameter isn't case-sensitive.
", "DescribeDBInstanceAutomatedBackupsMessage$DBInstanceIdentifier": "(Optional) The user-supplied instance identifier. If this parameter is specified, it must match the identifier of an existing DB instance. It returns information from the specific DB instance' automated backup. This parameter isn't case-sensitive.
", "DescribeDBInstanceAutomatedBackupsMessage$Marker": "The pagination token provided in the previous request. If this parameter is specified the response includes only records beyond the marker, up to MaxRecords.
The Amazon Resource Name (ARN) of the replicated automated backups, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
The Amazon Resource Name (ARN) of the replicated automated backups, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
This setting doesn't apply to RDS Custom.
", "DescribeDBInstancesMessage$DBInstanceIdentifier": "The user-supplied instance identifier. If this parameter is specified, information from only the specific DB instance is returned. This parameter isn't case-sensitive.
Constraints:
If supplied, must match the identifier of an existing DBInstance.
An optional pagination token provided by a previous DescribeDBInstances request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
The name of the log file for the specified DB instance.
", @@ -4095,8 +4197,8 @@ "DescribeOrderableDBInstanceOptionsMessage$Engine": "The name of the engine to retrieve DB instance options for.
Valid Values:
aurora (for MySQL 5.6-compatible Aurora)
aurora-mysql (for MySQL 5.7-compatible Aurora)
aurora-postgresql
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The engine version filter value. Specify this parameter to show only the available offerings matching the specified engine version.
", "DescribeOrderableDBInstanceOptionsMessage$DBInstanceClass": "The DB instance class filter value. Specify this parameter to show only the available offerings matching the specified DB instance class.
", - "DescribeOrderableDBInstanceOptionsMessage$LicenseModel": "The license model filter value. Specify this parameter to show only the available offerings matching the specified license model.
", - "DescribeOrderableDBInstanceOptionsMessage$AvailabilityZoneGroup": "The Availability Zone group associated with a Local Zone. Specify this parameter to retrieve available offerings for the Local Zones in the group.
Omit this parameter to show the available offerings in the specified Amazon Web Services Region.
", + "DescribeOrderableDBInstanceOptionsMessage$LicenseModel": "The license model filter value. Specify this parameter to show only the available offerings matching the specified license model.
RDS Custom supports only the BYOL licensing model.
", + "DescribeOrderableDBInstanceOptionsMessage$AvailabilityZoneGroup": "The Availability Zone group associated with a Local Zone. Specify this parameter to retrieve available offerings for the Local Zones in the group.
Omit this parameter to show the available offerings in the specified Amazon Web Services Region.
This setting doesn't apply to RDS Custom.
", "DescribeOrderableDBInstanceOptionsMessage$Marker": " An optional pagination token provided by a previous DescribeOrderableDBInstanceOptions request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords .
The ARN of a resource to return pending maintenance actions for.
", "DescribePendingMaintenanceActionsMessage$Marker": " An optional pagination token provided by a previous DescribePendingMaintenanceActions request. If this parameter is specified, the response includes only records beyond the marker, up to a number of records specified by MaxRecords.
The Amazon S3 bucket that the snapshot is exported to.
", "ExportTask$S3Prefix": "The Amazon S3 bucket prefix that is the file name and path of the exported snapshot.
", "ExportTask$IamRoleArn": "The name of the IAM role that is used to write to Amazon S3 when exporting a snapshot.
", - "ExportTask$KmsKeyId": "The key identifier of the Amazon Web Services KMS customer master key (CMK) that is used to encrypt the snapshot when it's exported to Amazon S3. The Amazon Web Services KMS CMK identifier is its key ARN, key ID, alias ARN, or alias name. The IAM role used for the snapshot export must have encryption and decryption permissions to use this Amazon Web Services KMS CMK.
", + "ExportTask$KmsKeyId": "The key identifier of the Amazon Web Services KMS key that is used to encrypt the snapshot when it's exported to Amazon S3. The KMS key identifier is its key ARN, key ID, alias ARN, or alias name. The IAM role used for the snapshot export must have encryption and decryption permissions to use this KMS key.
", "ExportTask$Status": "The progress status of the export task.
", "ExportTask$FailureCause": "The reason the export failed, if it failed.
", "ExportTask$WarningMessage": "A warning about the snapshot export task.
", @@ -4167,7 +4269,7 @@ "Filter$Name": "The name of the filter. Filter names are case-sensitive.
", "FilterValueList$member": null, "GlobalCluster$GlobalClusterIdentifier": "Contains a user-supplied global database cluster identifier. This identifier is the unique key that identifies a global database cluster.
", - "GlobalCluster$GlobalClusterResourceId": "The Amazon Web Services Region-unique, immutable identifier for the global database cluster. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS customer master key (CMK) for the DB cluster is accessed.
", + "GlobalCluster$GlobalClusterResourceId": "The Amazon Web Services Region-unique, immutable identifier for the global database cluster. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS key for the DB cluster is accessed.
", "GlobalCluster$GlobalClusterArn": "The Amazon Resource Name (ARN) for the global database cluster.
", "GlobalCluster$Status": "Specifies the current state of this global database cluster.
", "GlobalCluster$Engine": "The Aurora database engine used by the global database cluster.
", @@ -4216,24 +4318,24 @@ "ModifyDBClusterSnapshotAttributeMessage$DBClusterSnapshotIdentifier": "The identifier for the DB cluster snapshot to modify the attributes for.
", "ModifyDBClusterSnapshotAttributeMessage$AttributeName": "The name of the DB cluster snapshot attribute to modify.
To manage authorization for other Amazon Web Services accounts to copy or restore a manual DB cluster snapshot, set this value to restore.
To view the list of attributes available to modify, use the DescribeDBClusterSnapshotAttributes API action.
The DB instance identifier. This value is stored as a lowercase string.
Constraints:
Must match the identifier of an existing DBInstance.
The new compute and memory capacity of the DB instance, for example, db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
If you modify the DB instance class, an outage occurs during the change. The change is applied during the next maintenance window, unless ApplyImmediately is enabled for this request.
Default: Uses existing setting
", - "ModifyDBInstanceMessage$DBSubnetGroupName": "The new DB subnet group for the DB instance. You can use this parameter to move your DB instance to a different VPC. If your DB instance isn't in a VPC, you can also use this parameter to move your DB instance into a VPC. For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
Changing the subnet group causes an outage during the change. The change is applied during the next maintenance window, unless you enable ApplyImmediately.
Constraints: If supplied, must match the name of an existing DBSubnetGroup.
Example: mySubnetGroup
The new password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".
Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.
Amazon Aurora
Not applicable. The password for the master user is managed by the DB cluster. For more information, see ModifyDBCluster.
Default: Uses existing setting
MariaDB
Constraints: Must contain from 8 to 41 characters.
Microsoft SQL Server
Constraints: Must contain from 8 to 128 characters.
MySQL
Constraints: Must contain from 8 to 41 characters.
Oracle
Constraints: Must contain from 8 to 30 characters.
PostgreSQL
Constraints: Must contain from 8 to 128 characters.
Amazon RDS API actions never return the password, so this action provides a way to regain access to a primary instance user if the password is lost. This includes restoring privileges that might have been accidentally revoked.
The name of the DB parameter group to apply to the DB instance. Changing this setting doesn't result in an outage. The parameter group name itself is changed immediately, but the actual parameter changes are not applied until you reboot the instance without failover. In this case, the DB instance isn't rebooted automatically and the parameter changes isn't applied during the next maintenance window.
Default: Uses existing setting
Constraints: The DB parameter group must be in the same DB parameter group family as this DB instance.
", + "ModifyDBInstanceMessage$DBInstanceClass": "The new compute and memory capacity of the DB instance, for example, db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
If you modify the DB instance class, an outage occurs during the change. The change is applied during the next maintenance window, unless ApplyImmediately is enabled for this request.
This setting doesn't apply to RDS Custom.
Default: Uses existing setting
", + "ModifyDBInstanceMessage$DBSubnetGroupName": "The new DB subnet group for the DB instance. You can use this parameter to move your DB instance to a different VPC. If your DB instance isn't in a VPC, you can also use this parameter to move your DB instance into a VPC. For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
Changing the subnet group causes an outage during the change. The change is applied during the next maintenance window, unless you enable ApplyImmediately.
This parameter doesn't apply to RDS Custom.
Constraints: If supplied, must match the name of an existing DBSubnetGroup.
Example: mySubnetGroup
The new password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".
Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.
This setting doesn't apply to RDS Custom.
Amazon Aurora
Not applicable. The password for the master user is managed by the DB cluster. For more information, see ModifyDBCluster.
Default: Uses existing setting
MariaDB
Constraints: Must contain from 8 to 41 characters.
Microsoft SQL Server
Constraints: Must contain from 8 to 128 characters.
MySQL
Constraints: Must contain from 8 to 41 characters.
Oracle
Constraints: Must contain from 8 to 30 characters.
PostgreSQL
Constraints: Must contain from 8 to 128 characters.
Amazon RDS API actions never return the password, so this action provides a way to regain access to a primary instance user if the password is lost. This includes restoring privileges that might have been accidentally revoked.
The name of the DB parameter group to apply to the DB instance.
Changing this setting doesn't result in an outage. The parameter group name itself is changed immediately, but the actual parameter changes are not applied until you reboot the instance without failover. In this case, the DB instance isn't rebooted automatically, and the parameter changes aren't applied during the next maintenance window. However, if you modify dynamic parameters in the newly associated DB parameter group, these changes are applied immediately without a reboot.
This setting doesn't apply to RDS Custom.
Default: Uses existing setting
Constraints: The DB parameter group must be in the same DB parameter group family as the DB instance.
", "ModifyDBInstanceMessage$PreferredBackupWindow": " The daily time range during which automated backups are created if automated backups are enabled, as determined by the BackupRetentionPeriod parameter. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. For more information, see Backup window in the Amazon RDS User Guide.
Amazon Aurora
Not applicable. The daily time range for creating automated backups is managed by the DB cluster. For more information, see ModifyDBCluster.
Constraints:
Must be in the format hh24:mi-hh24:mi
Must be in Universal Time Coordinated (UTC)
Must not conflict with the preferred maintenance window
Must be at least 30 minutes
The weekly time range (in UTC) during which system maintenance can occur, which might result in an outage. Changing this parameter doesn't result in an outage, except in the following situation, and the change is asynchronously applied as soon as possible. If there are pending actions that cause a reboot, and the maintenance window is changed to include the current time, then changing this parameter will cause a reboot of the DB instance. If moving this window to the current time, there must be at least 30 minutes between the current time and end of the window to ensure pending changes are applied.
For more information, see Amazon RDS Maintenance Window in the Amazon RDS User Guide.
Default: Uses existing setting
Format: ddd:hh24:mi-ddd:hh24:mi
Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun
Constraints: Must be at least 30 minutes
", - "ModifyDBInstanceMessage$EngineVersion": " The version number of the database engine to upgrade to. Changing this parameter results in an outage and the change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request.
For major version upgrades, if a nondefault DB parameter group is currently in use, a new DB parameter group in the DB parameter group family for the new engine version must be specified. The new DB parameter group can be the default for that DB parameter group family.
If you specify only a major version, Amazon RDS will update the DB instance to the default minor version if the current minor version is lower. For information about valid engine versions, see CreateDBInstance, or call DescribeDBEngineVersions.
The license model for the DB instance.
Valid values: license-included | bring-your-own-license | general-public-license
A value that indicates the DB instance should be associated with the specified option group. Changing this parameter doesn't result in an outage except in the following case and the change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If the parameter change results in an option group that enables OEM, this change can cause a brief (sub-second) period during which new connections are rejected but existing connections are not interrupted.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance once it is associated with a DB instance
", - "ModifyDBInstanceMessage$NewDBInstanceIdentifier": " The new DB instance identifier for the DB instance when renaming a DB instance. When you change the DB instance identifier, an instance reboot occurs immediately if you enable ApplyImmediately, or will occur during the next maintenance window if you disable Apply Immediately. This value is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
The first character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
The version number of the database engine to upgrade to. Changing this parameter results in an outage and the change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request.
For major version upgrades, if a nondefault DB parameter group is currently in use, a new DB parameter group in the DB parameter group family for the new engine version must be specified. The new DB parameter group can be the default for that DB parameter group family.
If you specify only a major version, Amazon RDS will update the DB instance to the default minor version if the current minor version is lower. For information about valid engine versions, see CreateDBInstance, or call DescribeDBEngineVersions.
In RDS Custom, this parameter is supported for read replicas only if they are in the PATCH_DB_FAILURE lifecycle.
The license model for the DB instance.
This setting doesn't apply to RDS Custom.
Valid values: license-included | bring-your-own-license | general-public-license
A value that indicates the DB instance should be associated with the specified option group.
Changing this parameter doesn't result in an outage, with one exception. If the parameter change results in an option group that enables OEM, it can cause a brief period, lasting less than a second, during which new connections are rejected but existing connections aren't interrupted.
The change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$NewDBInstanceIdentifier": "The new DB instance identifier for the DB instance when renaming a DB instance. When you change the DB instance identifier, an instance reboot occurs immediately if you enable ApplyImmediately, or will occur during the next maintenance window if you disable Apply Immediately. This value is stored as a lowercase string.
This setting doesn't apply to RDS Custom.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
The first character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
Specifies the storage type to be associated with the DB instance.
If you specify Provisioned IOPS (io1), you must also include a value for the Iops parameter.
If you choose to migrate your DB instance from using standard storage to using Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance.
Valid values: standard | gp2 | io1
Default: io1 if the Iops parameter is specified, otherwise gp2
The ARN from the key store with which to associate the instance for TDE encryption.
", - "ModifyDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
", - "ModifyDBInstanceMessage$CACertificateIdentifier": "Indicates the certificate that needs to be associated with the instance.
", - "ModifyDBInstanceMessage$Domain": "The Active Directory directory ID to move the DB instance to. Specify none to remove the instance from its current domain. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
", - "ModifyDBInstanceMessage$MonitoringRoleArn": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, go to To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
The name of the IAM role to use when making API calls to the Directory Service.
", - "ModifyDBInstanceMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default CMK. There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
The ARN from the key store with which to associate the instance for TDE encryption.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$CACertificateIdentifier": "Specifies the certificate to associate with the DB instance.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$Domain": "The Active Directory directory ID to move the DB instance to. Specify none to remove the instance from its current domain. You must create the domain before this operation. Currently, you can create only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$MonitoringRoleArn": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn value.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$DomainIAMRoleName": "The name of the IAM role to use when making API calls to the Directory Service.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
This setting doesn't apply to RDS Custom.
", "ModifyDBParameterGroupMessage$DBParameterGroupName": "The name of the DB parameter group.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
The identifier for the DBProxy to modify.
The new identifier for the DBProxy. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
The Amazon Resource Name (ARN) identifying the cluster that was detached from the Aurora global database cluster.
", "RemoveRoleFromDBClusterMessage$DBClusterIdentifier": "The name of the DB cluster to disassociate the IAM role from.
", "RemoveRoleFromDBClusterMessage$RoleArn": "The Amazon Resource Name (ARN) of the IAM role to disassociate from the Aurora DB cluster, for example arn:aws:iam::123456789012:role/AuroraAccessRole.
The name of the feature for the DB cluster that the IAM role is to be disassociated from. For the list of supported feature names, see DBEngineVersion.
", + "RemoveRoleFromDBClusterMessage$FeatureName": "The name of the feature for the DB cluster that the IAM role is to be disassociated from. For information about supported feature names, see DBEngineVersion.
", "RemoveRoleFromDBInstanceMessage$DBInstanceIdentifier": "The name of the DB instance to disassociate the IAM role from.
", "RemoveRoleFromDBInstanceMessage$RoleArn": "The Amazon Resource Name (ARN) of the IAM role to disassociate from the DB instance, for example, arn:aws:iam::123456789012:role/AccessRole.
The name of the feature for the DB instance that the IAM role is to be disassociated from. For the list of supported feature names, see DBEngineVersion.
The name of the feature for the DB instance that the IAM role is to be disassociated from. For information about supported feature names, see DBEngineVersion.
The name of the RDS event notification subscription you want to remove a source identifier from.
", "RemoveSourceIdentifierFromSubscriptionMessage$SourceIdentifier": "The source identifier to be removed from the subscription, such as the DB instance identifier for a DB instance or the name of a security group.
", "RemoveTagsFromResourceMessage$ResourceName": "The Amazon RDS resource that the tags are removed from. This value is an Amazon Resource Name (ARN). For information about creating an ARN, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide.
", @@ -4376,7 +4478,7 @@ "RestoreDBClusterFromS3Message$OptionGroupName": "A value that indicates that the restored DB cluster should be associated with the specified option group.
Permanent options can't be removed from an option group. An option group can't be removed from a DB cluster once it is associated with a DB cluster.
", "RestoreDBClusterFromS3Message$PreferredBackupWindow": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see Backup window in the Amazon Aurora User Guide.
Constraints:
Must be in the format hh24:mi-hh24:mi.
Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred Maintenance Window in the Amazon Aurora User Guide.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", - "RestoreDBClusterFromS3Message$KmsKeyId": "The Amazon Web Services KMS key identifier for an encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). To use a CMK in a different Amazon Web Services account, specify the key ARN or alias ARN.
If the StorageEncrypted parameter is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS will use your default CMK. There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
The Amazon Web Services KMS key identifier for an encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If the StorageEncrypted parameter is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS will use your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
The identifier for the database engine that was backed up to create the files stored in the Amazon S3 bucket.
Valid values: mysql
The version of the database that the backup files were created from.
MySQL versions 5.5, 5.6, and 5.7 are supported.
Example: 5.6.40, 5.7.28
The name of the Amazon S3 bucket that contains the data used to create the Amazon Aurora DB cluster.
", @@ -4391,7 +4493,7 @@ "RestoreDBClusterFromSnapshotMessage$DBSubnetGroupName": "The name of the DB subnet group to use for the new DB cluster.
Constraints: If supplied, must match the name of an existing DB subnet group.
Example: mySubnetgroup
The database name for the restored DB cluster.
", "RestoreDBClusterFromSnapshotMessage$OptionGroupName": "The name of the option group to use for the restored DB cluster.
", - "RestoreDBClusterFromSnapshotMessage$KmsKeyId": "The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from a DB snapshot or DB cluster snapshot.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). To use a CMK in a different Amazon Web Services account, specify the key ARN or alias ARN.
When you don't specify a value for the KmsKeyId parameter, then the following occurs:
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier is encrypted, then the restored DB cluster is encrypted using the Amazon Web Services KMS CMK that was used to encrypt the DB snapshot or DB cluster snapshot.
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier isn't encrypted, then the restored DB cluster isn't encrypted.
The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from a DB snapshot or DB cluster snapshot.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
When you don't specify a value for the KmsKeyId parameter, then the following occurs:
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the DB snapshot or DB cluster snapshot.
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier isn't encrypted, then the restored DB cluster isn't encrypted.
The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster.
For more information, see CreateDBCluster.
", "RestoreDBClusterFromSnapshotMessage$DBClusterParameterGroupName": "The name of the DB cluster parameter group to associate with this DB cluster. If this argument is omitted, the default DB cluster parameter group for the specified engine is used.
Constraints:
If supplied, must match the name of an existing default DB cluster parameter group.
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
", @@ -4401,7 +4503,7 @@ "RestoreDBClusterToPointInTimeMessage$SourceDBClusterIdentifier": "The identifier of the source DB cluster from which to restore.
Constraints:
Must match the identifier of an existing DBCluster.
The DB subnet group name to use for the new DB cluster.
Constraints: If supplied, must match the name of an existing DBSubnetGroup.
Example: mySubnetgroup
The name of the option group for the new DB cluster.
", - "RestoreDBClusterToPointInTimeMessage$KmsKeyId": "The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from an encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). To use a CMK in a different Amazon Web Services account, specify the key ARN or alias ARN.
You can restore to a new DB cluster and encrypt the new DB cluster with a Amazon Web Services KMS CMK that is different than the Amazon Web Services KMS key used to encrypt the source DB cluster. The new DB cluster is encrypted with the Amazon Web Services KMS CMK identified by the KmsKeyId parameter.
If you don't specify a value for the KmsKeyId parameter, then the following occurs:
If the DB cluster is encrypted, then the restored DB cluster is encrypted using the Amazon Web Services KMS CMK that was used to encrypt the source DB cluster.
If the DB cluster isn't encrypted, then the restored DB cluster isn't encrypted.
If DBClusterIdentifier refers to a DB cluster that isn't encrypted, then the restore request is rejected.
The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from an encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
You can restore to a new DB cluster and encrypt the new DB cluster with a KMS key that is different from the KMS key used to encrypt the source DB cluster. The new DB cluster is encrypted with the KMS key identified by the KmsKeyId parameter.
If you don't specify a value for the KmsKeyId parameter, then the following occurs:
If the DB cluster is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the source DB cluster.
If the DB cluster isn't encrypted, then the restored DB cluster isn't encrypted.
If DBClusterIdentifier refers to a DB cluster that isn't encrypted, then the restore request is rejected.
The name of the DB cluster parameter group to associate with this DB cluster. If this argument is omitted, the default DB cluster parameter group for the specified engine is used.
Constraints:
If supplied, must match the name of an existing DB cluster parameter group.
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation.
For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB cluster. For more information, see Kerberos Authentication in the Amazon Aurora User Guide.
", "RestoreDBClusterToPointInTimeMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
", @@ -4411,16 +4513,17 @@ "RestoreDBInstanceFromDBSnapshotMessage$DBInstanceClass": "The compute and memory capacity of the Amazon RDS DB instance, for example, db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: The same DBInstanceClass as the original DB instance.
", "RestoreDBInstanceFromDBSnapshotMessage$AvailabilityZone": "The Availability Zone (AZ) where the DB instance will be created.
Default: A random, system-chosen Availability Zone.
Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
Example: us-east-1a
The DB subnet group name to use for the new instance.
Constraints: If supplied, must match the name of an existing DBSubnetGroup.
Example: mySubnetgroup
License model information for the restored DB instance.
Default: Same as source.
Valid values: license-included | bring-your-own-license | general-public-license
The database name for the restored DB instance.
This parameter doesn't apply to the MySQL, PostgreSQL, or MariaDB engines.
The database engine to use for the new instance.
Default: The same as source
Constraint: Must be compatible with the engine of the source. For example, you can restore a MariaDB 10.1 DB instance from a MySQL 5.6 snapshot.
Valid Values:
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The name of the option group to be used for the restored DB instance.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance once it is associated with a DB instance
", + "RestoreDBInstanceFromDBSnapshotMessage$LicenseModel": "License model information for the restored DB instance.
This setting doesn't apply to RDS Custom.
Default: Same as source.
Valid values: license-included | bring-your-own-license | general-public-license
The database name for the restored DB instance.
This parameter doesn't apply to the MySQL, PostgreSQL, or MariaDB engines. It also doesn't apply to RDS Custom DB instances.
", + "RestoreDBInstanceFromDBSnapshotMessage$Engine": "The database engine to use for the new instance.
This setting doesn't apply to RDS Custom.
Default: The same as source
Constraint: Must be compatible with the engine of the source. For example, you can restore a MariaDB 10.1 DB instance from a MySQL 5.6 snapshot.
Valid Values:
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The name of the option group to be used for the restored DB instance.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance.
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceFromDBSnapshotMessage$StorageType": "Specifies the storage type to be associated with the DB instance.
Valid values: standard | gp2 | io1
If you specify io1, you must also include a value for the Iops parameter.
Default: io1 if the Iops parameter is specified, otherwise gp2
The ARN from the key store with which to associate the instance for TDE encryption.
", - "RestoreDBInstanceFromDBSnapshotMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
", - "RestoreDBInstanceFromDBSnapshotMessage$Domain": "Specify the Active Directory directory ID to restore the DB instance in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
", - "RestoreDBInstanceFromDBSnapshotMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
", - "RestoreDBInstanceFromDBSnapshotMessage$DBParameterGroupName": "The name of the DB parameter group to associate with this DB instance.
If you do not specify a value for DBParameterGroupName, then the default DBParameterGroup for the specified DB engine is used.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
The ARN from the key store with which to associate the instance for TDE encryption.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceFromDBSnapshotMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceFromDBSnapshotMessage$Domain": "Specify the Active Directory directory ID to restore the DB instance in. The domain/ must be created prior to this operation. Currently, you can create only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceFromDBSnapshotMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceFromDBSnapshotMessage$DBParameterGroupName": "The name of the DB parameter group to associate with this DB instance.
If you don't specify a value for DBParameterGroupName, then RDS uses the default DBParameterGroup for the specified DB engine.
This setting doesn't apply to RDS Custom.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon Relational Database Service User Guide.
This setting is required for RDS Custom.
", "RestoreDBInstanceFromS3Message$DBName": "The name of the database to create when the DB instance is created. Follow the naming rules specified in CreateDBInstance.
The DB instance identifier. This parameter is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
The compute and memory capacity of the DB instance, for example, db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Importing from Amazon S3 isn't supported on the db.t2.micro DB instance class.
", @@ -4436,31 +4539,32 @@ "RestoreDBInstanceFromS3Message$LicenseModel": "The license model for this DB instance. Use general-public-license.
The name of the option group to associate with this DB instance. If this argument is omitted, the default option group for the specified engine is used.
", "RestoreDBInstanceFromS3Message$StorageType": "Specifies the storage type to be associated with the DB instance.
Valid values: standard | gp2 | io1
If you specify io1, you must also include a value for the Iops parameter.
Default: io1 if the Iops parameter is specified; otherwise gp2
The Amazon Web Services KMS key identifier for an encrypted DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). To use a CMK in a different Amazon Web Services account, specify the key ARN or alias ARN.
If the StorageEncrypted parameter is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS will use your default CMK. There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
The Amazon Web Services KMS key identifier for an encrypted DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If the StorageEncrypted parameter is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS will use your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see Setting Up and Enabling Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
The name of the engine of your source database.
Valid Values: mysql
The version of the database that the backup files were created from.
MySQL versions 5.6 and 5.7 are supported.
Example: 5.6.40
The name of your Amazon S3 bucket that contains your database backup file.
", "RestoreDBInstanceFromS3Message$S3Prefix": "The prefix of your Amazon S3 bucket.
", "RestoreDBInstanceFromS3Message$S3IngestionRoleArn": "An Amazon Web Services Identity and Access Management (IAM) role to allow Amazon RDS to access your Amazon S3 bucket.
", - "RestoreDBInstanceFromS3Message$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default CMK. There is a default CMK for your Amazon Web Services account. Your Amazon Web Services account has a different default CMK for each Amazon Web Services Region.
The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
The identifier of the source DB instance from which to restore.
Constraints:
Must match the identifier of an existing DB instance.
The name of the new DB instance to be created.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
The compute and memory capacity of the Amazon RDS DB instance, for example, db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: The same DBInstanceClass as the original DB instance.
", "RestoreDBInstanceToPointInTimeMessage$AvailabilityZone": "The Availability Zone (AZ) where the DB instance will be created.
Default: A random, system-chosen Availability Zone.
Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.
Example: us-east-1a
The DB subnet group name to use for the new instance.
Constraints: If supplied, must match the name of an existing DBSubnetGroup.
Example: mySubnetgroup
License model information for the restored DB instance.
Default: Same as source.
Valid values: license-included | bring-your-own-license | general-public-license
The database name for the restored DB instance.
This parameter isn't used for the MySQL or MariaDB engines.
The database engine to use for the new instance.
Default: The same as source
Constraint: Must be compatible with the engine of the source
Valid Values:
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The name of the option group to be used for the restored DB instance.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance once it is associated with a DB instance
", + "RestoreDBInstanceToPointInTimeMessage$LicenseModel": "License model information for the restored DB instance.
This setting doesn't apply to RDS Custom.
Default: Same as source.
Valid values: license-included | bring-your-own-license | general-public-license
The database name for the restored DB instance.
This parameter isn't supported for the MySQL or MariaDB engines. It also doesn't apply to RDS Custom.
The database engine to use for the new instance.
This setting doesn't apply to RDS Custom.
Default: The same as source
Constraint: Must be compatible with the engine of the source
Valid Values:
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The name of the option group to be used for the restored DB instance.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceToPointInTimeMessage$StorageType": "Specifies the storage type to be associated with the DB instance.
Valid values: standard | gp2 | io1
If you specify io1, you must also include a value for the Iops parameter.
Default: io1 if the Iops parameter is specified, otherwise gp2
The ARN from the key store with which to associate the instance for TDE encryption.
", - "RestoreDBInstanceToPointInTimeMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
", - "RestoreDBInstanceToPointInTimeMessage$Domain": "Specify the Active Directory directory ID to restore the DB instance in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
", - "RestoreDBInstanceToPointInTimeMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
", - "RestoreDBInstanceToPointInTimeMessage$DBParameterGroupName": "The name of the DB parameter group to associate with this DB instance.
If you do not specify a value for DBParameterGroupName, then the default DBParameterGroup for the specified DB engine is used.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
The ARN from the key store with which to associate the instance for TDE encryption.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceToPointInTimeMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceToPointInTimeMessage$Domain": "Specify the Active Directory directory ID to restore the DB instance in. Create the domain before running this command. Currently, you can create only the MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances in an Active Directory Domain.
This setting doesn't apply to RDS Custom.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
", + "RestoreDBInstanceToPointInTimeMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceToPointInTimeMessage$DBParameterGroupName": "The name of the DB parameter group to associate with this DB instance.
If you do not specify a value for DBParameterGroupName, then the default DBParameterGroup for the specified DB engine is used.
This setting doesn't apply to RDS Custom.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
The resource ID of the source DB instance from which to restore.
", - "RestoreDBInstanceToPointInTimeMessage$SourceDBInstanceAutomatedBackupsArn": "The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
This setting doesn't apply to RDS Custom.
", + "RestoreDBInstanceToPointInTimeMessage$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon Relational Database Service User Guide.
This setting is required for RDS Custom.
", "RevokeDBSecurityGroupIngressMessage$DBSecurityGroupName": "The name of the DB security group to revoke ingress from.
", "RevokeDBSecurityGroupIngressMessage$CIDRIP": " The IP range to revoke access from. Must be a valid CIDR range. If CIDRIP is specified, EC2SecurityGroupName, EC2SecurityGroupId and EC2SecurityGroupOwnerId can't be provided.
The name of the EC2 security group to revoke access from. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId must be provided.
The status of the source Amazon Web Services Region.
", "SourceRegionMessage$Marker": " An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
The Amazon Resource Name (ARN) of the DB cluster, for example, arn:aws:rds:us-east-1:12345667890:cluster:das-cluster.
The Amazon Web Services KMS key identifier for encrypting messages in the database activity stream. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "StartActivityStreamRequest$KmsKeyId": "The Amazon Web Services KMS key identifier for encrypting messages in the database activity stream. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "StartActivityStreamResponse$KmsKeyId": "The Amazon Web Services KMS key identifier for encryption of messages in the database activity stream.
", "StartActivityStreamResponse$KinesisStreamName": "The name of the Amazon Kinesis data stream to be used for the database activity stream.
", "StartDBClusterMessage$DBClusterIdentifier": "The DB cluster identifier of the Amazon Aurora DB cluster to be started. This parameter is stored as a lowercase string.
", @@ -4486,10 +4590,10 @@ "StartExportTaskMessage$SourceArn": "The Amazon Resource Name (ARN) of the snapshot to export to Amazon S3.
", "StartExportTaskMessage$S3BucketName": "The name of the Amazon S3 bucket to export the snapshot to.
", "StartExportTaskMessage$IamRoleArn": "The name of the IAM role to use for writing to the Amazon S3 bucket when exporting a snapshot.
", - "StartExportTaskMessage$KmsKeyId": "The ID of the Amazon Web Services KMS customer master key (CMK) to use to encrypt the snapshot exported to Amazon S3. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). The caller of this operation must be authorized to execute the following operations. These can be set in the Amazon Web Services KMS key policy:
GrantOperation.Encrypt
GrantOperation.Decrypt
GrantOperation.GenerateDataKey
GrantOperation.GenerateDataKeyWithoutPlaintext
GrantOperation.ReEncryptFrom
GrantOperation.ReEncryptTo
GrantOperation.CreateGrant
GrantOperation.DescribeKey
GrantOperation.RetireGrant
The ID of the Amazon Web Services KMS key to use to encrypt the snapshot exported to Amazon S3. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. The caller of this operation must be authorized to execute the following operations. These can be set in the Amazon Web Services KMS key policy:
GrantOperation.Encrypt
GrantOperation.Decrypt
GrantOperation.GenerateDataKey
GrantOperation.GenerateDataKeyWithoutPlaintext
GrantOperation.ReEncryptFrom
GrantOperation.ReEncryptTo
GrantOperation.CreateGrant
GrantOperation.DescribeKey
GrantOperation.RetireGrant
The Amazon S3 bucket prefix to use as the file name and path of the exported snapshot.
", "StopActivityStreamRequest$ResourceArn": "The Amazon Resource Name (ARN) of the DB cluster for the database activity stream. For example, arn:aws:rds:us-east-1:12345667890:cluster:das-cluster.
The Amazon Web Services KMS key identifier used for encrypting messages in the database activity stream.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS customer master key (CMK).
", + "StopActivityStreamResponse$KmsKeyId": "The Amazon Web Services KMS key identifier used for encrypting messages in the database activity stream.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
", "StopActivityStreamResponse$KinesisStreamName": "The name of the Amazon Kinesis data stream used for the database activity stream.
", "StopDBClusterMessage$DBClusterIdentifier": "The DB cluster identifier of the Amazon Aurora DB cluster to be stopped. This parameter is stored as a lowercase string.
", "StopDBInstanceAutomatedBackupsReplicationMessage$SourceDBInstanceArn": "The Amazon Resource Name (ARN) of the source DB instance for which to stop replicating automated backups, for example, arn:aws:rds:us-west-2:123456789012:db:mydatabase.
The state of the VPN.
" } }, + "String255": { + "base": null, + "refs": { + "CreateCustomDBEngineVersionMessage$DatabaseInstallationFilesS3Prefix": "The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is 123456789012/cev1. If this setting isn't specified, no prefix is assumed.
The timestamp of the time at which the backtrack was requested.
", "DBClusterSnapshot$SnapshotCreateTime": "Provides the time when the snapshot was taken, in Universal Coordinated Time (UTC).
", "DBClusterSnapshot$ClusterCreateTime": "Specifies the time when the DB cluster was created, in Universal Coordinated Time (UTC).
", + "DBEngineVersion$CreateTime": "The creation time of the DB engine version.
", "DBInstance$AutomaticRestartTime": "The time when a stopped DB instance is restarted automatically.
", "DBInstance$InstanceCreateTime": "Provides the date and time the DB instance was created.
", "DBInstance$LatestRestorableTime": "Specifies the latest time to which a database can be restored with point-in-time restore.
", + "DBInstance$ResumeFullAutomationModeTime": "The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440.
", "DBInstanceAutomatedBackup$InstanceCreateTime": "Provides the date and time that the DB instance was created.
", "DBProxy$CreatedDate": "The date and time when the proxy was first created.
", "DBProxy$UpdatedDate": "The date and time when the proxy was last updated.
", @@ -4649,6 +4761,7 @@ "PendingMaintenanceAction$AutoAppliedAfterDate": "The date of the maintenance window when the action is applied. The maintenance action is applied to the resource during its first maintenance window after this date.
", "PendingMaintenanceAction$ForcedApplyDate": "The date when the maintenance action is automatically applied.
On this date, the maintenance action is applied to the resource as soon as possible, regardless of the maintenance window for the resource. There might be a delay of one or more days from this date before the maintenance action is applied.
", "PendingMaintenanceAction$CurrentApplyDate": "The effective date when the pending maintenance action is applied to the resource. This date takes into account opt-in requests received from the ApplyPendingMaintenanceAction API, the AutoAppliedAfterDate, and the ForcedApplyDate. This value is blank if an opt-in request has not been received and nothing has been specified as AutoAppliedAfterDate or ForcedApplyDate.
The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440.
", "ReservedDBInstance$StartTime": "The time the reservation started.
", "RestoreDBClusterToPointInTimeMessage$RestoreToTime": "The date and time to restore the DB cluster to.
Valid Values: Value must be a time in Universal Coordinated Time (UTC) format
Constraints:
Must be before the latest restorable time for the DB instance
Must be specified if UseLatestRestorableTime parameter isn't provided
Can't be specified if the UseLatestRestorableTime parameter is enabled
Can't be specified if the RestoreType parameter is copy-on-write
Example: 2015-03-07T23:45:00Z
The date and time to restore from.
Valid Values: Value must be a time in Universal Coordinated Time (UTC) format
Constraints:
Must be before the latest restorable time for the DB instance
Can't be specified if the UseLatestRestorableTime parameter is enabled
Example: 2009-09-07T23:45:00Z
The tags to be assigned to the Amazon RDS resource.
", "CreateDBClusterMessage$Tags": "Tags to assign to the DB cluster.
", "CreateDBClusterParameterGroupMessage$Tags": "Tags to assign to the DB cluster parameter group.
", @@ -4687,6 +4801,7 @@ "CreateOptionGroupMessage$Tags": "Tags to assign to the option group.
", "DBCluster$TagList": null, "DBClusterSnapshot$TagList": null, + "DBEngineVersion$TagList": null, "DBInstance$TagList": null, "DBSnapshot$TagList": null, "PurchaseReservedDBInstancesOfferingMessage$Tags": null, @@ -4813,9 +4928,9 @@ "refs": { "CreateDBClusterMessage$VpcSecurityGroupIds": "A list of EC2 VPC security groups to associate with this DB cluster.
", "CreateDBInstanceMessage$VpcSecurityGroupIds": "A list of Amazon EC2 VPC security groups to associate with this DB instance.
Amazon Aurora
Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster.
Default: The default EC2 VPC security group for the DB subnet group's VPC.
", - "CreateDBInstanceReadReplicaMessage$VpcSecurityGroupIds": "A list of EC2 VPC security groups to associate with the read replica.
Default: The default EC2 VPC security group for the DB subnet group's VPC.
", + "CreateDBInstanceReadReplicaMessage$VpcSecurityGroupIds": "A list of Amazon EC2 VPC security groups to associate with the read replica.
This setting doesn't apply to RDS Custom.
Default: The default EC2 VPC security group for the DB subnet group's VPC.
", "ModifyDBClusterMessage$VpcSecurityGroupIds": "A list of VPC security groups that the DB cluster will belong to.
", - "ModifyDBInstanceMessage$VpcSecurityGroupIds": "A list of EC2 VPC security groups to authorize on this DB instance. This change is asynchronously applied as soon as possible.
Amazon Aurora
Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. For more information, see ModifyDBCluster.
Constraints:
If supplied, must match existing VpcSecurityGroupIds.
A list of Amazon EC2 VPC security groups to authorize on this DB instance. This change is asynchronously applied as soon as possible.
This setting doesn't apply to RDS Custom.
Amazon Aurora
Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. For more information, see ModifyDBCluster.
Constraints:
If supplied, must match existing VpcSecurityGroupIds.
A list of VpcSecurityGroupMembership name strings used for this option.
", "RestoreDBClusterFromS3Message$VpcSecurityGroupIds": "A list of EC2 VPC security groups to associate with the restored DB cluster.
", "RestoreDBClusterFromSnapshotMessage$VpcSecurityGroupIds": "A list of VPC security groups that the new DB cluster will belong to.
", diff --git a/models/apis/route53resolver/2018-04-01/api-2.json b/models/apis/route53resolver/2018-04-01/api-2.json index d12aefa5cf4..744460f4d53 100644 --- a/models/apis/route53resolver/2018-04-01/api-2.json +++ b/models/apis/route53resolver/2018-04-01/api-2.json @@ -432,6 +432,22 @@ {"shape":"ThrottlingException"} ] }, + "GetResolverConfig":{ + "name":"GetResolverConfig", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetResolverConfigRequest"}, + "output":{"shape":"GetResolverConfigResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ] + }, "GetResolverDnssecConfig":{ "name":"GetResolverDnssecConfig", "http":{ @@ -668,6 +684,23 @@ {"shape":"ThrottlingException"} ] }, + "ListResolverConfigs":{ + "name":"ListResolverConfigs", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListResolverConfigsRequest"}, + "output":{"shape":"ListResolverConfigsResponse"}, + "errors":[ + {"shape":"InvalidNextTokenException"}, + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ] + }, "ListResolverDnssecConfigs":{ "name":"ListResolverDnssecConfigs", "http":{ @@ -950,6 +983,25 @@ {"shape":"ThrottlingException"} ] }, + "UpdateResolverConfig":{ + "name":"UpdateResolverConfig", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateResolverConfigRequest"}, + "output":{"shape":"UpdateResolverConfigResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceUnavailableException"}, + {"shape":"LimitExceededException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ] + }, "UpdateResolverDnssecConfig":{ "name":"UpdateResolverDnssecConfig", "http":{ @@ -1114,6 +1166,13 @@ "ResolverRuleAssociation":{"shape":"ResolverRuleAssociation"} } }, + "AutodefinedReverseFlag":{ + "type":"string", + "enum":[ + "ENABLE", + "DISABLE" + ] + }, "BlockOverrideDnsType":{ "type":"string", "enum":["CNAME"] @@ -1676,7 +1735,7 @@ }, "FirewallRuleGroupPolicy":{ "type":"string", - "max":5000 + "max":30000 }, "FirewallRuleGroupStatus":{ "type":"string", @@ -1755,6 +1814,19 @@ "FirewallRuleGroup":{"shape":"FirewallRuleGroup"} } }, + "GetResolverConfigRequest":{ + "type":"structure", + "required":["ResourceId"], + "members":{ + "ResourceId":{"shape":"ResourceId"} + } + }, + "GetResolverConfigResponse":{ + "type":"structure", + "members":{ + "ResolverConfig":{"shape":"ResolverConfig"} + } + }, "GetResolverDnssecConfigRequest":{ "type":"structure", "required":["ResourceId"], @@ -2162,6 +2234,31 @@ "FirewallRules":{"shape":"FirewallRules"} } }, + "ListResolverConfigsMaxResult":{ + "type":"integer", + "max":100, + "min":5 + }, + "ListResolverConfigsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"ListResolverConfigsMaxResult", + "box":true + }, + "NextToken":{ + "shape":"NextToken", + "box":true + } + } + }, + "ListResolverConfigsResponse":{ + "type":"structure", + "members":{ + "NextToken":{"shape":"NextToken"}, + "ResolverConfigs":{"shape":"ResolverConfigList"} + } + }, "ListResolverDnssecConfigsRequest":{ "type":"structure", "members":{ @@ -2428,6 +2525,28 @@ "ReturnValue":{"shape":"Boolean"} } }, + "ResolverAutodefinedReverseStatus":{ + "type":"string", + "enum":[ + "ENABLING", + "ENABLED", + "DISABLING", + "DISABLED" + ] + }, + "ResolverConfig":{ + "type":"structure", + "members":{ + "Id":{"shape":"ResourceId"}, + "ResourceId":{"shape":"ResourceId"}, + "OwnerId":{"shape":"AccountId"}, + "AutodefinedReverse":{"shape":"ResolverAutodefinedReverseStatus"} + } + }, + "ResolverConfigList":{ + "type":"list", + "member":{"shape":"ResolverConfig"} + }, "ResolverDNSSECValidationStatus":{ "type":"string", "enum":[ @@ -2552,7 +2671,7 @@ }, "ResolverQueryLogConfigPolicy":{ "type":"string", - "max":5000 + "max":30000 }, "ResolverQueryLogConfigStatus":{ "type":"string", @@ -2924,6 +3043,23 @@ "FirewallRule":{"shape":"FirewallRule"} } }, + "UpdateResolverConfigRequest":{ + "type":"structure", + "required":[ + "ResourceId", + "AutodefinedReverseFlag" + ], + "members":{ + "ResourceId":{"shape":"ResourceId"}, + "AutodefinedReverseFlag":{"shape":"AutodefinedReverseFlag"} + } + }, + "UpdateResolverConfigResponse":{ + "type":"structure", + "members":{ + "ResolverConfig":{"shape":"ResolverConfig"} + } + }, "UpdateResolverDnssecConfigRequest":{ "type":"structure", "required":[ diff --git a/models/apis/route53resolver/2018-04-01/docs-2.json b/models/apis/route53resolver/2018-04-01/docs-2.json index f5b0081fe92..2ab50ba46ae 100644 --- a/models/apis/route53resolver/2018-04-01/docs-2.json +++ b/models/apis/route53resolver/2018-04-01/docs-2.json @@ -27,6 +27,7 @@ "GetFirewallRuleGroup": "Retrieves the specified firewall rule group.
", "GetFirewallRuleGroupAssociation": "Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group. A VPC can have more than one firewall rule group association, and a rule group can be associated with more than one VPC.
", "GetFirewallRuleGroupPolicy": "Returns the Identity and Access Management (Amazon Web Services IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using Resource Access Manager (RAM).
", + "GetResolverConfig": "Retrieves the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.
", "GetResolverDnssecConfig": "Gets DNSSEC validation information for a specified resource.
", "GetResolverEndpoint": "Gets information about a specified Resolver endpoint, such as whether it's an inbound or an outbound Resolver endpoint, and the current status of the endpoint.
", "GetResolverQueryLogConfig": "Gets information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to.
", @@ -42,6 +43,7 @@ "ListFirewallRuleGroupAssociations": "Retrieves the firewall rule group associations that you have defined. Each association enables DNS filtering for a VPC with one rule group.
A single call might return only a partial list of the associations. For information, see MaxResults.
Retrieves the minimal high-level information for the rule groups that you have defined.
A single call might return only a partial list of the rule groups. For information, see MaxResults.
Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC.
A single call might return only a partial list of the rules. For information, see MaxResults.
Retrieves the Resolver configurations that you have defined. Route 53 Resolver uses the configurations to manage DNS resolution behavior for your VPCs.
", "ListResolverDnssecConfigs": "Lists the configurations for DNSSEC validation that are associated with the current Amazon Web Services account.
", "ListResolverEndpointIpAddresses": "Gets the IP addresses for a specified Resolver endpoint.
", "ListResolverEndpoints": "Lists all the Resolver endpoints that were created using the current Amazon Web Services account.
", @@ -59,6 +61,7 @@ "UpdateFirewallDomains": "Updates the firewall domain list from an array of domain specifications.
", "UpdateFirewallRule": "Updates the specified firewall rule.
", "UpdateFirewallRuleGroupAssociation": "Changes the association of a FirewallRuleGroup with a VPC. The association enables DNS filtering for the VPC.
", + "UpdateResolverConfig": "Updates the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.
", "UpdateResolverDnssecConfig": "Updates an existing DNSSEC validation configuration. If there is no existing DNSSEC validation configuration, one is created.
", "UpdateResolverEndpoint": "Updates the name of an inbound or an outbound Resolver endpoint.
", "UpdateResolverRule": "Updates settings for a specified Resolver rule. ResolverRuleId is required, and all other parameters are optional. If you don't specify a parameter, it retains its current value.
The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.
", "FirewallRuleGroup$OwnerId": "The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.
", "FirewallRuleGroupMetadata$OwnerId": "The Amazon Web Services account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.
", + "ResolverConfig$OwnerId": "The owner account ID of the Amazon Virtual Private Cloud VPC.
", "ResolverDnssecConfig$OwnerId": "The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation.
", "ResolverQueryLogConfig$OwnerId": "The Amazon Web Services account ID for the account that created the query logging configuration.
", "ResolverRule$OwnerId": "When a rule is shared with another Amazon Web Services account, the account ID of the account that the rule is shared with.
" @@ -151,6 +155,12 @@ "refs": { } }, + "AutodefinedReverseFlag": { + "base": null, + "refs": { + "UpdateResolverConfigRequest$AutodefinedReverseFlag": "Indicates whether or not the Resolver will create autodefined rules for reverse DNS lookups. This is enabled by default. Disabling this option will also affect EC2-Classic instances using ClassicLink. For more information, see ClassicLink in the Amazon EC2 guide.
It can take some time for the status change to be completed.
The maximum number of Resolver configurations that you want to return in the response to a ListResolverConfigs request. If you don't specify a value for MaxResults, up to 100 Resolver configurations are returned.
If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
", "ListFirewallRulesRequest$NextToken": "For the first call to this list request, omit this value.
When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.
If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
", + "ListResolverConfigsRequest$NextToken": "(Optional) If the current Amazon Web Services account has more than MaxResults Resolver configurations, use NextToken to get the second and subsequent pages of results.
For the first ListResolverConfigs request, omit this value.
For the second and subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request.
If a response includes the last of the Resolver configurations that are associated with the current Amazon Web Services account, NextToken doesn't appear in the response.
If a response doesn't include the last of the configurations, you can get more configurations by submitting another ListResolverConfigs request. Get the value of NextToken that Amazon Route 53 returned in the previous response and include it in NextToken in the next request.
(Optional) If the current Amazon Web Services account has more than MaxResults DNSSEC configurations, use NextToken to get the second and subsequent pages of results.
For the first ListResolverDnssecConfigs request, omit this value.
For the second and subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request.
If a response includes the last of the DNSSEC configurations that are associated with the current Amazon Web Services account, NextToken doesn't appear in the response.
If a response doesn't include the last of the configurations, you can get more configurations by submitting another ListResolverDnssecConfigs request. Get the value of NextToken that Amazon Route 53 returned in the previous response and include it in NextToken in the next request.
For the first ListResolverEndpointIpAddresses request, omit this value.
If the specified Resolver endpoint has more than MaxResults IP addresses, you can submit another ListResolverEndpointIpAddresses request to get the next group of IP addresses. In the next request, specify the value of NextToken from the previous response.
The status of whether or not the Resolver will create autodefined rules for reverse DNS lookups. This is enabled by default. The status can be one of following:
Status of the rules generated by VPCs based on CIDR/Region for reverse DNS resolution. The status can be one of following:
ENABLING: Autodefined rules for reverse DNS lookups are being enabled but are not complete.
ENABLED: Autodefined rules for reverse DNS lookups are enabled.
DISABLING: Autodefined rules for reverse DNS lookups are being disabled but are not complete.
DISABLED: Autodefined rules for reverse DNS lookups are disabled.
A complex type that contains information about a Resolver configuration for a VPC.
", + "refs": { + "GetResolverConfigResponse$ResolverConfig": "Information about the behavior configuration of Route 53 Resolver behavior for the VPC you specified in the GetResolverConfig request.
An array that contains settings for the specified Resolver configuration.
" + } + }, + "ResolverConfigList": { + "base": null, + "refs": { + "ListResolverConfigsResponse$ResolverConfigs": "An array that contains one ResolverConfigs element for each Resolver configuration that is associated with the current Amazon Web Services account.
The ID of the domain list.
", "GetFirewallRuleGroupAssociationRequest$FirewallRuleGroupAssociationId": "The identifier of the FirewallRuleGroupAssociation.
", "GetFirewallRuleGroupRequest$FirewallRuleGroupId": "The unique identifier of the firewall rule group.
", + "GetResolverConfigRequest$ResourceId": "Resource ID of the Amazon VPC that you want to get information about.
", "GetResolverDnssecConfigRequest$ResourceId": "The ID of the virtual private cloud (VPC) for the DNSSEC validation status.
", "GetResolverEndpointRequest$ResolverEndpointId": "The ID of the Resolver endpoint that you want to get information about.
", "GetResolverQueryLogConfigAssociationRequest$ResolverQueryLogConfigAssociationId": "The ID of the Resolver query logging configuration association that you want to get information about.
", @@ -1354,6 +1413,8 @@ "ListFirewallRuleGroupAssociationsRequest$VpcId": "The unique identifier of the VPC that you want to retrieve the associations for. Leave this blank to retrieve associations for any VPC.
", "ListFirewallRulesRequest$FirewallRuleGroupId": "The unique identifier of the firewall rule group that you want to retrieve the rules for.
", "ListResolverEndpointIpAddressesRequest$ResolverEndpointId": "The ID of the Resolver endpoint that you want to get IP addresses for.
", + "ResolverConfig$Id": "ID for the Resolver configuration.
", + "ResolverConfig$ResourceId": "The ID of the Amazon Virtual Private Cloud VPC that you're configuring Resolver for.
", "ResolverDnssecConfig$Id": "The ID for a configuration for DNSSEC validation.
", "ResolverDnssecConfig$ResourceId": "The ID of the virtual private cloud (VPC) that you're configuring the DNSSEC validation status for.
", "ResolverEndpoint$Id": "The ID of the Resolver endpoint.
", @@ -1375,6 +1436,7 @@ "UpdateFirewallRuleGroupAssociationRequest$FirewallRuleGroupAssociationId": "The identifier of the FirewallRuleGroupAssociation.
", "UpdateFirewallRuleRequest$FirewallRuleGroupId": "The unique identifier of the firewall rule group for the rule.
", "UpdateFirewallRuleRequest$FirewallDomainListId": "The ID of the domain list to use in the rule.
", + "UpdateResolverConfigRequest$ResourceId": "Resource ID of the Amazon VPC that you want to update the Resolver configuration for.
", "UpdateResolverDnssecConfigRequest$ResourceId": "The ID of the virtual private cloud (VPC) that you're updating the DNSSEC validation status for.
", "UpdateResolverEndpointRequest$ResolverEndpointId": "The ID of the Resolver endpoint that you want to update.
", "UpdateResolverRuleRequest$ResolverRuleId": "The ID of the Resolver rule that you want to update.
" @@ -1630,6 +1692,16 @@ "refs": { } }, + "UpdateResolverConfigRequest": { + "base": null, + "refs": { + } + }, + "UpdateResolverConfigResponse": { + "base": null, + "refs": { + } + }, "UpdateResolverDnssecConfigRequest": { "base": null, "refs": { diff --git a/models/apis/route53resolver/2018-04-01/paginators-1.json b/models/apis/route53resolver/2018-04-01/paginators-1.json index f0abb1375f3..a295a8fbb98 100644 --- a/models/apis/route53resolver/2018-04-01/paginators-1.json +++ b/models/apis/route53resolver/2018-04-01/paginators-1.json @@ -36,6 +36,12 @@ "limit_key": "MaxResults", "result_key": "FirewallRules" }, + "ListResolverConfigs": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ResolverConfigs" + }, "ListResolverDnssecConfigs": { "input_token": "NextToken", "output_token": "NextToken", diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 3886c8a9420..396f2c99abe 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -4119,6 +4119,19 @@ "us-west-2" : { } } }, + "iotsitewise" : { + "endpoints" : { + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-south-1" : { }, + "ap-southeast-1" : { }, + "ap-southeast-2" : { }, + "eu-central-1" : { }, + "eu-west-1" : { }, + "us-east-1" : { }, + "us-west-2" : { } + } + }, "iotthingsgraph" : { "defaults" : { "credentialScope" : { @@ -4892,6 +4905,27 @@ "us-west-2" : { } } }, + "mgn" : { + "endpoints" : { + "ap-east-1" : { }, + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, + "ap-south-1" : { }, + "ap-southeast-1" : { }, + "ap-southeast-2" : { }, + "ca-central-1" : { }, + "eu-central-1" : { }, + "eu-north-1" : { }, + "eu-west-1" : { }, + "eu-west-2" : { }, + "sa-east-1" : { }, + "us-east-1" : { }, + "us-east-2" : { }, + "us-west-1" : { }, + "us-west-2" : { } + } + }, "mobileanalytics" : { "endpoints" : { "us-east-1" : { } @@ -8597,6 +8631,11 @@ "cn-northwest-1" : { } } }, + "iotsitewise" : { + "endpoints" : { + "cn-north-1" : { } + } + }, "kafka" : { "endpoints" : { "cn-north-1" : { }, @@ -10066,6 +10105,11 @@ "us-gov-west-1" : { } } }, + "iotsitewise" : { + "endpoints" : { + "us-gov-west-1" : { } + } + }, "kafka" : { "endpoints" : { "us-gov-east-1" : { }, @@ -11155,6 +11199,11 @@ "us-iso-west-1" : { } } }, + "ebs" : { + "endpoints" : { + "us-iso-east-1" : { } + } + }, "ec2" : { "endpoints" : { "us-iso-east-1" : { }, @@ -11538,6 +11587,11 @@ "us-isob-east-1" : { } } }, + "ebs" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "ec2" : { "defaults" : { "protocols" : [ "http", "https" ] diff --git a/service/auditmanager/api.go b/service/auditmanager/api.go index a73b64cfd53..f9e88aed8ea 100644 --- a/service/auditmanager/api.go +++ b/service/auditmanager/api.go @@ -58,8 +58,8 @@ func (c *AuditManager) AssociateAssessmentReportEvidenceFolderRequest(input *Ass // AssociateAssessmentReportEvidenceFolder API operation for AWS Audit Manager. // -// Associates an evidence folder to the specified assessment report in Audit -// Manager. +// Associates an evidence folder to an assessment report in a Audit Manager +// assessment. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -73,7 +73,7 @@ func (c *AuditManager) AssociateAssessmentReportEvidenceFolderRequest(input *Ass // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -81,7 +81,7 @@ func (c *AuditManager) AssociateAssessmentReportEvidenceFolderRequest(input *Ass // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/AssociateAssessmentReportEvidenceFolder func (c *AuditManager) AssociateAssessmentReportEvidenceFolder(input *AssociateAssessmentReportEvidenceFolderInput) (*AssociateAssessmentReportEvidenceFolderOutput, error) { @@ -164,7 +164,7 @@ func (c *AuditManager) BatchAssociateAssessmentReportEvidenceRequest(input *Batc // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -172,7 +172,7 @@ func (c *AuditManager) BatchAssociateAssessmentReportEvidenceRequest(input *Batc // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/BatchAssociateAssessmentReportEvidence func (c *AuditManager) BatchAssociateAssessmentReportEvidence(input *BatchAssociateAssessmentReportEvidenceInput) (*BatchAssociateAssessmentReportEvidenceOutput, error) { @@ -240,7 +240,7 @@ func (c *AuditManager) BatchCreateDelegationByAssessmentRequest(input *BatchCrea // BatchCreateDelegationByAssessment API operation for AWS Audit Manager. // -// Create a batch of delegations for a specified assessment in Audit Manager. +// Creates a batch of delegations for an assessment in Audit Manager. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -251,10 +251,10 @@ func (c *AuditManager) BatchCreateDelegationByAssessmentRequest(input *BatchCrea // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -330,7 +330,7 @@ func (c *AuditManager) BatchDeleteDelegationByAssessmentRequest(input *BatchDele // BatchDeleteDelegationByAssessment API operation for AWS Audit Manager. // -// Deletes the delegations in the specified Audit Manager assessment. +// Deletes a batch of delegations for an assessment in Audit Manager. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -341,10 +341,10 @@ func (c *AuditManager) BatchDeleteDelegationByAssessmentRequest(input *BatchDele // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -420,8 +420,7 @@ func (c *AuditManager) BatchDisassociateAssessmentReportEvidenceRequest(input *B // BatchDisassociateAssessmentReportEvidence API operation for AWS Audit Manager. // -// Disassociates a list of evidence from the specified assessment report in -// Audit Manager. +// Disassociates a list of evidence from an assessment report in Audit Manager. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -435,7 +434,7 @@ func (c *AuditManager) BatchDisassociateAssessmentReportEvidenceRequest(input *B // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -443,7 +442,7 @@ func (c *AuditManager) BatchDisassociateAssessmentReportEvidenceRequest(input *B // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/BatchDisassociateAssessmentReportEvidence func (c *AuditManager) BatchDisassociateAssessmentReportEvidence(input *BatchDisassociateAssessmentReportEvidenceInput) (*BatchDisassociateAssessmentReportEvidenceOutput, error) { @@ -511,8 +510,7 @@ func (c *AuditManager) BatchImportEvidenceToAssessmentControlRequest(input *Batc // BatchImportEvidenceToAssessmentControl API operation for AWS Audit Manager. // -// Uploads one or more pieces of evidence to the specified control in the assessment -// in Audit Manager. +// Uploads one or more pieces of evidence to a control in an Audit Manager assessment. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -523,10 +521,10 @@ func (c *AuditManager) BatchImportEvidenceToAssessmentControlRequest(input *Batc // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -613,13 +611,13 @@ func (c *AuditManager) CreateAssessmentRequest(input *CreateAssessmentInput) (re // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -703,13 +701,13 @@ func (c *AuditManager) CreateAssessmentFrameworkRequest(input *CreateAssessmentF // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -796,7 +794,7 @@ func (c *AuditManager) CreateAssessmentReportRequest(input *CreateAssessmentRepo // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -804,7 +802,7 @@ func (c *AuditManager) CreateAssessmentReportRequest(input *CreateAssessmentRepo // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/CreateAssessmentReport func (c *AuditManager) CreateAssessmentReport(input *CreateAssessmentReportInput) (*CreateAssessmentReportOutput, error) { @@ -883,13 +881,13 @@ func (c *AuditManager) CreateControlRequest(input *CreateControlInput) (req *req // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -974,13 +972,13 @@ func (c *AuditManager) DeleteAssessmentRequest(input *DeleteAssessmentInput) (re // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1065,13 +1063,13 @@ func (c *AuditManager) DeleteAssessmentFrameworkRequest(input *DeleteAssessmentF // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1100,6 +1098,97 @@ func (c *AuditManager) DeleteAssessmentFrameworkWithContext(ctx aws.Context, inp return out, req.Send() } +const opDeleteAssessmentFrameworkShare = "DeleteAssessmentFrameworkShare" + +// DeleteAssessmentFrameworkShareRequest generates a "aws/request.Request" representing the +// client's request for the DeleteAssessmentFrameworkShare operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteAssessmentFrameworkShare for more information on using the DeleteAssessmentFrameworkShare +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteAssessmentFrameworkShareRequest method. +// req, resp := client.DeleteAssessmentFrameworkShareRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/DeleteAssessmentFrameworkShare +func (c *AuditManager) DeleteAssessmentFrameworkShareRequest(input *DeleteAssessmentFrameworkShareInput) (req *request.Request, output *DeleteAssessmentFrameworkShareOutput) { + op := &request.Operation{ + Name: opDeleteAssessmentFrameworkShare, + HTTPMethod: "DELETE", + HTTPPath: "/assessmentFrameworkShareRequests/{requestId}", + } + + if input == nil { + input = &DeleteAssessmentFrameworkShareInput{} + } + + output = &DeleteAssessmentFrameworkShareOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteAssessmentFrameworkShare API operation for AWS Audit Manager. +// +// Deletes a share request for a custom framework in Audit Manager. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Audit Manager's +// API operation DeleteAssessmentFrameworkShare for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource that's specified in the request can't be found. +// +// * ValidationException +// The request has invalid or missing parameters. +// +// * AccessDeniedException +// Your account isn't registered with Audit Manager. Check the delegated administrator +// setup on the Audit Manager settings page, and try again. +// +// * InternalServerException +// An internal service error occurred during the processing of your request. +// Try again later. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/DeleteAssessmentFrameworkShare +func (c *AuditManager) DeleteAssessmentFrameworkShare(input *DeleteAssessmentFrameworkShareInput) (*DeleteAssessmentFrameworkShareOutput, error) { + req, out := c.DeleteAssessmentFrameworkShareRequest(input) + return out, req.Send() +} + +// DeleteAssessmentFrameworkShareWithContext is the same as DeleteAssessmentFrameworkShare with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteAssessmentFrameworkShare for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AuditManager) DeleteAssessmentFrameworkShareWithContext(ctx aws.Context, input *DeleteAssessmentFrameworkShareInput, opts ...request.Option) (*DeleteAssessmentFrameworkShareOutput, error) { + req, out := c.DeleteAssessmentFrameworkShareRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteAssessmentReport = "DeleteAssessmentReport" // DeleteAssessmentReportRequest generates a "aws/request.Request" representing the @@ -1159,7 +1248,7 @@ func (c *AuditManager) DeleteAssessmentReportRequest(input *DeleteAssessmentRepo // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1167,7 +1256,7 @@ func (c *AuditManager) DeleteAssessmentReportRequest(input *DeleteAssessmentRepo // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/DeleteAssessmentReport func (c *AuditManager) DeleteAssessmentReport(input *DeleteAssessmentReportInput) (*DeleteAssessmentReportOutput, error) { @@ -1247,13 +1336,13 @@ func (c *AuditManager) DeleteControlRequest(input *DeleteControlInput) (req *req // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1340,7 +1429,7 @@ func (c *AuditManager) DeregisterAccountRequest(input *DeregisterAccountInput) ( // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1348,7 +1437,7 @@ func (c *AuditManager) DeregisterAccountRequest(input *DeregisterAccountInput) ( // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/DeregisterAccount func (c *AuditManager) DeregisterAccount(input *DeregisterAccountInput) (*DeregisterAccountOutput, error) { @@ -1421,10 +1510,10 @@ func (c *AuditManager) DeregisterOrganizationAdminAccountRequest(input *Deregist // for Audit Manager. // // When you remove a delegated administrator from your Audit Manager settings, -// or when you deregister a delegated administrator from Organizations, you -// continue to have access to the evidence that you previously collected under -// that account. However, Audit Manager will stop collecting and attaching evidence -// to that delegated administrator account moving forward. +// you continue to have access to the evidence that you previously collected +// under that account. This is also the case when you deregister a delegated +// administrator from Audit Manager. However, Audit Manager will stop collecting +// and attaching evidence to that delegated administrator account moving forward. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1438,7 +1527,7 @@ func (c *AuditManager) DeregisterOrganizationAdminAccountRequest(input *Deregist // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1446,7 +1535,7 @@ func (c *AuditManager) DeregisterOrganizationAdminAccountRequest(input *Deregist // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/DeregisterOrganizationAdminAccount func (c *AuditManager) DeregisterOrganizationAdminAccount(input *DeregisterOrganizationAdminAccountInput) (*DeregisterOrganizationAdminAccountOutput, error) { @@ -1530,7 +1619,7 @@ func (c *AuditManager) DisassociateAssessmentReportEvidenceFolderRequest(input * // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1538,7 +1627,7 @@ func (c *AuditManager) DisassociateAssessmentReportEvidenceFolderRequest(input * // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/DisassociateAssessmentReportEvidenceFolder func (c *AuditManager) DisassociateAssessmentReportEvidenceFolder(input *DisassociateAssessmentReportEvidenceFolderInput) (*DisassociateAssessmentReportEvidenceFolderOutput, error) { @@ -1697,13 +1786,13 @@ func (c *AuditManager) GetAssessmentRequest(input *GetAssessmentInput) (req *req // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1787,13 +1876,13 @@ func (c *AuditManager) GetAssessmentFrameworkRequest(input *GetAssessmentFramewo // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1866,7 +1955,7 @@ func (c *AuditManager) GetAssessmentReportUrlRequest(input *GetAssessmentReportU // GetAssessmentReportUrl API operation for AWS Audit Manager. // -// Returns the URL of a specified assessment report in Audit Manager. +// Returns the URL of an assessment report in Audit Manager. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1880,7 +1969,7 @@ func (c *AuditManager) GetAssessmentReportUrlRequest(input *GetAssessmentReportU // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -1888,7 +1977,7 @@ func (c *AuditManager) GetAssessmentReportUrlRequest(input *GetAssessmentReportU // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/GetAssessmentReportUrl func (c *AuditManager) GetAssessmentReportUrl(input *GetAssessmentReportUrlInput) (*GetAssessmentReportUrlOutput, error) { @@ -1973,11 +2062,11 @@ func (c *AuditManager) GetChangeLogsRequest(input *GetChangeLogsInput) (req *req // // Returned Error Types: // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. @@ -2115,13 +2204,13 @@ func (c *AuditManager) GetControlRequest(input *GetControlInput) (req *request.R // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -2214,7 +2303,7 @@ func (c *AuditManager) GetDelegationsRequest(input *GetDelegationsInput) (req *r // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -2350,13 +2439,13 @@ func (c *AuditManager) GetEvidenceRequest(input *GetEvidenceInput) (req *request // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -2446,13 +2535,13 @@ func (c *AuditManager) GetEvidenceByEvidenceFolderRequest(input *GetEvidenceByEv // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -2588,13 +2677,13 @@ func (c *AuditManager) GetEvidenceFolderRequest(input *GetEvidenceFolderInput) ( // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -2684,10 +2773,10 @@ func (c *AuditManager) GetEvidenceFoldersByAssessmentRequest(input *GetEvidenceF // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -2821,8 +2910,8 @@ func (c *AuditManager) GetEvidenceFoldersByAssessmentControlRequest(input *GetEv // GetEvidenceFoldersByAssessmentControl API operation for AWS Audit Manager. // -// Returns a list of evidence folders associated with a specified control of -// an assessment in Audit Manager. +// Returns a list of evidence folders that are associated with a specified control +// of an assessment in Audit Manager. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2833,13 +2922,13 @@ func (c *AuditManager) GetEvidenceFoldersByAssessmentControlRequest(input *GetEv // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -2979,7 +3068,7 @@ func (c *AuditManager) GetOrganizationAdminAccountRequest(input *GetOrganization // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -2987,7 +3076,7 @@ func (c *AuditManager) GetOrganizationAdminAccountRequest(input *GetOrganization // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/GetOrganizationAdminAccount func (c *AuditManager) GetOrganizationAdminAccount(input *GetOrganizationAdminAccountInput) (*GetOrganizationAdminAccountOutput, error) { @@ -3067,7 +3156,7 @@ func (c *AuditManager) GetServicesInScopeRequest(input *GetServicesInScopeInput) // // Returned Error Types: // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -3154,7 +3243,7 @@ func (c *AuditManager) GetSettingsRequest(input *GetSettingsInput) (req *request // // Returned Error Types: // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -3183,6 +3272,152 @@ func (c *AuditManager) GetSettingsWithContext(ctx aws.Context, input *GetSetting return out, req.Send() } +const opListAssessmentFrameworkShareRequests = "ListAssessmentFrameworkShareRequests" + +// ListAssessmentFrameworkShareRequestsRequest generates a "aws/request.Request" representing the +// client's request for the ListAssessmentFrameworkShareRequests operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAssessmentFrameworkShareRequests for more information on using the ListAssessmentFrameworkShareRequests +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListAssessmentFrameworkShareRequestsRequest method. +// req, resp := client.ListAssessmentFrameworkShareRequestsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/ListAssessmentFrameworkShareRequests +func (c *AuditManager) ListAssessmentFrameworkShareRequestsRequest(input *ListAssessmentFrameworkShareRequestsInput) (req *request.Request, output *ListAssessmentFrameworkShareRequestsOutput) { + op := &request.Operation{ + Name: opListAssessmentFrameworkShareRequests, + HTTPMethod: "GET", + HTTPPath: "/assessmentFrameworkShareRequests", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAssessmentFrameworkShareRequestsInput{} + } + + output = &ListAssessmentFrameworkShareRequestsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListAssessmentFrameworkShareRequests API operation for AWS Audit Manager. +// +// Returns a list of sent or received share requests for custom frameworks in +// Audit Manager. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Audit Manager's +// API operation ListAssessmentFrameworkShareRequests for usage and error information. +// +// Returned Error Types: +// * AccessDeniedException +// Your account isn't registered with Audit Manager. Check the delegated administrator +// setup on the Audit Manager settings page, and try again. +// +// * ValidationException +// The request has invalid or missing parameters. +// +// * InternalServerException +// An internal service error occurred during the processing of your request. +// Try again later. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/ListAssessmentFrameworkShareRequests +func (c *AuditManager) ListAssessmentFrameworkShareRequests(input *ListAssessmentFrameworkShareRequestsInput) (*ListAssessmentFrameworkShareRequestsOutput, error) { + req, out := c.ListAssessmentFrameworkShareRequestsRequest(input) + return out, req.Send() +} + +// ListAssessmentFrameworkShareRequestsWithContext is the same as ListAssessmentFrameworkShareRequests with the addition of +// the ability to pass a context and additional request options. +// +// See ListAssessmentFrameworkShareRequests for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AuditManager) ListAssessmentFrameworkShareRequestsWithContext(ctx aws.Context, input *ListAssessmentFrameworkShareRequestsInput, opts ...request.Option) (*ListAssessmentFrameworkShareRequestsOutput, error) { + req, out := c.ListAssessmentFrameworkShareRequestsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAssessmentFrameworkShareRequestsPages iterates over the pages of a ListAssessmentFrameworkShareRequests operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAssessmentFrameworkShareRequests method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAssessmentFrameworkShareRequests operation. +// pageNum := 0 +// err := client.ListAssessmentFrameworkShareRequestsPages(params, +// func(page *auditmanager.ListAssessmentFrameworkShareRequestsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *AuditManager) ListAssessmentFrameworkShareRequestsPages(input *ListAssessmentFrameworkShareRequestsInput, fn func(*ListAssessmentFrameworkShareRequestsOutput, bool) bool) error { + return c.ListAssessmentFrameworkShareRequestsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAssessmentFrameworkShareRequestsPagesWithContext same as ListAssessmentFrameworkShareRequestsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AuditManager) ListAssessmentFrameworkShareRequestsPagesWithContext(ctx aws.Context, input *ListAssessmentFrameworkShareRequestsInput, fn func(*ListAssessmentFrameworkShareRequestsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAssessmentFrameworkShareRequestsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAssessmentFrameworkShareRequestsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListAssessmentFrameworkShareRequestsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListAssessmentFrameworks = "ListAssessmentFrameworks" // ListAssessmentFrameworksRequest generates a "aws/request.Request" representing the @@ -3233,8 +3468,8 @@ func (c *AuditManager) ListAssessmentFrameworksRequest(input *ListAssessmentFram // ListAssessmentFrameworks API operation for AWS Audit Manager. // -// Returns a list of the frameworks available in the Audit Manager framework -// library. +// Returns a list of the frameworks that are available in the Audit Manager +// framework library. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3248,7 +3483,7 @@ func (c *AuditManager) ListAssessmentFrameworksRequest(input *ListAssessmentFram // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -3393,7 +3628,7 @@ func (c *AuditManager) ListAssessmentReportsRequest(input *ListAssessmentReports // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -3535,7 +3770,7 @@ func (c *AuditManager) ListAssessmentsRequest(input *ListAssessmentsInput) (req // // Returned Error Types: // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -3680,7 +3915,7 @@ func (c *AuditManager) ListControlsRequest(input *ListControlsInput) (req *reque // // Returned Error Types: // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -3814,7 +4049,7 @@ func (c *AuditManager) ListKeywordsForDataSourceRequest(input *ListKeywordsForDa // ListKeywordsForDataSource API operation for AWS Audit Manager. // -// Returns a list of keywords that pre-mapped to the specified control data +// Returns a list of keywords that are pre-mapped to the specified control data // source. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3826,7 +4061,7 @@ func (c *AuditManager) ListKeywordsForDataSourceRequest(input *ListKeywordsForDa // // Returned Error Types: // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -3971,7 +4206,7 @@ func (c *AuditManager) ListNotificationsRequest(input *ListNotificationsInput) ( // // Returned Error Types: // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * ValidationException @@ -4117,7 +4352,7 @@ func (c *AuditManager) ListTagsForResourceRequest(input *ListTagsForResourceInpu // The request has invalid or missing parameters. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/ListTagsForResource func (c *AuditManager) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { @@ -4199,7 +4434,7 @@ func (c *AuditManager) RegisterAccountRequest(input *RegisterAccountInput) (req // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -4207,7 +4442,7 @@ func (c *AuditManager) RegisterAccountRequest(input *RegisterAccountInput) (req // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/RegisterAccount func (c *AuditManager) RegisterAccount(input *RegisterAccountInput) (*RegisterAccountOutput, error) { @@ -4290,7 +4525,7 @@ func (c *AuditManager) RegisterOrganizationAdminAccountRequest(input *RegisterOr // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -4298,7 +4533,7 @@ func (c *AuditManager) RegisterOrganizationAdminAccountRequest(input *RegisterOr // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/RegisterOrganizationAdminAccount func (c *AuditManager) RegisterOrganizationAdminAccount(input *RegisterOrganizationAdminAccountInput) (*RegisterOrganizationAdminAccountOutput, error) { @@ -4322,6 +4557,109 @@ func (c *AuditManager) RegisterOrganizationAdminAccountWithContext(ctx aws.Conte return out, req.Send() } +const opStartAssessmentFrameworkShare = "StartAssessmentFrameworkShare" + +// StartAssessmentFrameworkShareRequest generates a "aws/request.Request" representing the +// client's request for the StartAssessmentFrameworkShare operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartAssessmentFrameworkShare for more information on using the StartAssessmentFrameworkShare +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the StartAssessmentFrameworkShareRequest method. +// req, resp := client.StartAssessmentFrameworkShareRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/StartAssessmentFrameworkShare +func (c *AuditManager) StartAssessmentFrameworkShareRequest(input *StartAssessmentFrameworkShareInput) (req *request.Request, output *StartAssessmentFrameworkShareOutput) { + op := &request.Operation{ + Name: opStartAssessmentFrameworkShare, + HTTPMethod: "POST", + HTTPPath: "/assessmentFrameworks/{frameworkId}/shareRequests", + } + + if input == nil { + input = &StartAssessmentFrameworkShareInput{} + } + + output = &StartAssessmentFrameworkShareOutput{} + req = c.newRequest(op, input, output) + return +} + +// StartAssessmentFrameworkShare API operation for AWS Audit Manager. +// +// Creates a share request for a custom framework in Audit Manager. +// +// The share request specifies a recipient and notifies them that a custom framework +// is available. Recipients have 120 days to accept or decline the request. +// If no action is taken, the share request expires. +// +// When you invoke the StartAssessmentFrameworkShare API, you are about to share +// a custom framework with another Amazon Web Services account. You may not +// share a custom framework that is derived from a standard framework if the +// standard framework is designated as not eligible for sharing by Amazon Web +// Services, unless you have obtained permission to do so from the owner of +// the standard framework. To learn more about which standard frameworks are +// eligible for sharing, see Framework sharing eligibility (https://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html#eligibility) +// in the Audit Manager User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Audit Manager's +// API operation StartAssessmentFrameworkShare for usage and error information. +// +// Returned Error Types: +// * ValidationException +// The request has invalid or missing parameters. +// +// * AccessDeniedException +// Your account isn't registered with Audit Manager. Check the delegated administrator +// setup on the Audit Manager settings page, and try again. +// +// * InternalServerException +// An internal service error occurred during the processing of your request. +// Try again later. +// +// * ResourceNotFoundException +// The resource that's specified in the request can't be found. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/StartAssessmentFrameworkShare +func (c *AuditManager) StartAssessmentFrameworkShare(input *StartAssessmentFrameworkShareInput) (*StartAssessmentFrameworkShareOutput, error) { + req, out := c.StartAssessmentFrameworkShareRequest(input) + return out, req.Send() +} + +// StartAssessmentFrameworkShareWithContext is the same as StartAssessmentFrameworkShare with the addition of +// the ability to pass a context and additional request options. +// +// See StartAssessmentFrameworkShare for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AuditManager) StartAssessmentFrameworkShareWithContext(ctx aws.Context, input *StartAssessmentFrameworkShareInput, opts ...request.Option) (*StartAssessmentFrameworkShareOutput, error) { + req, out := c.StartAssessmentFrameworkShareRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opTagResource = "TagResource" // TagResourceRequest generates a "aws/request.Request" representing the @@ -4385,7 +4723,7 @@ func (c *AuditManager) TagResourceRequest(input *TagResourceInput) (req *request // The request has invalid or missing parameters. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/TagResource func (c *AuditManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { @@ -4472,7 +4810,7 @@ func (c *AuditManager) UntagResourceRequest(input *UntagResourceInput) (req *req // The request has invalid or missing parameters. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/UntagResource func (c *AuditManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { @@ -4551,13 +4889,13 @@ func (c *AuditManager) UpdateAssessmentRequest(input *UpdateAssessmentInput) (re // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -4641,13 +4979,13 @@ func (c *AuditManager) UpdateAssessmentControlRequest(input *UpdateAssessmentCon // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -4731,13 +5069,13 @@ func (c *AuditManager) UpdateAssessmentControlSetStatusRequest(input *UpdateAsse // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -4821,13 +5159,13 @@ func (c *AuditManager) UpdateAssessmentFrameworkRequest(input *UpdateAssessmentF // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -4856,32 +5194,122 @@ func (c *AuditManager) UpdateAssessmentFrameworkWithContext(ctx aws.Context, inp return out, req.Send() } -const opUpdateAssessmentStatus = "UpdateAssessmentStatus" +const opUpdateAssessmentFrameworkShare = "UpdateAssessmentFrameworkShare" -// UpdateAssessmentStatusRequest generates a "aws/request.Request" representing the -// client's request for the UpdateAssessmentStatus operation. The "output" return +// UpdateAssessmentFrameworkShareRequest generates a "aws/request.Request" representing the +// client's request for the UpdateAssessmentFrameworkShare operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See UpdateAssessmentStatus for more information on using the UpdateAssessmentStatus +// See UpdateAssessmentFrameworkShare for more information on using the UpdateAssessmentFrameworkShare // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the UpdateAssessmentStatusRequest method. -// req, resp := client.UpdateAssessmentStatusRequest(params) +// // Example sending a request using the UpdateAssessmentFrameworkShareRequest method. +// req, resp := client.UpdateAssessmentFrameworkShareRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/UpdateAssessmentStatus +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/UpdateAssessmentFrameworkShare +func (c *AuditManager) UpdateAssessmentFrameworkShareRequest(input *UpdateAssessmentFrameworkShareInput) (req *request.Request, output *UpdateAssessmentFrameworkShareOutput) { + op := &request.Operation{ + Name: opUpdateAssessmentFrameworkShare, + HTTPMethod: "PUT", + HTTPPath: "/assessmentFrameworkShareRequests/{requestId}", + } + + if input == nil { + input = &UpdateAssessmentFrameworkShareInput{} + } + + output = &UpdateAssessmentFrameworkShareOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateAssessmentFrameworkShare API operation for AWS Audit Manager. +// +// Updates a share request for a custom framework in Audit Manager. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Audit Manager's +// API operation UpdateAssessmentFrameworkShare for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource that's specified in the request can't be found. +// +// * ValidationException +// The request has invalid or missing parameters. +// +// * AccessDeniedException +// Your account isn't registered with Audit Manager. Check the delegated administrator +// setup on the Audit Manager settings page, and try again. +// +// * InternalServerException +// An internal service error occurred during the processing of your request. +// Try again later. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/UpdateAssessmentFrameworkShare +func (c *AuditManager) UpdateAssessmentFrameworkShare(input *UpdateAssessmentFrameworkShareInput) (*UpdateAssessmentFrameworkShareOutput, error) { + req, out := c.UpdateAssessmentFrameworkShareRequest(input) + return out, req.Send() +} + +// UpdateAssessmentFrameworkShareWithContext is the same as UpdateAssessmentFrameworkShare with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateAssessmentFrameworkShare for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AuditManager) UpdateAssessmentFrameworkShareWithContext(ctx aws.Context, input *UpdateAssessmentFrameworkShareInput, opts ...request.Option) (*UpdateAssessmentFrameworkShareOutput, error) { + req, out := c.UpdateAssessmentFrameworkShareRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateAssessmentStatus = "UpdateAssessmentStatus" + +// UpdateAssessmentStatusRequest generates a "aws/request.Request" representing the +// client's request for the UpdateAssessmentStatus operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateAssessmentStatus for more information on using the UpdateAssessmentStatus +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UpdateAssessmentStatusRequest method. +// req, resp := client.UpdateAssessmentStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/UpdateAssessmentStatus func (c *AuditManager) UpdateAssessmentStatusRequest(input *UpdateAssessmentStatusInput) (req *request.Request, output *UpdateAssessmentStatusOutput) { op := &request.Operation{ Name: opUpdateAssessmentStatus, @@ -4911,13 +5339,13 @@ func (c *AuditManager) UpdateAssessmentStatusRequest(input *UpdateAssessmentStat // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -5001,13 +5429,13 @@ func (c *AuditManager) UpdateControlRequest(input *UpdateControlInput) (req *req // // Returned Error Types: // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // * ValidationException // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -5094,7 +5522,7 @@ func (c *AuditManager) UpdateSettingsRequest(input *UpdateSettingsInput) (req *r // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -5181,7 +5609,7 @@ func (c *AuditManager) ValidateAssessmentReportIntegrityRequest(input *ValidateA // The request has invalid or missing parameters. // // * AccessDeniedException -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. // // * InternalServerException @@ -5189,7 +5617,7 @@ func (c *AuditManager) ValidateAssessmentReportIntegrityRequest(input *ValidateA // Try again later. // // * ResourceNotFoundException -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/ValidateAssessmentReportIntegrity func (c *AuditManager) ValidateAssessmentReportIntegrity(input *ValidateAssessmentReportIntegrityInput) (*ValidateAssessmentReportIntegrityOutput, error) { @@ -5213,18 +5641,18 @@ func (c *AuditManager) ValidateAssessmentReportIntegrityWithContext(ctx aws.Cont return out, req.Send() } -// The wrapper of Amazon Web Services account details, such as account ID, email -// address, and so on. +// The wrapper of Amazon Web Services account details, such as account ID or +// email address. type AWSAccount struct { _ struct{} `type:"structure"` - // The email address associated with the specified Amazon Web Services account. + // The email address that's associated with the Amazon Web Services account. EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"` - // The identifier for the specified Amazon Web Services account. + // The identifier for the Amazon Web Services account. Id *string `locationName:"id" min:"12" type:"string"` - // The name of the specified Amazon Web Services account. + // The name of the Amazon Web Services account. Name *string `locationName:"name" min:"1" type:"string"` } @@ -5283,7 +5711,7 @@ func (s *AWSAccount) SetName(v string) *AWSAccount { return s } -// An Amazon Web Service such as Amazon S3, CloudTrail, and so on. +// An Amazon Web Service such as Amazon S3 or CloudTrail. type AWSService struct { _ struct{} `type:"structure"` @@ -5328,7 +5756,7 @@ func (s *AWSService) SetServiceName(v string) *AWSService { return s } -// Your account is not registered with Audit Manager. Check the delegated administrator +// Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. type AccessDeniedException struct { _ struct{} `type:"structure"` @@ -5401,16 +5829,16 @@ type Assessment struct { // The Amazon Resource Name (ARN) of the assessment. Arn *string `locationName:"arn" min:"20" type:"string"` - // The Amazon Web Services account associated with the assessment. + // The Amazon Web Services account that's associated with the assessment. AwsAccount *AWSAccount `locationName:"awsAccount" type:"structure"` - // The framework from which the assessment was created. + // The framework that the assessment was created from. Framework *AssessmentFramework `locationName:"framework" type:"structure"` - // The metadata for the specified assessment. + // The metadata for the assessment. Metadata *AssessmentMetadata `locationName:"metadata" type:"structure"` - // The tags associated with the assessment. + // The tags that are associated with the assessment. Tags map[string]*string `locationName:"tags" type:"map"` } @@ -5462,36 +5890,36 @@ func (s *Assessment) SetTags(v map[string]*string) *Assessment { return s } -// The control entity that represents a standard or custom control used in an -// Audit Manager assessment. +// The control entity that represents a standard control or a custom control +// in an Audit Manager assessment. type AssessmentControl struct { _ struct{} `type:"structure"` // The amount of evidence in the assessment report. AssessmentReportEvidenceCount *int64 `locationName:"assessmentReportEvidenceCount" type:"integer"` - // The list of comments attached to the specified control. + // The list of comments that's attached to the control. Comments []*ControlComment `locationName:"comments" type:"list"` - // The description of the specified control. + // The description of the control. Description *string `locationName:"description" type:"string"` - // The amount of evidence generated for the control. + // The amount of evidence that's generated for the control. EvidenceCount *int64 `locationName:"evidenceCount" type:"integer"` - // The list of data sources for the specified evidence. + // The list of data sources for the evidence. EvidenceSources []*string `locationName:"evidenceSources" type:"list"` - // The identifier for the specified control. + // The identifier for the control. Id *string `locationName:"id" min:"36" type:"string"` - // The name of the specified control. + // The name of the control. Name *string `locationName:"name" min:"1" type:"string"` - // The response of the specified control. + // The response of the control. Response *string `locationName:"response" type:"string" enum:"ControlResponse"` - // The status of the specified control. + // The status of the control. Status *string `locationName:"status" type:"string" enum:"ControlStatus"` } @@ -5571,10 +5999,10 @@ func (s *AssessmentControl) SetStatus(v string) *AssessmentControl { type AssessmentControlSet struct { _ struct{} `type:"structure"` - // The list of controls contained with the control set. + // The list of controls that's contained with the control set. Controls []*AssessmentControl `locationName:"controls" type:"list"` - // The delegations associated with the control set. + // The delegations that are associated with the control set. Delegations []*Delegation `locationName:"delegations" type:"list"` // The description for the control set. @@ -5584,17 +6012,18 @@ type AssessmentControlSet struct { // set name in a plain string format. Id *string `locationName:"id" min:"1" type:"string"` - // The total number of evidence objects uploaded manually to the control set. + // The total number of evidence objects that are uploaded manually to the control + // set. ManualEvidenceCount *int64 `locationName:"manualEvidenceCount" type:"integer"` - // The roles associated with the control set. + // The roles that are associated with the control set. Roles []*Role `locationName:"roles" type:"list"` // Specifies the current status of the control set. Status *string `locationName:"status" type:"string" enum:"ControlSetStatus"` - // The total number of evidence objects retrieved automatically for the control - // set. + // The total number of evidence objects that are retrieved automatically for + // the control set. SystemEvidenceCount *int64 `locationName:"systemEvidenceCount" type:"integer"` } @@ -5664,20 +6093,20 @@ func (s *AssessmentControlSet) SetSystemEvidenceCount(v int64) *AssessmentContro return s } -// The folder in which Audit Manager stores evidence for an assessment. +// The folder where Audit Manager stores evidence for an assessment. type AssessmentEvidenceFolder struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. AssessmentId *string `locationName:"assessmentId" min:"36" type:"string"` - // The total count of evidence included in the assessment report. + // The total count of evidence that's included in the assessment report. AssessmentReportSelectionCount *int64 `locationName:"assessmentReportSelectionCount" type:"integer"` // The name of the user who created the evidence folder. Author *string `locationName:"author" type:"string"` - // The unique identifier for the specified control. + // The unique identifier for the control. ControlId *string `locationName:"controlId" min:"36" type:"string"` // The name of the control. @@ -5686,14 +6115,14 @@ type AssessmentEvidenceFolder struct { // The identifier for the control set. ControlSetId *string `locationName:"controlSetId" min:"1" type:"string"` - // The Amazon Web Service from which the evidence was collected. + // The Amazon Web Service that the evidence was collected from. DataSource *string `locationName:"dataSource" type:"string"` // The date when the first evidence was added to the evidence folder. Date *time.Time `locationName:"date" type:"timestamp"` - // The total number of Amazon Web Services resources assessed to generate the - // evidence. + // The total number of Amazon Web Services resources that were assessed to generate + // the evidence. EvidenceAwsServiceSourceCount *int64 `locationName:"evidenceAwsServiceSourceCount" type:"integer"` // The number of evidence that falls under the compliance check category. This @@ -5717,13 +6146,13 @@ type AssessmentEvidenceFolder struct { // evidence is collected from CloudTrail logs. EvidenceByTypeUserActivityCount *int64 `locationName:"evidenceByTypeUserActivityCount" type:"integer"` - // The amount of evidence included in the evidence folder. + // The amount of evidence that's included in the evidence folder. EvidenceResourcesIncludedCount *int64 `locationName:"evidenceResourcesIncludedCount" type:"integer"` - // The identifier for the folder in which evidence is stored. + // The identifier for the folder that the evidence is stored in. Id *string `locationName:"id" min:"36" type:"string"` - // The name of the specified evidence folder. + // The name of the evidence folder. Name *string `locationName:"name" min:"1" type:"string"` // The total amount of evidence in the evidence folder. @@ -5861,16 +6290,16 @@ func (s *AssessmentEvidenceFolder) SetTotalEvidence(v int64) *AssessmentEvidence type AssessmentFramework struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the specified framework. + // The Amazon Resource Name (ARN) of the framework. Arn *string `locationName:"arn" min:"20" type:"string"` - // The control sets associated with the framework. + // The control sets that are associated with the framework. ControlSets []*AssessmentControlSet `locationName:"controlSets" type:"list"` // The unique identifier for the framework. Id *string `locationName:"id" min:"36" type:"string"` - // The metadata of a framework, such as the name, ID, description, and so on. + // The metadata of a framework, such as the name, ID, or description. Metadata *FrameworkMetadata `locationName:"metadata" type:"structure"` } @@ -5916,7 +6345,7 @@ func (s *AssessmentFramework) SetMetadata(v *FrameworkMetadata) *AssessmentFrame return s } -// The metadata associated with a standard or custom framework. +// The metadata that's associated with a standard framework or a custom framework. type AssessmentFrameworkMetadata struct { _ struct{} `type:"structure"` @@ -5927,31 +6356,31 @@ type AssessmentFrameworkMetadata struct { // HIPAA. ComplianceType *string `locationName:"complianceType" type:"string"` - // The number of control sets associated with the specified framework. + // The number of control sets that are associated with the framework. ControlSetsCount *int64 `locationName:"controlSetsCount" type:"integer"` - // The number of controls associated with the specified framework. + // The number of controls that are associated with the framework. ControlsCount *int64 `locationName:"controlsCount" type:"integer"` // Specifies when the framework was created. CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"` - // The description of the specified framework. + // The description of the framework. Description *string `locationName:"description" min:"1" type:"string"` - // The unique identified for the specified framework. + // The unique identifier for the framework. Id *string `locationName:"id" min:"36" type:"string"` // Specifies when the framework was most recently updated. LastUpdatedAt *time.Time `locationName:"lastUpdatedAt" type:"timestamp"` - // The logo associated with the framework. + // The logo that's associated with the framework. Logo *string `locationName:"logo" min:"1" type:"string"` - // The name of the specified framework. + // The name of the framework. Name *string `locationName:"name" min:"1" type:"string"` - // The framework type, such as standard or custom. + // The framework type, such as a standard framework or a custom framework. Type *string `locationName:"type" type:"string" enum:"FrameworkType"` } @@ -6039,20 +6468,180 @@ func (s *AssessmentFrameworkMetadata) SetType(v string) *AssessmentFrameworkMeta return s } -// The metadata associated with the specified assessment. +// Represents a share request for a custom framework in Audit Manager. +type AssessmentFrameworkShareRequest struct { + _ struct{} `type:"structure"` + + // An optional comment from the sender about the share request. + Comment *string `locationName:"comment" type:"string"` + + // The compliance type that the shared custom framework supports, such as CIS + // or HIPAA. + ComplianceType *string `locationName:"complianceType" type:"string"` + + // The time when the share request was created. + CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` + + // The number of custom controls that are part of the shared custom framework. + CustomControlsCount *int64 `locationName:"customControlsCount" type:"integer"` + + // The Amazon Web Services account of the recipient. + DestinationAccount *string `locationName:"destinationAccount" min:"12" type:"string"` + + // The Amazon Web Services Region of the recipient. + DestinationRegion *string `locationName:"destinationRegion" type:"string"` + + // The time when the share request expires. + ExpirationTime *time.Time `locationName:"expirationTime" type:"timestamp"` + + // The description of the shared custom framework. + FrameworkDescription *string `locationName:"frameworkDescription" min:"1" type:"string"` + + // The unique identifier for the shared custom framework. + FrameworkId *string `locationName:"frameworkId" min:"36" type:"string"` + + // The name of the custom framework that the share request is for. + FrameworkName *string `locationName:"frameworkName" min:"1" type:"string"` + + // The unique identifier for the share request. + Id *string `locationName:"id" min:"36" type:"string"` + + // Specifies when the share request was last updated. + LastUpdated *time.Time `locationName:"lastUpdated" type:"timestamp"` + + // The Amazon Web Services account of the sender. + SourceAccount *string `locationName:"sourceAccount" min:"12" type:"string"` + + // The number of standard controls that are part of the shared custom framework. + StandardControlsCount *int64 `locationName:"standardControlsCount" type:"integer"` + + // The status of the share request. + Status *string `locationName:"status" type:"string" enum:"ShareRequestStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssessmentFrameworkShareRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssessmentFrameworkShareRequest) GoString() string { + return s.String() +} + +// SetComment sets the Comment field's value. +func (s *AssessmentFrameworkShareRequest) SetComment(v string) *AssessmentFrameworkShareRequest { + s.Comment = &v + return s +} + +// SetComplianceType sets the ComplianceType field's value. +func (s *AssessmentFrameworkShareRequest) SetComplianceType(v string) *AssessmentFrameworkShareRequest { + s.ComplianceType = &v + return s +} + +// SetCreationTime sets the CreationTime field's value. +func (s *AssessmentFrameworkShareRequest) SetCreationTime(v time.Time) *AssessmentFrameworkShareRequest { + s.CreationTime = &v + return s +} + +// SetCustomControlsCount sets the CustomControlsCount field's value. +func (s *AssessmentFrameworkShareRequest) SetCustomControlsCount(v int64) *AssessmentFrameworkShareRequest { + s.CustomControlsCount = &v + return s +} + +// SetDestinationAccount sets the DestinationAccount field's value. +func (s *AssessmentFrameworkShareRequest) SetDestinationAccount(v string) *AssessmentFrameworkShareRequest { + s.DestinationAccount = &v + return s +} + +// SetDestinationRegion sets the DestinationRegion field's value. +func (s *AssessmentFrameworkShareRequest) SetDestinationRegion(v string) *AssessmentFrameworkShareRequest { + s.DestinationRegion = &v + return s +} + +// SetExpirationTime sets the ExpirationTime field's value. +func (s *AssessmentFrameworkShareRequest) SetExpirationTime(v time.Time) *AssessmentFrameworkShareRequest { + s.ExpirationTime = &v + return s +} + +// SetFrameworkDescription sets the FrameworkDescription field's value. +func (s *AssessmentFrameworkShareRequest) SetFrameworkDescription(v string) *AssessmentFrameworkShareRequest { + s.FrameworkDescription = &v + return s +} + +// SetFrameworkId sets the FrameworkId field's value. +func (s *AssessmentFrameworkShareRequest) SetFrameworkId(v string) *AssessmentFrameworkShareRequest { + s.FrameworkId = &v + return s +} + +// SetFrameworkName sets the FrameworkName field's value. +func (s *AssessmentFrameworkShareRequest) SetFrameworkName(v string) *AssessmentFrameworkShareRequest { + s.FrameworkName = &v + return s +} + +// SetId sets the Id field's value. +func (s *AssessmentFrameworkShareRequest) SetId(v string) *AssessmentFrameworkShareRequest { + s.Id = &v + return s +} + +// SetLastUpdated sets the LastUpdated field's value. +func (s *AssessmentFrameworkShareRequest) SetLastUpdated(v time.Time) *AssessmentFrameworkShareRequest { + s.LastUpdated = &v + return s +} + +// SetSourceAccount sets the SourceAccount field's value. +func (s *AssessmentFrameworkShareRequest) SetSourceAccount(v string) *AssessmentFrameworkShareRequest { + s.SourceAccount = &v + return s +} + +// SetStandardControlsCount sets the StandardControlsCount field's value. +func (s *AssessmentFrameworkShareRequest) SetStandardControlsCount(v int64) *AssessmentFrameworkShareRequest { + s.StandardControlsCount = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *AssessmentFrameworkShareRequest) SetStatus(v string) *AssessmentFrameworkShareRequest { + s.Status = &v + return s +} + +// The metadata that's associated with the specified assessment. type AssessmentMetadata struct { _ struct{} `type:"structure"` - // The destination in which evidence reports are stored for the specified assessment. + // The destination that evidence reports are stored in for the assessment. AssessmentReportsDestination *AssessmentReportsDestination `locationName:"assessmentReportsDestination" type:"structure"` - // The name of a compliance standard related to the assessment, such as PCI-DSS. + // The name of the compliance standard that's related to the assessment, such + // as PCI-DSS. ComplianceType *string `locationName:"complianceType" type:"string"` // Specifies when the assessment was created. CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` - // The delegations associated with the assessment. + // The delegations that are associated with the assessment. Delegations []*Delegation `locationName:"delegations" type:"list"` // The description of the assessment. @@ -6067,11 +6656,11 @@ type AssessmentMetadata struct { // The name of the assessment. Name *string `locationName:"name" min:"1" type:"string"` - // The roles associated with the assessment. + // The roles that are associated with the assessment. Roles []*Role `locationName:"roles" type:"list"` - // The wrapper of Amazon Web Services accounts and services in scope for the - // assessment. + // The wrapper of Amazon Web Services accounts and services that are in scope + // for the assessment. Scope *Scope `locationName:"scope" type:"structure"` // The overall status of the assessment. @@ -6162,17 +6751,18 @@ func (s *AssessmentMetadata) SetStatus(v string) *AssessmentMetadata { return s } -// A metadata object associated with an assessment in Audit Manager. +// A metadata object that's associated with an assessment in Audit Manager. type AssessmentMetadataItem struct { _ struct{} `type:"structure"` - // The name of the compliance standard related to the assessment, such as PCI-DSS. + // The name of the compliance standard that's related to the assessment, such + // as PCI-DSS. ComplianceType *string `locationName:"complianceType" type:"string"` // Specifies when the assessment was created. CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` - // The delegations associated with the assessment. + // The delegations that are associated with the assessment. Delegations []*Delegation `locationName:"delegations" type:"list"` // The unique identifier for the assessment. @@ -6184,7 +6774,7 @@ type AssessmentMetadataItem struct { // The name of the assessment. Name *string `locationName:"name" min:"1" type:"string"` - // The roles associated with the assessment. + // The roles that are associated with the assessment. Roles []*Role `locationName:"roles" type:"list"` // The current status of the assessment. @@ -6257,10 +6847,10 @@ func (s *AssessmentMetadataItem) SetStatus(v string) *AssessmentMetadataItem { return s } -// A finalized document generated from an Audit Manager assessment. These reports -// summarize the relevant evidence collected for your audit, and link to the -// relevant evidence folders which are named and organized according to the -// controls specified in your assessment. +// A finalized document that's generated from an Audit Manager assessment. These +// reports summarize the relevant evidence that was collected for your audit, +// and link to the relevant evidence folders. These evidence folders are named +// and organized according to the controls that are specified in your assessment. type AssessmentReport struct { _ struct{} `type:"structure"` @@ -6282,10 +6872,10 @@ type AssessmentReport struct { // The description of the specified assessment report. Description *string `locationName:"description" type:"string"` - // The unique identifier for the specified assessment report. + // The unique identifier for the assessment report. Id *string `locationName:"id" min:"36" type:"string"` - // The name given to the assessment report. + // The name that's given to the assessment report. Name *string `locationName:"name" min:"1" type:"string"` // The current status of the specified assessment report. @@ -6369,10 +6959,10 @@ func (s *AssessmentReport) SetStatus(v string) *AssessmentReport { type AssessmentReportEvidenceError struct { _ struct{} `type:"structure"` - // The error code returned by the AssessmentReportEvidence API. + // The error code that the AssessmentReportEvidence API returned. ErrorCode *string `locationName:"errorCode" min:"3" type:"string"` - // The error message returned by the AssessmentReportEvidence API. + // The error message that the AssessmentReportEvidence API returned. ErrorMessage *string `locationName:"errorMessage" type:"string"` // The identifier for the evidence. @@ -6415,7 +7005,7 @@ func (s *AssessmentReportEvidenceError) SetEvidenceId(v string) *AssessmentRepor return s } -// The metadata objects associated with the specified assessment report. +// The metadata objects that are associated with the specified assessment report. type AssessmentReportMetadata struct { _ struct{} `type:"structure"` @@ -6431,7 +7021,7 @@ type AssessmentReportMetadata struct { // Specifies when the assessment report was created. CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` - // The description of the specified assessment report. + // The description of the assessment report. Description *string `locationName:"description" type:"string"` // The unique identifier for the assessment report. @@ -6510,8 +7100,7 @@ func (s *AssessmentReportMetadata) SetStatus(v string) *AssessmentReportMetadata return s } -// The location in which Audit Manager saves assessment reports for the given -// assessment. +// The location where Audit Manager saves assessment reports for the given assessment. type AssessmentReportsDestination struct { _ struct{} `type:"structure"` @@ -6568,12 +7157,12 @@ func (s *AssessmentReportsDestination) SetDestinationType(v string) *AssessmentR type AssociateAssessmentReportEvidenceFolderInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the folder in which evidence is stored. + // The identifier for the folder that the evidence is stored in. // // EvidenceFolderId is a required field EvidenceFolderId *string `locationName:"evidenceFolderId" min:"36" type:"string" required:"true"` @@ -6656,12 +7245,12 @@ func (s AssociateAssessmentReportEvidenceFolderOutput) GoString() string { type BatchAssociateAssessmentReportEvidenceInput struct { _ struct{} `type:"structure"` - // The unique identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the folder in which the evidence is stored. + // The identifier for the folder that the evidence is stored in. // // EvidenceFolderId is a required field EvidenceFolderId *string `locationName:"evidenceFolderId" min:"36" type:"string" required:"true"` @@ -6736,10 +7325,10 @@ func (s *BatchAssociateAssessmentReportEvidenceInput) SetEvidenceIds(v []*string type BatchAssociateAssessmentReportEvidenceOutput struct { _ struct{} `type:"structure"` - // A list of errors returned by the BatchAssociateAssessmentReportEvidence API. + // A list of errors that the BatchAssociateAssessmentReportEvidence API returned. Errors []*AssessmentReportEvidenceError `locationName:"errors" type:"list"` - // The identifier for the evidence. + // The list of evidence identifiers. EvidenceIds []*string `locationName:"evidenceIds" type:"list"` } @@ -6781,10 +7370,10 @@ type BatchCreateDelegationByAssessmentError struct { // The API request to batch create delegations in Audit Manager. CreateDelegationRequest *CreateDelegationRequest `locationName:"createDelegationRequest" type:"structure"` - // The error code returned by the BatchCreateDelegationByAssessment API. + // The error code that the BatchCreateDelegationByAssessment API returned. ErrorCode *string `locationName:"errorCode" min:"3" type:"string"` - // The error message returned by the BatchCreateDelegationByAssessment API. + // The error message that the BatchCreateDelegationByAssessment API returned. ErrorMessage *string `locationName:"errorMessage" type:"string"` } @@ -6827,7 +7416,7 @@ func (s *BatchCreateDelegationByAssessmentError) SetErrorMessage(v string) *Batc type BatchCreateDelegationByAssessmentInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` @@ -6903,10 +7492,10 @@ func (s *BatchCreateDelegationByAssessmentInput) SetCreateDelegationRequests(v [ type BatchCreateDelegationByAssessmentOutput struct { _ struct{} `type:"structure"` - // The delegations associated with the assessment. + // The delegations that are associated with the assessment. Delegations []*Delegation `locationName:"delegations" type:"list"` - // A list of errors returned by the BatchCreateDelegationByAssessment API. + // A list of errors that the BatchCreateDelegationByAssessment API returned. Errors []*BatchCreateDelegationByAssessmentError `locationName:"errors" type:"list"` } @@ -6945,13 +7534,13 @@ func (s *BatchCreateDelegationByAssessmentOutput) SetErrors(v []*BatchCreateDele type BatchDeleteDelegationByAssessmentError struct { _ struct{} `type:"structure"` - // The identifier for the specified delegation. + // The identifier for the delegation. DelegationId *string `locationName:"delegationId" min:"36" type:"string"` - // The error code returned by the BatchDeleteDelegationByAssessment API. + // The error code that the BatchDeleteDelegationByAssessment API returned. ErrorCode *string `locationName:"errorCode" min:"3" type:"string"` - // The error message returned by the BatchDeleteDelegationByAssessment API. + // The error message that the BatchDeleteDelegationByAssessment API returned. ErrorMessage *string `locationName:"errorMessage" type:"string"` } @@ -6994,12 +7583,12 @@ func (s *BatchDeleteDelegationByAssessmentError) SetErrorMessage(v string) *Batc type BatchDeleteDelegationByAssessmentInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifiers for the specified delegations. + // The identifiers for the delegations. // // DelegationIds is a required field DelegationIds []*string `locationName:"delegationIds" min:"1" type:"list" required:"true"` @@ -7060,7 +7649,7 @@ func (s *BatchDeleteDelegationByAssessmentInput) SetDelegationIds(v []*string) * type BatchDeleteDelegationByAssessmentOutput struct { _ struct{} `type:"structure"` - // A list of errors returned by the BatchDeleteDelegationByAssessment API. + // A list of errors that the BatchDeleteDelegationByAssessment API returned. Errors []*BatchDeleteDelegationByAssessmentError `locationName:"errors" type:"list"` } @@ -7091,12 +7680,12 @@ func (s *BatchDeleteDelegationByAssessmentOutput) SetErrors(v []*BatchDeleteDele type BatchDisassociateAssessmentReportEvidenceInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the folder in which evidence is stored. + // The identifier for the folder that the evidence is stored in. // // EvidenceFolderId is a required field EvidenceFolderId *string `locationName:"evidenceFolderId" min:"36" type:"string" required:"true"` @@ -7171,8 +7760,7 @@ func (s *BatchDisassociateAssessmentReportEvidenceInput) SetEvidenceIds(v []*str type BatchDisassociateAssessmentReportEvidenceOutput struct { _ struct{} `type:"structure"` - // A list of errors returned by the BatchDisassociateAssessmentReportEvidence - // API. + // A list of errors that the BatchDisassociateAssessmentReportEvidence API returned. Errors []*AssessmentReportEvidenceError `locationName:"errors" type:"list"` // The identifier for the evidence. @@ -7214,14 +7802,13 @@ func (s *BatchDisassociateAssessmentReportEvidenceOutput) SetEvidenceIds(v []*st type BatchImportEvidenceToAssessmentControlError struct { _ struct{} `type:"structure"` - // The error code returned by the BatchImportEvidenceToAssessmentControl API. + // The error code that the BatchImportEvidenceToAssessmentControl API returned. ErrorCode *string `locationName:"errorCode" min:"3" type:"string"` - // The error message returned by the BatchImportEvidenceToAssessmentControl - // API. + // The error message that the BatchImportEvidenceToAssessmentControl API returned. ErrorMessage *string `locationName:"errorMessage" type:"string"` - // Manual evidence that cannot be collected automatically by Audit Manager. + // Manual evidence that can't be collected automatically by Audit Manager. ManualEvidence *ManualEvidence `locationName:"manualEvidence" type:"structure"` } @@ -7264,17 +7851,17 @@ func (s *BatchImportEvidenceToAssessmentControlError) SetManualEvidence(v *Manua type BatchImportEvidenceToAssessmentControlInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the specified control. + // The identifier for the control. // // ControlId is a required field ControlId *string `location:"uri" locationName:"controlId" min:"36" type:"string" required:"true"` - // The identifier for the specified control set. + // The identifier for the control set. // // ControlSetId is a required field ControlSetId *string `location:"uri" locationName:"controlSetId" min:"1" type:"string" required:"true"` @@ -7374,7 +7961,7 @@ func (s *BatchImportEvidenceToAssessmentControlInput) SetManualEvidence(v []*Man type BatchImportEvidenceToAssessmentControlOutput struct { _ struct{} `type:"structure"` - // A list of errors returned by the BatchImportEvidenceToAssessmentControl API. + // A list of errors that the BatchImportEvidenceToAssessmentControl API returned. Errors []*BatchImportEvidenceToAssessmentControlError `locationName:"errors" type:"list"` } @@ -7402,24 +7989,25 @@ func (s *BatchImportEvidenceToAssessmentControlOutput) SetErrors(v []*BatchImpor return s } -// The record of a change within Audit Manager, such as a modified assessment, -// a delegated control set, and so on. +// The record of a change within Audit Manager. For example, this could be the +// status change of an assessment or the delegation of a control set. type ChangeLog struct { _ struct{} `type:"structure"` - // The action performed. + // The action that was performed. Action *string `locationName:"action" type:"string" enum:"ActionEnum"` - // The time of creation for the changelog object. + // The time when the action was performed and the changelog record was created. CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"` // The IAM user or role that performed the action. CreatedBy *string `locationName:"createdBy" min:"20" type:"string"` - // The name of the changelog object. + // The name of the object that changed. This could be the name of an assessment, + // control, or control set. ObjectName *string `locationName:"objectName" min:"1" type:"string"` - // The changelog object type, such as an assessment, control, or control set. + // The object that was changed, such as an assessment, control, or control set. ObjectType *string `locationName:"objectType" type:"string" enum:"ObjectTypeEnum"` } @@ -7475,19 +8063,19 @@ func (s *ChangeLog) SetObjectType(v string) *ChangeLog { type Control struct { _ struct{} `type:"structure"` - // The recommended actions to carry out if the control is not fulfilled. + // The recommended actions to carry out if the control isn't fulfilled. ActionPlanInstructions *string `locationName:"actionPlanInstructions" type:"string"` // The title of the action plan for remediating the control. ActionPlanTitle *string `locationName:"actionPlanTitle" type:"string"` - // The Amazon Resource Name (ARN) of the specified control. + // The Amazon Resource Name (ARN) of the control. Arn *string `locationName:"arn" min:"20" type:"string"` - // The data mapping sources for the specified control. + // The data mapping sources for the control. ControlMappingSources []*ControlMappingSource `locationName:"controlMappingSources" min:"1" type:"list"` - // The data source that determines from where Audit Manager collects evidence + // The data source that determines where Audit Manager collects evidence from // for the control. ControlSources *string `locationName:"controlSources" min:"1" type:"string"` @@ -7497,7 +8085,7 @@ type Control struct { // The IAM user or role that created the control. CreatedBy *string `locationName:"createdBy" min:"1" type:"string"` - // The description of the specified control. + // The description of the control. Description *string `locationName:"description" type:"string"` // The unique identifier for the control. @@ -7509,16 +8097,16 @@ type Control struct { // The IAM user or role that most recently updated the control. LastUpdatedBy *string `locationName:"lastUpdatedBy" min:"1" type:"string"` - // The name of the specified control. + // The name of the control. Name *string `locationName:"name" min:"1" type:"string"` // The tags associated with the control. Tags map[string]*string `locationName:"tags" type:"map"` - // The steps to follow to determine if the control has been satisfied. + // The steps that you should follow to determine if the control has been satisfied. TestingInformation *string `locationName:"testingInformation" type:"string"` - // The type of control, such as custom or standard. + // The type of control, such as a custom control or a standard control. Type *string `locationName:"type" type:"string" enum:"ControlType"` } @@ -7630,8 +8218,8 @@ func (s *Control) SetType(v string) *Control { return s } -// A comment posted by a user on a control. This includes the author's name, -// the comment text, and a timestamp. +// A comment that's posted by a user on a control. This includes the author's +// name, the comment text, and a timestamp. type ControlComment struct { _ struct{} `type:"structure"` @@ -7681,35 +8269,35 @@ func (s *ControlComment) SetPostedDate(v time.Time) *ControlComment { return s } -// The data source that determines from where Audit Manager collects evidence +// The data source that determines where Audit Manager collects evidence from // for the control. type ControlMappingSource struct { _ struct{} `type:"structure"` - // The description of the specified source. + // The description of the source. SourceDescription *string `locationName:"sourceDescription" type:"string"` - // The frequency of evidence collection for the specified control mapping source. + // The frequency of evidence collection for the control mapping source. SourceFrequency *string `locationName:"sourceFrequency" type:"string" enum:"SourceFrequency"` - // The unique identifier for the specified source. + // The unique identifier for the source. SourceId *string `locationName:"sourceId" min:"36" type:"string"` // The keyword to search for in CloudTrail logs, Config rules, Security Hub // checks, and Amazon Web Services API names. SourceKeyword *SourceKeyword `locationName:"sourceKeyword" type:"structure"` - // The name of the specified source. + // The name of the source. SourceName *string `locationName:"sourceName" min:"1" type:"string"` - // The setup option for the data source, which reflects if the evidence collection - // is automated or manual. + // The setup option for the data source. This option reflects if the evidence + // collection is automated or manual. SourceSetUpOption *string `locationName:"sourceSetUpOption" type:"string" enum:"SourceSetUpOption"` // Specifies one of the five types of data sources for evidence collection. SourceType *string `locationName:"sourceType" type:"string" enum:"SourceType"` - // The instructions for troubleshooting the specified control. + // The instructions for troubleshooting the control. TroubleshootingText *string `locationName:"troubleshootingText" type:"string"` } @@ -7800,27 +8388,27 @@ func (s *ControlMappingSource) SetTroubleshootingText(v string) *ControlMappingS return s } -// The metadata associated with the specified standard or custom control. +// The metadata that's associated with the standard control or custom control. type ControlMetadata struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the specified control. + // The Amazon Resource Name (ARN) of the control. Arn *string `locationName:"arn" min:"20" type:"string"` - // The data source that determines from where Audit Manager collects evidence + // The data source that determines where Audit Manager collects evidence from // for the control. ControlSources *string `locationName:"controlSources" min:"1" type:"string"` // Specifies when the control was created. CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"` - // The unique identifier for the specified control. + // The unique identifier for the control. Id *string `locationName:"id" min:"36" type:"string"` // Specifies when the control was most recently updated. LastUpdatedAt *time.Time `locationName:"lastUpdatedAt" type:"timestamp"` - // The name of the specified control. + // The name of the control. Name *string `locationName:"name" min:"1" type:"string"` } @@ -7929,8 +8517,8 @@ func (s *ControlSet) SetName(v string) *ControlSet { return s } -// Control entity attributes that uniquely identify an existing control to be -// added to a framework in Audit Manager. +// The control entity attributes that uniquely identify an existing control +// to be added to a framework in Audit Manager. type CreateAssessmentFrameworkControl struct { _ struct{} `type:"structure"` @@ -7976,15 +8564,15 @@ func (s *CreateAssessmentFrameworkControl) SetId(v string) *CreateAssessmentFram } // A controlSet entity that represents a collection of controls in Audit Manager. -// This does not contain the control set ID. +// This doesn't contain the control set ID. type CreateAssessmentFrameworkControlSet struct { _ struct{} `type:"structure"` - // The list of controls within the control set. This does not contain the control + // The list of controls within the control set. This doesn't contain the control // set ID. Controls []*CreateAssessmentFrameworkControl `locationName:"controls" min:"1" type:"list"` - // The name of the specified control set. + // The name of the control set. // // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` @@ -8056,7 +8644,7 @@ type CreateAssessmentFrameworkInput struct { // HIPAA. ComplianceType *string `locationName:"complianceType" type:"string"` - // The control sets to be associated with the framework. + // The control sets that are associated with the framework. // // ControlSets is a required field ControlSets []*CreateAssessmentFrameworkControlSet `locationName:"controlSets" min:"1" type:"list" required:"true"` @@ -8069,7 +8657,7 @@ type CreateAssessmentFrameworkInput struct { // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` - // The tags associated with the framework. + // The tags that are associated with the framework. Tags map[string]*string `locationName:"tags" type:"map"` } @@ -8159,7 +8747,7 @@ func (s *CreateAssessmentFrameworkInput) SetTags(v map[string]*string) *CreateAs type CreateAssessmentFrameworkOutput struct { _ struct{} `type:"structure"` - // The name of the new framework returned by the CreateAssessmentFramework API. + // The name of the new framework that the CreateAssessmentFramework API returned. Framework *Framework `locationName:"framework" type:"structure"` } @@ -8190,8 +8778,8 @@ func (s *CreateAssessmentFrameworkOutput) SetFramework(v *Framework) *CreateAsse type CreateAssessmentInput struct { _ struct{} `type:"structure"` - // The assessment report storage destination for the specified assessment that - // is being created. + // The assessment report storage destination for the assessment that's being + // created. // // AssessmentReportsDestination is a required field AssessmentReportsDestination *AssessmentReportsDestination `locationName:"assessmentReportsDestination" type:"structure" required:"true"` @@ -8199,7 +8787,7 @@ type CreateAssessmentInput struct { // The optional description of the assessment to be created. Description *string `locationName:"description" type:"string"` - // The identifier for the specified framework. + // The identifier for the framework that the assessment will be created from. // // FrameworkId is a required field FrameworkId *string `locationName:"frameworkId" min:"36" type:"string" required:"true"` @@ -8209,18 +8797,18 @@ type CreateAssessmentInput struct { // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` - // The list of roles for the specified assessment. + // The list of roles for the assessment. // // Roles is a required field Roles []*Role `locationName:"roles" type:"list" required:"true"` - // The wrapper that contains the Amazon Web Services accounts and services in - // scope for the assessment. + // The wrapper that contains the Amazon Web Services accounts and services that + // are in scope for the assessment. // // Scope is a required field Scope *Scope `locationName:"scope" type:"structure" required:"true"` - // The tags associated with the assessment. + // The tags that are associated with the assessment. Tags map[string]*string `locationName:"tags" type:"map"` } @@ -8370,7 +8958,7 @@ func (s *CreateAssessmentOutput) SetAssessment(v *Assessment) *CreateAssessmentO type CreateAssessmentReportInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` @@ -8445,7 +9033,7 @@ func (s *CreateAssessmentReportInput) SetName(v string) *CreateAssessmentReportI type CreateAssessmentReportOutput struct { _ struct{} `type:"structure"` - // The new assessment report returned by the CreateAssessmentReport API. + // The new assessment report that the CreateAssessmentReport API returned. AssessmentReport *AssessmentReport `locationName:"assessmentReport" type:"structure"` } @@ -8476,13 +9064,13 @@ func (s *CreateAssessmentReportOutput) SetAssessmentReport(v *AssessmentReport) type CreateControlInput struct { _ struct{} `type:"structure"` - // The recommended actions to carry out if the control is not fulfilled. + // The recommended actions to carry out if the control isn't fulfilled. ActionPlanInstructions *string `locationName:"actionPlanInstructions" type:"string"` // The title of the action plan for remediating the control. ActionPlanTitle *string `locationName:"actionPlanTitle" type:"string"` - // The data mapping sources for the specified control. + // The data mapping sources for the control. // // ControlMappingSources is a required field ControlMappingSources []*CreateControlMappingSource `locationName:"controlMappingSources" min:"1" type:"list" required:"true"` @@ -8495,10 +9083,10 @@ type CreateControlInput struct { // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` - // The tags associated with the control. + // The tags that are associated with the control. Tags map[string]*string `locationName:"tags" type:"map"` - // The steps to follow to determine if the control has been satisfied. + // The steps to follow to determine if the control is satisfied. TestingInformation *string `locationName:"testingInformation" type:"string"` } @@ -8594,16 +9182,16 @@ func (s *CreateControlInput) SetTestingInformation(v string) *CreateControlInput return s } -// Control mapping fields that represent the source for evidence collection, -// along with related parameters and metadata. This does not contain mappingID. +// The control mapping fields that represent the source for evidence collection, +// along with related parameters and metadata. This doesn't contain mappingID. type CreateControlMappingSource struct { _ struct{} `type:"structure"` - // The description of the data source that determines from where Audit Manager - // collects evidence for the control. + // The description of the data source that determines where Audit Manager collects + // evidence from for the control. SourceDescription *string `locationName:"sourceDescription" type:"string"` - // The frequency of evidence collection for the specified control mapping source. + // The frequency of evidence collection for the control mapping source. SourceFrequency *string `locationName:"sourceFrequency" type:"string" enum:"SourceFrequency"` // The keyword to search for in CloudTrail logs, Config rules, Security Hub @@ -8620,7 +9208,7 @@ type CreateControlMappingSource struct { // Specifies one of the five types of data sources for evidence collection. SourceType *string `locationName:"sourceType" type:"string" enum:"SourceType"` - // The instructions for troubleshooting the specified control. + // The instructions for troubleshooting the control. TroubleshootingText *string `locationName:"troubleshootingText" type:"string"` } @@ -8705,7 +9293,7 @@ func (s *CreateControlMappingSource) SetTroubleshootingText(v string) *CreateCon type CreateControlOutput struct { _ struct{} `type:"structure"` - // The new control returned by the CreateControl API. + // The new control that the CreateControl API returned. Control *Control `locationName:"control" type:"structure"` } @@ -8733,12 +9321,12 @@ func (s *CreateControlOutput) SetControl(v *Control) *CreateControlOutput { return s } -// A collection of attributes used to create a delegation for an assessment +// A collection of attributes that's used to create a delegation for an assessment // in Audit Manager. type CreateDelegationRequest struct { _ struct{} `type:"structure"` - // A comment related to the delegation request. + // A comment that's related to the delegation request. Comment *string `locationName:"comment" type:"string"` // The unique identifier for the control set. @@ -8819,16 +9407,16 @@ func (s *CreateDelegationRequest) SetRoleType(v string) *CreateDelegationRequest type Delegation struct { _ struct{} `type:"structure"` - // The identifier for the associated assessment. + // The identifier for the assessment that's associated with the delegation. AssessmentId *string `locationName:"assessmentId" min:"36" type:"string"` - // The name of the associated assessment. + // The name of the assessment that's associated with the delegation. AssessmentName *string `locationName:"assessmentName" min:"1" type:"string"` - // The comment related to the delegation. + // The comment that's related to the delegation. Comment *string `locationName:"comment" type:"string"` - // The identifier for the associated control set. + // The identifier for the control set that's associated with the delegation. ControlSetId *string `locationName:"controlSetId" min:"1" type:"string"` // The IAM user or role that created the delegation. @@ -8943,17 +9531,17 @@ func (s *Delegation) SetStatus(v string) *Delegation { return s } -// The metadata associated with the specified delegation. +// The metadata that's associated with the delegation. type DelegationMetadata struct { _ struct{} `type:"structure"` - // The unique identifier for the specified assessment. + // The unique identifier for the assessment. AssessmentId *string `locationName:"assessmentId" min:"36" type:"string"` // The name of the associated assessment. AssessmentName *string `locationName:"assessmentName" min:"1" type:"string"` - // Specifies the name of the control set delegated for review. + // Specifies the name of the control set that was delegated for review. ControlSetName *string `locationName:"controlSetName" min:"1" type:"string"` // Specifies when the delegation was created. @@ -8965,7 +9553,7 @@ type DelegationMetadata struct { // The Amazon Resource Name (ARN) of the IAM role. RoleArn *string `locationName:"roleArn" min:"20" type:"string"` - // The current status of the delgation. + // The current status of the delegation. Status *string `locationName:"status" type:"string" enum:"DelegationStatus"` } @@ -9032,7 +9620,7 @@ func (s *DelegationMetadata) SetStatus(v string) *DelegationMetadata { type DeleteAssessmentFrameworkInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified framework. + // The identifier for the framework. // // FrameworkId is a required field FrameworkId *string `location:"uri" locationName:"frameworkId" min:"36" type:"string" required:"true"` @@ -9100,13 +9688,18 @@ func (s DeleteAssessmentFrameworkOutput) GoString() string { return s.String() } -type DeleteAssessmentInput struct { +type DeleteAssessmentFrameworkShareInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The unique identifier for the share request to be deleted. // - // AssessmentId is a required field - AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` + // RequestId is a required field + RequestId *string `location:"uri" locationName:"requestId" min:"36" type:"string" required:"true"` + + // Specifies whether the share request is a sent request or a received request. + // + // RequestType is a required field + RequestType *string `location:"querystring" locationName:"requestType" type:"string" required:"true" enum:"ShareRequestType"` } // String returns the string representation. @@ -9114,7 +9707,7 @@ type DeleteAssessmentInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteAssessmentInput) String() string { +func (s DeleteAssessmentFrameworkShareInput) String() string { return awsutil.Prettify(s) } @@ -9123,18 +9716,21 @@ func (s DeleteAssessmentInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteAssessmentInput) GoString() string { +func (s DeleteAssessmentFrameworkShareInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteAssessmentInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteAssessmentInput"} - if s.AssessmentId == nil { - invalidParams.Add(request.NewErrParamRequired("AssessmentId")) +func (s *DeleteAssessmentFrameworkShareInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteAssessmentFrameworkShareInput"} + if s.RequestId == nil { + invalidParams.Add(request.NewErrParamRequired("RequestId")) } - if s.AssessmentId != nil && len(*s.AssessmentId) < 36 { - invalidParams.Add(request.NewErrParamMinLen("AssessmentId", 36)) + if s.RequestId != nil && len(*s.RequestId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("RequestId", 36)) + } + if s.RequestType == nil { + invalidParams.Add(request.NewErrParamRequired("RequestType")) } if invalidParams.Len() > 0 { @@ -9143,13 +9739,19 @@ func (s *DeleteAssessmentInput) Validate() error { return nil } -// SetAssessmentId sets the AssessmentId field's value. -func (s *DeleteAssessmentInput) SetAssessmentId(v string) *DeleteAssessmentInput { - s.AssessmentId = &v +// SetRequestId sets the RequestId field's value. +func (s *DeleteAssessmentFrameworkShareInput) SetRequestId(v string) *DeleteAssessmentFrameworkShareInput { + s.RequestId = &v return s } -type DeleteAssessmentOutput struct { +// SetRequestType sets the RequestType field's value. +func (s *DeleteAssessmentFrameworkShareInput) SetRequestType(v string) *DeleteAssessmentFrameworkShareInput { + s.RequestType = &v + return s +} + +type DeleteAssessmentFrameworkShareOutput struct { _ struct{} `type:"structure"` } @@ -9158,7 +9760,7 @@ type DeleteAssessmentOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteAssessmentOutput) String() string { +func (s DeleteAssessmentFrameworkShareOutput) String() string { return awsutil.Prettify(s) } @@ -9167,22 +9769,17 @@ func (s DeleteAssessmentOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteAssessmentOutput) GoString() string { +func (s DeleteAssessmentFrameworkShareOutput) GoString() string { return s.String() } -type DeleteAssessmentReportInput struct { +type DeleteAssessmentInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - - // The unique identifier for the assessment report. - // - // AssessmentReportId is a required field - AssessmentReportId *string `location:"uri" locationName:"assessmentReportId" min:"36" type:"string" required:"true"` } // String returns the string representation. @@ -9190,7 +9787,7 @@ type DeleteAssessmentReportInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteAssessmentReportInput) String() string { +func (s DeleteAssessmentInput) String() string { return awsutil.Prettify(s) } @@ -9199,25 +9796,101 @@ func (s DeleteAssessmentReportInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteAssessmentReportInput) GoString() string { +func (s DeleteAssessmentInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteAssessmentReportInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteAssessmentReportInput"} +func (s *DeleteAssessmentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteAssessmentInput"} if s.AssessmentId == nil { invalidParams.Add(request.NewErrParamRequired("AssessmentId")) } if s.AssessmentId != nil && len(*s.AssessmentId) < 36 { invalidParams.Add(request.NewErrParamMinLen("AssessmentId", 36)) } - if s.AssessmentReportId == nil { - invalidParams.Add(request.NewErrParamRequired("AssessmentReportId")) - } - if s.AssessmentReportId != nil && len(*s.AssessmentReportId) < 36 { - invalidParams.Add(request.NewErrParamMinLen("AssessmentReportId", 36)) - } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssessmentId sets the AssessmentId field's value. +func (s *DeleteAssessmentInput) SetAssessmentId(v string) *DeleteAssessmentInput { + s.AssessmentId = &v + return s +} + +type DeleteAssessmentOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAssessmentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAssessmentOutput) GoString() string { + return s.String() +} + +type DeleteAssessmentReportInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The identifier for the assessment. + // + // AssessmentId is a required field + AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` + + // The unique identifier for the assessment report. + // + // AssessmentReportId is a required field + AssessmentReportId *string `location:"uri" locationName:"assessmentReportId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAssessmentReportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAssessmentReportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteAssessmentReportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteAssessmentReportInput"} + if s.AssessmentId == nil { + invalidParams.Add(request.NewErrParamRequired("AssessmentId")) + } + if s.AssessmentId != nil && len(*s.AssessmentId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("AssessmentId", 36)) + } + if s.AssessmentReportId == nil { + invalidParams.Add(request.NewErrParamRequired("AssessmentReportId")) + } + if s.AssessmentReportId != nil && len(*s.AssessmentReportId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("AssessmentReportId", 36)) + } if invalidParams.Len() > 0 { return invalidParams @@ -9262,7 +9935,7 @@ func (s DeleteAssessmentReportOutput) GoString() string { type DeleteControlInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified control. + // The identifier for the control. // // ControlId is a required field ControlId *string `location:"uri" locationName:"controlId" min:"36" type:"string" required:"true"` @@ -9386,7 +10059,7 @@ func (s *DeregisterAccountOutput) SetStatus(v string) *DeregisterAccountOutput { type DeregisterOrganizationAdminAccountInput struct { _ struct{} `type:"structure"` - // The identifier for the specified administrator account. + // The identifier for the administrator account. AdminAccountId *string `locationName:"adminAccountId" min:"12" type:"string"` } @@ -9452,7 +10125,7 @@ func (s DeregisterOrganizationAdminAccountOutput) GoString() string { type DisassociateAssessmentReportEvidenceFolderInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` @@ -9546,14 +10219,15 @@ type Evidence struct { // Specifies whether the evidence is included in the assessment report. AssessmentReportSelection *string `locationName:"assessmentReportSelection" type:"string"` - // The names and values used by the evidence event, including an attribute name - // (such as allowUsersToChangePassword) and value (such as true or false). + // The names and values that are used by the evidence event. This includes an + // attribute name (such as allowUsersToChangePassword) and value (such as true + // or false). Attributes map[string]*string `locationName:"attributes" type:"map"` - // The identifier for the specified Amazon Web Services account. + // The identifier for the Amazon Web Services account. AwsAccountId *string `locationName:"awsAccountId" min:"12" type:"string"` - // The Amazon Web Services account from which the evidence is collected, and + // The Amazon Web Services account that the evidence is collected from, and // its organization path. AwsOrganization *string `locationName:"awsOrganization" type:"string"` @@ -9563,31 +10237,32 @@ type Evidence struct { // result is shown. ComplianceCheck *string `locationName:"complianceCheck" type:"string"` - // The data source from which the specified evidence was collected. + // The data source where the evidence was collected from. DataSource *string `locationName:"dataSource" type:"string"` - // The name of the specified evidence event. + // The name of the evidence event. EventName *string `locationName:"eventName" type:"string"` - // The Amazon Web Service from which the evidence is collected. + // The Amazon Web Service that the evidence is collected from. EventSource *string `locationName:"eventSource" min:"1" type:"string"` - // The identifier for the specified Amazon Web Services account. + // The identifier for the Amazon Web Services account. EvidenceAwsAccountId *string `locationName:"evidenceAwsAccountId" min:"12" type:"string"` // The type of automated evidence. EvidenceByType *string `locationName:"evidenceByType" type:"string"` - // The identifier for the folder in which the evidence is stored. + // The identifier for the folder that the evidence is stored in. EvidenceFolderId *string `locationName:"evidenceFolderId" min:"36" type:"string"` - // The unique identifier for the IAM user or role associated with the evidence. + // The unique identifier for the IAM user or role that's associated with the + // evidence. IamId *string `locationName:"iamId" min:"20" type:"string"` // The identifier for the evidence. Id *string `locationName:"id" min:"36" type:"string"` - // The list of resources assessed to generate the evidence. + // The list of resources that are assessed to generate the evidence. ResourcesIncluded []*Resource `locationName:"resourcesIncluded" type:"list"` // The timestamp that represents when the evidence was collected. @@ -9702,22 +10377,22 @@ func (s *Evidence) SetTime(v time.Time) *Evidence { return s } -// The file used to structure and automate Audit Manager assessments for a given -// compliance standard. +// The file that's used to structure and automate Audit Manager assessments +// for a given compliance standard. type Framework struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the specified framework. + // The Amazon Resource Name (ARN) of the framework. Arn *string `locationName:"arn" min:"20" type:"string"` // The compliance type that the new custom framework supports, such as CIS or // HIPAA. ComplianceType *string `locationName:"complianceType" type:"string"` - // The control sets associated with the framework. + // The control sets that are associated with the framework. ControlSets []*ControlSet `locationName:"controlSets" min:"1" type:"list"` - // The sources from which Audit Manager collects evidence for the control. + // The sources that Audit Manager collects evidence from for the control. ControlSources *string `locationName:"controlSources" min:"1" type:"string"` // Specifies when the framework was created. @@ -9726,10 +10401,10 @@ type Framework struct { // The IAM user or role that created the framework. CreatedBy *string `locationName:"createdBy" min:"1" type:"string"` - // The description of the specified framework. + // The description of the framework. Description *string `locationName:"description" min:"1" type:"string"` - // The unique identifier for the specified framework. + // The unique identifier for the framework. Id *string `locationName:"id" min:"36" type:"string"` // Specifies when the framework was most recently updated. @@ -9738,16 +10413,16 @@ type Framework struct { // The IAM user or role that most recently updated the framework. LastUpdatedBy *string `locationName:"lastUpdatedBy" min:"1" type:"string"` - // The logo associated with the framework. + // The logo that's associated with the framework. Logo *string `locationName:"logo" min:"1" type:"string"` - // The name of the specified framework. + // The name of the framework. Name *string `locationName:"name" min:"1" type:"string"` - // The tags associated with the framework. + // The tags that are associated with the framework. Tags map[string]*string `locationName:"tags" type:"map"` - // The framework type, such as custom or standard. + // The framework type, such as a custom framework or a standard framework. Type *string `locationName:"type" type:"string" enum:"FrameworkType"` } @@ -9853,18 +10528,18 @@ func (s *Framework) SetType(v string) *Framework { return s } -// The metadata of a framework, such as the name, ID, description, and so on. +// The metadata of a framework, such as the name, ID, or description. type FrameworkMetadata struct { _ struct{} `type:"structure"` - // The compliance standard associated with the framework, such as PCI-DSS or - // HIPAA. + // The compliance standard that's associated with the framework. For example, + // this could be PCI DSS or HIPAA. ComplianceType *string `locationName:"complianceType" type:"string"` // The description of the framework. Description *string `locationName:"description" min:"1" type:"string"` - // The logo associated with the framework. + // The logo that's associated with the framework. Logo *string `locationName:"logo" min:"1" type:"string"` // The name of the framework. @@ -9938,7 +10613,7 @@ func (s GetAccountStatusInput) GoString() string { type GetAccountStatusOutput struct { _ struct{} `type:"structure"` - // The status of the specified Amazon Web Services account. + // The status of the Amazon Web Services account. Status *string `locationName:"status" type:"string" enum:"AccountStatus"` } @@ -9969,7 +10644,7 @@ func (s *GetAccountStatusOutput) SetStatus(v string) *GetAccountStatusOutput { type GetAssessmentFrameworkInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified framework. + // The identifier for the framework. // // FrameworkId is a required field FrameworkId *string `location:"uri" locationName:"frameworkId" min:"36" type:"string" required:"true"` @@ -10018,7 +10693,7 @@ func (s *GetAssessmentFrameworkInput) SetFrameworkId(v string) *GetAssessmentFra type GetAssessmentFrameworkOutput struct { _ struct{} `type:"structure"` - // The framework returned by the GetAssessmentFramework API. + // The framework that the GetAssessmentFramework API returned. Framework *Framework `locationName:"framework" type:"structure"` } @@ -10049,7 +10724,7 @@ func (s *GetAssessmentFrameworkOutput) SetFramework(v *Framework) *GetAssessment type GetAssessmentInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` @@ -10103,7 +10778,7 @@ type GetAssessmentOutput struct { Assessment *Assessment `locationName:"assessment" type:"structure"` // The wrapper that contains the Audit Manager role information of the current - // user, such as the role type and IAM Amazon Resource Name (ARN). + // user. This includes the role type and IAM Amazon Resource Name (ARN). UserRole *Role `locationName:"userRole" type:"structure"` } @@ -10140,7 +10815,7 @@ func (s *GetAssessmentOutput) SetUserRole(v *Role) *GetAssessmentOutput { type GetAssessmentReportUrlInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` @@ -10206,8 +10881,8 @@ func (s *GetAssessmentReportUrlInput) SetAssessmentReportId(v string) *GetAssess type GetAssessmentReportUrlOutput struct { _ struct{} `type:"structure"` - // A uniform resource locator, used as a unique identifier to locate a resource - // on the internet. + // Short for uniform resource locator. A URL is used as a unique identifier + // to locate a resource on the internet. PreSignedUrl *URL `locationName:"preSignedUrl" type:"structure"` } @@ -10238,21 +10913,22 @@ func (s *GetAssessmentReportUrlOutput) SetPreSignedUrl(v *URL) *GetAssessmentRep type GetChangeLogsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the specified control. + // The identifier for the control. ControlId *string `location:"querystring" locationName:"controlId" min:"36" type:"string"` - // The identifier for the specified control set. + // The identifier for the control set. ControlSetId *string `location:"querystring" locationName:"controlSetId" min:"1" type:"string"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -10338,7 +11014,7 @@ type GetChangeLogsOutput struct { // The list of user activity for the control. ChangeLogs []*ChangeLog `locationName:"changeLogs" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -10375,7 +11051,7 @@ func (s *GetChangeLogsOutput) SetNextToken(v string) *GetChangeLogsOutput { type GetControlInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified control. + // The identifier for the control. // // ControlId is a required field ControlId *string `location:"uri" locationName:"controlId" min:"36" type:"string" required:"true"` @@ -10424,7 +11100,7 @@ func (s *GetControlInput) SetControlId(v string) *GetControlInput { type GetControlOutput struct { _ struct{} `type:"structure"` - // The name of the control returned by the GetControl API. + // The name of the control that the GetControl API returned. Control *Control `locationName:"control" type:"structure"` } @@ -10455,10 +11131,11 @@ func (s *GetControlOutput) SetControl(v *Control) *GetControlOutput { type GetDelegationsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -10511,10 +11188,10 @@ func (s *GetDelegationsInput) SetNextToken(v string) *GetDelegationsInput { type GetDelegationsOutput struct { _ struct{} `type:"structure"` - // The list of delegations returned by the GetDelegations API. + // The list of delegations that the GetDelegations API returned. Delegations []*DelegationMetadata `locationName:"delegations" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -10551,7 +11228,7 @@ func (s *GetDelegationsOutput) SetNextToken(v string) *GetDelegationsOutput { type GetEvidenceByEvidenceFolderInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` @@ -10561,15 +11238,16 @@ type GetEvidenceByEvidenceFolderInput struct { // ControlSetId is a required field ControlSetId *string `location:"uri" locationName:"controlSetId" min:"1" type:"string" required:"true"` - // The unique identifier for the folder in which the evidence is stored. + // The unique identifier for the folder that the evidence is stored in. // // EvidenceFolderId is a required field EvidenceFolderId *string `location:"uri" locationName:"evidenceFolderId" min:"36" type:"string" required:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -10658,10 +11336,10 @@ func (s *GetEvidenceByEvidenceFolderInput) SetNextToken(v string) *GetEvidenceBy type GetEvidenceByEvidenceFolderOutput struct { _ struct{} `type:"structure"` - // The list of evidence returned by the GetEvidenceByEvidenceFolder API. + // The list of evidence that the GetEvidenceByEvidenceFolder API returned. Evidence []*Evidence `locationName:"evidence" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -10698,17 +11376,17 @@ func (s *GetEvidenceByEvidenceFolderOutput) SetNextToken(v string) *GetEvidenceB type GetEvidenceFolderInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the specified control set. + // The identifier for the control set. // // ControlSetId is a required field ControlSetId *string `location:"uri" locationName:"controlSetId" min:"1" type:"string" required:"true"` - // The identifier for the folder in which the evidence is stored. + // The identifier for the folder that the evidence is stored in. // // EvidenceFolderId is a required field EvidenceFolderId *string `location:"uri" locationName:"evidenceFolderId" min:"36" type:"string" required:"true"` @@ -10781,7 +11459,7 @@ func (s *GetEvidenceFolderInput) SetEvidenceFolderId(v string) *GetEvidenceFolde type GetEvidenceFolderOutput struct { _ struct{} `type:"structure"` - // The folder in which evidence is stored. + // The folder that the evidence is stored in. EvidenceFolder *AssessmentEvidenceFolder `locationName:"evidenceFolder" type:"structure"` } @@ -10812,25 +11490,26 @@ func (s *GetEvidenceFolderOutput) SetEvidenceFolder(v *AssessmentEvidenceFolder) type GetEvidenceFoldersByAssessmentControlInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the specified control. + // The identifier for the control. // // ControlId is a required field ControlId *string `location:"uri" locationName:"controlId" min:"36" type:"string" required:"true"` - // The identifier for the specified control set. + // The identifier for the control set. // // ControlSetId is a required field ControlSetId *string `location:"uri" locationName:"controlSetId" min:"1" type:"string" required:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -10919,11 +11598,11 @@ func (s *GetEvidenceFoldersByAssessmentControlInput) SetNextToken(v string) *Get type GetEvidenceFoldersByAssessmentControlOutput struct { _ struct{} `type:"structure"` - // The list of evidence folders returned by the GetEvidenceFoldersByAssessmentControl - // API. + // The list of evidence folders that the GetEvidenceFoldersByAssessmentControl + // API returned. EvidenceFolders []*AssessmentEvidenceFolder `locationName:"evidenceFolders" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -10960,15 +11639,16 @@ func (s *GetEvidenceFoldersByAssessmentControlOutput) SetNextToken(v string) *Ge type GetEvidenceFoldersByAssessmentInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -11033,11 +11713,11 @@ func (s *GetEvidenceFoldersByAssessmentInput) SetNextToken(v string) *GetEvidenc type GetEvidenceFoldersByAssessmentOutput struct { _ struct{} `type:"structure"` - // The list of evidence folders returned by the GetEvidenceFoldersByAssessment - // API. + // The list of evidence folders that the GetEvidenceFoldersByAssessment API + // returned. EvidenceFolders []*AssessmentEvidenceFolder `locationName:"evidenceFolders" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -11074,17 +11754,17 @@ func (s *GetEvidenceFoldersByAssessmentOutput) SetNextToken(v string) *GetEviden type GetEvidenceInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The identifier for the specified control set. + // The identifier for the control set. // // ControlSetId is a required field ControlSetId *string `location:"uri" locationName:"controlSetId" min:"1" type:"string" required:"true"` - // The identifier for the folder in which the evidence is stored. + // The identifier for the folder that the evidence is stored in. // // EvidenceFolderId is a required field EvidenceFolderId *string `location:"uri" locationName:"evidenceFolderId" min:"36" type:"string" required:"true"` @@ -11174,7 +11854,7 @@ func (s *GetEvidenceInput) SetEvidenceId(v string) *GetEvidenceInput { type GetEvidenceOutput struct { _ struct{} `type:"structure"` - // The evidence returned by the GetEvidenceResponse API. + // The evidence that the GetEvidenceResponse API returned. Evidence *Evidence `locationName:"evidence" type:"structure"` } @@ -11227,10 +11907,10 @@ func (s GetOrganizationAdminAccountInput) GoString() string { type GetOrganizationAdminAccountOutput struct { _ struct{} `type:"structure"` - // The identifier for the specified administrator account. + // The identifier for the administrator account. AdminAccountId *string `locationName:"adminAccountId" min:"12" type:"string"` - // The identifier for the specified organization. + // The identifier for the organization. OrganizationId *string `locationName:"organizationId" min:"12" type:"string"` } @@ -11289,7 +11969,7 @@ func (s GetServicesInScopeInput) GoString() string { type GetServicesInScopeOutput struct { _ struct{} `type:"structure"` - // The metadata associated with the Amazon Web Service. + // The metadata that's associated with the Amazon Web Service. ServiceMetadata []*ServiceMetadata `locationName:"serviceMetadata" type:"list"` } @@ -11462,18 +12142,131 @@ func (s *InternalServerException) RequestID() string { return s.RespMetadata.RequestID } +type ListAssessmentFrameworkShareRequestsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // Represents the maximum number of results on a page or for an API request + // call. + MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` + + // The pagination token that's used to fetch the next set of results. + NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` + + // Specifies whether the share request is a sent request or a received request. + // + // RequestType is a required field + RequestType *string `location:"querystring" locationName:"requestType" type:"string" required:"true" enum:"ShareRequestType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAssessmentFrameworkShareRequestsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAssessmentFrameworkShareRequestsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAssessmentFrameworkShareRequestsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAssessmentFrameworkShareRequestsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.RequestType == nil { + invalidParams.Add(request.NewErrParamRequired("RequestType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAssessmentFrameworkShareRequestsInput) SetMaxResults(v int64) *ListAssessmentFrameworkShareRequestsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAssessmentFrameworkShareRequestsInput) SetNextToken(v string) *ListAssessmentFrameworkShareRequestsInput { + s.NextToken = &v + return s +} + +// SetRequestType sets the RequestType field's value. +func (s *ListAssessmentFrameworkShareRequestsInput) SetRequestType(v string) *ListAssessmentFrameworkShareRequestsInput { + s.RequestType = &v + return s +} + +type ListAssessmentFrameworkShareRequestsOutput struct { + _ struct{} `type:"structure"` + + // The list of share requests that the ListAssessmentFrameworkShareRequests + // API returned. + AssessmentFrameworkShareRequests []*AssessmentFrameworkShareRequest `locationName:"assessmentFrameworkShareRequests" type:"list"` + + // The pagination token that's used to fetch the next set of results. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAssessmentFrameworkShareRequestsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAssessmentFrameworkShareRequestsOutput) GoString() string { + return s.String() +} + +// SetAssessmentFrameworkShareRequests sets the AssessmentFrameworkShareRequests field's value. +func (s *ListAssessmentFrameworkShareRequestsOutput) SetAssessmentFrameworkShareRequests(v []*AssessmentFrameworkShareRequest) *ListAssessmentFrameworkShareRequestsOutput { + s.AssessmentFrameworkShareRequests = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAssessmentFrameworkShareRequestsOutput) SetNextToken(v string) *ListAssessmentFrameworkShareRequestsOutput { + s.NextToken = &v + return s +} + type ListAssessmentFrameworksInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The type of framework, such as standard or custom. + // The type of framework, such as a standard framework or a custom framework. // // FrameworkType is a required field FrameworkType *string `location:"querystring" locationName:"frameworkType" type:"string" required:"true" enum:"FrameworkType"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -11535,10 +12328,10 @@ func (s *ListAssessmentFrameworksInput) SetNextToken(v string) *ListAssessmentFr type ListAssessmentFrameworksOutput struct { _ struct{} `type:"structure"` - // The list of metadata objects for the specified framework. + // The list of metadata objects for the framework. FrameworkMetadataList []*AssessmentFrameworkMetadata `locationName:"frameworkMetadataList" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -11575,10 +12368,11 @@ func (s *ListAssessmentFrameworksOutput) SetNextToken(v string) *ListAssessmentF type ListAssessmentReportsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -11631,10 +12425,10 @@ func (s *ListAssessmentReportsInput) SetNextToken(v string) *ListAssessmentRepor type ListAssessmentReportsOutput struct { _ struct{} `type:"structure"` - // The list of assessment reports returned by the ListAssessmentReports API. + // The list of assessment reports that the ListAssessmentReports API returned. AssessmentReports []*AssessmentReportMetadata `locationName:"assessmentReports" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -11671,10 +12465,11 @@ func (s *ListAssessmentReportsOutput) SetNextToken(v string) *ListAssessmentRepo type ListAssessmentsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -11727,10 +12522,10 @@ func (s *ListAssessmentsInput) SetNextToken(v string) *ListAssessmentsInput { type ListAssessmentsOutput struct { _ struct{} `type:"structure"` - // The metadata associated with the assessment. + // The metadata that's associated with the assessment. AssessmentMetadata []*AssessmentMetadataItem `locationName:"assessmentMetadata" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -11767,15 +12562,16 @@ func (s *ListAssessmentsOutput) SetNextToken(v string) *ListAssessmentsOutput { type ListControlsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The type of control, such as standard or custom. + // The type of control, such as a standard control or a custom control. // // ControlType is a required field ControlType *string `location:"querystring" locationName:"controlType" type:"string" required:"true" enum:"ControlType"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -11837,10 +12633,10 @@ func (s *ListControlsInput) SetNextToken(v string) *ListControlsInput { type ListControlsOutput struct { _ struct{} `type:"structure"` - // The list of control metadata objects returned by the ListControls API. + // The list of control metadata objects that the ListControls API returned. ControlMetadataList []*ControlMetadata `locationName:"controlMetadataList" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -11877,13 +12673,14 @@ func (s *ListControlsOutput) SetNextToken(v string) *ListControlsOutput { type ListKeywordsForDataSourceInput struct { _ struct{} `type:"structure" nopayload:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` - // The control mapping data source to which the keywords apply. + // The control mapping data source that the keywords apply to. // // Source is a required field Source *string `location:"querystring" locationName:"source" type:"string" required:"true" enum:"SourceType"` @@ -11947,10 +12744,10 @@ func (s *ListKeywordsForDataSourceInput) SetSource(v string) *ListKeywordsForDat type ListKeywordsForDataSourceOutput struct { _ struct{} `type:"structure"` - // The list of keywords for the specified event mapping source. + // The list of keywords for the event mapping source. Keywords []*string `locationName:"keywords" type:"list"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` } @@ -11987,10 +12784,11 @@ func (s *ListKeywordsForDataSourceOutput) SetNextToken(v string) *ListKeywordsFo type ListNotificationsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // Represents the maximum number of results per page, or per API request call. + // Represents the maximum number of results on a page or for an API request + // call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` } @@ -12043,7 +12841,7 @@ func (s *ListNotificationsInput) SetNextToken(v string) *ListNotificationsInput type ListNotificationsOutput struct { _ struct{} `type:"structure"` - // The pagination token used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // The returned list of notifications. @@ -12083,7 +12881,7 @@ func (s *ListNotificationsOutput) SetNotifications(v []*Notification) *ListNotif type ListTagsForResourceInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The Amazon Resource Name (ARN) of the specified resource. + // The Amazon Resource Name (ARN) of the resource. // // ResourceArn is a required field ResourceArn *string `location:"uri" locationName:"resourceArn" min:"20" type:"string" required:"true"` @@ -12132,7 +12930,7 @@ func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResource type ListTagsForResourceOutput struct { _ struct{} `type:"structure"` - // The list of tags returned by the ListTagsForResource API. + // The list of tags that the ListTagsForResource API returned. Tags map[string]*string `locationName:"tags" type:"map"` } @@ -12160,7 +12958,7 @@ func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForRe return s } -// Evidence that is uploaded to Audit Manager manually. +// Evidence that's uploaded to Audit Manager manually. type ManualEvidence struct { _ struct{} `type:"structure"` @@ -12205,19 +13003,19 @@ func (s *ManualEvidence) SetS3ResourcePath(v string) *ManualEvidence { return s } -// The notification used to inform a user of an update in Audit Manager. For -// example, this includes the notification that is sent when a control set is -// delegated for review. +// The notification that informs a user of an update in Audit Manager. For example, +// this includes the notification that's sent when a control set is delegated +// for review. type Notification struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. AssessmentId *string `locationName:"assessmentId" min:"36" type:"string"` // The name of the related assessment. AssessmentName *string `locationName:"assessmentName" min:"1" type:"string"` - // The identifier for the specified control set. + // The identifier for the control set. ControlSetId *string `locationName:"controlSetId" min:"1" type:"string"` // Specifies the name of the control set that the notification is about. @@ -12392,7 +13190,7 @@ func (s *RegisterAccountOutput) SetStatus(v string) *RegisterAccountOutput { type RegisterOrganizationAdminAccountInput struct { _ struct{} `type:"structure"` - // The identifier for the specified delegated administrator account. + // The identifier for the delegated administrator account. // // AdminAccountId is a required field AdminAccountId *string `locationName:"adminAccountId" min:"12" type:"string" required:"true"` @@ -12441,10 +13239,10 @@ func (s *RegisterOrganizationAdminAccountInput) SetAdminAccountId(v string) *Reg type RegisterOrganizationAdminAccountOutput struct { _ struct{} `type:"structure"` - // The identifier for the specified delegated administrator account. + // The identifier for the delegated administrator account. AdminAccountId *string `locationName:"adminAccountId" min:"12" type:"string"` - // The identifier for the specified organization. + // The identifier for the organization. OrganizationId *string `locationName:"organizationId" min:"12" type:"string"` } @@ -12478,14 +13276,14 @@ func (s *RegisterOrganizationAdminAccountOutput) SetOrganizationId(v string) *Re return s } -// A system asset that is evaluated in an Audit Manager assessment. +// A system asset that's evaluated in an Audit Manager assessment. type Resource struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) for the specified resource. + // The Amazon Resource Name (ARN) for the resource. Arn *string `locationName:"arn" min:"20" type:"string"` - // The value of the specified resource. + // The value of the resource. Value *string `locationName:"value" type:"string"` } @@ -12519,19 +13317,19 @@ func (s *Resource) SetValue(v string) *Resource { return s } -// The resource specified in the request cannot be found. +// The resource that's specified in the request can't be found. type ResourceNotFoundException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` - // The unique identifier for the specified resource. + // The unique identifier for the resource. // // ResourceId is a required field ResourceId *string `locationName:"resourceId" type:"string" required:"true"` - // The type of resource affected by the error. + // The type of resource that's affected by the error. // // ResourceType is a required field ResourceType *string `locationName:"resourceType" type:"string" required:"true"` @@ -12594,7 +13392,7 @@ func (s *ResourceNotFoundException) RequestID() string { } // The wrapper that contains the Audit Manager role information of the current -// user, such as the role type and IAM Amazon Resource Name (ARN). +// user. This includes the role type and IAM Amazon Resource Name (ARN). type Role struct { _ struct{} `type:"structure"` @@ -12654,15 +13452,15 @@ func (s *Role) SetRoleType(v string) *Role { return s } -// The wrapper that contains the Amazon Web Services accounts and services in -// scope for the assessment. +// The wrapper that contains the Amazon Web Services accounts and services that +// are in scope for the assessment. type Scope struct { _ struct{} `type:"structure"` - // The Amazon Web Services accounts included in the scope of the assessment. + // The Amazon Web Services accounts that are included in the scope of the assessment. AwsAccounts []*AWSAccount `locationName:"awsAccounts" type:"list"` - // The Amazon Web Services services included in the scope of the assessment. + // The Amazon Web Services services that are included in the scope of the assessment. AwsServices []*AWSService `locationName:"awsServices" type:"list"` } @@ -12726,15 +13524,15 @@ func (s *Scope) SetAwsServices(v []*AWSService) *Scope { return s } -// The metadata associated with the specified Amazon Web Service. +// The metadata that's associated with the Amazon Web Service. type ServiceMetadata struct { _ struct{} `type:"structure"` - // The category in which the Amazon Web Service belongs, such as compute, storage, - // database, and so on. + // The category that the Amazon Web Service belongs to, such as compute, storage, + // or database. Category *string `locationName:"category" min:"1" type:"string"` - // The description of the specified Amazon Web Service. + // The description of the Amazon Web Service. Description *string `locationName:"description" min:"1" type:"string"` // The display name of the Amazon Web Service. @@ -12859,12 +13657,12 @@ func (s *Settings) SetSnsTopic(v string) *Settings { type SourceKeyword struct { _ struct{} `type:"structure"` - // The method of input for the specified keyword. + // The method of input for the keyword. KeywordInputType *string `locationName:"keywordInputType" type:"string" enum:"KeywordInputType"` - // The value of the keyword used to search CloudTrail logs, Config rules, Security - // Hub checks, and Amazon Web Services API names when mapping a control data - // source. + // The value of the keyword that's used to search CloudTrail logs, Config rules, + // Security Hub checks, and Amazon Web Services API names when mapping a control + // data source. KeywordValue *string `locationName:"keywordValue" min:"1" type:"string"` } @@ -12911,15 +13709,135 @@ func (s *SourceKeyword) SetKeywordValue(v string) *SourceKeyword { return s } +type StartAssessmentFrameworkShareInput struct { + _ struct{} `type:"structure"` + + // An optional comment from the sender about the share request. + Comment *string `locationName:"comment" type:"string"` + + // The Amazon Web Services account of the recipient. + // + // DestinationAccount is a required field + DestinationAccount *string `locationName:"destinationAccount" min:"12" type:"string" required:"true"` + + // The Amazon Web Services Region of the recipient. + // + // DestinationRegion is a required field + DestinationRegion *string `locationName:"destinationRegion" type:"string" required:"true"` + + // The unique identifier for the custom framework to be shared. + // + // FrameworkId is a required field + FrameworkId *string `location:"uri" locationName:"frameworkId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartAssessmentFrameworkShareInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartAssessmentFrameworkShareInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartAssessmentFrameworkShareInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartAssessmentFrameworkShareInput"} + if s.DestinationAccount == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationAccount")) + } + if s.DestinationAccount != nil && len(*s.DestinationAccount) < 12 { + invalidParams.Add(request.NewErrParamMinLen("DestinationAccount", 12)) + } + if s.DestinationRegion == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationRegion")) + } + if s.FrameworkId == nil { + invalidParams.Add(request.NewErrParamRequired("FrameworkId")) + } + if s.FrameworkId != nil && len(*s.FrameworkId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("FrameworkId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetComment sets the Comment field's value. +func (s *StartAssessmentFrameworkShareInput) SetComment(v string) *StartAssessmentFrameworkShareInput { + s.Comment = &v + return s +} + +// SetDestinationAccount sets the DestinationAccount field's value. +func (s *StartAssessmentFrameworkShareInput) SetDestinationAccount(v string) *StartAssessmentFrameworkShareInput { + s.DestinationAccount = &v + return s +} + +// SetDestinationRegion sets the DestinationRegion field's value. +func (s *StartAssessmentFrameworkShareInput) SetDestinationRegion(v string) *StartAssessmentFrameworkShareInput { + s.DestinationRegion = &v + return s +} + +// SetFrameworkId sets the FrameworkId field's value. +func (s *StartAssessmentFrameworkShareInput) SetFrameworkId(v string) *StartAssessmentFrameworkShareInput { + s.FrameworkId = &v + return s +} + +type StartAssessmentFrameworkShareOutput struct { + _ struct{} `type:"structure"` + + // The share request that's created by the StartAssessmentFrameworkShare API. + AssessmentFrameworkShareRequest *AssessmentFrameworkShareRequest `locationName:"assessmentFrameworkShareRequest" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartAssessmentFrameworkShareOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartAssessmentFrameworkShareOutput) GoString() string { + return s.String() +} + +// SetAssessmentFrameworkShareRequest sets the AssessmentFrameworkShareRequest field's value. +func (s *StartAssessmentFrameworkShareOutput) SetAssessmentFrameworkShareRequest(v *AssessmentFrameworkShareRequest) *StartAssessmentFrameworkShareOutput { + s.AssessmentFrameworkShareRequest = v + return s +} + type TagResourceInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the specified resource. + // The Amazon Resource Name (ARN) of the resource. // // ResourceArn is a required field ResourceArn *string `location:"uri" locationName:"resourceArn" min:"20" type:"string" required:"true"` - // The tags to be associated with the resource. + // The tags that are associated with the resource. // // Tags is a required field Tags map[string]*string `locationName:"tags" type:"map" required:"true"` @@ -12996,12 +13914,12 @@ func (s TagResourceOutput) GoString() string { return s.String() } -// A uniform resource locator, used as a unique identifier to locate a resource -// on the internet. +// Short for uniform resource locator. A URL is used as a unique identifier +// to locate a resource on the internet. type URL struct { _ struct{} `type:"structure"` - // The name or word used as a hyperlink to the URL. + // The name or word that's used as a hyperlink to the URL. HyperlinkName *string `locationName:"hyperlinkName" min:"1" type:"string"` // The unique identifier for the internet resource. @@ -13129,25 +14047,25 @@ func (s UntagResourceOutput) GoString() string { type UpdateAssessmentControlInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The comment body text for the specified control. + // The comment body text for the control. CommentBody *string `locationName:"commentBody" type:"string"` - // The identifier for the specified control. + // The identifier for the control. // // ControlId is a required field ControlId *string `location:"uri" locationName:"controlId" min:"36" type:"string" required:"true"` - // The identifier for the specified control set. + // The identifier for the control set. // // ControlSetId is a required field ControlSetId *string `location:"uri" locationName:"controlSetId" min:"1" type:"string" required:"true"` - // The status of the specified control. + // The status of the control. ControlStatus *string `locationName:"controlStatus" type:"string" enum:"ControlStatus"` } @@ -13230,8 +14148,8 @@ func (s *UpdateAssessmentControlInput) SetControlStatus(v string) *UpdateAssessm type UpdateAssessmentControlOutput struct { _ struct{} `type:"structure"` - // The name of the updated control set returned by the UpdateAssessmentControl - // API. + // The name of the updated control set that the UpdateAssessmentControl API + // returned. Control *AssessmentControl `locationName:"control" type:"structure"` } @@ -13262,22 +14180,22 @@ func (s *UpdateAssessmentControlOutput) SetControl(v *AssessmentControl) *Update type UpdateAssessmentControlSetStatusInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The comment related to the status update. + // The comment that's related to the status update. // // Comment is a required field Comment *string `locationName:"comment" type:"string" required:"true"` - // The identifier for the specified control set. + // The identifier for the control set. // // ControlSetId is a required field ControlSetId *string `location:"uri" locationName:"controlSetId" type:"string" required:"true"` - // The status of the control set that is being updated. + // The status of the control set that's being updated. // // Status is a required field Status *string `locationName:"status" type:"string" required:"true" enum:"ControlSetStatus"` @@ -13356,8 +14274,8 @@ func (s *UpdateAssessmentControlSetStatusInput) SetStatus(v string) *UpdateAsses type UpdateAssessmentControlSetStatusOutput struct { _ struct{} `type:"structure"` - // The name of the updated control set returned by the UpdateAssessmentControlSetStatus - // API. + // The name of the updated control set that the UpdateAssessmentControlSetStatus + // API returned. ControlSet *AssessmentControlSet `locationName:"controlSet" type:"structure"` } @@ -13386,11 +14304,11 @@ func (s *UpdateAssessmentControlSetStatusOutput) SetControlSet(v *AssessmentCont } // A controlSet entity that represents a collection of controls in Audit Manager. -// This does not contain the control set ID. +// This doesn't contain the control set ID. type UpdateAssessmentFrameworkControlSet struct { _ struct{} `type:"structure"` - // The list of controls contained within the control set. + // The list of controls that are contained within the control set. Controls []*CreateAssessmentFrameworkControl `locationName:"controls" min:"1" type:"list"` // The unique identifier for the control set. @@ -13477,15 +14395,15 @@ type UpdateAssessmentFrameworkInput struct { // HIPAA. ComplianceType *string `locationName:"complianceType" type:"string"` - // The control sets associated with the framework. + // The control sets that are associated with the framework. // // ControlSets is a required field ControlSets []*UpdateAssessmentFrameworkControlSet `locationName:"controlSets" type:"list" required:"true"` - // The description of the framework that is to be updated. + // The description of the updated framework. Description *string `locationName:"description" min:"1" type:"string"` - // The identifier for the specified framework. + // The identifier for the framework. // // FrameworkId is a required field FrameworkId *string `location:"uri" locationName:"frameworkId" min:"36" type:"string" required:"true"` @@ -13585,7 +14503,7 @@ func (s *UpdateAssessmentFrameworkInput) SetName(v string) *UpdateAssessmentFram type UpdateAssessmentFrameworkOutput struct { _ struct{} `type:"structure"` - // The name of the specified framework. + // The name of the framework. Framework *Framework `locationName:"framework" type:"structure"` } @@ -13613,28 +14531,137 @@ func (s *UpdateAssessmentFrameworkOutput) SetFramework(v *Framework) *UpdateAsse return s } +type UpdateAssessmentFrameworkShareInput struct { + _ struct{} `type:"structure"` + + // Specifies the update action for the share request. + // + // Action is a required field + Action *string `locationName:"action" type:"string" required:"true" enum:"ShareRequestAction"` + + // The unique identifier for the share request. + // + // RequestId is a required field + RequestId *string `location:"uri" locationName:"requestId" min:"36" type:"string" required:"true"` + + // Specifies whether the share request is a sent request or a received request. + // + // RequestType is a required field + RequestType *string `locationName:"requestType" type:"string" required:"true" enum:"ShareRequestType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAssessmentFrameworkShareInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAssessmentFrameworkShareInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateAssessmentFrameworkShareInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateAssessmentFrameworkShareInput"} + if s.Action == nil { + invalidParams.Add(request.NewErrParamRequired("Action")) + } + if s.RequestId == nil { + invalidParams.Add(request.NewErrParamRequired("RequestId")) + } + if s.RequestId != nil && len(*s.RequestId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("RequestId", 36)) + } + if s.RequestType == nil { + invalidParams.Add(request.NewErrParamRequired("RequestType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAction sets the Action field's value. +func (s *UpdateAssessmentFrameworkShareInput) SetAction(v string) *UpdateAssessmentFrameworkShareInput { + s.Action = &v + return s +} + +// SetRequestId sets the RequestId field's value. +func (s *UpdateAssessmentFrameworkShareInput) SetRequestId(v string) *UpdateAssessmentFrameworkShareInput { + s.RequestId = &v + return s +} + +// SetRequestType sets the RequestType field's value. +func (s *UpdateAssessmentFrameworkShareInput) SetRequestType(v string) *UpdateAssessmentFrameworkShareInput { + s.RequestType = &v + return s +} + +type UpdateAssessmentFrameworkShareOutput struct { + _ struct{} `type:"structure"` + + // The updated share request that's returned by the UpdateAssessmentFrameworkShare + // operation. + AssessmentFrameworkShareRequest *AssessmentFrameworkShareRequest `locationName:"assessmentFrameworkShareRequest" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAssessmentFrameworkShareOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAssessmentFrameworkShareOutput) GoString() string { + return s.String() +} + +// SetAssessmentFrameworkShareRequest sets the AssessmentFrameworkShareRequest field's value. +func (s *UpdateAssessmentFrameworkShareOutput) SetAssessmentFrameworkShareRequest(v *AssessmentFrameworkShareRequest) *UpdateAssessmentFrameworkShareOutput { + s.AssessmentFrameworkShareRequest = v + return s +} + type UpdateAssessmentInput struct { _ struct{} `type:"structure"` - // The description of the specified assessment. + // The description of the assessment. AssessmentDescription *string `locationName:"assessmentDescription" type:"string"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The name of the specified assessment to be updated. + // The name of the assessment to be updated. AssessmentName *string `locationName:"assessmentName" min:"1" type:"string"` - // The assessment report storage destination for the specified assessment that - // is being updated. + // The assessment report storage destination for the assessment that's being + // updated. AssessmentReportsDestination *AssessmentReportsDestination `locationName:"assessmentReportsDestination" type:"structure"` - // The list of roles for the specified assessment. + // The list of roles for the assessment. Roles []*Role `locationName:"roles" type:"list"` - // The scope of the specified assessment. + // The scope of the assessment. // // Scope is a required field Scope *Scope `locationName:"scope" type:"structure" required:"true"` @@ -13739,8 +14766,8 @@ func (s *UpdateAssessmentInput) SetScope(v *Scope) *UpdateAssessmentInput { type UpdateAssessmentOutput struct { _ struct{} `type:"structure"` - // The response object (name of the updated assessment) for the UpdateAssessmentRequest - // API. + // The response object for the UpdateAssessmentRequest API. This is the name + // of the updated assessment. Assessment *Assessment `locationName:"assessment" type:"structure"` } @@ -13771,12 +14798,12 @@ func (s *UpdateAssessmentOutput) SetAssessment(v *Assessment) *UpdateAssessmentO type UpdateAssessmentStatusInput struct { _ struct{} `type:"structure"` - // The identifier for the specified assessment. + // The identifier for the assessment. // // AssessmentId is a required field AssessmentId *string `location:"uri" locationName:"assessmentId" min:"36" type:"string" required:"true"` - // The current status of the specified assessment. + // The current status of the assessment. // // Status is a required field Status *string `locationName:"status" type:"string" required:"true" enum:"AssessmentStatus"` @@ -13834,8 +14861,7 @@ func (s *UpdateAssessmentStatusInput) SetStatus(v string) *UpdateAssessmentStatu type UpdateAssessmentStatusOutput struct { _ struct{} `type:"structure"` - // The name of the updated assessment returned by the UpdateAssessmentStatus - // API. + // The name of the updated assessment that the UpdateAssessmentStatus API returned. Assessment *Assessment `locationName:"assessment" type:"structure"` } @@ -13866,18 +14892,18 @@ func (s *UpdateAssessmentStatusOutput) SetAssessment(v *Assessment) *UpdateAsses type UpdateControlInput struct { _ struct{} `type:"structure"` - // The recommended actions to carry out if the control is not fulfilled. + // The recommended actions to carry out if the control isn't fulfilled. ActionPlanInstructions *string `locationName:"actionPlanInstructions" type:"string"` // The title of the action plan for remediating the control. ActionPlanTitle *string `locationName:"actionPlanTitle" type:"string"` - // The identifier for the specified control. + // The identifier for the control. // // ControlId is a required field ControlId *string `location:"uri" locationName:"controlId" min:"36" type:"string" required:"true"` - // The data mapping sources for the specified control. + // The data mapping sources for the control. // // ControlMappingSources is a required field ControlMappingSources []*ControlMappingSource `locationName:"controlMappingSources" min:"1" type:"list" required:"true"` @@ -13885,12 +14911,12 @@ type UpdateControlInput struct { // The optional description of the control. Description *string `locationName:"description" type:"string"` - // The name of the control to be updated. + // The name of the updated control. // // Name is a required field Name *string `locationName:"name" min:"1" type:"string" required:"true"` - // The steps that to follow to determine if the control has been satisfied. + // The steps that you should follow to determine if the control is met. TestingInformation *string `locationName:"testingInformation" type:"string"` } @@ -13995,7 +15021,7 @@ func (s *UpdateControlInput) SetTestingInformation(v string) *UpdateControlInput type UpdateControlOutput struct { _ struct{} `type:"structure"` - // The name of the updated control set returned by the UpdateControl API. + // The name of the updated control set that the UpdateControl API returned. Control *Control `locationName:"control" type:"structure"` } @@ -14035,8 +15061,8 @@ type UpdateSettingsInput struct { // The KMS key details. KmsKey *string `locationName:"kmsKey" min:"7" type:"string"` - // The Amazon Simple Notification Service (Amazon SNS) topic to which Audit - // Manager sends notifications. + // The Amazon Simple Notification Service (Amazon SNS) topic that Audit Manager + // sends notifications to. SnsTopic *string `locationName:"snsTopic" min:"20" type:"string"` } @@ -14147,8 +15173,8 @@ func (s *UpdateSettingsOutput) SetSettings(v *Settings) *UpdateSettingsOutput { type ValidateAssessmentReportIntegrityInput struct { _ struct{} `type:"structure"` - // The relative path of the specified Amazon S3 bucket in which the assessment - // report is stored. + // The relative path of the Amazon S3 bucket that the assessment report is stored + // in. // // S3RelativePath is a required field S3RelativePath *string `locationName:"s3RelativePath" min:"1" type:"string" required:"true"` @@ -14197,7 +15223,7 @@ func (s *ValidateAssessmentReportIntegrityInput) SetS3RelativePath(v string) *Va type ValidateAssessmentReportIntegrityOutput struct { _ struct{} `type:"structure"` - // The signature algorithm used to code sign the assessment report file. + // The signature algorithm that's used to code sign the assessment report file. SignatureAlgorithm *string `locationName:"signatureAlgorithm" type:"string"` // The date and time signature that specifies when the assessment report was @@ -14332,8 +15358,7 @@ func (s *ValidationException) RequestID() string { return s.RespMetadata.RequestID } -// Indicates that the request has invalid or missing parameters for the specified -// field. +// Indicates that the request has invalid or missing parameters for the field. type ValidationExceptionField struct { _ struct{} `type:"structure"` @@ -14686,6 +15711,82 @@ func SettingAttribute_Values() []string { } } +const ( + // ShareRequestActionAccept is a ShareRequestAction enum value + ShareRequestActionAccept = "ACCEPT" + + // ShareRequestActionDecline is a ShareRequestAction enum value + ShareRequestActionDecline = "DECLINE" + + // ShareRequestActionRevoke is a ShareRequestAction enum value + ShareRequestActionRevoke = "REVOKE" +) + +// ShareRequestAction_Values returns all elements of the ShareRequestAction enum +func ShareRequestAction_Values() []string { + return []string{ + ShareRequestActionAccept, + ShareRequestActionDecline, + ShareRequestActionRevoke, + } +} + +const ( + // ShareRequestStatusActive is a ShareRequestStatus enum value + ShareRequestStatusActive = "ACTIVE" + + // ShareRequestStatusReplicating is a ShareRequestStatus enum value + ShareRequestStatusReplicating = "REPLICATING" + + // ShareRequestStatusShared is a ShareRequestStatus enum value + ShareRequestStatusShared = "SHARED" + + // ShareRequestStatusExpiring is a ShareRequestStatus enum value + ShareRequestStatusExpiring = "EXPIRING" + + // ShareRequestStatusFailed is a ShareRequestStatus enum value + ShareRequestStatusFailed = "FAILED" + + // ShareRequestStatusExpired is a ShareRequestStatus enum value + ShareRequestStatusExpired = "EXPIRED" + + // ShareRequestStatusDeclined is a ShareRequestStatus enum value + ShareRequestStatusDeclined = "DECLINED" + + // ShareRequestStatusRevoked is a ShareRequestStatus enum value + ShareRequestStatusRevoked = "REVOKED" +) + +// ShareRequestStatus_Values returns all elements of the ShareRequestStatus enum +func ShareRequestStatus_Values() []string { + return []string{ + ShareRequestStatusActive, + ShareRequestStatusReplicating, + ShareRequestStatusShared, + ShareRequestStatusExpiring, + ShareRequestStatusFailed, + ShareRequestStatusExpired, + ShareRequestStatusDeclined, + ShareRequestStatusRevoked, + } +} + +const ( + // ShareRequestTypeSent is a ShareRequestType enum value + ShareRequestTypeSent = "SENT" + + // ShareRequestTypeReceived is a ShareRequestType enum value + ShareRequestTypeReceived = "RECEIVED" +) + +// ShareRequestType_Values returns all elements of the ShareRequestType enum +func ShareRequestType_Values() []string { + return []string{ + ShareRequestTypeSent, + ShareRequestTypeReceived, + } +} + const ( // SourceFrequencyDaily is a SourceFrequency enum value SourceFrequencyDaily = "DAILY" diff --git a/service/auditmanager/auditmanageriface/interface.go b/service/auditmanager/auditmanageriface/interface.go index 5d9d8fd726f..d13038cc0d2 100644 --- a/service/auditmanager/auditmanageriface/interface.go +++ b/service/auditmanager/auditmanageriface/interface.go @@ -108,6 +108,10 @@ type AuditManagerAPI interface { DeleteAssessmentFrameworkWithContext(aws.Context, *auditmanager.DeleteAssessmentFrameworkInput, ...request.Option) (*auditmanager.DeleteAssessmentFrameworkOutput, error) DeleteAssessmentFrameworkRequest(*auditmanager.DeleteAssessmentFrameworkInput) (*request.Request, *auditmanager.DeleteAssessmentFrameworkOutput) + DeleteAssessmentFrameworkShare(*auditmanager.DeleteAssessmentFrameworkShareInput) (*auditmanager.DeleteAssessmentFrameworkShareOutput, error) + DeleteAssessmentFrameworkShareWithContext(aws.Context, *auditmanager.DeleteAssessmentFrameworkShareInput, ...request.Option) (*auditmanager.DeleteAssessmentFrameworkShareOutput, error) + DeleteAssessmentFrameworkShareRequest(*auditmanager.DeleteAssessmentFrameworkShareInput) (*request.Request, *auditmanager.DeleteAssessmentFrameworkShareOutput) + DeleteAssessmentReport(*auditmanager.DeleteAssessmentReportInput) (*auditmanager.DeleteAssessmentReportOutput, error) DeleteAssessmentReportWithContext(aws.Context, *auditmanager.DeleteAssessmentReportInput, ...request.Option) (*auditmanager.DeleteAssessmentReportOutput, error) DeleteAssessmentReportRequest(*auditmanager.DeleteAssessmentReportInput) (*request.Request, *auditmanager.DeleteAssessmentReportOutput) @@ -203,6 +207,13 @@ type AuditManagerAPI interface { GetSettingsWithContext(aws.Context, *auditmanager.GetSettingsInput, ...request.Option) (*auditmanager.GetSettingsOutput, error) GetSettingsRequest(*auditmanager.GetSettingsInput) (*request.Request, *auditmanager.GetSettingsOutput) + ListAssessmentFrameworkShareRequests(*auditmanager.ListAssessmentFrameworkShareRequestsInput) (*auditmanager.ListAssessmentFrameworkShareRequestsOutput, error) + ListAssessmentFrameworkShareRequestsWithContext(aws.Context, *auditmanager.ListAssessmentFrameworkShareRequestsInput, ...request.Option) (*auditmanager.ListAssessmentFrameworkShareRequestsOutput, error) + ListAssessmentFrameworkShareRequestsRequest(*auditmanager.ListAssessmentFrameworkShareRequestsInput) (*request.Request, *auditmanager.ListAssessmentFrameworkShareRequestsOutput) + + ListAssessmentFrameworkShareRequestsPages(*auditmanager.ListAssessmentFrameworkShareRequestsInput, func(*auditmanager.ListAssessmentFrameworkShareRequestsOutput, bool) bool) error + ListAssessmentFrameworkShareRequestsPagesWithContext(aws.Context, *auditmanager.ListAssessmentFrameworkShareRequestsInput, func(*auditmanager.ListAssessmentFrameworkShareRequestsOutput, bool) bool, ...request.Option) error + ListAssessmentFrameworks(*auditmanager.ListAssessmentFrameworksInput) (*auditmanager.ListAssessmentFrameworksOutput, error) ListAssessmentFrameworksWithContext(aws.Context, *auditmanager.ListAssessmentFrameworksInput, ...request.Option) (*auditmanager.ListAssessmentFrameworksOutput, error) ListAssessmentFrameworksRequest(*auditmanager.ListAssessmentFrameworksInput) (*request.Request, *auditmanager.ListAssessmentFrameworksOutput) @@ -257,6 +268,10 @@ type AuditManagerAPI interface { RegisterOrganizationAdminAccountWithContext(aws.Context, *auditmanager.RegisterOrganizationAdminAccountInput, ...request.Option) (*auditmanager.RegisterOrganizationAdminAccountOutput, error) RegisterOrganizationAdminAccountRequest(*auditmanager.RegisterOrganizationAdminAccountInput) (*request.Request, *auditmanager.RegisterOrganizationAdminAccountOutput) + StartAssessmentFrameworkShare(*auditmanager.StartAssessmentFrameworkShareInput) (*auditmanager.StartAssessmentFrameworkShareOutput, error) + StartAssessmentFrameworkShareWithContext(aws.Context, *auditmanager.StartAssessmentFrameworkShareInput, ...request.Option) (*auditmanager.StartAssessmentFrameworkShareOutput, error) + StartAssessmentFrameworkShareRequest(*auditmanager.StartAssessmentFrameworkShareInput) (*request.Request, *auditmanager.StartAssessmentFrameworkShareOutput) + TagResource(*auditmanager.TagResourceInput) (*auditmanager.TagResourceOutput, error) TagResourceWithContext(aws.Context, *auditmanager.TagResourceInput, ...request.Option) (*auditmanager.TagResourceOutput, error) TagResourceRequest(*auditmanager.TagResourceInput) (*request.Request, *auditmanager.TagResourceOutput) @@ -281,6 +296,10 @@ type AuditManagerAPI interface { UpdateAssessmentFrameworkWithContext(aws.Context, *auditmanager.UpdateAssessmentFrameworkInput, ...request.Option) (*auditmanager.UpdateAssessmentFrameworkOutput, error) UpdateAssessmentFrameworkRequest(*auditmanager.UpdateAssessmentFrameworkInput) (*request.Request, *auditmanager.UpdateAssessmentFrameworkOutput) + UpdateAssessmentFrameworkShare(*auditmanager.UpdateAssessmentFrameworkShareInput) (*auditmanager.UpdateAssessmentFrameworkShareOutput, error) + UpdateAssessmentFrameworkShareWithContext(aws.Context, *auditmanager.UpdateAssessmentFrameworkShareInput, ...request.Option) (*auditmanager.UpdateAssessmentFrameworkShareOutput, error) + UpdateAssessmentFrameworkShareRequest(*auditmanager.UpdateAssessmentFrameworkShareInput) (*request.Request, *auditmanager.UpdateAssessmentFrameworkShareOutput) + UpdateAssessmentStatus(*auditmanager.UpdateAssessmentStatusInput) (*auditmanager.UpdateAssessmentStatusOutput, error) UpdateAssessmentStatusWithContext(aws.Context, *auditmanager.UpdateAssessmentStatusInput, ...request.Option) (*auditmanager.UpdateAssessmentStatusOutput, error) UpdateAssessmentStatusRequest(*auditmanager.UpdateAssessmentStatusInput) (*request.Request, *auditmanager.UpdateAssessmentStatusOutput) diff --git a/service/auditmanager/doc.go b/service/auditmanager/doc.go index 6c1dd3999c6..670615930df 100644 --- a/service/auditmanager/doc.go +++ b/service/auditmanager/doc.go @@ -8,15 +8,16 @@ // types, and errors. // // Audit Manager is a service that provides automated evidence collection so -// that you can continuously audit your Amazon Web Services usage, and assess -// the effectiveness of your controls to better manage risk and simplify compliance. -// -// Audit Manager provides pre-built frameworks that structure and automate assessments -// for a given compliance standard. Frameworks include a pre-built collection -// of controls with descriptions and testing procedures, which are grouped according -// to the requirements of the specified compliance standard or regulation. You -// can also customize frameworks and controls to support internal audits with -// unique requirements. +// that you can continually audit your Amazon Web Services usage. You can use +// it to assess the effectiveness of your controls, manage risk, and simplify +// compliance. +// +// Audit Manager provides prebuilt frameworks that structure and automate assessments +// for a given compliance standard. Frameworks include a prebuilt collection +// of controls with descriptions and testing procedures. These controls are +// grouped according to the requirements of the specified compliance standard +// or regulation. You can also customize frameworks and controls to support +// internal audits with specific requirements. // // Use the following links to get started with the Audit Manager API: // diff --git a/service/auditmanager/errors.go b/service/auditmanager/errors.go index f583bbd9178..ece71ff4fb8 100644 --- a/service/auditmanager/errors.go +++ b/service/auditmanager/errors.go @@ -11,7 +11,7 @@ const ( // ErrCodeAccessDeniedException for service response error code // "AccessDeniedException". // - // Your account is not registered with Audit Manager. Check the delegated administrator + // Your account isn't registered with Audit Manager. Check the delegated administrator // setup on the Audit Manager settings page, and try again. ErrCodeAccessDeniedException = "AccessDeniedException" @@ -25,7 +25,7 @@ const ( // ErrCodeResourceNotFoundException for service response error code // "ResourceNotFoundException". // - // The resource specified in the request cannot be found. + // The resource that's specified in the request can't be found. ErrCodeResourceNotFoundException = "ResourceNotFoundException" // ErrCodeValidationException for service response error code diff --git a/service/ec2/api.go b/service/ec2/api.go index 1859dc718ba..e9b3ae5443d 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -142236,6 +142236,12 @@ type VpnConnection struct { // Classic VPN connection. Category *string `locationName:"category" type:"string"` + // The ARN of the core network. + CoreNetworkArn *string `locationName:"coreNetworkArn" type:"string"` + + // The ARN of the core network attachment. + CoreNetworkAttachmentArn *string `locationName:"coreNetworkAttachmentArn" type:"string"` + // The configuration information for the VPN connection's customer gateway (in // the native XML format). This element is always present in the CreateVpnConnection // response; however, it's present in the DescribeVpnConnections response only @@ -142245,6 +142251,9 @@ type VpnConnection struct { // The ID of the customer gateway at your end of the VPN connection. CustomerGatewayId *string `locationName:"customerGatewayId" type:"string"` + // The current state of the gateway association. + GatewayAssociationState *string `locationName:"gatewayAssociationState" type:"string"` + // The VPN connection options. Options *VpnConnectionOptions `locationName:"options" type:"structure"` @@ -142298,6 +142307,18 @@ func (s *VpnConnection) SetCategory(v string) *VpnConnection { return s } +// SetCoreNetworkArn sets the CoreNetworkArn field's value. +func (s *VpnConnection) SetCoreNetworkArn(v string) *VpnConnection { + s.CoreNetworkArn = &v + return s +} + +// SetCoreNetworkAttachmentArn sets the CoreNetworkAttachmentArn field's value. +func (s *VpnConnection) SetCoreNetworkAttachmentArn(v string) *VpnConnection { + s.CoreNetworkAttachmentArn = &v + return s +} + // SetCustomerGatewayConfiguration sets the CustomerGatewayConfiguration field's value. func (s *VpnConnection) SetCustomerGatewayConfiguration(v string) *VpnConnection { s.CustomerGatewayConfiguration = &v @@ -142310,6 +142331,12 @@ func (s *VpnConnection) SetCustomerGatewayId(v string) *VpnConnection { return s } +// SetGatewayAssociationState sets the GatewayAssociationState field's value. +func (s *VpnConnection) SetGatewayAssociationState(v string) *VpnConnection { + s.GatewayAssociationState = &v + return s +} + // SetOptions sets the Options field's value. func (s *VpnConnection) SetOptions(v *VpnConnectionOptions) *VpnConnection { s.Options = v diff --git a/service/rds/api.go b/service/rds/api.go index c595c4f429c..f13fb694087 100644 --- a/service/rds/api.go +++ b/service/rds/api.go @@ -159,6 +159,8 @@ func (c *RDS) AddRoleToDBInstanceRequest(input *AddRoleToDBInstanceInput) (req * // // To add a role to a DB instance, the status of the DB instance must be available. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -897,9 +899,9 @@ func (c *RDS) CopyDBClusterSnapshotRequest(input *CopyDBClusterSnapshotInput) (r // action that can be executed in the source Amazon Web Services Region that // contains the encrypted DB cluster snapshot to be copied. The pre-signed // URL request must contain the following parameter values: KmsKeyId - The -// Amazon Web Services KMS key identifier for the customer master key (CMK) -// to use to encrypt the copy of the DB cluster snapshot in the destination -// Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot +// Amazon Web Services KMS key identifier for the KMS key to use to encrypt +// the copy of the DB cluster snapshot in the destination Amazon Web Services +// Region. This is the same identifier for both the CopyDBClusterSnapshot // action that is called in the destination Amazon Web Services Region, and // the action contained in the pre-signed URL. DestinationRegion - The name // of the Amazon Web Services Region that the DB cluster snapshot is to be @@ -1127,6 +1129,8 @@ func (c *RDS) CopyDBSnapshotRequest(input *CopyDBSnapshotInput) (req *request.Re // action is the destination Amazon Web Services Region for the DB snapshot // copy. // +// This command doesn't apply to RDS Custom. +// // For more information about copying snapshots, see Copying a DB Snapshot (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html#USER_CopyDBSnapshot) // in the Amazon RDS User Guide. // @@ -1356,6 +1360,127 @@ func (c *RDS) CreateCustomAvailabilityZoneWithContext(ctx aws.Context, input *Cr return out, req.Send() } +const opCreateCustomDBEngineVersion = "CreateCustomDBEngineVersion" + +// CreateCustomDBEngineVersionRequest generates a "aws/request.Request" representing the +// client's request for the CreateCustomDBEngineVersion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateCustomDBEngineVersion for more information on using the CreateCustomDBEngineVersion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateCustomDBEngineVersionRequest method. +// req, resp := client.CreateCustomDBEngineVersionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateCustomDBEngineVersion +func (c *RDS) CreateCustomDBEngineVersionRequest(input *CreateCustomDBEngineVersionInput) (req *request.Request, output *CreateCustomDBEngineVersionOutput) { + op := &request.Operation{ + Name: opCreateCustomDBEngineVersion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateCustomDBEngineVersionInput{} + } + + output = &CreateCustomDBEngineVersionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateCustomDBEngineVersion API operation for Amazon Relational Database Service. +// +// Creates a custom DB engine version (CEV). A CEV is a binary volume snapshot +// of a database engine and specific AMI. The only supported engine is Oracle +// Database 19c Enterprise Edition with the January 2021 or later RU/RUR. For +// more information, see Amazon RDS Custom requirements and limitations (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest) +// in the Amazon RDS User Guide. +// +// Amazon RDS, which is a fully managed service, supplies the Amazon Machine +// Image (AMI) and database software. The Amazon RDS database software is preinstalled, +// so you need only select a DB engine and version, and create your database. +// With Amazon RDS Custom, you upload your database installation files in Amazon +// S3. For more information, see Preparing to create a CEV (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.html#custom-cev.preparing) +// in the Amazon RDS User Guide. +// +// When you create a custom engine version, you specify the files in a JSON +// document called a CEV manifest. This document describes installation .zip +// files stored in Amazon S3. RDS Custom creates your CEV from the installation +// files that you provided. This service model is called Bring Your Own Media +// (BYOM). +// +// Creation takes approximately two hours. If creation fails, RDS Custom issues +// RDS-EVENT-0196 with the message Creation failed for custom engine version, +// and includes details about the failure. For example, the event prints missing +// files. +// +// After you create the CEV, it is available for use. You can create multiple +// CEVs, and create multiple RDS Custom instances from any CEV. You can also +// change the status of a CEV to make it available or inactive. +// +// The MediaImport service that imports files from Amazon S3 to create CEVs +// isn't integrated with Amazon Web Services CloudTrail. If you turn on data +// logging for Amazon RDS in CloudTrail, calls to the CreateCustomDbEngineVersion +// event aren't logged. However, you might see calls from the API gateway that +// accesses your Amazon S3 bucket. These calls originate from the MediaImport +// service for the CreateCustomDbEngineVersion event. +// +// For more information, see Creating a CEV (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.create) +// in the Amazon RDS User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation CreateCustomDBEngineVersion for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCustomDBEngineVersionAlreadyExistsFault "CustomDBEngineVersionAlreadyExistsFault" +// A CEV with the specified name already exists. +// +// * ErrCodeCustomDBEngineVersionQuotaExceededFault "CustomDBEngineVersionQuotaExceededFault" +// You have exceeded your CEV quota. +// +// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateCustomDBEngineVersion +func (c *RDS) CreateCustomDBEngineVersion(input *CreateCustomDBEngineVersionInput) (*CreateCustomDBEngineVersionOutput, error) { + req, out := c.CreateCustomDBEngineVersionRequest(input) + return out, req.Send() +} + +// CreateCustomDBEngineVersionWithContext is the same as CreateCustomDBEngineVersion with the addition of +// the ability to pass a context and additional request options. +// +// See CreateCustomDBEngineVersion for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) CreateCustomDBEngineVersionWithContext(ctx aws.Context, input *CreateCustomDBEngineVersionInput, opts ...request.Option) (*CreateCustomDBEngineVersionOutput, error) { + req, out := c.CreateCustomDBEngineVersionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateDBCluster = "CreateDBCluster" // CreateDBClusterRequest generates a "aws/request.Request" representing the @@ -2160,6 +2285,8 @@ func (c *RDS) CreateDBParameterGroupRequest(input *CreateDBParameterGroupInput) // DB instance without failover for the new DB parameter group and associated // settings to take effect. // +// This command doesn't apply to RDS Custom. +// // After you create a DB parameter group, you should wait at least 5 minutes // before creating your first DB instance that uses that DB parameter group // as the default parameter group. This allows Amazon RDS to fully complete @@ -2935,6 +3062,8 @@ func (c *RDS) CreateOptionGroupRequest(input *CreateOptionGroupInput) (req *requ // // Creates a new option group. You can create up to 20 option groups. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3060,6 +3189,107 @@ func (c *RDS) DeleteCustomAvailabilityZoneWithContext(ctx aws.Context, input *De return out, req.Send() } +const opDeleteCustomDBEngineVersion = "DeleteCustomDBEngineVersion" + +// DeleteCustomDBEngineVersionRequest generates a "aws/request.Request" representing the +// client's request for the DeleteCustomDBEngineVersion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteCustomDBEngineVersion for more information on using the DeleteCustomDBEngineVersion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteCustomDBEngineVersionRequest method. +// req, resp := client.DeleteCustomDBEngineVersionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteCustomDBEngineVersion +func (c *RDS) DeleteCustomDBEngineVersionRequest(input *DeleteCustomDBEngineVersionInput) (req *request.Request, output *DeleteCustomDBEngineVersionOutput) { + op := &request.Operation{ + Name: opDeleteCustomDBEngineVersion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteCustomDBEngineVersionInput{} + } + + output = &DeleteCustomDBEngineVersionOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteCustomDBEngineVersion API operation for Amazon Relational Database Service. +// +// Deletes a custom engine version. To run this command, make sure you meet +// the following prerequisites: +// +// * The CEV must not be the default for RDS Custom. If it is, change the +// default before running this command. +// +// * The CEV must not be associated with an RDS Custom DB instance, RDS Custom +// instance snapshot, or automated backup of your RDS Custom instance. +// +// Typically, deletion takes a few minutes. +// +// The MediaImport service that imports files from Amazon S3 to create CEVs +// isn't integrated with Amazon Web Services CloudTrail. If you turn on data +// logging for Amazon RDS in CloudTrail, calls to the DeleteCustomDbEngineVersion +// event aren't logged. However, you might see calls from the API gateway that +// accesses your Amazon S3 bucket. These calls originate from the MediaImport +// service for the DeleteCustomDbEngineVersion event. +// +// For more information, see Deleting a CEV (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.delete) +// in the Amazon RDS User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DeleteCustomDBEngineVersion for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCustomDBEngineVersionNotFoundFault "CustomDBEngineVersionNotFoundFault" +// The specified CEV was not found. +// +// * ErrCodeInvalidCustomDBEngineVersionStateFault "InvalidCustomDBEngineVersionStateFault" +// You can't delete the CEV. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteCustomDBEngineVersion +func (c *RDS) DeleteCustomDBEngineVersion(input *DeleteCustomDBEngineVersionInput) (*DeleteCustomDBEngineVersionOutput, error) { + req, out := c.DeleteCustomDBEngineVersionRequest(input) + return out, req.Send() +} + +// DeleteCustomDBEngineVersionWithContext is the same as DeleteCustomDBEngineVersion with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteCustomDBEngineVersion for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DeleteCustomDBEngineVersionWithContext(ctx aws.Context, input *DeleteCustomDBEngineVersionInput, opts ...request.Option) (*DeleteCustomDBEngineVersionOutput, error) { + req, out := c.DeleteCustomDBEngineVersionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteDBCluster = "DeleteDBCluster" // DeleteDBClusterRequest generates a "aws/request.Request" representing the @@ -6351,6 +6581,8 @@ func (c *RDS) DescribeDBLogFilesRequest(input *DescribeDBLogFilesInput) (req *re // // Returns a list of DB log files for the DB instance. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9777,6 +10009,8 @@ func (c *RDS) DescribeValidDBInstanceModificationsRequest(input *DescribeValidDB // you can make to your DB instance. You can use this information when you call // ModifyDBInstance. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9865,6 +10099,8 @@ func (c *RDS) DownloadDBLogFilePortionRequest(input *DownloadDBLogFilePortionInp // // Downloads all or a portion of the specified log file, up to 1 MB in size. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -10552,6 +10788,99 @@ func (c *RDS) ModifyCurrentDBClusterCapacityWithContext(ctx aws.Context, input * return out, req.Send() } +const opModifyCustomDBEngineVersion = "ModifyCustomDBEngineVersion" + +// ModifyCustomDBEngineVersionRequest generates a "aws/request.Request" representing the +// client's request for the ModifyCustomDBEngineVersion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyCustomDBEngineVersion for more information on using the ModifyCustomDBEngineVersion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyCustomDBEngineVersionRequest method. +// req, resp := client.ModifyCustomDBEngineVersionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCustomDBEngineVersion +func (c *RDS) ModifyCustomDBEngineVersionRequest(input *ModifyCustomDBEngineVersionInput) (req *request.Request, output *ModifyCustomDBEngineVersionOutput) { + op := &request.Operation{ + Name: opModifyCustomDBEngineVersion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyCustomDBEngineVersionInput{} + } + + output = &ModifyCustomDBEngineVersionOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyCustomDBEngineVersion API operation for Amazon Relational Database Service. +// +// Modifies the status of a custom engine version (CEV). You can find CEVs to +// modify by calling DescribeDBEngineVersions. +// +// The MediaImport service that imports files from Amazon S3 to create CEVs +// isn't integrated with Amazon Web Services CloudTrail. If you turn on data +// logging for Amazon RDS in CloudTrail, calls to the ModifyCustomDbEngineVersion +// event aren't logged. However, you might see calls from the API gateway that +// accesses your Amazon S3 bucket. These calls originate from the MediaImport +// service for the ModifyCustomDbEngineVersion event. +// +// For more information, see Modifying CEV status (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest) +// in the Amazon RDS User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyCustomDBEngineVersion for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCustomDBEngineVersionNotFoundFault "CustomDBEngineVersionNotFoundFault" +// The specified CEV was not found. +// +// * ErrCodeInvalidCustomDBEngineVersionStateFault "InvalidCustomDBEngineVersionStateFault" +// You can't delete the CEV. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCustomDBEngineVersion +func (c *RDS) ModifyCustomDBEngineVersion(input *ModifyCustomDBEngineVersionInput) (*ModifyCustomDBEngineVersionOutput, error) { + req, out := c.ModifyCustomDBEngineVersionRequest(input) + return out, req.Send() +} + +// ModifyCustomDBEngineVersionWithContext is the same as ModifyCustomDBEngineVersion with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyCustomDBEngineVersion for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyCustomDBEngineVersionWithContext(ctx aws.Context, input *ModifyCustomDBEngineVersionInput, opts ...request.Option) (*ModifyCustomDBEngineVersionOutput, error) { + req, out := c.ModifyCustomDBEngineVersionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyDBCluster = "ModifyDBCluster" // ModifyDBClusterRequest generates a "aws/request.Request" representing the @@ -11537,7 +11866,8 @@ func (c *RDS) ModifyDBSnapshotRequest(input *ModifyDBSnapshotInput) (req *reques // Updates a manual DB snapshot with a new engine version. The snapshot can // be encrypted or unencrypted, but not shared or public. // -// Amazon RDS supports upgrading DB snapshots for MySQL, Oracle, and PostgreSQL. +// Amazon RDS supports upgrading DB snapshots for MySQL, PostgreSQL, and Oracle. +// This command doesn't apply to RDS Custom. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12107,7 +12437,8 @@ func (c *RDS) PromoteReadReplicaRequest(input *PromoteReadReplicaInput) (req *re // backup window so that daily backups do not interfere with read replica // promotion. // -// * This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. +// * This command doesn't apply to Aurora MySQL, Aurora PostgreSQL, or RDS +// Custom. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12370,6 +12701,8 @@ func (c *RDS) RebootDBInstanceRequest(input *RebootDBInstanceInput) (req *reques // For more information about rebooting, see Rebooting a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RebootInstance.html) // in the Amazon RDS User Guide. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -13825,6 +14158,8 @@ func (c *RDS) RestoreDBInstanceFromS3Request(input *RestoreDBInstanceFromS3Input // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html) // in the Amazon RDS User Guide. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -14411,8 +14746,8 @@ func (c *RDS) StartDBInstanceRequest(input *StartDBInstanceInput) (req *request. // Stopped (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_StartInstance.html) // in the Amazon RDS User Guide. // -// This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora -// DB clusters, use StartDBCluster instead. +// This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. +// For Aurora DB clusters, use StartDBCluster instead. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14532,6 +14867,8 @@ func (c *RDS) StartDBInstanceAutomatedBackupsReplicationRequest(input *StartDBIn // Enables replication of automated backups to a different Amazon Web Services // Region. // +// This command doesn't apply to RDS Custom. +// // For more information, see Replicating Automated Backups to Another Amazon // Web Services Region (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) // in the Amazon RDS User Guide. @@ -14630,6 +14967,8 @@ func (c *RDS) StartExportTaskRequest(input *StartExportTaskInput) (req *request. // Starts an export of a snapshot to Amazon S3. The provided IAM role must have // access to the S3 bucket. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -14932,8 +15271,8 @@ func (c *RDS) StopDBInstanceRequest(input *StopDBInstanceInput) (req *request.Re // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_StopInstance.html) // in the Amazon RDS User Guide. // -// This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora -// clusters, use StopDBCluster instead. +// This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. +// For Aurora clusters, use StopDBCluster instead. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -15026,6 +15365,8 @@ func (c *RDS) StopDBInstanceAutomatedBackupsReplicationRequest(input *StopDBInst // // Stops automated backup replication for a DB instance. // +// This command doesn't apply to RDS Custom. +// // For more information, see Replicating Automated Backups to Another Amazon // Web Services Region (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) // in the Amazon RDS User Guide. @@ -15207,7 +15548,7 @@ type AddRoleToDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` // The name of the feature for the DB cluster that the IAM role is to be associated - // with. For the list of supported feature names, see DBEngineVersion. + // with. For information about supported feature names, see DBEngineVersion. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role to associate with the Aurora @@ -15300,7 +15641,7 @@ type AddRoleToDBInstanceInput struct { DBInstanceIdentifier *string `type:"string" required:"true"` // The name of the feature for the DB instance that the IAM role is to be associated - // with. For the list of supported feature names, see DBEngineVersion. + // with. For information about supported feature names, see DBEngineVersion. // // FeatureName is a required field FeatureName *string `type:"string" required:"true"` @@ -16195,11 +16536,10 @@ type CancelExportTaskOutput struct { // a snapshot. IamRoleArn *string `type:"string"` - // The key identifier of the Amazon Web Services KMS customer master key (CMK) - // that is used to encrypt the snapshot when it's exported to Amazon S3. The - // Amazon Web Services KMS CMK identifier is its key ARN, key ID, alias ARN, - // or alias name. The IAM role used for the snapshot export must have encryption - // and decryption permissions to use this Amazon Web Services KMS CMK. + // The key identifier of the Amazon Web Services KMS key that is used to encrypt + // the snapshot when it's exported to Amazon S3. The KMS key identifier is its + // key ARN, key ID, alias ARN, or alias name. The IAM role used for the snapshot + // export must have encryption and decryption permissions to use this KMS key. KmsKeyId *string `type:"string"` // The progress of the snapshot export task as a percentage. @@ -16941,13 +17281,13 @@ type CopyDBClusterSnapshotInput struct { // The Amazon Web Services KMS key identifier for an encrypted DB cluster snapshot. // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias - // ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). + // ARN, or alias name for the Amazon Web Services KMS key. // // If you copy an encrypted DB cluster snapshot from your Amazon Web Services // account, you can specify a value for KmsKeyId to encrypt the copy with a - // new Amazon Web Services KMS CMK. If you don't specify a value for KmsKeyId, - // then the copy of the DB cluster snapshot is encrypted with the same Amazon - // Web Services KMS key as the source DB cluster snapshot. + // new KMS key. If you don't specify a value for KmsKeyId, then the copy of + // the DB cluster snapshot is encrypted with the same KMS key as the source + // DB cluster snapshot. // // If you copy an encrypted DB cluster snapshot that is shared from another // Amazon Web Services account, then you must specify a value for KmsKeyId. @@ -16955,9 +17295,9 @@ type CopyDBClusterSnapshotInput struct { // To copy an encrypted DB cluster snapshot to another Amazon Web Services Region, // you must set KmsKeyId to the Amazon Web Services KMS key identifier you want // to use to encrypt the copy of the DB cluster snapshot in the destination - // Amazon Web Services Region. Amazon Web Services KMS CMKs are specific to - // the Amazon Web Services Region that they are created in, and you can't use - // CMKs from one Amazon Web Services Region in another Amazon Web Services Region. + // Amazon Web Services Region. KMS keys are specific to the Amazon Web Services + // Region that they are created in, and you can't use KMS keys from one Amazon + // Web Services Region in another Amazon Web Services Region. // // If you copy an unencrypted DB cluster snapshot and specify a value for the // KmsKeyId parameter, an error is returned. @@ -16975,12 +17315,11 @@ type CopyDBClusterSnapshotInput struct { // that contains the encrypted DB cluster snapshot to be copied. The pre-signed // URL request must contain the following parameter values: // - // * KmsKeyId - The Amazon Web Services KMS key identifier for the customer - // master key (CMK) to use to encrypt the copy of the DB cluster snapshot - // in the destination Amazon Web Services Region. This is the same identifier - // for both the CopyDBClusterSnapshot action that is called in the destination - // Amazon Web Services Region, and the action contained in the pre-signed - // URL. + // * KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key + // to use to encrypt the copy of the DB cluster snapshot in the destination + // Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot + // action that is called in the destination Amazon Web Services Region, and + // the action contained in the pre-signed URL. // // * DestinationRegion - The name of the Amazon Web Services Region that // the DB cluster snapshot is to be created in. @@ -17316,13 +17655,13 @@ type CopyDBSnapshotInput struct { // The Amazon Web Services KMS key identifier for an encrypted DB snapshot. // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias - // ARN, or alias name for the Amazon Web Services KMS customer master key (CMK). + // ARN, or alias name for the KMS key. // // If you copy an encrypted DB snapshot from your Amazon Web Services account, // you can specify a value for this parameter to encrypt the copy with a new - // Amazon Web Services KMS CMK. If you don't specify a value for this parameter, - // then the copy of the DB snapshot is encrypted with the same Amazon Web Services - // KMS key as the source DB snapshot. + // KMS key. If you don't specify a value for this parameter, then the copy of + // the DB snapshot is encrypted with the same Amazon Web Services KMS key as + // the source DB snapshot. // // If you copy an encrypted DB snapshot that is shared from another Amazon Web // Services account, then you must specify a value for this parameter. @@ -17331,10 +17670,10 @@ type CopyDBSnapshotInput struct { // copy is encrypted. // // If you copy an encrypted snapshot to a different Amazon Web Services Region, - // then you must specify a Amazon Web Services KMS key identifier for the destination - // Amazon Web Services Region. Amazon Web Services KMS CMKs are specific to - // the Amazon Web Services Region that they are created in, and you can't use - // CMKs from one Amazon Web Services Region in another Amazon Web Services Region. + // then you must specify an Amazon Web Services KMS key identifier for the destination + // Amazon Web Services Region. KMS keys are specific to the Amazon Web Services + // Region that they are created in, and you can't use KMS keys from one Amazon + // Web Services Region in another Amazon Web Services Region. KmsKeyId *string `type:"string"` // The name of an option group to associate with the copy of the snapshot. @@ -17372,11 +17711,11 @@ type CopyDBSnapshotInput struct { // the DestinationRegion in the presigned URL must be set to the us-east-1 // Amazon Web Services Region. // - // * KmsKeyId - The Amazon Web Services KMS key identifier for the customer - // master key (CMK) to use to encrypt the copy of the DB snapshot in the - // destination Amazon Web Services Region. This is the same identifier for - // both the CopyDBSnapshot action that is called in the destination Amazon - // Web Services Region, and the action contained in the presigned URL. + // * KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key + // to use to encrypt the copy of the DB snapshot in the destination Amazon + // Web Services Region. This is the same identifier for both the CopyDBSnapshot + // action that is called in the destination Amazon Web Services Region, and + // the action contained in the presigned URL. // // * SourceDBSnapshotIdentifier - The DB snapshot identifier for the encrypted // snapshot to be copied. This identifier must be in the Amazon Resource @@ -17828,6 +18167,479 @@ func (s *CreateCustomAvailabilityZoneOutput) SetCustomAvailabilityZone(v *Custom return s } +type CreateCustomDBEngineVersionInput struct { + _ struct{} `type:"structure"` + + // The name of an Amazon S3 bucket that contains database installation files + // for your CEV. For example, a valid bucket name is my-custom-installation-files. + // + // DatabaseInstallationFilesS3BucketName is a required field + DatabaseInstallationFilesS3BucketName *string `min:"3" type:"string" required:"true"` + + // The Amazon S3 directory that contains the database installation files for + // your CEV. For example, a valid bucket name is 123456789012/cev1. If this + // setting isn't specified, no prefix is assumed. + DatabaseInstallationFilesS3Prefix *string `min:"1" type:"string"` + + // An optional description of your CEV. + Description *string `min:"1" type:"string"` + + // The database engine to use for your custom engine version (CEV). The only + // supported value is custom-oracle-ee. + // + // Engine is a required field + Engine *string `min:"1" type:"string" required:"true"` + + // The name of your CEV. The name format is 19.customized_string . For example, + // a valid name is 19.my_cev1. This setting is required for RDS Custom, but + // optional for Amazon RDS. The combination of Engine and EngineVersion is unique + // per customer per Region. + // + // EngineVersion is a required field + EngineVersion *string `min:"1" type:"string" required:"true"` + + // The Amazon Web Services KMS key identifier for an encrypted CEV. A symmetric + // KMS key is required for RDS Custom, but optional for Amazon RDS. + // + // If you have an existing symmetric KMS key in your account, you can use it + // with RDS Custom. No further action is necessary. If you don't already have + // a symmetric KMS key in your account, follow the instructions in Creating + // symmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) + // in the Amazon Web Services Key Management Service Developer Guide. + // + // You can choose the same symmetric key when you create a CEV and a DB instance, + // or choose different keys. + // + // KMSKeyId is a required field + KMSKeyId *string `min:"1" type:"string" required:"true"` + + // The CEV manifest, which is a JSON document that describes the installation + // .zip files stored in Amazon S3. Specify the name/value pairs in a file or + // a quoted string. RDS Custom applies the patches in the order in which they + // are listed. + // + // The following JSON fields are valid: + // + // MediaImportTemplateVersion + // + // Version of the CEV manifest. The date is in the format YYYY-MM-DD. + // + // databaseInstallationFileNames + // + // Ordered list of installation files for the CEV. + // + // opatchFileNames + // + // Ordered list of OPatch installers used for the Oracle DB engine. + // + // psuRuPatchFileNames + // + // The PSU and RU patches for this CEV. + // + // OtherPatchFileNames + // + // The patches that are not in the list of PSU and RU patches. Amazon RDS applies + // these patches after applying the PSU and RU patches. + // + // For more information, see Creating the CEV manifest (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest) + // in the Amazon RDS User Guide. + // + // Manifest is a required field + Manifest *string `min:"1" type:"string" required:"true"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDBEngineVersionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDBEngineVersionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateCustomDBEngineVersionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateCustomDBEngineVersionInput"} + if s.DatabaseInstallationFilesS3BucketName == nil { + invalidParams.Add(request.NewErrParamRequired("DatabaseInstallationFilesS3BucketName")) + } + if s.DatabaseInstallationFilesS3BucketName != nil && len(*s.DatabaseInstallationFilesS3BucketName) < 3 { + invalidParams.Add(request.NewErrParamMinLen("DatabaseInstallationFilesS3BucketName", 3)) + } + if s.DatabaseInstallationFilesS3Prefix != nil && len(*s.DatabaseInstallationFilesS3Prefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DatabaseInstallationFilesS3Prefix", 1)) + } + if s.Description != nil && len(*s.Description) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Description", 1)) + } + if s.Engine == nil { + invalidParams.Add(request.NewErrParamRequired("Engine")) + } + if s.Engine != nil && len(*s.Engine) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Engine", 1)) + } + if s.EngineVersion == nil { + invalidParams.Add(request.NewErrParamRequired("EngineVersion")) + } + if s.EngineVersion != nil && len(*s.EngineVersion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("EngineVersion", 1)) + } + if s.KMSKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KMSKeyId")) + } + if s.KMSKeyId != nil && len(*s.KMSKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KMSKeyId", 1)) + } + if s.Manifest == nil { + invalidParams.Add(request.NewErrParamRequired("Manifest")) + } + if s.Manifest != nil && len(*s.Manifest) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Manifest", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDatabaseInstallationFilesS3BucketName sets the DatabaseInstallationFilesS3BucketName field's value. +func (s *CreateCustomDBEngineVersionInput) SetDatabaseInstallationFilesS3BucketName(v string) *CreateCustomDBEngineVersionInput { + s.DatabaseInstallationFilesS3BucketName = &v + return s +} + +// SetDatabaseInstallationFilesS3Prefix sets the DatabaseInstallationFilesS3Prefix field's value. +func (s *CreateCustomDBEngineVersionInput) SetDatabaseInstallationFilesS3Prefix(v string) *CreateCustomDBEngineVersionInput { + s.DatabaseInstallationFilesS3Prefix = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateCustomDBEngineVersionInput) SetDescription(v string) *CreateCustomDBEngineVersionInput { + s.Description = &v + return s +} + +// SetEngine sets the Engine field's value. +func (s *CreateCustomDBEngineVersionInput) SetEngine(v string) *CreateCustomDBEngineVersionInput { + s.Engine = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *CreateCustomDBEngineVersionInput) SetEngineVersion(v string) *CreateCustomDBEngineVersionInput { + s.EngineVersion = &v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *CreateCustomDBEngineVersionInput) SetKMSKeyId(v string) *CreateCustomDBEngineVersionInput { + s.KMSKeyId = &v + return s +} + +// SetManifest sets the Manifest field's value. +func (s *CreateCustomDBEngineVersionInput) SetManifest(v string) *CreateCustomDBEngineVersionInput { + s.Manifest = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateCustomDBEngineVersionInput) SetTags(v []*Tag) *CreateCustomDBEngineVersionInput { + s.Tags = v + return s +} + +// This data type is used as a response element in the action DescribeDBEngineVersions. +type CreateCustomDBEngineVersionOutput struct { + _ struct{} `type:"structure"` + + // The creation time of the DB engine version. + CreateTime *time.Time `type:"timestamp"` + + // The description of the database engine. + DBEngineDescription *string `type:"string"` + + // The ARN of the custom engine version. + DBEngineVersionArn *string `type:"string"` + + // The description of the database engine version. + DBEngineVersionDescription *string `type:"string"` + + // The name of the DB parameter group family for the database engine. + DBParameterGroupFamily *string `type:"string"` + + // The name of the Amazon S3 bucket that contains your database installation + // files. + DatabaseInstallationFilesS3BucketName *string `type:"string"` + + // The Amazon S3 directory that contains the database installation files. If + // not specified, then no prefix is assumed. + DatabaseInstallationFilesS3Prefix *string `type:"string"` + + // The default character set for new instances of this engine version, if the + // CharacterSetName parameter of the CreateDBInstance API isn't specified. + DefaultCharacterSet *CharacterSet `type:"structure"` + + // The name of the database engine. + Engine *string `type:"string"` + + // The version number of the database engine. + EngineVersion *string `type:"string"` + + // The types of logs that the database engine has available for export to CloudWatch + // Logs. + ExportableLogTypes []*string `type:"list"` + + // The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter + // is required for RDS Custom, but optional for Amazon RDS. + KMSKeyId *string `type:"string"` + + // The major engine version of the CEV. + MajorEngineVersion *string `type:"string"` + + // The status of the DB engine version, either available or deprecated. + Status *string `type:"string"` + + // A list of the character sets supported by this engine for the CharacterSetName + // parameter of the CreateDBInstance operation. + SupportedCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` + + // A list of the supported DB engine modes. + SupportedEngineModes []*string `type:"list"` + + // A list of features supported by the DB engine. + // + // The supported features vary by DB engine and DB engine version. + // + // To determine the supported features for a specific DB engine and DB engine + // version using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine