You are already running the maximum number of concurrent queries. Wait a minute for some queries to finish, and then run the query again.
", + "base": "You are already running the maximum number of concurrent queries. The maximum number of concurrent queries is 10. Wait a minute for some queries to finish, and then run the query again.
", "refs": { } }, @@ -1506,12 +1506,12 @@ "RetentionPeriod": { "base": null, "refs": { - "CreateEventDataStoreRequest$RetentionPeriod": "The retention period of the event data store, in days. You can set a retention period of up to 2557 days, the equivalent of seven years.
", + "CreateEventDataStoreRequest$RetentionPeriod": "The retention period of the event data store, in days. You can set a retention period of up to 2557 days, the equivalent of seven years. CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.
If you plan to copy trail events to this event data store, we recommend that you consider both the age of the events that you want to copy as well as how long you want to keep the copied events in your event data store. For example, if you copy trail events that are 5 years old and specify a retention period of 7 years, the event data store will retain those events for two years.
The retention period of an event data store, in days.
", "EventDataStore$RetentionPeriod": "The retention period, in days.
", "GetEventDataStoreResponse$RetentionPeriod": "The retention period of the event data store, in days.
", "RestoreEventDataStoreResponse$RetentionPeriod": "The retention period, in days.
", - "UpdateEventDataStoreRequest$RetentionPeriod": "The retention period, in days.
", + "UpdateEventDataStoreRequest$RetentionPeriod": "The retention period of the event data store, in days. You can set a retention period of up to 2557 days, the equivalent of seven years. CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.
If you decrease the retention period of an event data store, CloudTrail will remove any events with an eventTime older than the new retention period. For example, if the previous retention period was 365 days and you decrease it to 100 days, CloudTrail will remove events with an eventTime older than 100 days.
The retention period, in days.
" } }, @@ -1529,7 +1529,7 @@ "SelectorField": { "base": null, "refs": { - "AdvancedFieldSelector$Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used only for selecting events as filtering is not supported.
For CloudTrail event records, supported fields include readOnly, eventCategory, eventSource (for management events), eventName, resources.type, and resources.ARN.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the only supported field is eventCategory.
readOnly - Optional. Can be set to Equals a value of true or false. If you do not add this field, CloudTrail logs both read and write events. A value of true logs only read events. A value of false logs only write events.
eventSource - For filtering management events only. This can be set only to NotEquals kms.amazonaws.com.
eventName - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple values for this field, separated by commas.
eventCategory - This is required and must be set to Equals.
For CloudTrail event records, the value must be Management or Data.
For Config configuration items, the value must be ConfigurationItem.
For Audit Manager evidence, the value must be Evidence.
For non-Amazon Web Services events, the value must be ActivityAuditLog.
resources.type - This field is required for CloudTrail data events. resources.type can only use the Equals operator, and the value can be one of the following:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Node
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
You can have only one resources.type field per selector. To log data events on more than one resource type, add another selector.
resources.ARN - You can use any operator with resources.ARN, but if you use Equals or NotEquals, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.
arn:<partition>:s3:::<bucket_name>/
arn:<partition>:s3:::<bucket_name>/<object_path>/
When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>
When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>
When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>
When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>
When resources.type equals AWS::DynamoDB::Stream, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>
When resources.type equals AWS::EC2::Snapshot, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>
When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:emrwal:<region>::workspace/<workspace_name>
When resources.type equals AWS::FinSpace::Environment, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>
When resources.type equals AWS::Glue::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>
When resources.type equals AWS::GuardDuty::Detector, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>
When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>
When resources.type equals AWS::S3::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the StartsWith or NotStartsWith operators.
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>
When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>
When resources.type equals AWS::S3Outposts::Object, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>
A field in a CloudTrail event record on which to filter events to be logged. For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used only for selecting events as filtering is not supported.
For CloudTrail event records, supported fields include readOnly, eventCategory, eventSource (for management events), eventName, resources.type, and resources.ARN.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the only supported field is eventCategory.
readOnly - Optional. Can be set to Equals a value of true or false. If you do not add this field, CloudTrail logs both read and write events. A value of true logs only read events. A value of false logs only write events.
eventSource - For filtering management events only. This can be set only to NotEquals kms.amazonaws.com.
eventName - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple values for this field, separated by commas.
eventCategory - This is required and must be set to Equals.
For CloudTrail event records, the value must be Management or Data.
For Config configuration items, the value must be ConfigurationItem.
For Audit Manager evidence, the value must be Evidence.
For non-Amazon Web Services events, the value must be ActivityAuditLog.
resources.type - This field is required for CloudTrail data events. resources.type can only use the Equals operator, and the value can be one of the following:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Network
AWS::ManagedBlockchain::Node
AWS::MedicalImaging::Datastore
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
AWS::SSMMessages::ControlChannel
AWS::VerifiedPermissions::PolicyStore
You can have only one resources.type field per selector. To log data events on more than one resource type, add another selector.
resources.ARN - You can use any operator with resources.ARN, but if you use Equals or NotEquals, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.
arn:<partition>:s3:::<bucket_name>/
arn:<partition>:s3:::<bucket_name>/<object_path>/
When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>
When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>
When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>
When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>
When resources.type equals AWS::DynamoDB::Stream, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>
When resources.type equals AWS::EC2::Snapshot, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>
When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:emrwal:<region>::workspace/<workspace_name>
When resources.type equals AWS::FinSpace::Environment, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>
When resources.type equals AWS::Glue::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>
When resources.type equals AWS::GuardDuty::Detector, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>
When resources.type equals AWS::ManagedBlockchain::Network, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:managedblockchain:::networks/<network_name>
When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>
When resources.type equals AWS::MedicalImaging::Datastore, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>
When resources.type equals AWS::S3::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the StartsWith or NotStartsWith operators.
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>
When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>
When resources.type equals AWS::S3Outposts::Object, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>
When resources.type equals AWS::SSMMessages::ControlChannel, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>
When resources.type equals AWS::VerifiedPermissions::PolicyStore, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>
Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs will be delivered.
", "CreateTrailResponse$CloudWatchLogsRoleArn": "Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.
", "CreateTrailResponse$KmsKeyId": "Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
The resource type in which you want to log data events. You can specify the following basic event selector resource types:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
The following resource types are also available through advanced event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see AdvancedFieldSelector.
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Node
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
The resource type in which you want to log data events. You can specify the following basic event selector resource types:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
The following resource types are also available through advanced event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see AdvancedFieldSelector.
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Network
AWS::ManagedBlockchain::Node
AWS::MedicalImaging::Datastore
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
AWS::SSMMessages::ControlChannel
AWS::VerifiedPermissions::PolicyStore
Specifies the name or the CloudTrail ARN of the trail to be deleted. The following is the format of a trail ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
The CloudTrail ID of the event returned.
", diff --git a/models/apis/cloudtrail/2013-11-01/endpoint-rule-set-1.json b/models/apis/cloudtrail/2013-11-01/endpoint-rule-set-1.json index 2b5ffaa7a8c..be85a60fb63 100644 --- a/models/apis/cloudtrail/2013-11-01/endpoint-rule-set-1.json +++ b/models/apis/cloudtrail/2013-11-01/endpoint-rule-set-1.json @@ -58,52 +58,56 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, { - "conditions": [], + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], "type": "tree", @@ -111,13 +115,22 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "type": "tree", @@ -127,92 +140,83 @@ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://cloudtrail-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://cloudtrail-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] } ], @@ -221,168 +225,128 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } + "ref": "Region" + }, + "us-gov-east-1" ] } ], - "type": "tree", - "rules": [ + "endpoint": { + "url": "https://cloudtrail.us-gov-east-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "us-gov-east-1" - ] - } - ], - "endpoint": { - "url": "https://cloudtrail.us-gov-east-1.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, + "fn": "stringEquals", + "argv": [ { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "us-gov-west-1" - ] - } - ], - "endpoint": { - "url": "https://cloudtrail.us-gov-west-1.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "ref": "Region" }, - { - "conditions": [], - "endpoint": { - "url": "https://cloudtrail-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "us-gov-west-1" ] } - ] + ], + "endpoint": { + "url": "https://cloudtrail.us-gov-west-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://cloudtrail-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://cloudtrail.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [], "endpoint": { - "url": "https://cloudtrail.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://cloudtrail.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://cloudtrail.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff --git a/models/apis/connect/2017-08-08/api-2.json b/models/apis/connect/2017-08-08/api-2.json index 50476eaf747..32cf8e7a317 100644 --- a/models/apis/connect/2017-08-08/api-2.json +++ b/models/apis/connect/2017-08-08/api-2.json @@ -194,6 +194,24 @@ {"shape":"ThrottlingException"} ] }, + "AssociateTrafficDistributionGroupUser":{ + "name":"AssociateTrafficDistributionGroupUser", + "http":{ + "method":"PUT", + "requestUri":"/traffic-distribution-group/{TrafficDistributionGroupId}/user" + }, + "input":{"shape":"AssociateTrafficDistributionGroupUserRequest"}, + "output":{"shape":"AssociateTrafficDistributionGroupUserResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InternalServiceException"} + ], + "idempotent":true + }, "ClaimPhoneNumber":{ "name":"ClaimPhoneNumber", "http":{ @@ -1362,6 +1380,24 @@ {"shape":"ThrottlingException"} ] }, + "DisassociateTrafficDistributionGroupUser":{ + "name":"DisassociateTrafficDistributionGroupUser", + "http":{ + "method":"DELETE", + "requestUri":"/traffic-distribution-group/{TrafficDistributionGroupId}/user" + }, + "input":{"shape":"DisassociateTrafficDistributionGroupUserRequest"}, + "output":{"shape":"DisassociateTrafficDistributionGroupUserResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InternalServiceException"} + ], + "idempotent":true + }, "DismissUserContact":{ "name":"DismissUserContact", "http":{ @@ -2010,6 +2046,22 @@ {"shape":"InternalServiceException"} ] }, + "ListTrafficDistributionGroupUsers":{ + "name":"ListTrafficDistributionGroupUsers", + "http":{ + "method":"GET", + "requestUri":"/traffic-distribution-group/{TrafficDistributionGroupId}/user" + }, + "input":{"shape":"ListTrafficDistributionGroupUsersRequest"}, + "output":{"shape":"ListTrafficDistributionGroupUsersResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"} + ] + }, "ListTrafficDistributionGroups":{ "name":"ListTrafficDistributionGroups", "http":{ @@ -3251,6 +3303,13 @@ "TIME_SINCE_LAST_INBOUND" ] }, + "AgentConfig":{ + "type":"structure", + "required":["Distributions"], + "members":{ + "Distributions":{"shape":"DistributionList"} + } + }, "AgentContactReference":{ "type":"structure", "members":{ @@ -3585,6 +3644,28 @@ "AssociationId":{"shape":"AssociationId"} } }, + "AssociateTrafficDistributionGroupUserRequest":{ + "type":"structure", + "required":[ + "TrafficDistributionGroupId", + "UserId", + "InstanceId" + ], + "members":{ + "TrafficDistributionGroupId":{ + "shape":"TrafficDistributionGroupIdOrArn", + "location":"uri", + "locationName":"TrafficDistributionGroupId" + }, + "UserId":{"shape":"UserId"}, + "InstanceId":{"shape":"InstanceId"} + } + }, + "AssociateTrafficDistributionGroupUserResponse":{ + "type":"structure", + "members":{ + } + }, "AssociationId":{ "type":"string", "max":100, @@ -5918,6 +5999,36 @@ } } }, + "DisassociateTrafficDistributionGroupUserRequest":{ + "type":"structure", + "required":[ + "TrafficDistributionGroupId", + "UserId", + "InstanceId" + ], + "members":{ + "TrafficDistributionGroupId":{ + "shape":"TrafficDistributionGroupIdOrArn", + "location":"uri", + "locationName":"TrafficDistributionGroupId" + }, + "UserId":{ + "shape":"UserId", + "location":"querystring", + "locationName":"UserId" + }, + "InstanceId":{ + "shape":"InstanceId", + "location":"querystring", + "locationName":"InstanceId" + } + } + }, + "DisassociateTrafficDistributionGroupUserResponse":{ + "type":"structure", + "members":{ + } + }, "DismissUserContactRequest":{ "type":"structure", "required":[ @@ -6802,7 +6913,9 @@ "members":{ "TelephonyConfig":{"shape":"TelephonyConfig"}, "Id":{"shape":"TrafficDistributionGroupId"}, - "Arn":{"shape":"TrafficDistributionGroupArn"} + "Arn":{"shape":"TrafficDistributionGroupArn"}, + "SignInConfig":{"shape":"SignInConfig"}, + "AgentConfig":{"shape":"AgentConfig"} } }, "Grouping":{ @@ -8409,6 +8522,35 @@ "NextToken":{"shape":"NextToken"} } }, + "ListTrafficDistributionGroupUsersRequest":{ + "type":"structure", + "required":["TrafficDistributionGroupId"], + "members":{ + "TrafficDistributionGroupId":{ + "shape":"TrafficDistributionGroupIdOrArn", + "location":"uri", + "locationName":"TrafficDistributionGroupId" + }, + "MaxResults":{ + "shape":"MaxResult10", + "box":true, + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListTrafficDistributionGroupUsersResponse":{ + "type":"structure", + "members":{ + "NextToken":{"shape":"NextToken"}, + "TrafficDistributionGroupUserSummaryList":{"shape":"TrafficDistributionGroupUserSummaryList"} + } + }, "ListTrafficDistributionGroupsRequest":{ "type":"structure", "members":{ @@ -10393,6 +10535,28 @@ "error":{"httpStatusCode":402}, "exception":true }, + "SignInConfig":{ + "type":"structure", + "required":["Distributions"], + "members":{ + "Distributions":{"shape":"SignInDistributionList"} + } + }, + "SignInDistribution":{ + "type":"structure", + "required":[ + "Region", + "Enabled" + ], + "members":{ + "Region":{"shape":"AwsRegion"}, + "Enabled":{"shape":"Boolean"} + } + }, + "SignInDistributionList":{ + "type":"list", + "member":{"shape":"SignInDistribution"} + }, "SingleSelectOptions":{ "type":"list", "member":{"shape":"TaskTemplateSingleSelectOption"} @@ -11071,7 +11235,8 @@ "Description":{"shape":"Description250"}, "InstanceArn":{"shape":"InstanceArn"}, "Status":{"shape":"TrafficDistributionGroupStatus"}, - "Tags":{"shape":"TagMap"} + "Tags":{"shape":"TagMap"}, + "IsDefault":{"shape":"Boolean"} } }, "TrafficDistributionGroupArn":{ @@ -11104,7 +11269,8 @@ "Arn":{"shape":"TrafficDistributionGroupArn"}, "Name":{"shape":"Name128"}, "InstanceArn":{"shape":"InstanceArn"}, - "Status":{"shape":"TrafficDistributionGroupStatus"} + "Status":{"shape":"TrafficDistributionGroupStatus"}, + "IsDefault":{"shape":"Boolean"} } }, "TrafficDistributionGroupSummaryList":{ @@ -11113,6 +11279,18 @@ "max":10, "min":0 }, + "TrafficDistributionGroupUserSummary":{ + "type":"structure", + "members":{ + "UserId":{"shape":"UserId"} + } + }, + "TrafficDistributionGroupUserSummaryList":{ + "type":"list", + "member":{"shape":"TrafficDistributionGroupUserSummary"}, + "max":10, + "min":0 + }, "TrafficType":{ "type":"string", "enum":[ @@ -12007,7 +12185,9 @@ "location":"uri", "locationName":"Id" }, - "TelephonyConfig":{"shape":"TelephonyConfig"} + "TelephonyConfig":{"shape":"TelephonyConfig"}, + "SignInConfig":{"shape":"SignInConfig"}, + "AgentConfig":{"shape":"AgentConfig"} } }, "UpdateTrafficDistributionResponse":{ diff --git a/models/apis/connect/2017-08-08/docs-2.json b/models/apis/connect/2017-08-08/docs-2.json index 2102c8c9a1b..922ce25fa8c 100644 --- a/models/apis/connect/2017-08-08/docs-2.json +++ b/models/apis/connect/2017-08-08/docs-2.json @@ -13,6 +13,7 @@ "AssociateQueueQuickConnects": "This API is in preview release for Amazon Connect and is subject to change.
Associates a set of quick connects with a queue.
", "AssociateRoutingProfileQueues": "Associates a set of queues with a routing profile.
", "AssociateSecurityKey": "This API is in preview release for Amazon Connect and is subject to change.
Associates a security key to the instance.
", + "AssociateTrafficDistributionGroupUser": "Associates an agent with a traffic distribution group.
", "ClaimPhoneNumber": "Claims an available phone number to your Amazon Connect instance or traffic distribution group. You can call this API only in the same Amazon Web Services Region where the Amazon Connect instance or traffic distribution group was created.
For more information about how to use this operation, see Claim a phone number in your country and Claim phone numbers to traffic distribution groups in the Amazon Connect Administrator Guide.
You can call the SearchAvailablePhoneNumbers API for available phone numbers that you can claim. Call the DescribePhoneNumber API to verify the status of a previous ClaimPhoneNumber operation.
If you plan to claim and release numbers frequently during a 30 day period, contact us for a service quota exception. Otherwise, it is possible you will be blocked from claiming and releasing any more numbers until 30 days past the oldest number released has expired.
By default you can claim and release up to 200% of your maximum number of active phone numbers during any 30 day period. If you claim and release phone numbers using the UI or API during a rolling 30 day cycle that exceeds 200% of your phone number service level quota, you will be blocked from claiming any more numbers until 30 days past the oldest number released has expired.
For example, if you already have 99 claimed numbers and a service level quota of 99 phone numbers, and in any 30 day period you release 99, claim 99, and then release 99, you will have exceeded the 200% limit. At that point you are blocked from claiming any more numbers until you open an Amazon Web Services support ticket.
", "CreateAgentStatus": "This API is in preview release for Amazon Connect and is subject to change.
Creates an agent status for the specified Amazon Connect instance.
", "CreateContactFlow": "Creates a flow for the specified Amazon Connect instance.
You can also create and update flows using the Amazon Connect Flow language.
", @@ -85,6 +86,7 @@ "DisassociateQueueQuickConnects": "This API is in preview release for Amazon Connect and is subject to change.
Disassociates a set of quick connects from a queue.
", "DisassociateRoutingProfileQueues": "Disassociates a set of queues from a routing profile.
", "DisassociateSecurityKey": "This API is in preview release for Amazon Connect and is subject to change.
Deletes the specified security key.
", + "DisassociateTrafficDistributionGroupUser": "Disassociates an agent from a traffic distribution group.
", "DismissUserContact": "Dismisses contacts from an agent’s CCP and returns the agent to an available state, which allows the agent to receive a new routed contact. Contacts can only be dismissed if they are in a MISSED, ERROR, ENDED, or REJECTED state in the Agent Event Stream.
Retrieves the contact attributes for the specified contact.
", "GetCurrentMetricData": "Gets the real-time metric data from the specified Amazon Connect instance.
For a description of each metric, see Real-time Metrics Definitions in the Amazon Connect Administrator Guide.
", @@ -113,7 +115,7 @@ "ListLambdaFunctions": "This API is in preview release for Amazon Connect and is subject to change.
Returns a paginated list of all Lambda functions that display in the dropdown options in the relevant flow blocks.
", "ListLexBots": "This API is in preview release for Amazon Connect and is subject to change.
Returns a paginated list of all the Amazon Lex V1 bots currently associated with the instance. To return both Amazon Lex V1 and V2 bots, use the ListBots API.
", "ListPhoneNumbers": "Provides information about the phone numbers for the specified Amazon Connect instance.
For more information about phone numbers, see Set Up Phone Numbers for Your Contact Center in the Amazon Connect Administrator Guide.
The phone number Arn value that is returned from each of the items in the PhoneNumberSummaryList cannot be used to tag phone number resources. It will fail with a ResourceNotFoundException. Instead, use the ListPhoneNumbersV2 API. It returns the new phone number ARN that can be used to tag phone number resources.
Lists phone numbers claimed to your Amazon Connect instance or traffic distribution group. If the provided TargetArn is a traffic distribution group, you can call this API in both Amazon Web Services Regions associated with traffic distribution group.
For more information about phone numbers, see Set Up Phone Numbers for Your Contact Center in the Amazon Connect Administrator Guide.
", + "ListPhoneNumbersV2": "Lists phone numbers claimed to your Amazon Connect instance or traffic distribution group. If the provided TargetArn is a traffic distribution group, you can call this API in both Amazon Web Services Regions associated with traffic distribution group.
For more information about phone numbers, see Set Up Phone Numbers for Your Contact Center in the Amazon Connect Administrator Guide.
When given an instance ARN, ListPhoneNumbersV2 returns only the phone numbers claimed to the instance.
When given a traffic distribution group ARN ListPhoneNumbersV2 returns only the phone numbers claimed to the traffic distribution group.
Provides information about the prompts for the specified Amazon Connect instance.
", "ListQueueQuickConnects": "This API is in preview release for Amazon Connect and is subject to change.
Lists the quick connects associated with a queue.
", "ListQueues": "Provides information about the queues for the specified Amazon Connect instance.
If you do not specify a QueueTypes parameter, both standard and agent queues are returned. This might cause an unexpected truncation of results if you have more than 1000 agents and you limit the number of results of the API call in code.
For more information about queues, see Queues: Standard and Agent in the Amazon Connect Administrator Guide.
", @@ -126,6 +128,7 @@ "ListSecurityProfiles": "Provides summary information about the security profiles for the specified Amazon Connect instance.
For more information about security profiles, see Security Profiles in the Amazon Connect Administrator Guide.
", "ListTagsForResource": "Lists the tags for the specified resource.
For sample policies that use tags, see Amazon Connect Identity-Based Policy Examples in the Amazon Connect Administrator Guide.
", "ListTaskTemplates": "Lists task templates for the specified Amazon Connect instance.
", + "ListTrafficDistributionGroupUsers": "Lists traffic distribution group users.
", "ListTrafficDistributionGroups": "Lists traffic distribution groups.
", "ListUseCases": "Lists the use cases for the integration association.
", "ListUserHierarchyGroups": "Provides summary information about the hierarchy groups for the specified Amazon Connect instance.
For more information about agent hierarchies, see Set Up Agent Hierarchies in the Amazon Connect Administrator Guide.
", @@ -191,7 +194,7 @@ "UpdateRule": "Updates a rule for the specified Amazon Connect instance.
Use the Rules Function language to code conditions for the rule.
", "UpdateSecurityProfile": "This API is in preview release for Amazon Connect and is subject to change.
Updates a security profile.
", "UpdateTaskTemplate": "Updates details about a specific task template in the specified Amazon Connect instance. This operation does not support partial updates. Instead it does a full update of template content.
", - "UpdateTrafficDistribution": "Updates the traffic distribution for a given traffic distribution group.
For more information about updating a traffic distribution group, see Update telephony traffic distribution across Amazon Web Services Regions in the Amazon Connect Administrator Guide.
", + "UpdateTrafficDistribution": "Updates the traffic distribution for a given traffic distribution group.
You can change the SignInConfig only for a default TrafficDistributionGroup. If you call UpdateTrafficDistribution with a modified SignInConfig and a non-default TrafficDistributionGroup, an InvalidRequestException is returned.
For more information about updating a traffic distribution group, see Update telephony traffic distribution across Amazon Web Services Regions in the Amazon Connect Administrator Guide.
", "UpdateUserHierarchy": "Assigns the specified hierarchy group to the specified user.
", "UpdateUserHierarchyGroupName": "Updates the name of the user hierarchy group.
", "UpdateUserHierarchyStructure": "Updates the user hierarchy structure: add, remove, and rename user hierarchy levels.
", @@ -357,11 +360,18 @@ "AgentAvailabilityTimer": { "base": null, "refs": { - "CreateRoutingProfileRequest$AgentAvailabilityTimer": "Whether agents with this routing profile will have their routing order calculated based on time since their last inbound contact or longest idle time.
", + "CreateRoutingProfileRequest$AgentAvailabilityTimer": "Whether agents with this routing profile will have their routing order calculated based on longest idle time or time since their last inbound contact.
", "RoutingProfile$AgentAvailabilityTimer": "Whether agents with this routing profile will have their routing order calculated based on time since their last inbound contact or longest idle time.
", "UpdateRoutingProfileAgentAvailabilityTimerRequest$AgentAvailabilityTimer": "Whether agents with this routing profile will have their routing order calculated based on time since their last inbound contact or longest idle time.
" } }, + "AgentConfig": { + "base": "The distribution of agents between the instance and its replica(s).
", + "refs": { + "GetTrafficDistributionResponse$AgentConfig": "The distribution of agents between the instance and its replica(s).
", + "UpdateTrafficDistributionRequest$AgentConfig": "The distribution of agents between the instance and its replica(s).
" + } + }, "AgentContactReference": { "base": "Information about the contact associated to the user.
", "refs": { @@ -398,9 +408,9 @@ "base": null, "refs": { "AgentInfo$Id": "The identifier of the agent who accepted the contact.
", - "GetFederationTokenResponse$UserId": "The identifier for the user.
", + "GetFederationTokenResponse$UserId": "The identifier for the user. This can be the ID or the ARN of the user.
", "MonitorContactRequest$UserId": "The identifier of the user account.
", - "TransferContactRequest$UserId": "The identifier for the user.
" + "TransferContactRequest$UserId": "The identifier for the user. This can be the ID or the ARN of the user.
" } }, "AgentStatus": { @@ -612,6 +622,16 @@ "refs": { } }, + "AssociateTrafficDistributionGroupUserRequest": { + "base": null, + "refs": { + } + }, + "AssociateTrafficDistributionGroupUserResponse": { + "base": null, + "refs": { + } + }, "AssociationId": { "base": null, "refs": { @@ -688,7 +708,8 @@ "base": null, "refs": { "Distribution$Region": "The Amazon Web Services Region where the traffic is distributed.
", - "ReplicateInstanceRequest$ReplicaRegion": "The Amazon Web Services Region where to replicate the Amazon Connect instance.
" + "ReplicateInstanceRequest$ReplicaRegion": "The Amazon Web Services Region where to replicate the Amazon Connect instance.
", + "SignInDistribution$Region": "The Amazon Web Services Region of the sign in distribution.
" } }, "BehaviorType": { @@ -708,6 +729,9 @@ "EvaluationFormSingleSelectQuestionOption$AutomaticFail": "The flag to mark the option as automatic fail. If an automatic fail answer is provided, the overall evaluation gets a score of 0.
", "EvaluationScore$NotApplicable": "The flag to mark the item as not applicable for scoring.
", "EvaluationScore$AutomaticFail": "The flag that marks the item as automatic fail. If the item or a child item gets an automatic fail answer, this flag will be true.
", + "SignInDistribution$Enabled": "Whether sign in distribution is enabled.
", + "TrafficDistributionGroup$IsDefault": "Whether this is the default traffic distribution group created during instance replication. The default traffic distribution group cannot be deleted by the DeleteTrafficDistributionGroup API. The default traffic distribution group is deleted as part of the process for deleting a replica.
You can change the SignInConfig only for a default TrafficDistributionGroup. If you call UpdateTrafficDistribution with a modified SignInConfig and a non-default TrafficDistributionGroup, an InvalidRequestException is returned.
Whether this is the default traffic distribution group created during instance replication. The default traffic distribution group cannot be deleted by the DeleteTrafficDistributionGroup API. The default traffic distribution group is deleted as part of the process for deleting a replica.
A number indicating the reset order of the agent status.
" } }, @@ -1919,6 +1943,16 @@ "refs": { } }, + "DisassociateTrafficDistributionGroupUserRequest": { + "base": null, + "refs": { + } + }, + "DisassociateTrafficDistributionGroupUserResponse": { + "base": null, + "refs": { + } + }, "DismissUserContactRequest": { "base": null, "refs": { @@ -1945,6 +1979,7 @@ "DistributionList": { "base": null, "refs": { + "AgentConfig$Distributions": "Information about traffic distributions.
", "TelephonyConfig$Distributions": "Information about traffic distributions.
" } }, @@ -2850,6 +2885,7 @@ "AssociateQueueQuickConnectsRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "AssociateRoutingProfileQueuesRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "AssociateSecurityKeyRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "AssociateTrafficDistributionGroupUserRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "CreateAgentStatusRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "CreateContactFlowModuleRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "CreateContactFlowRequest$InstanceId": "The identifier of the Amazon Connect instance.
", @@ -2918,6 +2954,7 @@ "DisassociateQueueQuickConnectsRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "DisassociateRoutingProfileQueuesRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "DisassociateSecurityKeyRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "DisassociateTrafficDistributionGroupUserRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", "DismissUserContactRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.
", "GetContactAttributesRequest$InstanceId": "The identifier of the Amazon Connect instance.
", "GetCurrentMetricDataRequest$InstanceId": "The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", @@ -3581,6 +3618,16 @@ "refs": { } }, + "ListTrafficDistributionGroupUsersRequest": { + "base": null, + "refs": { + } + }, + "ListTrafficDistributionGroupUsersResponse": { + "base": null, + "refs": { + } + }, "ListTrafficDistributionGroupsRequest": { "base": null, "refs": { @@ -3633,6 +3680,7 @@ "refs": { "ListInstanceStorageConfigsRequest$MaxResults": "The maximum number of results to return per page.
", "ListInstancesRequest$MaxResults": "The maximum number of results to return per page.
", + "ListTrafficDistributionGroupUsersRequest$MaxResults": "The maximum number of results to return per page.
", "ListTrafficDistributionGroupsRequest$MaxResults": "The maximum number of results to return per page.
", "SearchAvailablePhoneNumbersRequest$MaxResults": "The maximum number of results to return per page.
" } @@ -3918,6 +3966,8 @@ "ListSecurityProfilesResponse$NextToken": "If there are additional results, this is the token for the next set of results.
", "ListTaskTemplatesRequest$NextToken": "The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
It is not expected that you set this because the value returned in the previous response is always null.
If there are additional results, this is the token for the next set of results.
This is always returned as a null in the response.
The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", + "ListTrafficDistributionGroupUsersResponse$NextToken": "If there are additional results, this is the token for the next set of results.
", "ListTrafficDistributionGroupsRequest$NextToken": "The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", "ListTrafficDistributionGroupsResponse$NextToken": "If there are additional results, this is the token for the next set of results.
", "ListUseCasesRequest$NextToken": "The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", @@ -5331,6 +5381,25 @@ "refs": { } }, + "SignInConfig": { + "base": "The distribution of allowing signing in to the instance and its replica(s).
", + "refs": { + "GetTrafficDistributionResponse$SignInConfig": "The distribution of allowing signing in to the instance and its replica(s).
", + "UpdateTrafficDistributionRequest$SignInConfig": "The distribution of allowing signing in to the instance and its replica(s).
" + } + }, + "SignInDistribution": { + "base": "The distribution of sign in traffic between the instance and its replica(s).
", + "refs": { + "SignInDistributionList$member": null + } + }, + "SignInDistributionList": { + "base": null, + "refs": { + "SignInConfig$Distributions": "Information about traffic distributions.
" + } + }, "SingleSelectOptions": { "base": null, "refs": { @@ -5980,9 +6049,12 @@ "TrafficDistributionGroupIdOrArn": { "base": null, "refs": { + "AssociateTrafficDistributionGroupUserRequest$TrafficDistributionGroupId": "The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", "DeleteTrafficDistributionGroupRequest$TrafficDistributionGroupId": "The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", "DescribeTrafficDistributionGroupRequest$TrafficDistributionGroupId": "The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", + "DisassociateTrafficDistributionGroupUserRequest$TrafficDistributionGroupId": "The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", "GetTrafficDistributionRequest$Id": "The identifier of the traffic distribution group.
", + "ListTrafficDistributionGroupUsersRequest$TrafficDistributionGroupId": "The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", "UpdateTrafficDistributionRequest$Id": "The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
" } }, @@ -6005,6 +6077,18 @@ "ListTrafficDistributionGroupsResponse$TrafficDistributionGroupSummaryList": "A list of traffic distribution groups.
" } }, + "TrafficDistributionGroupUserSummary": { + "base": "Summary information about a traffic distribution group user.
", + "refs": { + "TrafficDistributionGroupUserSummaryList$member": null + } + }, + "TrafficDistributionGroupUserSummaryList": { + "base": null, + "refs": { + "ListTrafficDistributionGroupUsersResponse$TrafficDistributionGroupUserSummaryList": "A list of traffic distribution group users.
" + } + }, "TrafficType": { "base": null, "refs": { @@ -6414,11 +6498,14 @@ "base": null, "refs": { "AgentsMinOneMaxHundred$member": null, + "AssociateTrafficDistributionGroupUserRequest$UserId": "The identifier of the user account. This can be the ID or the ARN of the user.
", "CreateUserResponse$UserId": "The identifier of the user account.
", "DeleteUserRequest$UserId": "The identifier of the user.
", "DescribeUserRequest$UserId": "The identifier of the user account.
", + "DisassociateTrafficDistributionGroupUserRequest$UserId": "The identifier for the user. This can be the ID or the ARN of the user.
", "DismissUserContactRequest$UserId": "The identifier of the user account.
", "PutUserStatusRequest$UserId": "The identifier of the user.
", + "TrafficDistributionGroupUserSummary$UserId": "The identifier for the user. This can be the ID or the ARN of the user.
", "UpdateUserHierarchyRequest$UserId": "The identifier of the user account.
", "UpdateUserIdentityInfoRequest$UserId": "The identifier of the user account.
", "UpdateUserPhoneConfigRequest$UserId": "The identifier of the user account.
", diff --git a/models/apis/connect/2017-08-08/paginators-1.json b/models/apis/connect/2017-08-08/paginators-1.json index 739a54e57da..a4012e4c41c 100644 --- a/models/apis/connect/2017-08-08/paginators-1.json +++ b/models/apis/connect/2017-08-08/paginators-1.json @@ -198,6 +198,12 @@ "output_token": "NextToken", "result_key": "TaskTemplates" }, + "ListTrafficDistributionGroupUsers": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "TrafficDistributionGroupUserSummaryList" + }, "ListTrafficDistributionGroups": { "input_token": "NextToken", "limit_key": "MaxResults", diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json b/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json index c743df4b068..fe40358656d 100644 --- a/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json +++ b/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json @@ -1260,6 +1260,14 @@ }, "exception":true }, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{"type":"string"}, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum":{ + "type":"string", + "enum":[ + "on", + "off" + ] + }, "FixedResponseActionConfig":{ "type":"structure", "required":["StatusCode"], @@ -1489,7 +1497,8 @@ "AvailabilityZones":{"shape":"AvailabilityZones"}, "SecurityGroups":{"shape":"SecurityGroups"}, "IpAddressType":{"shape":"IpAddressType"}, - "CustomerOwnedIpv4Pool":{"shape":"CustomerOwnedIpv4Pool"} + "CustomerOwnedIpv4Pool":{"shape":"CustomerOwnedIpv4Pool"}, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{"shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic"} } }, "LoadBalancerAddress":{ @@ -1977,13 +1986,15 @@ ], "members":{ "LoadBalancerArn":{"shape":"LoadBalancerArn"}, - "SecurityGroups":{"shape":"SecurityGroups"} + "SecurityGroups":{"shape":"SecurityGroups"}, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{"shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum"} } }, "SetSecurityGroupsOutput":{ "type":"structure", "members":{ - "SecurityGroupIds":{"shape":"SecurityGroups"} + "SecurityGroupIds":{"shape":"SecurityGroups"}, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{"shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum"} } }, "SetSubnetsInput":{ diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json b/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json index 7f7aad2eb15..074422ac3ce 100644 --- a/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json +++ b/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json @@ -12,7 +12,7 @@ "DeleteLoadBalancer": "Deletes the specified Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. Deleting a load balancer also deletes its listeners.
You can't delete a load balancer if deletion protection is enabled. If the load balancer does not exist or has already been deleted, the call succeeds.
Deleting a load balancer does not affect its registered targets. For example, your EC2 instances continue to run and are still registered to their target groups. If you no longer need these EC2 instances, you can stop or terminate them.
", "DeleteRule": "Deletes the specified rule.
You can't delete the default rule.
", "DeleteTargetGroup": "Deletes the specified target group.
You can delete a target group if it is not referenced by any actions. Deleting a target group also deletes any associated health checks. Deleting a target group does not affect its registered targets. For example, any EC2 instances continue to run until you stop or terminate them.
", - "DeregisterTargets": "Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.
", + "DeregisterTargets": "Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.
Note: If the specified target does not exist, the action returns successfully.
", "DescribeAccountLimits": "Describes the current Elastic Load Balancing resource limits for your Amazon Web Services account.
For more information, see the following:
Describes the default certificate and the certificate list for the specified HTTPS or TLS listener.
If the default certificate is also in the certificate list, it appears twice in the results (once with IsDefault set to true and once with IsDefault set to false).
For more information, see SSL certificates in the Application Load Balancers Guide or Server certificates in the Network Load Balancers Guide.
", "DescribeListeners": "Describes the specified listeners or the listeners for the specified Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. You must specify either a load balancer or one or more listeners.
", @@ -34,7 +34,7 @@ "RemoveTags": "Removes the specified tags from the specified Elastic Load Balancing resources. You can remove the tags for one or more Application Load Balancers, Network Load Balancers, Gateway Load Balancers, target groups, listeners, or rules.
", "SetIpAddressType": "Sets the type of IP addresses used by the subnets of the specified load balancer.
", "SetRulePriorities": "Sets the priorities of the specified rules.
You can reorder the rules as long as there are no priority conflicts in the new order. Any existing rules that you do not specify retain their current priority.
", - "SetSecurityGroups": "Associates the specified security groups with the specified Application Load Balancer. The specified security groups override the previously associated security groups.
You can't specify a security group for a Network Load Balancer or Gateway Load Balancer.
", + "SetSecurityGroups": "Associates the specified security groups with the specified Application Load Balancer or Network Load Balancer. The specified security groups override the previously associated security groups.
You can't perform this operation on a Network Load Balancer unless you specified a security group for the load balancer when you created it.
You can't associate a security group with a Gateway Load Balancer.
", "SetSubnets": "Enables the Availability Zones for the specified public subnets for the specified Application Load Balancer or Network Load Balancer. The specified subnets replace the previously enabled subnets.
When you specify subnets for a Network Load Balancer, you must include all subnets that were enabled previously, with their existing configurations, plus any additional subnets.
" }, "shapes": { @@ -608,6 +608,19 @@ "refs": { } }, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic": { + "base": null, + "refs": { + "LoadBalancer$EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic": "Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.
" + } + }, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum": { + "base": null, + "refs": { + "SetSecurityGroupsInput$EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic": "Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink. The default is on.
Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.
" + } + }, "FixedResponseActionConfig": { "base": "Information about an action that returns a custom HTTP response.
", "refs": { @@ -778,7 +791,7 @@ "LoadBalancer$IpAddressType": "The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
The IP address type. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
The IP address type.
", - "SetSubnetsInput$IpAddressType": "[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener. .
[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
[Network Load Balancers] The IP address type.
" } }, @@ -789,7 +802,7 @@ } }, "Limit": { - "base": "Information about an Elastic Load Balancing resource limit for your Amazon Web Services account.
", + "base": "Information about an Elastic Load Balancing resource limit for your Amazon Web Services account.
For more information, see the following:
The Amazon Resource Names (ARN) of the load balancers. You can specify up to 20 load balancers in a single call.
", - "TargetGroup$LoadBalancerArns": "The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group.
" + "TargetGroup$LoadBalancerArns": "The Amazon Resource Name (ARN) of the load balancer that routes traffic to this target group. You can use each target group with only one load balancer.
" } }, "LoadBalancerAttribute": { @@ -1105,8 +1118,8 @@ "CreateTargetGroupInput$Port": "The port on which the targets receive traffic. This port is used unless you specify a port override when registering the target. If the target is a Lambda function, this parameter does not apply. If the protocol is GENEVE, the supported port is 6081.
", "Listener$Port": "The port on which the load balancer is listening.
", "ModifyListenerInput$Port": "The port for connections from clients to the load balancer. You cannot specify a port for a Gateway Load Balancer.
", - "TargetDescription$Port": "The port on which the target is listening. If the target group protocol is GENEVE, the supported port is 6081. If the target type is alb, the targeted Application Load Balancer must have at least one listener whose port matches the target group port. Not used if the target is a Lambda function.
The port on which the targets are listening. Not used if the target is a Lambda function.
" + "TargetDescription$Port": "The port on which the target is listening. If the target group protocol is GENEVE, the supported port is 6081. If the target type is alb, the targeted Application Load Balancer must have at least one listener whose port matches the target group port. This parameter is not used if the target is a Lambda function.
The port on which the targets are listening. This parameter is not used if the target is a Lambda function.
" } }, "PriorityInUseException": { @@ -1274,7 +1287,7 @@ } }, "RuleCondition": { - "base": "Information about a condition for a rule.
Each rule can optionally include up to one of each of the following conditions: http-request-method, host-header, path-pattern, and source-ip. Each rule can also optionally include one or more of each of the following conditions: http-header and query-string. Note that the value for a condition cannot be empty.
Information about a condition for a rule.
Each rule can optionally include up to one of each of the following conditions: http-request-method, host-header, path-pattern, and source-ip. Each rule can also optionally include one or more of each of the following conditions: http-header and query-string. Note that the value for a condition cannot be empty.
For more information, see Quotas for your Application Load Balancers.
", "refs": { "RuleConditionList$member": null } @@ -1334,7 +1347,7 @@ "SecurityGroups": { "base": null, "refs": { - "CreateLoadBalancerInput$SecurityGroups": "[Application Load Balancers] The IDs of the security groups for the load balancer.
", + "CreateLoadBalancerInput$SecurityGroups": "[Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.
", "LoadBalancer$SecurityGroups": "The IDs of the security groups for the load balancer.
", "SetSecurityGroupsInput$SecurityGroups": "The IDs of the security groups.
", "SetSecurityGroupsOutput$SecurityGroupIds": "The IDs of the security groups associated with the load balancer.
" diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-rule-set-1.json b/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-rule-set-1.json index 79fee5593dd..78128a590f9 100644 --- a/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-rule-set-1.json +++ b/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,179 +111,240 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-us-gov", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] } ] } ], - "endpoint": { - "url": "https://elasticloadbalancing.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://elasticloadbalancing.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] }, { "conditions": [], - "endpoint": { - "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -311,7 +352,7 @@ { "conditions": [], "endpoint": { - "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -320,28 +361,13 @@ ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-tests-1.json b/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-tests-1.json index 30ae4512f69..a5e023b96c1 100644 --- a/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-tests-1.json +++ b/models/apis/elasticloadbalancingv2/2015-12-01/endpoint-tests-1.json @@ -1,42 +1,55 @@ { "testCases": [ { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-iso-east-1.c2s.ic.gov" + "url": "https://elasticloadbalancing.af-south-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "af-south-1", "UseFIPS": false, - "Region": "us-iso-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-iso-west-1.c2s.ic.gov" + "url": "https://elasticloadbalancing.ap-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ap-east-1", "UseFIPS": false, - "Region": "us-iso-west-1" + "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing-fips.us-iso-east-1.c2s.ic.gov" + "url": "https://elasticloadbalancing.ap-northeast-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "ap-northeast-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://elasticloadbalancing.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-2", + "UseFIPS": false, + "UseDualStack": false } }, { @@ -47,87 +60,87 @@ } }, "params": { - "UseDualStack": false, + "Region": "ap-northeast-3", "UseFIPS": false, - "Region": "ap-northeast-3" + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-east-1.amazonaws.com" + "url": "https://elasticloadbalancing.ap-south-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ap-south-1", "UseFIPS": false, - "Region": "us-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing-fips.us-east-1.amazonaws.com" + "url": "https://elasticloadbalancing.ap-southeast-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-east-1" + "Region": "ap-southeast-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.eu-west-1.amazonaws.com" + "url": "https://elasticloadbalancing.ap-southeast-2.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ap-southeast-2", "UseFIPS": false, - "Region": "eu-west-1" + "UseDualStack": false } }, { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.eu-west-2.amazonaws.com" + "url": "https://elasticloadbalancing.ap-southeast-3.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ap-southeast-3", "UseFIPS": false, - "Region": "eu-west-2" + "UseDualStack": false } }, { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.eu-west-3.amazonaws.com" + "url": "https://elasticloadbalancing.ca-central-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ca-central-1", "UseFIPS": false, - "Region": "eu-west-3" + "UseDualStack": false } }, { - "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.me-south-1.amazonaws.com" + "url": "https://elasticloadbalancing.eu-central-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "eu-central-1", "UseFIPS": false, - "Region": "me-south-1" + "UseDualStack": false } }, { @@ -138,139 +151,139 @@ } }, "params": { - "UseDualStack": false, + "Region": "eu-north-1", "UseFIPS": false, - "Region": "eu-north-1" + "UseDualStack": false } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-east-2.amazonaws.com" + "url": "https://elasticloadbalancing.eu-south-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "eu-south-1", "UseFIPS": false, - "Region": "us-east-2" + "UseDualStack": false } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing-fips.us-east-2.amazonaws.com" + "url": "https://elasticloadbalancing.eu-west-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-east-2" + "Region": "eu-west-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.sa-east-1.amazonaws.com" + "url": "https://elasticloadbalancing.eu-west-2.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "eu-west-2", "UseFIPS": false, - "Region": "sa-east-1" + "UseDualStack": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ap-east-1.amazonaws.com" + "url": "https://elasticloadbalancing.eu-west-3.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "eu-west-3", "UseFIPS": false, - "Region": "ap-east-1" + "UseDualStack": false } }, { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.eu-south-1.amazonaws.com" + "url": "https://elasticloadbalancing.me-south-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "me-south-1", "UseFIPS": false, - "Region": "eu-south-1" + "UseDualStack": false } }, { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.eu-central-1.amazonaws.com" + "url": "https://elasticloadbalancing.sa-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "sa-east-1", "UseFIPS": false, - "Region": "eu-central-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ap-southeast-1.amazonaws.com" + "url": "https://elasticloadbalancing.us-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-east-1", "UseFIPS": false, - "Region": "ap-southeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ap-southeast-2.amazonaws.com" + "url": "https://elasticloadbalancing-fips.us-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-southeast-2" + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ap-southeast-3.amazonaws.com" + "url": "https://elasticloadbalancing.us-east-2.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-east-2", "UseFIPS": false, - "Region": "ap-southeast-3" + "UseDualStack": false } }, { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ca-central-1.amazonaws.com" + "url": "https://elasticloadbalancing-fips.us-east-2.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ca-central-1" + "Region": "us-east-2", + "UseFIPS": true, + "UseDualStack": false } }, { @@ -281,9 +294,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-west-1", "UseFIPS": false, - "Region": "us-west-1" + "UseDualStack": false } }, { @@ -294,9 +307,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-west-1", "UseFIPS": true, - "Region": "us-west-1" + "UseDualStack": false } }, { @@ -307,9 +320,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-west-2", "UseFIPS": false, - "Region": "us-west-2" + "UseDualStack": false } }, { @@ -320,139 +333,152 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-west-2", "UseFIPS": true, - "Region": "us-west-2" + "UseDualStack": false } }, { - "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.af-south-1.amazonaws.com" + "url": "https://elasticloadbalancing-fips.us-east-1.api.aws" } }, "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "af-south-1" + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ap-south-1.amazonaws.com" + "url": "https://elasticloadbalancing.us-east-1.api.aws" } }, "params": { - "UseDualStack": false, + "Region": "us-east-1", "UseFIPS": false, - "Region": "ap-south-1" + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ap-northeast-1.amazonaws.com" + "url": "https://elasticloadbalancing.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": false, + "Region": "cn-north-1", "UseFIPS": false, - "Region": "ap-northeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.ap-northeast-2.amazonaws.com" + "url": "https://elasticloadbalancing.cn-northwest-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": false, + "Region": "cn-northwest-1", "UseFIPS": false, - "Region": "ap-northeast-2" + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing-fips.us-east-1.api.aws" + "url": "https://elasticloadbalancing-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "UseDualStack": true, + "Region": "cn-north-1", "UseFIPS": true, - "Region": "us-east-1" + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-east-1.api.aws" + "url": "https://elasticloadbalancing-fips.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": true, + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://elasticloadbalancing.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", "UseFIPS": false, - "Region": "us-east-1" + "UseDualStack": true } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-gov-west-1.amazonaws.com" + "url": "https://elasticloadbalancing.us-gov-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-gov-east-1", "UseFIPS": false, - "Region": "us-gov-west-1" + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-gov-west-1.amazonaws.com" + "url": "https://elasticloadbalancing.us-gov-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-gov-west-1" + "UseDualStack": false } }, { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-gov-east-1.amazonaws.com" + "url": "https://elasticloadbalancing.us-gov-west-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-gov-west-1", "UseFIPS": false, - "Region": "us-gov-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-gov-east-1.amazonaws.com" + "url": "https://elasticloadbalancing.us-gov-west-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-gov-west-1", "UseFIPS": true, - "Region": "us-gov-east-1" + "UseDualStack": false } }, { @@ -463,9 +489,9 @@ } }, "params": { - "UseDualStack": true, + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-gov-east-1" + "UseDualStack": true } }, { @@ -476,113 +502,144 @@ } }, "params": { - "UseDualStack": true, + "Region": "us-gov-east-1", "UseFIPS": false, - "Region": "us-gov-east-1" + "UseDualStack": true } }, { - "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.us-isob-east-1.sc2s.sgov.gov" + "url": "https://elasticloadbalancing.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-iso-east-1", "UseFIPS": false, - "Region": "us-isob-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing-fips.us-isob-east-1.sc2s.sgov.gov" + "url": "https://elasticloadbalancing.us-iso-west-1.c2s.ic.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-iso-west-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", "UseFIPS": true, - "Region": "us-isob-east-1" + "UseDualStack": true } }, { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.cn-northwest-1.amazonaws.com.cn" + "url": "https://elasticloadbalancing-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", "UseFIPS": false, - "Region": "cn-northwest-1" + "UseDualStack": true } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.cn-north-1.amazonaws.com.cn" + "url": "https://elasticloadbalancing.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-isob-east-1", "UseFIPS": false, - "Region": "cn-north-1" + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://elasticloadbalancing-fips.cn-north-1.api.amazonwebservices.com.cn" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseDualStack": true, + "Region": "us-isob-east-1", "UseFIPS": true, - "Region": "cn-north-1" + "UseDualStack": true } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing-fips.cn-north-1.amazonaws.com.cn" + "url": "https://elasticloadbalancing-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-isob-east-1", "UseFIPS": true, - "Region": "cn-north-1" + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://elasticloadbalancing.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://example.com" } }, "params": { - "UseDualStack": true, + "Region": "us-east-1", "UseFIPS": false, - "Region": "cn-north-1" + "UseDualStack": false, + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -592,9 +649,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseDualStack": false, - "UseFIPS": true, "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -604,11 +661,17 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseDualStack": true, - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/apis/omics/2022-11-28/api-2.json b/models/apis/omics/2022-11-28/api-2.json index f9a4142d952..81d545b2075 100644 --- a/models/apis/omics/2022-11-28/api-2.json +++ b/models/apis/omics/2022-11-28/api-2.json @@ -5022,6 +5022,9 @@ "gpus": { "shape": "GetRunTaskResponseGpusInteger" }, + "instanceType": { + "shape": "TaskInstanceType" + }, "logStream": { "shape": "TaskLogStream" }, @@ -8210,6 +8213,10 @@ "pattern": "[0-9]+", "type": "string" }, + "TaskInstanceType": { + "pattern": "[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+", + "type": "string" + }, "TaskList": { "member": { "shape": "TaskListItem" @@ -8227,6 +8234,9 @@ "gpus": { "shape": "TaskListItemGpusInteger" }, + "instanceType": { + "shape": "TaskInstanceType" + }, "memory": { "shape": "TaskListItemMemoryInteger" }, diff --git a/models/apis/omics/2022-11-28/docs-2.json b/models/apis/omics/2022-11-28/docs-2.json index a8105ca14bb..f798aee0083 100644 --- a/models/apis/omics/2022-11-28/docs-2.json +++ b/models/apis/omics/2022-11-28/docs-2.json @@ -1089,7 +1089,7 @@ "ListAnnotationImportJobsRequestNextTokenString": { "base": null, "refs": { - "ListAnnotationImportJobsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
" + "ListAnnotationImportJobsRequest$nextToken": "Specifies the pagination token from a previous request to retrieve the next page of results.
" } }, "ListAnnotationImportJobsResponse": { @@ -2640,7 +2640,7 @@ "GetVariantStoreResponse$name": "The store's name.
", "InternalServerException$message": null, "ListAnnotationImportJobsFilter$storeName": "A store name to filter on.
", - "ListAnnotationImportJobsResponse$nextToken": "A pagination token that's included if more results are available.
", + "ListAnnotationImportJobsResponse$nextToken": "Specifies the pagination token from a previous request to retrieve the next page of results.
", "ListAnnotationStoresResponse$nextToken": "A pagination token that's included if more results are available.
", "ListVariantImportJobsFilter$storeName": "A store name to filter on.
", "ListVariantImportJobsResponse$nextToken": "A pagination token that's included if more results are available.
", @@ -2819,6 +2819,13 @@ "TaskListItem$taskId": "The task's ID.
" } }, + "TaskInstanceType": { + "base": null, + "refs": { + "GetRunTaskResponse$instanceType": "The instance type for a task.
", + "TaskListItem$instanceType": "The instance type for a task.
" + } + }, "TaskList": { "base": null, "refs": { diff --git a/models/apis/secretsmanager/2017-10-17/api-2.json b/models/apis/secretsmanager/2017-10-17/api-2.json index 2e0dc42b699..f250e3537e7 100644 --- a/models/apis/secretsmanager/2017-10-17/api-2.json +++ b/models/apis/secretsmanager/2017-10-17/api-2.json @@ -163,6 +163,7 @@ "output":{"shape":"ListSecretsResponse"}, "errors":[ {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, {"shape":"InvalidNextTokenException"}, {"shape":"InternalServiceError"} ] diff --git a/models/apis/transfer/2018-11-05/docs-2.json b/models/apis/transfer/2018-11-05/docs-2.json index dc9fe1b2c3e..ef2cd8366c6 100644 --- a/models/apis/transfer/2018-11-05/docs-2.json +++ b/models/apis/transfer/2018-11-05/docs-2.json @@ -4,7 +4,7 @@ "operations": { "CreateAccess": "Used by administrators to choose which groups in the directory should have access to upload and download files over the enabled protocols using Transfer Family. For example, a Microsoft Active Directory might contain 50,000 users, but only a small fraction might need the ability to transfer files to the server. An administrator can use CreateAccess to limit the access to the correct set of users who need this ability.
Creates an agreement. An agreement is a bilateral trading partner agreement, or partnership, between an Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes.
The partner is identified with the PartnerProfileId, and the AS2 process is identified with the LocalProfileId.
Creates the connector, which captures the parameters for an outbound connection for the AS2 or SFTP protocol. The connector is required for sending files to an externally hosted AS2 or SFTP server. For more details about AS2 connectors, see Create AS2 connectors.
You must specify exactly one configuration object: either for AS2 (As2Config) or SFTP (SftpConfig).
Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see Create AS2 connectors and Create SFTP connectors.
You must specify exactly one configuration object: either for AS2 (As2Config) or SFTP (SftpConfig).
Creates the local or partner profile to use for AS2 transfers.
", "CreateServer": "Instantiates an auto-scaling virtual server based on the selected file transfer protocol in Amazon Web Services. When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server.
Creates a user and associates them with an existing file transfer protocol-enabled server. You can only create and associate users with servers that have the IdentityProviderType set to SERVICE_MANAGED. Using parameters for CreateUser, you can specify the user name, set the home directory, store the user's public key, and assign the user's Identity and Access Management (IAM) role. You can also optionally add a session policy, and assign metadata with tags that can be used to group and search for users.
Lists the users for a file transfer protocol-enabled server that you specify by passing the ServerId parameter.
Lists all workflows associated with your Amazon Web Services account for your current region.
", "SendWorkflowStepState": "Sends a callback for asynchronous custom steps.
The ExecutionId, WorkflowId, and Token are passed to the target resource during execution of a custom step of a workflow. You must include those with their callback as well as providing a status.
Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.
For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.
For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:
If you are transferring file from a partner's SFTP server to a Transfer Family server, you specify one or more RetreiveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.
If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.
Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.
For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.
For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:
If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetreiveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.
If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.
Changes the state of a file transfer protocol-enabled server from OFFLINE to ONLINE. It has no impact on a server that is already ONLINE. An ONLINE server can accept and process file transfer jobs.
The state of STARTING indicates that the server is in an intermediate state, either not fully able to respond, or not fully online. The values of START_FAILED can indicate an error condition.
No response is returned from this call.
", "StopServer": "Changes the state of a file transfer protocol-enabled server from ONLINE to OFFLINE. An OFFLINE server cannot accept and process file transfer jobs. Information tied to your server, such as server and user properties, are not affected by stopping your server.
Stopping the server does not reduce or impact your file transfer protocol endpoint billing; you must delete the server to stop being billed.
The state of STOPPING indicates that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of STOP_FAILED can indicate an error condition.
No response is returned from this call.
", "TagResource": "Attaches a key-value pair to a resource, as identified by its Amazon Resource Name (ARN). Resources are users, servers, roles, and other entities.
There is no response returned from this call.
", @@ -784,7 +784,7 @@ "FilePaths": { "base": null, "refs": { - "StartFileTransferRequest$SendFilePaths": "One or more source paths for the Transfer Family server. Each string represents a source file path for one outbound file transfer. For example, DOC-EXAMPLE-BUCKET/myfile.txt .
One or more source paths for the Transfer Family server. Each string represents a source file path for one outbound file transfer. For example, DOC-EXAMPLE-BUCKET/myfile.txt .
Replace DOC-EXAMPLE-BUCKET with one of your actual buckets.
One or more source paths for the partner's SFTP server. Each string represents a source file path for one inbound file transfer.
" } }, @@ -1477,14 +1477,14 @@ "base": null, "refs": { "CreateAccessRequest$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
", - "CreateAgreementRequest$AccessRole": "With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.
", "CreateServerRequest$LoggingRole": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
", "CreateUserRequest$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
", "DescribedAccess$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
", - "DescribedAgreement$AccessRole": "With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.
", "DescribedExecution$ExecutionRole": "The IAM role associated with the execution.
", "DescribedServer$LoggingRole": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
", @@ -1495,8 +1495,8 @@ "ListedUser$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
The IAM role that controls your users' access to your Amazon S3 bucket for servers with Domain=S3, or your EFS file system for servers with Domain=EFS.
The policies attached to this role determine the level of access you want to provide your users when transferring files into and out of your S3 buckets or EFS file systems.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
", "UpdateAccessRequest$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
", - "UpdateAgreementRequest$AccessRole": "With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.
", "UpdateUserRequest$Role": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.
", "WorkflowDetail$ExecutionRole": "Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources
" diff --git a/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json b/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json index 6f1477c015b..2694e990a7d 100644 --- a/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json +++ b/models/apis/transfer/2018-11-05/endpoint-rule-set-1.json @@ -58,52 +58,56 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, { - "conditions": [], + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], "type": "tree", @@ -111,13 +115,22 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "type": "tree", @@ -127,224 +140,175 @@ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://transfer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://transfer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://transfer-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsFIPS" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://transfer-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://transfer.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [], "endpoint": { - "url": "https://transfer.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://transfer.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://transfer.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 770c70a9c86..19e799d0cf3 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -7841,6 +7841,7 @@ "identitystore" : { "endpoints" : { "af-south-1" : { }, + "ap-east-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -7855,9 +7856,11 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, + "us-west-1" : { }, "us-west-2" : { } } }, @@ -14311,6 +14314,7 @@ "deprecated" : true, "hostname" : "securityhub-fips.us-west-2.amazonaws.com" }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, diff --git a/service/cloudtrail/api.go b/service/cloudtrail/api.go index d3bb5d37ce0..817e10dd552 100644 --- a/service/cloudtrail/api.go +++ b/service/cloudtrail/api.go @@ -5476,8 +5476,9 @@ func (c *CloudTrail) StartQueryRequest(input *StartQueryInput) (req *request.Req // in the CloudTrail User Guide. // // - MaxConcurrentQueriesException -// You are already running the maximum number of concurrent queries. Wait a -// minute for some queries to finish, and then run the query again. +// You are already running the maximum number of concurrent queries. The maximum +// number of concurrent queries is 10. Wait a minute for some queries to finish, +// and then run the query again. // // - InsufficientEncryptionPolicyException // This exception is thrown when the policy on the S3 bucket or KMS key does @@ -7069,11 +7070,12 @@ type AdvancedFieldSelector struct { // AWS::CloudTrail::Channel AWS::CodeWhisperer::Profile AWS::Cognito::IdentityPool // AWS::DynamoDB::Stream AWS::EC2::Snapshot AWS::EMRWAL::Workspace AWS::FinSpace::Environment // AWS::Glue::Table AWS::GuardDuty::Detector AWS::KendraRanking::ExecutionPlan - // AWS::ManagedBlockchain::Node AWS::SageMaker::ExperimentTrialComponent - // AWS::SageMaker::FeatureGroup AWS::S3::AccessPoint AWS::S3ObjectLambda::AccessPoint - // AWS::S3Outposts::Object You can have only one resources.type field per - // selector. To log data events on more than one resource type, add another - // selector. + // AWS::ManagedBlockchain::Network AWS::ManagedBlockchain::Node AWS::MedicalImaging::Datastore + // AWS::SageMaker::ExperimentTrialComponent AWS::SageMaker::FeatureGroup + // AWS::S3::AccessPoint AWS::S3ObjectLambda::AccessPoint AWS::S3Outposts::Object + // AWS::SSMMessages::ControlChannel AWS::VerifiedPermissions::PolicyStore + // You can have only one resources.type field per selector. To log data + // events on more than one resource type, add another selector. // // * resources.ARN - You can use any operator with resources.ARN, but if // you use Equals or NotEquals, the value must exactly match the ARN of a @@ -7115,9 +7117,14 @@ type AdvancedFieldSelector struct { // When resources.type equals AWS::KendraRanking::ExecutionPlan, and the // operator is set to Equals or NotEquals, the ARN must be in the following // format: arn: