diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19af4016a6d..9479bb9b805 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,13 @@
+Release v1.49.5 (2023-12-18)
+===
+
+### Service Client Updates
+* `service/cognito-idp`: Updates service API and documentation
+* `service/eks`: Updates service API, documentation, and paginators
+* `service/quicksight`: Updates service documentation
+ * A docs-only release to add missing entities to the API reference.
+* `service/route53resolver`: Updates service API and documentation
+
Release v1.49.4 (2023-12-15)
===
diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go
index e519246f43e..16de4d78eec 100644
--- a/aws/endpoints/defaults.go
+++ b/aws/endpoints/defaults.go
@@ -5442,6 +5442,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-south-1",
}: endpoint{},
+ endpointKey{
+ Region: "ap-south-2",
+ }: endpoint{},
endpointKey{
Region: "ap-southeast-1",
}: endpoint{},
@@ -9028,6 +9031,9 @@ var awsPartition = partition{
endpointKey{
Region: "eu-west-3",
}: endpoint{},
+ endpointKey{
+ Region: "il-central-1",
+ }: endpoint{},
endpointKey{
Region: "me-central-1",
}: endpoint{},
@@ -14866,6 +14872,9 @@ var awsPartition = partition{
endpointKey{
Region: "il-central-1",
}: endpoint{},
+ endpointKey{
+ Region: "me-central-1",
+ }: endpoint{},
endpointKey{
Region: "me-south-1",
}: endpoint{},
@@ -43377,15 +43386,61 @@ var awsisoPartition = partition{
},
},
Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "fips-us-iso-east-1",
+ }: endpoint{
+ Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov",
+ CredentialScope: credentialScope{
+ Region: "us-iso-east-1",
+ },
+ Deprecated: boxedTrue,
+ },
+ endpointKey{
+ Region: "fips-us-iso-west-1",
+ }: endpoint{
+ Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov",
+ CredentialScope: credentialScope{
+ Region: "us-iso-west-1",
+ },
+ Deprecated: boxedTrue,
+ },
endpointKey{
Region: "us-iso-east-1",
}: endpoint{
Protocols: []string{"http", "https"},
SignatureVersions: []string{"s3v4"},
},
+ endpointKey{
+ Region: "us-iso-east-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov",
+ Protocols: []string{"http", "https"},
+ SignatureVersions: []string{"s3v4"},
+ },
+ endpointKey{
+ Region: "us-iso-east-1",
+ Variant: fipsVariant | dualStackVariant,
+ }: endpoint{
+ Hostname: "s3-fips.dualstack.us-iso-east-1.c2s.ic.gov",
+ Protocols: []string{"http", "https"},
+ SignatureVersions: []string{"s3v4"},
+ },
endpointKey{
Region: "us-iso-west-1",
}: endpoint{},
+ endpointKey{
+ Region: "us-iso-west-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov",
+ },
+ endpointKey{
+ Region: "us-iso-west-1",
+ Variant: fipsVariant | dualStackVariant,
+ }: endpoint{
+ Hostname: "s3-fips.dualstack.us-iso-west-1.c2s.ic.gov",
+ },
},
},
"secretsmanager": service{
@@ -44173,9 +44228,30 @@ var awsisobPartition = partition{
},
},
Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "fips-us-isob-east-1",
+ }: endpoint{
+ Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov",
+ CredentialScope: credentialScope{
+ Region: "us-isob-east-1",
+ },
+ Deprecated: boxedTrue,
+ },
endpointKey{
Region: "us-isob-east-1",
}: endpoint{},
+ endpointKey{
+ Region: "us-isob-east-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov",
+ },
+ endpointKey{
+ Region: "us-isob-east-1",
+ Variant: fipsVariant | dualStackVariant,
+ }: endpoint{
+ Hostname: "s3-fips.dualstack.us-isob-east-1.sc2s.sgov.gov",
+ },
},
},
"secretsmanager": service{
diff --git a/aws/version.go b/aws/version.go
index d6e9549d154..999d1cd572e 100644
--- a/aws/version.go
+++ b/aws/version.go
@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.49.4"
+const SDKVersion = "1.49.5"
diff --git a/models/apis/cognito-idp/2016-04-18/api-2.json b/models/apis/cognito-idp/2016-04-18/api-2.json
index aaa30e7d78c..1f68871734d 100644
--- a/models/apis/cognito-idp/2016-04-18/api-2.json
+++ b/models/apis/cognito-idp/2016-04-18/api-2.json
@@ -4087,6 +4087,7 @@
"CreateAuthChallenge":{"shape":"ArnType"},
"VerifyAuthChallengeResponse":{"shape":"ArnType"},
"PreTokenGeneration":{"shape":"ArnType"},
+ "PreTokenGenerationConfig":{"shape":"PreTokenGenerationVersionConfigType"},
"UserMigration":{"shape":"ArnType"},
"CustomSMSSender":{"shape":"CustomSMSLambdaVersionConfigType"},
"CustomEmailSender":{"shape":"CustomEmailLambdaVersionConfigType"},
@@ -4461,6 +4462,24 @@
"max":2048,
"min":0
},
+ "PreTokenGenerationLambdaVersionType":{
+ "type":"string",
+ "enum":[
+ "V1_0",
+ "V2_0"
+ ]
+ },
+ "PreTokenGenerationVersionConfigType":{
+ "type":"structure",
+ "required":[
+ "LambdaVersion",
+ "LambdaArn"
+ ],
+ "members":{
+ "LambdaVersion":{"shape":"PreTokenGenerationLambdaVersionType"},
+ "LambdaArn":{"shape":"ArnType"}
+ }
+ },
"PrecedenceType":{
"type":"integer",
"min":0
diff --git a/models/apis/cognito-idp/2016-04-18/docs-2.json b/models/apis/cognito-idp/2016-04-18/docs-2.json
index c4f75d75487..70978fa7512 100644
--- a/models/apis/cognito-idp/2016-04-18/docs-2.json
+++ b/models/apis/cognito-idp/2016-04-18/docs-2.json
@@ -1,10 +1,10 @@
{
"version": "2.0",
- "service": "With the Amazon Cognito user pools API, you can set up user pools and app clients, and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users in the Using the Amazon Cognito user pools API and user pool endpoints.
This API reference provides detailed information about API operations and object types in Amazon Cognito. At the bottom of the page for each API operation and object, under See Also, you can learn how to use it in an Amazon Web Services SDK in the language of your choice.
Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side user operations. For more information, see Using the Amazon Cognito native and OIDC APIs in the Amazon Cognito Developer Guide.
You can also start reading about the CognitoIdentityProvider client in the following SDK guides.
To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.
",
+ "service": "With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and hosted UI reference.
This API reference provides detailed information about API operations and object types in Amazon Cognito.
Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.
-
An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.
-
A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.
-
A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.
For more information, see Using the Amazon Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide.
With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in other supported Amazon Web Services SDKs.
To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.
",
"operations": {
"AddCustomAttributes": "Adds additional user attributes to the user pool schema.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
- "AdminAddUserToGroup": "Adds the specified user to the specified group.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
- "AdminConfirmSignUp": "Confirms user registration as an admin without using a confirmation code. Works on any user.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
+ "AdminAddUserToGroup": "Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a cognito:groups claim to their access and identity tokens.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
+ "AdminConfirmSignUp": "This IAM-authenticated API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.
Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users confirm their accounts when they respond to their invitation email message and choose a password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminCreateUser": "Creates a new user in the specified user pool.
If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.
In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminDeleteUser": "Deletes a user as an administrator. Works on any user.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminDeleteUserAttributes": "Deletes the user attributes in a user pool as an administrator. Works on any user.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
@@ -17,23 +17,23 @@
"AdminInitiateAuth": "Initiates the authentication flow, as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminLinkProviderForUser": "Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in. You can then use the federated user identity to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.
The maximum number of federated identities linked to a user is five.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by the application owner.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminListDevices": "Lists devices, as an administrator.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
- "AdminListGroupsForUser": "Lists the groups that the user belongs to.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
+ "AdminListGroupsForUser": "Lists the groups that a user belongs to.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminListUserAuthEvents": "A history of user activity and any risks detected as part of Amazon Cognito advanced security.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminRemoveUserFromGroup": "Removes the specified user from the specified group.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminResetUserPassword": "Resets the specified user's password in a user pool as an administrator. Works on any user.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Deactivates a user's password, requiring them to change it. If a user tries to sign in after the API is called, Amazon Cognito responds with a PasswordResetRequiredException error. Your app must then perform the actions that reset your user's password: the forgot-password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
- "AdminRespondToAuthChallenge": "Responds to an authentication challenge, as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
+ "AdminRespondToAuthChallenge": "Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminSetUserMFAPreference": "The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminSetUserPassword": "Sets the specified user's password in a user pool as an administrator. Works on any user.
The password can be temporary or permanent. If it is temporary, the user status enters the FORCE_CHANGE_PASSWORD state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password.
Once the user has set a new password, or the password is permanent, the user status is set to Confirmed.
AdminSetUserPassword can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user's status changes from EXTERNAL_PROVIDER to CONFIRMED. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like ChangePassword and UpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminSetUserSettings": " This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use AdminSetUserMFAPreference instead.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminUpdateAuthEventFeedback": "Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminUpdateDeviceStatus": "Updates the device status as an administrator.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AdminUpdateUserAttributes": " This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must prepend the custom: prefix to the attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
- "AdminUserGlobalSignOut": "Signs out a user from all devices. AdminUserGlobalSignOut invalidates all identity, access and refresh tokens that Amazon Cognito has issued to a user. A user can still use a hosted UI cookie to retrieve new tokens for the duration of the 1-hour cookie validity period.
Your app isn't aware that a user's access token is revoked unless it attempts to authorize a user pools API request with an access token that contains the scope aws.cognito.signin.user.admin. Your app might otherwise accept access tokens until they expire.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
+ "AdminUserGlobalSignOut": "Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
-
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.
-
Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.
-
Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"AssociateSoftwareToken": "Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.
Amazon Cognito disassociates an existing software token when you verify the new token in a VerifySoftwareToken API request. If you don't verify the software token and your user pool doesn't require MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito generates an MFA_SETUP or SOFTWARE_TOKEN_SETUP challenge each time your user signs. Complete setup with AssociateSoftwareToken and VerifySoftwareToken.
After you set up software token MFA for your user, Amazon Cognito generates a SOFTWARE_TOKEN_MFA challenge when they authenticate. Respond to this challenge with your user's TOTP.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"ChangePassword": "Changes the password for a specified user in a user pool.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"ConfirmDevice": "Confirms tracking of the device. This API call is the call that begins device tracking.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"ConfirmForgotPassword": "Allows a user to enter a confirmation code to reset a forgotten password.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
- "ConfirmSignUp": "Confirms registration of a new user.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
+ "ConfirmSignUp": "This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.
Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users, users created with the AdminCreateUser API operation, confirm their accounts when they respond to their invitation email message and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"CreateGroup": "Creates a new group in the specified user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"CreateIdentityProvider": "Creates an IdP for a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"CreateResourceServer": "Creates a new OAuth2.0 resource server and defines custom scopes within it.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
@@ -68,7 +68,7 @@
"GetUser": "Gets the user attributes and metadata for a user.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"GetUserAttributeVerificationCode": "Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a code that they must return in a VerifyUserAttribute request.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
",
"GetUserPoolMfaConfig": "Gets the user pool multi-factor authentication (MFA) configuration.
",
- "GlobalSignOut": "Signs out a user from all devices. GlobalSignOut invalidates all identity, access and refresh tokens that Amazon Cognito has issued to a user. A user can still use a hosted UI cookie to retrieve new tokens for the duration of the 1-hour cookie validity period.
Your app isn't aware that a user's access token is revoked unless it attempts to authorize a user pools API request with an access token that contains the scope aws.cognito.signin.user.admin. Your app might otherwise accept access tokens until they expire.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
+ "GlobalSignOut": "Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
-
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.
-
Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.
-
Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"InitiateAuth": "Initiates sign-in for a user in the Amazon Cognito user directory. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Adding user pool sign-in through a third party.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
",
"ListDevices": "Lists the sign-in devices that Amazon Cognito has registered to the current user.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"ListGroups": "Lists the groups associated with a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
@@ -81,7 +81,7 @@
"ListUsers": "Lists users and their basic details in a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"ListUsersInGroup": "Lists the users in the specified group.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"ResendConfirmationCode": "Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
",
- "RespondToAuthChallenge": "Responds to the authentication challenge.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
",
+ "RespondToAuthChallenge": "Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
",
"RevokeToken": "Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
",
"SetLogDeliveryConfiguration": "Sets up or modifies the detailed activity logging configuration of a user pool.
",
"SetRiskConfiguration": "Configures actions on detected risks. To delete the risk configuration for UserPoolId or ClientId, pass null values for all four configuration types.
To activate Amazon Cognito advanced security features, update the user pool to include the UserPoolAddOns keyAdvancedSecurityMode.
",
@@ -99,7 +99,7 @@
"UpdateGroup": "Updates the specified group with the specified attributes.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"UpdateIdentityProvider": "Updates IdP information for a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"UpdateResourceServer": "Updates the name and scopes of resource server. All other fields are read-only.
If you don't provide a value for an attribute, it is set to the default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
- "UpdateUserAttributes": "Allows a user to update a specific attribute (one at a time).
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
",
+ "UpdateUserAttributes": "With this operation, your users can update one or more of their attributes with their own credentials. You authorize this API request with the user's access token. To delete an attribute from your user, submit the attribute in your API request with a blank value. Custom attribute values in this request must include the custom: prefix.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
",
"UpdateUserPool": " This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"UpdateUserPoolClient": "Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings using DescribeUserPoolClient.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
You can also use this operation to enable token revocation for user pool clients. For more information about revoking tokens, see RevokeToken.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
"UpdateUserPoolDomain": "Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.
You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You can't use it to change the domain for a user pool.
A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.
Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.
However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.
When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services Region.
After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.
For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
",
@@ -208,7 +208,7 @@
"AdminCreateUserUnusedAccountValidityDaysType": {
"base": null,
"refs": {
- "AdminCreateUserConfigType$UnusedAccountValidityDays": "The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying \"RESEND\" for the MessageAction parameter. The default value for this parameter is 7.
If you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that value will be used, and UnusedAccountValidityDays will be no longer be an available parameter for that user pool.
"
+ "AdminCreateUserConfigType$UnusedAccountValidityDays": "The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying \"RESEND\" for the MessageAction parameter. The default value for this parameter is 7.
If you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that value will be used, and UnusedAccountValidityDays will be no longer be an available parameter for that user pool.
"
}
},
"AdminDeleteUserAttributesRequest": {
@@ -481,8 +481,8 @@
"CreateGroupRequest$RoleArn": "The role Amazon Resource Name (ARN) for the group.
",
"CreateUserImportJobRequest$CloudWatchLogsRoleArn": "The role ARN for the Amazon CloudWatch Logs Logging role for the user import job.
",
"CustomDomainConfigType$CertificateArn": "The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.
",
- "CustomEmailLambdaVersionConfigType$LambdaArn": "The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send email notifications to users.
",
- "CustomSMSLambdaVersionConfigType$LambdaArn": "The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send SMS notifications to users.
",
+ "CustomEmailLambdaVersionConfigType$LambdaArn": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
",
+ "CustomSMSLambdaVersionConfigType$LambdaArn": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
",
"EmailConfigurationType$SourceArn": "The ARN of a verified email address or an address from a verified domain in Amazon SES. You can set a SourceArn email from a verified domain only with an API request. You can set a verified email address, but not an address in a verified domain, in the Amazon Cognito console. Amazon Cognito uses the email address that you provide in one of the following ways, depending on the value that you specify for the EmailSendingAccount parameter:
-
If you specify COGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.
-
If you specify DEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
The Region value of the SourceArn parameter must indicate a supported Amazon Web Services Region of your user pool. Typically, the Region in the SourceArn and the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide.
",
"GroupType$RoleArn": "The role Amazon Resource Name (ARN) for the group.
",
"LambdaConfigType$PreSignUp": "A pre-registration Lambda trigger.
",
@@ -493,11 +493,12 @@
"LambdaConfigType$DefineAuthChallenge": "Defines the authentication challenge.
",
"LambdaConfigType$CreateAuthChallenge": "Creates an authentication challenge.
",
"LambdaConfigType$VerifyAuthChallengeResponse": "Verifies the authentication challenge response.
",
- "LambdaConfigType$PreTokenGeneration": "A Lambda trigger that is invoked before token generation.
",
+ "LambdaConfigType$PreTokenGeneration": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
Set this parameter for legacy purposes. If you also set an ARN in PreTokenGenerationConfig, its value must be identical to PreTokenGeneration. For new instances of pre token generation triggers, set the LambdaArn of PreTokenGenerationConfig.
You can set
",
"LambdaConfigType$UserMigration": "The user migration Lambda config type.
",
"LambdaConfigType$KMSKeyID": "The Amazon Resource Name (ARN) of an KMS key. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
",
"ListTagsForResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the user pool that the tags are assigned to.
",
"NotifyConfigurationType$SourceArn": "The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy. This identity permits Amazon Cognito to send for the email address specified in the From parameter.
",
+ "PreTokenGenerationVersionConfigType$LambdaArn": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
This parameter and the PreTokenGeneration property of LambdaConfig have the same value. For new instances of pre token generation triggers, set LambdaArn.
",
"SmsConfigurationType$SnsCallerArn": "The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your Amazon Web Services account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit.
",
"TagResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the user pool to assign the tags to.
",
"UntagResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the user pool that the tags are assigned to.
",
@@ -519,20 +520,20 @@
"AttributeDataType": {
"base": null,
"refs": {
- "SchemaAttributeType$AttributeDataType": "The data format of the values for your attribute.
"
+ "SchemaAttributeType$AttributeDataType": "The data format of the values for your attribute. When you choose an AttributeDataType, Amazon Cognito validates the input against the data type. A custom attribute value in your user's ID token is always a string, for example \"custom:isMember\" : \"true\" or \"custom:YearsAsMember\" : \"12\".
"
}
},
"AttributeListType": {
"base": null,
"refs": {
"AdminCreateUserRequest$UserAttributes": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username. However, any attributes that you specify as required (when creating a user pool or in the Attributes tab of the console) either you should supply (in your call to AdminCreateUser) or the user should supply (when they sign up in response to your welcome message).
For custom attributes, you must prepend the custom: prefix to the attribute name.
To send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.
In your call to AdminCreateUser, you can set the email_verified attribute to True, and you can set the phone_number_verified attribute to True. You can also do this by calling AdminUpdateUserAttributes.
-
email: The email address of the user to whom the message that contains the code and username will be sent. Required if the email_verified attribute is set to True, or if \"EMAIL\" is specified in the DesiredDeliveryMediums parameter.
-
phone_number: The phone number of the user to whom the message that contains the code and username will be sent. Required if the phone_number_verified attribute is set to True, or if \"SMS\" is specified in the DesiredDeliveryMediums parameter.
",
- "AdminCreateUserRequest$ValidationData": "The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.
To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.
The user's validation data isn't persisted.
",
+ "AdminCreateUserRequest$ValidationData": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.
Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.
For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.
",
"AdminGetUserResponse$UserAttributes": "An array of name-value pairs representing user attributes.
",
"AdminUpdateUserAttributesRequest$UserAttributes": "An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
If your user pool requires verification before Amazon Cognito updates an attribute value that you specify in this request, Amazon Cognito doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.
To update the value of an attribute that requires verification in the same API request, include the email_verified or phone_number_verified attribute, with a value of true. If you set the email_verified or phone_number_verified value for an email or phone_number attribute that requires verification to true, Amazon Cognito doesn’t send a verification message to your user.
",
"DeviceType$DeviceAttributes": "The device attributes.
",
"GetUserResponse$UserAttributes": "An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
",
"SignUpRequest$UserAttributes": "An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
",
- "SignUpRequest$ValidationData": "The validation data in the request to register a user.
",
+ "SignUpRequest$ValidationData": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.
Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.
For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.
",
"UpdateUserAttributesRequest$UserAttributes": "An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
If you have set an attribute to require verification before Amazon Cognito updates its value, this request doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.
",
"UserType$Attributes": "A container with information about the user type attributes.
"
}
@@ -696,10 +697,10 @@
"ChallengeNameType": {
"base": null,
"refs": {
- "AdminInitiateAuthResponse$ChallengeName": "The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.
-
MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate.
-
SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
-
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
-
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
-
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
-
DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
-
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
-
ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow.
-
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
-
MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.
",
+ "AdminInitiateAuthResponse$ChallengeName": "The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.
-
MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate.
-
SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
-
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
-
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
-
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
-
DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
-
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
-
ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow.
-
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
-
MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.
",
"AdminRespondToAuthChallengeRequest$ChallengeName": "The challenge name. For more information, see AdminInitiateAuth.
",
"AdminRespondToAuthChallengeResponse$ChallengeName": "The name of the challenge. For more information, see AdminInitiateAuth.
",
- "InitiateAuthResponse$ChallengeName": "The name of the challenge that you're responding to with this call. This name is returned in the AdminInitiateAuth response if you must pass another challenge.
Valid values include the following:
All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.
-
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
-
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
-
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
-
DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
-
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
-
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login.
Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
-
MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should call InitiateAuth again to restart sign-in.
",
+ "InitiateAuthResponse$ChallengeName": "The name of the challenge that you're responding to with this call. This name is returned in the InitiateAuth response if you must pass another challenge.
Valid values include the following:
All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.
-
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
-
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
-
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
-
DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
-
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
-
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login.
Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
-
MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should call InitiateAuth again to restart sign-in.
",
"RespondToAuthChallengeRequest$ChallengeName": "The challenge name. For more information, see InitiateAuth.
ADMIN_NO_SRP_AUTH isn't a valid value.
",
"RespondToAuthChallengeResponse$ChallengeName": "The challenge name. For more information, see InitiateAuth.
"
}
@@ -734,8 +735,8 @@
"ChallengeResponsesType": {
"base": null,
"refs": {
- "AdminRespondToAuthChallengeRequest$ChallengeResponses": "The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:
-
SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client secret).
-
PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).
PASSWORD_VERIFIER requires DEVICE_KEY when signing in with a remembered device.
-
ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is configured with client secret).
-
NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME, SECRET_HASH (if app client is configured with client secret). To set any required attributes that Amazon Cognito returned as requiredAttributes in the AdminInitiateAuth response, add a userAttributes.attributename parameter. This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
-
MFA_SETUP requires USERNAME, plus you must use the session value returned by VerifySoftwareToken in the Session parameter.
The value of the USERNAME attribute must be the user's actual username, not an alias (such as an email address or phone number). To make this simpler, the AdminInitiateAuth response includes the actual username value in the USERNAMEUSER_ID_FOR_SRP attribute. This happens even if you specified an alias in your call to AdminInitiateAuth.
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
",
- "RespondToAuthChallengeRequest$ChallengeResponses": "The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:
SECRET_HASH (if app client is configured with client secret) applies to all of the inputs that follow (including SOFTWARE_TOKEN_MFA).
-
SMS_MFA: SMS_MFA_CODE, USERNAME.
-
PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME.
PASSWORD_VERIFIER requires DEVICE_KEY when you sign in with a remembered device.
-
NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME, SECRET_HASH (if app client is configured with client secret). To set any required attributes that Amazon Cognito returned as requiredAttributes in the InitiateAuth response, add a userAttributes.attributename parameter. This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
-
SOFTWARE_TOKEN_MFA: USERNAME and SOFTWARE_TOKEN_MFA_CODE are required attributes.
-
DEVICE_SRP_AUTH requires USERNAME, DEVICE_KEY, SRP_A (and SECRET_HASH).
-
DEVICE_PASSWORD_VERIFIER requires everything that PASSWORD_VERIFIER requires, plus DEVICE_KEY.
-
MFA_SETUP requires USERNAME, plus you must use the session value returned by VerifySoftwareToken in the Session parameter.
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
"
+ "AdminRespondToAuthChallengeRequest$ChallengeResponses": "The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
- SMS_MFA
-
\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[SMS_code]\", \"USERNAME\": \"[username]\"}
- PASSWORD_VERIFIER
-
\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
- CUSTOM_CHALLENGE
-
\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
- NEW_PASSWORD_REQUIRED
-
\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}
To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
- SOFTWARE_TOKEN_MFA
-
\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}
- DEVICE_SRP_AUTH
-
\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}
- DEVICE_PASSWORD_VERIFIER
-
\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
- MFA_SETUP
-
\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"
- SELECT_MFA_TYPE
-
\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
",
+ "RespondToAuthChallengeRequest$ChallengeResponses": "The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
- SMS_MFA
-
\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[SMS_code]\", \"USERNAME\": \"[username]\"}
- PASSWORD_VERIFIER
-
\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
- CUSTOM_CHALLENGE
-
\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
- NEW_PASSWORD_REQUIRED
-
\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}
To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
- SOFTWARE_TOKEN_MFA
-
\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}
- DEVICE_SRP_AUTH
-
\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}
- DEVICE_PASSWORD_VERIFIER
-
\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
- MFA_SETUP
-
\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"
- SELECT_MFA_TYPE
-
\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
"
}
},
"ChangePasswordRequest": {
@@ -779,7 +780,7 @@
"refs": {
"AdminConfirmSignUpRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
If your user pool configuration includes triggers, the AdminConfirmSignUp API action invokes the Lambda function that is specified for the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. In this payload, the clientMetadata attribute provides the data that you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in Lambda, you can process the ClientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"AdminCreateUserRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the pre sign-up trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
- "AdminInitiateAuthRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
-
Pre signup
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs.
When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:
-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
-
Verify auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
+ "AdminInitiateAuthRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
-
Pre signup
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs.
When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:
-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"AdminResetUserPasswordRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminResetUserPassword API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"AdminRespondToAuthChallengeRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that you have assigned to the following triggers:
When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute that provides the data that you assigned to the ClientMetadata parameter in your AdminRespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"AdminUpdateUserAttributesRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
@@ -787,7 +788,7 @@
"ConfirmSignUpRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmSignUp API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmSignUp request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"ForgotPasswordRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ForgotPassword API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and user migration. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ForgotPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"GetUserAttributeVerificationCodeRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your GetUserAttributeVerificationCode request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
- "InitiateAuthRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
-
Pre signup
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs.
When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:
-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
-
Verify auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
+ "InitiateAuthRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
-
Pre signup
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs.
When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:
-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"ResendConfirmationCodeRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ResendConfirmationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ResendConfirmationCode request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"RespondToAuthChallengeRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: post authentication, pre token generation, define auth challenge, create auth challenge, and verify auth challenge. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
"SignUpRequest$ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the SignUp API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and post confirmation. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your SignUp request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
",
@@ -806,12 +807,12 @@
"ClientPermissionListType": {
"base": null,
"refs": {
- "CreateUserPoolClientRequest$ReadAttributes": "The read attributes.
",
- "CreateUserPoolClientRequest$WriteAttributes": "The user pool attributes that the app client can write to.
If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
",
- "UpdateUserPoolClientRequest$ReadAttributes": "The read-only attributes of the user pool.
",
- "UpdateUserPoolClientRequest$WriteAttributes": "The writeable attributes of the user pool.
",
- "UserPoolClientType$ReadAttributes": "The Read-only attributes.
",
- "UserPoolClientType$WriteAttributes": "The writeable attributes.
"
+ "CreateUserPoolClientRequest$ReadAttributes": "The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
",
+ "CreateUserPoolClientRequest$WriteAttributes": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.
If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
",
+ "UpdateUserPoolClientRequest$ReadAttributes": "The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
",
+ "UpdateUserPoolClientRequest$WriteAttributes": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.
If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
",
+ "UserPoolClientType$ReadAttributes": "The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
",
+ "UserPoolClientType$WriteAttributes": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.
If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
"
}
},
"ClientPermissionType": {
@@ -1007,7 +1008,7 @@
"CustomAttributeNameType": {
"base": null,
"refs": {
- "SchemaAttributeType$Name": "The name of your user pool attribute, for example username or custom:costcenter.
"
+ "SchemaAttributeType$Name": "The name of your user pool attribute. When you create or update a user pool, adding a schema attribute creates a custom or developer-only attribute. When you add an attribute with a Name value of MyAttribute, Amazon Cognito creates the custom attribute custom:MyAttribute. When DeveloperOnlyAttribute is true, Amazon Cognito creates your attribute as dev:MyAttribute. In an operation that describes a user pool, Amazon Cognito returns this value as value for standard attributes, custom:value for custom attributes, and dev:value for developer-only attributes..
"
}
},
"CustomAttributesListType": {
@@ -1025,7 +1026,7 @@
}
},
"CustomEmailLambdaVersionConfigType": {
- "base": "A custom email sender Lambda configuration type.
",
+ "base": "The properties of a custom email sender Lambda trigger.
",
"refs": {
"LambdaConfigType$CustomEmailSender": "A custom email sender Lambda trigger.
"
}
@@ -1033,11 +1034,11 @@
"CustomEmailSenderLambdaVersionType": {
"base": null,
"refs": {
- "CustomEmailLambdaVersionConfigType$LambdaVersion": "Signature of the \"request\" attribute in the \"event\" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.
"
+ "CustomEmailLambdaVersionConfigType$LambdaVersion": "The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.
You must use a LambdaVersion of V1_0 with a custom sender function.
"
}
},
"CustomSMSLambdaVersionConfigType": {
- "base": "A custom SMS sender Lambda configuration type.
",
+ "base": "The properties of a custom SMS sender Lambda trigger.
",
"refs": {
"LambdaConfigType$CustomSMSSender": "A custom SMS sender Lambda trigger.
"
}
@@ -1045,7 +1046,7 @@
"CustomSMSSenderLambdaVersionType": {
"base": null,
"refs": {
- "CustomSMSLambdaVersionConfigType$LambdaVersion": "Signature of the \"request\" attribute in the \"event\" information that Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.
"
+ "CustomSMSLambdaVersionConfigType$LambdaVersion": "The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.
You must use a LambdaVersion of V1_0 with a custom sender function.
"
}
},
"DateType": {
@@ -1639,7 +1640,7 @@
"GroupNameType": {
"base": null,
"refs": {
- "AdminAddUserToGroupRequest$GroupName": "The group name.
",
+ "AdminAddUserToGroupRequest$GroupName": "The name of the group that you want to add your user to.
",
"AdminRemoveUserFromGroupRequest$GroupName": "The group name.
",
"CreateGroupRequest$GroupName": "The name of the group. Must be unique.
",
"DeleteGroupRequest$GroupName": "The name of the group.
",
@@ -2110,8 +2111,8 @@
"ListIdentityProvidersResponse$NextToken": "A pagination token.
",
"ListResourceServersRequest$NextToken": "A pagination token.
",
"ListResourceServersResponse$NextToken": "A pagination token.
",
- "ListUserImportJobsRequest$PaginationToken": "An identifier that was returned from the previous call to ListUserImportJobs, which can be used to return the next set of import jobs in the list.
",
- "ListUserImportJobsResponse$PaginationToken": "An identifier that can be used to return the next set of user import jobs in the list.
",
+ "ListUserImportJobsRequest$PaginationToken": "This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
",
+ "ListUserImportJobsResponse$PaginationToken": "The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
",
"ListUserPoolsRequest$NextToken": "An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
",
"ListUserPoolsResponse$NextToken": "An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
"
}
@@ -2157,6 +2158,18 @@
"UserImportJobType$PreSignedUrl": "The pre-signed URL to be used to upload the .csv file.
"
}
},
+ "PreTokenGenerationLambdaVersionType": {
+ "base": null,
+ "refs": {
+ "PreTokenGenerationVersionConfigType$LambdaVersion": "The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.
"
+ }
+ },
+ "PreTokenGenerationVersionConfigType": {
+ "base": "The properties of a pre token generation Lambda trigger.
",
+ "refs": {
+ "LambdaConfigType$PreTokenGenerationConfig": "The detailed configuration of a pre token generation trigger. If you also set an ARN in PreTokenGeneration, its value must be identical to PreTokenGenerationConfig.
"
+ }
+ },
"PrecedenceType": {
"base": null,
"refs": {
@@ -2244,7 +2257,7 @@
"AdminListUserAuthEventsRequest$MaxResults": "The maximum number of authentication events to return. Returns 60 events if you set MaxResults to 0, or if you don't include a MaxResults parameter.
",
"ListDevicesRequest$Limit": "The limit of the device request.
",
"ListGroupsRequest$Limit": "The limit of the request to list groups.
",
- "ListUsersInGroupRequest$Limit": "The limit of the request to list users.
",
+ "ListUsersInGroupRequest$Limit": "The maximum number of users that you want to retrieve before pagination.
",
"ListUsersRequest$Limit": "Maximum number of users to be returned.
"
}
},
@@ -2465,18 +2478,18 @@
"SearchPaginationTokenType": {
"base": null,
"refs": {
- "AdminListDevicesRequest$PaginationToken": "The pagination token.
",
- "AdminListDevicesResponse$PaginationToken": "The pagination token.
",
- "ListDevicesRequest$PaginationToken": "The pagination token for the list request.
",
- "ListDevicesResponse$PaginationToken": "The pagination token for the list device response.
",
- "ListUsersRequest$PaginationToken": "An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
",
- "ListUsersResponse$PaginationToken": "An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
"
+ "AdminListDevicesRequest$PaginationToken": "This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
",
+ "AdminListDevicesResponse$PaginationToken": "The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
",
+ "ListDevicesRequest$PaginationToken": "This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
",
+ "ListDevicesResponse$PaginationToken": "The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
",
+ "ListUsersRequest$PaginationToken": "This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
",
+ "ListUsersResponse$PaginationToken": "The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
"
}
},
"SearchedAttributeNamesListType": {
"base": null,
"refs": {
- "ListUsersRequest$AttributesToGet": "A JSON array of user attribute names, for example given_name, that you want Amazon Cognito to include in the response for each user. When you don't provide an AttributesToGet parameter, Amazon Cognito returns all attributes for each user.
"
+ "ListUsersRequest$AttributesToGet": "A JSON array of user attribute names, for example given_name, that you want Amazon Cognito to include in the response for each user. When you don't provide an AttributesToGet parameter, Amazon Cognito returns all attributes for each user.
Use AttributesToGet with required attributes in your user pool, or in conjunction with Filter. Amazon Cognito returns an error if not all users in the results have set a value for the attribute you request. Attributes that you can't filter on, including custom attributes, must have a value set in every user profile before an AttributesToGet parameter returns results.
"
}
},
"SecretCodeType": {
@@ -2657,7 +2670,7 @@
"base": null,
"refs": {
"UserPoolDescriptionType$Status": "The user pool status in a user pool description.
",
- "UserPoolType$Status": "The status of a user pool.
"
+ "UserPoolType$Status": "This parameter is no longer used.
"
}
},
"StopUserImportJobRequest": {
@@ -2772,7 +2785,7 @@
"TemporaryPasswordValidityDaysType": {
"base": null,
"refs": {
- "PasswordPolicyType$TemporaryPasswordValidityDays": "The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.
When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.
"
+ "PasswordPolicyType$TemporaryPasswordValidityDays": "The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value.
When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.
"
}
},
"TimeUnitsType": {
@@ -3286,43 +3299,43 @@
"UsernameType": {
"base": null,
"refs": {
- "AdminAddUserToGroupRequest$Username": "The username for the user.
",
- "AdminConfirmSignUpRequest$Username": "The user name for which you want to confirm user registration.
",
+ "AdminAddUserToGroupRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminConfirmSignUpRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
"AdminCreateUserRequest$Username": "The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter.
-
The username can't be a duplicate of another username in the same user pool.
-
You can't change the value of a username after you create it.
-
You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see Customizing sign-in attributes.
",
- "AdminDeleteUserAttributesRequest$Username": "The user name of the user from which you would like to delete attributes.
",
- "AdminDeleteUserRequest$Username": "The user name of the user you want to delete.
",
- "AdminDisableUserRequest$Username": "The user name of the user you want to disable.
",
- "AdminEnableUserRequest$Username": "The user name of the user you want to enable.
",
- "AdminForgetDeviceRequest$Username": "The user name.
",
- "AdminGetDeviceRequest$Username": "The user name.
",
- "AdminGetUserRequest$Username": "The user name of the user you want to retrieve.
",
+ "AdminDeleteUserAttributesRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminDeleteUserRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminDisableUserRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminEnableUserRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminForgetDeviceRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminGetDeviceRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminGetUserRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
"AdminGetUserResponse$Username": "The username of the user that you requested.
",
- "AdminListDevicesRequest$Username": "The user name.
",
- "AdminListGroupsForUserRequest$Username": "The username for the user.
",
- "AdminListUserAuthEventsRequest$Username": "The user pool username or an alias.
",
- "AdminRemoveUserFromGroupRequest$Username": "The username for the user.
",
- "AdminResetUserPasswordRequest$Username": "The user name of the user whose password you want to reset.
",
- "AdminSetUserMFAPreferenceRequest$Username": "The user pool username or alias.
",
- "AdminSetUserPasswordRequest$Username": "The user name of the user whose password you want to set.
",
- "AdminSetUserSettingsRequest$Username": "The user name of the user whose options you're setting.
",
- "AdminUpdateAuthEventFeedbackRequest$Username": "The user pool username.
",
- "AdminUpdateDeviceStatusRequest$Username": "The user name.
",
- "AdminUpdateUserAttributesRequest$Username": "The user name of the user for whom you want to update user attributes.
",
- "AdminUserGlobalSignOutRequest$Username": "The user name.
",
- "ConfirmForgotPasswordRequest$Username": "The user name of the user for whom you want to enter a code to retrieve a forgotten password.
",
- "ConfirmSignUpRequest$Username": "The user name of the user whose registration you want to confirm.
",
- "ForgotPasswordRequest$Username": "The user name of the user for whom you want to enter a code to reset a forgotten password.
",
+ "AdminListDevicesRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminListGroupsForUserRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminListUserAuthEventsRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminRemoveUserFromGroupRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminResetUserPasswordRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminSetUserMFAPreferenceRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminSetUserPasswordRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminSetUserSettingsRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminUpdateAuthEventFeedbackRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminUpdateDeviceStatusRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminUpdateUserAttributesRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "AdminUserGlobalSignOutRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "ConfirmForgotPasswordRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "ConfirmSignUpRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "ForgotPasswordRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
"GetUserResponse$Username": "The username of the user that you requested.
",
- "ResendConfirmationCodeRequest$Username": "The username attribute of the user to whom you want to resend a confirmation code.
",
- "SignUpRequest$Username": "The user name of the user you want to register.
",
- "UpdateAuthEventFeedbackRequest$Username": "The user pool username.
",
+ "ResendConfirmationCodeRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
+ "SignUpRequest$Username": "The username of the user that you want to sign up. The value of this parameter is typically a username, but can be any alias attribute in your user pool.
",
+ "UpdateAuthEventFeedbackRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
",
"UserType$Username": "The user name of the user you want to describe.
"
}
},
"UsersListType": {
"base": null,
"refs": {
- "ListUsersInGroupResponse$Users": "The users returned in the request to list users.
",
+ "ListUsersInGroupResponse$Users": "A list of users in the group, and their attributes.
",
"ListUsersResponse$Users": "A list of the user pool users, and their attributes, that match your query.
Amazon Cognito creates a profile in your user pool for each native user in your user pool, and each unique user ID from your third-party identity providers (IdPs). When you link users with the AdminLinkProviderForUser API operation, the output of ListUsers displays both the IdP user and the native user that you linked. You can identify IdP users in the Users object of this API response by the IdP prefix that Amazon Cognito appends to Username.
"
}
},
diff --git a/models/apis/cognito-idp/2016-04-18/endpoint-rule-set-1.json b/models/apis/cognito-idp/2016-04-18/endpoint-rule-set-1.json
index 0f514686ef3..0b7d7c82908 100644
--- a/models/apis/cognito-idp/2016-04-18/endpoint-rule-set-1.json
+++ b/models/apis/cognito-idp/2016-04-18/endpoint-rule-set-1.json
@@ -40,7 +40,6 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
@@ -83,7 +82,8 @@
},
"type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [
@@ -96,7 +96,6 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
@@ -110,7 +109,6 @@
"assign": "PartitionResult"
}
],
- "type": "tree",
"rules": [
{
"conditions": [
@@ -133,7 +131,6 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
@@ -168,7 +165,6 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [],
@@ -179,14 +175,16 @@
},
"type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [],
"error": "FIPS and DualStack are enabled, but this partition does not support one or both",
"type": "error"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [
@@ -200,14 +198,12 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
{
"fn": "booleanEquals",
"argv": [
- true,
{
"fn": "getAttr",
"argv": [
@@ -216,11 +212,11 @@
},
"supportsFIPS"
]
- }
+ },
+ true
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [],
@@ -231,14 +227,16 @@
},
"type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [],
"error": "FIPS is enabled but this partition does not support FIPS",
"type": "error"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [
@@ -252,7 +250,6 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
@@ -272,7 +269,6 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [],
@@ -283,14 +279,16 @@
},
"type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [],
"error": "DualStack is enabled but this partition does not support DualStack",
"type": "error"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [],
@@ -301,9 +299,11 @@
},
"type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
}
- ]
+ ],
+ "type": "tree"
},
{
"conditions": [],
diff --git a/models/apis/eks/2017-11-01/api-2.json b/models/apis/eks/2017-11-01/api-2.json
index 58d7558617e..6901b39b41d 100644
--- a/models/apis/eks/2017-11-01/api-2.json
+++ b/models/apis/eks/2017-11-01/api-2.json
@@ -13,6 +13,21 @@
"uid":"eks-2017-11-01"
},
"operations":{
+ "AssociateAccessPolicy":{
+ "name":"AssociateAccessPolicy",
+ "http":{
+ "method":"POST",
+ "requestUri":"/clusters/{name}/access-entries/{principalArn}/access-policies"
+ },
+ "input":{"shape":"AssociateAccessPolicyRequest"},
+ "output":{"shape":"AssociateAccessPolicyResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"},
+ {"shape":"InvalidParameterException"}
+ ]
+ },
"AssociateEncryptionConfig":{
"name":"AssociateEncryptionConfig",
"http":{
@@ -47,6 +62,23 @@
{"shape":"InvalidRequestException"}
]
},
+ "CreateAccessEntry":{
+ "name":"CreateAccessEntry",
+ "http":{
+ "method":"POST",
+ "requestUri":"/clusters/{name}/access-entries"
+ },
+ "input":{"shape":"CreateAccessEntryRequest"},
+ "output":{"shape":"CreateAccessEntryResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"ResourceLimitExceededException"},
+ {"shape":"ResourceInUseException"}
+ ]
+ },
"CreateAddon":{
"name":"CreateAddon",
"http":{
@@ -150,6 +182,20 @@
{"shape":"ResourceInUseException"}
]
},
+ "DeleteAccessEntry":{
+ "name":"DeleteAccessEntry",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/clusters/{name}/access-entries/{principalArn}"
+ },
+ "input":{"shape":"DeleteAccessEntryRequest"},
+ "output":{"shape":"DeleteAccessEntryResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"}
+ ]
+ },
"DeleteAddon":{
"name":"DeleteAddon",
"http":{
@@ -261,6 +307,20 @@
{"shape":"AccessDeniedException"}
]
},
+ "DescribeAccessEntry":{
+ "name":"DescribeAccessEntry",
+ "http":{
+ "method":"GET",
+ "requestUri":"/clusters/{name}/access-entries/{principalArn}"
+ },
+ "input":{"shape":"DescribeAccessEntryRequest"},
+ "output":{"shape":"DescribeAccessEntryResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"}
+ ]
+ },
"DescribeAddon":{
"name":"DescribeAddon",
"http":{
@@ -412,6 +472,20 @@
{"shape":"ResourceNotFoundException"}
]
},
+ "DisassociateAccessPolicy":{
+ "name":"DisassociateAccessPolicy",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/clusters/{name}/access-entries/{principalArn}/access-policies/{policyArn}"
+ },
+ "input":{"shape":"DisassociateAccessPolicyRequest"},
+ "output":{"shape":"DisassociateAccessPolicyResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"}
+ ]
+ },
"DisassociateIdentityProviderConfig":{
"name":"DisassociateIdentityProviderConfig",
"http":{
@@ -429,6 +503,33 @@
{"shape":"InvalidRequestException"}
]
},
+ "ListAccessEntries":{
+ "name":"ListAccessEntries",
+ "http":{
+ "method":"GET",
+ "requestUri":"/clusters/{name}/access-entries"
+ },
+ "input":{"shape":"ListAccessEntriesRequest"},
+ "output":{"shape":"ListAccessEntriesResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"},
+ {"shape":"InvalidParameterException"}
+ ]
+ },
+ "ListAccessPolicies":{
+ "name":"ListAccessPolicies",
+ "http":{
+ "method":"GET",
+ "requestUri":"/access-policies"
+ },
+ "input":{"shape":"ListAccessPoliciesRequest"},
+ "output":{"shape":"ListAccessPoliciesResponse"},
+ "errors":[
+ {"shape":"ServerException"}
+ ]
+ },
"ListAddons":{
"name":"ListAddons",
"http":{
@@ -445,6 +546,20 @@
{"shape":"ServerException"}
]
},
+ "ListAssociatedAccessPolicies":{
+ "name":"ListAssociatedAccessPolicies",
+ "http":{
+ "method":"GET",
+ "requestUri":"/clusters/{name}/access-entries/{principalArn}/access-policies"
+ },
+ "input":{"shape":"ListAssociatedAccessPoliciesRequest"},
+ "output":{"shape":"ListAssociatedAccessPoliciesResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"}
+ ]
+ },
"ListClusters":{
"name":"ListClusters",
"http":{
@@ -610,6 +725,21 @@
{"shape":"NotFoundException"}
]
},
+ "UpdateAccessEntry":{
+ "name":"UpdateAccessEntry",
+ "http":{
+ "method":"POST",
+ "requestUri":"/clusters/{name}/access-entries/{principalArn}"
+ },
+ "input":{"shape":"UpdateAccessEntryRequest"},
+ "output":{"shape":"UpdateAccessEntryResponse"},
+ "errors":[
+ {"shape":"ServerException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InvalidRequestException"},
+ {"shape":"InvalidParameterException"}
+ ]
+ },
"UpdateAddon":{
"name":"UpdateAddon",
"http":{
@@ -745,6 +875,13 @@
"WINDOWS_FULL_2022_x86_64"
]
},
+ "AccessConfigResponse":{
+ "type":"structure",
+ "members":{
+ "bootstrapClusterCreatorAdminPermissions":{"shape":"BoxedBoolean"},
+ "authenticationMode":{"shape":"AuthenticationMode"}
+ }
+ },
"AccessDeniedException":{
"type":"structure",
"members":{
@@ -753,6 +890,45 @@
"error":{"httpStatusCode":403},
"exception":true
},
+ "AccessEntry":{
+ "type":"structure",
+ "members":{
+ "clusterName":{"shape":"String"},
+ "principalArn":{"shape":"String"},
+ "kubernetesGroups":{"shape":"StringList"},
+ "accessEntryArn":{"shape":"String"},
+ "createdAt":{"shape":"Timestamp"},
+ "modifiedAt":{"shape":"Timestamp"},
+ "tags":{"shape":"TagMap"},
+ "username":{"shape":"String"},
+ "type":{"shape":"String"}
+ }
+ },
+ "AccessPoliciesList":{
+ "type":"list",
+ "member":{"shape":"AccessPolicy"}
+ },
+ "AccessPolicy":{
+ "type":"structure",
+ "members":{
+ "name":{"shape":"String"},
+ "arn":{"shape":"String"}
+ }
+ },
+ "AccessScope":{
+ "type":"structure",
+ "members":{
+ "type":{"shape":"AccessScopeType"},
+ "namespaces":{"shape":"StringList"}
+ }
+ },
+ "AccessScopeType":{
+ "type":"string",
+ "enum":[
+ "cluster",
+ "namespace"
+ ]
+ },
"Addon":{
"type":"structure",
"members":{
@@ -844,6 +1020,37 @@
"type":"list",
"member":{"shape":"AddonInfo"}
},
+ "AssociateAccessPolicyRequest":{
+ "type":"structure",
+ "required":[
+ "clusterName",
+ "principalArn",
+ "policyArn",
+ "accessScope"
+ ],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "principalArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"principalArn"
+ },
+ "policyArn":{"shape":"String"},
+ "accessScope":{"shape":"AccessScope"}
+ }
+ },
+ "AssociateAccessPolicyResponse":{
+ "type":"structure",
+ "members":{
+ "clusterName":{"shape":"String"},
+ "principalArn":{"shape":"String"},
+ "associatedAccessPolicy":{"shape":"AssociatedAccessPolicy"}
+ }
+ },
"AssociateEncryptionConfigRequest":{
"type":"structure",
"required":[
@@ -896,6 +1103,27 @@
"tags":{"shape":"TagMap"}
}
},
+ "AssociatedAccessPoliciesList":{
+ "type":"list",
+ "member":{"shape":"AssociatedAccessPolicy"}
+ },
+ "AssociatedAccessPolicy":{
+ "type":"structure",
+ "members":{
+ "policyArn":{"shape":"String"},
+ "accessScope":{"shape":"AccessScope"},
+ "associatedAt":{"shape":"Timestamp"},
+ "modifiedAt":{"shape":"Timestamp"}
+ }
+ },
+ "AuthenticationMode":{
+ "type":"string",
+ "enum":[
+ "API",
+ "API_AND_CONFIG_MAP",
+ "CONFIG_MAP"
+ ]
+ },
"AutoScalingGroup":{
"type":"structure",
"members":{
@@ -975,7 +1203,8 @@
"connectorConfig":{"shape":"ConnectorConfigResponse"},
"id":{"shape":"String"},
"health":{"shape":"ClusterHealth"},
- "outpostConfig":{"shape":"OutpostConfigResponse"}
+ "outpostConfig":{"shape":"OutpostConfigResponse"},
+ "accessConfig":{"shape":"AccessConfigResponse"}
}
},
"ClusterHealth":{
@@ -1096,6 +1325,42 @@
"groupName":{"shape":"String"}
}
},
+ "CreateAccessConfigRequest":{
+ "type":"structure",
+ "members":{
+ "bootstrapClusterCreatorAdminPermissions":{"shape":"BoxedBoolean"},
+ "authenticationMode":{"shape":"AuthenticationMode"}
+ }
+ },
+ "CreateAccessEntryRequest":{
+ "type":"structure",
+ "required":[
+ "clusterName",
+ "principalArn"
+ ],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "principalArn":{"shape":"String"},
+ "kubernetesGroups":{"shape":"StringList"},
+ "tags":{"shape":"TagMap"},
+ "clientRequestToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "username":{"shape":"String"},
+ "type":{"shape":"String"}
+ }
+ },
+ "CreateAccessEntryResponse":{
+ "type":"structure",
+ "members":{
+ "accessEntry":{"shape":"AccessEntry"}
+ }
+ },
"CreateAddonRequest":{
"type":"structure",
"required":[
@@ -1146,7 +1411,8 @@
},
"tags":{"shape":"TagMap"},
"encryptionConfig":{"shape":"EncryptionConfigList"},
- "outpostConfig":{"shape":"OutpostConfigRequest"}
+ "outpostConfig":{"shape":"OutpostConfigRequest"},
+ "accessConfig":{"shape":"CreateAccessConfigRequest"}
}
},
"CreateClusterResponse":{
@@ -1282,6 +1548,30 @@
"association":{"shape":"PodIdentityAssociation"}
}
},
+ "DeleteAccessEntryRequest":{
+ "type":"structure",
+ "required":[
+ "clusterName",
+ "principalArn"
+ ],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "principalArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"principalArn"
+ }
+ }
+ },
+ "DeleteAccessEntryResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
"DeleteAddonRequest":{
"type":"structure",
"required":[
@@ -1438,6 +1728,31 @@
"cluster":{"shape":"Cluster"}
}
},
+ "DescribeAccessEntryRequest":{
+ "type":"structure",
+ "required":[
+ "clusterName",
+ "principalArn"
+ ],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "principalArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"principalArn"
+ }
+ }
+ },
+ "DescribeAccessEntryResponse":{
+ "type":"structure",
+ "members":{
+ "accessEntry":{"shape":"AccessEntry"}
+ }
+ },
"DescribeAddonConfigurationRequest":{
"type":"structure",
"required":[
@@ -1708,6 +2023,36 @@
"update":{"shape":"Update"}
}
},
+ "DisassociateAccessPolicyRequest":{
+ "type":"structure",
+ "required":[
+ "clusterName",
+ "principalArn",
+ "policyArn"
+ ],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "principalArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"principalArn"
+ },
+ "policyArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"policyArn"
+ }
+ }
+ },
+ "DisassociateAccessPolicyResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
"DisassociateIdentityProviderConfigRequest":{
"type":"structure",
"required":[
@@ -1981,6 +2326,73 @@
"id":{"shape":"String"}
}
},
+ "ListAccessEntriesRequest":{
+ "type":"structure",
+ "required":["clusterName"],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "associatedPolicyArn":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"associatedPolicyArn"
+ },
+ "maxResults":{
+ "shape":"ListAccessEntriesRequestMaxResults",
+ "location":"querystring",
+ "locationName":"maxResults"
+ },
+ "nextToken":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "ListAccessEntriesRequestMaxResults":{
+ "type":"integer",
+ "box":true,
+ "max":100,
+ "min":1
+ },
+ "ListAccessEntriesResponse":{
+ "type":"structure",
+ "members":{
+ "accessEntries":{"shape":"StringList"},
+ "nextToken":{"shape":"String"}
+ }
+ },
+ "ListAccessPoliciesRequest":{
+ "type":"structure",
+ "members":{
+ "maxResults":{
+ "shape":"ListAccessPoliciesRequestMaxResults",
+ "location":"querystring",
+ "locationName":"maxResults"
+ },
+ "nextToken":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "ListAccessPoliciesRequestMaxResults":{
+ "type":"integer",
+ "box":true,
+ "max":100,
+ "min":1
+ },
+ "ListAccessPoliciesResponse":{
+ "type":"structure",
+ "members":{
+ "accessPolicies":{"shape":"AccessPoliciesList"},
+ "nextToken":{"shape":"String"}
+ }
+ },
"ListAddonsRequest":{
"type":"structure",
"required":["clusterName"],
@@ -2015,6 +2427,50 @@
"nextToken":{"shape":"String"}
}
},
+ "ListAssociatedAccessPoliciesRequest":{
+ "type":"structure",
+ "required":[
+ "clusterName",
+ "principalArn"
+ ],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "principalArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"principalArn"
+ },
+ "maxResults":{
+ "shape":"ListAssociatedAccessPoliciesRequestMaxResults",
+ "location":"querystring",
+ "locationName":"maxResults"
+ },
+ "nextToken":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "ListAssociatedAccessPoliciesRequestMaxResults":{
+ "type":"integer",
+ "box":true,
+ "max":100,
+ "min":1
+ },
+ "ListAssociatedAccessPoliciesResponse":{
+ "type":"structure",
+ "members":{
+ "clusterName":{"shape":"String"},
+ "principalArn":{"shape":"String"},
+ "nextToken":{"shape":"String"},
+ "associatedAccessPolicies":{"shape":"AssociatedAccessPoliciesList"}
+ }
+ },
"ListClustersRequest":{
"type":"structure",
"members":{
@@ -2761,6 +3217,43 @@
"errors":{"shape":"ErrorDetails"}
}
},
+ "UpdateAccessConfigRequest":{
+ "type":"structure",
+ "members":{
+ "authenticationMode":{"shape":"AuthenticationMode"}
+ }
+ },
+ "UpdateAccessEntryRequest":{
+ "type":"structure",
+ "required":[
+ "clusterName",
+ "principalArn"
+ ],
+ "members":{
+ "clusterName":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"name"
+ },
+ "principalArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"principalArn"
+ },
+ "kubernetesGroups":{"shape":"StringList"},
+ "clientRequestToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "username":{"shape":"String"}
+ }
+ },
+ "UpdateAccessEntryResponse":{
+ "type":"structure",
+ "members":{
+ "accessEntry":{"shape":"AccessEntry"}
+ }
+ },
"UpdateAddonRequest":{
"type":"structure",
"required":[
@@ -2808,7 +3301,8 @@
"clientRequestToken":{
"shape":"String",
"idempotencyToken":true
- }
+ },
+ "accessConfig":{"shape":"UpdateAccessConfigRequest"}
}
},
"UpdateClusterConfigResponse":{
@@ -2975,7 +3469,8 @@
"MaxUnavailablePercentage",
"ConfigurationValues",
"SecurityGroups",
- "Subnets"
+ "Subnets",
+ "AuthenticationMode"
]
},
"UpdateParams":{
@@ -3039,7 +3534,8 @@
"DisassociateIdentityProviderConfig",
"AssociateEncryptionConfig",
"AddonUpdate",
- "VpcConfigUpdate"
+ "VpcConfigUpdate",
+ "AccessConfigUpdate"
]
},
"VpcConfigRequest":{
diff --git a/models/apis/eks/2017-11-01/docs-2.json b/models/apis/eks/2017-11-01/docs-2.json
index ecd3f0b58cc..d0ca41aef26 100644
--- a/models/apis/eks/2017-11-01/docs-2.json
+++ b/models/apis/eks/2017-11-01/docs-2.json
@@ -1,52 +1,61 @@
{
"version": "2.0",
- "service": "Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on Amazon Web Services without needing to stand up or maintain your own Kubernetes control plane. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications.
Amazon EKS runs up-to-date versions of the open-source Kubernetes software, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises data centers or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without any code modification required.
",
+ "service": "Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on Amazon Web Services without needing to setup or maintain your own Kubernetes control plane. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications.
Amazon EKS runs up-to-date versions of the open-source Kubernetes software, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises data centers or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without any code modification required.
",
"operations": {
- "AssociateEncryptionConfig": "Associate encryption configuration to an existing cluster.
You can use this API to enable encryption on existing clusters which do not have encryption already enabled. This allows you to implement a defense-in-depth security strategy without migrating applications to new Amazon EKS clusters.
",
- "AssociateIdentityProviderConfig": "Associate an identity provider configuration to a cluster.
If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes roles and clusterroles to assign permissions to the roles, and then bind the roles to the identities using Kubernetes rolebindings and clusterrolebindings. For more information see Using RBAC Authorization in the Kubernetes documentation.
",
+ "AssociateAccessPolicy": "Associates an access policy and its scope to an access entry. For more information about associating access policies, see Associating and disassociating access policies to and from access entries in the Amazon EKS User Guide.
",
+ "AssociateEncryptionConfig": "Associates an encryption configuration to an existing cluster.
Use this API to enable encryption on existing clusters that don't already have encryption enabled. This allows you to implement a defense-in-depth security strategy without migrating applications to new Amazon EKS clusters.
",
+ "AssociateIdentityProviderConfig": "Associates an identity provider configuration to a cluster.
If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes Role and ClusterRole objects, assign permissions to them, and then bind them to the identities using Kubernetes RoleBinding and ClusterRoleBinding objects. For more information see Using RBAC Authorization in the Kubernetes documentation.
",
+ "CreateAccessEntry": "Creates an access entry.
An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the aws-auth ConfigMap for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes Role, ClusterRole, RoleBinding, and ClusterRoleBinding objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes Role, ClusterRole, RoleBinding, and ClusterRoleBinding objects.
For more information about access entries, see Access entries in the Amazon EKS User Guide.
",
"CreateAddon": "Creates an Amazon EKS add-on.
Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide.
",
- "CreateCluster": "Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec, logs, and proxy data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .
You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Managing Cluster Authentication and Launching Amazon EKS nodes in the Amazon EKS User Guide.
",
+ "CreateCluster": "Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec, logs, and proxy data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .
You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Managing Cluster Authentication and Launching Amazon EKS nodes in the Amazon EKS User Guide.
",
"CreateEksAnywhereSubscription": "Creates an EKS Anywhere subscription. When a subscription is created, it is a contract agreement for the length of the term specified in the request. Licenses that are used to validate support are provisioned in Amazon Web Services License Manager and the caller account is granted access to EKS Anywhere Curated Packages.
",
- "CreateFargateProfile": "Creates an Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes Role Based Access Control (RBAC) for authorization so that the kubelet that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see Pod Execution Role in the Amazon EKS User Guide.
Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
If any Fargate profiles in a cluster are in the DELETING status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
For more information, see Fargate Profile in the Amazon EKS User Guide.
",
- "CreateNodegroup": "Creates a managed node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.
Windows AMI types are only supported for commercial Regions that support Windows Amazon EKS.
",
- "CreatePodIdentityAssociation": "Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.
Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that 7EC2l instance profiles provide credentials to Amazon EC2 instances.
If a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.
Pod Identity is a simpler method than IAM roles for service accounts, as this method doesn't use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.
",
- "DeleteAddon": "Delete an Amazon EKS add-on.
When you remove the add-on, it will also be deleted from the cluster. You can always manually start an add-on on the cluster using the Kubernetes API.
",
- "DeleteCluster": "Deletes the Amazon EKS cluster control plane.
If you have active services in your cluster that are associated with a load balancer, you must delete those services before deleting the cluster so that the load balancers are deleted properly. Otherwise, you can have orphaned resources in your VPC that prevent you from being able to delete the VPC. For more information, see Deleting a Cluster in the Amazon EKS User Guide.
If you have managed node groups or Fargate profiles attached to the cluster, you must delete them first. For more information, see DeleteNodegroup and DeleteFargateProfile.
",
+ "CreateFargateProfile": "Creates an Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes Role Based Access Control (RBAC) for authorization so that the kubelet that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see Pod Execution Role in the Amazon EKS User Guide.
Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
If any Fargate profiles in a cluster are in the DELETING status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
For more information, see Fargate profile in the Amazon EKS User Guide.
",
+ "CreateNodegroup": "Creates a managed node group for an Amazon EKS cluster.
You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see Launch template support.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.
Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.
",
+ "CreatePodIdentityAssociation": "Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.
Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
If a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.
Pod Identity is a simpler method than IAM roles for service accounts, as this method doesn't use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.
",
+ "DeleteAccessEntry": "Deletes an access entry.
Deleting an access entry of a type other than Standard can cause your cluster to function improperly. If you delete an access entry in error, you can recreate it.
",
+ "DeleteAddon": "Deletes an Amazon EKS add-on.
When you remove an add-on, it's deleted from the cluster. You can always manually start an add-on on the cluster using the Kubernetes API.
",
+ "DeleteCluster": "Deletes an Amazon EKS cluster control plane.
If you have active services in your cluster that are associated with a load balancer, you must delete those services before deleting the cluster so that the load balancers are deleted properly. Otherwise, you can have orphaned resources in your VPC that prevent you from being able to delete the VPC. For more information, see Deleting a cluster in the Amazon EKS User Guide.
If you have managed node groups or Fargate profiles attached to the cluster, you must delete them first. For more information, see DeleteNodgroup and DeleteFargateProfile.
",
"DeleteEksAnywhereSubscription": "Deletes an expired or inactive subscription. Deleting inactive subscriptions removes them from the Amazon Web Services Management Console view and from list/describe API responses. Subscriptions can only be cancelled within 7 days of creation and are cancelled by creating a ticket in the Amazon Web Services Support Center.
",
- "DeleteFargateProfile": "Deletes an Fargate profile.
When you delete a Fargate profile, any pods running on Fargate that were created with the profile are deleted. If those pods match another Fargate profile, then they are scheduled on Fargate with that profile. If they no longer match any Fargate profiles, then they are not scheduled on Fargate and they may remain in a pending state.
Only one Fargate profile in a cluster can be in the DELETING status at a time. You must wait for a Fargate profile to finish deleting before you can delete any other profiles in that cluster.
",
- "DeleteNodegroup": "Deletes an Amazon EKS node group for a cluster.
",
+ "DeleteFargateProfile": "Deletes an Fargate profile.
When you delete a Fargate profile, any Pod running on Fargate that was created with the profile is deleted. If the Pod matches another Fargate profile, then it is scheduled on Fargate with that profile. If it no longer matches any Fargate profiles, then it's not scheduled on Fargate and may remain in a pending state.
Only one Fargate profile in a cluster can be in the DELETING status at a time. You must wait for a Fargate profile to finish deleting before you can delete any other profiles in that cluster.
",
+ "DeleteNodegroup": "Deletes a managed node group.
",
"DeletePodIdentityAssociation": "Deletes a EKS Pod Identity association.
The temporary Amazon Web Services credentials from the previous IAM role session might still be valid until the session expiry. If you need to immediately revoke the temporary session credentials, then go to the role in the IAM console.
",
- "DeregisterCluster": "Deregisters a connected cluster to remove it from the Amazon EKS control plane.
",
+ "DeregisterCluster": "Deregisters a connected cluster to remove it from the Amazon EKS control plane.
A connected cluster is a Kubernetes cluster that you've connected to your control plane using the Amazon EKS Connector.
",
+ "DescribeAccessEntry": "Describes an access entry.
",
"DescribeAddon": "Describes an Amazon EKS add-on.
",
"DescribeAddonConfiguration": "Returns configuration options.
",
- "DescribeAddonVersions": "Describes the versions for an add-on. Information such as the Kubernetes versions that you can use the add-on with, the owner, publisher, and the type of the add-on are returned.
",
- "DescribeCluster": "Returns descriptive information about an Amazon EKS cluster.
The API server endpoint and certificate authority data returned by this operation are required for kubelet and kubectl to communicate with your Kubernetes API server. For more information, see Create a kubeconfig for Amazon EKS.
The API server endpoint and certificate authority data aren't available until the cluster reaches the ACTIVE state.
",
+ "DescribeAddonVersions": "Describes the versions for an add-on.
Information such as the Kubernetes versions that you can use the add-on with, the owner, publisher, and the type of the add-on are returned.
",
+ "DescribeCluster": "Describes an Amazon EKS cluster.
The API server endpoint and certificate authority data returned by this operation are required for kubelet and kubectl to communicate with your Kubernetes API server. For more information, see Creating or updating a kubeconfig file for an Amazon EKS cluster.
The API server endpoint and certificate authority data aren't available until the cluster reaches the ACTIVE state.
",
"DescribeEksAnywhereSubscription": "Returns descriptive information about a subscription.
",
- "DescribeFargateProfile": "Returns descriptive information about an Fargate profile.
",
- "DescribeIdentityProviderConfig": "Returns descriptive information about an identity provider configuration.
",
- "DescribeNodegroup": "Returns descriptive information about an Amazon EKS node group.
",
+ "DescribeFargateProfile": "Describes an Fargate profile.
",
+ "DescribeIdentityProviderConfig": "Describes an identity provider configuration.
",
+ "DescribeNodegroup": "Describes a managed node group.
",
"DescribePodIdentityAssociation": "Returns descriptive information about an EKS Pod Identity association.
This action requires the ID of the association. You can get the ID from the response to the CreatePodIdentityAssocation for newly created associations. Or, you can list the IDs for associations with ListPodIdentityAssociations and filter the list by namespace or service account.
",
- "DescribeUpdate": "Returns descriptive information about an update against your Amazon EKS cluster or associated managed node group or Amazon EKS add-on.
When the status of the update is Succeeded, the update is complete. If an update fails, the status is Failed, and an error detail explains the reason for the failure.
",
- "DisassociateIdentityProviderConfig": "Disassociates an identity provider configuration from a cluster. If you disassociate an identity provider from your cluster, users included in the provider can no longer access the cluster. However, you can still access the cluster with IAM principals.
",
+ "DescribeUpdate": "Describes an update to an Amazon EKS resource.
When the status of the update is Succeeded, the update is complete. If an update fails, the status is Failed, and an error detail explains the reason for the failure.
",
+ "DisassociateAccessPolicy": "Disassociates an access policy from an access entry.
",
+ "DisassociateIdentityProviderConfig": "Disassociates an identity provider configuration from a cluster.
If you disassociate an identity provider from your cluster, users included in the provider can no longer access the cluster. However, you can still access the cluster with IAM principals.
",
+ "ListAccessEntries": "Lists the access entries for your cluster.
",
+ "ListAccessPolicies": "Lists the available access policies.
",
"ListAddons": "Lists the installed add-ons.
",
- "ListClusters": "Lists the Amazon EKS clusters in your Amazon Web Services account in the specified Region.
",
+ "ListAssociatedAccessPolicies": "Lists the access policies associated with an access entry.
",
+ "ListClusters": "Lists the Amazon EKS clusters in your Amazon Web Services account in the specified Amazon Web Services Region.
",
"ListEksAnywhereSubscriptions": "Displays the full description of the subscription.
",
- "ListFargateProfiles": "Lists the Fargate profiles associated with the specified cluster in your Amazon Web Services account in the specified Region.
",
- "ListIdentityProviderConfigs": "A list of identity provider configurations.
",
- "ListNodegroups": "Lists the Amazon EKS managed node groups associated with the specified cluster in your Amazon Web Services account in the specified Region. Self-managed node groups are not listed.
",
+ "ListFargateProfiles": "Lists the Fargate profiles associated with the specified cluster in your Amazon Web Services account in the specified Amazon Web Services Region.
",
+ "ListIdentityProviderConfigs": "Lists the identity provider configurations for your cluster.
",
+ "ListNodegroups": "Lists the managed node groups associated with the specified cluster in your Amazon Web Services account in the specified Amazon Web Services Region. Self-managed node groups aren't listed.
",
"ListPodIdentityAssociations": "List the EKS Pod Identity associations in a cluster. You can filter the list by the namespace that the association is in or the service account that the association uses.
",
"ListTagsForResource": "List the tags for an Amazon EKS resource.
",
- "ListUpdates": "Lists the updates associated with an Amazon EKS cluster or managed node group in your Amazon Web Services account, in the specified Region.
",
- "RegisterCluster": "Connects a Kubernetes cluster to the Amazon EKS control plane.
Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes.
Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control plane.
Second, a Manifest containing the activationID and activationCode must be applied to the Kubernetes cluster through it's native provider to provide visibility.
After the Manifest is updated and applied, then the connected cluster is visible to the Amazon EKS control plane. If the Manifest is not applied within three days, then the connected cluster will no longer be visible and must be deregistered. See DeregisterCluster.
",
- "TagResource": "Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are deleted as well. Tags that you create for Amazon EKS resources do not propagate to any other resources associated with the cluster. For example, if you tag a cluster with this operation, that tag does not automatically propagate to the subnets and nodes associated with the cluster.
",
- "UntagResource": "Deletes specified tags from a resource.
",
+ "ListUpdates": "Lists the updates associated with an Amazon EKS resource in your Amazon Web Services account, in the specified Amazon Web Services Region.
",
+ "RegisterCluster": "Connects a Kubernetes cluster to the Amazon EKS control plane.
Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes.
Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control plane.
Second, a Manifest containing the activationID and activationCode must be applied to the Kubernetes cluster through it's native provider to provide visibility.
After the manifest is updated and applied, the connected cluster is visible to the Amazon EKS control plane. If the manifest isn't applied within three days, the connected cluster will no longer be visible and must be deregistered using DeregisterCluster.
",
+ "TagResource": "Associates the specified tags to an Amazon EKS resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they aren't changed. When a resource is deleted, the tags associated with that resource are also deleted. Tags that you create for Amazon EKS resources don't propagate to any other resources associated with the cluster. For example, if you tag a cluster with this operation, that tag doesn't automatically propagate to the subnets and nodes associated with the cluster.
",
+ "UntagResource": "Deletes specified tags from an Amazon EKS resource.
",
+ "UpdateAccessEntry": "Updates an access entry.
",
"UpdateAddon": "Updates an Amazon EKS add-on.
",
- "UpdateClusterConfig": "Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.
You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
You can also use this API operation to choose different subnets and security groups for the cluster. You must specify at least two subnets that are in different Availability Zones. You can't change which VPC the subnets are from, the subnets must be in the same VPC as the subnets that the cluster was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html in the Amazon EKS User Guide .
Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.
",
+ "UpdateClusterConfig": "Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with DescribeUpdate\"/>.
You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
You can also use this API operation to choose different subnets and security groups for the cluster. You must specify at least two subnets that are in different Availability Zones. You can't change which VPC the subnets are from, the subnets must be in the same VPC as the subnets that the cluster was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html in the Amazon EKS User Guide .
Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.
",
"UpdateClusterVersion": "Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.
Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.
If your cluster has managed node groups attached to it, all of your node groups’ Kubernetes versions must match the cluster’s Kubernetes version in order to update the cluster to a new Kubernetes version.
",
"UpdateEksAnywhereSubscription": "Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated after subscription creation.
",
"UpdateNodegroupConfig": "Updates an Amazon EKS managed node group configuration. Your node group continues to function during the update. The response output includes an update ID that you can use to track the status of your node group update with the DescribeUpdate API operation. Currently you can update the Kubernetes labels for a node group or the scaling configuration.
",
- "UpdateNodegroupVersion": "Updates the Kubernetes version or AMI version of an Amazon EKS managed node group.
You can update a node group using a launch template only if the node group was originally deployed with a launch template. If you need to update a custom AMI in a node group that was deployed with a launch template, then update your custom AMI, specify the new ID in a new version of the launch template, and then update the node group to the new version of the launch template.
If you update without a launch template, then you can update to the latest available AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in the request. You can update to the latest AMI version of your cluster's current Kubernetes version by specifying your cluster's Kubernetes version in the request. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
You cannot roll back a node group to an earlier Kubernetes version or AMI version.
When a node in a managed node group is terminated due to a scaling action or update, the pods in that node are drained first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is unable to do so. You can force the update if Amazon EKS is unable to drain the nodes as a result of a pod disruption budget issue.
",
- "UpdatePodIdentityAssociation": "Updates a EKS Pod Identity association. Only the IAM role can be changed; an association can't be moved between clusters, namespaces, or service accounts. If you need to edit the namespace or service account, you need to remove the association and then create a new association with your desired settings.
"
+ "UpdateNodegroupVersion": "Updates the Kubernetes version or AMI version of an Amazon EKS managed node group.
You can update a node group using a launch template only if the node group was originally deployed with a launch template. If you need to update a custom AMI in a node group that was deployed with a launch template, then update your custom AMI, specify the new ID in a new version of the launch template, and then update the node group to the new version of the launch template.
If you update without a launch template, then you can update to the latest available AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in the request. You can update to the latest AMI version of your cluster's current Kubernetes version by specifying your cluster's Kubernetes version in the request. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
You cannot roll back a node group to an earlier Kubernetes version or AMI version.
When a node in a managed node group is terminated due to a scaling action or update, every Pod on that node is drained first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is unable to do so. You can force the update if Amazon EKS is unable to drain the nodes as a result of a Pod disruption budget issue.
",
+ "UpdatePodIdentityAssociation": "Updates a EKS Pod Identity association. Only the IAM role can be changed; an association can't be moved between clusters, namespaces, or service accounts. If you need to edit the namespace or service account, you need to delete the association and then create a new association with your desired settings.
"
},
"shapes": {
"AMITypes": {
@@ -56,11 +65,50 @@
"Nodegroup$amiType": "If the node group was deployed using a launch template with a custom AMI, then this is CUSTOM. For node groups that weren't deployed using a launch template, this is the AMI type that was specified in the node group configuration.
"
}
},
+ "AccessConfigResponse": {
+ "base": "The access configuration for the cluster.
",
+ "refs": {
+ "Cluster$accessConfig": "The access configuration for the cluster.
"
+ }
+ },
"AccessDeniedException": {
"base": "You don't have permissions to perform the requested operation. The IAM principal making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access management in the IAM User Guide.
",
"refs": {
}
},
+ "AccessEntry": {
+ "base": "An access entry allows an IAM principal (user or role) to access your cluster. Access entries can replace the need to maintain the aws-auth ConfigMap for authentication. For more information about access entries, see Access entries in the Amazon EKS User Guide.
",
+ "refs": {
+ "CreateAccessEntryResponse$accessEntry": null,
+ "DescribeAccessEntryResponse$accessEntry": "Information about the access entry.
",
+ "UpdateAccessEntryResponse$accessEntry": "The ARN of the IAM principal for the AccessEntry.
"
+ }
+ },
+ "AccessPoliciesList": {
+ "base": null,
+ "refs": {
+ "ListAccessPoliciesResponse$accessPolicies": "The list of available access policies. You can't view the contents of an access policy using the API. To view the contents, see Access policy permissions in the Amazon EKS User Guide.
"
+ }
+ },
+ "AccessPolicy": {
+ "base": "An access policy includes permissions that allow Amazon EKS to authorize an IAM principal to work with Kubernetes objects on your cluster. The policies are managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the policies using the API. The permissions for many of the policies are similar to the Kubernetes cluster-admin, admin, edit, and view cluster roles. For more information about these cluster roles, see User-facing roles in the Kubernetes documentation. To view the contents of the policies, see Access policy permissions in the Amazon EKS User Guide.
",
+ "refs": {
+ "AccessPoliciesList$member": null
+ }
+ },
+ "AccessScope": {
+ "base": "The scope of an AccessPolicy that's associated to an AccessEntry.
",
+ "refs": {
+ "AssociateAccessPolicyRequest$accessScope": "The scope for the AccessPolicy. You can scope access policies to an entire cluster or to specific Kubernetes namespaces.
",
+ "AssociatedAccessPolicy$accessScope": "The scope of the access policy.
"
+ }
+ },
+ "AccessScopeType": {
+ "base": null,
+ "refs": {
+ "AccessScope$type": "The scope type of an access policy.
"
+ }
+ },
"Addon": {
"base": "An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide.
",
"refs": {
@@ -123,6 +171,16 @@
"DescribeAddonVersionsResponse$addons": "The list of available versions with Kubernetes version compatibility and other properties.
"
}
},
+ "AssociateAccessPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "AssociateAccessPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"AssociateEncryptionConfigRequest": {
"base": null,
"refs": {
@@ -143,6 +201,27 @@
"refs": {
}
},
+ "AssociatedAccessPoliciesList": {
+ "base": null,
+ "refs": {
+ "ListAssociatedAccessPoliciesResponse$associatedAccessPolicies": "The list of access policies associated with the access entry.
"
+ }
+ },
+ "AssociatedAccessPolicy": {
+ "base": "An access policy association.
",
+ "refs": {
+ "AssociateAccessPolicyResponse$associatedAccessPolicy": "The AccessPolicy and scope associated to the AccessEntry.
",
+ "AssociatedAccessPoliciesList$member": null
+ }
+ },
+ "AuthenticationMode": {
+ "base": null,
+ "refs": {
+ "AccessConfigResponse$authenticationMode": "The current authentication mode of the cluster.
",
+ "CreateAccessConfigRequest$authenticationMode": "The desired authentication mode for the cluster. If you create a cluster by using the EKS API, Amazon Web Services SDKs, or CloudFormation, the default is CONFIG_MAP. If you create the cluster by using the Amazon Web Services Management Console, the default value is API_AND_CONFIG_MAP.
",
+ "UpdateAccessConfigRequest$authenticationMode": "The desired authentication mode for the cluster.
"
+ }
+ },
"AutoScalingGroup": {
"base": "An Auto Scaling group that is associated with an Amazon EKS managed node group.
",
"refs": {
@@ -169,14 +248,16 @@
"DeleteAddonRequest$preserve": "Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. If an IAM account is associated with the add-on, it isn't removed.
",
"EksAnywhereSubscription$autoRenew": "A boolean indicating whether or not a subscription will auto renew when it expires.
",
"UpdateEksAnywhereSubscriptionRequest$autoRenew": "A boolean indicating whether or not to automatically renew the subscription.
",
- "UpdateNodegroupVersionRequest$force": "Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node.
",
- "VpcConfigResponse$endpointPublicAccess": "This parameter indicates whether the Amazon EKS public API server endpoint is enabled. If the Amazon EKS public API server endpoint is disabled, your cluster's Kubernetes API server can only receive requests that originate from within the cluster VPC.
",
+ "UpdateNodegroupVersionRequest$force": "Force the update if any Pod on the existing node group can't be drained due to a Pod disruption budget issue. If an update fails because all Pods can't be drained, you can force the update after it fails to terminate the old node whether or not any Pod is running on the node.
",
+ "VpcConfigResponse$endpointPublicAccess": "Whether the public API server endpoint is enabled.
",
"VpcConfigResponse$endpointPrivateAccess": "This parameter indicates whether the Amazon EKS private API server endpoint is enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes API requests that originate from within your cluster's VPC use the private VPC endpoint instead of traversing the internet. If this value is disabled and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
"
}
},
"BoxedBoolean": {
"base": null,
"refs": {
+ "AccessConfigResponse$bootstrapClusterCreatorAdminPermissions": "Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time.
",
+ "CreateAccessConfigRequest$bootstrapClusterCreatorAdminPermissions": "Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time. The default value is true.
",
"LogSetup$enabled": "If a log type is enabled, that log type exports its control plane logs to CloudWatch Logs. If a log type isn't enabled, that log type doesn't export its control plane logs. Each individual log type can be enabled or disabled independently.
",
"VpcConfigRequest$endpointPublicAccess": "Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
",
"VpcConfigRequest$endpointPrivateAccess": "Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
"
@@ -250,14 +331,14 @@
"ClusterName": {
"base": null,
"refs": {
- "Addon$clusterName": "The name of the cluster.
",
- "CreateAddonRequest$clusterName": "The name of the cluster to create the add-on for.
",
+ "Addon$clusterName": "The name of your cluster.
",
+ "CreateAddonRequest$clusterName": "The name of your cluster.
",
"CreateClusterRequest$name": "The unique name to give to your cluster.
",
- "DeleteAddonRequest$clusterName": "The name of the cluster to delete the add-on from.
",
- "DescribeAddonRequest$clusterName": "The name of the cluster.
",
- "ListAddonsRequest$clusterName": "The name of the cluster.
",
- "RegisterClusterRequest$name": "Define a unique name for this cluster for your Region.
",
- "UpdateAddonRequest$clusterName": "The name of the cluster.
"
+ "DeleteAddonRequest$clusterName": "The name of your cluster.
",
+ "DescribeAddonRequest$clusterName": "The name of your cluster.
",
+ "ListAddonsRequest$clusterName": "The name of your cluster.
",
+ "RegisterClusterRequest$name": "A unique name for this cluster in your Amazon Web Services Region.
",
+ "UpdateAddonRequest$clusterName": "The name of your cluster.
"
}
},
"ClusterStatus": {
@@ -308,6 +389,22 @@
"OutpostConfigResponse$controlPlanePlacement": "An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on an Amazon Web Services Outpost. For more information, see Capacity considerations in the Amazon EKS User Guide.
"
}
},
+ "CreateAccessConfigRequest": {
+ "base": "The access configuration information for the cluster.
",
+ "refs": {
+ "CreateClusterRequest$accessConfig": "The access configuration for the cluster.
"
+ }
+ },
+ "CreateAccessEntryRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateAccessEntryResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"CreateAddonRequest": {
"base": null,
"refs": {
@@ -368,6 +465,16 @@
"refs": {
}
},
+ "DeleteAccessEntryRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteAccessEntryResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"DeleteAddonRequest": {
"base": null,
"refs": {
@@ -438,6 +545,16 @@
"refs": {
}
},
+ "DescribeAccessEntryRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeAccessEntryResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"DescribeAddonConfigurationRequest": {
"base": null,
"refs": {
@@ -466,7 +583,7 @@
"DescribeAddonVersionsRequestMaxResults": {
"base": null,
"refs": {
- "DescribeAddonVersionsRequest$maxResults": "The maximum number of results to return.
"
+ "DescribeAddonVersionsRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
}
},
"DescribeAddonVersionsResponse": {
@@ -535,7 +652,7 @@
}
},
"DescribeUpdateRequest": {
- "base": null,
+ "base": "Describes an update request.
",
"refs": {
}
},
@@ -544,6 +661,16 @@
"refs": {
}
},
+ "DisassociateAccessPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DisassociateAccessPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"DisassociateIdentityProviderConfigRequest": {
"base": null,
"refs": {
@@ -625,7 +752,7 @@
"ErrorCode": {
"base": null,
"refs": {
- "ErrorDetail$errorCode": "A brief description of the error.
-
SubnetNotFound: We couldn't find one of the subnets associated with the cluster.
-
SecurityGroupNotFound: We couldn't find one of the security groups associated with the cluster.
-
EniLimitReached: You have reached the elastic network interface limit for your account.
-
IpNotAvailable: A subnet associated with the cluster doesn't have any free IP addresses.
-
AccessDenied: You don't have permissions to perform the specified operation.
-
OperationNotPermitted: The service role associated with the cluster doesn't have the required access permissions for Amazon EKS.
-
VpcIdNotFound: We couldn't find the VPC associated with the cluster.
"
+ "ErrorDetail$errorCode": "A brief description of the error.
-
SubnetNotFound: We couldn't find one of the subnets associated with the cluster.
-
SecurityGroupNotFound: We couldn't find one of the security groups associated with the cluster.
-
EniLimitReached: You have reached the elastic network interface limit for your account.
-
IpNotAvailable: A subnet associated with the cluster doesn't have any available IP addresses.
-
AccessDenied: You don't have permissions to perform the specified operation.
-
OperationNotPermitted: The service role associated with the cluster doesn't have the required access permissions for Amazon EKS.
-
VpcIdNotFound: We couldn't find the VPC associated with the cluster.
"
}
},
"ErrorDetail": {
@@ -663,8 +790,8 @@
"FargateProfileSelectors": {
"base": null,
"refs": {
- "CreateFargateProfileRequest$selectors": "The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. You may specify up to five selectors in a Fargate profile.
",
- "FargateProfile$selectors": "The selectors to match for pods to use this Fargate profile.
"
+ "CreateFargateProfileRequest$selectors": "The selectors to match for a Pod to use this Fargate profile. Each selector must have an associated Kubernetes namespace. Optionally, you can also specify labels for a namespace. You may specify up to five selectors in a Fargate profile.
",
+ "FargateProfile$selectors": "The selectors to match for a Pod to use this Fargate profile.
"
}
},
"FargateProfileStatus": {
@@ -676,7 +803,7 @@
"FargateProfilesRequestMaxResults": {
"base": null,
"refs": {
- "ListFargateProfilesRequest$maxResults": "The maximum number of Fargate profile results returned by ListFargateProfiles in paginated output. When you use this parameter, ListFargateProfiles returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListFargateProfiles request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListFargateProfiles returns up to 100 results and a nextToken value if applicable.
"
+ "ListFargateProfilesRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
}
},
"Identity": {
@@ -708,7 +835,7 @@
"IncludeClustersList": {
"base": null,
"refs": {
- "ListClustersRequest$include": "Indicates whether external clusters are included in the returned list. Use 'all' to return connected clusters, or blank to return only Amazon EKS clusters. 'all' must be in lowercase otherwise an error occurs.
"
+ "ListClustersRequest$include": "Indicates whether external clusters are included in the returned list. Use 'all' to return https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.htmlconnected clusters, or blank to return only Amazon EKS clusters. 'all' must be in lowercase otherwise an error occurs.
"
}
},
"Integer": {
@@ -733,7 +860,7 @@
"base": null,
"refs": {
"KubernetesNetworkConfigRequest$ipFamily": "Specify which IP family is used to assign Kubernetes pod and service IP addresses. If you don't specify a value, ipv4 is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify ipv6, the VPC and subnets that you specify for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to them. You can't specify ipv6 for clusters in China Regions.
You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on. If you specify ipv6, then ensure that your VPC meets the requirements listed in the considerations listed in Assigning IPv6 addresses to pods and services in the Amazon EKS User Guide. Kubernetes assigns services IPv6 addresses from the unique local address range (fc00::/7). You can't specify a custom IPv6 CIDR block. Pod addresses are assigned from the subnet's IPv6 CIDR.
",
- "KubernetesNetworkConfigResponse$ipFamily": "The IP family used to assign Kubernetes pod and service IP addresses. The IP family is always ipv4, unless you have a 1.21 or later cluster running version 1.10.1 or later of the Amazon VPC CNI add-on and specified ipv6 when you created the cluster.
"
+ "KubernetesNetworkConfigResponse$ipFamily": "The IP family used to assign Kubernetes Pod and Service objects IP addresses. The IP family is always ipv4, unless you have a 1.21 or later cluster running version 1.10.1 or later of the Amazon VPC CNI plugin for Kubernetes and specified ipv6 when you created the cluster.
"
}
},
"Issue": {
@@ -768,6 +895,38 @@
"UpdateNodegroupVersionRequest$launchTemplate": "An object representing a node group's launch template specification. You can only update a node group using a launch template if the node group was originally deployed with a launch template.
"
}
},
+ "ListAccessEntriesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAccessEntriesRequestMaxResults": {
+ "base": null,
+ "refs": {
+ "ListAccessEntriesRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
+ }
+ },
+ "ListAccessEntriesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAccessPoliciesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAccessPoliciesRequestMaxResults": {
+ "base": null,
+ "refs": {
+ "ListAccessPoliciesRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
+ }
+ },
+ "ListAccessPoliciesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"ListAddonsRequest": {
"base": null,
"refs": {
@@ -776,7 +935,7 @@
"ListAddonsRequestMaxResults": {
"base": null,
"refs": {
- "ListAddonsRequest$maxResults": "The maximum number of add-on results returned by ListAddonsRequest in paginated output. When you use this parameter, ListAddonsRequest returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListAddonsRequest request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListAddonsRequest returns up to 100 results and a nextToken value, if applicable.
"
+ "ListAddonsRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
}
},
"ListAddonsResponse": {
@@ -784,6 +943,22 @@
"refs": {
}
},
+ "ListAssociatedAccessPoliciesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAssociatedAccessPoliciesRequestMaxResults": {
+ "base": null,
+ "refs": {
+ "ListAssociatedAccessPoliciesRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
+ }
+ },
+ "ListAssociatedAccessPoliciesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"ListClustersRequest": {
"base": null,
"refs": {
@@ -792,7 +967,7 @@
"ListClustersRequestMaxResults": {
"base": null,
"refs": {
- "ListClustersRequest$maxResults": "The maximum number of cluster results returned by ListClusters in paginated output. When you use this parameter, ListClusters returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListClusters request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListClusters returns up to 100 results and a nextToken value if applicable.
"
+ "ListClustersRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
}
},
"ListClustersResponse": {
@@ -834,7 +1009,7 @@
"ListIdentityProviderConfigsRequestMaxResults": {
"base": null,
"refs": {
- "ListIdentityProviderConfigsRequest$maxResults": "The maximum number of identity provider configurations returned by ListIdentityProviderConfigs in paginated output. When you use this parameter, ListIdentityProviderConfigs returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListIdentityProviderConfigs request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListIdentityProviderConfigs returns up to 100 results and a nextToken value, if applicable.
"
+ "ListIdentityProviderConfigsRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
}
},
"ListIdentityProviderConfigsResponse": {
@@ -850,7 +1025,7 @@
"ListNodegroupsRequestMaxResults": {
"base": null,
"refs": {
- "ListNodegroupsRequest$maxResults": "The maximum number of node group results returned by ListNodegroups in paginated output. When you use this parameter, ListNodegroups returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListNodegroups request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListNodegroups returns up to 100 results and a nextToken value if applicable.
"
+ "ListNodegroupsRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
}
},
"ListNodegroupsResponse": {
@@ -892,7 +1067,7 @@
"ListUpdatesRequestMaxResults": {
"base": null,
"refs": {
- "ListUpdatesRequest$maxResults": "The maximum number of update results returned by ListUpdates in paginated output. When you use this parameter, ListUpdates returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListUpdates request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListUpdates returns up to 100 results and a nextToken value if applicable.
"
+ "ListUpdatesRequest$maxResults": "The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.
"
}
},
"ListUpdatesResponse": {
@@ -956,7 +1131,7 @@
"NodegroupIssueCode": {
"base": null,
"refs": {
- "Issue$code": "A brief description of the error.
-
AccessDenied: Amazon EKS or one or more of your managed nodes is failing to authenticate or authorize with your Kubernetes cluster API server.
-
AsgInstanceLaunchFailures: Your Auto Scaling group is experiencing failures while attempting to launch instances.
-
AutoScalingGroupNotFound: We couldn't find the Auto Scaling group associated with the managed node group. You may be able to recreate an Auto Scaling group with the same settings to recover.
-
ClusterUnreachable: Amazon EKS or one or more of your managed nodes is unable to to communicate with your Kubernetes cluster API server. This can happen if there are network disruptions or if API servers are timing out processing requests.
-
Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.
-
Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.
-
Ec2SecurityGroupDeletionFailure: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.
-
Ec2SecurityGroupNotFound: We couldn't find the cluster security group for the cluster. You must recreate your cluster.
-
Ec2SubnetInvalidConfiguration: One or more Amazon EC2 subnets specified for a node group do not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable the auto-assign public IP address setting for the subnet. See Modifying the public IPv4 addressing attribute for your subnet in the Amazon VPC User Guide.
-
IamInstanceProfileNotFound: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.
-
IamNodeRoleNotFound: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.
-
InstanceLimitExceeded: Your Amazon Web Services account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.
-
InsufficientFreeAddresses: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.
-
InternalFailure: These errors are usually caused by an Amazon EKS server-side issue.
-
NodeCreationFailure: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient node IAM role permissions or lack of outbound internet access for the nodes.
"
+ "Issue$code": "A brief description of the error.
-
AccessDenied: Amazon EKS or one or more of your managed nodes is failing to authenticate or authorize with your Kubernetes cluster API server.
-
AsgInstanceLaunchFailures: Your Auto Scaling group is experiencing failures while attempting to launch instances.
-
AutoScalingGroupNotFound: We couldn't find the Auto Scaling group associated with the managed node group. You may be able to recreate an Auto Scaling group with the same settings to recover.
-
ClusterUnreachable: Amazon EKS or one or more of your managed nodes is unable to to communicate with your Kubernetes cluster API server. This can happen if there are network disruptions or if API servers are timing out processing requests.
-
Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.
-
Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.
-
Ec2SecurityGroupDeletionFailure: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.
-
Ec2SecurityGroupNotFound: We couldn't find the cluster security group for the cluster. You must recreate your cluster.
-
Ec2SubnetInvalidConfiguration: One or more Amazon EC2 subnets specified for a node group do not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable the auto-assign public IP address setting for the subnet. See Modifying the public IPv4 addressing attribute for your subnet in the Amazon VPC User Guide.
-
IamInstanceProfileNotFound: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.
-
IamNodeRoleNotFound: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.
-
InstanceLimitExceeded: Your Amazon Web Services account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.
-
InsufficientFreeAddresses: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.
-
InternalFailure: These errors are usually caused by an Amazon EKS server-side issue.
-
NodeCreationFailure: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient node IAM role permissions or lack of outbound internet access for the nodes.
"
}
},
"NodegroupResources": {
@@ -990,7 +1165,7 @@
"NonZeroInteger": {
"base": null,
"refs": {
- "NodegroupUpdateConfig$maxUnavailable": "The maximum number of nodes unavailable at once during a version update. Nodes will be updated in parallel. This value or maxUnavailablePercentage is required to have a value.The maximum number is 100.
"
+ "NodegroupUpdateConfig$maxUnavailable": "The maximum number of nodes unavailable at once during a version update. Nodes are updated in parallel. This value or maxUnavailablePercentage is required to have a value.The maximum number is 100.
"
}
},
"NotFoundException": {
@@ -1011,7 +1186,7 @@
}
},
"OidcIdentityProviderConfigRequest": {
- "base": "An object representing an OpenID Connect (OIDC) configuration. Before associating an OIDC identity provider to your cluster, review the considerations in Authenticating users for your cluster from an OpenID Connect identity provider in the Amazon EKS User Guide.
",
+ "base": "An object representing an OpenID Connect (OIDC) configuration. Before associating an OIDC identity provider to your cluster, review the considerations in Authenticating users for your cluster from an OIDC identity provider in the Amazon EKS User Guide.
",
"refs": {
"AssociateIdentityProviderConfigRequest$oidc": "An object representing an OpenID Connect (OIDC) identity provider configuration.
"
}
@@ -1031,11 +1206,11 @@
"PercentCapacity": {
"base": null,
"refs": {
- "NodegroupUpdateConfig$maxUnavailablePercentage": "The maximum percentage of nodes unavailable during a version update. This percentage of nodes will be updated in parallel, up to 100 nodes at once. This value or maxUnavailable is required to have a value.
"
+ "NodegroupUpdateConfig$maxUnavailablePercentage": "The maximum percentage of nodes unavailable during a version update. This percentage of nodes are updated in parallel, up to 100 nodes at once. This value or maxUnavailable is required to have a value.
"
}
},
"PodIdentityAssociation": {
- "base": "Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that 7EC2l instance profiles provide credentials to Amazon EC2 instances.
",
+ "base": "Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
",
"refs": {
"CreatePodIdentityAssociationResponse$association": "The full description of your new association.
The description includes an ID for the association. Use the ID of the association in further actions to manage the association.
",
"DeletePodIdentityAssociationResponse$association": "The full description of the EKS Pod Identity association that was deleted.
",
@@ -1096,7 +1271,7 @@
}
},
"ResourceNotFoundException": {
- "base": "The specified resource could not be found. You can view your available clusters with ListClusters. You can view your available managed node groups with ListNodegroups. Amazon EKS clusters and node groups are Region-specific.
",
+ "base": "The specified resource could not be found. You can view your available clusters with ListClusters. You can view your available managed node groups with ListNodegroups. Amazon EKS clusters and node groups are Amazon Web Services Region specific.
",
"refs": {
}
},
@@ -1126,10 +1301,17 @@
"base": null,
"refs": {
"AccessDeniedException$message": "You do not have sufficient access to perform this action.
",
+ "AccessEntry$clusterName": "The name of your cluster.
",
+ "AccessEntry$principalArn": "The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the roleID or userID (you can see this with the Security Token Service GetCallerIdentity API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal's roleID or userID for an access entry, Amazon EKS stores it with the access entry.
",
+ "AccessEntry$accessEntryArn": "The ARN of the access entry.
",
+ "AccessEntry$username": "The name of a user that can authenticate to your cluster.
",
+ "AccessEntry$type": "The type of the access entry.
",
+ "AccessPolicy$name": "The name of the access policy.
",
+ "AccessPolicy$arn": "The ARN of the access policy.
",
"Addon$addonName": "The name of the add-on.
",
"Addon$addonVersion": "The version of the add-on.
",
"Addon$addonArn": "The Amazon Resource Name (ARN) of the add-on.
",
- "Addon$serviceAccountRoleArn": "The Amazon Resource Name (ARN) of the IAM role that's bound to the Kubernetes service account that the add-on uses.
",
+ "Addon$serviceAccountRoleArn": "The Amazon Resource Name (ARN) of the IAM role that's bound to the Kubernetes ServiceAccount object that the add-on uses.
",
"Addon$publisher": "The publisher of the add-on.
",
"Addon$owner": "The owner of the add-on.
",
"Addon$configurationValues": "The configuration values that you provided.
",
@@ -1139,10 +1321,16 @@
"AddonInfo$owner": "The owner of the add-on.
",
"AddonIssue$message": "A message that provides details about the issue and what might cause it.
",
"AddonVersionInfo$addonVersion": "The version of the add-on.
",
- "AssociateEncryptionConfigRequest$clusterName": "The name of the cluster that you are associating with encryption configuration.
",
- "AssociateEncryptionConfigRequest$clientRequestToken": "The client request token you are using with the encryption configuration.
",
- "AssociateIdentityProviderConfigRequest$clusterName": "The name of the cluster to associate the configuration to.
",
- "AssociateIdentityProviderConfigRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "AssociateAccessPolicyRequest$clusterName": "The name of your cluster.
",
+ "AssociateAccessPolicyRequest$principalArn": "The Amazon Resource Name (ARN) of the IAM user or role for the AccessEntry that you're associating the access policy to.
",
+ "AssociateAccessPolicyRequest$policyArn": "The ARN of the AccessPolicy that you're associating. For a list of ARNs, use ListAccessPolicies.
",
+ "AssociateAccessPolicyResponse$clusterName": "The name of your cluster.
",
+ "AssociateAccessPolicyResponse$principalArn": "The ARN of the IAM principal for the AccessEntry.
",
+ "AssociateEncryptionConfigRequest$clusterName": "The name of your cluster.
",
+ "AssociateEncryptionConfigRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "AssociateIdentityProviderConfigRequest$clusterName": "The name of your cluster.
",
+ "AssociateIdentityProviderConfigRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "AssociatedAccessPolicy$policyArn": "The ARN of the AccessPolicy.
",
"AutoScalingGroup$name": "The name of the Auto Scaling group associated with an Amazon EKS managed node group.
",
"BadRequestException$message": "This exception is thrown if the request contains a semantic error. The precise meaning will depend on the API, and will be documented in the error message.
",
"Certificate$data": "The Base64-encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
",
@@ -1151,13 +1339,13 @@
"ClientException$addonName": "The Amazon EKS add-on name associated with the exception.
",
"ClientException$subscriptionId": "The Amazon EKS subscription ID with the exception.
",
"ClientException$message": "These errors are usually caused by a client action. Actions can include using an action or resource on behalf of an IAM principal that doesn't have permissions to use the action or resource or specifying an identifier that is not valid.
",
- "Cluster$name": "The name of the cluster.
",
+ "Cluster$name": "The name of your cluster.
",
"Cluster$arn": "The Amazon Resource Name (ARN) of the cluster.
",
"Cluster$version": "The Kubernetes server version for the cluster.
",
"Cluster$endpoint": "The endpoint for your Kubernetes API server.
",
"Cluster$roleArn": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to Amazon Web Services API operations on your behalf.
",
- "Cluster$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
- "Cluster$platformVersion": "The platform version of your Amazon EKS cluster. For more information, see Platform Versions in the Amazon EKS User Guide .
",
+ "Cluster$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "Cluster$platformVersion": "The platform version of your Amazon EKS cluster. For more information about clusters deployed on the Amazon Web Services Cloud, see Platform versions in the Amazon EKS User Guide . For more information about local clusters deployed on an Outpost, see Amazon EKS local cluster platform versions in the Amazon EKS User Guide .
",
"Cluster$id": "The ID of your local Amazon EKS cluster on an Amazon Web Services Outpost. This property isn't available for an Amazon EKS cluster on the Amazon Web Services cloud.
",
"ClusterIssue$message": "A description of the issue.
",
"Compatibility$clusterVersion": "The supported Kubernetes version of the cluster.
",
@@ -1168,55 +1356,64 @@
"ConnectorConfigResponse$roleArn": "The Amazon Resource Name (ARN) of the role to communicate with services from the connected Kubernetes cluster.
",
"ControlPlanePlacementRequest$groupName": "The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.
",
"ControlPlanePlacementResponse$groupName": "The name of the placement group for the Kubernetes control plane instances.
",
- "CreateAddonRequest$addonName": "The name of the add-on. The name must match one of the names that DescribeAddonVersions returns.
",
+ "CreateAccessEntryRequest$clusterName": "The name of your cluster.
",
+ "CreateAccessEntryRequest$principalArn": "The ARN of the IAM principal for the AccessEntry. You can specify one ARN for each access entry. You can't specify the same ARN in more than one access entry. This value can't be changed after access entry creation.
IAM best practices recommend using IAM roles with temporary credentials, rather than IAM users with long-term credentials.
",
+ "CreateAccessEntryRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "CreateAccessEntryRequest$username": "The username to authenticate to Kubernetes with. We recommend not specifying a username and letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies for you, or constraints before specifying your own username, see Creating access entries in the Amazon EKS User Guide.
",
+ "CreateAccessEntryRequest$type": "If the principalArn is for an IAM role that's used for self-managed Amazon EC2 nodes, specify EC2_LINUX or EC2_WINDOWS. Amazon EKS grants the necessary permissions to the node for you. If the principalArn is for any other purpose, specify STANDARD. If you don't specify a value, Amazon EKS sets the value to STANDARD. It's unnecessary to create access entries for IAM roles used with Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS creates entries in the aws-auth ConfigMap for the roles. You can't change this value once you've created the access entry.
If you set the value to EC2_LINUX or EC2_WINDOWS, you can't specify values for kubernetesGroups, or associate an AccessPolicy to the access entry.
",
+ "CreateAddonRequest$addonName": "The name of the add-on. The name must match one of the names returned by DescribeAddonVersions.
",
"CreateAddonRequest$addonVersion": "The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions .
",
"CreateAddonRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
- "CreateAddonRequest$configurationValues": "The set of configuration values for the add-on that's created. The values that you provide are validated against the schema in DescribeAddonConfiguration .
",
+ "CreateAddonRequest$configurationValues": "The set of configuration values for the add-on that's created. The values that you provide are validated against the schema returned by DescribeAddonConfiguration.
",
"CreateClusterRequest$version": "The desired Kubernetes version for your cluster. If you don't specify a value here, the default version available in Amazon EKS is used.
The default version might not be the latest version available.
",
"CreateClusterRequest$roleArn": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to Amazon Web Services API operations on your behalf. For more information, see Amazon EKS Service IAM Role in the Amazon EKS User Guide .
",
- "CreateClusterRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
- "CreateEksAnywhereSubscriptionRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "CreateClusterRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "CreateEksAnywhereSubscriptionRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"CreateFargateProfileRequest$fargateProfileName": "The name of the Fargate profile.
",
- "CreateFargateProfileRequest$clusterName": "The name of the Amazon EKS cluster to apply the Fargate profile to.
",
- "CreateFargateProfileRequest$podExecutionRoleArn": "The Amazon Resource Name (ARN) of the pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. For more information, see Pod Execution Role in the Amazon EKS User Guide.
",
- "CreateFargateProfileRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
- "CreateNodegroupRequest$clusterName": "The name of the cluster to create the node group in.
",
+ "CreateFargateProfileRequest$clusterName": "The name of your cluster.
",
+ "CreateFargateProfileRequest$podExecutionRoleArn": "The Amazon Resource Name (ARN) of the Pod execution role to use for a Pod that matches the selectors in the Fargate profile. The Pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. For more information, see Pod execution role in the Amazon EKS User Guide.
",
+ "CreateFargateProfileRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "CreateNodegroupRequest$clusterName": "The name of your cluster.
",
"CreateNodegroupRequest$nodegroupName": "The unique name to give your node group.
",
- "CreateNodegroupRequest$nodeRole": "The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide . If you specify launchTemplate, then don't specify IamInstanceProfile in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
- "CreateNodegroupRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "CreateNodegroupRequest$nodeRole": "The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide . If you specify launchTemplate, then don't specify IamInstanceProfile in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
+ "CreateNodegroupRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"CreateNodegroupRequest$version": "The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
"CreateNodegroupRequest$releaseVersion": "The AMI version of the Amazon EKS optimized AMI to use with your node group. By default, the latest available AMI version for the node group's current Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify releaseVersion, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
"CreatePodIdentityAssociationRequest$clusterName": "The name of the cluster to create the association in.
",
"CreatePodIdentityAssociationRequest$namespace": "The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.
",
"CreatePodIdentityAssociationRequest$serviceAccount": "The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
",
"CreatePodIdentityAssociationRequest$roleArn": "The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
",
- "CreatePodIdentityAssociationRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "CreatePodIdentityAssociationRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "DeleteAccessEntryRequest$clusterName": "The name of your cluster.
",
+ "DeleteAccessEntryRequest$principalArn": "The ARN of the IAM principal for the AccessEntry.
",
"DeleteAddonRequest$addonName": "The name of the add-on. The name must match one of the names returned by ListAddons .
",
"DeleteClusterRequest$name": "The name of the cluster to delete.
",
"DeleteEksAnywhereSubscriptionRequest$id": "The ID of the subscription.
",
- "DeleteFargateProfileRequest$clusterName": "The name of the Amazon EKS cluster associated with the Fargate profile to delete.
",
+ "DeleteFargateProfileRequest$clusterName": "The name of your cluster.
",
"DeleteFargateProfileRequest$fargateProfileName": "The name of the Fargate profile to delete.
",
- "DeleteNodegroupRequest$clusterName": "The name of the Amazon EKS cluster that is associated with your node group.
",
+ "DeleteNodegroupRequest$clusterName": "The name of your cluster.
",
"DeleteNodegroupRequest$nodegroupName": "The name of the node group to delete.
",
"DeletePodIdentityAssociationRequest$clusterName": "The cluster name that
",
"DeletePodIdentityAssociationRequest$associationId": "The ID of the association to be deleted.
",
"DeregisterClusterRequest$name": "The name of the connected cluster to deregister.
",
- "DescribeAddonConfigurationRequest$addonName": "The name of the add-on. The name must match one of the names that DescribeAddonVersions returns.
",
+ "DescribeAccessEntryRequest$clusterName": "The name of your cluster.
",
+ "DescribeAccessEntryRequest$principalArn": "The ARN of the IAM principal for the AccessEntry.
",
+ "DescribeAddonConfigurationRequest$addonName": "The name of the add-on. The name must match one of the names returned by DescribeAddonVersions.
",
"DescribeAddonConfigurationRequest$addonVersion": "The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions .
",
"DescribeAddonConfigurationResponse$addonName": "The name of the add-on.
",
"DescribeAddonConfigurationResponse$addonVersion": "The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions .
",
- "DescribeAddonConfigurationResponse$configurationSchema": "A JSON schema that's used to validate the configuration values that you provide when an addon is created or updated.
",
+ "DescribeAddonConfigurationResponse$configurationSchema": "A JSON schema that's used to validate the configuration values you provide when an add-on is created or updated.
",
"DescribeAddonRequest$addonName": "The name of the add-on. The name must match one of the names returned by ListAddons .
",
"DescribeAddonVersionsRequest$kubernetesVersion": "The Kubernetes versions that you can use the add-on with.
",
- "DescribeAddonVersionsRequest$nextToken": "The nextToken value returned from a previous paginated DescribeAddonVersionsRequest where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "DescribeAddonVersionsRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
"DescribeAddonVersionsRequest$addonName": "The name of the add-on. The name must match one of the names returned by ListAddons .
",
"DescribeAddonVersionsResponse$nextToken": "The nextToken value to include in a future DescribeAddonVersions request. When the results of a DescribeAddonVersions request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
- "DescribeClusterRequest$name": "The name of the cluster to describe.
",
+ "DescribeClusterRequest$name": "The name of your cluster.
",
"DescribeEksAnywhereSubscriptionRequest$id": "The ID of the subscription.
",
- "DescribeFargateProfileRequest$clusterName": "The name of the Amazon EKS cluster associated with the Fargate profile.
",
+ "DescribeFargateProfileRequest$clusterName": "The name of your cluster.
",
"DescribeFargateProfileRequest$fargateProfileName": "The name of the Fargate profile to describe.
",
- "DescribeIdentityProviderConfigRequest$clusterName": "The cluster name that the identity provider configuration is associated to.
",
- "DescribeNodegroupRequest$clusterName": "The name of the Amazon EKS cluster associated with the node group.
",
+ "DescribeIdentityProviderConfigRequest$clusterName": "The name of your cluster.
",
+ "DescribeNodegroupRequest$clusterName": "The name of your cluster.
",
"DescribeNodegroupRequest$nodegroupName": "The name of the node group to describe.
",
"DescribePodIdentityAssociationRequest$clusterName": "The name of the cluster that the association is in.
",
"DescribePodIdentityAssociationRequest$associationId": "The ID of the association that you want the description of.
",
@@ -1224,7 +1421,10 @@
"DescribeUpdateRequest$updateId": "The ID of the update to describe.
",
"DescribeUpdateRequest$nodegroupName": "The name of the Amazon EKS node group associated with the update. This parameter is required if the update is a node group update.
",
"DescribeUpdateRequest$addonName": "The name of the add-on. The name must match one of the names returned by ListAddons . This parameter is required if the update is an add-on update.
",
- "DisassociateIdentityProviderConfigRequest$clusterName": "The name of the cluster to disassociate an identity provider from.
",
+ "DisassociateAccessPolicyRequest$clusterName": "The name of your cluster.
",
+ "DisassociateAccessPolicyRequest$principalArn": "The ARN of the IAM principal for the AccessEntry.
",
+ "DisassociateAccessPolicyRequest$policyArn": "The ARN of the policy to disassociate from the access entry. For a list of associated policies ARNs, use ListAssociatedAccessPolicies.
",
+ "DisassociateIdentityProviderConfigRequest$clusterName": "The name of your cluster.
",
"DisassociateIdentityProviderConfigRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"EksAnywhereSubscription$id": "UUID identifying a subscription.
",
"EksAnywhereSubscription$arn": "The Amazon Resource Name (ARN) for the subscription.
",
@@ -1232,11 +1432,11 @@
"ErrorDetail$errorMessage": "A more complete description of the error.
",
"FargateProfile$fargateProfileName": "The name of the Fargate profile.
",
"FargateProfile$fargateProfileArn": "The full Amazon Resource Name (ARN) of the Fargate profile.
",
- "FargateProfile$clusterName": "The name of the Amazon EKS cluster that the Fargate profile belongs to.
",
- "FargateProfile$podExecutionRoleArn": "The Amazon Resource Name (ARN) of the pod execution role to use for pods that match the selectors in the Fargate profile. For more information, see Pod Execution Role in the Amazon EKS User Guide.
",
+ "FargateProfile$clusterName": "The name of your cluster.
",
+ "FargateProfile$podExecutionRoleArn": "The Amazon Resource Name (ARN) of the Pod execution role to use for any Pod that matches the selectors in the Fargate profile. For more information, see Pod execution role in the Amazon EKS User Guide.
",
"FargateProfileLabel$key": null,
"FargateProfileLabel$value": null,
- "FargateProfileSelector$namespace": "The Kubernetes namespace that the selector should match.
",
+ "FargateProfileSelector$namespace": "The Kubernetes namespace that the selector should match.
",
"IdentityProviderConfig$type": "The type of the identity provider configuration. The only type available is oidc.
",
"IdentityProviderConfig$name": "The name of the identity provider configuration.
",
"IncludeClustersList$member": null,
@@ -1252,43 +1452,55 @@
"InvalidRequestException$subscriptionId": "The Amazon EKS subscription ID with the exception.
",
"InvalidRequestException$message": "The Amazon EKS add-on name associated with the exception.
",
"Issue$message": "The error message associated with the issue.
",
- "KubernetesNetworkConfigRequest$serviceIpv4Cidr": "Don't specify a value if you select ipv6 for ipFamily. The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements:
-
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
-
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
-
Between /24 and /12.
You can only specify a custom CIDR block when you create a cluster and can't change this value once the cluster is created.
",
- "KubernetesNetworkConfigResponse$serviceIpv4Cidr": "The CIDR block that Kubernetes pod and service IP addresses are assigned from. Kubernetes assigns addresses from an IPv4 CIDR block assigned to a subnet that the node is in. If you didn't specify a CIDR block when you created the cluster, then Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. If this was specified, then it was specified when the cluster was created and it can't be changed.
",
+ "KubernetesNetworkConfigRequest$serviceIpv4Cidr": "Don't specify a value if you select ipv6 for ipFamily. The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements:
-
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
-
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
-
Between /24 and /12.
You can only specify a custom CIDR block when you create a cluster. You can't change this value after the cluster is created.
",
+ "KubernetesNetworkConfigResponse$serviceIpv4Cidr": "The CIDR block that Kubernetes Pod and Service object IP addresses are assigned from. Kubernetes assigns addresses from an IPv4 CIDR block assigned to a subnet that the node is in. If you didn't specify a CIDR block when you created the cluster, then Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. If this was specified, then it was specified when the cluster was created and it can't be changed.
",
"KubernetesNetworkConfigResponse$serviceIpv6Cidr": "The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified ipv6 for ipFamily when you created the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
",
"LaunchTemplateSpecification$name": "The name of the launch template.
You must specify either the launch template name or the launch template ID in the request, but not both.
",
"LaunchTemplateSpecification$version": "The version number of the launch template to use. If no version is specified, then the template's default version is used.
",
"LaunchTemplateSpecification$id": "The ID of the launch template.
You must specify either the launch template ID or the launch template name in the request, but not both.
",
- "ListAddonsRequest$nextToken": "The nextToken value returned from a previous paginated ListAddonsRequest where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListAccessEntriesRequest$clusterName": "The name of your cluster.
",
+ "ListAccessEntriesRequest$associatedPolicyArn": "The ARN of an AccessPolicy. When you specify an access policy ARN, only the access entries associated to that access policy are returned. For a list of available policy ARNs, use ListAccessPolicies.
",
+ "ListAccessEntriesRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListAccessEntriesResponse$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListAccessPoliciesRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListAccessPoliciesResponse$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListAddonsRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
"ListAddonsResponse$nextToken": "The nextToken value to include in a future ListAddons request. When the results of a ListAddons request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
- "ListClustersRequest$nextToken": "The nextToken value returned from a previous paginated ListClusters request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
- "ListClustersResponse$nextToken": "The nextToken value to include in a future ListClusters request. When the results of a ListClusters request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "ListAssociatedAccessPoliciesRequest$clusterName": "The name of your cluster.
",
+ "ListAssociatedAccessPoliciesRequest$principalArn": "The ARN of the IAM principal for the AccessEntry.
",
+ "ListAssociatedAccessPoliciesRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListAssociatedAccessPoliciesResponse$clusterName": "The name of your cluster.
",
+ "ListAssociatedAccessPoliciesResponse$principalArn": "The ARN of the IAM principal for the AccessEntry.
",
+ "ListAssociatedAccessPoliciesResponse$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListClustersRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListClustersResponse$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
"ListEksAnywhereSubscriptionsRequest$nextToken": "The nextToken value returned from a previous paginated ListEksAnywhereSubscriptions request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
",
"ListEksAnywhereSubscriptionsResponse$nextToken": "The nextToken value to include in a future ListEksAnywhereSubscriptions request. When the results of a ListEksAnywhereSubscriptions request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
",
- "ListFargateProfilesRequest$clusterName": "The name of the Amazon EKS cluster that you would like to list Fargate profiles in.
",
- "ListFargateProfilesRequest$nextToken": "The nextToken value returned from a previous paginated ListFargateProfiles request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
",
- "ListFargateProfilesResponse$nextToken": "The nextToken value to include in a future ListFargateProfiles request. When the results of a ListFargateProfiles request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
",
- "ListIdentityProviderConfigsRequest$clusterName": "The cluster name that you want to list identity provider configurations for.
",
- "ListIdentityProviderConfigsRequest$nextToken": "The nextToken value returned from a previous paginated IdentityProviderConfigsRequest where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
",
+ "ListFargateProfilesRequest$clusterName": "The name of your cluster.
",
+ "ListFargateProfilesRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListFargateProfilesResponse$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListIdentityProviderConfigsRequest$clusterName": "The name of your cluster.
",
+ "ListIdentityProviderConfigsRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
"ListIdentityProviderConfigsResponse$nextToken": "The nextToken value to include in a future ListIdentityProviderConfigsResponse request. When the results of a ListIdentityProviderConfigsResponse request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
",
- "ListNodegroupsRequest$clusterName": "The name of the Amazon EKS cluster that you would like to list node groups in.
",
- "ListNodegroupsRequest$nextToken": "The nextToken value returned from a previous paginated ListNodegroups request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
",
- "ListNodegroupsResponse$nextToken": "The nextToken value to include in a future ListNodegroups request. When the results of a ListNodegroups request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "ListNodegroupsRequest$clusterName": "The name of your cluster.
",
+ "ListNodegroupsRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListNodegroupsResponse$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
"ListPodIdentityAssociationsRequest$clusterName": "The name of the cluster that the associations are in.
",
"ListPodIdentityAssociationsRequest$namespace": "The name of the Kubernetes namespace inside the cluster that the associations are in.
",
"ListPodIdentityAssociationsRequest$serviceAccount": "The name of the Kubernetes service account that the associations use.
",
"ListPodIdentityAssociationsRequest$nextToken": "The nextToken value returned from a previous paginated ListUpdates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
"ListPodIdentityAssociationsResponse$nextToken": "The nextToken value to include in a future ListPodIdentityAssociations request. When the results of a ListPodIdentityAssociations request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
- "ListTagsForResourceRequest$resourceArn": "The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are Amazon EKS clusters and managed node groups.
",
+ "ListTagsForResourceRequest$resourceArn": "The Amazon Resource Name (ARN) that identifies the resource to list tags for.
",
"ListUpdatesRequest$name": "The name of the Amazon EKS cluster to list updates for.
",
"ListUpdatesRequest$nodegroupName": "The name of the Amazon EKS managed node group to list updates for.
",
"ListUpdatesRequest$addonName": "The names of the installed add-ons that have available updates.
",
- "ListUpdatesRequest$nextToken": "The nextToken value returned from a previous paginated ListUpdates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.
",
- "ListUpdatesResponse$nextToken": "The nextToken value to include in a future ListUpdates request. When the results of a ListUpdates request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "ListUpdatesRequest$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
+ "ListUpdatesResponse$nextToken": "The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.
",
"MarketplaceInformation$productId": "The product ID from the Amazon Web Services Marketplace.
",
"MarketplaceInformation$productUrl": "The product URL from the Amazon Web Services Marketplace.
",
"Nodegroup$nodegroupName": "The name associated with an Amazon EKS managed node group.
",
"Nodegroup$nodegroupArn": "The Amazon Resource Name (ARN) associated with the managed node group.
",
- "Nodegroup$clusterName": "The name of the cluster that the managed node group resides in.
",
+ "Nodegroup$clusterName": "The name of your cluster.
",
"Nodegroup$version": "The Kubernetes version of the managed node group.
",
"Nodegroup$releaseVersion": "If the node group was deployed using a launch template with a custom AMI, then this is the AMI ID that was specified in the launch template. For node groups that weren't deployed using a launch template, this is the version of the Amazon EKS optimized AMI that the node group was deployed with.
",
"Nodegroup$nodeRole": "The IAM role associated with your node group. The Amazon EKS node kubelet daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies.
",
@@ -1297,7 +1509,7 @@
"OIDC$issuer": "The issuer URL for the OIDC identity provider.
",
"OidcIdentityProviderConfig$identityProviderConfigName": "The name of the configuration.
",
"OidcIdentityProviderConfig$identityProviderConfigArn": "The ARN of the configuration.
",
- "OidcIdentityProviderConfig$clusterName": "The cluster that the configuration is associated to.
",
+ "OidcIdentityProviderConfig$clusterName": "The name of your cluster.
",
"OidcIdentityProviderConfig$issuerUrl": "The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.
",
"OidcIdentityProviderConfig$clientId": "This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.
",
"OidcIdentityProviderConfig$usernameClaim": "The JSON Web token (JWT) claim that is used as the username.
",
@@ -1305,9 +1517,9 @@
"OidcIdentityProviderConfig$groupsClaim": "The JSON web token (JWT) claim that the provider uses to return your groups.
",
"OidcIdentityProviderConfig$groupsPrefix": "The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:
",
"OidcIdentityProviderConfigRequest$identityProviderConfigName": "The name of the OIDC provider configuration.
",
- "OidcIdentityProviderConfigRequest$issuerUrl": "The URL of the OpenID identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with https:// and should correspond to the iss claim in the provider's OIDC ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. This URL should point to the level below .well-known/openid-configuration and must be publicly accessible over the internet.
",
- "OidcIdentityProviderConfigRequest$clientId": "This is also known as audience. The ID for the client application that makes authentication requests to the OpenID identity provider.
",
- "OidcIdentityProviderConfigRequest$usernameClaim": "The JSON Web Token (JWT) claim to use as the username. The default is sub, which is expected to be a unique identifier of the end user. You can choose other claims, such as email or name, depending on the OpenID identity provider. Claims other than email are prefixed with the issuer URL to prevent naming clashes with other plug-ins.
",
+ "OidcIdentityProviderConfigRequest$issuerUrl": "The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with https:// and should correspond to the iss claim in the provider's OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. This URL should point to the level below .well-known/openid-configuration and must be publicly accessible over the internet.
",
+ "OidcIdentityProviderConfigRequest$clientId": "This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.
",
+ "OidcIdentityProviderConfigRequest$usernameClaim": "The JSON Web Token (JWT) claim to use as the username. The default is sub, which is expected to be a unique identifier of the end user. You can choose other claims, such as email or name, depending on the OIDC identity provider. Claims other than email are prefixed with the issuer URL to prevent naming clashes with other plug-ins.
",
"OidcIdentityProviderConfigRequest$usernamePrefix": "The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and username is a value other than email, the prefix defaults to issuerurl#. You can use the value - to disable all prefixing.
",
"OidcIdentityProviderConfigRequest$groupsClaim": "The JWT claim that the provider uses to return your groups.
",
"OidcIdentityProviderConfigRequest$groupsPrefix": "The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra.
",
@@ -1325,7 +1537,7 @@
"PodIdentityAssociationSummary$associationArn": "The Amazon Resource Name (ARN) of the association.
",
"PodIdentityAssociationSummary$associationId": "The ID of the association.
",
"Provider$keyArn": "Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric and created in the same Amazon Web Services Region as the cluster. If the KMS key was created in a different account, the IAM principal must have access to the KMS key. For more information, see Allowing users in other accounts to use a KMS key in the Key Management Service Developer Guide.
",
- "RegisterClusterRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "RegisterClusterRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"RemoteAccessConfig$ec2SshKey": "The Amazon EC2 SSH key name that provides access for SSH communication with the nodes in the managed node group. For more information, see Amazon EC2 key pairs and Linux instances in the Amazon Elastic Compute Cloud User Guide for Linux Instances. For Windows, an Amazon EC2 SSH key is used to obtain the RDP password. For more information, see Amazon EC2 key pairs and Windows instances in the Amazon Elastic Compute Cloud User Guide for Windows Instances.
",
"ResourceInUseException$clusterName": "The Amazon EKS cluster associated with the exception.
",
"ResourceInUseException$nodegroupName": "The Amazon EKS managed node group associated with the exception.
",
@@ -1349,36 +1561,40 @@
"ServerException$message": "These errors are usually caused by a server-side issue.
",
"ServiceUnavailableException$message": "The request has failed due to a temporary failure of the server.
",
"StringList$member": null,
- "TagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource to which to add tags. Currently, the supported resources are Amazon EKS clusters and managed node groups.
",
+ "TagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource to add tags to.
",
"UnsupportedAvailabilityZoneException$message": "At least one of your specified cluster subnets is in an Availability Zone that does not support Amazon EKS. The exception output specifies the supported Availability Zones for your account, from which you can choose subnets for your cluster.
",
"UnsupportedAvailabilityZoneException$clusterName": "The Amazon EKS cluster associated with the exception.
",
"UnsupportedAvailabilityZoneException$nodegroupName": "The Amazon EKS managed node group associated with the exception.
",
- "UntagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource from which to delete tags. Currently, the supported resources are Amazon EKS clusters and managed node groups.
",
+ "UntagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource to delete tags from.
",
"Update$id": "A UUID that is used to track the update.
",
+ "UpdateAccessEntryRequest$clusterName": "The name of your cluster.
",
+ "UpdateAccessEntryRequest$principalArn": "The ARN of the IAM principal for the AccessEntry.
",
+ "UpdateAccessEntryRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "UpdateAccessEntryRequest$username": "The username to authenticate to Kubernetes with. We recommend not specifying a username and letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies for you, or constraints before specifying your own username, see Creating access entries in the Amazon EKS User Guide.
",
"UpdateAddonRequest$addonName": "The name of the add-on. The name must match one of the names returned by ListAddons .
",
"UpdateAddonRequest$addonVersion": "The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions .
",
- "UpdateAddonRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
- "UpdateAddonRequest$configurationValues": "The set of configuration values for the add-on that's created. The values that you provide are validated against the schema in DescribeAddonConfiguration.
",
+ "UpdateAddonRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "UpdateAddonRequest$configurationValues": "The set of configuration values for the add-on that's created. The values that you provide are validated against the schema returned by DescribeAddonConfiguration.
",
"UpdateClusterConfigRequest$name": "The name of the Amazon EKS cluster to update.
",
- "UpdateClusterConfigRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "UpdateClusterConfigRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"UpdateClusterVersionRequest$name": "The name of the Amazon EKS cluster to update.
",
"UpdateClusterVersionRequest$version": "The desired Kubernetes version following a successful update.
",
- "UpdateClusterVersionRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "UpdateClusterVersionRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"UpdateEksAnywhereSubscriptionRequest$id": "The ID of the subscription.
",
"UpdateEksAnywhereSubscriptionRequest$clientRequestToken": "Unique, case-sensitive identifier to ensure the idempotency of the request.
",
- "UpdateNodegroupConfigRequest$clusterName": "The name of the Amazon EKS cluster that the managed node group resides in.
",
+ "UpdateNodegroupConfigRequest$clusterName": "The name of your cluster.
",
"UpdateNodegroupConfigRequest$nodegroupName": "The name of the managed node group to update.
",
- "UpdateNodegroupConfigRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
- "UpdateNodegroupVersionRequest$clusterName": "The name of the Amazon EKS cluster that is associated with the managed node group to update.
",
+ "UpdateNodegroupConfigRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "UpdateNodegroupVersionRequest$clusterName": "The name of your cluster.
",
"UpdateNodegroupVersionRequest$nodegroupName": "The name of the managed node group to update.
",
"UpdateNodegroupVersionRequest$version": "The Kubernetes version to update to. If no version is specified, then the Kubernetes version of the node group does not change. You can specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
"UpdateNodegroupVersionRequest$releaseVersion": "The AMI version of the Amazon EKS optimized AMI to use for the update. By default, the latest available AMI version for the node group's Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.
If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify releaseVersion, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
- "UpdateNodegroupVersionRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "UpdateNodegroupVersionRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"UpdateParam$value": "The value of the keys submitted as part of an update request.
",
"UpdatePodIdentityAssociationRequest$clusterName": "The name of the cluster that you want to update the association in.
",
"UpdatePodIdentityAssociationRequest$associationId": "The ID of the association to be updated.
",
"UpdatePodIdentityAssociationRequest$roleArn": "The new IAM role to change the
",
- "UpdatePodIdentityAssociationRequest$clientRequestToken": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
+ "UpdatePodIdentityAssociationRequest$clientRequestToken": "A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
",
"VpcConfigResponse$clusterSecurityGroupId": "The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
",
"VpcConfigResponse$vpcId": "The VPC associated with your cluster.
",
"labelsKeyList$member": null
@@ -1387,23 +1603,27 @@
"StringList": {
"base": null,
"refs": {
+ "AccessEntry$kubernetesGroups": "A name that you've specified in a Kubernetes RoleBinding or ClusterRoleBinding object so that Kubernetes authorizes the principalARN access to cluster objects.
",
+ "AccessScope$namespaces": "A Kubernetes namespace that an access policy is scoped to. A value is required if you specified namespace for Type.
",
"AddonIssue$resourceIds": "The resource IDs of the issue.
",
"AddonVersionInfo$architecture": "The architectures that the version supports.
",
"ClusterIssue$resourceIds": "The resource IDs that the issue relates to.
",
"Compatibility$platformVersions": "The supported compute platform.
",
- "CreateFargateProfileRequest$subnets": "The IDs of subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are accepted for this parameter.
",
- "CreateNodegroupRequest$subnets": "The subnets to use for the Auto Scaling group that is created for your node group. If you specify launchTemplate, then don't specify SubnetId in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
+ "CreateAccessEntryRequest$kubernetesGroups": "The value for name that you've specified for kind: Group as a subject in a Kubernetes RoleBinding or ClusterRoleBinding object. Amazon EKS doesn't confirm that the value for name exists in any bindings on your cluster. You can specify one or more names.
Kubernetes authorizes the principalArn of the access entry to access any cluster objects that you've specified in a Kubernetes Role or ClusterRole object that is also specified in a binding's roleRef. For more information about creating Kubernetes RoleBinding, ClusterRoleBinding, Role, or ClusterRole objects, see Using RBAC Authorization in the Kubernetes documentation.
If you want Amazon EKS to authorize the principalArn (instead of, or in addition to Kubernetes authorizing the principalArn), you can associate one or more access policies to the access entry using AssociateAccessPolicy. If you associate any access policies, the principalARN has all permissions assigned in the associated access policies and all permissions in any Kubernetes Role or ClusterRole objects that the group names are bound to.
",
+ "CreateFargateProfileRequest$subnets": "The IDs of subnets to launch a Pod into. A Pod running on Fargate isn't assigned a public IP address, so only private subnets (with no direct route to an Internet Gateway) are accepted for this parameter.
",
+ "CreateNodegroupRequest$subnets": "The subnets to use for the Auto Scaling group that is created for your node group. If you specify launchTemplate, then don't specify SubnetId in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
",
"CreateNodegroupRequest$instanceTypes": "Specify the instance types for a node group. If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the amiType parameter. If you specify launchTemplate, then you can specify zero or one instance type in your launch template or you can specify 0-20 instance types for instanceTypes. If however, you specify an instance type in your launch template and specify any instanceTypes, the node group deployment will fail. If you don't specify an instance type in a launch template or for instanceTypes, then t3.medium is used, by default. If you specify Spot for capacityType, then we recommend specifying multiple values for instanceTypes. For more information, see Managed node group capacity types and Launch template support in the Amazon EKS User Guide.
",
"DescribeAddonVersionsRequest$types": "The type of the add-on. For valid types, don't specify a value for this property.
",
"DescribeAddonVersionsRequest$publishers": "The publisher of the add-on. For valid publishers, don't specify a value for this property.
",
"DescribeAddonVersionsRequest$owners": "The owner of the add-on. For valid owners, don't specify a value for this property.
",
"EksAnywhereSubscription$licenseArns": "Amazon Web Services License Manager ARN associated with the subscription.
",
- "EncryptionConfig$resources": "Specifies the resources to be encrypted. The only supported value is \"secrets\".
",
+ "EncryptionConfig$resources": "Specifies the resources to be encrypted. The only supported value is secrets.
",
"ErrorDetail$resourceIds": "An optional field that contains the resource IDs associated with the error.
",
- "FargateProfile$subnets": "The IDs of subnets to launch pods into.
",
+ "FargateProfile$subnets": "The IDs of subnets to launch a Pod into.
",
"Issue$resourceIds": "The Amazon Web Services resources that are afflicted by this issue.
",
+ "ListAccessEntriesResponse$accessEntries": "The list of access entries that exist for the cluster.
",
"ListAddonsResponse$addons": "A list of installed add-ons.
",
- "ListClustersResponse$clusters": "A list of all of the clusters for your account in the specified Region.
",
+ "ListClustersResponse$clusters": "A list of all of the clusters for your account in the specified Amazon Web Services Region.
",
"ListFargateProfilesResponse$fargateProfileNames": "A list of all of the Fargate profiles associated with the specified cluster.
",
"ListNodegroupsResponse$nodegroups": "A list of all of the node groups associated with the specified cluster.
",
"ListUpdatesResponse$updateIds": "A list of all the updates for the specified cluster and Region.
",
@@ -1413,12 +1633,13 @@
"OutpostConfigResponse$outpostArns": "The ARN of the Outpost that you specified for use with your local Amazon EKS cluster on Outposts.
",
"RemoteAccessConfig$sourceSecurityGroups": "The security group IDs that are allowed SSH access (port 22) to the nodes. For Windows, the port is 3389. If you specify an Amazon EC2 SSH key but don't specify a source security group when you create a managed node group, then the port on the nodes is opened to the internet (0.0.0.0/0). For more information, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.
",
"UnsupportedAvailabilityZoneException$validZones": "The supported Availability Zones for your account. Choose subnets in these Availability Zones for your cluster.
",
+ "UpdateAccessEntryRequest$kubernetesGroups": "The value for name that you've specified for kind: Group as a subject in a Kubernetes RoleBinding or ClusterRoleBinding object. Amazon EKS doesn't confirm that the value for name exists in any bindings on your cluster. You can specify one or more names.
Kubernetes authorizes the principalArn of the access entry to access any cluster objects that you've specified in a Kubernetes Role or ClusterRole object that is also specified in a binding's roleRef. For more information about creating Kubernetes RoleBinding, ClusterRoleBinding, Role, or ClusterRole objects, see Using RBAC Authorization in the Kubernetes documentation.
If you want Amazon EKS to authorize the principalArn (instead of, or in addition to Kubernetes authorizing the principalArn), you can associate one or more access policies to the access entry using AssociateAccessPolicy. If you associate any access policies, the principalARN has all permissions assigned in the associated access policies and all permissions in any Kubernetes Role or ClusterRole objects that the group names are bound to.
",
"VpcConfigRequest$subnetIds": "Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
",
"VpcConfigRequest$securityGroupIds": "Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see Amazon EKS security group considerations in the Amazon EKS User Guide .
",
- "VpcConfigRequest$publicAccessCidrs": "The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
",
+ "VpcConfigRequest$publicAccessCidrs": "The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and Fargate Pod in the cluster. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
",
"VpcConfigResponse$subnetIds": "The subnets associated with your cluster.
",
"VpcConfigResponse$securityGroupIds": "The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your nodes and the Kubernetes control plane.
",
- "VpcConfigResponse$publicAccessCidrs": "The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the listed CIDR blocks is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or Fargate pods in the cluster, then ensure that the necessary CIDR blocks are listed. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
"
+ "VpcConfigResponse$publicAccessCidrs": "The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.
"
}
},
"TagKey": {
@@ -1431,30 +1652,32 @@
"TagKeyList": {
"base": null,
"refs": {
- "UntagResourceRequest$tagKeys": "The keys of the tags to be removed.
"
+ "UntagResourceRequest$tagKeys": "The keys of the tags to remove.
"
}
},
"TagMap": {
"base": "The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value. You define them.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource – 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length – 128 Unicode characters in UTF-8
-
Maximum value length – 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
",
"refs": {
- "Addon$tags": "The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Add-on tags do not propagate to any other resources associated with the cluster.
",
- "AssociateIdentityProviderConfigRequest$tags": "The metadata to apply to the configuration to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.
",
+ "AccessEntry$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "Addon$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "AssociateIdentityProviderConfigRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
"AssociateIdentityProviderConfigResponse$tags": "The tags for the resource.
",
- "Cluster$tags": "The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Cluster tags do not propagate to any other resources associated with the cluster.
",
- "CreateAddonRequest$tags": "The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.
",
- "CreateClusterRequest$tags": "The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.
",
+ "Cluster$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "CreateAccessEntryRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "CreateAddonRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "CreateClusterRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
"CreateEksAnywhereSubscriptionRequest$tags": "The metadata for a subscription to assist with categorization and organization. Each tag consists of a key and an optional value. Subscription tags don't propagate to any other resources associated with the subscription.
",
- "CreateFargateProfileRequest$tags": "The metadata to apply to the Fargate profile to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Fargate profile tags do not propagate to any other resources associated with the Fargate profile, such as the pods that are scheduled with it.
",
- "CreateNodegroupRequest$tags": "The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets.
",
- "CreatePodIdentityAssociationRequest$tags": "The metadata that you apply to a resource to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource – 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length – 128 Unicode characters in UTF-8
-
Maximum value length – 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
",
+ "CreateFargateProfileRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "CreateNodegroupRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "CreatePodIdentityAssociationRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource – 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length – 128 Unicode characters in UTF-8
-
Maximum value length – 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
",
"EksAnywhereSubscription$tags": "The metadata for a subscription to assist with categorization and organization. Each tag consists of a key and an optional value. Subscription tags do not propagate to any other resources associated with the subscription.
",
- "FargateProfile$tags": "The metadata applied to the Fargate profile to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Fargate profile tags do not propagate to any other resources associated with the Fargate profile, such as the pods that are scheduled with it.
",
+ "FargateProfile$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
"ListTagsForResourceResponse$tags": "The tags for the resource.
",
- "Nodegroup$tags": "The metadata applied to the node group to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets.
",
- "OidcIdentityProviderConfig$tags": "The metadata to apply to the provider configuration to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.
",
- "PodIdentityAssociation$tags": "The metadata that you apply to a resource to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource – 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length – 128 Unicode characters in UTF-8
-
Maximum value length – 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
",
- "RegisterClusterRequest$tags": "The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Cluster tags do not propagate to any other resources associated with the cluster.
",
- "TagResourceRequest$tags": "The tags to add to the resource. A tag is an array of key-value pairs.
"
+ "Nodegroup$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "OidcIdentityProviderConfig$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "PodIdentityAssociation$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
The following basic restrictions apply to tags:
-
Maximum number of tags per resource – 50
-
For each resource, each tag key must be unique, and each tag key can have only one value.
-
Maximum key length – 128 Unicode characters in UTF-8
-
Maximum value length – 256 Unicode characters in UTF-8
-
If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
-
Tag keys and values are case-sensitive.
-
Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
",
+ "RegisterClusterRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
",
+ "TagResourceRequest$tags": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
"
}
},
"TagResourceRequest": {
@@ -1474,7 +1697,7 @@
}
},
"Taint": {
- "base": "A property that allows a node to repel a set of pods. For more information, see Node taints on managed node groups.
",
+ "base": "A property that allows a node to repel a Pod. For more information, see Node taints on managed node groups in the Amazon EKS User Guide.
",
"refs": {
"taintsList$member": null
}
@@ -1488,19 +1711,23 @@
"Timestamp": {
"base": null,
"refs": {
- "Addon$createdAt": "The date and time that the add-on was created.
",
- "Addon$modifiedAt": "The date and time that the add-on was last modified.
",
- "Cluster$createdAt": "The Unix epoch timestamp in seconds for when the cluster was created.
",
+ "AccessEntry$createdAt": "The Unix epoch timestamp at object creation.
",
+ "AccessEntry$modifiedAt": "The Unix epoch timestamp for the last modification to the object.
",
+ "Addon$createdAt": "The Unix epoch timestamp at object creation.
",
+ "Addon$modifiedAt": "The Unix epoch timestamp for the last modification to the object.
",
+ "AssociatedAccessPolicy$associatedAt": "The date and time the AccessPolicy was associated with an AccessEntry.
",
+ "AssociatedAccessPolicy$modifiedAt": "The Unix epoch timestamp for the last modification to the object.
",
+ "Cluster$createdAt": "The Unix epoch timestamp at object creation.
",
"ConnectorConfigResponse$activationExpiry": "The expiration time of the connected cluster. The cluster's YAML file must be applied through the native provider.
",
"EksAnywhereSubscription$createdAt": "The Unix timestamp in seconds for when the subscription was created.
",
"EksAnywhereSubscription$effectiveDate": "The Unix timestamp in seconds for when the subscription is effective.
",
"EksAnywhereSubscription$expirationDate": "The Unix timestamp in seconds for when the subscription will expire or auto renew, depending on the auto renew configuration of the subscription object.
",
- "FargateProfile$createdAt": "The Unix epoch timestamp in seconds for when the Fargate profile was created.
",
- "Nodegroup$createdAt": "The Unix epoch timestamp in seconds for when the managed node group was created.
",
- "Nodegroup$modifiedAt": "The Unix epoch timestamp in seconds for when the managed node group was last modified.
",
+ "FargateProfile$createdAt": "The Unix epoch timestamp at object creation.
",
+ "Nodegroup$createdAt": "The Unix epoch timestamp at object creation.
",
+ "Nodegroup$modifiedAt": "The Unix epoch timestamp for the last modification to the object.
",
"PodIdentityAssociation$createdAt": "The timestamp that the association was created at.
",
"PodIdentityAssociation$modifiedAt": "The most recent timestamp that the association was modified at
",
- "Update$createdAt": "The Unix epoch timestamp in seconds for when the update was created.
"
+ "Update$createdAt": "The Unix epoch timestamp at object creation.
"
}
},
"UnsupportedAvailabilityZoneException": {
@@ -1532,6 +1759,22 @@
"UpdateNodegroupVersionResponse$update": null
}
},
+ "UpdateAccessConfigRequest": {
+ "base": "The access configuration information for the cluster.
",
+ "refs": {
+ "UpdateClusterConfigRequest$accessConfig": "The access configuration for the cluster.
"
+ }
+ },
+ "UpdateAccessEntryRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateAccessEntryResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"UpdateAddonRequest": {
"base": null,
"refs": {
@@ -1573,9 +1816,9 @@
}
},
"UpdateLabelsPayload": {
- "base": "An object representing a Kubernetes label change for a managed node group.
",
+ "base": "An object representing a Kubernetes label change for a managed node group.
",
"refs": {
- "UpdateNodegroupConfigRequest$labels": "The Kubernetes labels to be applied to the nodes in the node group after the update.
"
+ "UpdateNodegroupConfigRequest$labels": "The Kubernetes labels to apply to the nodes in the node group after the update.
"
}
},
"UpdateNodegroupConfigRequest": {
@@ -1633,7 +1876,7 @@
}
},
"UpdateTaintsPayload": {
- "base": "An object representing the details of an update to a taints payload. For more information, see Node taints on managed node groups.
",
+ "base": "An object representing the details of an update to a taints payload. For more information, see Node taints on managed node groups in the Amazon EKS User Guide.
",
"refs": {
"UpdateNodegroupConfigRequest$taints": "The Kubernetes taints to be applied to the nodes in the node group after the update. For more information, see Node taints on managed node groups.
"
}
@@ -1654,14 +1897,14 @@
"VpcConfigResponse": {
"base": "An object representing an Amazon EKS cluster VPC configuration response.
",
"refs": {
- "Cluster$resourcesVpcConfig": "The VPC configuration used by the cluster control plane. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide.
"
+ "Cluster$resourcesVpcConfig": "The VPC configuration used by the cluster control plane. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC considerations and Cluster security group considerations in the Amazon EKS User Guide.
"
}
},
"ZeroCapacity": {
"base": null,
"refs": {
"NodegroupScalingConfig$minSize": "The minimum number of nodes that the managed node group can scale in to.
",
- "NodegroupScalingConfig$desiredSize": "The current number of nodes that the managed node group should maintain.
If you use Cluster Autoscaler, you shouldn't change the desiredSize value directly, as this can cause the Cluster Autoscaler to suddenly scale up or scale down.
Whenever this parameter changes, the number of worker nodes in the node group is updated to the specified size. If this parameter is given a value that is smaller than the current number of running worker nodes, the necessary number of worker nodes are terminated to match the given value. When using CloudFormation, no action occurs if you remove this parameter from your CFN template.
This parameter can be different from minSize in some cases, such as when starting with extra hosts for testing. This parameter can also be different when you want to start with an estimated number of needed hosts, but let Cluster Autoscaler reduce the number if there are too many. When Cluster Autoscaler is used, the desiredSize parameter is altered by Cluster Autoscaler (but can be out-of-date for short periods of time). Cluster Autoscaler doesn't scale a managed node group lower than minSize or higher than maxSize.
"
+ "NodegroupScalingConfig$desiredSize": "The current number of nodes that the managed node group should maintain.
If you use the Kubernetes Cluster Autoscaler, you shouldn't change the desiredSize value directly, as this can cause the Cluster Autoscaler to suddenly scale up or scale down.
Whenever this parameter changes, the number of worker nodes in the node group is updated to the specified size. If this parameter is given a value that is smaller than the current number of running worker nodes, the necessary number of worker nodes are terminated to match the given value. When using CloudFormation, no action occurs if you remove this parameter from your CFN template.
This parameter can be different from minSize in some cases, such as when starting with extra hosts for testing. This parameter can also be different when you want to start with an estimated number of needed hosts, but let the Cluster Autoscaler reduce the number if there are too many. When the Cluster Autoscaler is used, the desiredSize parameter is altered by the Cluster Autoscaler (but can be out-of-date for short periods of time). the Cluster Autoscaler doesn't scale a managed node group lower than minSize or higher than maxSize.
"
}
},
"configStatus": {
@@ -1685,15 +1928,15 @@
"labelsKeyList": {
"base": null,
"refs": {
- "UpdateLabelsPayload$removeLabels": "Kubernetes labels to be removed.
"
+ "UpdateLabelsPayload$removeLabels": "The Kubernetes labels to remove.
"
}
},
"labelsMap": {
"base": null,
"refs": {
- "CreateNodegroupRequest$labels": "The Kubernetes labels to be applied to the nodes in the node group when they are created.
",
- "Nodegroup$labels": "The Kubernetes labels applied to the nodes in the node group.
Only labels that are applied with the Amazon EKS API are shown here. There may be other Kubernetes labels applied to the nodes in this group.
",
- "UpdateLabelsPayload$addOrUpdateLabels": "Kubernetes labels to be added or updated.
"
+ "CreateNodegroupRequest$labels": "The Kubernetes labels to apply to the nodes in the node group when they are created.
",
+ "Nodegroup$labels": "The Kubernetes labels applied to the nodes in the node group.
Only labels that are applied with the Amazon EKS API are shown here. There may be other Kubernetes labels applied to the nodes in this group.
",
+ "UpdateLabelsPayload$addOrUpdateLabels": "The Kubernetes labels to add or update.
"
}
},
"requiredClaimsKey": {
diff --git a/models/apis/eks/2017-11-01/paginators-1.json b/models/apis/eks/2017-11-01/paginators-1.json
index fd4610d9af6..9dfd7e4edde 100644
--- a/models/apis/eks/2017-11-01/paginators-1.json
+++ b/models/apis/eks/2017-11-01/paginators-1.json
@@ -6,12 +6,34 @@
"output_token": "nextToken",
"result_key": "addons"
},
+ "ListAccessEntries": {
+ "input_token": "nextToken",
+ "limit_key": "maxResults",
+ "output_token": "nextToken",
+ "result_key": "accessEntries"
+ },
+ "ListAccessPolicies": {
+ "input_token": "nextToken",
+ "limit_key": "maxResults",
+ "output_token": "nextToken",
+ "result_key": "accessPolicies"
+ },
"ListAddons": {
"input_token": "nextToken",
"limit_key": "maxResults",
"output_token": "nextToken",
"result_key": "addons"
},
+ "ListAssociatedAccessPolicies": {
+ "input_token": "nextToken",
+ "limit_key": "maxResults",
+ "non_aggregate_keys": [
+ "clusterName",
+ "principalArn"
+ ],
+ "output_token": "nextToken",
+ "result_key": "associatedAccessPolicies"
+ },
"ListClusters": {
"input_token": "nextToken",
"limit_key": "maxResults",
diff --git a/models/apis/quicksight/2018-04-01/docs-2.json b/models/apis/quicksight/2018-04-01/docs-2.json
index 5fc0da9502c..519519fd335 100644
--- a/models/apis/quicksight/2018-04-01/docs-2.json
+++ b/models/apis/quicksight/2018-04-01/docs-2.json
@@ -11,7 +11,7 @@
"CreateDataSource": "Creates a data source.
",
"CreateFolder": "Creates an empty shared folder.
",
"CreateFolderMembership": "Adds an asset, such as a dashboard, analysis, or dataset into a folder.
",
- "CreateGroup": "Use the CreateGroup operation to create a group in Amazon QuickSight. You can create up to 10,000 groups in a namespace. If you want to create more than 10,000 groups in a namespace, contact AWS Support.
The permissions resource is arn:aws:quicksight:<your-region>:<relevant-aws-account-id>:group/default/<group-name> .
The response is a group object.
",
+ "CreateGroup": "Use the CreateGroup operation to create a group in Amazon QuickSight. You can create up to 10,000 groups in a namespace. If you want to create more than 10,000 groups in a namespace, contact Amazon Web Services Support.
The permissions resource is arn:aws:quicksight:<your-region>:<relevant-aws-account-id>:group/default/<group-name> .
The response is a group object.
",
"CreateGroupMembership": "Adds an Amazon QuickSight user to an Amazon QuickSight group.
",
"CreateIAMPolicyAssignment": "Creates an assignment with one specified IAM policy, identified by its Amazon Resource Name (ARN). This policy assignment is attached to the specified groups or users of Amazon QuickSight. Assignment names are unique per Amazon Web Services account. To avoid overwriting rules in other namespaces, use assignment names that are unique.
",
"CreateIngestion": "Creates and starts a new SPICE ingestion for a dataset. You can manually refresh datasets in an Enterprise edition account 32 times in a 24-hour period. You can manually refresh datasets in a Standard edition account 8 times in a 24-hour period. Each 24-hour period is measured starting 24 hours before the current date and time.
Any ingestions operating on tagged datasets inherit the same tags automatically for use in access control. For an example, see How do I create an IAM policy to control access to Amazon EC2 resources using tags? in the Amazon Web Services Knowledge Center. Tags are visible on the tagged dataset, but not on the ingestion resource.
",
diff --git a/models/apis/route53resolver/2018-04-01/api-2.json b/models/apis/route53resolver/2018-04-01/api-2.json
index 880b958cbd4..e6af36e03c5 100644
--- a/models/apis/route53resolver/2018-04-01/api-2.json
+++ b/models/apis/route53resolver/2018-04-01/api-2.json
@@ -166,6 +166,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidRequestException"},
{"shape":"ResourceExistsException"},
+ {"shape":"AccessDeniedException"},
{"shape":"LimitExceededException"},
{"shape":"InternalServiceErrorException"},
{"shape":"ThrottlingException"}
@@ -206,6 +207,7 @@
{"shape":"ResourceExistsException"},
{"shape":"ResourceUnavailableException"},
{"shape":"InternalServiceErrorException"},
+ {"shape":"AccessDeniedException"},
{"shape":"ThrottlingException"}
]
},
@@ -1120,6 +1122,7 @@
{"shape":"ResourceNotFoundException"},
{"shape":"InvalidParameterException"},
{"shape":"InvalidRequestException"},
+ {"shape":"AccessDeniedException"},
{"shape":"InternalServiceErrorException"},
{"shape":"ThrottlingException"}
]
@@ -1139,7 +1142,8 @@
{"shape":"ResourceUnavailableException"},
{"shape":"LimitExceededException"},
{"shape":"InternalServiceErrorException"},
- {"shape":"ThrottlingException"}
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
]
}
},
@@ -1432,6 +1436,14 @@
},
"Direction":{"shape":"ResolverEndpointDirection"},
"IpAddresses":{"shape":"IpAddressesRequest"},
+ "OutpostArn":{
+ "shape":"OutpostArn",
+ "box":true
+ },
+ "PreferredInstanceType":{
+ "shape":"OutpostInstanceType",
+ "box":true
+ },
"Tags":{
"shape":"TagList",
"box":true
@@ -1440,12 +1452,8 @@
"shape":"ResolverEndpointType",
"box":true
},
- "OutpostArn":{
- "shape":"OutpostArn",
- "box":true
- },
- "PreferredInstanceType":{
- "shape":"OutpostInstanceType",
+ "Protocols":{
+ "shape":"ProtocolList",
"box":true
}
}
@@ -1486,14 +1494,16 @@
"type":"structure",
"required":[
"CreatorRequestId",
- "RuleType",
- "DomainName"
+ "RuleType"
],
"members":{
"CreatorRequestId":{"shape":"CreatorRequestId"},
"Name":{"shape":"Name"},
"RuleType":{"shape":"RuleTypeOption"},
- "DomainName":{"shape":"DomainName"},
+ "DomainName":{
+ "shape":"DomainName",
+ "box":true
+ },
"TargetIps":{
"shape":"TargetList",
"box":true
@@ -2232,7 +2242,7 @@
"type":"list",
"member":{"shape":"IpAddressRequest"},
"max":20,
- "min":1
+ "min":2
},
"IpAddressesResponse":{
"type":"list",
@@ -2725,6 +2735,20 @@
"min":0
},
"Priority":{"type":"integer"},
+ "Protocol":{
+ "type":"string",
+ "enum":[
+ "DoH",
+ "Do53",
+ "DoH-FIPS"
+ ]
+ },
+ "ProtocolList":{
+ "type":"list",
+ "member":{"shape":"Protocol"},
+ "max":2,
+ "min":1
+ },
"PutFirewallRuleGroupPolicyRequest":{
"type":"structure",
"required":[
@@ -2839,9 +2863,10 @@
"StatusMessage":{"shape":"StatusMessage"},
"CreationTime":{"shape":"Rfc3339TimeString"},
"ModificationTime":{"shape":"Rfc3339TimeString"},
- "ResolverEndpointType":{"shape":"ResolverEndpointType"},
"OutpostArn":{"shape":"OutpostArn"},
- "PreferredInstanceType":{"shape":"OutpostInstanceType"}
+ "PreferredInstanceType":{"shape":"OutpostInstanceType"},
+ "ResolverEndpointType":{"shape":"ResolverEndpointType"},
+ "Protocols":{"shape":"ProtocolList"}
}
},
"ResolverEndpointDirection":{
@@ -3174,6 +3199,10 @@
"Ipv6":{
"shape":"Ipv6",
"box":true
+ },
+ "Protocol":{
+ "shape":"Protocol",
+ "box":true
}
}
},
@@ -3414,6 +3443,10 @@
"UpdateIpAddresses":{
"shape":"UpdateIpAddresses",
"box":true
+ },
+ "Protocols":{
+ "shape":"ProtocolList",
+ "box":true
}
}
},
diff --git a/models/apis/route53resolver/2018-04-01/docs-2.json b/models/apis/route53resolver/2018-04-01/docs-2.json
index f0f058bfc37..5cdb1e61282 100644
--- a/models/apis/route53resolver/2018-04-01/docs-2.json
+++ b/models/apis/route53resolver/2018-04-01/docs-2.json
@@ -9,7 +9,7 @@
"CreateFirewallDomainList": "Creates an empty firewall domain list for use in DNS Firewall rules. You can populate the domains for the new list with a file, using ImportFirewallDomains, or with domain strings, using UpdateFirewallDomains.
",
"CreateFirewallRule": "Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.
",
"CreateFirewallRuleGroup": "Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC. You can add rules to the new rule group by calling CreateFirewallRule.
",
- "CreateOutpostResolver": "Creates an Route 53 Resolver on an Outpost.
",
+ "CreateOutpostResolver": "Creates a Route 53 Resolver on an Outpost.
",
"CreateResolverEndpoint": "Creates a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound:
",
"CreateResolverQueryLogConfig": "Creates a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs. Resolver can log queries only for VPCs that are in the same Region as the query logging configuration.
To specify which VPCs you want to log queries for, you use AssociateResolverQueryLogConfig. For more information, see AssociateResolverQueryLogConfig.
You can optionally use Resource Access Manager (RAM) to share a query logging configuration with other Amazon Web Services accounts. The other accounts can then associate VPCs with the configuration. The query logs that Resolver creates for a configuration include all DNS queries that originate in all VPCs that are associated with the configuration.
",
"CreateResolverRule": "For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network.
",
@@ -68,7 +68,7 @@
"UpdateOutpostResolver": "You can use UpdateOutpostResolver to update the instance count, type, or name of a Resolver on an Outpost.
",
"UpdateResolverConfig": "Updates the behavior configuration of Route 53 Resolver behavior for a single VPC from Amazon Virtual Private Cloud.
",
"UpdateResolverDnssecConfig": "Updates an existing DNSSEC validation configuration. If there is no existing DNSSEC validation configuration, one is created.
",
- "UpdateResolverEndpoint": "Updates the name, or enpoint type for an inbound or an outbound Resolver endpoint. You can only update between IPV4 and DUALSTACK, IPV6 endpoint type can't be updated to other type.
",
+ "UpdateResolverEndpoint": "Updates the name, or endpoint type for an inbound or an outbound Resolver endpoint. You can only update between IPV4 and DUALSTACK, IPV6 endpoint type can't be updated to other type.
",
"UpdateResolverRule": "Updates settings for a specified Resolver rule. ResolverRuleId is required, and all other parameters are optional. If you don't specify a parameter, it retains its current value.
"
},
"shapes": {
@@ -881,7 +881,7 @@
"IpAddressesRequest": {
"base": null,
"refs": {
- "CreateResolverEndpointRequest$IpAddresses": "The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.
"
+ "CreateResolverEndpointRequest$IpAddresses": "The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.
Even though the minimum is 1, Route 53 requires that you create at least two.
"
}
},
"IpAddressesResponse": {
@@ -1252,6 +1252,21 @@
"UpdateFirewallRuleRequest$Priority": "The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time.
"
}
},
+ "Protocol": {
+ "base": null,
+ "refs": {
+ "ProtocolList$member": null,
+ "TargetAddress$Protocol": " The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.
For an inbound endpoint you can apply the protocols as follows:
-
Do53 and DoH in combination.
-
Do53 and DoH-FIPS in combination.
-
Do53 alone.
-
DoH alone.
-
DoH-FIPS alone.
-
None, which is treated as Do53.
For an outbound endpoint you can apply the protocols as follows:
"
+ }
+ },
+ "ProtocolList": {
+ "base": null,
+ "refs": {
+ "CreateResolverEndpointRequest$Protocols": " The protocols you want to use for the endpoint. DoH-FIPS is applicable for inbound endpoints only.
For an inbound endpoint you can apply the protocols as follows:
-
Do53 and DoH in combination.
-
Do53 and DoH-FIPS in combination.
-
Do53 alone.
-
DoH alone.
-
DoH-FIPS alone.
-
None, which is treated as Do53.
For an outbound endpoint you can apply the protocols as follows:
",
+ "ResolverEndpoint$Protocols": " Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.
For an inbound endpoint you can apply the protocols as follows:
-
Do53 and DoH in combination.
-
Do53 and DoH-FIPS in combination.
-
Do53 alone.
-
DoH alone.
-
DoH-FIPS alone.
-
None, which is treated as Do53.
For an outbound endpoint you can apply the protocols as follows:
",
+ "UpdateResolverEndpointRequest$Protocols": " The protocols you want to use for the endpoint. DoH-FIPS is applicable for inbound endpoints only.
For an inbound endpoint you can apply the protocols as follows:
-
Do53 and DoH in combination.
-
Do53 and DoH-FIPS in combination.
-
Do53 alone.
-
DoH alone.
-
DoH-FIPS alone.
-
None, which is treated as Do53.
For an outbound endpoint you can apply the protocols as follows:
You can't change the protocol of an inbound endpoint directly from only Do53 to only DoH, or DoH-FIPS. This is to prevent a sudden disruption to incoming traffic that relies on Do53. To change the protocol from Do53 to DoH, or DoH-FIPS, you must first enable both Do53 and DoH, or Do53 and DoH-FIPS, to make sure that all incoming traffic has transferred to using the DoH protocol, or DoH-FIPS, and then remove the Do53.
"
+ }
+ },
"PutFirewallRuleGroupPolicyRequest": {
"base": null,
"refs": {
@@ -1319,7 +1334,7 @@
"ResolverDnssecConfigList": {
"base": null,
"refs": {
- "ListResolverDnssecConfigsResponse$ResolverDnssecConfigs": "An array that contains one ResolverDnssecConfig element for each configuration for DNSSEC validation that is associated with the current Amazon Web Services account.
"
+ "ListResolverDnssecConfigsResponse$ResolverDnssecConfigs": "An array that contains one ResolverDnssecConfig element for each configuration for DNSSEC validation that is associated with the current Amazon Web Services account. It doesn't contain disabled DNSSEC configurations for the resource.
"
}
},
"ResolverEndpoint": {
@@ -1908,7 +1923,7 @@
}
},
"ValidationException": {
- "base": "You have provided an invalid command. Supported values are ADD, REMOVE, or REPLACE a domain.
",
+ "base": "You have provided an invalid command. If you ran the UpdateFirewallDomains request. supported values are ADD, REMOVE, or REPLACE a domain.
",
"refs": {
}
}
diff --git a/models/apis/route53resolver/2018-04-01/endpoint-rule-set-1.json b/models/apis/route53resolver/2018-04-01/endpoint-rule-set-1.json
index 55379714836..f86daee8a3e 100644
--- a/models/apis/route53resolver/2018-04-01/endpoint-rule-set-1.json
+++ b/models/apis/route53resolver/2018-04-01/endpoint-rule-set-1.json
@@ -40,7 +40,6 @@
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
@@ -58,293 +57,296 @@
"type": "error"
},
{
- "conditions": [],
- "type": "tree",
- "rules": [
+ "conditions": [
{
- "conditions": [
+ "fn": "booleanEquals",
+ "argv": [
{
- "fn": "booleanEquals",
- "argv": [
- {
- "ref": "UseDualStack"
- },
- true
- ]
- }
- ],
- "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
- "type": "error"
- },
- {
- "conditions": [],
- "endpoint": {
- "url": {
- "ref": "Endpoint"
+ "ref": "UseDualStack"
},
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
+ true
+ ]
}
- ]
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
},
{
- "conditions": [],
- "type": "tree",
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ]
+ }
+ ],
"rules": [
{
"conditions": [
{
- "fn": "isSet",
+ "fn": "aws.partition",
"argv": [
{
"ref": "Region"
}
- ]
+ ],
+ "assign": "PartitionResult"
}
],
- "type": "tree",
"rules": [
{
"conditions": [
{
- "fn": "aws.partition",
+ "fn": "booleanEquals",
"argv": [
{
- "ref": "Region"
- }
- ],
- "assign": "PartitionResult"
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
{
"fn": "booleanEquals",
"argv": [
+ true,
{
- "ref": "UseFIPS"
- },
- true
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
]
},
{
"fn": "booleanEquals",
"argv": [
+ true,
{
- "ref": "UseDualStack"
- },
- true
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [
- {
- "fn": "booleanEquals",
+ "fn": "getAttr",
"argv": [
- true,
{
- "fn": "getAttr",
- "argv": [
- {
- "ref": "PartitionResult"
- },
- "supportsFIPS"
- ]
- }
- ]
- },
- {
- "fn": "booleanEquals",
- "argv": [
- true,
- {
- "fn": "getAttr",
- "argv": [
- {
- "ref": "PartitionResult"
- },
- "supportsDualStack"
- ]
- }
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [],
- "type": "tree",
- "rules": [
- {
- "conditions": [],
- "endpoint": {
- "url": "https://route53resolver-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
- }
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
]
}
]
- },
+ }
+ ],
+ "rules": [
{
"conditions": [],
- "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
- "type": "error"
+ "endpoint": {
+ "url": "https://route53resolver-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
},
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "rules": [
{
"conditions": [
{
"fn": "booleanEquals",
"argv": [
{
- "ref": "UseFIPS"
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
},
true
]
}
],
- "type": "tree",
"rules": [
{
"conditions": [
{
- "fn": "booleanEquals",
+ "fn": "stringEquals",
"argv": [
- true,
{
- "fn": "getAttr",
- "argv": [
- {
- "ref": "PartitionResult"
- },
- "supportsFIPS"
- ]
- }
+ "ref": "Region"
+ },
+ "us-gov-east-1"
]
}
],
- "type": "tree",
- "rules": [
+ "endpoint": {
+ "url": "https://route53resolver.us-gov-east-1.amazonaws.com",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ },
+ {
+ "conditions": [
{
- "conditions": [],
- "type": "tree",
- "rules": [
+ "fn": "stringEquals",
+ "argv": [
{
- "conditions": [],
- "endpoint": {
- "url": "https://route53resolver-fips.{Region}.{PartitionResult#dnsSuffix}",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
- }
+ "ref": "Region"
+ },
+ "us-gov-west-1"
]
}
- ]
+ ],
+ "endpoint": {
+ "url": "https://route53resolver.us-gov-west-1.amazonaws.com",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
},
{
"conditions": [],
- "error": "FIPS is enabled but this partition does not support FIPS",
- "type": "error"
+ "endpoint": {
+ "url": "https://route53resolver-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
},
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "rules": [
{
"conditions": [
{
"fn": "booleanEquals",
"argv": [
+ true,
{
- "ref": "UseDualStack"
- },
- true
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [
- {
- "fn": "booleanEquals",
+ "fn": "getAttr",
"argv": [
- true,
{
- "fn": "getAttr",
- "argv": [
- {
- "ref": "PartitionResult"
- },
- "supportsDualStack"
- ]
- }
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [],
- "type": "tree",
- "rules": [
- {
- "conditions": [],
- "endpoint": {
- "url": "https://route53resolver.{Region}.{PartitionResult#dualStackDnsSuffix}",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
- }
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
]
}
]
- },
- {
- "conditions": [],
- "error": "DualStack is enabled but this partition does not support DualStack",
- "type": "error"
}
- ]
- },
- {
- "conditions": [],
- "type": "tree",
+ ],
"rules": [
{
"conditions": [],
"endpoint": {
- "url": "https://route53resolver.{Region}.{PartitionResult#dnsSuffix}",
+ "url": "https://route53resolver.{Region}.{PartitionResult#dualStackDnsSuffix}",
"properties": {},
"headers": {}
},
"type": "endpoint"
}
- ]
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
}
- ]
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://route53resolver.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
}
- ]
- },
- {
- "conditions": [],
- "error": "Invalid Configuration: Missing Region",
- "type": "error"
+ ],
+ "type": "tree"
}
- ]
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "error": "Invalid Configuration: Missing Region",
+ "type": "error"
}
]
}
\ No newline at end of file
diff --git a/models/apis/route53resolver/2018-04-01/endpoint-tests-1.json b/models/apis/route53resolver/2018-04-01/endpoint-tests-1.json
index 4b0253c80e8..d8c59410ea6 100644
--- a/models/apis/route53resolver/2018-04-01/endpoint-tests-1.json
+++ b/models/apis/route53resolver/2018-04-01/endpoint-tests-1.json
@@ -403,6 +403,19 @@
"UseDualStack": false
}
},
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://route53resolver.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "Region": "us-gov-east-1",
+ "UseFIPS": true,
+ "UseDualStack": false
+ }
+ },
{
"documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled",
"expect": {
@@ -417,29 +430,29 @@
}
},
{
- "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://route53resolver-fips.us-gov-east-1.api.aws"
+ "url": "https://route53resolver.us-gov-west-1.amazonaws.com"
}
},
"params": {
- "Region": "us-gov-east-1",
+ "Region": "us-gov-west-1",
"UseFIPS": true,
- "UseDualStack": true
+ "UseDualStack": false
}
},
{
- "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
"expect": {
"endpoint": {
- "url": "https://route53resolver-fips.us-gov-east-1.amazonaws.com"
+ "url": "https://route53resolver-fips.us-gov-east-1.api.aws"
}
},
"params": {
"Region": "us-gov-east-1",
"UseFIPS": true,
- "UseDualStack": false
+ "UseDualStack": true
}
},
{
diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json
index 7346f141fc0..5760477aa84 100644
--- a/models/endpoints/endpoints.json
+++ b/models/endpoints/endpoints.json
@@ -2993,6 +2993,7 @@
"ap-northeast-2" : { },
"ap-northeast-3" : { },
"ap-south-1" : { },
+ "ap-south-2" : { },
"ap-southeast-1" : { },
"ap-southeast-2" : { },
"ap-southeast-3" : { },
@@ -5081,6 +5082,7 @@
"eu-west-1" : { },
"eu-west-2" : { },
"eu-west-3" : { },
+ "il-central-1" : { },
"me-central-1" : { },
"me-south-1" : { },
"sa-east-1" : { },
@@ -8571,6 +8573,7 @@
"eu-west-2" : { },
"eu-west-3" : { },
"il-central-1" : { },
+ "me-central-1" : { },
"me-south-1" : { },
"sa-east-1" : { },
"us-east-1" : { },
@@ -26385,11 +26388,40 @@
"signatureVersions" : [ "s3v4" ]
},
"endpoints" : {
+ "fips-us-iso-east-1" : {
+ "credentialScope" : {
+ "region" : "us-iso-east-1"
+ },
+ "deprecated" : true,
+ "hostname" : "s3-fips.us-iso-east-1.c2s.ic.gov"
+ },
+ "fips-us-iso-west-1" : {
+ "credentialScope" : {
+ "region" : "us-iso-west-1"
+ },
+ "deprecated" : true,
+ "hostname" : "s3-fips.us-iso-west-1.c2s.ic.gov"
+ },
"us-iso-east-1" : {
"protocols" : [ "http", "https" ],
- "signatureVersions" : [ "s3v4" ]
+ "signatureVersions" : [ "s3v4" ],
+ "variants" : [ {
+ "hostname" : "s3-fips.dualstack.us-iso-east-1.c2s.ic.gov",
+ "tags" : [ "dualstack", "fips" ]
+ }, {
+ "hostname" : "s3-fips.us-iso-east-1.c2s.ic.gov",
+ "tags" : [ "fips" ]
+ } ]
},
- "us-iso-west-1" : { }
+ "us-iso-west-1" : {
+ "variants" : [ {
+ "hostname" : "s3-fips.dualstack.us-iso-west-1.c2s.ic.gov",
+ "tags" : [ "dualstack", "fips" ]
+ }, {
+ "hostname" : "s3-fips.us-iso-west-1.c2s.ic.gov",
+ "tags" : [ "fips" ]
+ } ]
+ }
}
},
"secretsmanager" : {
@@ -26946,7 +26978,22 @@
"signatureVersions" : [ "s3v4" ]
},
"endpoints" : {
- "us-isob-east-1" : { }
+ "fips-us-isob-east-1" : {
+ "credentialScope" : {
+ "region" : "us-isob-east-1"
+ },
+ "deprecated" : true,
+ "hostname" : "s3-fips.us-isob-east-1.sc2s.sgov.gov"
+ },
+ "us-isob-east-1" : {
+ "variants" : [ {
+ "hostname" : "s3-fips.dualstack.us-isob-east-1.sc2s.sgov.gov",
+ "tags" : [ "dualstack", "fips" ]
+ }, {
+ "hostname" : "s3-fips.us-isob-east-1.sc2s.sgov.gov",
+ "tags" : [ "fips" ]
+ } ]
+ }
}
},
"secretsmanager" : {
diff --git a/service/cognitoidentityprovider/api.go b/service/cognitoidentityprovider/api.go
index f645366c62c..d528adad943 100644
--- a/service/cognitoidentityprovider/api.go
+++ b/service/cognitoidentityprovider/api.go
@@ -168,7 +168,9 @@ func (c *CognitoIdentityProvider) AdminAddUserToGroupRequest(input *AdminAddUser
// AdminAddUserToGroup API operation for Amazon Cognito Identity Provider.
//
-// Adds the specified user to the specified group.
+// Adds a user to a group. A user who is in a group can present a preferred-role
+// claim to an identity pool, and populates a cognito:groups claim to their
+// access and identity tokens.
//
// Amazon Cognito evaluates Identity and Access Management (IAM) policies in
// requests for this API operation. For this operation, you must use IAM credentials
@@ -277,8 +279,18 @@ func (c *CognitoIdentityProvider) AdminConfirmSignUpRequest(input *AdminConfirmS
// AdminConfirmSignUp API operation for Amazon Cognito Identity Provider.
//
-// Confirms user registration as an admin without using a confirmation code.
-// Works on any user.
+// This IAM-authenticated API operation provides a code that Amazon Cognito
+// sent to your user when they signed up in your user pool. After your user
+// enters their code, they confirm ownership of the email address or phone number
+// that they provided, and their user account becomes active. Depending on your
+// user pool configuration, your users will receive their confirmation code
+// in an email or SMS message.
+//
+// Local users who signed up in your user pool are the only type of user who
+// can confirm sign-up with a code. Users who federate through an external identity
+// provider (IdP) have already been confirmed by their IdP. Administrator-created
+// users confirm their accounts when they respond to their invitation email
+// message and choose a password.
//
// Amazon Cognito evaluates Identity and Access Management (IAM) policies in
// requests for this API operation. For this operation, you must use IAM credentials
@@ -1905,7 +1917,7 @@ func (c *CognitoIdentityProvider) AdminListGroupsForUserRequest(input *AdminList
// AdminListGroupsForUser API operation for Amazon Cognito Identity Provider.
//
-// Lists the groups that the user belongs to.
+// Lists the groups that a user belongs to.
//
// Amazon Cognito evaluates Identity and Access Management (IAM) policies in
// requests for this API operation. For this operation, you must use IAM credentials
@@ -2509,7 +2521,15 @@ func (c *CognitoIdentityProvider) AdminRespondToAuthChallengeRequest(input *Admi
// AdminRespondToAuthChallenge API operation for Amazon Cognito Identity Provider.
//
-// Responds to an authentication challenge, as an administrator.
+// Some API operations in a user pool generate a challenge, like a prompt for
+// an MFA code, for device authentication that bypasses MFA, or for a custom
+// authentication challenge. An AdminRespondToAuthChallenge API request provides
+// the answer to that challenge, like a code or a secure remote password (SRP).
+// The parameters of a response to an authentication challenge vary with the
+// type of challenge.
+//
+// For more information about custom authentication challenges, see Custom authentication
+// challenge Lambda triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html).
//
// This action might generate an SMS text message. Starting June 1, 2021, US
// telecom carriers require you to register an origination phone number before
@@ -3444,15 +3464,26 @@ func (c *CognitoIdentityProvider) AdminUserGlobalSignOutRequest(input *AdminUser
// AdminUserGlobalSignOut API operation for Amazon Cognito Identity Provider.
//
-// Signs out a user from all devices. AdminUserGlobalSignOut invalidates all
-// identity, access and refresh tokens that Amazon Cognito has issued to a user.
-// A user can still use a hosted UI cookie to retrieve new tokens for the duration
-// of the 1-hour cookie validity period.
+// Invalidates the identity, access, and refresh tokens that Amazon Cognito
+// issued to a user. Call this operation with your administrative credentials
+// when your user signs out of your app. This results in the following behavior.
+//
+// - Amazon Cognito no longer accepts token-authorized user operations that
+// you authorize with a signed-out user's access tokens. For more information,
+// see Using the Amazon Cognito user pools API and user pool endpoints (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html).
+// Amazon Cognito returns an Access Token has been revoked error when your
+// app attempts to authorize a user pools API request with a revoked access
+// token that contains the scope aws.cognito.signin.user.admin.
+//
+// - Amazon Cognito no longer accepts a signed-out user's ID token in a GetId
+// (https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html)
+// request to an identity pool with ServerSideTokenCheck enabled for its
+// user pool IdP configuration in CognitoIdentityProvider (https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_CognitoIdentityProvider.html).
//
-// Your app isn't aware that a user's access token is revoked unless it attempts
-// to authorize a user pools API request with an access token that contains
-// the scope aws.cognito.signin.user.admin. Your app might otherwise accept
-// access tokens until they expire.
+// - Amazon Cognito no longer accepts a signed-out user's refresh tokens
+// in refresh requests.
+//
+// Other requests might be valid until your user's token expires.
//
// Amazon Cognito evaluates Identity and Access Management (IAM) policies in
// requests for this API operation. For this operation, you must use IAM credentials
@@ -4079,7 +4110,20 @@ func (c *CognitoIdentityProvider) ConfirmSignUpRequest(input *ConfirmSignUpInput
// ConfirmSignUp API operation for Amazon Cognito Identity Provider.
//
-// Confirms registration of a new user.
+// This public API operation provides a code that Amazon Cognito sent to your
+// user when they signed up in your user pool via the SignUp (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html)
+// API operation. After your user enters their code, they confirm ownership
+// of the email address or phone number that they provided, and their user account
+// becomes active. Depending on your user pool configuration, your users will
+// receive their confirmation code in an email or SMS message.
+//
+// Local users who signed up in your user pool are the only type of user who
+// can confirm sign-up with a code. Users who federate through an external identity
+// provider (IdP) have already been confirmed by their IdP. Administrator-created
+// users, users created with the AdminCreateUser (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html)
+// API operation, confirm their accounts when they respond to their invitation
+// email message and choose a password. They do not receive a confirmation code.
+// Instead, they receive a temporary password.
//
// Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies
// in requests for this API operation. For this operation, you can't use IAM
@@ -7882,15 +7926,26 @@ func (c *CognitoIdentityProvider) GlobalSignOutRequest(input *GlobalSignOutInput
// GlobalSignOut API operation for Amazon Cognito Identity Provider.
//
-// Signs out a user from all devices. GlobalSignOut invalidates all identity,
-// access and refresh tokens that Amazon Cognito has issued to a user. A user
-// can still use a hosted UI cookie to retrieve new tokens for the duration
-// of the 1-hour cookie validity period.
+// Invalidates the identity, access, and refresh tokens that Amazon Cognito
+// issued to a user. Call this operation when your user signs out of your app.
+// This results in the following behavior.
+//
+// - Amazon Cognito no longer accepts token-authorized user operations that
+// you authorize with a signed-out user's access tokens. For more information,
+// see Using the Amazon Cognito user pools API and user pool endpoints (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html).
+// Amazon Cognito returns an Access Token has been revoked error when your
+// app attempts to authorize a user pools API request with a revoked access
+// token that contains the scope aws.cognito.signin.user.admin.
+//
+// - Amazon Cognito no longer accepts a signed-out user's ID token in a GetId
+// (https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html)
+// request to an identity pool with ServerSideTokenCheck enabled for its
+// user pool IdP configuration in CognitoIdentityProvider (https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_CognitoIdentityProvider.html).
//
-// Your app isn't aware that a user's access token is revoked unless it attempts
-// to authorize a user pools API request with an access token that contains
-// the scope aws.cognito.signin.user.admin. Your app might otherwise accept
-// access tokens until they expire.
+// - Amazon Cognito no longer accepts a signed-out user's refresh tokens
+// in refresh requests.
+//
+// Other requests might be valid until your user's token expires.
//
// Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies
// in requests for this API operation. For this operation, you can't use IAM
@@ -9773,7 +9828,15 @@ func (c *CognitoIdentityProvider) RespondToAuthChallengeRequest(input *RespondTo
// RespondToAuthChallenge API operation for Amazon Cognito Identity Provider.
//
-// Responds to the authentication challenge.
+// Some API operations in a user pool generate a challenge, like a prompt for
+// an MFA code, for device authentication that bypasses MFA, or for a custom
+// authentication challenge. A RespondToAuthChallenge API request provides the
+// answer to that challenge, like a code or a secure remote password (SRP).
+// The parameters of a response to an authentication challenge vary with the
+// type of challenge.
+//
+// For more information about custom authentication challenges, see Custom authentication
+// challenge Lambda triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html).
//
// Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies
// in requests for this API operation. For this operation, you can't use IAM
@@ -11845,7 +11908,11 @@ func (c *CognitoIdentityProvider) UpdateUserAttributesRequest(input *UpdateUserA
// UpdateUserAttributes API operation for Amazon Cognito Identity Provider.
//
-// Allows a user to update a specific attribute (one at a time).
+// With this operation, your users can update one or more of their attributes
+// with their own credentials. You authorize this API request with the user's
+// access token. To delete an attribute from your user, submit the attribute
+// in your API request with a blank value. Custom attribute values in this request
+// must include the custom: prefix.
//
// Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies
// in requests for this API operation. For this operation, you can't use IAM
@@ -13027,7 +13094,7 @@ func (s AddCustomAttributesOutput) GoString() string {
type AdminAddUserToGroupInput struct {
_ struct{} `type:"structure"`
- // The group name.
+ // The name of the group that you want to add your user to.
//
// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
@@ -13037,7 +13104,10 @@ type AdminAddUserToGroupInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The username for the user.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminAddUserToGroupInput's
@@ -13172,7 +13242,10 @@ type AdminConfirmSignUpInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name for which you want to confirm user registration.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminConfirmSignUpInput's
@@ -13471,18 +13544,18 @@ type AdminCreateUserInput struct {
// Username is a required field
Username *string `min:"1" type:"string" required:"true" sensitive:"true"`
- // The user's validation data. This is an array of name-value pairs that contain
- // user attributes and attribute values that you can use for custom validation,
- // such as restricting the types of user accounts that can be registered. For
- // example, you might choose to allow or disallow user sign-up based on the
- // user's domain.
+ // Temporary user attributes that contribute to the outcomes of your pre sign-up
+ // Lambda trigger. This set of key-value pairs are for custom validation of
+ // information that you collect from your users but don't need to retain.
//
- // To configure custom validation, you must create a Pre Sign-up Lambda trigger
- // for the user pool as described in the Amazon Cognito Developer Guide. The
- // Lambda trigger receives the validation data and uses it in the validation
- // process.
+ // Your Lambda function can analyze this additional data and act on it. Your
+ // function might perform external API operations like logging user attributes
+ // and validation data to Amazon CloudWatch Logs. Validation data might also
+ // affect the response that your function returns to Amazon Cognito, like automatically
+ // confirming the user if they sign up from within your network.
//
- // The user's validation data isn't persisted.
+ // For more information about the pre sign-up Lambda trigger, see Pre sign-up
+ // Lambda trigger (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html).
ValidationData []*AttributeType `type:"list"`
}
@@ -13649,7 +13722,10 @@ type AdminDeleteUserAttributesInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user from which you would like to delete attributes.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminDeleteUserAttributesInput's
@@ -13753,7 +13829,10 @@ type AdminDeleteUserInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user you want to delete.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminDeleteUserInput's
@@ -13933,7 +14012,10 @@ type AdminDisableUserInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user you want to disable.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminDisableUserInput's
@@ -14028,7 +14110,10 @@ type AdminEnableUserInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user you want to enable.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminEnableUserInput's
@@ -14128,7 +14213,10 @@ type AdminForgetDeviceInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminForgetDeviceInput's
@@ -14238,7 +14326,10 @@ type AdminGetDeviceInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminGetDeviceInput's
@@ -14356,7 +14447,10 @@ type AdminGetUserInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user you want to retrieve.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminGetUserInput's
@@ -14662,8 +14756,6 @@ type AdminInitiateAuthInput struct {
//
// * Define auth challenge
//
- // * Verify auth challenge
- //
// For more information, see Customizing user pool Workflows with Lambda Triggers
// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
// in the Amazon Cognito Developer Guide.
@@ -14839,7 +14931,7 @@ type AdminInitiateAuthOutput struct {
//
// * MFA_SETUP: For users who are required to set up an MFA factor before
// they can sign in. The MFA types activated for the user pool will be listed
- // in the challenge parameters MFA_CAN_SETUP value. To set up software token
+ // in the challenge parameters MFAS_CAN_SETUP value. To set up software token
// MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken,
// and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge
// with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA,
@@ -15069,7 +15161,12 @@ type AdminListDevicesInput struct {
// The limit of the devices request.
Limit *int64 `type:"integer"`
- // The pagination token.
+ // This API operation returns a limited number of results. The pagination token
+ // is an identifier that you can present in an additional API request with the
+ // same parameters. When you include the pagination token, Amazon Cognito returns
+ // the next set of items after the current list. Subsequent requests return
+ // a new pagination token. By use of this token, you can paginate through the
+ // full list of items.
PaginationToken *string `min:"1" type:"string"`
// The user pool ID.
@@ -15077,7 +15174,10 @@ type AdminListDevicesInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminListDevicesInput's
@@ -15161,7 +15261,10 @@ type AdminListDevicesOutput struct {
// The devices in the list of devices response.
Devices []*DeviceType `type:"list"`
- // The pagination token.
+ // The identifier that Amazon Cognito returned with the previous request to
+ // this operation. When you include a pagination token in your request, Amazon
+ // Cognito returns the next set of items in the list. By use of this token,
+ // you can paginate through the full list of items.
PaginationToken *string `min:"1" type:"string"`
}
@@ -15210,7 +15313,10 @@ type AdminListGroupsForUserInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The username for the user.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminListGroupsForUserInput's
@@ -15343,7 +15449,10 @@ type AdminListUserAuthEventsInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user pool username or an alias.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminListUserAuthEventsInput's
@@ -15474,7 +15583,10 @@ type AdminRemoveUserFromGroupInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The username for the user.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminRemoveUserFromGroupInput's
@@ -15610,7 +15722,10 @@ type AdminResetUserPasswordInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user whose password you want to reset.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminResetUserPasswordInput's
@@ -15714,39 +15829,74 @@ type AdminRespondToAuthChallengeInput struct {
// ChallengeName is a required field
ChallengeName *string `type:"string" required:"true" enum:"ChallengeNameType"`
- // The challenge responses. These are inputs corresponding to the value of ChallengeName,
- // for example:
+ // The responses to the challenge that you received in the previous request.
+ // Each challenge has its own required response parameters. The following examples
+ // are partial JSON request bodies that highlight challenge-response parameters.
//
- // * SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured
- // with client secret).
+ // You must provide a SECRET_HASH parameter in all challenge responses to an
+ // app client that has a client secret.
//
- // * PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK,
- // TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client
- // secret). PASSWORD_VERIFIER requires DEVICE_KEY when signing in with a
- // remembered device.
+ // SMS_MFA
//
- // * ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is
- // configured with client secret).
+ // "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[SMS_code]",
+ // "USERNAME": "[username]"}
//
- // * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME, SECRET_HASH (if app client
- // is configured with client secret). To set any required attributes that
- // Amazon Cognito returned as requiredAttributes in the AdminInitiateAuth
- // response, add a userAttributes.attributename parameter. This parameter
- // can also set values for writable attributes that aren't required by your
- // user pool. In a NEW_PASSWORD_REQUIRED challenge response, you can't modify
- // a required attribute that already has a value. In AdminRespondToAuthChallenge,
- // set a value for any keys that Amazon Cognito returned in the requiredAttributes
- // parameter, then use the AdminUpdateUserAttributes API operation to modify
- // the value of any additional attributes.
+ // PASSWORD_VERIFIER
+ //
+ // "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE":
+ // "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
+ // [timestamp], "USERNAME": "[username]"}
+ //
+ // Add "DEVICE_KEY" when you sign in with a remembered device.
+ //
+ // CUSTOM_CHALLENGE
+ //
+ // "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]",
+ // "ANSWER": "[challenge_answer]"}
//
- // * MFA_SETUP requires USERNAME, plus you must use the session value returned
- // by VerifySoftwareToken in the Session parameter.
+ // Add "DEVICE_KEY" when you sign in with a remembered device.
//
- // The value of the USERNAME attribute must be the user's actual username, not
- // an alias (such as an email address or phone number). To make this simpler,
- // the AdminInitiateAuth response includes the actual username value in the
- // USERNAMEUSER_ID_FOR_SRP attribute. This happens even if you specified an
- // alias in your call to AdminInitiateAuth.
+ // NEW_PASSWORD_REQUIRED
+ //
+ // "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD":
+ // "[new_password]", "USERNAME": "[username]"}
+ //
+ // To set any required attributes that InitiateAuth returned in an requiredAttributes
+ // parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This
+ // parameter can also set values for writable attributes that aren't required
+ // by your user pool.
+ //
+ // In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required
+ // attribute that already has a value. In RespondToAuthChallenge, set a value
+ // for any keys that Amazon Cognito returned in the requiredAttributes parameter,
+ // then use the UpdateUserAttributes API operation to modify the value of any
+ // additional attributes.
+ //
+ // SOFTWARE_TOKEN_MFA
+ //
+ // "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME":
+ // "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}
+ //
+ // DEVICE_SRP_AUTH
+ //
+ // "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]",
+ // "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}
+ //
+ // DEVICE_PASSWORD_VERIFIER
+ //
+ // "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY":
+ // "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK":
+ // "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
+ //
+ // MFA_SETUP
+ //
+ // "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"},
+ // "SESSION": "[Session ID from VerifySoftwareToken]"
+ //
+ // SELECT_MFA_TYPE
+ //
+ // "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]",
+ // "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}
//
// For more information about SECRET_HASH, see Computing secret hash values
// (https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash).
@@ -16017,7 +16167,10 @@ type AdminSetUserMFAPreferenceInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user pool username or alias.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminSetUserMFAPreferenceInput's
@@ -16133,7 +16286,10 @@ type AdminSetUserPasswordInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user whose password you want to set.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminSetUserPasswordInput's
@@ -16248,7 +16404,10 @@ type AdminSetUserSettingsInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user whose options you're setting.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminSetUserSettingsInput's
@@ -16374,7 +16533,10 @@ type AdminUpdateAuthEventFeedbackInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user pool username.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminUpdateAuthEventFeedbackInput's
@@ -16496,7 +16658,10 @@ type AdminUpdateDeviceStatusInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminUpdateDeviceStatusInput's
@@ -16660,7 +16825,10 @@ type AdminUpdateUserAttributesInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name of the user for whom you want to update user attributes.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminUpdateUserAttributesInput's
@@ -16780,7 +16948,10 @@ type AdminUserGlobalSignOutInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user name.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by AdminUserGlobalSignOutInput's
@@ -18201,8 +18372,10 @@ type ConfirmForgotPasswordInput struct {
// String and GoString methods.
UserContextData *UserContextDataType `type:"structure" sensitive:"true"`
- // The user name of the user for whom you want to enter a code to retrieve a
- // forgotten password.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by ConfirmForgotPasswordInput's
@@ -18414,7 +18587,10 @@ type ConfirmSignUpInput struct {
// String and GoString methods.
UserContextData *UserContextDataType `type:"structure" sensitive:"true"`
- // The user name of the user whose registration you want to confirm.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by ConfirmSignUpInput's
@@ -19407,7 +19583,19 @@ type CreateUserPoolClientInput struct {
// user existence related errors aren't prevented.
PreventUserExistenceErrors *string `type:"string" enum:"PreventUserExistenceErrorTypes"`
- // The read attributes.
+ // The list of user attributes that you want your app client to have read-only
+ // access to. After your user authenticates in your app, their access token
+ // authorizes them to read their own attribute value for any attribute in this
+ // list. An example of this kind of activity is when your user selects a link
+ // to view their profile information. Your app makes a GetUser (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html)
+ // API request to retrieve and display your user's profile data.
+ //
+ // When you don't specify the ReadAttributes for your app client, your app can
+ // read the values of email_verified, phone_number_verified, and the Standard
+ // attributes of your user pool. When your user pool has read access to these
+ // default attributes, ReadAttributes doesn't return any information. Amazon
+ // Cognito only populates ReadAttributes in the API response if you have specified
+ // your own custom set of read attributes.
ReadAttributes []*string `type:"list"`
// The refresh token time limit. After this limit expires, your user can't use
@@ -19443,7 +19631,19 @@ type CreateUserPoolClientInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user pool attributes that the app client can write to.
+ // The list of user attributes that you want your app client to have write access
+ // to. After your user authenticates in your app, their access token authorizes
+ // them to set or modify their own attribute value for any attribute in this
+ // list. An example of this kind of activity is when you present your user with
+ // a form to update their profile information and they change their last name.
+ // Your app then makes an UpdateUserAttributes (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html)
+ // API request and sets family_name to the new value.
+ //
+ // When you don't specify the WriteAttributes for your app client, your app
+ // can write the values of the Standard attributes of your user pool. When your
+ // user pool has write access to these default attributes, WriteAttributes doesn't
+ // return any information. Amazon Cognito only populates WriteAttributes in
+ // the API response if you have specified your own custom set of write attributes.
//
// If your app client allows users to sign in through an IdP, this array must
// include all attributes that you have mapped to IdP attributes. Amazon Cognito
@@ -20259,19 +20459,21 @@ func (s *CustomDomainConfigType) SetCertificateArn(v string) *CustomDomainConfig
return s
}
-// A custom email sender Lambda configuration type.
+// The properties of a custom email sender Lambda trigger.
type CustomEmailLambdaVersionConfigType struct {
_ struct{} `type:"structure"`
- // The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito
- // activates to send email notifications to users.
+ // The Amazon Resource Name (ARN) of the function that you want to assign to
+ // your Lambda trigger.
//
// LambdaArn is a required field
LambdaArn *string `min:"20" type:"string" required:"true"`
- // Signature of the "request" attribute in the "event" information Amazon Cognito
- // passes to your custom email Lambda function. The only supported value is
- // V1_0.
+ // The user pool trigger version of the request that Amazon Cognito sends to
+ // your Lambda function. Higher-numbered versions add fields that support new
+ // features.
+ //
+ // You must use a LambdaVersion of V1_0 with a custom sender function.
//
// LambdaVersion is a required field
LambdaVersion *string `type:"string" required:"true" enum:"CustomEmailSenderLambdaVersionType"`
@@ -20326,19 +20528,21 @@ func (s *CustomEmailLambdaVersionConfigType) SetLambdaVersion(v string) *CustomE
return s
}
-// A custom SMS sender Lambda configuration type.
+// The properties of a custom SMS sender Lambda trigger.
type CustomSMSLambdaVersionConfigType struct {
_ struct{} `type:"structure"`
- // The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito
- // activates to send SMS notifications to users.
+ // The Amazon Resource Name (ARN) of the function that you want to assign to
+ // your Lambda trigger.
//
// LambdaArn is a required field
LambdaArn *string `min:"20" type:"string" required:"true"`
- // Signature of the "request" attribute in the "event" information that Amazon
- // Cognito passes to your custom SMS Lambda function. The only supported value
- // is V1_0.
+ // The user pool trigger version of the request that Amazon Cognito sends to
+ // your Lambda function. Higher-numbered versions add fields that support new
+ // features.
+ //
+ // You must use a LambdaVersion of V1_0 with a custom sender function.
//
// LambdaVersion is a required field
LambdaVersion *string `type:"string" required:"true" enum:"CustomSMSSenderLambdaVersionType"`
@@ -22781,8 +22985,10 @@ type ForgotPasswordInput struct {
// String and GoString methods.
UserContextData *UserContextDataType `type:"structure" sensitive:"true"`
- // The user name of the user for whom you want to enter a code to reset a forgotten
- // password.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by ForgotPasswordInput's
@@ -24440,8 +24646,6 @@ type InitiateAuthInput struct {
//
// * Define auth challenge
//
- // * Verify auth challenge
- //
// For more information, see Customizing user pool Workflows with Lambda Triggers
// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
// in the Amazon Cognito Developer Guide.
@@ -24555,8 +24759,7 @@ type InitiateAuthOutput struct {
AuthenticationResult *AuthenticationResultType `type:"structure"`
// The name of the challenge that you're responding to with this call. This
- // name is returned in the AdminInitiateAuth response if you must pass another
- // challenge.
+ // name is returned in the InitiateAuth response if you must pass another challenge.
//
// Valid values include the following:
//
@@ -24594,7 +24797,7 @@ type InitiateAuthOutput struct {
//
// * MFA_SETUP: For users who are required to setup an MFA factor before
// they can sign in. The MFA types activated for the user pool will be listed
- // in the challenge parameters MFA_CAN_SETUP value. To set up software token
+ // in the challenge parameters MFAS_CAN_SETUP value. To set up software token
// MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken.
// Use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge
// with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA,
@@ -25295,9 +25498,20 @@ type LambdaConfigType struct {
// A pre-registration Lambda trigger.
PreSignUp *string `min:"20" type:"string"`
- // A Lambda trigger that is invoked before token generation.
+ // The Amazon Resource Name (ARN) of the function that you want to assign to
+ // your Lambda trigger.
+ //
+ // Set this parameter for legacy purposes. If you also set an ARN in PreTokenGenerationConfig,
+ // its value must be identical to PreTokenGeneration. For new instances of pre
+ // token generation triggers, set the LambdaArn of PreTokenGenerationConfig.
+ //
+ // You can set
PreTokenGeneration *string `min:"20" type:"string"`
+ // The detailed configuration of a pre token generation trigger. If you also
+ // set an ARN in PreTokenGeneration, its value must be identical to PreTokenGenerationConfig.
+ PreTokenGenerationConfig *PreTokenGenerationVersionConfigType `type:"structure"`
+
// The user migration Lambda config type.
UserMigration *string `min:"20" type:"string"`
@@ -25369,6 +25583,11 @@ func (s *LambdaConfigType) Validate() error {
invalidParams.AddNested("CustomSMSSender", err.(request.ErrInvalidParams))
}
}
+ if s.PreTokenGenerationConfig != nil {
+ if err := s.PreTokenGenerationConfig.Validate(); err != nil {
+ invalidParams.AddNested("PreTokenGenerationConfig", err.(request.ErrInvalidParams))
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -25442,6 +25661,12 @@ func (s *LambdaConfigType) SetPreTokenGeneration(v string) *LambdaConfigType {
return s
}
+// SetPreTokenGenerationConfig sets the PreTokenGenerationConfig field's value.
+func (s *LambdaConfigType) SetPreTokenGenerationConfig(v *PreTokenGenerationVersionConfigType) *LambdaConfigType {
+ s.PreTokenGenerationConfig = v
+ return s
+}
+
// SetUserMigration sets the UserMigration field's value.
func (s *LambdaConfigType) SetUserMigration(v string) *LambdaConfigType {
s.UserMigration = &v
@@ -25537,7 +25762,12 @@ type ListDevicesInput struct {
// The limit of the device request.
Limit *int64 `type:"integer"`
- // The pagination token for the list request.
+ // This API operation returns a limited number of results. The pagination token
+ // is an identifier that you can present in an additional API request with the
+ // same parameters. When you include the pagination token, Amazon Cognito returns
+ // the next set of items after the current list. Subsequent requests return
+ // a new pagination token. By use of this token, you can paginate through the
+ // full list of items.
PaginationToken *string `min:"1" type:"string"`
}
@@ -25600,7 +25830,10 @@ type ListDevicesOutput struct {
// The devices returned in the list devices response.
Devices []*DeviceType `type:"list"`
- // The pagination token for the list device response.
+ // The identifier that Amazon Cognito returned with the previous request to
+ // this operation. When you include a pagination token in your request, Amazon
+ // Cognito returns the next set of items in the list. By use of this token,
+ // you can paginate through the full list of items.
PaginationToken *string `min:"1" type:"string"`
}
@@ -26063,8 +26296,12 @@ type ListUserImportJobsInput struct {
// MaxResults is a required field
MaxResults *int64 `min:"1" type:"integer" required:"true"`
- // An identifier that was returned from the previous call to ListUserImportJobs,
- // which can be used to return the next set of import jobs in the list.
+ // This API operation returns a limited number of results. The pagination token
+ // is an identifier that you can present in an additional API request with the
+ // same parameters. When you include the pagination token, Amazon Cognito returns
+ // the next set of items after the current list. Subsequent requests return
+ // a new pagination token. By use of this token, you can paginate through the
+ // full list of items.
PaginationToken *string `min:"1" type:"string"`
// The user pool ID for the user pool that the users are being imported into.
@@ -26139,8 +26376,10 @@ func (s *ListUserImportJobsInput) SetUserPoolId(v string) *ListUserImportJobsInp
type ListUserImportJobsOutput struct {
_ struct{} `type:"structure"`
- // An identifier that can be used to return the next set of user import jobs
- // in the list.
+ // The identifier that Amazon Cognito returned with the previous request to
+ // this operation. When you include a pagination token in your request, Amazon
+ // Cognito returns the next set of items in the list. By use of this token,
+ // you can paginate through the full list of items.
PaginationToken *string `min:"1" type:"string"`
// The user import jobs.
@@ -26409,7 +26648,7 @@ type ListUsersInGroupInput struct {
// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
- // The limit of the request to list users.
+ // The maximum number of users that you want to retrieve before pagination.
Limit *int64 `type:"integer"`
// An identifier that was returned from the previous call to this operation,
@@ -26496,7 +26735,7 @@ type ListUsersInGroupOutput struct {
// of items in the list.
NextToken *string `min:"1" type:"string"`
- // The users returned in the request to list users.
+ // A list of users in the group, and their attributes.
Users []*UserType `type:"list"`
}
@@ -26538,6 +26777,12 @@ type ListUsersInput struct {
// Amazon Cognito to include in the response for each user. When you don't provide
// an AttributesToGet parameter, Amazon Cognito returns all attributes for each
// user.
+ //
+ // Use AttributesToGet with required attributes in your user pool, or in conjunction
+ // with Filter. Amazon Cognito returns an error if not all users in the results
+ // have set a value for the attribute you request. Attributes that you can't
+ // filter on, including custom attributes, must have a value set in every user
+ // profile before an AttributesToGet parameter returns results.
AttributesToGet []*string `type:"list"`
// A filter string of the form "AttributeName Filter-Type "AttributeValue"".
@@ -26599,8 +26844,12 @@ type ListUsersInput struct {
// Maximum number of users to be returned.
Limit *int64 `type:"integer"`
- // An identifier that was returned from the previous call to this operation,
- // which can be used to return the next set of items in the list.
+ // This API operation returns a limited number of results. The pagination token
+ // is an identifier that you can present in an additional API request with the
+ // same parameters. When you include the pagination token, Amazon Cognito returns
+ // the next set of items after the current list. Subsequent requests return
+ // a new pagination token. By use of this token, you can paginate through the
+ // full list of items.
PaginationToken *string `min:"1" type:"string"`
// The user pool ID for the user pool on which the search should be performed.
@@ -26680,8 +26929,10 @@ func (s *ListUsersInput) SetUserPoolId(v string) *ListUsersInput {
type ListUsersOutput struct {
_ struct{} `type:"structure"`
- // An identifier that was returned from the previous call to this operation,
- // which can be used to return the next set of items in the list.
+ // The identifier that Amazon Cognito returned with the previous request to
+ // this operation. When you include a pagination token in your request, Amazon
+ // Cognito returns the next set of items in the list. By use of this token,
+ // you can paginate through the full list of items.
PaginationToken *string `min:"1" type:"string"`
// A list of the user pool users, and their attributes, that match your query.
@@ -27406,7 +27657,9 @@ type PasswordPolicyType struct {
// The number of days a temporary password is valid in the password policy.
// If the user doesn't sign in during this time, an administrator must reset
- // their password.
+ // their password. Defaults to 7. If you submit a value of 0, Amazon Cognito
+ // treats it as a null value and sets TemporaryPasswordValidityDays to its default
+ // value.
//
// When you set TemporaryPasswordValidityDays for a user pool, you can no longer
// set a value for the legacy UnusedAccountValidityDays parameter in that user
@@ -27546,6 +27799,76 @@ func (s *PasswordResetRequiredException) RequestID() string {
return s.RespMetadata.RequestID
}
+// The properties of a pre token generation Lambda trigger.
+type PreTokenGenerationVersionConfigType struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the function that you want to assign to
+ // your Lambda trigger.
+ //
+ // This parameter and the PreTokenGeneration property of LambdaConfig have the
+ // same value. For new instances of pre token generation triggers, set LambdaArn.
+ //
+ // LambdaArn is a required field
+ LambdaArn *string `min:"20" type:"string" required:"true"`
+
+ // The user pool trigger version of the request that Amazon Cognito sends to
+ // your Lambda function. Higher-numbered versions add fields that support new
+ // features.
+ //
+ // LambdaVersion is a required field
+ LambdaVersion *string `type:"string" required:"true" enum:"PreTokenGenerationLambdaVersionType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PreTokenGenerationVersionConfigType) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PreTokenGenerationVersionConfigType) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PreTokenGenerationVersionConfigType) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "PreTokenGenerationVersionConfigType"}
+ if s.LambdaArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("LambdaArn"))
+ }
+ if s.LambdaArn != nil && len(*s.LambdaArn) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("LambdaArn", 20))
+ }
+ if s.LambdaVersion == nil {
+ invalidParams.Add(request.NewErrParamRequired("LambdaVersion"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetLambdaArn sets the LambdaArn field's value.
+func (s *PreTokenGenerationVersionConfigType) SetLambdaArn(v string) *PreTokenGenerationVersionConfigType {
+ s.LambdaArn = &v
+ return s
+}
+
+// SetLambdaVersion sets the LambdaVersion field's value.
+func (s *PreTokenGenerationVersionConfigType) SetLambdaVersion(v string) *PreTokenGenerationVersionConfigType {
+ s.LambdaVersion = &v
+ return s
+}
+
// This exception is thrown when a precondition is not met.
type PreconditionNotMetException struct {
_ struct{} `type:"structure"`
@@ -27865,8 +28188,10 @@ type ResendConfirmationCodeInput struct {
// String and GoString methods.
UserContextData *UserContextDataType `type:"structure" sensitive:"true"`
- // The username attribute of the user to whom you want to resend a confirmation
- // code.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by ResendConfirmationCodeInput's
@@ -28197,39 +28522,74 @@ type RespondToAuthChallengeInput struct {
// ChallengeName is a required field
ChallengeName *string `type:"string" required:"true" enum:"ChallengeNameType"`
- // The challenge responses. These are inputs corresponding to the value of ChallengeName,
- // for example:
+ // The responses to the challenge that you received in the previous request.
+ // Each challenge has its own required response parameters. The following examples
+ // are partial JSON request bodies that highlight challenge-response parameters.
//
- // SECRET_HASH (if app client is configured with client secret) applies to all
- // of the inputs that follow (including SOFTWARE_TOKEN_MFA).
+ // You must provide a SECRET_HASH parameter in all challenge responses to an
+ // app client that has a client secret.
//
- // * SMS_MFA: SMS_MFA_CODE, USERNAME.
+ // SMS_MFA
//
- // * PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK,
- // TIMESTAMP, USERNAME. PASSWORD_VERIFIER requires DEVICE_KEY when you sign
- // in with a remembered device.
+ // "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[SMS_code]",
+ // "USERNAME": "[username]"}
//
- // * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME, SECRET_HASH (if app client
- // is configured with client secret). To set any required attributes that
- // Amazon Cognito returned as requiredAttributes in the InitiateAuth response,
- // add a userAttributes.attributename parameter. This parameter can also
- // set values for writable attributes that aren't required by your user pool.
- // In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required
- // attribute that already has a value. In RespondToAuthChallenge, set a value
- // for any keys that Amazon Cognito returned in the requiredAttributes parameter,
- // then use the UpdateUserAttributes API operation to modify the value of
- // any additional attributes.
+ // PASSWORD_VERIFIER
+ //
+ // "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE":
+ // "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
+ // [timestamp], "USERNAME": "[username]"}
+ //
+ // Add "DEVICE_KEY" when you sign in with a remembered device.
+ //
+ // CUSTOM_CHALLENGE
+ //
+ // "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]",
+ // "ANSWER": "[challenge_answer]"}
+ //
+ // Add "DEVICE_KEY" when you sign in with a remembered device.
//
- // * SOFTWARE_TOKEN_MFA: USERNAME and SOFTWARE_TOKEN_MFA_CODE are required
- // attributes.
+ // NEW_PASSWORD_REQUIRED
//
- // * DEVICE_SRP_AUTH requires USERNAME, DEVICE_KEY, SRP_A (and SECRET_HASH).
+ // "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD":
+ // "[new_password]", "USERNAME": "[username]"}
//
- // * DEVICE_PASSWORD_VERIFIER requires everything that PASSWORD_VERIFIER
- // requires, plus DEVICE_KEY.
+ // To set any required attributes that InitiateAuth returned in an requiredAttributes
+ // parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This
+ // parameter can also set values for writable attributes that aren't required
+ // by your user pool.
//
- // * MFA_SETUP requires USERNAME, plus you must use the session value returned
- // by VerifySoftwareToken in the Session parameter.
+ // In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required
+ // attribute that already has a value. In RespondToAuthChallenge, set a value
+ // for any keys that Amazon Cognito returned in the requiredAttributes parameter,
+ // then use the UpdateUserAttributes API operation to modify the value of any
+ // additional attributes.
+ //
+ // SOFTWARE_TOKEN_MFA
+ //
+ // "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME":
+ // "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}
+ //
+ // DEVICE_SRP_AUTH
+ //
+ // "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]",
+ // "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}
+ //
+ // DEVICE_PASSWORD_VERIFIER
+ //
+ // "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY":
+ // "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK":
+ // "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
+ //
+ // MFA_SETUP
+ //
+ // "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"},
+ // "SESSION": "[Session ID from VerifySoftwareToken]"
+ //
+ // SELECT_MFA_TYPE
+ //
+ // "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]",
+ // "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}
//
// For more information about SECRET_HASH, see Computing secret hash values
// (https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash).
@@ -28752,7 +29112,10 @@ func (s *SMSMfaSettingsType) SetPreferredMfa(v bool) *SMSMfaSettingsType {
type SchemaAttributeType struct {
_ struct{} `type:"structure"`
- // The data format of the values for your attribute.
+ // The data format of the values for your attribute. When you choose an AttributeDataType,
+ // Amazon Cognito validates the input against the data type. A custom attribute
+ // value in your user's ID token is always a string, for example "custom:isMember"
+ // : "true" or "custom:YearsAsMember" : "12".
AttributeDataType *string `type:"string" enum:"AttributeDataType"`
//
@@ -28776,7 +29139,14 @@ type SchemaAttributeType struct {
// Mappings for Your User Pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html).
Mutable *bool `type:"boolean"`
- // The name of your user pool attribute, for example username or custom:costcenter.
+ // The name of your user pool attribute. When you create or update a user pool,
+ // adding a schema attribute creates a custom or developer-only attribute. When
+ // you add an attribute with a Name value of MyAttribute, Amazon Cognito creates
+ // the custom attribute custom:MyAttribute. When DeveloperOnlyAttribute is true,
+ // Amazon Cognito creates your attribute as dev:MyAttribute. In an operation
+ // that describes a user pool, Amazon Cognito returns this value as value for
+ // standard attributes, custom:value for custom attributes, and dev:value for
+ // developer-only attributes..
Name *string `min:"1" type:"string"`
// Specifies the constraints for an attribute of the number type.
@@ -29711,7 +30081,8 @@ type SignUpInput struct {
// String and GoString methods.
UserContextData *UserContextDataType `type:"structure" sensitive:"true"`
- // The user name of the user you want to register.
+ // The username of the user that you want to sign up. The value of this parameter
+ // is typically a username, but can be any alias attribute in your user pool.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by SignUpInput's
@@ -29720,7 +30091,18 @@ type SignUpInput struct {
// Username is a required field
Username *string `min:"1" type:"string" required:"true" sensitive:"true"`
- // The validation data in the request to register a user.
+ // Temporary user attributes that contribute to the outcomes of your pre sign-up
+ // Lambda trigger. This set of key-value pairs are for custom validation of
+ // information that you collect from your users but don't need to retain.
+ //
+ // Your Lambda function can analyze this additional data and act on it. Your
+ // function might perform external API operations like logging user attributes
+ // and validation data to Amazon CloudWatch Logs. Validation data might also
+ // affect the response that your function returns to Amazon Cognito, like automatically
+ // confirming the user if they sign up from within your network.
+ //
+ // For more information about the pre sign-up Lambda trigger, see Pre sign-up
+ // Lambda trigger (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html).
ValidationData []*AttributeType `type:"list"`
}
@@ -31326,7 +31708,10 @@ type UpdateAuthEventFeedbackInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The user pool username.
+ // The username of the user that you want to query or modify. The value of this
+ // parameter is typically your user's username, but it can be any of their alias
+ // attributes. If username isn't an alias attribute in your user pool, you can
+ // also use their sub in this request.
//
// Username is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by UpdateAuthEventFeedbackInput's
@@ -32292,7 +32677,19 @@ type UpdateUserPoolClientInput struct {
// user existence related errors aren't prevented.
PreventUserExistenceErrors *string `type:"string" enum:"PreventUserExistenceErrorTypes"`
- // The read-only attributes of the user pool.
+ // The list of user attributes that you want your app client to have read-only
+ // access to. After your user authenticates in your app, their access token
+ // authorizes them to read their own attribute value for any attribute in this
+ // list. An example of this kind of activity is when your user selects a link
+ // to view their profile information. Your app makes a GetUser (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html)
+ // API request to retrieve and display your user's profile data.
+ //
+ // When you don't specify the ReadAttributes for your app client, your app can
+ // read the values of email_verified, phone_number_verified, and the Standard
+ // attributes of your user pool. When your user pool has read access to these
+ // default attributes, ReadAttributes doesn't return any information. Amazon
+ // Cognito only populates ReadAttributes in the API response if you have specified
+ // your own custom set of read attributes.
ReadAttributes []*string `type:"list"`
// The refresh token time limit. After this limit expires, your user can't use
@@ -32329,7 +32726,27 @@ type UpdateUserPoolClientInput struct {
// UserPoolId is a required field
UserPoolId *string `min:"1" type:"string" required:"true"`
- // The writeable attributes of the user pool.
+ // The list of user attributes that you want your app client to have write access
+ // to. After your user authenticates in your app, their access token authorizes
+ // them to set or modify their own attribute value for any attribute in this
+ // list. An example of this kind of activity is when you present your user with
+ // a form to update their profile information and they change their last name.
+ // Your app then makes an UpdateUserAttributes (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html)
+ // API request and sets family_name to the new value.
+ //
+ // When you don't specify the WriteAttributes for your app client, your app
+ // can write the values of the Standard attributes of your user pool. When your
+ // user pool has write access to these default attributes, WriteAttributes doesn't
+ // return any information. Amazon Cognito only populates WriteAttributes in
+ // the API response if you have specified your own custom set of write attributes.
+ //
+ // If your app client allows users to sign in through an IdP, this array must
+ // include all attributes that you have mapped to IdP attributes. Amazon Cognito
+ // updates mapped attributes when users sign in to your application through
+ // an IdP. If your app client does not have write access to a mapped attribute,
+ // Amazon Cognito throws an error when it tries to update the attribute. For
+ // more information, see Specifying IdP Attribute Mappings for Your user pool
+ // (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html).
WriteAttributes []*string `type:"list"`
}
@@ -33943,7 +34360,19 @@ type UserPoolClientType struct {
// existence related errors aren't prevented.
PreventUserExistenceErrors *string `type:"string" enum:"PreventUserExistenceErrorTypes"`
- // The Read-only attributes.
+ // The list of user attributes that you want your app client to have read-only
+ // access to. After your user authenticates in your app, their access token
+ // authorizes them to read their own attribute value for any attribute in this
+ // list. An example of this kind of activity is when your user selects a link
+ // to view their profile information. Your app makes a GetUser (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html)
+ // API request to retrieve and display your user's profile data.
+ //
+ // When you don't specify the ReadAttributes for your app client, your app can
+ // read the values of email_verified, phone_number_verified, and the Standard
+ // attributes of your user pool. When your user pool has read access to these
+ // default attributes, ReadAttributes doesn't return any information. Amazon
+ // Cognito only populates ReadAttributes in the API response if you have specified
+ // your own custom set of read attributes.
ReadAttributes []*string `type:"list"`
// The refresh token time limit. After this limit expires, your user can't use
@@ -33976,7 +34405,27 @@ type UserPoolClientType struct {
// The user pool ID for the user pool client.
UserPoolId *string `min:"1" type:"string"`
- // The writeable attributes.
+ // The list of user attributes that you want your app client to have write access
+ // to. After your user authenticates in your app, their access token authorizes
+ // them to set or modify their own attribute value for any attribute in this
+ // list. An example of this kind of activity is when you present your user with
+ // a form to update their profile information and they change their last name.
+ // Your app then makes an UpdateUserAttributes (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html)
+ // API request and sets family_name to the new value.
+ //
+ // When you don't specify the WriteAttributes for your app client, your app
+ // can write the values of the Standard attributes of your user pool. When your
+ // user pool has write access to these default attributes, WriteAttributes doesn't
+ // return any information. Amazon Cognito only populates WriteAttributes in
+ // the API response if you have specified your own custom set of write attributes.
+ //
+ // If your app client allows users to sign in through an IdP, this array must
+ // include all attributes that you have mapped to IdP attributes. Amazon Cognito
+ // updates mapped attributes when users sign in to your application through
+ // an IdP. If your app client does not have write access to a mapped attribute,
+ // Amazon Cognito throws an error when it tries to update the attribute. For
+ // more information, see Specifying IdP Attribute Mappings for Your user pool
+ // (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html).
WriteAttributes []*string `type:"list"`
}
@@ -34487,7 +34936,7 @@ type UserPoolType struct {
// This parameter is no longer used. See VerificationMessageTemplateType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html).
SmsVerificationMessage *string `min:"6" type:"string"`
- // The status of a user pool.
+ // This parameter is no longer used.
//
// Deprecated: This property is no longer available.
Status *string `deprecated:"true" type:"string" enum:"StatusType"`
@@ -35918,6 +36367,22 @@ func OAuthFlowType_Values() []string {
}
}
+const (
+ // PreTokenGenerationLambdaVersionTypeV10 is a PreTokenGenerationLambdaVersionType enum value
+ PreTokenGenerationLambdaVersionTypeV10 = "V1_0"
+
+ // PreTokenGenerationLambdaVersionTypeV20 is a PreTokenGenerationLambdaVersionType enum value
+ PreTokenGenerationLambdaVersionTypeV20 = "V2_0"
+)
+
+// PreTokenGenerationLambdaVersionType_Values returns all elements of the PreTokenGenerationLambdaVersionType enum
+func PreTokenGenerationLambdaVersionType_Values() []string {
+ return []string{
+ PreTokenGenerationLambdaVersionTypeV10,
+ PreTokenGenerationLambdaVersionTypeV20,
+ }
+}
+
const (
// PreventUserExistenceErrorTypesLegacy is a PreventUserExistenceErrorTypes enum value
PreventUserExistenceErrorTypesLegacy = "LEGACY"
diff --git a/service/cognitoidentityprovider/doc.go b/service/cognitoidentityprovider/doc.go
index dc359b0a7e4..50b28a6f4b5 100644
--- a/service/cognitoidentityprovider/doc.go
+++ b/service/cognitoidentityprovider/doc.go
@@ -3,26 +3,39 @@
// Package cognitoidentityprovider provides the client and types for making API
// requests to Amazon Cognito Identity Provider.
//
-// With the Amazon Cognito user pools API, you can set up user pools and app
-// clients, and authenticate users. To authenticate users from third-party identity
-// providers (IdPs) in this API, you can link IdP users to native user profiles
-// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html).
+// With the Amazon Cognito user pools API, you can configure user pools and
+// authenticate users. To authenticate users from third-party identity providers
+// (IdPs) in this API, you can link IdP users to native user profiles (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html).
// Learn more about the authentication and authorization of federated users
-// in the Using the Amazon Cognito user pools API and user pool endpoints (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html).
+// at Adding user pool sign-in through a third party (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)
+// and in the User pool federation endpoints and hosted UI reference (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html).
//
// This API reference provides detailed information about API operations and
-// object types in Amazon Cognito. At the bottom of the page for each API operation
-// and object, under See Also, you can learn how to use it in an Amazon Web
-// Services SDK in the language of your choice.
+// object types in Amazon Cognito.
//
// Along with resource management operations, the Amazon Cognito user pools
// API includes classes of operations and authorization models for client-side
-// and server-side user operations. For more information, see Using the Amazon
-// Cognito native and OIDC APIs (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html)
+// and server-side authentication of users. You can interact with operations
+// in the Amazon Cognito user pools API as any of the following subjects.
+//
+// An administrator who wants to configure user pools, app clients, users, groups,
+// or other user pool functions.
+//
+// A server-side app, like a web application, that wants to use its Amazon Web
+// Services privileges to manage, authenticate, or authorize a user.
+//
+// A client-side app, like a mobile app, that wants to make unauthenticated
+// requests to manage, authenticate, or authorize a user.
+//
+// For more information, see Using the Amazon Cognito user pools API and user
+// pool endpoints (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html)
// in the Amazon Cognito Developer Guide.
//
-// You can also start reading about the CognitoIdentityProvider client in the
-// following SDK guides.
+// With your Amazon Web Services SDK, you can build the logic to support operational
+// flows in every use case for this API. You can also make direct REST API requests
+// to Amazon Cognito user pools service endpoints (https://docs.aws.amazon.com/general/latest/gr/cognito_identity.html#cognito_identity_your_user_pools_region).
+// The following links can get you started with the CognitoIdentityProvider
+// client in other supported Amazon Web Services SDKs.
//
// - Amazon Web Services Command Line Interface (https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/index.html#cli-aws-cognito-idp)
//
diff --git a/service/eks/api.go b/service/eks/api.go
index 9cb5b05380a..cd482ddc616 100644
--- a/service/eks/api.go
+++ b/service/eks/api.go
@@ -13,6 +13,101 @@ import (
"github.com/aws/aws-sdk-go/private/protocol/restjson"
)
+const opAssociateAccessPolicy = "AssociateAccessPolicy"
+
+// AssociateAccessPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the AssociateAccessPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssociateAccessPolicy for more information on using the AssociateAccessPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the AssociateAccessPolicyRequest method.
+// req, resp := client.AssociateAccessPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicy
+func (c *EKS) AssociateAccessPolicyRequest(input *AssociateAccessPolicyInput) (req *request.Request, output *AssociateAccessPolicyOutput) {
+ op := &request.Operation{
+ Name: opAssociateAccessPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/clusters/{name}/access-entries/{principalArn}/access-policies",
+ }
+
+ if input == nil {
+ input = &AssociateAccessPolicyInput{}
+ }
+
+ output = &AssociateAccessPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// AssociateAccessPolicy API operation for Amazon Elastic Kubernetes Service.
+//
+// Associates an access policy and its scope to an access entry. For more information
+// about associating access policies, see Associating and disassociating access
+// policies to and from access entries (https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html)
+// in the Amazon EKS User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation AssociateAccessPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicy
+func (c *EKS) AssociateAccessPolicy(input *AssociateAccessPolicyInput) (*AssociateAccessPolicyOutput, error) {
+ req, out := c.AssociateAccessPolicyRequest(input)
+ return out, req.Send()
+}
+
+// AssociateAccessPolicyWithContext is the same as AssociateAccessPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssociateAccessPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) AssociateAccessPolicyWithContext(ctx aws.Context, input *AssociateAccessPolicyInput, opts ...request.Option) (*AssociateAccessPolicyOutput, error) {
+ req, out := c.AssociateAccessPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opAssociateEncryptionConfig = "AssociateEncryptionConfig"
// AssociateEncryptionConfigRequest generates a "aws/request.Request" representing the
@@ -56,10 +151,10 @@ func (c *EKS) AssociateEncryptionConfigRequest(input *AssociateEncryptionConfigI
// AssociateEncryptionConfig API operation for Amazon Elastic Kubernetes Service.
//
-// Associate encryption configuration to an existing cluster.
+// Associates an encryption configuration to an existing cluster.
//
-// You can use this API to enable encryption on existing clusters which do not
-// have encryption already enabled. This allows you to implement a defense-in-depth
+// Use this API to enable encryption on existing clusters that don't already
+// have encryption enabled. This allows you to implement a defense-in-depth
// security strategy without migrating applications to new Amazon EKS clusters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -90,7 +185,7 @@ func (c *EKS) AssociateEncryptionConfigRequest(input *AssociateEncryptionConfigI
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
@@ -161,13 +256,13 @@ func (c *EKS) AssociateIdentityProviderConfigRequest(input *AssociateIdentityPro
// AssociateIdentityProviderConfig API operation for Amazon Elastic Kubernetes Service.
//
-// Associate an identity provider configuration to a cluster.
+// Associates an identity provider configuration to a cluster.
//
// If you want to authenticate identities using an identity provider, you can
// create an identity provider configuration and associate it to your cluster.
// After configuring authentication to your cluster you can create Kubernetes
-// roles and clusterroles to assign permissions to the roles, and then bind
-// the roles to the identities using Kubernetes rolebindings and clusterrolebindings.
+// Role and ClusterRole objects, assign permissions to them, and then bind them
+// to the identities using Kubernetes RoleBinding and ClusterRoleBinding objects.
// For more information see Using RBAC Authorization (https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
// in the Kubernetes documentation.
//
@@ -199,7 +294,7 @@ func (c *EKS) AssociateIdentityProviderConfigRequest(input *AssociateIdentityPro
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
@@ -227,6 +322,117 @@ func (c *EKS) AssociateIdentityProviderConfigWithContext(ctx aws.Context, input
return out, req.Send()
}
+const opCreateAccessEntry = "CreateAccessEntry"
+
+// CreateAccessEntryRequest generates a "aws/request.Request" representing the
+// client's request for the CreateAccessEntry operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateAccessEntry for more information on using the CreateAccessEntry
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateAccessEntryRequest method.
+// req, resp := client.CreateAccessEntryRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntry
+func (c *EKS) CreateAccessEntryRequest(input *CreateAccessEntryInput) (req *request.Request, output *CreateAccessEntryOutput) {
+ op := &request.Operation{
+ Name: opCreateAccessEntry,
+ HTTPMethod: "POST",
+ HTTPPath: "/clusters/{name}/access-entries",
+ }
+
+ if input == nil {
+ input = &CreateAccessEntryInput{}
+ }
+
+ output = &CreateAccessEntryOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateAccessEntry API operation for Amazon Elastic Kubernetes Service.
+//
+// Creates an access entry.
+//
+// An access entry allows an IAM principal to access your cluster. Access entries
+// can replace the need to maintain entries in the aws-auth ConfigMap for authentication.
+// You have the following options for authorizing an IAM principal to access
+// Kubernetes objects on your cluster: Kubernetes role-based access control
+// (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to
+// create and manage Kubernetes Role, ClusterRole, RoleBinding, and ClusterRoleBinding
+// objects, in addition to managing access entries. If you use Amazon EKS authorization
+// exclusively, you don't need to create and manage Kubernetes Role, ClusterRole,
+// RoleBinding, and ClusterRoleBinding objects.
+//
+// For more information about access entries, see Access entries (https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html)
+// in the Amazon EKS User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation CreateAccessEntry for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - ResourceLimitExceededException
+// You have encountered a service limit on the specified resource.
+//
+// - ResourceInUseException
+// The specified resource is in use.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/CreateAccessEntry
+func (c *EKS) CreateAccessEntry(input *CreateAccessEntryInput) (*CreateAccessEntryOutput, error) {
+ req, out := c.CreateAccessEntryRequest(input)
+ return out, req.Send()
+}
+
+// CreateAccessEntryWithContext is the same as CreateAccessEntry with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateAccessEntry for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) CreateAccessEntryWithContext(ctx aws.Context, input *CreateAccessEntryInput, opts ...request.Option) (*CreateAccessEntryOutput, error) {
+ req, out := c.CreateAccessEntryRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opCreateAddon = "CreateAddon"
// CreateAddonRequest generates a "aws/request.Request" representing the
@@ -297,7 +503,7 @@ func (c *EKS) CreateAddonRequest(input *CreateAddonInput) (req *request.Request,
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ResourceInUseException
// The specified resource is in use.
@@ -650,7 +856,7 @@ func (c *EKS) CreateFargateProfileRequest(input *CreateFargateProfileInput) (req
// wait for that Fargate profile to finish deleting before you can create any
// other profiles in that cluster.
//
-// For more information, see Fargate Profile (https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html)
+// For more information, see Fargate profile (https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html)
// in the Amazon EKS User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -753,17 +959,22 @@ func (c *EKS) CreateNodegroupRequest(input *CreateNodegroupInput) (req *request.
// CreateNodegroup API operation for Amazon Elastic Kubernetes Service.
//
-// Creates a managed node group for an Amazon EKS cluster. You can only create
-// a node group for your cluster that is equal to the current Kubernetes version
-// for the cluster.
+// Creates a managed node group for an Amazon EKS cluster.
+//
+// You can only create a node group for your cluster that is equal to the current
+// Kubernetes version for the cluster. All node groups are created with the
+// latest AMI release version for the respective minor Kubernetes version of
+// the cluster, unless you deploy a custom AMI using a launch template. For
+// more information about using launch templates, see Launch template support
+// (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html).
//
// An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and
// associated Amazon EC2 instances that are managed by Amazon Web Services for
// an Amazon EKS cluster. For more information, see Managed node groups (https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html)
// in the Amazon EKS User Guide.
//
-// Windows AMI types are only supported for commercial Regions that support
-// Windows Amazon EKS.
+// Windows AMI types are only supported for commercial Amazon Web Services Regions
+// that support Windows on Amazon EKS.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -870,8 +1081,8 @@ func (c *EKS) CreatePodIdentityAssociationRequest(input *CreatePodIdentityAssoci
// give temporary IAM credentials to pods and the credentials are rotated automatically.
//
// Amazon EKS Pod Identity associations provide the ability to manage credentials
-// for your applications, similar to the way that 7EC2l instance profiles provide
-// credentials to Amazon EC2 instances.
+// for your applications, similar to the way that Amazon EC2 instance profiles
+// provide credentials to Amazon EC2 instances.
//
// If a pod uses a service account that has an association, Amazon EKS sets
// environment variables in the containers of the pod. The environment variables
@@ -897,7 +1108,7 @@ func (c *EKS) CreatePodIdentityAssociationRequest(input *CreatePodIdentityAssoci
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
@@ -935,6 +1146,99 @@ func (c *EKS) CreatePodIdentityAssociationWithContext(ctx aws.Context, input *Cr
return out, req.Send()
}
+const opDeleteAccessEntry = "DeleteAccessEntry"
+
+// DeleteAccessEntryRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteAccessEntry operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteAccessEntry for more information on using the DeleteAccessEntry
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteAccessEntryRequest method.
+// req, resp := client.DeleteAccessEntryRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntry
+func (c *EKS) DeleteAccessEntryRequest(input *DeleteAccessEntryInput) (req *request.Request, output *DeleteAccessEntryOutput) {
+ op := &request.Operation{
+ Name: opDeleteAccessEntry,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/clusters/{name}/access-entries/{principalArn}",
+ }
+
+ if input == nil {
+ input = &DeleteAccessEntryInput{}
+ }
+
+ output = &DeleteAccessEntryOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteAccessEntry API operation for Amazon Elastic Kubernetes Service.
+//
+// Deletes an access entry.
+//
+// Deleting an access entry of a type other than Standard can cause your cluster
+// to function improperly. If you delete an access entry in error, you can recreate
+// it.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation DeleteAccessEntry for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteAccessEntry
+func (c *EKS) DeleteAccessEntry(input *DeleteAccessEntryInput) (*DeleteAccessEntryOutput, error) {
+ req, out := c.DeleteAccessEntryRequest(input)
+ return out, req.Send()
+}
+
+// DeleteAccessEntryWithContext is the same as DeleteAccessEntry with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteAccessEntry for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) DeleteAccessEntryWithContext(ctx aws.Context, input *DeleteAccessEntryInput, opts ...request.Option) (*DeleteAccessEntryOutput, error) {
+ req, out := c.DeleteAccessEntryRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDeleteAddon = "DeleteAddon"
// DeleteAddonRequest generates a "aws/request.Request" representing the
@@ -978,10 +1282,10 @@ func (c *EKS) DeleteAddonRequest(input *DeleteAddonInput) (req *request.Request,
// DeleteAddon API operation for Amazon Elastic Kubernetes Service.
//
-// Delete an Amazon EKS add-on.
+// Deletes an Amazon EKS add-on.
//
-// When you remove the add-on, it will also be deleted from the cluster. You
-// can always manually start an add-on on the cluster using the Kubernetes API.
+// When you remove an add-on, it's deleted from the cluster. You can always
+// manually start an add-on on the cluster using the Kubernetes API.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1003,7 +1307,7 @@ func (c *EKS) DeleteAddonRequest(input *DeleteAddonInput) (req *request.Request,
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -1079,17 +1383,17 @@ func (c *EKS) DeleteClusterRequest(input *DeleteClusterInput) (req *request.Requ
// DeleteCluster API operation for Amazon Elastic Kubernetes Service.
//
-// Deletes the Amazon EKS cluster control plane.
+// Deletes an Amazon EKS cluster control plane.
//
// If you have active services in your cluster that are associated with a load
// balancer, you must delete those services before deleting the cluster so that
// the load balancers are deleted properly. Otherwise, you can have orphaned
// resources in your VPC that prevent you from being able to delete the VPC.
-// For more information, see Deleting a Cluster (https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html)
+// For more information, see Deleting a cluster (https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html)
// in the Amazon EKS User Guide.
//
// If you have managed node groups or Fargate profiles attached to the cluster,
-// you must delete them first. For more information, see DeleteNodegroup and
+// you must delete them first. For more information, see DeleteNodgroup and
// DeleteFargateProfile.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1107,7 +1411,7 @@ func (c *EKS) DeleteClusterRequest(input *DeleteClusterInput) (req *request.Requ
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -1204,7 +1508,7 @@ func (c *EKS) DeleteEksAnywhereSubscriptionRequest(input *DeleteEksAnywhereSubsc
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -1286,11 +1590,11 @@ func (c *EKS) DeleteFargateProfileRequest(input *DeleteFargateProfileInput) (req
//
// Deletes an Fargate profile.
//
-// When you delete a Fargate profile, any pods running on Fargate that were
-// created with the profile are deleted. If those pods match another Fargate
-// profile, then they are scheduled on Fargate with that profile. If they no
-// longer match any Fargate profiles, then they are not scheduled on Fargate
-// and they may remain in a pending state.
+// When you delete a Fargate profile, any Pod running on Fargate that was created
+// with the profile is deleted. If the Pod matches another Fargate profile,
+// then it is scheduled on Fargate with that profile. If it no longer matches
+// any Fargate profiles, then it's not scheduled on Fargate and may remain in
+// a pending state.
//
// Only one Fargate profile in a cluster can be in the DELETING status at a
// time. You must wait for a Fargate profile to finish deleting before you can
@@ -1321,7 +1625,7 @@ func (c *EKS) DeleteFargateProfileRequest(input *DeleteFargateProfileInput) (req
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DeleteFargateProfile
func (c *EKS) DeleteFargateProfile(input *DeleteFargateProfileInput) (*DeleteFargateProfileOutput, error) {
@@ -1388,7 +1692,7 @@ func (c *EKS) DeleteNodegroupRequest(input *DeleteNodegroupInput) (req *request.
// DeleteNodegroup API operation for Amazon Elastic Kubernetes Service.
//
-// Deletes an Amazon EKS node group for a cluster.
+// Deletes a managed node group.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1405,7 +1709,7 @@ func (c *EKS) DeleteNodegroupRequest(input *DeleteNodegroupInput) (req *request.
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidParameterException
// The specified parameter is invalid. Review the available parameters for the
@@ -1510,7 +1814,7 @@ func (c *EKS) DeletePodIdentityAssociationRequest(input *DeletePodIdentityAssoci
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
@@ -1588,6 +1892,9 @@ func (c *EKS) DeregisterClusterRequest(input *DeregisterClusterInput) (req *requ
// Deregisters a connected cluster to remove it from the Amazon EKS control
// plane.
//
+// A connected cluster is a Kubernetes cluster that you've connected to your
+// control plane using the Amazon EKS Connector (https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html).
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -1603,7 +1910,7 @@ func (c *EKS) DeregisterClusterRequest(input *DeregisterClusterInput) (req *requ
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -1647,89 +1954,177 @@ func (c *EKS) DeregisterClusterWithContext(ctx aws.Context, input *DeregisterClu
return out, req.Send()
}
-const opDescribeAddon = "DescribeAddon"
+const opDescribeAccessEntry = "DescribeAccessEntry"
-// DescribeAddonRequest generates a "aws/request.Request" representing the
-// client's request for the DescribeAddon operation. The "output" return
+// DescribeAccessEntryRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeAccessEntry operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See DescribeAddon for more information on using the DescribeAddon
+// See DescribeAccessEntry for more information on using the DescribeAccessEntry
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the DescribeAddonRequest method.
-// req, resp := client.DescribeAddonRequest(params)
+// // Example sending a request using the DescribeAccessEntryRequest method.
+// req, resp := client.DescribeAccessEntryRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAddon
-func (c *EKS) DescribeAddonRequest(input *DescribeAddonInput) (req *request.Request, output *DescribeAddonOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntry
+func (c *EKS) DescribeAccessEntryRequest(input *DescribeAccessEntryInput) (req *request.Request, output *DescribeAccessEntryOutput) {
op := &request.Operation{
- Name: opDescribeAddon,
+ Name: opDescribeAccessEntry,
HTTPMethod: "GET",
- HTTPPath: "/clusters/{name}/addons/{addonName}",
+ HTTPPath: "/clusters/{name}/access-entries/{principalArn}",
}
if input == nil {
- input = &DescribeAddonInput{}
+ input = &DescribeAccessEntryInput{}
}
- output = &DescribeAddonOutput{}
+ output = &DescribeAccessEntryOutput{}
req = c.newRequest(op, input, output)
return
}
-// DescribeAddon API operation for Amazon Elastic Kubernetes Service.
+// DescribeAccessEntry API operation for Amazon Elastic Kubernetes Service.
//
-// Describes an Amazon EKS add-on.
+// Describes an access entry.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation DescribeAddon for usage and error information.
+// API operation DescribeAccessEntry for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-//
-// - InvalidRequestException
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
+// - ServerException
+// These errors are usually caused by a server-side issue.
//
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
-//
-// - ClientException
-// These errors are usually caused by a client action. Actions can include using
-// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// that doesn't have permissions to use the action or resource or specifying
-// an identifier that is not valid.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
-// - ServerException
-// These errors are usually caused by a server-side issue.
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAddon
-func (c *EKS) DescribeAddon(input *DescribeAddonInput) (*DescribeAddonOutput, error) {
- req, out := c.DescribeAddonRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntry
+func (c *EKS) DescribeAccessEntry(input *DescribeAccessEntryInput) (*DescribeAccessEntryOutput, error) {
+ req, out := c.DescribeAccessEntryRequest(input)
return out, req.Send()
}
-// DescribeAddonWithContext is the same as DescribeAddon with the addition of
+// DescribeAccessEntryWithContext is the same as DescribeAccessEntry with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeAccessEntry for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) DescribeAccessEntryWithContext(ctx aws.Context, input *DescribeAccessEntryInput, opts ...request.Option) (*DescribeAccessEntryOutput, error) {
+ req, out := c.DescribeAccessEntryRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDescribeAddon = "DescribeAddon"
+
+// DescribeAddonRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeAddon operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeAddon for more information on using the DescribeAddon
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DescribeAddonRequest method.
+// req, resp := client.DescribeAddonRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAddon
+func (c *EKS) DescribeAddonRequest(input *DescribeAddonInput) (req *request.Request, output *DescribeAddonOutput) {
+ op := &request.Operation{
+ Name: opDescribeAddon,
+ HTTPMethod: "GET",
+ HTTPPath: "/clusters/{name}/addons/{addonName}",
+ }
+
+ if input == nil {
+ input = &DescribeAddonInput{}
+ }
+
+ output = &DescribeAddonOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DescribeAddon API operation for Amazon Elastic Kubernetes Service.
+//
+// Describes an Amazon EKS add-on.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation DescribeAddon for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - ClientException
+// These errors are usually caused by a client action. Actions can include using
+// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// that doesn't have permissions to use the action or resource or specifying
+// an identifier that is not valid.
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAddon
+func (c *EKS) DescribeAddon(input *DescribeAddonInput) (*DescribeAddonOutput, error) {
+ req, out := c.DescribeAddonRequest(input)
+ return out, req.Send()
+}
+
+// DescribeAddonWithContext is the same as DescribeAddon with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeAddon for details on how to use this API operation.
@@ -1805,7 +2200,7 @@ func (c *EKS) DescribeAddonConfigurationRequest(input *DescribeAddonConfiguratio
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidParameterException
// The specified parameter is invalid. Review the available parameters for the
@@ -1882,9 +2277,10 @@ func (c *EKS) DescribeAddonVersionsRequest(input *DescribeAddonVersionsInput) (r
// DescribeAddonVersions API operation for Amazon Elastic Kubernetes Service.
//
-// Describes the versions for an add-on. Information such as the Kubernetes
-// versions that you can use the add-on with, the owner, publisher, and the
-// type of the add-on are returned.
+// Describes the versions for an add-on.
+//
+// Information such as the Kubernetes versions that you can use the add-on with,
+// the owner, publisher, and the type of the add-on are returned.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1901,7 +2297,7 @@ func (c *EKS) DescribeAddonVersionsRequest(input *DescribeAddonVersionsInput) (r
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidParameterException
// The specified parameter is invalid. Review the available parameters for the
@@ -2023,12 +2419,12 @@ func (c *EKS) DescribeClusterRequest(input *DescribeClusterInput) (req *request.
// DescribeCluster API operation for Amazon Elastic Kubernetes Service.
//
-// Returns descriptive information about an Amazon EKS cluster.
+// Describes an Amazon EKS cluster.
//
// The API server endpoint and certificate authority data returned by this operation
// are required for kubelet and kubectl to communicate with your Kubernetes
-// API server. For more information, see Create a kubeconfig for Amazon EKS
-// (https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html).
+// API server. For more information, see Creating or updating a kubeconfig file
+// for an Amazon EKS cluster (https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html).
//
// The API server endpoint and certificate authority data aren't available until
// the cluster reaches the ACTIVE state.
@@ -2045,7 +2441,7 @@ func (c *EKS) DescribeClusterRequest(input *DescribeClusterInput) (req *request.
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -2138,7 +2534,7 @@ func (c *EKS) DescribeEksAnywhereSubscriptionRequest(input *DescribeEksAnywhereS
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -2217,7 +2613,7 @@ func (c *EKS) DescribeFargateProfileRequest(input *DescribeFargateProfileInput)
// DescribeFargateProfile API operation for Amazon Elastic Kubernetes Service.
//
-// Returns descriptive information about an Fargate profile.
+// Describes an Fargate profile.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2244,7 +2640,7 @@ func (c *EKS) DescribeFargateProfileRequest(input *DescribeFargateProfileInput)
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeFargateProfile
func (c *EKS) DescribeFargateProfile(input *DescribeFargateProfileInput) (*DescribeFargateProfileOutput, error) {
@@ -2311,7 +2707,7 @@ func (c *EKS) DescribeIdentityProviderConfigRequest(input *DescribeIdentityProvi
// DescribeIdentityProviderConfig API operation for Amazon Elastic Kubernetes Service.
//
-// Returns descriptive information about an identity provider configuration.
+// Describes an identity provider configuration.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2329,7 +2725,7 @@ func (c *EKS) DescribeIdentityProviderConfigRequest(input *DescribeIdentityProvi
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -2408,7 +2804,7 @@ func (c *EKS) DescribeNodegroupRequest(input *DescribeNodegroupInput) (req *requ
// DescribeNodegroup API operation for Amazon Elastic Kubernetes Service.
//
-// Returns descriptive information about an Amazon EKS node group.
+// Describes a managed node group.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2426,7 +2822,7 @@ func (c *EKS) DescribeNodegroupRequest(input *DescribeNodegroupInput) (req *requ
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
@@ -2527,7 +2923,7 @@ func (c *EKS) DescribePodIdentityAssociationRequest(input *DescribePodIdentityAs
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
@@ -2602,8 +2998,7 @@ func (c *EKS) DescribeUpdateRequest(input *DescribeUpdateInput) (req *request.Re
// DescribeUpdate API operation for Amazon Elastic Kubernetes Service.
//
-// Returns descriptive information about an update against your Amazon EKS cluster
-// or associated managed node group or Amazon EKS add-on.
+// Describes an update to an Amazon EKS resource.
//
// When the status of the update is Succeeded, the update is complete. If an
// update fails, the status is Failed, and an error detail explains the reason
@@ -2634,7 +3029,7 @@ func (c *EKS) DescribeUpdateRequest(input *DescribeUpdateInput) (req *request.Re
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeUpdate
func (c *EKS) DescribeUpdate(input *DescribeUpdateInput) (*DescribeUpdateOutput, error) {
@@ -2658,6 +3053,95 @@ func (c *EKS) DescribeUpdateWithContext(ctx aws.Context, input *DescribeUpdateIn
return out, req.Send()
}
+const opDisassociateAccessPolicy = "DisassociateAccessPolicy"
+
+// DisassociateAccessPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the DisassociateAccessPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DisassociateAccessPolicy for more information on using the DisassociateAccessPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DisassociateAccessPolicyRequest method.
+// req, resp := client.DisassociateAccessPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicy
+func (c *EKS) DisassociateAccessPolicyRequest(input *DisassociateAccessPolicyInput) (req *request.Request, output *DisassociateAccessPolicyOutput) {
+ op := &request.Operation{
+ Name: opDisassociateAccessPolicy,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/clusters/{name}/access-entries/{principalArn}/access-policies/{policyArn}",
+ }
+
+ if input == nil {
+ input = &DisassociateAccessPolicyInput{}
+ }
+
+ output = &DisassociateAccessPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DisassociateAccessPolicy API operation for Amazon Elastic Kubernetes Service.
+//
+// Disassociates an access policy from an access entry.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation DisassociateAccessPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateAccessPolicy
+func (c *EKS) DisassociateAccessPolicy(input *DisassociateAccessPolicyInput) (*DisassociateAccessPolicyOutput, error) {
+ req, out := c.DisassociateAccessPolicyRequest(input)
+ return out, req.Send()
+}
+
+// DisassociateAccessPolicyWithContext is the same as DisassociateAccessPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DisassociateAccessPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) DisassociateAccessPolicyWithContext(ctx aws.Context, input *DisassociateAccessPolicyInput, opts ...request.Option) (*DisassociateAccessPolicyOutput, error) {
+ req, out := c.DisassociateAccessPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDisassociateIdentityProviderConfig = "DisassociateIdentityProviderConfig"
// DisassociateIdentityProviderConfigRequest generates a "aws/request.Request" representing the
@@ -2701,10 +3185,11 @@ func (c *EKS) DisassociateIdentityProviderConfigRequest(input *DisassociateIdent
// DisassociateIdentityProviderConfig API operation for Amazon Elastic Kubernetes Service.
//
-// Disassociates an identity provider configuration from a cluster. If you disassociate
-// an identity provider from your cluster, users included in the provider can
-// no longer access the cluster. However, you can still access the cluster with
-// IAM principals (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html).
+// Disassociates an identity provider configuration from a cluster.
+//
+// If you disassociate an identity provider from your cluster, users included
+// in the provider can no longer access the cluster. However, you can still
+// access the cluster with IAM principals.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2734,7 +3219,7 @@ func (c *EKS) DisassociateIdentityProviderConfigRequest(input *DisassociateIdent
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
@@ -2762,36 +3247,36 @@ func (c *EKS) DisassociateIdentityProviderConfigWithContext(ctx aws.Context, inp
return out, req.Send()
}
-const opListAddons = "ListAddons"
+const opListAccessEntries = "ListAccessEntries"
-// ListAddonsRequest generates a "aws/request.Request" representing the
-// client's request for the ListAddons operation. The "output" return
+// ListAccessEntriesRequest generates a "aws/request.Request" representing the
+// client's request for the ListAccessEntries operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListAddons for more information on using the ListAddons
+// See ListAccessEntries for more information on using the ListAccessEntries
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListAddonsRequest method.
-// req, resp := client.ListAddonsRequest(params)
+// // Example sending a request using the ListAccessEntriesRequest method.
+// req, resp := client.ListAccessEntriesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAddons
-func (c *EKS) ListAddonsRequest(input *ListAddonsInput) (req *request.Request, output *ListAddonsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntries
+func (c *EKS) ListAccessEntriesRequest(input *ListAccessEntriesInput) (req *request.Request, output *ListAccessEntriesOutput) {
op := &request.Operation{
- Name: opListAddons,
+ Name: opListAccessEntries,
HTTPMethod: "GET",
- HTTPPath: "/clusters/{name}/addons",
+ HTTPPath: "/clusters/{name}/access-entries",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -2801,107 +3286,101 @@ func (c *EKS) ListAddonsRequest(input *ListAddonsInput) (req *request.Request, o
}
if input == nil {
- input = &ListAddonsInput{}
+ input = &ListAccessEntriesInput{}
}
- output = &ListAddonsOutput{}
+ output = &ListAccessEntriesOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListAddons API operation for Amazon Elastic Kubernetes Service.
+// ListAccessEntries API operation for Amazon Elastic Kubernetes Service.
//
-// Lists the installed add-ons.
+// Lists the access entries for your cluster.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListAddons for usage and error information.
+// API operation ListAccessEntries for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-//
-// - InvalidRequestException
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
-//
-// - ClientException
-// These errors are usually caused by a client action. Actions can include using
-// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// that doesn't have permissions to use the action or resource or specifying
-// an identifier that is not valid.
+// - ServerException
+// These errors are usually caused by a server-side issue.
//
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
-// - ServerException
-// These errors are usually caused by a server-side issue.
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAddons
-func (c *EKS) ListAddons(input *ListAddonsInput) (*ListAddonsOutput, error) {
- req, out := c.ListAddonsRequest(input)
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessEntries
+func (c *EKS) ListAccessEntries(input *ListAccessEntriesInput) (*ListAccessEntriesOutput, error) {
+ req, out := c.ListAccessEntriesRequest(input)
return out, req.Send()
}
-// ListAddonsWithContext is the same as ListAddons with the addition of
+// ListAccessEntriesWithContext is the same as ListAccessEntries with the addition of
// the ability to pass a context and additional request options.
//
-// See ListAddons for details on how to use this API operation.
+// See ListAccessEntries for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListAddonsWithContext(ctx aws.Context, input *ListAddonsInput, opts ...request.Option) (*ListAddonsOutput, error) {
- req, out := c.ListAddonsRequest(input)
+func (c *EKS) ListAccessEntriesWithContext(ctx aws.Context, input *ListAccessEntriesInput, opts ...request.Option) (*ListAccessEntriesOutput, error) {
+ req, out := c.ListAccessEntriesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListAddonsPages iterates over the pages of a ListAddons operation,
+// ListAccessEntriesPages iterates over the pages of a ListAccessEntries operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListAddons method for more information on how to use this operation.
+// See ListAccessEntries method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListAddons operation.
+// // Example iterating over at most 3 pages of a ListAccessEntries operation.
// pageNum := 0
-// err := client.ListAddonsPages(params,
-// func(page *eks.ListAddonsOutput, lastPage bool) bool {
+// err := client.ListAccessEntriesPages(params,
+// func(page *eks.ListAccessEntriesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListAddonsPages(input *ListAddonsInput, fn func(*ListAddonsOutput, bool) bool) error {
- return c.ListAddonsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListAccessEntriesPages(input *ListAccessEntriesInput, fn func(*ListAccessEntriesOutput, bool) bool) error {
+ return c.ListAccessEntriesPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListAddonsPagesWithContext same as ListAddonsPages except
+// ListAccessEntriesPagesWithContext same as ListAccessEntriesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListAddonsPagesWithContext(ctx aws.Context, input *ListAddonsInput, fn func(*ListAddonsOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListAccessEntriesPagesWithContext(ctx aws.Context, input *ListAccessEntriesInput, fn func(*ListAccessEntriesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListAddonsInput
+ var inCpy *ListAccessEntriesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListAddonsRequest(inCpy)
+ req, _ := c.ListAccessEntriesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -2909,7 +3388,7 @@ func (c *EKS) ListAddonsPagesWithContext(ctx aws.Context, input *ListAddonsInput
}
for p.Next() {
- if !fn(p.Page().(*ListAddonsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListAccessEntriesOutput), !p.HasNextPage()) {
break
}
}
@@ -2917,36 +3396,36 @@ func (c *EKS) ListAddonsPagesWithContext(ctx aws.Context, input *ListAddonsInput
return p.Err()
}
-const opListClusters = "ListClusters"
+const opListAccessPolicies = "ListAccessPolicies"
-// ListClustersRequest generates a "aws/request.Request" representing the
-// client's request for the ListClusters operation. The "output" return
+// ListAccessPoliciesRequest generates a "aws/request.Request" representing the
+// client's request for the ListAccessPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListClusters for more information on using the ListClusters
+// See ListAccessPolicies for more information on using the ListAccessPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListClustersRequest method.
-// req, resp := client.ListClustersRequest(params)
+// // Example sending a request using the ListAccessPoliciesRequest method.
+// req, resp := client.ListAccessPoliciesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClusters
-func (c *EKS) ListClustersRequest(input *ListClustersInput) (req *request.Request, output *ListClustersOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPolicies
+func (c *EKS) ListAccessPoliciesRequest(input *ListAccessPoliciesInput) (req *request.Request, output *ListAccessPoliciesOutput) {
op := &request.Operation{
- Name: opListClusters,
+ Name: opListAccessPolicies,
HTTPMethod: "GET",
- HTTPPath: "/clusters",
+ HTTPPath: "/access-policies",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -2956,102 +3435,87 @@ func (c *EKS) ListClustersRequest(input *ListClustersInput) (req *request.Reques
}
if input == nil {
- input = &ListClustersInput{}
+ input = &ListAccessPoliciesInput{}
}
- output = &ListClustersOutput{}
+ output = &ListAccessPoliciesOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListClusters API operation for Amazon Elastic Kubernetes Service.
+// ListAccessPolicies API operation for Amazon Elastic Kubernetes Service.
//
-// Lists the Amazon EKS clusters in your Amazon Web Services account in the
-// specified Region.
+// Lists the available access policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListClusters for usage and error information.
+// API operation ListAccessPolicies for usage and error information.
//
// Returned Error Types:
-//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-//
-// - ClientException
-// These errors are usually caused by a client action. Actions can include using
-// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// that doesn't have permissions to use the action or resource or specifying
-// an identifier that is not valid.
-//
// - ServerException
// These errors are usually caused by a server-side issue.
//
-// - ServiceUnavailableException
-// The service is unavailable. Back off and retry the operation.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClusters
-func (c *EKS) ListClusters(input *ListClustersInput) (*ListClustersOutput, error) {
- req, out := c.ListClustersRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAccessPolicies
+func (c *EKS) ListAccessPolicies(input *ListAccessPoliciesInput) (*ListAccessPoliciesOutput, error) {
+ req, out := c.ListAccessPoliciesRequest(input)
return out, req.Send()
}
-// ListClustersWithContext is the same as ListClusters with the addition of
+// ListAccessPoliciesWithContext is the same as ListAccessPolicies with the addition of
// the ability to pass a context and additional request options.
//
-// See ListClusters for details on how to use this API operation.
+// See ListAccessPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListClustersWithContext(ctx aws.Context, input *ListClustersInput, opts ...request.Option) (*ListClustersOutput, error) {
- req, out := c.ListClustersRequest(input)
+func (c *EKS) ListAccessPoliciesWithContext(ctx aws.Context, input *ListAccessPoliciesInput, opts ...request.Option) (*ListAccessPoliciesOutput, error) {
+ req, out := c.ListAccessPoliciesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListClustersPages iterates over the pages of a ListClusters operation,
+// ListAccessPoliciesPages iterates over the pages of a ListAccessPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListClusters method for more information on how to use this operation.
+// See ListAccessPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListClusters operation.
+// // Example iterating over at most 3 pages of a ListAccessPolicies operation.
// pageNum := 0
-// err := client.ListClustersPages(params,
-// func(page *eks.ListClustersOutput, lastPage bool) bool {
+// err := client.ListAccessPoliciesPages(params,
+// func(page *eks.ListAccessPoliciesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListClustersPages(input *ListClustersInput, fn func(*ListClustersOutput, bool) bool) error {
- return c.ListClustersPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListAccessPoliciesPages(input *ListAccessPoliciesInput, fn func(*ListAccessPoliciesOutput, bool) bool) error {
+ return c.ListAccessPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListClustersPagesWithContext same as ListClustersPages except
+// ListAccessPoliciesPagesWithContext same as ListAccessPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListClustersPagesWithContext(ctx aws.Context, input *ListClustersInput, fn func(*ListClustersOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListAccessPoliciesPagesWithContext(ctx aws.Context, input *ListAccessPoliciesInput, fn func(*ListAccessPoliciesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListClustersInput
+ var inCpy *ListAccessPoliciesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListClustersRequest(inCpy)
+ req, _ := c.ListAccessPoliciesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -3059,7 +3523,7 @@ func (c *EKS) ListClustersPagesWithContext(ctx aws.Context, input *ListClustersI
}
for p.Next() {
- if !fn(p.Page().(*ListClustersOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListAccessPoliciesOutput), !p.HasNextPage()) {
break
}
}
@@ -3067,36 +3531,36 @@ func (c *EKS) ListClustersPagesWithContext(ctx aws.Context, input *ListClustersI
return p.Err()
}
-const opListEksAnywhereSubscriptions = "ListEksAnywhereSubscriptions"
+const opListAddons = "ListAddons"
-// ListEksAnywhereSubscriptionsRequest generates a "aws/request.Request" representing the
-// client's request for the ListEksAnywhereSubscriptions operation. The "output" return
+// ListAddonsRequest generates a "aws/request.Request" representing the
+// client's request for the ListAddons operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListEksAnywhereSubscriptions for more information on using the ListEksAnywhereSubscriptions
+// See ListAddons for more information on using the ListAddons
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListEksAnywhereSubscriptionsRequest method.
-// req, resp := client.ListEksAnywhereSubscriptionsRequest(params)
+// // Example sending a request using the ListAddonsRequest method.
+// req, resp := client.ListAddonsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListEksAnywhereSubscriptions
-func (c *EKS) ListEksAnywhereSubscriptionsRequest(input *ListEksAnywhereSubscriptionsInput) (req *request.Request, output *ListEksAnywhereSubscriptionsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAddons
+func (c *EKS) ListAddonsRequest(input *ListAddonsInput) (req *request.Request, output *ListAddonsOutput) {
op := &request.Operation{
- Name: opListEksAnywhereSubscriptions,
+ Name: opListAddons,
HTTPMethod: "GET",
- HTTPPath: "/eks-anywhere-subscriptions",
+ HTTPPath: "/clusters/{name}/addons",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -3106,24 +3570,24 @@ func (c *EKS) ListEksAnywhereSubscriptionsRequest(input *ListEksAnywhereSubscrip
}
if input == nil {
- input = &ListEksAnywhereSubscriptionsInput{}
+ input = &ListAddonsInput{}
}
- output = &ListEksAnywhereSubscriptionsOutput{}
+ output = &ListAddonsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListEksAnywhereSubscriptions API operation for Amazon Elastic Kubernetes Service.
+// ListAddons API operation for Amazon Elastic Kubernetes Service.
//
-// Displays the full description of the subscription.
+// Lists the installed add-ons.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListEksAnywhereSubscriptions for usage and error information.
+// API operation ListAddons for usage and error information.
//
// Returned Error Types:
//
@@ -3131,76 +3595,82 @@ func (c *EKS) ListEksAnywhereSubscriptionsRequest(input *ListEksAnywhereSubscrip
// The specified parameter is invalid. Review the available parameters for the
// API request.
//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
// that doesn't have permissions to use the action or resource or specifying
// an identifier that is not valid.
//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
// - ServerException
// These errors are usually caused by a server-side issue.
//
-// - ServiceUnavailableException
-// The service is unavailable. Back off and retry the operation.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListEksAnywhereSubscriptions
-func (c *EKS) ListEksAnywhereSubscriptions(input *ListEksAnywhereSubscriptionsInput) (*ListEksAnywhereSubscriptionsOutput, error) {
- req, out := c.ListEksAnywhereSubscriptionsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAddons
+func (c *EKS) ListAddons(input *ListAddonsInput) (*ListAddonsOutput, error) {
+ req, out := c.ListAddonsRequest(input)
return out, req.Send()
}
-// ListEksAnywhereSubscriptionsWithContext is the same as ListEksAnywhereSubscriptions with the addition of
+// ListAddonsWithContext is the same as ListAddons with the addition of
// the ability to pass a context and additional request options.
//
-// See ListEksAnywhereSubscriptions for details on how to use this API operation.
+// See ListAddons for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListEksAnywhereSubscriptionsWithContext(ctx aws.Context, input *ListEksAnywhereSubscriptionsInput, opts ...request.Option) (*ListEksAnywhereSubscriptionsOutput, error) {
- req, out := c.ListEksAnywhereSubscriptionsRequest(input)
+func (c *EKS) ListAddonsWithContext(ctx aws.Context, input *ListAddonsInput, opts ...request.Option) (*ListAddonsOutput, error) {
+ req, out := c.ListAddonsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListEksAnywhereSubscriptionsPages iterates over the pages of a ListEksAnywhereSubscriptions operation,
+// ListAddonsPages iterates over the pages of a ListAddons operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListEksAnywhereSubscriptions method for more information on how to use this operation.
+// See ListAddons method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListEksAnywhereSubscriptions operation.
+// // Example iterating over at most 3 pages of a ListAddons operation.
// pageNum := 0
-// err := client.ListEksAnywhereSubscriptionsPages(params,
-// func(page *eks.ListEksAnywhereSubscriptionsOutput, lastPage bool) bool {
+// err := client.ListAddonsPages(params,
+// func(page *eks.ListAddonsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListEksAnywhereSubscriptionsPages(input *ListEksAnywhereSubscriptionsInput, fn func(*ListEksAnywhereSubscriptionsOutput, bool) bool) error {
- return c.ListEksAnywhereSubscriptionsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListAddonsPages(input *ListAddonsInput, fn func(*ListAddonsOutput, bool) bool) error {
+ return c.ListAddonsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListEksAnywhereSubscriptionsPagesWithContext same as ListEksAnywhereSubscriptionsPages except
+// ListAddonsPagesWithContext same as ListAddonsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListEksAnywhereSubscriptionsPagesWithContext(ctx aws.Context, input *ListEksAnywhereSubscriptionsInput, fn func(*ListEksAnywhereSubscriptionsOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListAddonsPagesWithContext(ctx aws.Context, input *ListAddonsInput, fn func(*ListAddonsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListEksAnywhereSubscriptionsInput
+ var inCpy *ListAddonsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListEksAnywhereSubscriptionsRequest(inCpy)
+ req, _ := c.ListAddonsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -3208,7 +3678,7 @@ func (c *EKS) ListEksAnywhereSubscriptionsPagesWithContext(ctx aws.Context, inpu
}
for p.Next() {
- if !fn(p.Page().(*ListEksAnywhereSubscriptionsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListAddonsOutput), !p.HasNextPage()) {
break
}
}
@@ -3216,36 +3686,36 @@ func (c *EKS) ListEksAnywhereSubscriptionsPagesWithContext(ctx aws.Context, inpu
return p.Err()
}
-const opListFargateProfiles = "ListFargateProfiles"
+const opListAssociatedAccessPolicies = "ListAssociatedAccessPolicies"
-// ListFargateProfilesRequest generates a "aws/request.Request" representing the
-// client's request for the ListFargateProfiles operation. The "output" return
+// ListAssociatedAccessPoliciesRequest generates a "aws/request.Request" representing the
+// client's request for the ListAssociatedAccessPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListFargateProfiles for more information on using the ListFargateProfiles
+// See ListAssociatedAccessPolicies for more information on using the ListAssociatedAccessPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListFargateProfilesRequest method.
-// req, resp := client.ListFargateProfilesRequest(params)
+// // Example sending a request using the ListAssociatedAccessPoliciesRequest method.
+// req, resp := client.ListAssociatedAccessPoliciesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfiles
-func (c *EKS) ListFargateProfilesRequest(input *ListFargateProfilesInput) (req *request.Request, output *ListFargateProfilesOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPolicies
+func (c *EKS) ListAssociatedAccessPoliciesRequest(input *ListAssociatedAccessPoliciesInput) (req *request.Request, output *ListAssociatedAccessPoliciesOutput) {
op := &request.Operation{
- Name: opListFargateProfiles,
+ Name: opListAssociatedAccessPolicies,
HTTPMethod: "GET",
- HTTPPath: "/clusters/{name}/fargate-profiles",
+ HTTPPath: "/clusters/{name}/access-entries/{principalArn}/access-policies",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -3255,104 +3725,97 @@ func (c *EKS) ListFargateProfilesRequest(input *ListFargateProfilesInput) (req *
}
if input == nil {
- input = &ListFargateProfilesInput{}
+ input = &ListAssociatedAccessPoliciesInput{}
}
- output = &ListFargateProfilesOutput{}
+ output = &ListAssociatedAccessPoliciesOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListFargateProfiles API operation for Amazon Elastic Kubernetes Service.
+// ListAssociatedAccessPolicies API operation for Amazon Elastic Kubernetes Service.
//
-// Lists the Fargate profiles associated with the specified cluster in your
-// Amazon Web Services account in the specified Region.
+// Lists the access policies associated with an access entry.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListFargateProfiles for usage and error information.
+// API operation ListAssociatedAccessPolicies for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
+// - ServerException
+// These errors are usually caused by a server-side issue.
//
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
-//
-// - ClientException
-// These errors are usually caused by a client action. Actions can include using
-// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// that doesn't have permissions to use the action or resource or specifying
-// an identifier that is not valid.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
-// - ServerException
-// These errors are usually caused by a server-side issue.
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfiles
-func (c *EKS) ListFargateProfiles(input *ListFargateProfilesInput) (*ListFargateProfilesOutput, error) {
- req, out := c.ListFargateProfilesRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListAssociatedAccessPolicies
+func (c *EKS) ListAssociatedAccessPolicies(input *ListAssociatedAccessPoliciesInput) (*ListAssociatedAccessPoliciesOutput, error) {
+ req, out := c.ListAssociatedAccessPoliciesRequest(input)
return out, req.Send()
}
-// ListFargateProfilesWithContext is the same as ListFargateProfiles with the addition of
+// ListAssociatedAccessPoliciesWithContext is the same as ListAssociatedAccessPolicies with the addition of
// the ability to pass a context and additional request options.
//
-// See ListFargateProfiles for details on how to use this API operation.
+// See ListAssociatedAccessPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListFargateProfilesWithContext(ctx aws.Context, input *ListFargateProfilesInput, opts ...request.Option) (*ListFargateProfilesOutput, error) {
- req, out := c.ListFargateProfilesRequest(input)
+func (c *EKS) ListAssociatedAccessPoliciesWithContext(ctx aws.Context, input *ListAssociatedAccessPoliciesInput, opts ...request.Option) (*ListAssociatedAccessPoliciesOutput, error) {
+ req, out := c.ListAssociatedAccessPoliciesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListFargateProfilesPages iterates over the pages of a ListFargateProfiles operation,
+// ListAssociatedAccessPoliciesPages iterates over the pages of a ListAssociatedAccessPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListFargateProfiles method for more information on how to use this operation.
+// See ListAssociatedAccessPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListFargateProfiles operation.
+// // Example iterating over at most 3 pages of a ListAssociatedAccessPolicies operation.
// pageNum := 0
-// err := client.ListFargateProfilesPages(params,
-// func(page *eks.ListFargateProfilesOutput, lastPage bool) bool {
+// err := client.ListAssociatedAccessPoliciesPages(params,
+// func(page *eks.ListAssociatedAccessPoliciesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListFargateProfilesPages(input *ListFargateProfilesInput, fn func(*ListFargateProfilesOutput, bool) bool) error {
- return c.ListFargateProfilesPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListAssociatedAccessPoliciesPages(input *ListAssociatedAccessPoliciesInput, fn func(*ListAssociatedAccessPoliciesOutput, bool) bool) error {
+ return c.ListAssociatedAccessPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListFargateProfilesPagesWithContext same as ListFargateProfilesPages except
+// ListAssociatedAccessPoliciesPagesWithContext same as ListAssociatedAccessPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListFargateProfilesPagesWithContext(ctx aws.Context, input *ListFargateProfilesInput, fn func(*ListFargateProfilesOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListAssociatedAccessPoliciesPagesWithContext(ctx aws.Context, input *ListAssociatedAccessPoliciesInput, fn func(*ListAssociatedAccessPoliciesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListFargateProfilesInput
+ var inCpy *ListAssociatedAccessPoliciesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListFargateProfilesRequest(inCpy)
+ req, _ := c.ListAssociatedAccessPoliciesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -3360,7 +3823,7 @@ func (c *EKS) ListFargateProfilesPagesWithContext(ctx aws.Context, input *ListFa
}
for p.Next() {
- if !fn(p.Page().(*ListFargateProfilesOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListAssociatedAccessPoliciesOutput), !p.HasNextPage()) {
break
}
}
@@ -3368,36 +3831,36 @@ func (c *EKS) ListFargateProfilesPagesWithContext(ctx aws.Context, input *ListFa
return p.Err()
}
-const opListIdentityProviderConfigs = "ListIdentityProviderConfigs"
+const opListClusters = "ListClusters"
-// ListIdentityProviderConfigsRequest generates a "aws/request.Request" representing the
-// client's request for the ListIdentityProviderConfigs operation. The "output" return
+// ListClustersRequest generates a "aws/request.Request" representing the
+// client's request for the ListClusters operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListIdentityProviderConfigs for more information on using the ListIdentityProviderConfigs
+// See ListClusters for more information on using the ListClusters
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListIdentityProviderConfigsRequest method.
-// req, resp := client.ListIdentityProviderConfigsRequest(params)
+// // Example sending a request using the ListClustersRequest method.
+// req, resp := client.ListClustersRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigs
-func (c *EKS) ListIdentityProviderConfigsRequest(input *ListIdentityProviderConfigsInput) (req *request.Request, output *ListIdentityProviderConfigsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClusters
+func (c *EKS) ListClustersRequest(input *ListClustersInput) (req *request.Request, output *ListClustersOutput) {
op := &request.Operation{
- Name: opListIdentityProviderConfigs,
+ Name: opListClusters,
HTTPMethod: "GET",
- HTTPPath: "/clusters/{name}/identity-provider-configs",
+ HTTPPath: "/clusters",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -3407,24 +3870,25 @@ func (c *EKS) ListIdentityProviderConfigsRequest(input *ListIdentityProviderConf
}
if input == nil {
- input = &ListIdentityProviderConfigsInput{}
+ input = &ListClustersInput{}
}
- output = &ListIdentityProviderConfigsOutput{}
+ output = &ListClustersOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListIdentityProviderConfigs API operation for Amazon Elastic Kubernetes Service.
+// ListClusters API operation for Amazon Elastic Kubernetes Service.
//
-// A list of identity provider configurations.
+// Lists the Amazon EKS clusters in your Amazon Web Services account in the
+// specified Amazon Web Services Region.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListIdentityProviderConfigs for usage and error information.
+// API operation ListClusters for usage and error information.
//
// Returned Error Types:
//
@@ -3444,69 +3908,64 @@ func (c *EKS) ListIdentityProviderConfigsRequest(input *ListIdentityProviderConf
// - ServiceUnavailableException
// The service is unavailable. Back off and retry the operation.
//
-// - ResourceNotFoundException
-// The specified resource could not be found. You can view your available clusters
-// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigs
-func (c *EKS) ListIdentityProviderConfigs(input *ListIdentityProviderConfigsInput) (*ListIdentityProviderConfigsOutput, error) {
- req, out := c.ListIdentityProviderConfigsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListClusters
+func (c *EKS) ListClusters(input *ListClustersInput) (*ListClustersOutput, error) {
+ req, out := c.ListClustersRequest(input)
return out, req.Send()
}
-// ListIdentityProviderConfigsWithContext is the same as ListIdentityProviderConfigs with the addition of
+// ListClustersWithContext is the same as ListClusters with the addition of
// the ability to pass a context and additional request options.
//
-// See ListIdentityProviderConfigs for details on how to use this API operation.
+// See ListClusters for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListIdentityProviderConfigsWithContext(ctx aws.Context, input *ListIdentityProviderConfigsInput, opts ...request.Option) (*ListIdentityProviderConfigsOutput, error) {
- req, out := c.ListIdentityProviderConfigsRequest(input)
+func (c *EKS) ListClustersWithContext(ctx aws.Context, input *ListClustersInput, opts ...request.Option) (*ListClustersOutput, error) {
+ req, out := c.ListClustersRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListIdentityProviderConfigsPages iterates over the pages of a ListIdentityProviderConfigs operation,
+// ListClustersPages iterates over the pages of a ListClusters operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListIdentityProviderConfigs method for more information on how to use this operation.
+// See ListClusters method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListIdentityProviderConfigs operation.
+// // Example iterating over at most 3 pages of a ListClusters operation.
// pageNum := 0
-// err := client.ListIdentityProviderConfigsPages(params,
-// func(page *eks.ListIdentityProviderConfigsOutput, lastPage bool) bool {
+// err := client.ListClustersPages(params,
+// func(page *eks.ListClustersOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListIdentityProviderConfigsPages(input *ListIdentityProviderConfigsInput, fn func(*ListIdentityProviderConfigsOutput, bool) bool) error {
- return c.ListIdentityProviderConfigsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListClustersPages(input *ListClustersInput, fn func(*ListClustersOutput, bool) bool) error {
+ return c.ListClustersPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListIdentityProviderConfigsPagesWithContext same as ListIdentityProviderConfigsPages except
+// ListClustersPagesWithContext same as ListClustersPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListIdentityProviderConfigsPagesWithContext(ctx aws.Context, input *ListIdentityProviderConfigsInput, fn func(*ListIdentityProviderConfigsOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListClustersPagesWithContext(ctx aws.Context, input *ListClustersInput, fn func(*ListClustersOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListIdentityProviderConfigsInput
+ var inCpy *ListClustersInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListIdentityProviderConfigsRequest(inCpy)
+ req, _ := c.ListClustersRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -3514,7 +3973,7 @@ func (c *EKS) ListIdentityProviderConfigsPagesWithContext(ctx aws.Context, input
}
for p.Next() {
- if !fn(p.Page().(*ListIdentityProviderConfigsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListClustersOutput), !p.HasNextPage()) {
break
}
}
@@ -3522,36 +3981,36 @@ func (c *EKS) ListIdentityProviderConfigsPagesWithContext(ctx aws.Context, input
return p.Err()
}
-const opListNodegroups = "ListNodegroups"
+const opListEksAnywhereSubscriptions = "ListEksAnywhereSubscriptions"
-// ListNodegroupsRequest generates a "aws/request.Request" representing the
-// client's request for the ListNodegroups operation. The "output" return
+// ListEksAnywhereSubscriptionsRequest generates a "aws/request.Request" representing the
+// client's request for the ListEksAnywhereSubscriptions operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListNodegroups for more information on using the ListNodegroups
+// See ListEksAnywhereSubscriptions for more information on using the ListEksAnywhereSubscriptions
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListNodegroupsRequest method.
-// req, resp := client.ListNodegroupsRequest(params)
+// // Example sending a request using the ListEksAnywhereSubscriptionsRequest method.
+// req, resp := client.ListEksAnywhereSubscriptionsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroups
-func (c *EKS) ListNodegroupsRequest(input *ListNodegroupsInput) (req *request.Request, output *ListNodegroupsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListEksAnywhereSubscriptions
+func (c *EKS) ListEksAnywhereSubscriptionsRequest(input *ListEksAnywhereSubscriptionsInput) (req *request.Request, output *ListEksAnywhereSubscriptionsOutput) {
op := &request.Operation{
- Name: opListNodegroups,
+ Name: opListEksAnywhereSubscriptions,
HTTPMethod: "GET",
- HTTPPath: "/clusters/{name}/node-groups",
+ HTTPPath: "/eks-anywhere-subscriptions",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -3561,26 +4020,24 @@ func (c *EKS) ListNodegroupsRequest(input *ListNodegroupsInput) (req *request.Re
}
if input == nil {
- input = &ListNodegroupsInput{}
+ input = &ListEksAnywhereSubscriptionsInput{}
}
- output = &ListNodegroupsOutput{}
+ output = &ListEksAnywhereSubscriptionsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListNodegroups API operation for Amazon Elastic Kubernetes Service.
+// ListEksAnywhereSubscriptions API operation for Amazon Elastic Kubernetes Service.
//
-// Lists the Amazon EKS managed node groups associated with the specified cluster
-// in your Amazon Web Services account in the specified Region. Self-managed
-// node groups are not listed.
+// Displays the full description of the subscription.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListNodegroups for usage and error information.
+// API operation ListEksAnywhereSubscriptions for usage and error information.
//
// Returned Error Types:
//
@@ -3600,69 +4057,64 @@ func (c *EKS) ListNodegroupsRequest(input *ListNodegroupsInput) (req *request.Re
// - ServiceUnavailableException
// The service is unavailable. Back off and retry the operation.
//
-// - ResourceNotFoundException
-// The specified resource could not be found. You can view your available clusters
-// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroups
-func (c *EKS) ListNodegroups(input *ListNodegroupsInput) (*ListNodegroupsOutput, error) {
- req, out := c.ListNodegroupsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListEksAnywhereSubscriptions
+func (c *EKS) ListEksAnywhereSubscriptions(input *ListEksAnywhereSubscriptionsInput) (*ListEksAnywhereSubscriptionsOutput, error) {
+ req, out := c.ListEksAnywhereSubscriptionsRequest(input)
return out, req.Send()
}
-// ListNodegroupsWithContext is the same as ListNodegroups with the addition of
+// ListEksAnywhereSubscriptionsWithContext is the same as ListEksAnywhereSubscriptions with the addition of
// the ability to pass a context and additional request options.
//
-// See ListNodegroups for details on how to use this API operation.
+// See ListEksAnywhereSubscriptions for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListNodegroupsWithContext(ctx aws.Context, input *ListNodegroupsInput, opts ...request.Option) (*ListNodegroupsOutput, error) {
- req, out := c.ListNodegroupsRequest(input)
+func (c *EKS) ListEksAnywhereSubscriptionsWithContext(ctx aws.Context, input *ListEksAnywhereSubscriptionsInput, opts ...request.Option) (*ListEksAnywhereSubscriptionsOutput, error) {
+ req, out := c.ListEksAnywhereSubscriptionsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListNodegroupsPages iterates over the pages of a ListNodegroups operation,
+// ListEksAnywhereSubscriptionsPages iterates over the pages of a ListEksAnywhereSubscriptions operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListNodegroups method for more information on how to use this operation.
+// See ListEksAnywhereSubscriptions method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListNodegroups operation.
+// // Example iterating over at most 3 pages of a ListEksAnywhereSubscriptions operation.
// pageNum := 0
-// err := client.ListNodegroupsPages(params,
-// func(page *eks.ListNodegroupsOutput, lastPage bool) bool {
+// err := client.ListEksAnywhereSubscriptionsPages(params,
+// func(page *eks.ListEksAnywhereSubscriptionsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListNodegroupsPages(input *ListNodegroupsInput, fn func(*ListNodegroupsOutput, bool) bool) error {
- return c.ListNodegroupsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListEksAnywhereSubscriptionsPages(input *ListEksAnywhereSubscriptionsInput, fn func(*ListEksAnywhereSubscriptionsOutput, bool) bool) error {
+ return c.ListEksAnywhereSubscriptionsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListNodegroupsPagesWithContext same as ListNodegroupsPages except
+// ListEksAnywhereSubscriptionsPagesWithContext same as ListEksAnywhereSubscriptionsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListNodegroupsPagesWithContext(ctx aws.Context, input *ListNodegroupsInput, fn func(*ListNodegroupsOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListEksAnywhereSubscriptionsPagesWithContext(ctx aws.Context, input *ListEksAnywhereSubscriptionsInput, fn func(*ListEksAnywhereSubscriptionsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListNodegroupsInput
+ var inCpy *ListEksAnywhereSubscriptionsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListNodegroupsRequest(inCpy)
+ req, _ := c.ListEksAnywhereSubscriptionsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -3670,7 +4122,7 @@ func (c *EKS) ListNodegroupsPagesWithContext(ctx aws.Context, input *ListNodegro
}
for p.Next() {
- if !fn(p.Page().(*ListNodegroupsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListEksAnywhereSubscriptionsOutput), !p.HasNextPage()) {
break
}
}
@@ -3678,36 +4130,36 @@ func (c *EKS) ListNodegroupsPagesWithContext(ctx aws.Context, input *ListNodegro
return p.Err()
}
-const opListPodIdentityAssociations = "ListPodIdentityAssociations"
+const opListFargateProfiles = "ListFargateProfiles"
-// ListPodIdentityAssociationsRequest generates a "aws/request.Request" representing the
-// client's request for the ListPodIdentityAssociations operation. The "output" return
+// ListFargateProfilesRequest generates a "aws/request.Request" representing the
+// client's request for the ListFargateProfiles operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListPodIdentityAssociations for more information on using the ListPodIdentityAssociations
+// See ListFargateProfiles for more information on using the ListFargateProfiles
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListPodIdentityAssociationsRequest method.
-// req, resp := client.ListPodIdentityAssociationsRequest(params)
+// // Example sending a request using the ListFargateProfilesRequest method.
+// req, resp := client.ListFargateProfilesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListPodIdentityAssociations
-func (c *EKS) ListPodIdentityAssociationsRequest(input *ListPodIdentityAssociationsInput) (req *request.Request, output *ListPodIdentityAssociationsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfiles
+func (c *EKS) ListFargateProfilesRequest(input *ListFargateProfilesInput) (req *request.Request, output *ListFargateProfilesOutput) {
op := &request.Operation{
- Name: opListPodIdentityAssociations,
+ Name: opListFargateProfiles,
HTTPMethod: "GET",
- HTTPPath: "/clusters/{name}/pod-identity-associations",
+ HTTPPath: "/clusters/{name}/fargate-profiles",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -3717,103 +4169,104 @@ func (c *EKS) ListPodIdentityAssociationsRequest(input *ListPodIdentityAssociati
}
if input == nil {
- input = &ListPodIdentityAssociationsInput{}
+ input = &ListFargateProfilesInput{}
}
- output = &ListPodIdentityAssociationsOutput{}
+ output = &ListFargateProfilesOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListPodIdentityAssociations API operation for Amazon Elastic Kubernetes Service.
+// ListFargateProfiles API operation for Amazon Elastic Kubernetes Service.
//
-// List the EKS Pod Identity associations in a cluster. You can filter the list
-// by the namespace that the association is in or the service account that the
-// association uses.
+// Lists the Fargate profiles associated with the specified cluster in your
+// Amazon Web Services account in the specified Amazon Web Services Region.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListPodIdentityAssociations for usage and error information.
+// API operation ListFargateProfiles for usage and error information.
//
// Returned Error Types:
//
-// - ServerException
-// These errors are usually caused by a server-side issue.
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
//
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
-// - InvalidRequestException
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
+// - ClientException
+// These errors are usually caused by a client action. Actions can include using
+// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// that doesn't have permissions to use the action or resource or specifying
+// an identifier that is not valid.
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
+// - ServerException
+// These errors are usually caused by a server-side issue.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListPodIdentityAssociations
-func (c *EKS) ListPodIdentityAssociations(input *ListPodIdentityAssociationsInput) (*ListPodIdentityAssociationsOutput, error) {
- req, out := c.ListPodIdentityAssociationsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListFargateProfiles
+func (c *EKS) ListFargateProfiles(input *ListFargateProfilesInput) (*ListFargateProfilesOutput, error) {
+ req, out := c.ListFargateProfilesRequest(input)
return out, req.Send()
}
-// ListPodIdentityAssociationsWithContext is the same as ListPodIdentityAssociations with the addition of
+// ListFargateProfilesWithContext is the same as ListFargateProfiles with the addition of
// the ability to pass a context and additional request options.
//
-// See ListPodIdentityAssociations for details on how to use this API operation.
+// See ListFargateProfiles for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListPodIdentityAssociationsWithContext(ctx aws.Context, input *ListPodIdentityAssociationsInput, opts ...request.Option) (*ListPodIdentityAssociationsOutput, error) {
- req, out := c.ListPodIdentityAssociationsRequest(input)
+func (c *EKS) ListFargateProfilesWithContext(ctx aws.Context, input *ListFargateProfilesInput, opts ...request.Option) (*ListFargateProfilesOutput, error) {
+ req, out := c.ListFargateProfilesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListPodIdentityAssociationsPages iterates over the pages of a ListPodIdentityAssociations operation,
+// ListFargateProfilesPages iterates over the pages of a ListFargateProfiles operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListPodIdentityAssociations method for more information on how to use this operation.
+// See ListFargateProfiles method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListPodIdentityAssociations operation.
+// // Example iterating over at most 3 pages of a ListFargateProfiles operation.
// pageNum := 0
-// err := client.ListPodIdentityAssociationsPages(params,
-// func(page *eks.ListPodIdentityAssociationsOutput, lastPage bool) bool {
+// err := client.ListFargateProfilesPages(params,
+// func(page *eks.ListFargateProfilesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListPodIdentityAssociationsPages(input *ListPodIdentityAssociationsInput, fn func(*ListPodIdentityAssociationsOutput, bool) bool) error {
- return c.ListPodIdentityAssociationsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListFargateProfilesPages(input *ListFargateProfilesInput, fn func(*ListFargateProfilesOutput, bool) bool) error {
+ return c.ListFargateProfilesPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListPodIdentityAssociationsPagesWithContext same as ListPodIdentityAssociationsPages except
+// ListFargateProfilesPagesWithContext same as ListFargateProfilesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListPodIdentityAssociationsPagesWithContext(ctx aws.Context, input *ListPodIdentityAssociationsInput, fn func(*ListPodIdentityAssociationsOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListFargateProfilesPagesWithContext(ctx aws.Context, input *ListFargateProfilesInput, fn func(*ListFargateProfilesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListPodIdentityAssociationsInput
+ var inCpy *ListFargateProfilesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListPodIdentityAssociationsRequest(inCpy)
+ req, _ := c.ListFargateProfilesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -3821,7 +4274,7 @@ func (c *EKS) ListPodIdentityAssociationsPagesWithContext(ctx aws.Context, input
}
for p.Next() {
- if !fn(p.Page().(*ListPodIdentityAssociationsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListFargateProfilesOutput), !p.HasNextPage()) {
break
}
}
@@ -3829,120 +4282,36 @@ func (c *EKS) ListPodIdentityAssociationsPagesWithContext(ctx aws.Context, input
return p.Err()
}
-const opListTagsForResource = "ListTagsForResource"
-
-// ListTagsForResourceRequest generates a "aws/request.Request" representing the
-// client's request for the ListTagsForResource operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListTagsForResource for more information on using the ListTagsForResource
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-// // Example sending a request using the ListTagsForResourceRequest method.
-// req, resp := client.ListTagsForResourceRequest(params)
-//
-// err := req.Send()
-// if err == nil { // resp is now filled
-// fmt.Println(resp)
-// }
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListTagsForResource
-func (c *EKS) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
- op := &request.Operation{
- Name: opListTagsForResource,
- HTTPMethod: "GET",
- HTTPPath: "/tags/{resourceArn}",
- }
-
- if input == nil {
- input = &ListTagsForResourceInput{}
- }
-
- output = &ListTagsForResourceOutput{}
- req = c.newRequest(op, input, output)
- return
-}
-
-// ListTagsForResource API operation for Amazon Elastic Kubernetes Service.
-//
-// List the tags for an Amazon EKS resource.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListTagsForResource for usage and error information.
-//
-// Returned Error Types:
-//
-// - BadRequestException
-// This exception is thrown if the request contains a semantic error. The precise
-// meaning will depend on the API, and will be documented in the error message.
-//
-// - NotFoundException
-// A service resource associated with the request could not be found. Clients
-// should not retry such requests.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListTagsForResource
-func (c *EKS) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
- req, out := c.ListTagsForResourceRequest(input)
- return out, req.Send()
-}
-
-// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListTagsForResource for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *EKS) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
- req, out := c.ListTagsForResourceRequest(input)
- req.SetContext(ctx)
- req.ApplyOptions(opts...)
- return out, req.Send()
-}
-
-const opListUpdates = "ListUpdates"
+const opListIdentityProviderConfigs = "ListIdentityProviderConfigs"
-// ListUpdatesRequest generates a "aws/request.Request" representing the
-// client's request for the ListUpdates operation. The "output" return
+// ListIdentityProviderConfigsRequest generates a "aws/request.Request" representing the
+// client's request for the ListIdentityProviderConfigs operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListUpdates for more information on using the ListUpdates
+// See ListIdentityProviderConfigs for more information on using the ListIdentityProviderConfigs
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListUpdatesRequest method.
-// req, resp := client.ListUpdatesRequest(params)
+// // Example sending a request using the ListIdentityProviderConfigsRequest method.
+// req, resp := client.ListIdentityProviderConfigsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdates
-func (c *EKS) ListUpdatesRequest(input *ListUpdatesInput) (req *request.Request, output *ListUpdatesOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigs
+func (c *EKS) ListIdentityProviderConfigsRequest(input *ListIdentityProviderConfigsInput) (req *request.Request, output *ListIdentityProviderConfigsOutput) {
op := &request.Operation{
- Name: opListUpdates,
+ Name: opListIdentityProviderConfigs,
HTTPMethod: "GET",
- HTTPPath: "/clusters/{name}/updates",
+ HTTPPath: "/clusters/{name}/identity-provider-configs",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -3952,25 +4321,24 @@ func (c *EKS) ListUpdatesRequest(input *ListUpdatesInput) (req *request.Request,
}
if input == nil {
- input = &ListUpdatesInput{}
+ input = &ListIdentityProviderConfigsInput{}
}
- output = &ListUpdatesOutput{}
+ output = &ListIdentityProviderConfigsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListUpdates API operation for Amazon Elastic Kubernetes Service.
+// ListIdentityProviderConfigs API operation for Amazon Elastic Kubernetes Service.
//
-// Lists the updates associated with an Amazon EKS cluster or managed node group
-// in your Amazon Web Services account, in the specified Region.
+// Lists the identity provider configurations for your cluster.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation ListUpdates for usage and error information.
+// API operation ListIdentityProviderConfigs for usage and error information.
//
// Returned Error Types:
//
@@ -3987,69 +4355,72 @@ func (c *EKS) ListUpdatesRequest(input *ListUpdatesInput) (req *request.Request,
// - ServerException
// These errors are usually caused by a server-side issue.
//
+// - ServiceUnavailableException
+// The service is unavailable. Back off and retry the operation.
+//
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdates
-func (c *EKS) ListUpdates(input *ListUpdatesInput) (*ListUpdatesOutput, error) {
- req, out := c.ListUpdatesRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigs
+func (c *EKS) ListIdentityProviderConfigs(input *ListIdentityProviderConfigsInput) (*ListIdentityProviderConfigsOutput, error) {
+ req, out := c.ListIdentityProviderConfigsRequest(input)
return out, req.Send()
}
-// ListUpdatesWithContext is the same as ListUpdates with the addition of
+// ListIdentityProviderConfigsWithContext is the same as ListIdentityProviderConfigs with the addition of
// the ability to pass a context and additional request options.
//
-// See ListUpdates for details on how to use this API operation.
+// See ListIdentityProviderConfigs for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListUpdatesWithContext(ctx aws.Context, input *ListUpdatesInput, opts ...request.Option) (*ListUpdatesOutput, error) {
- req, out := c.ListUpdatesRequest(input)
+func (c *EKS) ListIdentityProviderConfigsWithContext(ctx aws.Context, input *ListIdentityProviderConfigsInput, opts ...request.Option) (*ListIdentityProviderConfigsOutput, error) {
+ req, out := c.ListIdentityProviderConfigsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListUpdatesPages iterates over the pages of a ListUpdates operation,
+// ListIdentityProviderConfigsPages iterates over the pages of a ListIdentityProviderConfigs operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListUpdates method for more information on how to use this operation.
+// See ListIdentityProviderConfigs method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListUpdates operation.
+// // Example iterating over at most 3 pages of a ListIdentityProviderConfigs operation.
// pageNum := 0
-// err := client.ListUpdatesPages(params,
-// func(page *eks.ListUpdatesOutput, lastPage bool) bool {
+// err := client.ListIdentityProviderConfigsPages(params,
+// func(page *eks.ListIdentityProviderConfigsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *EKS) ListUpdatesPages(input *ListUpdatesInput, fn func(*ListUpdatesOutput, bool) bool) error {
- return c.ListUpdatesPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *EKS) ListIdentityProviderConfigsPages(input *ListIdentityProviderConfigsInput, fn func(*ListIdentityProviderConfigsOutput, bool) bool) error {
+ return c.ListIdentityProviderConfigsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListUpdatesPagesWithContext same as ListUpdatesPages except
+// ListIdentityProviderConfigsPagesWithContext same as ListIdentityProviderConfigsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) ListUpdatesPagesWithContext(ctx aws.Context, input *ListUpdatesInput, fn func(*ListUpdatesOutput, bool) bool, opts ...request.Option) error {
+func (c *EKS) ListIdentityProviderConfigsPagesWithContext(ctx aws.Context, input *ListIdentityProviderConfigsInput, fn func(*ListIdentityProviderConfigsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListUpdatesInput
+ var inCpy *ListIdentityProviderConfigsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListUpdatesRequest(inCpy)
+ req, _ := c.ListIdentityProviderConfigsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -4057,7 +4428,7 @@ func (c *EKS) ListUpdatesPagesWithContext(ctx aws.Context, input *ListUpdatesInp
}
for p.Next() {
- if !fn(p.Page().(*ListUpdatesOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListIdentityProviderConfigsOutput), !p.HasNextPage()) {
break
}
}
@@ -4065,78 +4436,68 @@ func (c *EKS) ListUpdatesPagesWithContext(ctx aws.Context, input *ListUpdatesInp
return p.Err()
}
-const opRegisterCluster = "RegisterCluster"
+const opListNodegroups = "ListNodegroups"
-// RegisterClusterRequest generates a "aws/request.Request" representing the
-// client's request for the RegisterCluster operation. The "output" return
+// ListNodegroupsRequest generates a "aws/request.Request" representing the
+// client's request for the ListNodegroups operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See RegisterCluster for more information on using the RegisterCluster
+// See ListNodegroups for more information on using the ListNodegroups
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the RegisterClusterRequest method.
-// req, resp := client.RegisterClusterRequest(params)
+// // Example sending a request using the ListNodegroupsRequest method.
+// req, resp := client.ListNodegroupsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterCluster
-func (c *EKS) RegisterClusterRequest(input *RegisterClusterInput) (req *request.Request, output *RegisterClusterOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroups
+func (c *EKS) ListNodegroupsRequest(input *ListNodegroupsInput) (req *request.Request, output *ListNodegroupsOutput) {
op := &request.Operation{
- Name: opRegisterCluster,
- HTTPMethod: "POST",
- HTTPPath: "/cluster-registrations",
+ Name: opListNodegroups,
+ HTTPMethod: "GET",
+ HTTPPath: "/clusters/{name}/node-groups",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &RegisterClusterInput{}
+ input = &ListNodegroupsInput{}
}
- output = &RegisterClusterOutput{}
+ output = &ListNodegroupsOutput{}
req = c.newRequest(op, input, output)
return
}
-// RegisterCluster API operation for Amazon Elastic Kubernetes Service.
-//
-// Connects a Kubernetes cluster to the Amazon EKS control plane.
-//
-// Any Kubernetes cluster can be connected to the Amazon EKS control plane to
-// view current information about the cluster and its nodes.
-//
-// Cluster connection requires two steps. First, send a RegisterClusterRequest
-// to add it to the Amazon EKS control plane.
-//
-// Second, a Manifest (https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml)
-// containing the activationID and activationCode must be applied to the Kubernetes
-// cluster through it's native provider to provide visibility.
+// ListNodegroups API operation for Amazon Elastic Kubernetes Service.
//
-// After the Manifest is updated and applied, then the connected cluster is
-// visible to the Amazon EKS control plane. If the Manifest is not applied within
-// three days, then the connected cluster will no longer be visible and must
-// be deregistered. See DeregisterCluster.
+// Lists the managed node groups associated with the specified cluster in your
+// Amazon Web Services account in the specified Amazon Web Services Region.
+// Self-managed node groups aren't listed.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation RegisterCluster for usage and error information.
+// API operation ListNodegroups for usage and error information.
//
// Returned Error Types:
//
-// - ResourceLimitExceededException
-// You have encountered a service limit on the specified resource.
-//
// - InvalidParameterException
// The specified parameter is invalid. Review the available parameters for the
// API request.
@@ -4153,186 +4514,286 @@ func (c *EKS) RegisterClusterRequest(input *RegisterClusterInput) (req *request.
// - ServiceUnavailableException
// The service is unavailable. Back off and retry the operation.
//
-// - AccessDeniedException
-// You don't have permissions to perform the requested operation. The IAM principal
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// making the request must have at least one IAM permissions policy attached
-// that grants the required permissions. For more information, see Access management
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the IAM
-// User Guide.
-//
-// - ResourceInUseException
-// The specified resource is in use.
-//
-// - ResourcePropagationDelayException
-// Required resources (such as service-linked roles) were created and are still
-// propagating. Retry later.
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterCluster
-func (c *EKS) RegisterCluster(input *RegisterClusterInput) (*RegisterClusterOutput, error) {
- req, out := c.RegisterClusterRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListNodegroups
+func (c *EKS) ListNodegroups(input *ListNodegroupsInput) (*ListNodegroupsOutput, error) {
+ req, out := c.ListNodegroupsRequest(input)
return out, req.Send()
}
-// RegisterClusterWithContext is the same as RegisterCluster with the addition of
+// ListNodegroupsWithContext is the same as ListNodegroups with the addition of
// the ability to pass a context and additional request options.
//
-// See RegisterCluster for details on how to use this API operation.
+// See ListNodegroups for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) RegisterClusterWithContext(ctx aws.Context, input *RegisterClusterInput, opts ...request.Option) (*RegisterClusterOutput, error) {
- req, out := c.RegisterClusterRequest(input)
+func (c *EKS) ListNodegroupsWithContext(ctx aws.Context, input *ListNodegroupsInput, opts ...request.Option) (*ListNodegroupsOutput, error) {
+ req, out := c.ListNodegroupsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opTagResource = "TagResource"
+// ListNodegroupsPages iterates over the pages of a ListNodegroups operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListNodegroups method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListNodegroups operation.
+// pageNum := 0
+// err := client.ListNodegroupsPages(params,
+// func(page *eks.ListNodegroupsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *EKS) ListNodegroupsPages(input *ListNodegroupsInput, fn func(*ListNodegroupsOutput, bool) bool) error {
+ return c.ListNodegroupsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
-// TagResourceRequest generates a "aws/request.Request" representing the
-// client's request for the TagResource operation. The "output" return
+// ListNodegroupsPagesWithContext same as ListNodegroupsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) ListNodegroupsPagesWithContext(ctx aws.Context, input *ListNodegroupsInput, fn func(*ListNodegroupsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListNodegroupsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListNodegroupsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListNodegroupsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListPodIdentityAssociations = "ListPodIdentityAssociations"
+
+// ListPodIdentityAssociationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListPodIdentityAssociations operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See TagResource for more information on using the TagResource
+// See ListPodIdentityAssociations for more information on using the ListPodIdentityAssociations
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the TagResourceRequest method.
-// req, resp := client.TagResourceRequest(params)
+// // Example sending a request using the ListPodIdentityAssociationsRequest method.
+// req, resp := client.ListPodIdentityAssociationsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/TagResource
-func (c *EKS) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListPodIdentityAssociations
+func (c *EKS) ListPodIdentityAssociationsRequest(input *ListPodIdentityAssociationsInput) (req *request.Request, output *ListPodIdentityAssociationsOutput) {
op := &request.Operation{
- Name: opTagResource,
- HTTPMethod: "POST",
- HTTPPath: "/tags/{resourceArn}",
+ Name: opListPodIdentityAssociations,
+ HTTPMethod: "GET",
+ HTTPPath: "/clusters/{name}/pod-identity-associations",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &TagResourceInput{}
+ input = &ListPodIdentityAssociationsInput{}
}
- output = &TagResourceOutput{}
+ output = &ListPodIdentityAssociationsOutput{}
req = c.newRequest(op, input, output)
- req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
-// TagResource API operation for Amazon Elastic Kubernetes Service.
+// ListPodIdentityAssociations API operation for Amazon Elastic Kubernetes Service.
//
-// Associates the specified tags to a resource with the specified resourceArn.
-// If existing tags on a resource are not specified in the request parameters,
-// they are not changed. When a resource is deleted, the tags associated with
-// that resource are deleted as well. Tags that you create for Amazon EKS resources
-// do not propagate to any other resources associated with the cluster. For
-// example, if you tag a cluster with this operation, that tag does not automatically
-// propagate to the subnets and nodes associated with the cluster.
+// List the EKS Pod Identity associations in a cluster. You can filter the list
+// by the namespace that the association is in or the service account that the
+// association uses.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation TagResource for usage and error information.
+// API operation ListPodIdentityAssociations for usage and error information.
//
// Returned Error Types:
//
-// - BadRequestException
-// This exception is thrown if the request contains a semantic error. The precise
-// meaning will depend on the API, and will be documented in the error message.
+// - ServerException
+// These errors are usually caused by a server-side issue.
//
-// - NotFoundException
-// A service resource associated with the request could not be found. Clients
-// should not retry such requests.
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/TagResource
-func (c *EKS) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
- req, out := c.TagResourceRequest(input)
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListPodIdentityAssociations
+func (c *EKS) ListPodIdentityAssociations(input *ListPodIdentityAssociationsInput) (*ListPodIdentityAssociationsOutput, error) {
+ req, out := c.ListPodIdentityAssociationsRequest(input)
return out, req.Send()
}
-// TagResourceWithContext is the same as TagResource with the addition of
+// ListPodIdentityAssociationsWithContext is the same as ListPodIdentityAssociations with the addition of
// the ability to pass a context and additional request options.
//
-// See TagResource for details on how to use this API operation.
+// See ListPodIdentityAssociations for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
- req, out := c.TagResourceRequest(input)
+func (c *EKS) ListPodIdentityAssociationsWithContext(ctx aws.Context, input *ListPodIdentityAssociationsInput, opts ...request.Option) (*ListPodIdentityAssociationsOutput, error) {
+ req, out := c.ListPodIdentityAssociationsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUntagResource = "UntagResource"
-
-// UntagResourceRequest generates a "aws/request.Request" representing the
-// client's request for the UntagResource operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
+// ListPodIdentityAssociationsPages iterates over the pages of a ListPodIdentityAssociations operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
//
-// See UntagResource for more information on using the UntagResource
-// API call, and error handling.
+// See ListPodIdentityAssociations method for more information on how to use this operation.
//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+// Note: This operation can generate multiple requests to a service.
//
-// // Example sending a request using the UntagResourceRequest method.
-// req, resp := client.UntagResourceRequest(params)
+// // Example iterating over at most 3 pages of a ListPodIdentityAssociations operation.
+// pageNum := 0
+// err := client.ListPodIdentityAssociationsPages(params,
+// func(page *eks.ListPodIdentityAssociationsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *EKS) ListPodIdentityAssociationsPages(input *ListPodIdentityAssociationsInput, fn func(*ListPodIdentityAssociationsOutput, bool) bool) error {
+ return c.ListPodIdentityAssociationsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListPodIdentityAssociationsPagesWithContext same as ListPodIdentityAssociationsPages except
+// it takes a Context and allows setting request options on the pages.
//
-// err := req.Send()
-// if err == nil { // resp is now filled
-// fmt.Println(resp)
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) ListPodIdentityAssociationsPagesWithContext(ctx aws.Context, input *ListPodIdentityAssociationsInput, fn func(*ListPodIdentityAssociationsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListPodIdentityAssociationsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListPodIdentityAssociationsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListPodIdentityAssociationsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListTagsForResource = "ListTagsForResource"
+
+// ListTagsForResourceRequest generates a "aws/request.Request" representing the
+// client's request for the ListTagsForResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListTagsForResource for more information on using the ListTagsForResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListTagsForResourceRequest method.
+// req, resp := client.ListTagsForResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UntagResource
-func (c *EKS) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListTagsForResource
+func (c *EKS) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
op := &request.Operation{
- Name: opUntagResource,
- HTTPMethod: "DELETE",
+ Name: opListTagsForResource,
+ HTTPMethod: "GET",
HTTPPath: "/tags/{resourceArn}",
}
if input == nil {
- input = &UntagResourceInput{}
+ input = &ListTagsForResourceInput{}
}
- output = &UntagResourceOutput{}
+ output = &ListTagsForResourceOutput{}
req = c.newRequest(op, input, output)
- req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
-// UntagResource API operation for Amazon Elastic Kubernetes Service.
+// ListTagsForResource API operation for Amazon Elastic Kubernetes Service.
//
-// Deletes specified tags from a resource.
+// List the tags for an Amazon EKS resource.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UntagResource for usage and error information.
+// API operation ListTagsForResource for usage and error information.
//
// Returned Error Types:
//
@@ -4344,79 +4805,86 @@ func (c *EKS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ
// A service resource associated with the request could not be found. Clients
// should not retry such requests.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UntagResource
-func (c *EKS) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
- req, out := c.UntagResourceRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListTagsForResource
+func (c *EKS) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
return out, req.Send()
}
-// UntagResourceWithContext is the same as UntagResource with the addition of
+// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
// the ability to pass a context and additional request options.
//
-// See UntagResource for details on how to use this API operation.
+// See ListTagsForResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
- req, out := c.UntagResourceRequest(input)
+func (c *EKS) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdateAddon = "UpdateAddon"
+const opListUpdates = "ListUpdates"
-// UpdateAddonRequest generates a "aws/request.Request" representing the
-// client's request for the UpdateAddon operation. The "output" return
+// ListUpdatesRequest generates a "aws/request.Request" representing the
+// client's request for the ListUpdates operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdateAddon for more information on using the UpdateAddon
+// See ListUpdates for more information on using the ListUpdates
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdateAddonRequest method.
-// req, resp := client.UpdateAddonRequest(params)
+// // Example sending a request using the ListUpdatesRequest method.
+// req, resp := client.ListUpdatesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAddon
-func (c *EKS) UpdateAddonRequest(input *UpdateAddonInput) (req *request.Request, output *UpdateAddonOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdates
+func (c *EKS) ListUpdatesRequest(input *ListUpdatesInput) (req *request.Request, output *ListUpdatesOutput) {
op := &request.Operation{
- Name: opUpdateAddon,
- HTTPMethod: "POST",
- HTTPPath: "/clusters/{name}/addons/{addonName}/update",
+ Name: opListUpdates,
+ HTTPMethod: "GET",
+ HTTPPath: "/clusters/{name}/updates",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &UpdateAddonInput{}
+ input = &ListUpdatesInput{}
}
- output = &UpdateAddonOutput{}
+ output = &ListUpdatesOutput{}
req = c.newRequest(op, input, output)
return
}
-// UpdateAddon API operation for Amazon Elastic Kubernetes Service.
+// ListUpdates API operation for Amazon Elastic Kubernetes Service.
//
-// Updates an Amazon EKS add-on.
+// Lists the updates associated with an Amazon EKS resource in your Amazon Web
+// Services account, in the specified Amazon Web Services Region.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UpdateAddon for usage and error information.
+// API operation ListUpdates for usage and error information.
//
// Returned Error Types:
//
@@ -4424,18 +4892,6 @@ func (c *EKS) UpdateAddonRequest(input *UpdateAddonInput) (req *request.Request,
// The specified parameter is invalid. Review the available parameters for the
// API request.
//
-// - InvalidRequestException
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
-//
-// - ResourceNotFoundException
-// The specified resource could not be found. You can view your available clusters
-// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
-//
-// - ResourceInUseException
-// The specified resource is in use.
-//
// - ClientException
// These errors are usually caused by a client action. Actions can include using
// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
@@ -4445,114 +4901,156 @@ func (c *EKS) UpdateAddonRequest(input *UpdateAddonInput) (req *request.Request,
// - ServerException
// These errors are usually caused by a server-side issue.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAddon
-func (c *EKS) UpdateAddon(input *UpdateAddonInput) (*UpdateAddonOutput, error) {
- req, out := c.UpdateAddonRequest(input)
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListUpdates
+func (c *EKS) ListUpdates(input *ListUpdatesInput) (*ListUpdatesOutput, error) {
+ req, out := c.ListUpdatesRequest(input)
return out, req.Send()
}
-// UpdateAddonWithContext is the same as UpdateAddon with the addition of
+// ListUpdatesWithContext is the same as ListUpdates with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdateAddon for details on how to use this API operation.
+// See ListUpdates for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UpdateAddonWithContext(ctx aws.Context, input *UpdateAddonInput, opts ...request.Option) (*UpdateAddonOutput, error) {
- req, out := c.UpdateAddonRequest(input)
+func (c *EKS) ListUpdatesWithContext(ctx aws.Context, input *ListUpdatesInput, opts ...request.Option) (*ListUpdatesOutput, error) {
+ req, out := c.ListUpdatesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdateClusterConfig = "UpdateClusterConfig"
+// ListUpdatesPages iterates over the pages of a ListUpdates operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListUpdates method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListUpdates operation.
+// pageNum := 0
+// err := client.ListUpdatesPages(params,
+// func(page *eks.ListUpdatesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *EKS) ListUpdatesPages(input *ListUpdatesInput, fn func(*ListUpdatesOutput, bool) bool) error {
+ return c.ListUpdatesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
-// UpdateClusterConfigRequest generates a "aws/request.Request" representing the
-// client's request for the UpdateClusterConfig operation. The "output" return
+// ListUpdatesPagesWithContext same as ListUpdatesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) ListUpdatesPagesWithContext(ctx aws.Context, input *ListUpdatesInput, fn func(*ListUpdatesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListUpdatesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListUpdatesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListUpdatesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opRegisterCluster = "RegisterCluster"
+
+// RegisterClusterRequest generates a "aws/request.Request" representing the
+// client's request for the RegisterCluster operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdateClusterConfig for more information on using the UpdateClusterConfig
+// See RegisterCluster for more information on using the RegisterCluster
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdateClusterConfigRequest method.
-// req, resp := client.UpdateClusterConfigRequest(params)
+// // Example sending a request using the RegisterClusterRequest method.
+// req, resp := client.RegisterClusterRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterConfig
-func (c *EKS) UpdateClusterConfigRequest(input *UpdateClusterConfigInput) (req *request.Request, output *UpdateClusterConfigOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterCluster
+func (c *EKS) RegisterClusterRequest(input *RegisterClusterInput) (req *request.Request, output *RegisterClusterOutput) {
op := &request.Operation{
- Name: opUpdateClusterConfig,
+ Name: opRegisterCluster,
HTTPMethod: "POST",
- HTTPPath: "/clusters/{name}/update-config",
+ HTTPPath: "/cluster-registrations",
}
if input == nil {
- input = &UpdateClusterConfigInput{}
+ input = &RegisterClusterInput{}
}
- output = &UpdateClusterConfigOutput{}
+ output = &RegisterClusterOutput{}
req = c.newRequest(op, input, output)
return
}
-// UpdateClusterConfig API operation for Amazon Elastic Kubernetes Service.
+// RegisterCluster API operation for Amazon Elastic Kubernetes Service.
//
-// Updates an Amazon EKS cluster configuration. Your cluster continues to function
-// during the update. The response output includes an update ID that you can
-// use to track the status of your cluster update with the DescribeUpdate API
-// operation.
+// Connects a Kubernetes cluster to the Amazon EKS control plane.
//
-// You can use this API operation to enable or disable exporting the Kubernetes
-// control plane logs for your cluster to CloudWatch Logs. By default, cluster
-// control plane logs aren't exported to CloudWatch Logs. For more information,
-// see Amazon EKS Cluster Control Plane Logs (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)
-// in the Amazon EKS User Guide .
+// Any Kubernetes cluster can be connected to the Amazon EKS control plane to
+// view current information about the cluster and its nodes.
//
-// CloudWatch Logs ingestion, archive storage, and data scanning rates apply
-// to exported control plane logs. For more information, see CloudWatch Pricing
-// (http://aws.amazon.com/cloudwatch/pricing/).
+// Cluster connection requires two steps. First, send a RegisterClusterRequest
+// to add it to the Amazon EKS control plane.
//
-// You can also use this API operation to enable or disable public and private
-// access to your cluster's Kubernetes API server endpoint. By default, public
-// access is enabled, and private access is disabled. For more information,
-// see Amazon EKS cluster endpoint access control (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html)
-// in the Amazon EKS User Guide .
+// Second, a Manifest (https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml)
+// containing the activationID and activationCode must be applied to the Kubernetes
+// cluster through it's native provider to provide visibility.
//
-// You can also use this API operation to choose different subnets and security
-// groups for the cluster. You must specify at least two subnets that are in
-// different Availability Zones. You can't change which VPC the subnets are
-// from, the subnets must be in the same VPC as the subnets that the cluster
-// was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html
-// (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) in the
-// Amazon EKS User Guide .
-//
-// Cluster updates are asynchronous, and they should finish within a few minutes.
-// During an update, the cluster status moves to UPDATING (this status transition
-// is eventually consistent). When the update is complete (either Failed or
-// Successful), the cluster status moves to Active.
+// After the manifest is updated and applied, the connected cluster is visible
+// to the Amazon EKS control plane. If the manifest isn't applied within three
+// days, the connected cluster will no longer be visible and must be deregistered
+// using DeregisterCluster.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UpdateClusterConfig for usage and error information.
+// API operation RegisterCluster for usage and error information.
//
// Returned Error Types:
//
+// - ResourceLimitExceededException
+// You have encountered a service limit on the specified resource.
+//
// - InvalidParameterException
// The specified parameter is invalid. Review the available parameters for the
// API request.
@@ -4566,434 +5064,497 @@ func (c *EKS) UpdateClusterConfigRequest(input *UpdateClusterConfigInput) (req *
// - ServerException
// These errors are usually caused by a server-side issue.
//
+// - ServiceUnavailableException
+// The service is unavailable. Back off and retry the operation.
+//
+// - AccessDeniedException
+// You don't have permissions to perform the requested operation. The IAM principal
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// making the request must have at least one IAM permissions policy attached
+// that grants the required permissions. For more information, see Access management
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the IAM
+// User Guide.
+//
// - ResourceInUseException
// The specified resource is in use.
//
-// - ResourceNotFoundException
-// The specified resource could not be found. You can view your available clusters
-// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
-//
-// - InvalidRequestException
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
+// - ResourcePropagationDelayException
+// Required resources (such as service-linked roles) were created and are still
+// propagating. Retry later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterConfig
-func (c *EKS) UpdateClusterConfig(input *UpdateClusterConfigInput) (*UpdateClusterConfigOutput, error) {
- req, out := c.UpdateClusterConfigRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/RegisterCluster
+func (c *EKS) RegisterCluster(input *RegisterClusterInput) (*RegisterClusterOutput, error) {
+ req, out := c.RegisterClusterRequest(input)
return out, req.Send()
}
-// UpdateClusterConfigWithContext is the same as UpdateClusterConfig with the addition of
+// RegisterClusterWithContext is the same as RegisterCluster with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdateClusterConfig for details on how to use this API operation.
+// See RegisterCluster for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UpdateClusterConfigWithContext(ctx aws.Context, input *UpdateClusterConfigInput, opts ...request.Option) (*UpdateClusterConfigOutput, error) {
- req, out := c.UpdateClusterConfigRequest(input)
+func (c *EKS) RegisterClusterWithContext(ctx aws.Context, input *RegisterClusterInput, opts ...request.Option) (*RegisterClusterOutput, error) {
+ req, out := c.RegisterClusterRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdateClusterVersion = "UpdateClusterVersion"
+const opTagResource = "TagResource"
-// UpdateClusterVersionRequest generates a "aws/request.Request" representing the
-// client's request for the UpdateClusterVersion operation. The "output" return
+// TagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the TagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdateClusterVersion for more information on using the UpdateClusterVersion
+// See TagResource for more information on using the TagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdateClusterVersionRequest method.
-// req, resp := client.UpdateClusterVersionRequest(params)
+// // Example sending a request using the TagResourceRequest method.
+// req, resp := client.TagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterVersion
-func (c *EKS) UpdateClusterVersionRequest(input *UpdateClusterVersionInput) (req *request.Request, output *UpdateClusterVersionOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/TagResource
+func (c *EKS) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
op := &request.Operation{
- Name: opUpdateClusterVersion,
+ Name: opTagResource,
HTTPMethod: "POST",
- HTTPPath: "/clusters/{name}/updates",
+ HTTPPath: "/tags/{resourceArn}",
}
if input == nil {
- input = &UpdateClusterVersionInput{}
+ input = &TagResourceInput{}
}
- output = &UpdateClusterVersionOutput{}
+ output = &TagResourceOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
-// UpdateClusterVersion API operation for Amazon Elastic Kubernetes Service.
-//
-// Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster
-// continues to function during the update. The response output includes an
-// update ID that you can use to track the status of your cluster update with
-// the DescribeUpdate API operation.
-//
-// Cluster updates are asynchronous, and they should finish within a few minutes.
-// During an update, the cluster status moves to UPDATING (this status transition
-// is eventually consistent). When the update is complete (either Failed or
-// Successful), the cluster status moves to Active.
+// TagResource API operation for Amazon Elastic Kubernetes Service.
//
-// If your cluster has managed node groups attached to it, all of your node
-// groups’ Kubernetes versions must match the cluster’s Kubernetes version
-// in order to update the cluster to a new Kubernetes version.
+// Associates the specified tags to an Amazon EKS resource with the specified
+// resourceArn. If existing tags on a resource are not specified in the request
+// parameters, they aren't changed. When a resource is deleted, the tags associated
+// with that resource are also deleted. Tags that you create for Amazon EKS
+// resources don't propagate to any other resources associated with the cluster.
+// For example, if you tag a cluster with this operation, that tag doesn't automatically
+// propagate to the subnets and nodes associated with the cluster.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UpdateClusterVersion for usage and error information.
+// API operation TagResource for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-//
-// - ClientException
-// These errors are usually caused by a client action. Actions can include using
-// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// that doesn't have permissions to use the action or resource or specifying
-// an identifier that is not valid.
-//
-// - ServerException
-// These errors are usually caused by a server-side issue.
-//
-// - ResourceInUseException
-// The specified resource is in use.
-//
-// - ResourceNotFoundException
-// The specified resource could not be found. You can view your available clusters
-// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// - BadRequestException
+// This exception is thrown if the request contains a semantic error. The precise
+// meaning will depend on the API, and will be documented in the error message.
//
-// - InvalidRequestException
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
+// - NotFoundException
+// A service resource associated with the request could not be found. Clients
+// should not retry such requests.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterVersion
-func (c *EKS) UpdateClusterVersion(input *UpdateClusterVersionInput) (*UpdateClusterVersionOutput, error) {
- req, out := c.UpdateClusterVersionRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/TagResource
+func (c *EKS) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
return out, req.Send()
}
-// UpdateClusterVersionWithContext is the same as UpdateClusterVersion with the addition of
+// TagResourceWithContext is the same as TagResource with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdateClusterVersion for details on how to use this API operation.
+// See TagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UpdateClusterVersionWithContext(ctx aws.Context, input *UpdateClusterVersionInput, opts ...request.Option) (*UpdateClusterVersionOutput, error) {
- req, out := c.UpdateClusterVersionRequest(input)
+func (c *EKS) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdateEksAnywhereSubscription = "UpdateEksAnywhereSubscription"
+const opUntagResource = "UntagResource"
-// UpdateEksAnywhereSubscriptionRequest generates a "aws/request.Request" representing the
-// client's request for the UpdateEksAnywhereSubscription operation. The "output" return
+// UntagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the UntagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdateEksAnywhereSubscription for more information on using the UpdateEksAnywhereSubscription
+// See UntagResource for more information on using the UntagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdateEksAnywhereSubscriptionRequest method.
-// req, resp := client.UpdateEksAnywhereSubscriptionRequest(params)
+// // Example sending a request using the UntagResourceRequest method.
+// req, resp := client.UntagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateEksAnywhereSubscription
-func (c *EKS) UpdateEksAnywhereSubscriptionRequest(input *UpdateEksAnywhereSubscriptionInput) (req *request.Request, output *UpdateEksAnywhereSubscriptionOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UntagResource
+func (c *EKS) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
op := &request.Operation{
- Name: opUpdateEksAnywhereSubscription,
- HTTPMethod: "POST",
- HTTPPath: "/eks-anywhere-subscriptions/{id}",
+ Name: opUntagResource,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/tags/{resourceArn}",
}
if input == nil {
- input = &UpdateEksAnywhereSubscriptionInput{}
+ input = &UntagResourceInput{}
}
- output = &UpdateEksAnywhereSubscriptionOutput{}
+ output = &UntagResourceOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
-// UpdateEksAnywhereSubscription API operation for Amazon Elastic Kubernetes Service.
+// UntagResource API operation for Amazon Elastic Kubernetes Service.
//
-// Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated
-// after subscription creation.
+// Deletes specified tags from an Amazon EKS resource.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UpdateEksAnywhereSubscription for usage and error information.
+// API operation UntagResource for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-//
-// - ClientException
-// These errors are usually caused by a client action. Actions can include using
-// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// that doesn't have permissions to use the action or resource or specifying
-// an identifier that is not valid.
-//
-// - ServerException
-// These errors are usually caused by a server-side issue.
-//
-// - ResourceNotFoundException
-// The specified resource could not be found. You can view your available clusters
-// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// - BadRequestException
+// This exception is thrown if the request contains a semantic error. The precise
+// meaning will depend on the API, and will be documented in the error message.
//
-// - InvalidRequestException
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
+// - NotFoundException
+// A service resource associated with the request could not be found. Clients
+// should not retry such requests.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateEksAnywhereSubscription
-func (c *EKS) UpdateEksAnywhereSubscription(input *UpdateEksAnywhereSubscriptionInput) (*UpdateEksAnywhereSubscriptionOutput, error) {
- req, out := c.UpdateEksAnywhereSubscriptionRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UntagResource
+func (c *EKS) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
return out, req.Send()
}
-// UpdateEksAnywhereSubscriptionWithContext is the same as UpdateEksAnywhereSubscription with the addition of
+// UntagResourceWithContext is the same as UntagResource with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdateEksAnywhereSubscription for details on how to use this API operation.
+// See UntagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UpdateEksAnywhereSubscriptionWithContext(ctx aws.Context, input *UpdateEksAnywhereSubscriptionInput, opts ...request.Option) (*UpdateEksAnywhereSubscriptionOutput, error) {
- req, out := c.UpdateEksAnywhereSubscriptionRequest(input)
+func (c *EKS) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdateNodegroupConfig = "UpdateNodegroupConfig"
+const opUpdateAccessEntry = "UpdateAccessEntry"
-// UpdateNodegroupConfigRequest generates a "aws/request.Request" representing the
-// client's request for the UpdateNodegroupConfig operation. The "output" return
+// UpdateAccessEntryRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateAccessEntry operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdateNodegroupConfig for more information on using the UpdateNodegroupConfig
+// See UpdateAccessEntry for more information on using the UpdateAccessEntry
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdateNodegroupConfigRequest method.
-// req, resp := client.UpdateNodegroupConfigRequest(params)
+// // Example sending a request using the UpdateAccessEntryRequest method.
+// req, resp := client.UpdateAccessEntryRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupConfig
-func (c *EKS) UpdateNodegroupConfigRequest(input *UpdateNodegroupConfigInput) (req *request.Request, output *UpdateNodegroupConfigOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntry
+func (c *EKS) UpdateAccessEntryRequest(input *UpdateAccessEntryInput) (req *request.Request, output *UpdateAccessEntryOutput) {
op := &request.Operation{
- Name: opUpdateNodegroupConfig,
+ Name: opUpdateAccessEntry,
HTTPMethod: "POST",
- HTTPPath: "/clusters/{name}/node-groups/{nodegroupName}/update-config",
+ HTTPPath: "/clusters/{name}/access-entries/{principalArn}",
}
if input == nil {
- input = &UpdateNodegroupConfigInput{}
+ input = &UpdateAccessEntryInput{}
}
- output = &UpdateNodegroupConfigOutput{}
+ output = &UpdateAccessEntryOutput{}
req = c.newRequest(op, input, output)
return
}
-// UpdateNodegroupConfig API operation for Amazon Elastic Kubernetes Service.
+// UpdateAccessEntry API operation for Amazon Elastic Kubernetes Service.
//
-// Updates an Amazon EKS managed node group configuration. Your node group continues
-// to function during the update. The response output includes an update ID
-// that you can use to track the status of your node group update with the DescribeUpdate
-// API operation. Currently you can update the Kubernetes labels for a node
-// group or the scaling configuration.
+// Updates an access entry.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UpdateNodegroupConfig for usage and error information.
+// API operation UpdateAccessEntry for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-//
-// - ClientException
-// These errors are usually caused by a client action. Actions can include using
-// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// that doesn't have permissions to use the action or resource or specifying
-// an identifier that is not valid.
-//
// - ServerException
// These errors are usually caused by a server-side issue.
//
-// - ResourceInUseException
-// The specified resource is in use.
-//
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
// the cluster and the associated operations.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupConfig
-func (c *EKS) UpdateNodegroupConfig(input *UpdateNodegroupConfigInput) (*UpdateNodegroupConfigOutput, error) {
- req, out := c.UpdateNodegroupConfigRequest(input)
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAccessEntry
+func (c *EKS) UpdateAccessEntry(input *UpdateAccessEntryInput) (*UpdateAccessEntryOutput, error) {
+ req, out := c.UpdateAccessEntryRequest(input)
return out, req.Send()
}
-// UpdateNodegroupConfigWithContext is the same as UpdateNodegroupConfig with the addition of
+// UpdateAccessEntryWithContext is the same as UpdateAccessEntry with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdateNodegroupConfig for details on how to use this API operation.
+// See UpdateAccessEntry for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UpdateNodegroupConfigWithContext(ctx aws.Context, input *UpdateNodegroupConfigInput, opts ...request.Option) (*UpdateNodegroupConfigOutput, error) {
- req, out := c.UpdateNodegroupConfigRequest(input)
+func (c *EKS) UpdateAccessEntryWithContext(ctx aws.Context, input *UpdateAccessEntryInput, opts ...request.Option) (*UpdateAccessEntryOutput, error) {
+ req, out := c.UpdateAccessEntryRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdateNodegroupVersion = "UpdateNodegroupVersion"
+const opUpdateAddon = "UpdateAddon"
-// UpdateNodegroupVersionRequest generates a "aws/request.Request" representing the
-// client's request for the UpdateNodegroupVersion operation. The "output" return
+// UpdateAddonRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateAddon operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdateNodegroupVersion for more information on using the UpdateNodegroupVersion
+// See UpdateAddon for more information on using the UpdateAddon
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdateNodegroupVersionRequest method.
-// req, resp := client.UpdateNodegroupVersionRequest(params)
+// // Example sending a request using the UpdateAddonRequest method.
+// req, resp := client.UpdateAddonRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupVersion
-func (c *EKS) UpdateNodegroupVersionRequest(input *UpdateNodegroupVersionInput) (req *request.Request, output *UpdateNodegroupVersionOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAddon
+func (c *EKS) UpdateAddonRequest(input *UpdateAddonInput) (req *request.Request, output *UpdateAddonOutput) {
op := &request.Operation{
- Name: opUpdateNodegroupVersion,
+ Name: opUpdateAddon,
HTTPMethod: "POST",
- HTTPPath: "/clusters/{name}/node-groups/{nodegroupName}/update-version",
+ HTTPPath: "/clusters/{name}/addons/{addonName}/update",
}
if input == nil {
- input = &UpdateNodegroupVersionInput{}
+ input = &UpdateAddonInput{}
}
- output = &UpdateNodegroupVersionOutput{}
+ output = &UpdateAddonOutput{}
req = c.newRequest(op, input, output)
return
}
-// UpdateNodegroupVersion API operation for Amazon Elastic Kubernetes Service.
+// UpdateAddon API operation for Amazon Elastic Kubernetes Service.
//
-// Updates the Kubernetes version or AMI version of an Amazon EKS managed node
-// group.
+// Updates an Amazon EKS add-on.
//
-// You can update a node group using a launch template only if the node group
-// was originally deployed with a launch template. If you need to update a custom
-// AMI in a node group that was deployed with a launch template, then update
-// your custom AMI, specify the new ID in a new version of the launch template,
-// and then update the node group to the new version of the launch template.
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
//
-// If you update without a launch template, then you can update to the latest
-// available AMI version of a node group's current Kubernetes version by not
-// specifying a Kubernetes version in the request. You can update to the latest
-// AMI version of your cluster's current Kubernetes version by specifying your
-// cluster's Kubernetes version in the request. For information about Linux
-// versions, see Amazon EKS optimized Amazon Linux AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html)
-// in the Amazon EKS User Guide. For information about Windows versions, see
-// Amazon EKS optimized Windows AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html)
-// in the Amazon EKS User Guide.
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation UpdateAddon for usage and error information.
//
-// You cannot roll back a node group to an earlier Kubernetes version or AMI
-// version.
+// Returned Error Types:
//
-// When a node in a managed node group is terminated due to a scaling action
-// or update, the pods in that node are drained first. Amazon EKS attempts to
-// drain the nodes gracefully and will fail if it is unable to do so. You can
-// force the update if Amazon EKS is unable to drain the nodes as a result of
-// a pod disruption budget issue.
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - ResourceInUseException
+// The specified resource is in use.
+//
+// - ClientException
+// These errors are usually caused by a client action. Actions can include using
+// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// that doesn't have permissions to use the action or resource or specifying
+// an identifier that is not valid.
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAddon
+func (c *EKS) UpdateAddon(input *UpdateAddonInput) (*UpdateAddonOutput, error) {
+ req, out := c.UpdateAddonRequest(input)
+ return out, req.Send()
+}
+
+// UpdateAddonWithContext is the same as UpdateAddon with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateAddon for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) UpdateAddonWithContext(ctx aws.Context, input *UpdateAddonInput, opts ...request.Option) (*UpdateAddonOutput, error) {
+ req, out := c.UpdateAddonRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateClusterConfig = "UpdateClusterConfig"
+
+// UpdateClusterConfigRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateClusterConfig operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateClusterConfig for more information on using the UpdateClusterConfig
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateClusterConfigRequest method.
+// req, resp := client.UpdateClusterConfigRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterConfig
+func (c *EKS) UpdateClusterConfigRequest(input *UpdateClusterConfigInput) (req *request.Request, output *UpdateClusterConfigOutput) {
+ op := &request.Operation{
+ Name: opUpdateClusterConfig,
+ HTTPMethod: "POST",
+ HTTPPath: "/clusters/{name}/update-config",
+ }
+
+ if input == nil {
+ input = &UpdateClusterConfigInput{}
+ }
+
+ output = &UpdateClusterConfigOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateClusterConfig API operation for Amazon Elastic Kubernetes Service.
+//
+// Updates an Amazon EKS cluster configuration. Your cluster continues to function
+// during the update. The response output includes an update ID that you can
+// use to track the status of your cluster update with DescribeUpdate"/>.
+//
+// You can use this API operation to enable or disable exporting the Kubernetes
+// control plane logs for your cluster to CloudWatch Logs. By default, cluster
+// control plane logs aren't exported to CloudWatch Logs. For more information,
+// see Amazon EKS Cluster control plane logs (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)
+// in the Amazon EKS User Guide .
+//
+// CloudWatch Logs ingestion, archive storage, and data scanning rates apply
+// to exported control plane logs. For more information, see CloudWatch Pricing
+// (http://aws.amazon.com/cloudwatch/pricing/).
+//
+// You can also use this API operation to enable or disable public and private
+// access to your cluster's Kubernetes API server endpoint. By default, public
+// access is enabled, and private access is disabled. For more information,
+// see Amazon EKS cluster endpoint access control (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html)
+// in the Amazon EKS User Guide .
+//
+// You can also use this API operation to choose different subnets and security
+// groups for the cluster. You must specify at least two subnets that are in
+// different Availability Zones. You can't change which VPC the subnets are
+// from, the subnets must be in the same VPC as the subnets that the cluster
+// was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html
+// (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) in the
+// Amazon EKS User Guide .
+//
+// Cluster updates are asynchronous, and they should finish within a few minutes.
+// During an update, the cluster status moves to UPDATING (this status transition
+// is eventually consistent). When the update is complete (either Failed or
+// Successful), the cluster status moves to Active.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UpdateNodegroupVersion for usage and error information.
+// API operation UpdateClusterConfig for usage and error information.
//
// Returned Error Types:
//
@@ -5016,141 +5577,731 @@ func (c *EKS) UpdateNodegroupVersionRequest(input *UpdateNodegroupVersionInput)
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
// the cluster and the associated operations.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupVersion
-func (c *EKS) UpdateNodegroupVersion(input *UpdateNodegroupVersionInput) (*UpdateNodegroupVersionOutput, error) {
- req, out := c.UpdateNodegroupVersionRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterConfig
+func (c *EKS) UpdateClusterConfig(input *UpdateClusterConfigInput) (*UpdateClusterConfigOutput, error) {
+ req, out := c.UpdateClusterConfigRequest(input)
return out, req.Send()
}
-// UpdateNodegroupVersionWithContext is the same as UpdateNodegroupVersion with the addition of
+// UpdateClusterConfigWithContext is the same as UpdateClusterConfig with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdateNodegroupVersion for details on how to use this API operation.
+// See UpdateClusterConfig for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UpdateNodegroupVersionWithContext(ctx aws.Context, input *UpdateNodegroupVersionInput, opts ...request.Option) (*UpdateNodegroupVersionOutput, error) {
- req, out := c.UpdateNodegroupVersionRequest(input)
+func (c *EKS) UpdateClusterConfigWithContext(ctx aws.Context, input *UpdateClusterConfigInput, opts ...request.Option) (*UpdateClusterConfigOutput, error) {
+ req, out := c.UpdateClusterConfigRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdatePodIdentityAssociation = "UpdatePodIdentityAssociation"
+const opUpdateClusterVersion = "UpdateClusterVersion"
-// UpdatePodIdentityAssociationRequest generates a "aws/request.Request" representing the
-// client's request for the UpdatePodIdentityAssociation operation. The "output" return
+// UpdateClusterVersionRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateClusterVersion operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdatePodIdentityAssociation for more information on using the UpdatePodIdentityAssociation
+// See UpdateClusterVersion for more information on using the UpdateClusterVersion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdatePodIdentityAssociationRequest method.
-// req, resp := client.UpdatePodIdentityAssociationRequest(params)
+// // Example sending a request using the UpdateClusterVersionRequest method.
+// req, resp := client.UpdateClusterVersionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdatePodIdentityAssociation
-func (c *EKS) UpdatePodIdentityAssociationRequest(input *UpdatePodIdentityAssociationInput) (req *request.Request, output *UpdatePodIdentityAssociationOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterVersion
+func (c *EKS) UpdateClusterVersionRequest(input *UpdateClusterVersionInput) (req *request.Request, output *UpdateClusterVersionOutput) {
op := &request.Operation{
- Name: opUpdatePodIdentityAssociation,
+ Name: opUpdateClusterVersion,
HTTPMethod: "POST",
- HTTPPath: "/clusters/{name}/pod-identity-associations/{associationId}",
+ HTTPPath: "/clusters/{name}/updates",
}
if input == nil {
- input = &UpdatePodIdentityAssociationInput{}
+ input = &UpdateClusterVersionInput{}
}
- output = &UpdatePodIdentityAssociationOutput{}
+ output = &UpdateClusterVersionOutput{}
req = c.newRequest(op, input, output)
return
}
-// UpdatePodIdentityAssociation API operation for Amazon Elastic Kubernetes Service.
+// UpdateClusterVersion API operation for Amazon Elastic Kubernetes Service.
//
-// Updates a EKS Pod Identity association. Only the IAM role can be changed;
-// an association can't be moved between clusters, namespaces, or service accounts.
-// If you need to edit the namespace or service account, you need to remove
-// the association and then create a new association with your desired settings.
+// Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster
+// continues to function during the update. The response output includes an
+// update ID that you can use to track the status of your cluster update with
+// the DescribeUpdate API operation.
+//
+// Cluster updates are asynchronous, and they should finish within a few minutes.
+// During an update, the cluster status moves to UPDATING (this status transition
+// is eventually consistent). When the update is complete (either Failed or
+// Successful), the cluster status moves to Active.
+//
+// If your cluster has managed node groups attached to it, all of your node
+// groups’ Kubernetes versions must match the cluster’s Kubernetes version
+// in order to update the cluster to a new Kubernetes version.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
-// API operation UpdatePodIdentityAssociation for usage and error information.
+// API operation UpdateClusterVersion for usage and error information.
//
// Returned Error Types:
//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - ClientException
+// These errors are usually caused by a client action. Actions can include using
+// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// that doesn't have permissions to use the action or resource or specifying
+// an identifier that is not valid.
+//
// - ServerException
// These errors are usually caused by a server-side issue.
//
+// - ResourceInUseException
+// The specified resource is in use.
+//
// - ResourceNotFoundException
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
//
// - InvalidRequestException
// The request is invalid given the state of the cluster. Check the state of
// the cluster and the associated operations.
//
-// - InvalidParameterException
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdatePodIdentityAssociation
-func (c *EKS) UpdatePodIdentityAssociation(input *UpdatePodIdentityAssociationInput) (*UpdatePodIdentityAssociationOutput, error) {
- req, out := c.UpdatePodIdentityAssociationRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateClusterVersion
+func (c *EKS) UpdateClusterVersion(input *UpdateClusterVersionInput) (*UpdateClusterVersionOutput, error) {
+ req, out := c.UpdateClusterVersionRequest(input)
return out, req.Send()
}
-// UpdatePodIdentityAssociationWithContext is the same as UpdatePodIdentityAssociation with the addition of
+// UpdateClusterVersionWithContext is the same as UpdateClusterVersion with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdatePodIdentityAssociation for details on how to use this API operation.
+// See UpdateClusterVersion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *EKS) UpdatePodIdentityAssociationWithContext(ctx aws.Context, input *UpdatePodIdentityAssociationInput, opts ...request.Option) (*UpdatePodIdentityAssociationOutput, error) {
- req, out := c.UpdatePodIdentityAssociationRequest(input)
+func (c *EKS) UpdateClusterVersionWithContext(ctx aws.Context, input *UpdateClusterVersionInput, opts ...request.Option) (*UpdateClusterVersionOutput, error) {
+ req, out := c.UpdateClusterVersionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// You don't have permissions to perform the requested operation. The IAM principal
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
-// making the request must have at least one IAM permissions policy attached
-// that grants the required permissions. For more information, see Access management
+const opUpdateEksAnywhereSubscription = "UpdateEksAnywhereSubscription"
+
+// UpdateEksAnywhereSubscriptionRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateEksAnywhereSubscription operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateEksAnywhereSubscription for more information on using the UpdateEksAnywhereSubscription
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateEksAnywhereSubscriptionRequest method.
+// req, resp := client.UpdateEksAnywhereSubscriptionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateEksAnywhereSubscription
+func (c *EKS) UpdateEksAnywhereSubscriptionRequest(input *UpdateEksAnywhereSubscriptionInput) (req *request.Request, output *UpdateEksAnywhereSubscriptionOutput) {
+ op := &request.Operation{
+ Name: opUpdateEksAnywhereSubscription,
+ HTTPMethod: "POST",
+ HTTPPath: "/eks-anywhere-subscriptions/{id}",
+ }
+
+ if input == nil {
+ input = &UpdateEksAnywhereSubscriptionInput{}
+ }
+
+ output = &UpdateEksAnywhereSubscriptionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateEksAnywhereSubscription API operation for Amazon Elastic Kubernetes Service.
+//
+// Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated
+// after subscription creation.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation UpdateEksAnywhereSubscription for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - ClientException
+// These errors are usually caused by a client action. Actions can include using
+// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// that doesn't have permissions to use the action or resource or specifying
+// an identifier that is not valid.
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateEksAnywhereSubscription
+func (c *EKS) UpdateEksAnywhereSubscription(input *UpdateEksAnywhereSubscriptionInput) (*UpdateEksAnywhereSubscriptionOutput, error) {
+ req, out := c.UpdateEksAnywhereSubscriptionRequest(input)
+ return out, req.Send()
+}
+
+// UpdateEksAnywhereSubscriptionWithContext is the same as UpdateEksAnywhereSubscription with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateEksAnywhereSubscription for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) UpdateEksAnywhereSubscriptionWithContext(ctx aws.Context, input *UpdateEksAnywhereSubscriptionInput, opts ...request.Option) (*UpdateEksAnywhereSubscriptionOutput, error) {
+ req, out := c.UpdateEksAnywhereSubscriptionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateNodegroupConfig = "UpdateNodegroupConfig"
+
+// UpdateNodegroupConfigRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateNodegroupConfig operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateNodegroupConfig for more information on using the UpdateNodegroupConfig
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateNodegroupConfigRequest method.
+// req, resp := client.UpdateNodegroupConfigRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupConfig
+func (c *EKS) UpdateNodegroupConfigRequest(input *UpdateNodegroupConfigInput) (req *request.Request, output *UpdateNodegroupConfigOutput) {
+ op := &request.Operation{
+ Name: opUpdateNodegroupConfig,
+ HTTPMethod: "POST",
+ HTTPPath: "/clusters/{name}/node-groups/{nodegroupName}/update-config",
+ }
+
+ if input == nil {
+ input = &UpdateNodegroupConfigInput{}
+ }
+
+ output = &UpdateNodegroupConfigOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateNodegroupConfig API operation for Amazon Elastic Kubernetes Service.
+//
+// Updates an Amazon EKS managed node group configuration. Your node group continues
+// to function during the update. The response output includes an update ID
+// that you can use to track the status of your node group update with the DescribeUpdate
+// API operation. Currently you can update the Kubernetes labels for a node
+// group or the scaling configuration.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation UpdateNodegroupConfig for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - ClientException
+// These errors are usually caused by a client action. Actions can include using
+// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// that doesn't have permissions to use the action or resource or specifying
+// an identifier that is not valid.
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceInUseException
+// The specified resource is in use.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupConfig
+func (c *EKS) UpdateNodegroupConfig(input *UpdateNodegroupConfigInput) (*UpdateNodegroupConfigOutput, error) {
+ req, out := c.UpdateNodegroupConfigRequest(input)
+ return out, req.Send()
+}
+
+// UpdateNodegroupConfigWithContext is the same as UpdateNodegroupConfig with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateNodegroupConfig for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) UpdateNodegroupConfigWithContext(ctx aws.Context, input *UpdateNodegroupConfigInput, opts ...request.Option) (*UpdateNodegroupConfigOutput, error) {
+ req, out := c.UpdateNodegroupConfigRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateNodegroupVersion = "UpdateNodegroupVersion"
+
+// UpdateNodegroupVersionRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateNodegroupVersion operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateNodegroupVersion for more information on using the UpdateNodegroupVersion
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateNodegroupVersionRequest method.
+// req, resp := client.UpdateNodegroupVersionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupVersion
+func (c *EKS) UpdateNodegroupVersionRequest(input *UpdateNodegroupVersionInput) (req *request.Request, output *UpdateNodegroupVersionOutput) {
+ op := &request.Operation{
+ Name: opUpdateNodegroupVersion,
+ HTTPMethod: "POST",
+ HTTPPath: "/clusters/{name}/node-groups/{nodegroupName}/update-version",
+ }
+
+ if input == nil {
+ input = &UpdateNodegroupVersionInput{}
+ }
+
+ output = &UpdateNodegroupVersionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateNodegroupVersion API operation for Amazon Elastic Kubernetes Service.
+//
+// Updates the Kubernetes version or AMI version of an Amazon EKS managed node
+// group.
+//
+// You can update a node group using a launch template only if the node group
+// was originally deployed with a launch template. If you need to update a custom
+// AMI in a node group that was deployed with a launch template, then update
+// your custom AMI, specify the new ID in a new version of the launch template,
+// and then update the node group to the new version of the launch template.
+//
+// If you update without a launch template, then you can update to the latest
+// available AMI version of a node group's current Kubernetes version by not
+// specifying a Kubernetes version in the request. You can update to the latest
+// AMI version of your cluster's current Kubernetes version by specifying your
+// cluster's Kubernetes version in the request. For information about Linux
+// versions, see Amazon EKS optimized Amazon Linux AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html)
+// in the Amazon EKS User Guide. For information about Windows versions, see
+// Amazon EKS optimized Windows AMI versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-versions-windows.html)
+// in the Amazon EKS User Guide.
+//
+// You cannot roll back a node group to an earlier Kubernetes version or AMI
+// version.
+//
+// When a node in a managed node group is terminated due to a scaling action
+// or update, every Pod on that node is drained first. Amazon EKS attempts to
+// drain the nodes gracefully and will fail if it is unable to do so. You can
+// force the update if Amazon EKS is unable to drain the nodes as a result of
+// a Pod disruption budget issue.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation UpdateNodegroupVersion for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// - ClientException
+// These errors are usually caused by a client action. Actions can include using
+// an action or resource on behalf of an IAM principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// that doesn't have permissions to use the action or resource or specifying
+// an identifier that is not valid.
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceInUseException
+// The specified resource is in use.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateNodegroupVersion
+func (c *EKS) UpdateNodegroupVersion(input *UpdateNodegroupVersionInput) (*UpdateNodegroupVersionOutput, error) {
+ req, out := c.UpdateNodegroupVersionRequest(input)
+ return out, req.Send()
+}
+
+// UpdateNodegroupVersionWithContext is the same as UpdateNodegroupVersion with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateNodegroupVersion for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) UpdateNodegroupVersionWithContext(ctx aws.Context, input *UpdateNodegroupVersionInput, opts ...request.Option) (*UpdateNodegroupVersionOutput, error) {
+ req, out := c.UpdateNodegroupVersionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdatePodIdentityAssociation = "UpdatePodIdentityAssociation"
+
+// UpdatePodIdentityAssociationRequest generates a "aws/request.Request" representing the
+// client's request for the UpdatePodIdentityAssociation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdatePodIdentityAssociation for more information on using the UpdatePodIdentityAssociation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdatePodIdentityAssociationRequest method.
+// req, resp := client.UpdatePodIdentityAssociationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdatePodIdentityAssociation
+func (c *EKS) UpdatePodIdentityAssociationRequest(input *UpdatePodIdentityAssociationInput) (req *request.Request, output *UpdatePodIdentityAssociationOutput) {
+ op := &request.Operation{
+ Name: opUpdatePodIdentityAssociation,
+ HTTPMethod: "POST",
+ HTTPPath: "/clusters/{name}/pod-identity-associations/{associationId}",
+ }
+
+ if input == nil {
+ input = &UpdatePodIdentityAssociationInput{}
+ }
+
+ output = &UpdatePodIdentityAssociationOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdatePodIdentityAssociation API operation for Amazon Elastic Kubernetes Service.
+//
+// Updates a EKS Pod Identity association. Only the IAM role can be changed;
+// an association can't be moved between clusters, namespaces, or service accounts.
+// If you need to edit the namespace or service account, you need to delete
+// the association and then create a new association with your desired settings.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Elastic Kubernetes Service's
+// API operation UpdatePodIdentityAssociation for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServerException
+// These errors are usually caused by a server-side issue.
+//
+// - ResourceNotFoundException
+// The specified resource could not be found. You can view your available clusters
+// with ListClusters. You can view your available managed node groups with ListNodegroups.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
+//
+// - InvalidRequestException
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+//
+// - InvalidParameterException
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdatePodIdentityAssociation
+func (c *EKS) UpdatePodIdentityAssociation(input *UpdatePodIdentityAssociationInput) (*UpdatePodIdentityAssociationOutput, error) {
+ req, out := c.UpdatePodIdentityAssociationRequest(input)
+ return out, req.Send()
+}
+
+// UpdatePodIdentityAssociationWithContext is the same as UpdatePodIdentityAssociation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdatePodIdentityAssociation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EKS) UpdatePodIdentityAssociationWithContext(ctx aws.Context, input *UpdatePodIdentityAssociationInput, opts ...request.Option) (*UpdatePodIdentityAssociationOutput, error) {
+ req, out := c.UpdatePodIdentityAssociationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// The access configuration for the cluster.
+type AccessConfigResponse struct {
+ _ struct{} `type:"structure"`
+
+ // The current authentication mode of the cluster.
+ AuthenticationMode *string `locationName:"authenticationMode" type:"string" enum:"AuthenticationMode"`
+
+ // Specifies whether or not the cluster creator IAM principal was set as a cluster
+ // admin access entry during cluster creation time.
+ BootstrapClusterCreatorAdminPermissions *bool `locationName:"bootstrapClusterCreatorAdminPermissions" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessConfigResponse) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessConfigResponse) GoString() string {
+ return s.String()
+}
+
+// SetAuthenticationMode sets the AuthenticationMode field's value.
+func (s *AccessConfigResponse) SetAuthenticationMode(v string) *AccessConfigResponse {
+ s.AuthenticationMode = &v
+ return s
+}
+
+// SetBootstrapClusterCreatorAdminPermissions sets the BootstrapClusterCreatorAdminPermissions field's value.
+func (s *AccessConfigResponse) SetBootstrapClusterCreatorAdminPermissions(v bool) *AccessConfigResponse {
+ s.BootstrapClusterCreatorAdminPermissions = &v
+ return s
+}
+
+// You don't have permissions to perform the requested operation. The IAM principal
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+// making the request must have at least one IAM permissions policy attached
+// that grants the required permissions. For more information, see Access management
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the IAM
// User Guide.
type AccessDeniedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
- // You do not have sufficient access to perform this action.
- Message_ *string `locationName:"message" type:"string"`
+ // You do not have sufficient access to perform this action.
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) GoString() string {
+ return s.String()
+}
+
+func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
+ return &AccessDeniedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *AccessDeniedException) Code() string {
+ return "AccessDeniedException"
+}
+
+// Message returns the exception's message.
+func (s *AccessDeniedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *AccessDeniedException) OrigErr() error {
+ return nil
+}
+
+func (s *AccessDeniedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *AccessDeniedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *AccessDeniedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// An access entry allows an IAM principal (user or role) to access your cluster.
+// Access entries can replace the need to maintain the aws-auth ConfigMap for
+// authentication. For more information about access entries, see Access entries
+// (https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html) in
+// the Amazon EKS User Guide.
+type AccessEntry struct {
+ _ struct{} `type:"structure"`
+
+ // The ARN of the access entry.
+ AccessEntryArn *string `locationName:"accessEntryArn" type:"string"`
+
+ // The name of your cluster.
+ ClusterName *string `locationName:"clusterName" type:"string"`
+
+ // The Unix epoch timestamp at object creation.
+ CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
+
+ // A name that you've specified in a Kubernetes RoleBinding or ClusterRoleBinding
+ // object so that Kubernetes authorizes the principalARN access to cluster objects.
+ KubernetesGroups []*string `locationName:"kubernetesGroups" type:"list"`
+
+ // The Unix epoch timestamp for the last modification to the object.
+ ModifiedAt *time.Time `locationName:"modifiedAt" type:"timestamp"`
+
+ // The ARN of the IAM principal for the access entry. If you ever delete the
+ // IAM principal with this ARN, the access entry isn't automatically deleted.
+ // We recommend that you delete the access entry with an ARN for an IAM principal
+ // that you delete. If you don't delete the access entry and ever recreate the
+ // IAM principal, even if it has the same ARN, the access entry won't work.
+ // This is because even though the ARN is the same for the recreated IAM principal,
+ // the roleID or userID (you can see this with the Security Token Service GetCallerIdentity
+ // API) is different for the recreated IAM principal than it was for the original
+ // IAM principal. Even though you don't see the IAM principal's roleID or userID
+ // for an access entry, Amazon EKS stores it with the access entry.
+ PrincipalArn *string `locationName:"principalArn" type:"string"`
+
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
+ Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+
+ // The type of the access entry.
+ Type *string `locationName:"type" type:"string"`
+
+ // The name of a user that can authenticate to your cluster.
+ Username *string `locationName:"username" type:"string"`
}
// String returns the string representation.
@@ -5158,7 +6309,7 @@ type AccessDeniedException struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AccessDeniedException) String() string {
+func (s AccessEntry) String() string {
return awsutil.Prettify(s)
}
@@ -5167,46 +6318,154 @@ func (s AccessDeniedException) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AccessDeniedException) GoString() string {
+func (s AccessEntry) GoString() string {
return s.String()
}
-func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
- return &AccessDeniedException{
- RespMetadata: v,
- }
+// SetAccessEntryArn sets the AccessEntryArn field's value.
+func (s *AccessEntry) SetAccessEntryArn(v string) *AccessEntry {
+ s.AccessEntryArn = &v
+ return s
}
-// Code returns the exception type name.
-func (s *AccessDeniedException) Code() string {
- return "AccessDeniedException"
+// SetClusterName sets the ClusterName field's value.
+func (s *AccessEntry) SetClusterName(v string) *AccessEntry {
+ s.ClusterName = &v
+ return s
}
-// Message returns the exception's message.
-func (s *AccessDeniedException) Message() string {
- if s.Message_ != nil {
- return *s.Message_
- }
- return ""
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *AccessEntry) SetCreatedAt(v time.Time) *AccessEntry {
+ s.CreatedAt = &v
+ return s
}
-// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *AccessDeniedException) OrigErr() error {
- return nil
+// SetKubernetesGroups sets the KubernetesGroups field's value.
+func (s *AccessEntry) SetKubernetesGroups(v []*string) *AccessEntry {
+ s.KubernetesGroups = v
+ return s
}
-func (s *AccessDeniedException) Error() string {
- return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+// SetModifiedAt sets the ModifiedAt field's value.
+func (s *AccessEntry) SetModifiedAt(v time.Time) *AccessEntry {
+ s.ModifiedAt = &v
+ return s
}
-// Status code returns the HTTP status code for the request's response error.
-func (s *AccessDeniedException) StatusCode() int {
- return s.RespMetadata.StatusCode
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *AccessEntry) SetPrincipalArn(v string) *AccessEntry {
+ s.PrincipalArn = &v
+ return s
}
-// RequestID returns the service's response RequestID for request.
-func (s *AccessDeniedException) RequestID() string {
- return s.RespMetadata.RequestID
+// SetTags sets the Tags field's value.
+func (s *AccessEntry) SetTags(v map[string]*string) *AccessEntry {
+ s.Tags = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *AccessEntry) SetType(v string) *AccessEntry {
+ s.Type = &v
+ return s
+}
+
+// SetUsername sets the Username field's value.
+func (s *AccessEntry) SetUsername(v string) *AccessEntry {
+ s.Username = &v
+ return s
+}
+
+// An access policy includes permissions that allow Amazon EKS to authorize
+// an IAM principal to work with Kubernetes objects on your cluster. The policies
+// are managed by Amazon EKS, but they're not IAM policies. You can't view the
+// permissions in the policies using the API. The permissions for many of the
+// policies are similar to the Kubernetes cluster-admin, admin, edit, and view
+// cluster roles. For more information about these cluster roles, see User-facing
+// roles (https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles)
+// in the Kubernetes documentation. To view the contents of the policies, see
+// Access policy permissions (https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions)
+// in the Amazon EKS User Guide.
+type AccessPolicy struct {
+ _ struct{} `type:"structure"`
+
+ // The ARN of the access policy.
+ Arn *string `locationName:"arn" type:"string"`
+
+ // The name of the access policy.
+ Name *string `locationName:"name" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicy) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicy) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *AccessPolicy) SetArn(v string) *AccessPolicy {
+ s.Arn = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *AccessPolicy) SetName(v string) *AccessPolicy {
+ s.Name = &v
+ return s
+}
+
+// The scope of an AccessPolicy that's associated to an AccessEntry.
+type AccessScope struct {
+ _ struct{} `type:"structure"`
+
+ // A Kubernetes namespace that an access policy is scoped to. A value is required
+ // if you specified namespace for Type.
+ Namespaces []*string `locationName:"namespaces" type:"list"`
+
+ // The scope type of an access policy.
+ Type *string `locationName:"type" type:"string" enum:"AccessScopeType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessScope) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessScope) GoString() string {
+ return s.String()
+}
+
+// SetNamespaces sets the Namespaces field's value.
+func (s *AccessScope) SetNamespaces(v []*string) *AccessScope {
+ s.Namespaces = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *AccessScope) SetType(v string) *AccessScope {
+ s.Type = &v
+ return s
}
// An Amazon EKS add-on. For more information, see Amazon EKS add-ons (https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html)
@@ -5223,13 +6482,13 @@ type Addon struct {
// The version of the add-on.
AddonVersion *string `locationName:"addonVersion" type:"string"`
- // The name of the cluster.
+ // The name of your cluster.
ClusterName *string `locationName:"clusterName" min:"1" type:"string"`
// The configuration values that you provided.
ConfigurationValues *string `locationName:"configurationValues" type:"string"`
- // The date and time that the add-on was created.
+ // The Unix epoch timestamp at object creation.
CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
// An object that represents the health of the add-on.
@@ -5238,7 +6497,7 @@ type Addon struct {
// Information about an Amazon EKS add-on from the Amazon Web Services Marketplace.
MarketplaceInformation *MarketplaceInformation `locationName:"marketplaceInformation" type:"structure"`
- // The date and time that the add-on was last modified.
+ // The Unix epoch timestamp for the last modification to the object.
ModifiedAt *time.Time `locationName:"modifiedAt" type:"timestamp"`
// The owner of the add-on.
@@ -5248,16 +6507,15 @@ type Addon struct {
Publisher *string `locationName:"publisher" type:"string"`
// The Amazon Resource Name (ARN) of the IAM role that's bound to the Kubernetes
- // service account that the add-on uses.
+ // ServiceAccount object that the add-on uses.
ServiceAccountRoleArn *string `locationName:"serviceAccountRoleArn" type:"string"`
// The status of the add-on.
Status *string `locationName:"status" type:"string" enum:"AddonStatus"`
- // The metadata that you apply to the add-on to assist with categorization and
- // organization. Each tag consists of a key and an optional value. You define
- // both. Add-on tags do not propagate to any other resources associated with
- // the cluster.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
}
@@ -5487,57 +6745,209 @@ type AddonIssue struct {
ResourceIds []*string `locationName:"resourceIds" type:"list"`
}
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AddonIssue) String() string {
- return awsutil.Prettify(s)
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AddonIssue) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AddonIssue) GoString() string {
+ return s.String()
+}
+
+// SetCode sets the Code field's value.
+func (s *AddonIssue) SetCode(v string) *AddonIssue {
+ s.Code = &v
+ return s
+}
+
+// SetMessage sets the Message field's value.
+func (s *AddonIssue) SetMessage(v string) *AddonIssue {
+ s.Message = &v
+ return s
+}
+
+// SetResourceIds sets the ResourceIds field's value.
+func (s *AddonIssue) SetResourceIds(v []*string) *AddonIssue {
+ s.ResourceIds = v
+ return s
+}
+
+// Information about an add-on version.
+type AddonVersionInfo struct {
+ _ struct{} `type:"structure"`
+
+ // The version of the add-on.
+ AddonVersion *string `locationName:"addonVersion" type:"string"`
+
+ // The architectures that the version supports.
+ Architecture []*string `locationName:"architecture" type:"list"`
+
+ // An object representing the compatibilities of a version.
+ Compatibilities []*Compatibility `locationName:"compatibilities" type:"list"`
+
+ // Whether the add-on requires configuration.
+ RequiresConfiguration *bool `locationName:"requiresConfiguration" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AddonVersionInfo) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AddonVersionInfo) GoString() string {
+ return s.String()
+}
+
+// SetAddonVersion sets the AddonVersion field's value.
+func (s *AddonVersionInfo) SetAddonVersion(v string) *AddonVersionInfo {
+ s.AddonVersion = &v
+ return s
+}
+
+// SetArchitecture sets the Architecture field's value.
+func (s *AddonVersionInfo) SetArchitecture(v []*string) *AddonVersionInfo {
+ s.Architecture = v
+ return s
+}
+
+// SetCompatibilities sets the Compatibilities field's value.
+func (s *AddonVersionInfo) SetCompatibilities(v []*Compatibility) *AddonVersionInfo {
+ s.Compatibilities = v
+ return s
+}
+
+// SetRequiresConfiguration sets the RequiresConfiguration field's value.
+func (s *AddonVersionInfo) SetRequiresConfiguration(v bool) *AddonVersionInfo {
+ s.RequiresConfiguration = &v
+ return s
+}
+
+type AssociateAccessPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // The scope for the AccessPolicy. You can scope access policies to an entire
+ // cluster or to specific Kubernetes namespaces.
+ //
+ // AccessScope is a required field
+ AccessScope *AccessScope `locationName:"accessScope" type:"structure" required:"true"`
+
+ // The name of your cluster.
+ //
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
+
+ // The ARN of the AccessPolicy that you're associating. For a list of ARNs,
+ // use ListAccessPolicies.
+ //
+ // PolicyArn is a required field
+ PolicyArn *string `locationName:"policyArn" type:"string" required:"true"`
+
+ // The Amazon Resource Name (ARN) of the IAM user or role for the AccessEntry
+ // that you're associating the access policy to.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `location:"uri" locationName:"principalArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateAccessPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateAccessPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssociateAccessPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AssociateAccessPolicyInput"}
+ if s.AccessScope == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessScope"))
+ }
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
+ }
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.PolicyArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
+ }
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.PrincipalArn != nil && len(*s.PrincipalArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
}
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AddonIssue) GoString() string {
- return s.String()
+// SetAccessScope sets the AccessScope field's value.
+func (s *AssociateAccessPolicyInput) SetAccessScope(v *AccessScope) *AssociateAccessPolicyInput {
+ s.AccessScope = v
+ return s
}
-// SetCode sets the Code field's value.
-func (s *AddonIssue) SetCode(v string) *AddonIssue {
- s.Code = &v
+// SetClusterName sets the ClusterName field's value.
+func (s *AssociateAccessPolicyInput) SetClusterName(v string) *AssociateAccessPolicyInput {
+ s.ClusterName = &v
return s
}
-// SetMessage sets the Message field's value.
-func (s *AddonIssue) SetMessage(v string) *AddonIssue {
- s.Message = &v
+// SetPolicyArn sets the PolicyArn field's value.
+func (s *AssociateAccessPolicyInput) SetPolicyArn(v string) *AssociateAccessPolicyInput {
+ s.PolicyArn = &v
return s
}
-// SetResourceIds sets the ResourceIds field's value.
-func (s *AddonIssue) SetResourceIds(v []*string) *AddonIssue {
- s.ResourceIds = v
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *AssociateAccessPolicyInput) SetPrincipalArn(v string) *AssociateAccessPolicyInput {
+ s.PrincipalArn = &v
return s
}
-// Information about an add-on version.
-type AddonVersionInfo struct {
+type AssociateAccessPolicyOutput struct {
_ struct{} `type:"structure"`
- // The version of the add-on.
- AddonVersion *string `locationName:"addonVersion" type:"string"`
-
- // The architectures that the version supports.
- Architecture []*string `locationName:"architecture" type:"list"`
+ // The AccessPolicy and scope associated to the AccessEntry.
+ AssociatedAccessPolicy *AssociatedAccessPolicy `locationName:"associatedAccessPolicy" type:"structure"`
- // An object representing the compatibilities of a version.
- Compatibilities []*Compatibility `locationName:"compatibilities" type:"list"`
+ // The name of your cluster.
+ ClusterName *string `locationName:"clusterName" type:"string"`
- // Whether the add-on requires configuration.
- RequiresConfiguration *bool `locationName:"requiresConfiguration" type:"boolean"`
+ // The ARN of the IAM principal for the AccessEntry.
+ PrincipalArn *string `locationName:"principalArn" type:"string"`
}
// String returns the string representation.
@@ -5545,7 +6955,7 @@ type AddonVersionInfo struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AddonVersionInfo) String() string {
+func (s AssociateAccessPolicyOutput) String() string {
return awsutil.Prettify(s)
}
@@ -5554,41 +6964,36 @@ func (s AddonVersionInfo) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AddonVersionInfo) GoString() string {
+func (s AssociateAccessPolicyOutput) GoString() string {
return s.String()
}
-// SetAddonVersion sets the AddonVersion field's value.
-func (s *AddonVersionInfo) SetAddonVersion(v string) *AddonVersionInfo {
- s.AddonVersion = &v
- return s
-}
-
-// SetArchitecture sets the Architecture field's value.
-func (s *AddonVersionInfo) SetArchitecture(v []*string) *AddonVersionInfo {
- s.Architecture = v
+// SetAssociatedAccessPolicy sets the AssociatedAccessPolicy field's value.
+func (s *AssociateAccessPolicyOutput) SetAssociatedAccessPolicy(v *AssociatedAccessPolicy) *AssociateAccessPolicyOutput {
+ s.AssociatedAccessPolicy = v
return s
}
-// SetCompatibilities sets the Compatibilities field's value.
-func (s *AddonVersionInfo) SetCompatibilities(v []*Compatibility) *AddonVersionInfo {
- s.Compatibilities = v
+// SetClusterName sets the ClusterName field's value.
+func (s *AssociateAccessPolicyOutput) SetClusterName(v string) *AssociateAccessPolicyOutput {
+ s.ClusterName = &v
return s
}
-// SetRequiresConfiguration sets the RequiresConfiguration field's value.
-func (s *AddonVersionInfo) SetRequiresConfiguration(v bool) *AddonVersionInfo {
- s.RequiresConfiguration = &v
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *AssociateAccessPolicyOutput) SetPrincipalArn(v string) *AssociateAccessPolicyOutput {
+ s.PrincipalArn = &v
return s
}
type AssociateEncryptionConfigInput struct {
_ struct{} `type:"structure"`
- // The client request token you are using with the encryption configuration.
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
+ // of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the cluster that you are associating with encryption configuration.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -5688,11 +7093,11 @@ func (s *AssociateEncryptionConfigOutput) SetUpdate(v *Update) *AssociateEncrypt
type AssociateIdentityProviderConfigInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the cluster to associate the configuration to.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -5702,9 +7107,9 @@ type AssociateIdentityProviderConfigInput struct {
// Oidc is a required field
Oidc *OidcIdentityProviderConfigRequest `locationName:"oidc" type:"structure" required:"true"`
- // The metadata to apply to the configuration to assist with categorization
- // and organization. Each tag consists of a key and an optional value. You define
- // both.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
}
@@ -5817,6 +7222,65 @@ func (s *AssociateIdentityProviderConfigOutput) SetUpdate(v *Update) *AssociateI
return s
}
+// An access policy association.
+type AssociatedAccessPolicy struct {
+ _ struct{} `type:"structure"`
+
+ // The scope of the access policy.
+ AccessScope *AccessScope `locationName:"accessScope" type:"structure"`
+
+ // The date and time the AccessPolicy was associated with an AccessEntry.
+ AssociatedAt *time.Time `locationName:"associatedAt" type:"timestamp"`
+
+ // The Unix epoch timestamp for the last modification to the object.
+ ModifiedAt *time.Time `locationName:"modifiedAt" type:"timestamp"`
+
+ // The ARN of the AccessPolicy.
+ PolicyArn *string `locationName:"policyArn" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociatedAccessPolicy) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociatedAccessPolicy) GoString() string {
+ return s.String()
+}
+
+// SetAccessScope sets the AccessScope field's value.
+func (s *AssociatedAccessPolicy) SetAccessScope(v *AccessScope) *AssociatedAccessPolicy {
+ s.AccessScope = v
+ return s
+}
+
+// SetAssociatedAt sets the AssociatedAt field's value.
+func (s *AssociatedAccessPolicy) SetAssociatedAt(v time.Time) *AssociatedAccessPolicy {
+ s.AssociatedAt = &v
+ return s
+}
+
+// SetModifiedAt sets the ModifiedAt field's value.
+func (s *AssociatedAccessPolicy) SetModifiedAt(v time.Time) *AssociatedAccessPolicy {
+ s.ModifiedAt = &v
+ return s
+}
+
+// SetPolicyArn sets the PolicyArn field's value.
+func (s *AssociatedAccessPolicy) SetPolicyArn(v string) *AssociatedAccessPolicy {
+ s.PolicyArn = &v
+ return s
+}
+
// An Auto Scaling group that is associated with an Amazon EKS managed node
// group.
type AutoScalingGroup struct {
@@ -6039,20 +7503,23 @@ func (s *ClientException) RequestID() string {
type Cluster struct {
_ struct{} `type:"structure"`
+ // The access configuration for the cluster.
+ AccessConfig *AccessConfigResponse `locationName:"accessConfig" type:"structure"`
+
// The Amazon Resource Name (ARN) of the cluster.
Arn *string `locationName:"arn" type:"string"`
// The certificate-authority-data for your cluster.
CertificateAuthority *Certificate `locationName:"certificateAuthority" type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string"`
// The configuration used to connect to a cluster for registration.
ConnectorConfig *ConnectorConfigResponse `locationName:"connectorConfig" type:"structure"`
- // The Unix epoch timestamp in seconds for when the cluster was created.
+ // The Unix epoch timestamp at object creation.
CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
// The encryption configuration for the cluster.
@@ -6080,7 +7547,7 @@ type Cluster struct {
// The logging configuration for your cluster.
Logging *Logging `locationName:"logging" type:"structure"`
- // The name of the cluster.
+ // The name of your cluster.
Name *string `locationName:"name" type:"string"`
// An object representing the configuration of your local Amazon EKS cluster
@@ -6088,15 +7555,18 @@ type Cluster struct {
// on the Amazon Web Services cloud.
OutpostConfig *OutpostConfigResponse `locationName:"outpostConfig" type:"structure"`
- // The platform version of your Amazon EKS cluster. For more information, see
- // Platform Versions (https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html)
+ // The platform version of your Amazon EKS cluster. For more information about
+ // clusters deployed on the Amazon Web Services Cloud, see Platform versions
+ // (https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html)
+ // in the Amazon EKS User Guide . For more information about local clusters
+ // deployed on an Outpost, see Amazon EKS local cluster platform versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-platform-versions.html)
// in the Amazon EKS User Guide .
PlatformVersion *string `locationName:"platformVersion" type:"string"`
// The VPC configuration used by the cluster control plane. Amazon EKS VPC resources
// have specific requirements to work properly with Kubernetes. For more information,
- // see Cluster VPC Considerations (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html)
- // and Cluster Security Group Considerations (https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html)
+ // see Cluster VPC considerations (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html)
+ // and Cluster security group considerations (https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html)
// in the Amazon EKS User Guide.
ResourcesVpcConfig *VpcConfigResponse `locationName:"resourcesVpcConfig" type:"structure"`
@@ -6108,10 +7578,9 @@ type Cluster struct {
// The current status of the cluster.
Status *string `locationName:"status" type:"string" enum:"ClusterStatus"`
- // The metadata that you apply to the cluster to assist with categorization
- // and organization. Each tag consists of a key and an optional value. You define
- // both. Cluster tags do not propagate to any other resources associated with
- // the cluster.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
// The Kubernetes server version for the cluster.
@@ -6136,6 +7605,12 @@ func (s Cluster) GoString() string {
return s.String()
}
+// SetAccessConfig sets the AccessConfig field's value.
+func (s *Cluster) SetAccessConfig(v *AccessConfigResponse) *Cluster {
+ s.AccessConfig = v
+ return s
+}
+
// SetArn sets the Arn field's value.
func (s *Cluster) SetArn(v string) *Cluster {
s.Arn = &v
@@ -6555,21 +8030,251 @@ func (s ControlPlanePlacementRequest) GoString() string {
return s.String()
}
-// SetGroupName sets the GroupName field's value.
-func (s *ControlPlanePlacementRequest) SetGroupName(v string) *ControlPlanePlacementRequest {
- s.GroupName = &v
+// SetGroupName sets the GroupName field's value.
+func (s *ControlPlanePlacementRequest) SetGroupName(v string) *ControlPlanePlacementRequest {
+ s.GroupName = &v
+ return s
+}
+
+// The placement configuration for all the control plane instances of your local
+// Amazon EKS cluster on an Amazon Web Services Outpost. For more information,
+// see Capacity considerations (https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html)
+// in the Amazon EKS User Guide.
+type ControlPlanePlacementResponse struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the placement group for the Kubernetes control plane instances.
+ GroupName *string `locationName:"groupName" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ControlPlanePlacementResponse) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ControlPlanePlacementResponse) GoString() string {
+ return s.String()
+}
+
+// SetGroupName sets the GroupName field's value.
+func (s *ControlPlanePlacementResponse) SetGroupName(v string) *ControlPlanePlacementResponse {
+ s.GroupName = &v
+ return s
+}
+
+// The access configuration information for the cluster.
+type CreateAccessConfigRequest struct {
+ _ struct{} `type:"structure"`
+
+ // The desired authentication mode for the cluster. If you create a cluster
+ // by using the EKS API, Amazon Web Services SDKs, or CloudFormation, the default
+ // is CONFIG_MAP. If you create the cluster by using the Amazon Web Services
+ // Management Console, the default value is API_AND_CONFIG_MAP.
+ AuthenticationMode *string `locationName:"authenticationMode" type:"string" enum:"AuthenticationMode"`
+
+ // Specifies whether or not the cluster creator IAM principal was set as a cluster
+ // admin access entry during cluster creation time. The default value is true.
+ BootstrapClusterCreatorAdminPermissions *bool `locationName:"bootstrapClusterCreatorAdminPermissions" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessConfigRequest) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessConfigRequest) GoString() string {
+ return s.String()
+}
+
+// SetAuthenticationMode sets the AuthenticationMode field's value.
+func (s *CreateAccessConfigRequest) SetAuthenticationMode(v string) *CreateAccessConfigRequest {
+ s.AuthenticationMode = &v
+ return s
+}
+
+// SetBootstrapClusterCreatorAdminPermissions sets the BootstrapClusterCreatorAdminPermissions field's value.
+func (s *CreateAccessConfigRequest) SetBootstrapClusterCreatorAdminPermissions(v bool) *CreateAccessConfigRequest {
+ s.BootstrapClusterCreatorAdminPermissions = &v
+ return s
+}
+
+type CreateAccessEntryInput struct {
+ _ struct{} `type:"structure"`
+
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
+ // of the request.
+ ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
+
+ // The name of your cluster.
+ //
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
+
+ // The value for name that you've specified for kind: Group as a subject in
+ // a Kubernetes RoleBinding or ClusterRoleBinding object. Amazon EKS doesn't
+ // confirm that the value for name exists in any bindings on your cluster. You
+ // can specify one or more names.
+ //
+ // Kubernetes authorizes the principalArn of the access entry to access any
+ // cluster objects that you've specified in a Kubernetes Role or ClusterRole
+ // object that is also specified in a binding's roleRef. For more information
+ // about creating Kubernetes RoleBinding, ClusterRoleBinding, Role, or ClusterRole
+ // objects, see Using RBAC Authorization in the Kubernetes documentation (https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
+ //
+ // If you want Amazon EKS to authorize the principalArn (instead of, or in addition
+ // to Kubernetes authorizing the principalArn), you can associate one or more
+ // access policies to the access entry using AssociateAccessPolicy. If you associate
+ // any access policies, the principalARN has all permissions assigned in the
+ // associated access policies and all permissions in any Kubernetes Role or
+ // ClusterRole objects that the group names are bound to.
+ KubernetesGroups []*string `locationName:"kubernetesGroups" type:"list"`
+
+ // The ARN of the IAM principal for the AccessEntry. You can specify one ARN
+ // for each access entry. You can't specify the same ARN in more than one access
+ // entry. This value can't be changed after access entry creation.
+ //
+ // IAM best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp)
+ // recommend using IAM roles with temporary credentials, rather than IAM users
+ // with long-term credentials.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `locationName:"principalArn" type:"string" required:"true"`
+
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
+ Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+
+ // If the principalArn is for an IAM role that's used for self-managed Amazon
+ // EC2 nodes, specify EC2_LINUX or EC2_WINDOWS. Amazon EKS grants the necessary
+ // permissions to the node for you. If the principalArn is for any other purpose,
+ // specify STANDARD. If you don't specify a value, Amazon EKS sets the value
+ // to STANDARD. It's unnecessary to create access entries for IAM roles used
+ // with Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS creates
+ // entries in the aws-auth ConfigMap for the roles. You can't change this value
+ // once you've created the access entry.
+ //
+ // If you set the value to EC2_LINUX or EC2_WINDOWS, you can't specify values
+ // for kubernetesGroups, or associate an AccessPolicy to the access entry.
+ Type *string `locationName:"type" type:"string"`
+
+ // The username to authenticate to Kubernetes with. We recommend not specifying
+ // a username and letting Amazon EKS specify it for you. For more information
+ // about the value Amazon EKS specifies for you, or constraints before specifying
+ // your own username, see Creating access entries (https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries)
+ // in the Amazon EKS User Guide.
+ Username *string `locationName:"username" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessEntryInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessEntryInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateAccessEntryInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateAccessEntryInput"}
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
+ }
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.Tags != nil && len(s.Tags) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientRequestToken sets the ClientRequestToken field's value.
+func (s *CreateAccessEntryInput) SetClientRequestToken(v string) *CreateAccessEntryInput {
+ s.ClientRequestToken = &v
+ return s
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *CreateAccessEntryInput) SetClusterName(v string) *CreateAccessEntryInput {
+ s.ClusterName = &v
+ return s
+}
+
+// SetKubernetesGroups sets the KubernetesGroups field's value.
+func (s *CreateAccessEntryInput) SetKubernetesGroups(v []*string) *CreateAccessEntryInput {
+ s.KubernetesGroups = v
+ return s
+}
+
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *CreateAccessEntryInput) SetPrincipalArn(v string) *CreateAccessEntryInput {
+ s.PrincipalArn = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *CreateAccessEntryInput) SetTags(v map[string]*string) *CreateAccessEntryInput {
+ s.Tags = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *CreateAccessEntryInput) SetType(v string) *CreateAccessEntryInput {
+ s.Type = &v
+ return s
+}
+
+// SetUsername sets the Username field's value.
+func (s *CreateAccessEntryInput) SetUsername(v string) *CreateAccessEntryInput {
+ s.Username = &v
return s
}
-// The placement configuration for all the control plane instances of your local
-// Amazon EKS cluster on an Amazon Web Services Outpost. For more information,
-// see Capacity considerations (https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html)
-// in the Amazon EKS User Guide.
-type ControlPlanePlacementResponse struct {
+type CreateAccessEntryOutput struct {
_ struct{} `type:"structure"`
- // The name of the placement group for the Kubernetes control plane instances.
- GroupName *string `locationName:"groupName" type:"string"`
+ // An access entry allows an IAM principal (user or role) to access your cluster.
+ // Access entries can replace the need to maintain the aws-auth ConfigMap for
+ // authentication. For more information about access entries, see Access entries
+ // (https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html) in
+ // the Amazon EKS User Guide.
+ AccessEntry *AccessEntry `locationName:"accessEntry" type:"structure"`
}
// String returns the string representation.
@@ -6577,7 +8282,7 @@ type ControlPlanePlacementResponse struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ControlPlanePlacementResponse) String() string {
+func (s CreateAccessEntryOutput) String() string {
return awsutil.Prettify(s)
}
@@ -6586,22 +8291,21 @@ func (s ControlPlanePlacementResponse) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ControlPlanePlacementResponse) GoString() string {
+func (s CreateAccessEntryOutput) GoString() string {
return s.String()
}
-// SetGroupName sets the GroupName field's value.
-func (s *ControlPlanePlacementResponse) SetGroupName(v string) *ControlPlanePlacementResponse {
- s.GroupName = &v
+// SetAccessEntry sets the AccessEntry field's value.
+func (s *CreateAccessEntryOutput) SetAccessEntry(v *AccessEntry) *CreateAccessEntryOutput {
+ s.AccessEntry = v
return s
}
type CreateAddonInput struct {
_ struct{} `type:"structure"`
- // The name of the add-on. The name must match one of the names that DescribeAddonVersions
- // (https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html)
- // returns.
+ // The name of the add-on. The name must match one of the names returned by
+ // DescribeAddonVersions.
//
// AddonName is a required field
AddonName *string `locationName:"addonName" type:"string" required:"true"`
@@ -6614,14 +8318,13 @@ type CreateAddonInput struct {
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the cluster to create the add-on for.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" min:"1" type:"string" required:"true"`
// The set of configuration values for the add-on that's created. The values
- // that you provide are validated against the schema in DescribeAddonConfiguration
- // (https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html).
+ // that you provide are validated against the schema returned by DescribeAddonConfiguration.
ConfigurationValues *string `locationName:"configurationValues" type:"string"`
// How to resolve field value conflicts for an Amazon EKS add-on. Conflicts
@@ -6660,8 +8363,9 @@ type CreateAddonInput struct {
// in the Amazon EKS User Guide.
ServiceAccountRoleArn *string `locationName:"serviceAccountRoleArn" min:"1" type:"string"`
- // The metadata to apply to the cluster to assist with categorization and organization.
- // Each tag consists of a key and an optional value. You define both.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
}
@@ -6791,7 +8495,10 @@ func (s *CreateAddonOutput) SetAddon(v *Addon) *CreateAddonOutput {
type CreateClusterInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // The access configuration for the cluster.
+ AccessConfig *CreateAccessConfigRequest `locationName:"accessConfig" type:"structure"`
+
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
@@ -6845,8 +8552,9 @@ type CreateClusterInput struct {
// RoleArn is a required field
RoleArn *string `locationName:"roleArn" type:"string" required:"true"`
- // The metadata to apply to the cluster to assist with categorization and organization.
- // Each tag consists of a key and an optional value. You define both.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
// The desired Kubernetes version for your cluster. If you don't specify a value
@@ -6904,6 +8612,12 @@ func (s *CreateClusterInput) Validate() error {
return nil
}
+// SetAccessConfig sets the AccessConfig field's value.
+func (s *CreateClusterInput) SetAccessConfig(v *CreateAccessConfigRequest) *CreateClusterInput {
+ s.AccessConfig = v
+ return s
+}
+
// SetClientRequestToken sets the ClientRequestToken field's value.
func (s *CreateClusterInput) SetClientRequestToken(v string) *CreateClusterInput {
s.ClientRequestToken = &v
@@ -7002,7 +8716,7 @@ type CreateEksAnywhereSubscriptionInput struct {
// term.
AutoRenew *bool `locationName:"autoRenew" type:"boolean"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
@@ -7154,11 +8868,11 @@ func (s *CreateEksAnywhereSubscriptionOutput) SetSubscription(v *EksAnywhereSubs
type CreateFargateProfileInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the Amazon EKS cluster to apply the Fargate profile to.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -7168,30 +8882,30 @@ type CreateFargateProfileInput struct {
// FargateProfileName is a required field
FargateProfileName *string `locationName:"fargateProfileName" type:"string" required:"true"`
- // The Amazon Resource Name (ARN) of the pod execution role to use for pods
- // that match the selectors in the Fargate profile. The pod execution role allows
- // Fargate infrastructure to register with your cluster as a node, and it provides
- // read access to Amazon ECR image repositories. For more information, see Pod
- // Execution Role (https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html)
+ // The Amazon Resource Name (ARN) of the Pod execution role to use for a Pod
+ // that matches the selectors in the Fargate profile. The Pod execution role
+ // allows Fargate infrastructure to register with your cluster as a node, and
+ // it provides read access to Amazon ECR image repositories. For more information,
+ // see Pod execution role (https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html)
// in the Amazon EKS User Guide.
//
// PodExecutionRoleArn is a required field
PodExecutionRoleArn *string `locationName:"podExecutionRoleArn" type:"string" required:"true"`
- // The selectors to match for pods to use this Fargate profile. Each selector
- // must have an associated namespace. Optionally, you can also specify labels
- // for a namespace. You may specify up to five selectors in a Fargate profile.
+ // The selectors to match for a Pod to use this Fargate profile. Each selector
+ // must have an associated Kubernetes namespace. Optionally, you can also specify
+ // labels for a namespace. You may specify up to five selectors in a Fargate
+ // profile.
Selectors []*FargateProfileSelector `locationName:"selectors" type:"list"`
- // The IDs of subnets to launch your pods into. At this time, pods running on
- // Fargate are not assigned public IP addresses, so only private subnets (with
- // no direct route to an Internet Gateway) are accepted for this parameter.
+ // The IDs of subnets to launch a Pod into. A Pod running on Fargate isn't assigned
+ // a public IP address, so only private subnets (with no direct route to an
+ // Internet Gateway) are accepted for this parameter.
Subnets []*string `locationName:"subnets" type:"list"`
- // The metadata to apply to the Fargate profile to assist with categorization
- // and organization. Each tag consists of a key and an optional value. You define
- // both. Fargate profile tags do not propagate to any other resources associated
- // with the Fargate profile, such as the pods that are scheduled with it.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
}
@@ -7326,11 +9040,11 @@ type CreateNodegroupInput struct {
// The capacity type for your node group.
CapacityType *string `locationName:"capacityType" type:"string" enum:"CapacityTypes"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the cluster to create the node group in.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -7357,8 +9071,8 @@ type CreateNodegroupInput struct {
// in the Amazon EKS User Guide.
InstanceTypes []*string `locationName:"instanceTypes" type:"list"`
- // The Kubernetes labels to be applied to the nodes in the node group when they
- // are created.
+ // The Kubernetes labels to apply to the nodes in the node group when they are
+ // created.
Labels map[string]*string `locationName:"labels" type:"map"`
// An object representing a node group's launch template specification. If specified,
@@ -7426,10 +9140,9 @@ type CreateNodegroupInput struct {
// Subnets is a required field
Subnets []*string `locationName:"subnets" type:"list" required:"true"`
- // The metadata to apply to the node group to assist with categorization and
- // organization. Each tag consists of a key and an optional value. You define
- // both. Node group tags do not propagate to any other resources associated
- // with the node group, such as the Amazon EC2 instances or subnets.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
// The Kubernetes taints to be applied to the nodes in the node group. For more
@@ -7657,7 +9370,7 @@ func (s *CreateNodegroupOutput) SetNodegroup(v *Nodegroup) *CreateNodegroupOutpu
type CreatePodIdentityAssociationInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
@@ -7686,9 +9399,9 @@ type CreatePodIdentityAssociationInput struct {
// ServiceAccount is a required field
ServiceAccount *string `locationName:"serviceAccount" type:"string" required:"true"`
- // The metadata that you apply to a resource to assist with categorization and
- // organization. Each tag consists of a key and an optional value. You define
- // both.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
//
// The following basic restrictions apply to tags:
//
@@ -7831,6 +9544,94 @@ func (s *CreatePodIdentityAssociationOutput) SetAssociation(v *PodIdentityAssoci
return s
}
+type DeleteAccessEntryInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of your cluster.
+ //
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
+
+ // The ARN of the IAM principal for the AccessEntry.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `location:"uri" locationName:"principalArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessEntryInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessEntryInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteAccessEntryInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteAccessEntryInput"}
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
+ }
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.PrincipalArn != nil && len(*s.PrincipalArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *DeleteAccessEntryInput) SetClusterName(v string) *DeleteAccessEntryInput {
+ s.ClusterName = &v
+ return s
+}
+
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *DeleteAccessEntryInput) SetPrincipalArn(v string) *DeleteAccessEntryInput {
+ s.PrincipalArn = &v
+ return s
+}
+
+type DeleteAccessEntryOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessEntryOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessEntryOutput) GoString() string {
+ return s.String()
+}
+
type DeleteAddonInput struct {
_ struct{} `type:"structure" nopayload:"true"`
@@ -7840,7 +9641,7 @@ type DeleteAddonInput struct {
// AddonName is a required field
AddonName *string `location:"uri" locationName:"addonName" type:"string" required:"true"`
- // The name of the cluster to delete the add-on from.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" min:"1" type:"string" required:"true"`
@@ -8104,8 +9905,7 @@ func (s *DeleteEksAnywhereSubscriptionOutput) SetSubscription(v *EksAnywhereSubs
type DeleteFargateProfileInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the Amazon EKS cluster associated with the Fargate profile to
- // delete.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -8202,7 +10002,7 @@ func (s *DeleteFargateProfileOutput) SetFargateProfile(v *FargateProfile) *Delet
type DeleteNodegroupInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the Amazon EKS cluster that is associated with your node group.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -8473,12 +10273,108 @@ func (s *DeregisterClusterOutput) SetCluster(v *Cluster) *DeregisterClusterOutpu
return s
}
+type DescribeAccessEntryInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of your cluster.
+ //
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
+
+ // The ARN of the IAM principal for the AccessEntry.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `location:"uri" locationName:"principalArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAccessEntryInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAccessEntryInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeAccessEntryInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DescribeAccessEntryInput"}
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
+ }
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.PrincipalArn != nil && len(*s.PrincipalArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *DescribeAccessEntryInput) SetClusterName(v string) *DescribeAccessEntryInput {
+ s.ClusterName = &v
+ return s
+}
+
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *DescribeAccessEntryInput) SetPrincipalArn(v string) *DescribeAccessEntryInput {
+ s.PrincipalArn = &v
+ return s
+}
+
+type DescribeAccessEntryOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Information about the access entry.
+ AccessEntry *AccessEntry `locationName:"accessEntry" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAccessEntryOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAccessEntryOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessEntry sets the AccessEntry field's value.
+func (s *DescribeAccessEntryOutput) SetAccessEntry(v *AccessEntry) *DescribeAccessEntryOutput {
+ s.AccessEntry = v
+ return s
+}
+
type DescribeAddonConfigurationInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the add-on. The name must match one of the names that DescribeAddonVersions
- // (https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html)
- // returns.
+ // The name of the add-on. The name must match one of the names returned by
+ // DescribeAddonVersions.
//
// AddonName is a required field
AddonName *string `location:"querystring" locationName:"addonName" type:"string" required:"true"`
@@ -8546,8 +10442,8 @@ type DescribeAddonConfigurationOutput struct {
// by DescribeAddonVersions (https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html).
AddonVersion *string `locationName:"addonVersion" type:"string"`
- // A JSON schema that's used to validate the configuration values that you provide
- // when an addon is created or updated.
+ // A JSON schema that's used to validate the configuration values you provide
+ // when an add-on is created or updated.
ConfigurationSchema *string `locationName:"configurationSchema" type:"string"`
}
@@ -8596,7 +10492,7 @@ type DescribeAddonInput struct {
// AddonName is a required field
AddonName *string `location:"uri" locationName:"addonName" type:"string" required:"true"`
- // The name of the cluster.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" min:"1" type:"string" required:"true"`
@@ -8696,13 +10592,18 @@ type DescribeAddonVersionsInput struct {
// The Kubernetes versions that you can use the add-on with.
KubernetesVersion *string `location:"querystring" locationName:"kubernetesVersion" type:"string"`
- // The maximum number of results to return.
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The nextToken value returned from a previous paginated DescribeAddonVersionsRequest
- // where maxResults was used and the results exceeded the value of that parameter.
- // Pagination continues from the end of the previous results that returned the
- // nextToken value.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
//
// This token should be treated as an opaque identifier that is used only to
// retrieve the next items in a list and not for other programmatic purposes.
@@ -8843,7 +10744,7 @@ func (s *DescribeAddonVersionsOutput) SetNextToken(v string) *DescribeAddonVersi
type DescribeClusterInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the cluster to describe.
+ // The name of your cluster.
//
// Name is a required field
Name *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -9003,7 +10904,7 @@ func (s *DescribeEksAnywhereSubscriptionOutput) SetSubscription(v *EksAnywhereSu
type DescribeFargateProfileInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the Amazon EKS cluster associated with the Fargate profile.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -9100,7 +11001,7 @@ func (s *DescribeFargateProfileOutput) SetFargateProfile(v *FargateProfile) *Des
type DescribeIdentityProviderConfigInput struct {
_ struct{} `type:"structure"`
- // The cluster name that the identity provider configuration is associated to.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -9199,7 +11100,7 @@ func (s *DescribeIdentityProviderConfigOutput) SetIdentityProviderConfig(v *Iden
type DescribeNodegroupInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the Amazon EKS cluster associated with the node group.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -9390,6 +11291,7 @@ func (s *DescribePodIdentityAssociationOutput) SetAssociation(v *PodIdentityAsso
return s
}
+// Describes an update request.
type DescribeUpdateInput struct {
_ struct{} `type:"structure" nopayload:"true"`
@@ -9489,7 +11391,119 @@ type DescribeUpdateOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s DescribeUpdateOutput) String() string {
+func (s DescribeUpdateOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeUpdateOutput) GoString() string {
+ return s.String()
+}
+
+// SetUpdate sets the Update field's value.
+func (s *DescribeUpdateOutput) SetUpdate(v *Update) *DescribeUpdateOutput {
+ s.Update = v
+ return s
+}
+
+type DisassociateAccessPolicyInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of your cluster.
+ //
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
+
+ // The ARN of the policy to disassociate from the access entry. For a list of
+ // associated policies ARNs, use ListAssociatedAccessPolicies.
+ //
+ // PolicyArn is a required field
+ PolicyArn *string `location:"uri" locationName:"policyArn" type:"string" required:"true"`
+
+ // The ARN of the IAM principal for the AccessEntry.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `location:"uri" locationName:"principalArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DisassociateAccessPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DisassociateAccessPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DisassociateAccessPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DisassociateAccessPolicyInput"}
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
+ }
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.PolicyArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
+ }
+ if s.PolicyArn != nil && len(*s.PolicyArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 1))
+ }
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.PrincipalArn != nil && len(*s.PrincipalArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *DisassociateAccessPolicyInput) SetClusterName(v string) *DisassociateAccessPolicyInput {
+ s.ClusterName = &v
+ return s
+}
+
+// SetPolicyArn sets the PolicyArn field's value.
+func (s *DisassociateAccessPolicyInput) SetPolicyArn(v string) *DisassociateAccessPolicyInput {
+ s.PolicyArn = &v
+ return s
+}
+
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *DisassociateAccessPolicyInput) SetPrincipalArn(v string) *DisassociateAccessPolicyInput {
+ s.PrincipalArn = &v
+ return s
+}
+
+type DisassociateAccessPolicyOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DisassociateAccessPolicyOutput) String() string {
return awsutil.Prettify(s)
}
@@ -9498,16 +11512,10 @@ func (s DescribeUpdateOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s DescribeUpdateOutput) GoString() string {
+func (s DisassociateAccessPolicyOutput) GoString() string {
return s.String()
}
-// SetUpdate sets the Update field's value.
-func (s *DescribeUpdateOutput) SetUpdate(v *Update) *DescribeUpdateOutput {
- s.Update = v
- return s
-}
-
type DisassociateIdentityProviderConfigInput struct {
_ struct{} `type:"structure"`
@@ -9515,7 +11523,7 @@ type DisassociateIdentityProviderConfigInput struct {
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the cluster to disassociate an identity provider from.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
@@ -9776,7 +11784,269 @@ type EksAnywhereSubscriptionTerm struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s EksAnywhereSubscriptionTerm) String() string {
+func (s EksAnywhereSubscriptionTerm) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EksAnywhereSubscriptionTerm) GoString() string {
+ return s.String()
+}
+
+// SetDuration sets the Duration field's value.
+func (s *EksAnywhereSubscriptionTerm) SetDuration(v int64) *EksAnywhereSubscriptionTerm {
+ s.Duration = &v
+ return s
+}
+
+// SetUnit sets the Unit field's value.
+func (s *EksAnywhereSubscriptionTerm) SetUnit(v string) *EksAnywhereSubscriptionTerm {
+ s.Unit = &v
+ return s
+}
+
+// The encryption configuration for the cluster.
+type EncryptionConfig struct {
+ _ struct{} `type:"structure"`
+
+ // Key Management Service (KMS) key. Either the ARN or the alias can be used.
+ Provider *Provider `locationName:"provider" type:"structure"`
+
+ // Specifies the resources to be encrypted. The only supported value is secrets.
+ Resources []*string `locationName:"resources" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfig) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfig) GoString() string {
+ return s.String()
+}
+
+// SetProvider sets the Provider field's value.
+func (s *EncryptionConfig) SetProvider(v *Provider) *EncryptionConfig {
+ s.Provider = v
+ return s
+}
+
+// SetResources sets the Resources field's value.
+func (s *EncryptionConfig) SetResources(v []*string) *EncryptionConfig {
+ s.Resources = v
+ return s
+}
+
+// An object representing an error when an asynchronous operation fails.
+type ErrorDetail struct {
+ _ struct{} `type:"structure"`
+
+ // A brief description of the error.
+ //
+ // * SubnetNotFound: We couldn't find one of the subnets associated with
+ // the cluster.
+ //
+ // * SecurityGroupNotFound: We couldn't find one of the security groups associated
+ // with the cluster.
+ //
+ // * EniLimitReached: You have reached the elastic network interface limit
+ // for your account.
+ //
+ // * IpNotAvailable: A subnet associated with the cluster doesn't have any
+ // available IP addresses.
+ //
+ // * AccessDenied: You don't have permissions to perform the specified operation.
+ //
+ // * OperationNotPermitted: The service role associated with the cluster
+ // doesn't have the required access permissions for Amazon EKS.
+ //
+ // * VpcIdNotFound: We couldn't find the VPC associated with the cluster.
+ ErrorCode *string `locationName:"errorCode" type:"string" enum:"ErrorCode"`
+
+ // A more complete description of the error.
+ ErrorMessage *string `locationName:"errorMessage" type:"string"`
+
+ // An optional field that contains the resource IDs associated with the error.
+ ResourceIds []*string `locationName:"resourceIds" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ErrorDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ErrorDetail) GoString() string {
+ return s.String()
+}
+
+// SetErrorCode sets the ErrorCode field's value.
+func (s *ErrorDetail) SetErrorCode(v string) *ErrorDetail {
+ s.ErrorCode = &v
+ return s
+}
+
+// SetErrorMessage sets the ErrorMessage field's value.
+func (s *ErrorDetail) SetErrorMessage(v string) *ErrorDetail {
+ s.ErrorMessage = &v
+ return s
+}
+
+// SetResourceIds sets the ResourceIds field's value.
+func (s *ErrorDetail) SetResourceIds(v []*string) *ErrorDetail {
+ s.ResourceIds = v
+ return s
+}
+
+// An object representing an Fargate profile.
+type FargateProfile struct {
+ _ struct{} `type:"structure"`
+
+ // The name of your cluster.
+ ClusterName *string `locationName:"clusterName" type:"string"`
+
+ // The Unix epoch timestamp at object creation.
+ CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
+
+ // The full Amazon Resource Name (ARN) of the Fargate profile.
+ FargateProfileArn *string `locationName:"fargateProfileArn" type:"string"`
+
+ // The name of the Fargate profile.
+ FargateProfileName *string `locationName:"fargateProfileName" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the Pod execution role to use for any Pod
+ // that matches the selectors in the Fargate profile. For more information,
+ // see Pod execution role (https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html)
+ // in the Amazon EKS User Guide.
+ PodExecutionRoleArn *string `locationName:"podExecutionRoleArn" type:"string"`
+
+ // The selectors to match for a Pod to use this Fargate profile.
+ Selectors []*FargateProfileSelector `locationName:"selectors" type:"list"`
+
+ // The current status of the Fargate profile.
+ Status *string `locationName:"status" type:"string" enum:"FargateProfileStatus"`
+
+ // The IDs of subnets to launch a Pod into.
+ Subnets []*string `locationName:"subnets" type:"list"`
+
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
+ Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FargateProfile) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FargateProfile) GoString() string {
+ return s.String()
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *FargateProfile) SetClusterName(v string) *FargateProfile {
+ s.ClusterName = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *FargateProfile) SetCreatedAt(v time.Time) *FargateProfile {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetFargateProfileArn sets the FargateProfileArn field's value.
+func (s *FargateProfile) SetFargateProfileArn(v string) *FargateProfile {
+ s.FargateProfileArn = &v
+ return s
+}
+
+// SetFargateProfileName sets the FargateProfileName field's value.
+func (s *FargateProfile) SetFargateProfileName(v string) *FargateProfile {
+ s.FargateProfileName = &v
+ return s
+}
+
+// SetPodExecutionRoleArn sets the PodExecutionRoleArn field's value.
+func (s *FargateProfile) SetPodExecutionRoleArn(v string) *FargateProfile {
+ s.PodExecutionRoleArn = &v
+ return s
+}
+
+// SetSelectors sets the Selectors field's value.
+func (s *FargateProfile) SetSelectors(v []*FargateProfileSelector) *FargateProfile {
+ s.Selectors = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *FargateProfile) SetStatus(v string) *FargateProfile {
+ s.Status = &v
+ return s
+}
+
+// SetSubnets sets the Subnets field's value.
+func (s *FargateProfile) SetSubnets(v []*string) *FargateProfile {
+ s.Subnets = v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *FargateProfile) SetTags(v map[string]*string) *FargateProfile {
+ s.Tags = v
+ return s
+}
+
+// An object representing an Fargate profile selector.
+type FargateProfileSelector struct {
+ _ struct{} `type:"structure"`
+
+ // The Kubernetes labels that the selector should match. A pod must contain
+ // all of the labels that are specified in the selector for it to be considered
+ // a match.
+ Labels map[string]*string `locationName:"labels" type:"map"`
+
+ // The Kubernetes namespace that the selector should match.
+ Namespace *string `locationName:"namespace" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FargateProfileSelector) String() string {
return awsutil.Prettify(s)
}
@@ -9785,31 +12055,29 @@ func (s EksAnywhereSubscriptionTerm) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s EksAnywhereSubscriptionTerm) GoString() string {
+func (s FargateProfileSelector) GoString() string {
return s.String()
}
-// SetDuration sets the Duration field's value.
-func (s *EksAnywhereSubscriptionTerm) SetDuration(v int64) *EksAnywhereSubscriptionTerm {
- s.Duration = &v
+// SetLabels sets the Labels field's value.
+func (s *FargateProfileSelector) SetLabels(v map[string]*string) *FargateProfileSelector {
+ s.Labels = v
return s
}
-// SetUnit sets the Unit field's value.
-func (s *EksAnywhereSubscriptionTerm) SetUnit(v string) *EksAnywhereSubscriptionTerm {
- s.Unit = &v
+// SetNamespace sets the Namespace field's value.
+func (s *FargateProfileSelector) SetNamespace(v string) *FargateProfileSelector {
+ s.Namespace = &v
return s
}
-// The encryption configuration for the cluster.
-type EncryptionConfig struct {
+// An object representing an identity provider.
+type Identity struct {
_ struct{} `type:"structure"`
- // Key Management Service (KMS) key. Either the ARN or the alias can be used.
- Provider *Provider `locationName:"provider" type:"structure"`
-
- // Specifies the resources to be encrypted. The only supported value is "secrets".
- Resources []*string `locationName:"resources" type:"list"`
+ // An object representing the OpenID Connect (https://openid.net/connect/) identity
+ // provider information.
+ Oidc *OIDC `locationName:"oidc" type:"structure"`
}
// String returns the string representation.
@@ -9817,7 +12085,7 @@ type EncryptionConfig struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s EncryptionConfig) String() string {
+func (s Identity) String() string {
return awsutil.Prettify(s)
}
@@ -9826,53 +12094,30 @@ func (s EncryptionConfig) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s EncryptionConfig) GoString() string {
+func (s Identity) GoString() string {
return s.String()
}
-// SetProvider sets the Provider field's value.
-func (s *EncryptionConfig) SetProvider(v *Provider) *EncryptionConfig {
- s.Provider = v
- return s
-}
-
-// SetResources sets the Resources field's value.
-func (s *EncryptionConfig) SetResources(v []*string) *EncryptionConfig {
- s.Resources = v
+// SetOidc sets the Oidc field's value.
+func (s *Identity) SetOidc(v *OIDC) *Identity {
+ s.Oidc = v
return s
}
-// An object representing an error when an asynchronous operation fails.
-type ErrorDetail struct {
+// An object representing an identity provider configuration.
+type IdentityProviderConfig struct {
_ struct{} `type:"structure"`
- // A brief description of the error.
- //
- // * SubnetNotFound: We couldn't find one of the subnets associated with
- // the cluster.
- //
- // * SecurityGroupNotFound: We couldn't find one of the security groups associated
- // with the cluster.
- //
- // * EniLimitReached: You have reached the elastic network interface limit
- // for your account.
- //
- // * IpNotAvailable: A subnet associated with the cluster doesn't have any
- // free IP addresses.
- //
- // * AccessDenied: You don't have permissions to perform the specified operation.
- //
- // * OperationNotPermitted: The service role associated with the cluster
- // doesn't have the required access permissions for Amazon EKS.
+ // The name of the identity provider configuration.
//
- // * VpcIdNotFound: We couldn't find the VPC associated with the cluster.
- ErrorCode *string `locationName:"errorCode" type:"string" enum:"ErrorCode"`
-
- // A more complete description of the error.
- ErrorMessage *string `locationName:"errorMessage" type:"string"`
+ // Name is a required field
+ Name *string `locationName:"name" type:"string" required:"true"`
- // An optional field that contains the resource IDs associated with the error.
- ResourceIds []*string `locationName:"resourceIds" type:"list"`
+ // The type of the identity provider configuration. The only type available
+ // is oidc.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true"`
}
// String returns the string representation.
@@ -9880,7 +12125,7 @@ type ErrorDetail struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ErrorDetail) String() string {
+func (s IdentityProviderConfig) String() string {
return awsutil.Prettify(s)
}
@@ -9889,64 +12134,95 @@ func (s ErrorDetail) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ErrorDetail) GoString() string {
+func (s IdentityProviderConfig) GoString() string {
return s.String()
}
-// SetErrorCode sets the ErrorCode field's value.
-func (s *ErrorDetail) SetErrorCode(v string) *ErrorDetail {
- s.ErrorCode = &v
- return s
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *IdentityProviderConfig) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "IdentityProviderConfig"}
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
}
-// SetErrorMessage sets the ErrorMessage field's value.
-func (s *ErrorDetail) SetErrorMessage(v string) *ErrorDetail {
- s.ErrorMessage = &v
+// SetName sets the Name field's value.
+func (s *IdentityProviderConfig) SetName(v string) *IdentityProviderConfig {
+ s.Name = &v
return s
}
-// SetResourceIds sets the ResourceIds field's value.
-func (s *ErrorDetail) SetResourceIds(v []*string) *ErrorDetail {
- s.ResourceIds = v
+// SetType sets the Type field's value.
+func (s *IdentityProviderConfig) SetType(v string) *IdentityProviderConfig {
+ s.Type = &v
return s
}
-// An object representing an Fargate profile.
-type FargateProfile struct {
+// The full description of your identity configuration.
+type IdentityProviderConfigResponse struct {
_ struct{} `type:"structure"`
- // The name of the Amazon EKS cluster that the Fargate profile belongs to.
- ClusterName *string `locationName:"clusterName" type:"string"`
+ // An object representing an OpenID Connect (OIDC) identity provider configuration.
+ Oidc *OidcIdentityProviderConfig `locationName:"oidc" type:"structure"`
+}
- // The Unix epoch timestamp in seconds for when the Fargate profile was created.
- CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IdentityProviderConfigResponse) String() string {
+ return awsutil.Prettify(s)
+}
- // The full Amazon Resource Name (ARN) of the Fargate profile.
- FargateProfileArn *string `locationName:"fargateProfileArn" type:"string"`
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IdentityProviderConfigResponse) GoString() string {
+ return s.String()
+}
- // The name of the Fargate profile.
- FargateProfileName *string `locationName:"fargateProfileName" type:"string"`
+// SetOidc sets the Oidc field's value.
+func (s *IdentityProviderConfigResponse) SetOidc(v *OidcIdentityProviderConfig) *IdentityProviderConfigResponse {
+ s.Oidc = v
+ return s
+}
- // The Amazon Resource Name (ARN) of the pod execution role to use for pods
- // that match the selectors in the Fargate profile. For more information, see
- // Pod Execution Role (https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html)
- // in the Amazon EKS User Guide.
- PodExecutionRoleArn *string `locationName:"podExecutionRoleArn" type:"string"`
+// The specified parameter is invalid. Review the available parameters for the
+// API request.
+type InvalidParameterException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
- // The selectors to match for pods to use this Fargate profile.
- Selectors []*FargateProfileSelector `locationName:"selectors" type:"list"`
+ // The specified parameter for the add-on name is invalid. Review the available
+ // parameters for the API request
+ AddonName *string `locationName:"addonName" type:"string"`
- // The current status of the Fargate profile.
- Status *string `locationName:"status" type:"string" enum:"FargateProfileStatus"`
+ // The Amazon EKS cluster associated with the exception.
+ ClusterName *string `locationName:"clusterName" type:"string"`
- // The IDs of subnets to launch pods into.
- Subnets []*string `locationName:"subnets" type:"list"`
+ // The Fargate profile associated with the exception.
+ FargateProfileName *string `locationName:"fargateProfileName" type:"string"`
- // The metadata applied to the Fargate profile to assist with categorization
- // and organization. Each tag consists of a key and an optional value. You define
- // both. Fargate profile tags do not propagate to any other resources associated
- // with the Fargate profile, such as the pods that are scheduled with it.
- Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+ // The specified parameter is invalid. Review the available parameters for the
+ // API request.
+ Message_ *string `locationName:"message" type:"string"`
+
+ // The Amazon EKS managed node group associated with the exception.
+ NodegroupName *string `locationName:"nodegroupName" type:"string"`
+
+ // The Amazon EKS subscription ID with the exception.
+ SubscriptionId *string `locationName:"subscriptionId" type:"string"`
}
// String returns the string representation.
@@ -9954,7 +12230,7 @@ type FargateProfile struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s FargateProfile) String() string {
+func (s InvalidParameterException) String() string {
return awsutil.Prettify(s)
}
@@ -9963,75 +12239,69 @@ func (s FargateProfile) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s FargateProfile) GoString() string {
+func (s InvalidParameterException) GoString() string {
return s.String()
}
-// SetClusterName sets the ClusterName field's value.
-func (s *FargateProfile) SetClusterName(v string) *FargateProfile {
- s.ClusterName = &v
- return s
+func newErrorInvalidParameterException(v protocol.ResponseMetadata) error {
+ return &InvalidParameterException{
+ RespMetadata: v,
+ }
}
-// SetCreatedAt sets the CreatedAt field's value.
-func (s *FargateProfile) SetCreatedAt(v time.Time) *FargateProfile {
- s.CreatedAt = &v
- return s
+// Code returns the exception type name.
+func (s *InvalidParameterException) Code() string {
+ return "InvalidParameterException"
}
-// SetFargateProfileArn sets the FargateProfileArn field's value.
-func (s *FargateProfile) SetFargateProfileArn(v string) *FargateProfile {
- s.FargateProfileArn = &v
- return s
+// Message returns the exception's message.
+func (s *InvalidParameterException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
}
-// SetFargateProfileName sets the FargateProfileName field's value.
-func (s *FargateProfile) SetFargateProfileName(v string) *FargateProfile {
- s.FargateProfileName = &v
- return s
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidParameterException) OrigErr() error {
+ return nil
}
-// SetPodExecutionRoleArn sets the PodExecutionRoleArn field's value.
-func (s *FargateProfile) SetPodExecutionRoleArn(v string) *FargateProfile {
- s.PodExecutionRoleArn = &v
- return s
+func (s *InvalidParameterException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
-// SetSelectors sets the Selectors field's value.
-func (s *FargateProfile) SetSelectors(v []*FargateProfileSelector) *FargateProfile {
- s.Selectors = v
- return s
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidParameterException) StatusCode() int {
+ return s.RespMetadata.StatusCode
}
-// SetStatus sets the Status field's value.
-func (s *FargateProfile) SetStatus(v string) *FargateProfile {
- s.Status = &v
- return s
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidParameterException) RequestID() string {
+ return s.RespMetadata.RequestID
}
-// SetSubnets sets the Subnets field's value.
-func (s *FargateProfile) SetSubnets(v []*string) *FargateProfile {
- s.Subnets = v
- return s
-}
+// The request is invalid given the state of the cluster. Check the state of
+// the cluster and the associated operations.
+type InvalidRequestException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
-// SetTags sets the Tags field's value.
-func (s *FargateProfile) SetTags(v map[string]*string) *FargateProfile {
- s.Tags = v
- return s
-}
+ // The request is invalid given the state of the add-on name. Check the state
+ // of the cluster and the associated operations.
+ AddonName *string `locationName:"addonName" type:"string"`
-// An object representing an Fargate profile selector.
-type FargateProfileSelector struct {
- _ struct{} `type:"structure"`
+ // The Amazon EKS cluster associated with the exception.
+ ClusterName *string `locationName:"clusterName" type:"string"`
- // The Kubernetes labels that the selector should match. A pod must contain
- // all of the labels that are specified in the selector for it to be considered
- // a match.
- Labels map[string]*string `locationName:"labels" type:"map"`
+ // The Amazon EKS add-on name associated with the exception.
+ Message_ *string `locationName:"message" type:"string"`
- // The Kubernetes namespace that the selector should match.
- Namespace *string `locationName:"namespace" type:"string"`
+ // The Amazon EKS managed node group associated with the exception.
+ NodegroupName *string `locationName:"nodegroupName" type:"string"`
+
+ // The Amazon EKS subscription ID with the exception.
+ SubscriptionId *string `locationName:"subscriptionId" type:"string"`
}
// String returns the string representation.
@@ -10039,7 +12309,7 @@ type FargateProfileSelector struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s FargateProfileSelector) String() string {
+func (s InvalidRequestException) String() string {
return awsutil.Prettify(s)
}
@@ -10048,29 +12318,123 @@ func (s FargateProfileSelector) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s FargateProfileSelector) GoString() string {
+func (s InvalidRequestException) GoString() string {
return s.String()
}
-// SetLabels sets the Labels field's value.
-func (s *FargateProfileSelector) SetLabels(v map[string]*string) *FargateProfileSelector {
- s.Labels = v
- return s
+func newErrorInvalidRequestException(v protocol.ResponseMetadata) error {
+ return &InvalidRequestException{
+ RespMetadata: v,
+ }
}
-// SetNamespace sets the Namespace field's value.
-func (s *FargateProfileSelector) SetNamespace(v string) *FargateProfileSelector {
- s.Namespace = &v
- return s
+// Code returns the exception type name.
+func (s *InvalidRequestException) Code() string {
+ return "InvalidRequestException"
}
-// An object representing an identity provider.
-type Identity struct {
+// Message returns the exception's message.
+func (s *InvalidRequestException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidRequestException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidRequestException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidRequestException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidRequestException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// An object representing an issue with an Amazon EKS resource.
+type Issue struct {
_ struct{} `type:"structure"`
- // An object representing the OpenID Connect (https://openid.net/connect/) identity
- // provider information.
- Oidc *OIDC `locationName:"oidc" type:"structure"`
+ // A brief description of the error.
+ //
+ // * AccessDenied: Amazon EKS or one or more of your managed nodes is failing
+ // to authenticate or authorize with your Kubernetes cluster API server.
+ //
+ // * AsgInstanceLaunchFailures: Your Auto Scaling group is experiencing failures
+ // while attempting to launch instances.
+ //
+ // * AutoScalingGroupNotFound: We couldn't find the Auto Scaling group associated
+ // with the managed node group. You may be able to recreate an Auto Scaling
+ // group with the same settings to recover.
+ //
+ // * ClusterUnreachable: Amazon EKS or one or more of your managed nodes
+ // is unable to to communicate with your Kubernetes cluster API server. This
+ // can happen if there are network disruptions or if API servers are timing
+ // out processing requests.
+ //
+ // * Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template
+ // for your managed node group. You may be able to recreate a launch template
+ // with the same settings to recover.
+ //
+ // * Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version
+ // for your managed node group does not match the version that Amazon EKS
+ // created. You may be able to revert to the version that Amazon EKS created
+ // to recover.
+ //
+ // * Ec2SecurityGroupDeletionFailure: We could not delete the remote access
+ // security group for your managed node group. Remove any dependencies from
+ // the security group.
+ //
+ // * Ec2SecurityGroupNotFound: We couldn't find the cluster security group
+ // for the cluster. You must recreate your cluster.
+ //
+ // * Ec2SubnetInvalidConfiguration: One or more Amazon EC2 subnets specified
+ // for a node group do not automatically assign public IP addresses to instances
+ // launched into it. If you want your instances to be assigned a public IP
+ // address, then you need to enable the auto-assign public IP address setting
+ // for the subnet. See Modifying the public IPv4 addressing attribute for
+ // your subnet (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip)
+ // in the Amazon VPC User Guide.
+ //
+ // * IamInstanceProfileNotFound: We couldn't find the IAM instance profile
+ // for your managed node group. You may be able to recreate an instance profile
+ // with the same settings to recover.
+ //
+ // * IamNodeRoleNotFound: We couldn't find the IAM role for your managed
+ // node group. You may be able to recreate an IAM role with the same settings
+ // to recover.
+ //
+ // * InstanceLimitExceeded: Your Amazon Web Services account is unable to
+ // launch any more instances of the specified instance type. You may be able
+ // to request an Amazon EC2 instance limit increase to recover.
+ //
+ // * InsufficientFreeAddresses: One or more of the subnets associated with
+ // your managed node group does not have enough available IP addresses for
+ // new nodes.
+ //
+ // * InternalFailure: These errors are usually caused by an Amazon EKS server-side
+ // issue.
+ //
+ // * NodeCreationFailure: Your launched instances are unable to register
+ // with your Amazon EKS cluster. Common causes of this failure are insufficient
+ // node IAM role (https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html)
+ // permissions or lack of outbound internet access for the nodes.
+ Code *string `locationName:"code" type:"string" enum:"NodegroupIssueCode"`
+
+ // The error message associated with the issue.
+ Message *string `locationName:"message" type:"string"`
+
+ // The Amazon Web Services resources that are afflicted by this issue.
+ ResourceIds []*string `locationName:"resourceIds" type:"list"`
}
// String returns the string representation.
@@ -10078,7 +12442,7 @@ type Identity struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s Identity) String() string {
+func (s Issue) String() string {
return awsutil.Prettify(s)
}
@@ -10087,30 +12451,66 @@ func (s Identity) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s Identity) GoString() string {
+func (s Issue) GoString() string {
return s.String()
}
-// SetOidc sets the Oidc field's value.
-func (s *Identity) SetOidc(v *OIDC) *Identity {
- s.Oidc = v
+// SetCode sets the Code field's value.
+func (s *Issue) SetCode(v string) *Issue {
+ s.Code = &v
return s
}
-// An object representing an identity provider configuration.
-type IdentityProviderConfig struct {
+// SetMessage sets the Message field's value.
+func (s *Issue) SetMessage(v string) *Issue {
+ s.Message = &v
+ return s
+}
+
+// SetResourceIds sets the ResourceIds field's value.
+func (s *Issue) SetResourceIds(v []*string) *Issue {
+ s.ResourceIds = v
+ return s
+}
+
+// The Kubernetes network configuration for the cluster.
+type KubernetesNetworkConfigRequest struct {
_ struct{} `type:"structure"`
- // The name of the identity provider configuration.
+ // Specify which IP family is used to assign Kubernetes pod and service IP addresses.
+ // If you don't specify a value, ipv4 is used by default. You can only specify
+ // an IP family when you create a cluster and can't change this value once the
+ // cluster is created. If you specify ipv6, the VPC and subnets that you specify
+ // for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to
+ // them. You can't specify ipv6 for clusters in China Regions.
//
- // Name is a required field
- Name *string `locationName:"name" type:"string" required:"true"`
+ // You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1
+ // or later of the Amazon VPC CNI add-on. If you specify ipv6, then ensure that
+ // your VPC meets the requirements listed in the considerations listed in Assigning
+ // IPv6 addresses to pods and services (https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html)
+ // in the Amazon EKS User Guide. Kubernetes assigns services IPv6 addresses
+ // from the unique local address range (fc00::/7). You can't specify a custom
+ // IPv6 CIDR block. Pod addresses are assigned from the subnet's IPv6 CIDR.
+ IpFamily *string `locationName:"ipFamily" type:"string" enum:"IpFamily"`
- // The type of the identity provider configuration. The only type available
- // is oidc.
+ // Don't specify a value if you select ipv6 for ipFamily. The CIDR block to
+ // assign Kubernetes service IP addresses from. If you don't specify a block,
+ // Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16
+ // CIDR blocks. We recommend that you specify a block that does not overlap
+ // with resources in other networks that are peered or connected to your VPC.
+ // The block must meet the following requirements:
//
- // Type is a required field
- Type *string `locationName:"type" type:"string" required:"true"`
+ // * Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12,
+ // or 192.168.0.0/16.
+ //
+ // * Doesn't overlap with any CIDR block assigned to the VPC that you selected
+ // for VPC.
+ //
+ // * Between /24 and /12.
+ //
+ // You can only specify a custom CIDR block when you create a cluster. You can't
+ // change this value after the cluster is created.
+ ServiceIpv4Cidr *string `locationName:"serviceIpv4Cidr" type:"string"`
}
// String returns the string representation.
@@ -10118,7 +12518,7 @@ type IdentityProviderConfig struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s IdentityProviderConfig) String() string {
+func (s KubernetesNetworkConfigRequest) String() string {
return awsutil.Prettify(s)
}
@@ -10127,44 +12527,48 @@ func (s IdentityProviderConfig) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s IdentityProviderConfig) GoString() string {
+func (s KubernetesNetworkConfigRequest) GoString() string {
return s.String()
}
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *IdentityProviderConfig) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "IdentityProviderConfig"}
- if s.Name == nil {
- invalidParams.Add(request.NewErrParamRequired("Name"))
- }
- if s.Type == nil {
- invalidParams.Add(request.NewErrParamRequired("Type"))
- }
-
- if invalidParams.Len() > 0 {
- return invalidParams
- }
- return nil
-}
-
-// SetName sets the Name field's value.
-func (s *IdentityProviderConfig) SetName(v string) *IdentityProviderConfig {
- s.Name = &v
+// SetIpFamily sets the IpFamily field's value.
+func (s *KubernetesNetworkConfigRequest) SetIpFamily(v string) *KubernetesNetworkConfigRequest {
+ s.IpFamily = &v
return s
}
-// SetType sets the Type field's value.
-func (s *IdentityProviderConfig) SetType(v string) *IdentityProviderConfig {
- s.Type = &v
+// SetServiceIpv4Cidr sets the ServiceIpv4Cidr field's value.
+func (s *KubernetesNetworkConfigRequest) SetServiceIpv4Cidr(v string) *KubernetesNetworkConfigRequest {
+ s.ServiceIpv4Cidr = &v
return s
}
-// The full description of your identity configuration.
-type IdentityProviderConfigResponse struct {
+// The Kubernetes network configuration for the cluster. The response contains
+// a value for serviceIpv6Cidr or serviceIpv4Cidr, but not both.
+type KubernetesNetworkConfigResponse struct {
_ struct{} `type:"structure"`
- // An object representing an OpenID Connect (OIDC) identity provider configuration.
- Oidc *OidcIdentityProviderConfig `locationName:"oidc" type:"structure"`
+ // The IP family used to assign Kubernetes Pod and Service objects IP addresses.
+ // The IP family is always ipv4, unless you have a 1.21 or later cluster running
+ // version 1.10.1 or later of the Amazon VPC CNI plugin for Kubernetes and specified
+ // ipv6 when you created the cluster.
+ IpFamily *string `locationName:"ipFamily" type:"string" enum:"IpFamily"`
+
+ // The CIDR block that Kubernetes Pod and Service object IP addresses are assigned
+ // from. Kubernetes assigns addresses from an IPv4 CIDR block assigned to a
+ // subnet that the node is in. If you didn't specify a CIDR block when you created
+ // the cluster, then Kubernetes assigns addresses from either the 10.100.0.0/16
+ // or 172.20.0.0/16 CIDR blocks. If this was specified, then it was specified
+ // when the cluster was created and it can't be changed.
+ ServiceIpv4Cidr *string `locationName:"serviceIpv4Cidr" type:"string"`
+
+ // The CIDR block that Kubernetes pod and service IP addresses are assigned
+ // from if you created a 1.21 or later cluster with version 1.10.1 or later
+ // of the Amazon VPC CNI add-on and specified ipv6 for ipFamily when you created
+ // the cluster. Kubernetes assigns service addresses from the unique local address
+ // range (fc00::/7) because you can't specify a custom IPv6 CIDR block when
+ // you create the cluster.
+ ServiceIpv6Cidr *string `locationName:"serviceIpv6Cidr" type:"string"`
}
// String returns the string representation.
@@ -10172,7 +12576,7 @@ type IdentityProviderConfigResponse struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s IdentityProviderConfigResponse) String() string {
+func (s KubernetesNetworkConfigResponse) String() string {
return awsutil.Prettify(s)
}
@@ -10181,41 +12585,60 @@ func (s IdentityProviderConfigResponse) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s IdentityProviderConfigResponse) GoString() string {
+func (s KubernetesNetworkConfigResponse) GoString() string {
return s.String()
}
-// SetOidc sets the Oidc field's value.
-func (s *IdentityProviderConfigResponse) SetOidc(v *OidcIdentityProviderConfig) *IdentityProviderConfigResponse {
- s.Oidc = v
+// SetIpFamily sets the IpFamily field's value.
+func (s *KubernetesNetworkConfigResponse) SetIpFamily(v string) *KubernetesNetworkConfigResponse {
+ s.IpFamily = &v
return s
}
-// The specified parameter is invalid. Review the available parameters for the
-// API request.
-type InvalidParameterException struct {
- _ struct{} `type:"structure"`
- RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
-
- // The specified parameter for the add-on name is invalid. Review the available
- // parameters for the API request
- AddonName *string `locationName:"addonName" type:"string"`
+// SetServiceIpv4Cidr sets the ServiceIpv4Cidr field's value.
+func (s *KubernetesNetworkConfigResponse) SetServiceIpv4Cidr(v string) *KubernetesNetworkConfigResponse {
+ s.ServiceIpv4Cidr = &v
+ return s
+}
- // The Amazon EKS cluster associated with the exception.
- ClusterName *string `locationName:"clusterName" type:"string"`
+// SetServiceIpv6Cidr sets the ServiceIpv6Cidr field's value.
+func (s *KubernetesNetworkConfigResponse) SetServiceIpv6Cidr(v string) *KubernetesNetworkConfigResponse {
+ s.ServiceIpv6Cidr = &v
+ return s
+}
- // The Fargate profile associated with the exception.
- FargateProfileName *string `locationName:"fargateProfileName" type:"string"`
+// An object representing a node group launch template specification. The launch
+// template can't include SubnetId (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html),
+// IamInstanceProfile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html),
+// RequestSpotInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html),
+// HibernationOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html),
+// or TerminateInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html),
+// or the node group deployment or update will fail. For more information about
+// launch templates, see CreateLaunchTemplate (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html)
+// in the Amazon EC2 API Reference. For more information about using launch
+// templates with Amazon EKS, see Launch template support (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html)
+// in the Amazon EKS User Guide.
+//
+// You must specify either the launch template ID or the launch template name
+// in the request, but not both.
+type LaunchTemplateSpecification struct {
+ _ struct{} `type:"structure"`
- // The specified parameter is invalid. Review the available parameters for the
- // API request.
- Message_ *string `locationName:"message" type:"string"`
+ // The ID of the launch template.
+ //
+ // You must specify either the launch template ID or the launch template name
+ // in the request, but not both.
+ Id *string `locationName:"id" type:"string"`
- // The Amazon EKS managed node group associated with the exception.
- NodegroupName *string `locationName:"nodegroupName" type:"string"`
+ // The name of the launch template.
+ //
+ // You must specify either the launch template name or the launch template ID
+ // in the request, but not both.
+ Name *string `locationName:"name" type:"string"`
- // The Amazon EKS subscription ID with the exception.
- SubscriptionId *string `locationName:"subscriptionId" type:"string"`
+ // The version number of the launch template to use. If no version is specified,
+ // then the template's default version is used.
+ Version *string `locationName:"version" type:"string"`
}
// String returns the string representation.
@@ -10223,7 +12646,7 @@ type InvalidParameterException struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s InvalidParameterException) String() string {
+func (s LaunchTemplateSpecification) String() string {
return awsutil.Prettify(s)
}
@@ -10232,69 +12655,57 @@ func (s InvalidParameterException) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s InvalidParameterException) GoString() string {
+func (s LaunchTemplateSpecification) GoString() string {
return s.String()
}
-func newErrorInvalidParameterException(v protocol.ResponseMetadata) error {
- return &InvalidParameterException{
- RespMetadata: v,
- }
-}
-
-// Code returns the exception type name.
-func (s *InvalidParameterException) Code() string {
- return "InvalidParameterException"
-}
-
-// Message returns the exception's message.
-func (s *InvalidParameterException) Message() string {
- if s.Message_ != nil {
- return *s.Message_
- }
- return ""
-}
-
-// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *InvalidParameterException) OrigErr() error {
- return nil
-}
-
-func (s *InvalidParameterException) Error() string {
- return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+// SetId sets the Id field's value.
+func (s *LaunchTemplateSpecification) SetId(v string) *LaunchTemplateSpecification {
+ s.Id = &v
+ return s
}
-// Status code returns the HTTP status code for the request's response error.
-func (s *InvalidParameterException) StatusCode() int {
- return s.RespMetadata.StatusCode
+// SetName sets the Name field's value.
+func (s *LaunchTemplateSpecification) SetName(v string) *LaunchTemplateSpecification {
+ s.Name = &v
+ return s
}
-// RequestID returns the service's response RequestID for request.
-func (s *InvalidParameterException) RequestID() string {
- return s.RespMetadata.RequestID
+// SetVersion sets the Version field's value.
+func (s *LaunchTemplateSpecification) SetVersion(v string) *LaunchTemplateSpecification {
+ s.Version = &v
+ return s
}
-// The request is invalid given the state of the cluster. Check the state of
-// the cluster and the associated operations.
-type InvalidRequestException struct {
- _ struct{} `type:"structure"`
- RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
-
- // The request is invalid given the state of the add-on name. Check the state
- // of the cluster and the associated operations.
- AddonName *string `locationName:"addonName" type:"string"`
+type ListAccessEntriesInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
- // The Amazon EKS cluster associated with the exception.
- ClusterName *string `locationName:"clusterName" type:"string"`
+ // The ARN of an AccessPolicy. When you specify an access policy ARN, only the
+ // access entries associated to that access policy are returned. For a list
+ // of available policy ARNs, use ListAccessPolicies.
+ AssociatedPolicyArn *string `location:"querystring" locationName:"associatedPolicyArn" type:"string"`
- // The Amazon EKS add-on name associated with the exception.
- Message_ *string `locationName:"message" type:"string"`
+ // The name of your cluster.
+ //
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // The Amazon EKS managed node group associated with the exception.
- NodegroupName *string `locationName:"nodegroupName" type:"string"`
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
+ MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The Amazon EKS subscription ID with the exception.
- SubscriptionId *string `locationName:"subscriptionId" type:"string"`
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
}
// String returns the string representation.
@@ -10302,7 +12713,7 @@ type InvalidRequestException struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s InvalidRequestException) String() string {
+func (s ListAccessEntriesInput) String() string {
return awsutil.Prettify(s)
}
@@ -10311,123 +12722,67 @@ func (s InvalidRequestException) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s InvalidRequestException) GoString() string {
+func (s ListAccessEntriesInput) GoString() string {
return s.String()
}
-func newErrorInvalidRequestException(v protocol.ResponseMetadata) error {
- return &InvalidRequestException{
- RespMetadata: v,
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAccessEntriesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAccessEntriesInput"}
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
}
-}
-
-// Code returns the exception type name.
-func (s *InvalidRequestException) Code() string {
- return "InvalidRequestException"
-}
-
-// Message returns the exception's message.
-func (s *InvalidRequestException) Message() string {
- if s.Message_ != nil {
- return *s.Message_
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
- return ""
-}
-
-// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *InvalidRequestException) OrigErr() error {
- return nil
-}
-
-func (s *InvalidRequestException) Error() string {
- return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
-}
-
-// Status code returns the HTTP status code for the request's response error.
-func (s *InvalidRequestException) StatusCode() int {
- return s.RespMetadata.StatusCode
-}
-
-// RequestID returns the service's response RequestID for request.
-func (s *InvalidRequestException) RequestID() string {
- return s.RespMetadata.RequestID
-}
-
-// An object representing an issue with an Amazon EKS resource.
-type Issue struct {
- _ struct{} `type:"structure"`
- // A brief description of the error.
- //
- // * AccessDenied: Amazon EKS or one or more of your managed nodes is failing
- // to authenticate or authorize with your Kubernetes cluster API server.
- //
- // * AsgInstanceLaunchFailures: Your Auto Scaling group is experiencing failures
- // while attempting to launch instances.
- //
- // * AutoScalingGroupNotFound: We couldn't find the Auto Scaling group associated
- // with the managed node group. You may be able to recreate an Auto Scaling
- // group with the same settings to recover.
- //
- // * ClusterUnreachable: Amazon EKS or one or more of your managed nodes
- // is unable to to communicate with your Kubernetes cluster API server. This
- // can happen if there are network disruptions or if API servers are timing
- // out processing requests.
- //
- // * Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template
- // for your managed node group. You may be able to recreate a launch template
- // with the same settings to recover.
- //
- // * Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version
- // for your managed node group does not match the version that Amazon EKS
- // created. You may be able to revert to the version that Amazon EKS created
- // to recover.
- //
- // * Ec2SecurityGroupDeletionFailure: We could not delete the remote access
- // security group for your managed node group. Remove any dependencies from
- // the security group.
- //
- // * Ec2SecurityGroupNotFound: We couldn't find the cluster security group
- // for the cluster. You must recreate your cluster.
- //
- // * Ec2SubnetInvalidConfiguration: One or more Amazon EC2 subnets specified
- // for a node group do not automatically assign public IP addresses to instances
- // launched into it. If you want your instances to be assigned a public IP
- // address, then you need to enable the auto-assign public IP address setting
- // for the subnet. See Modifying the public IPv4 addressing attribute for
- // your subnet (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip)
- // in the Amazon VPC User Guide.
- //
- // * IamInstanceProfileNotFound: We couldn't find the IAM instance profile
- // for your managed node group. You may be able to recreate an instance profile
- // with the same settings to recover.
- //
- // * IamNodeRoleNotFound: We couldn't find the IAM role for your managed
- // node group. You may be able to recreate an IAM role with the same settings
- // to recover.
- //
- // * InstanceLimitExceeded: Your Amazon Web Services account is unable to
- // launch any more instances of the specified instance type. You may be able
- // to request an Amazon EC2 instance limit increase to recover.
- //
- // * InsufficientFreeAddresses: One or more of the subnets associated with
- // your managed node group does not have enough available IP addresses for
- // new nodes.
- //
- // * InternalFailure: These errors are usually caused by an Amazon EKS server-side
- // issue.
- //
- // * NodeCreationFailure: Your launched instances are unable to register
- // with your Amazon EKS cluster. Common causes of this failure are insufficient
- // node IAM role (https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html)
- // permissions or lack of outbound internet access for the nodes.
- Code *string `locationName:"code" type:"string" enum:"NodegroupIssueCode"`
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
- // The error message associated with the issue.
- Message *string `locationName:"message" type:"string"`
+// SetAssociatedPolicyArn sets the AssociatedPolicyArn field's value.
+func (s *ListAccessEntriesInput) SetAssociatedPolicyArn(v string) *ListAccessEntriesInput {
+ s.AssociatedPolicyArn = &v
+ return s
+}
- // The Amazon Web Services resources that are afflicted by this issue.
- ResourceIds []*string `locationName:"resourceIds" type:"list"`
+// SetClusterName sets the ClusterName field's value.
+func (s *ListAccessEntriesInput) SetClusterName(v string) *ListAccessEntriesInput {
+ s.ClusterName = &v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAccessEntriesInput) SetMaxResults(v int64) *ListAccessEntriesInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccessEntriesInput) SetNextToken(v string) *ListAccessEntriesInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListAccessEntriesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The list of access entries that exist for the cluster.
+ AccessEntries []*string `locationName:"accessEntries" type:"list"`
+
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
+ NextToken *string `locationName:"nextToken" type:"string"`
}
// String returns the string representation.
@@ -10435,7 +12790,7 @@ type Issue struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s Issue) String() string {
+func (s ListAccessEntriesOutput) String() string {
return awsutil.Prettify(s)
}
@@ -10444,66 +12799,41 @@ func (s Issue) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s Issue) GoString() string {
+func (s ListAccessEntriesOutput) GoString() string {
return s.String()
}
-// SetCode sets the Code field's value.
-func (s *Issue) SetCode(v string) *Issue {
- s.Code = &v
- return s
-}
-
-// SetMessage sets the Message field's value.
-func (s *Issue) SetMessage(v string) *Issue {
- s.Message = &v
+// SetAccessEntries sets the AccessEntries field's value.
+func (s *ListAccessEntriesOutput) SetAccessEntries(v []*string) *ListAccessEntriesOutput {
+ s.AccessEntries = v
return s
}
-// SetResourceIds sets the ResourceIds field's value.
-func (s *Issue) SetResourceIds(v []*string) *Issue {
- s.ResourceIds = v
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccessEntriesOutput) SetNextToken(v string) *ListAccessEntriesOutput {
+ s.NextToken = &v
return s
}
-// The Kubernetes network configuration for the cluster.
-type KubernetesNetworkConfigRequest struct {
- _ struct{} `type:"structure"`
+type ListAccessPoliciesInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
- // Specify which IP family is used to assign Kubernetes pod and service IP addresses.
- // If you don't specify a value, ipv4 is used by default. You can only specify
- // an IP family when you create a cluster and can't change this value once the
- // cluster is created. If you specify ipv6, the VPC and subnets that you specify
- // for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to
- // them. You can't specify ipv6 for clusters in China Regions.
- //
- // You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1
- // or later of the Amazon VPC CNI add-on. If you specify ipv6, then ensure that
- // your VPC meets the requirements listed in the considerations listed in Assigning
- // IPv6 addresses to pods and services (https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html)
- // in the Amazon EKS User Guide. Kubernetes assigns services IPv6 addresses
- // from the unique local address range (fc00::/7). You can't specify a custom
- // IPv6 CIDR block. Pod addresses are assigned from the subnet's IPv6 CIDR.
- IpFamily *string `locationName:"ipFamily" type:"string" enum:"IpFamily"`
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
+ MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // Don't specify a value if you select ipv6 for ipFamily. The CIDR block to
- // assign Kubernetes service IP addresses from. If you don't specify a block,
- // Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16
- // CIDR blocks. We recommend that you specify a block that does not overlap
- // with resources in other networks that are peered or connected to your VPC.
- // The block must meet the following requirements:
- //
- // * Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12,
- // or 192.168.0.0/16.
- //
- // * Doesn't overlap with any CIDR block assigned to the VPC that you selected
- // for VPC.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
//
- // * Between /24 and /12.
- //
- // You can only specify a custom CIDR block when you create a cluster and can't
- // change this value once the cluster is created.
- ServiceIpv4Cidr *string `locationName:"serviceIpv4Cidr" type:"string"`
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
}
// String returns the string representation.
@@ -10511,7 +12841,7 @@ type KubernetesNetworkConfigRequest struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s KubernetesNetworkConfigRequest) String() string {
+func (s ListAccessPoliciesInput) String() string {
return awsutil.Prettify(s)
}
@@ -10520,48 +12850,52 @@ func (s KubernetesNetworkConfigRequest) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s KubernetesNetworkConfigRequest) GoString() string {
+func (s ListAccessPoliciesInput) GoString() string {
return s.String()
}
-// SetIpFamily sets the IpFamily field's value.
-func (s *KubernetesNetworkConfigRequest) SetIpFamily(v string) *KubernetesNetworkConfigRequest {
- s.IpFamily = &v
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAccessPoliciesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAccessPoliciesInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAccessPoliciesInput) SetMaxResults(v int64) *ListAccessPoliciesInput {
+ s.MaxResults = &v
return s
}
-// SetServiceIpv4Cidr sets the ServiceIpv4Cidr field's value.
-func (s *KubernetesNetworkConfigRequest) SetServiceIpv4Cidr(v string) *KubernetesNetworkConfigRequest {
- s.ServiceIpv4Cidr = &v
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccessPoliciesInput) SetNextToken(v string) *ListAccessPoliciesInput {
+ s.NextToken = &v
return s
}
-// The Kubernetes network configuration for the cluster. The response contains
-// a value for serviceIpv6Cidr or serviceIpv4Cidr, but not both.
-type KubernetesNetworkConfigResponse struct {
+type ListAccessPoliciesOutput struct {
_ struct{} `type:"structure"`
- // The IP family used to assign Kubernetes pod and service IP addresses. The
- // IP family is always ipv4, unless you have a 1.21 or later cluster running
- // version 1.10.1 or later of the Amazon VPC CNI add-on and specified ipv6 when
- // you created the cluster.
- IpFamily *string `locationName:"ipFamily" type:"string" enum:"IpFamily"`
-
- // The CIDR block that Kubernetes pod and service IP addresses are assigned
- // from. Kubernetes assigns addresses from an IPv4 CIDR block assigned to a
- // subnet that the node is in. If you didn't specify a CIDR block when you created
- // the cluster, then Kubernetes assigns addresses from either the 10.100.0.0/16
- // or 172.20.0.0/16 CIDR blocks. If this was specified, then it was specified
- // when the cluster was created and it can't be changed.
- ServiceIpv4Cidr *string `locationName:"serviceIpv4Cidr" type:"string"`
+ // The list of available access policies. You can't view the contents of an
+ // access policy using the API. To view the contents, see Access policy permissions
+ // (https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions)
+ // in the Amazon EKS User Guide.
+ AccessPolicies []*AccessPolicy `locationName:"accessPolicies" type:"list"`
- // The CIDR block that Kubernetes pod and service IP addresses are assigned
- // from if you created a 1.21 or later cluster with version 1.10.1 or later
- // of the Amazon VPC CNI add-on and specified ipv6 for ipFamily when you created
- // the cluster. Kubernetes assigns service addresses from the unique local address
- // range (fc00::/7) because you can't specify a custom IPv6 CIDR block when
- // you create the cluster.
- ServiceIpv6Cidr *string `locationName:"serviceIpv6Cidr" type:"string"`
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
+ NextToken *string `locationName:"nextToken" type:"string"`
}
// String returns the string representation.
@@ -10569,7 +12903,7 @@ type KubernetesNetworkConfigResponse struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s KubernetesNetworkConfigResponse) String() string {
+func (s ListAccessPoliciesOutput) String() string {
return awsutil.Prettify(s)
}
@@ -10578,60 +12912,46 @@ func (s KubernetesNetworkConfigResponse) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s KubernetesNetworkConfigResponse) GoString() string {
+func (s ListAccessPoliciesOutput) GoString() string {
return s.String()
}
-// SetIpFamily sets the IpFamily field's value.
-func (s *KubernetesNetworkConfigResponse) SetIpFamily(v string) *KubernetesNetworkConfigResponse {
- s.IpFamily = &v
- return s
-}
-
-// SetServiceIpv4Cidr sets the ServiceIpv4Cidr field's value.
-func (s *KubernetesNetworkConfigResponse) SetServiceIpv4Cidr(v string) *KubernetesNetworkConfigResponse {
- s.ServiceIpv4Cidr = &v
+// SetAccessPolicies sets the AccessPolicies field's value.
+func (s *ListAccessPoliciesOutput) SetAccessPolicies(v []*AccessPolicy) *ListAccessPoliciesOutput {
+ s.AccessPolicies = v
return s
}
-// SetServiceIpv6Cidr sets the ServiceIpv6Cidr field's value.
-func (s *KubernetesNetworkConfigResponse) SetServiceIpv6Cidr(v string) *KubernetesNetworkConfigResponse {
- s.ServiceIpv6Cidr = &v
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccessPoliciesOutput) SetNextToken(v string) *ListAccessPoliciesOutput {
+ s.NextToken = &v
return s
}
-// An object representing a node group launch template specification. The launch
-// template can't include SubnetId (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html),
-// IamInstanceProfile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html),
-// RequestSpotInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html),
-// HibernationOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html),
-// or TerminateInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html),
-// or the node group deployment or update will fail. For more information about
-// launch templates, see CreateLaunchTemplate (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html)
-// in the Amazon EC2 API Reference. For more information about using launch
-// templates with Amazon EKS, see Launch template support (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html)
-// in the Amazon EKS User Guide.
-//
-// You must specify either the launch template ID or the launch template name
-// in the request, but not both.
-type LaunchTemplateSpecification struct {
- _ struct{} `type:"structure"`
+type ListAddonsInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
- // The ID of the launch template.
+ // The name of your cluster.
//
- // You must specify either the launch template ID or the launch template name
- // in the request, but not both.
- Id *string `locationName:"id" type:"string"`
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" min:"1" type:"string" required:"true"`
- // The name of the launch template.
- //
- // You must specify either the launch template name or the launch template ID
- // in the request, but not both.
- Name *string `locationName:"name" type:"string"`
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
+ MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The version number of the launch template to use. If no version is specified,
- // then the template's default version is used.
- Version *string `locationName:"version" type:"string"`
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
}
// String returns the string representation.
@@ -10639,7 +12959,7 @@ type LaunchTemplateSpecification struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s LaunchTemplateSpecification) String() string {
+func (s ListAddonsInput) String() string {
return awsutil.Prettify(s)
}
@@ -10648,53 +12968,122 @@ func (s LaunchTemplateSpecification) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s LaunchTemplateSpecification) GoString() string {
+func (s ListAddonsInput) GoString() string {
return s.String()
}
-// SetId sets the Id field's value.
-func (s *LaunchTemplateSpecification) SetId(v string) *LaunchTemplateSpecification {
- s.Id = &v
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAddonsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAddonsInput"}
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
+ }
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *ListAddonsInput) SetClusterName(v string) *ListAddonsInput {
+ s.ClusterName = &v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAddonsInput) SetMaxResults(v int64) *ListAddonsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAddonsInput) SetNextToken(v string) *ListAddonsInput {
+ s.NextToken = &v
return s
}
-// SetName sets the Name field's value.
-func (s *LaunchTemplateSpecification) SetName(v string) *LaunchTemplateSpecification {
- s.Name = &v
+type ListAddonsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A list of installed add-ons.
+ Addons []*string `locationName:"addons" type:"list"`
+
+ // The nextToken value to include in a future ListAddons request. When the results
+ // of a ListAddons request exceed maxResults, you can use this value to retrieve
+ // the next page of results. This value is null when there are no more results
+ // to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAddonsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAddonsOutput) GoString() string {
+ return s.String()
+}
+
+// SetAddons sets the Addons field's value.
+func (s *ListAddonsOutput) SetAddons(v []*string) *ListAddonsOutput {
+ s.Addons = v
return s
}
-// SetVersion sets the Version field's value.
-func (s *LaunchTemplateSpecification) SetVersion(v string) *LaunchTemplateSpecification {
- s.Version = &v
+// SetNextToken sets the NextToken field's value.
+func (s *ListAddonsOutput) SetNextToken(v string) *ListAddonsOutput {
+ s.NextToken = &v
return s
}
-type ListAddonsInput struct {
+type ListAssociatedAccessPoliciesInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the cluster.
+ // The name of your cluster.
//
// ClusterName is a required field
- ClusterName *string `location:"uri" locationName:"name" min:"1" type:"string" required:"true"`
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // The maximum number of add-on results returned by ListAddonsRequest in paginated
- // output. When you use this parameter, ListAddonsRequest returns only maxResults
- // results in a single page along with a nextToken response element. You can
- // see the remaining results of the initial request by sending another ListAddonsRequest
- // request with the returned nextToken value. This value can be between 1 and
- // 100. If you don't use this parameter, ListAddonsRequest returns up to 100
- // results and a nextToken value, if applicable.
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The nextToken value returned from a previous paginated ListAddonsRequest
- // where maxResults was used and the results exceeded the value of that parameter.
- // Pagination continues from the end of the previous results that returned the
- // nextToken value.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
//
// This token should be treated as an opaque identifier that is used only to
// retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
+
+ // The ARN of the IAM principal for the AccessEntry.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `location:"uri" locationName:"principalArn" type:"string" required:"true"`
}
// String returns the string representation.
@@ -10702,7 +13091,7 @@ type ListAddonsInput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListAddonsInput) String() string {
+func (s ListAssociatedAccessPoliciesInput) String() string {
return awsutil.Prettify(s)
}
@@ -10711,13 +13100,13 @@ func (s ListAddonsInput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListAddonsInput) GoString() string {
+func (s ListAssociatedAccessPoliciesInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListAddonsInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "ListAddonsInput"}
+func (s *ListAssociatedAccessPoliciesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAssociatedAccessPoliciesInput"}
if s.ClusterName == nil {
invalidParams.Add(request.NewErrParamRequired("ClusterName"))
}
@@ -10727,6 +13116,12 @@ func (s *ListAddonsInput) Validate() error {
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.PrincipalArn != nil && len(*s.PrincipalArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 1))
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -10735,37 +13130,49 @@ func (s *ListAddonsInput) Validate() error {
}
// SetClusterName sets the ClusterName field's value.
-func (s *ListAddonsInput) SetClusterName(v string) *ListAddonsInput {
+func (s *ListAssociatedAccessPoliciesInput) SetClusterName(v string) *ListAssociatedAccessPoliciesInput {
s.ClusterName = &v
return s
}
// SetMaxResults sets the MaxResults field's value.
-func (s *ListAddonsInput) SetMaxResults(v int64) *ListAddonsInput {
+func (s *ListAssociatedAccessPoliciesInput) SetMaxResults(v int64) *ListAssociatedAccessPoliciesInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
-func (s *ListAddonsInput) SetNextToken(v string) *ListAddonsInput {
+func (s *ListAssociatedAccessPoliciesInput) SetNextToken(v string) *ListAssociatedAccessPoliciesInput {
s.NextToken = &v
return s
}
-type ListAddonsOutput struct {
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *ListAssociatedAccessPoliciesInput) SetPrincipalArn(v string) *ListAssociatedAccessPoliciesInput {
+ s.PrincipalArn = &v
+ return s
+}
+
+type ListAssociatedAccessPoliciesOutput struct {
_ struct{} `type:"structure"`
- // A list of installed add-ons.
- Addons []*string `locationName:"addons" type:"list"`
+ // The list of access policies associated with the access entry.
+ AssociatedAccessPolicies []*AssociatedAccessPolicy `locationName:"associatedAccessPolicies" type:"list"`
- // The nextToken value to include in a future ListAddons request. When the results
- // of a ListAddons request exceed maxResults, you can use this value to retrieve
- // the next page of results. This value is null when there are no more results
- // to return.
+ // The name of your cluster.
+ ClusterName *string `locationName:"clusterName" type:"string"`
+
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
//
// This token should be treated as an opaque identifier that is used only to
// retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `locationName:"nextToken" type:"string"`
+
+ // The ARN of the IAM principal for the AccessEntry.
+ PrincipalArn *string `locationName:"principalArn" type:"string"`
}
// String returns the string representation.
@@ -10773,7 +13180,7 @@ type ListAddonsOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListAddonsOutput) String() string {
+func (s ListAssociatedAccessPoliciesOutput) String() string {
return awsutil.Prettify(s)
}
@@ -10782,43 +13189,56 @@ func (s ListAddonsOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListAddonsOutput) GoString() string {
+func (s ListAssociatedAccessPoliciesOutput) GoString() string {
return s.String()
}
-// SetAddons sets the Addons field's value.
-func (s *ListAddonsOutput) SetAddons(v []*string) *ListAddonsOutput {
- s.Addons = v
+// SetAssociatedAccessPolicies sets the AssociatedAccessPolicies field's value.
+func (s *ListAssociatedAccessPoliciesOutput) SetAssociatedAccessPolicies(v []*AssociatedAccessPolicy) *ListAssociatedAccessPoliciesOutput {
+ s.AssociatedAccessPolicies = v
+ return s
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *ListAssociatedAccessPoliciesOutput) SetClusterName(v string) *ListAssociatedAccessPoliciesOutput {
+ s.ClusterName = &v
return s
}
// SetNextToken sets the NextToken field's value.
-func (s *ListAddonsOutput) SetNextToken(v string) *ListAddonsOutput {
+func (s *ListAssociatedAccessPoliciesOutput) SetNextToken(v string) *ListAssociatedAccessPoliciesOutput {
s.NextToken = &v
return s
}
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *ListAssociatedAccessPoliciesOutput) SetPrincipalArn(v string) *ListAssociatedAccessPoliciesOutput {
+ s.PrincipalArn = &v
+ return s
+}
+
type ListClustersInput struct {
_ struct{} `type:"structure" nopayload:"true"`
// Indicates whether external clusters are included in the returned list. Use
- // 'all' to return connected clusters, or blank to return only Amazon EKS clusters.
- // 'all' must be in lowercase otherwise an error occurs.
+ // 'all' to return https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html
+ // (https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html)connected
+ // clusters, or blank to return only Amazon EKS clusters. 'all' must be in lowercase
+ // otherwise an error occurs.
Include []*string `location:"querystring" locationName:"include" type:"list"`
- // The maximum number of cluster results returned by ListClusters in paginated
- // output. When you use this parameter, ListClusters returns only maxResults
- // results in a single page along with a nextToken response element. You can
- // see the remaining results of the initial request by sending another ListClusters
- // request with the returned nextToken value. This value can be between 1 and
- // 100. If you don't use this parameter, ListClusters returns up to 100 results
- // and a nextToken value if applicable.
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The nextToken value returned from a previous paginated ListClusters request
- // where maxResults was used and the results exceeded the value of that parameter.
- // Pagination continues from the end of the previous results that returned the
- // nextToken value.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
//
// This token should be treated as an opaque identifier that is used only to
// retrieve the next items in a list and not for other programmatic purposes.
@@ -10877,13 +13297,17 @@ func (s *ListClustersInput) SetNextToken(v string) *ListClustersInput {
type ListClustersOutput struct {
_ struct{} `type:"structure"`
- // A list of all of the clusters for your account in the specified Region.
+ // A list of all of the clusters for your account in the specified Amazon Web
+ // Services Region.
Clusters []*string `locationName:"clusters" type:"list"`
- // The nextToken value to include in a future ListClusters request. When the
- // results of a ListClusters request exceed maxResults, you can use this value
- // to retrieve the next page of results. This value is null when there are no
- // more results to return.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `locationName:"nextToken" type:"string"`
}
@@ -11036,25 +13460,26 @@ func (s *ListEksAnywhereSubscriptionsOutput) SetSubscriptions(v []*EksAnywhereSu
type ListFargateProfilesInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the Amazon EKS cluster that you would like to list Fargate profiles
- // in.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // The maximum number of Fargate profile results returned by ListFargateProfiles
- // in paginated output. When you use this parameter, ListFargateProfiles returns
- // only maxResults results in a single page along with a nextToken response
- // element. You can see the remaining results of the initial request by sending
- // another ListFargateProfiles request with the returned nextToken value. This
- // value can be between 1 and 100. If you don't use this parameter, ListFargateProfiles
- // returns up to 100 results and a nextToken value if applicable.
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The nextToken value returned from a previous paginated ListFargateProfiles
- // request where maxResults was used and the results exceeded the value of that
- // parameter. Pagination continues from the end of the previous results that
- // returned the nextToken value.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
}
@@ -11119,10 +13544,13 @@ type ListFargateProfilesOutput struct {
// A list of all of the Fargate profiles associated with the specified cluster.
FargateProfileNames []*string `locationName:"fargateProfileNames" type:"list"`
- // The nextToken value to include in a future ListFargateProfiles request. When
- // the results of a ListFargateProfiles request exceed maxResults, you can use
- // this value to retrieve the next page of results. This value is null when
- // there are no more results to return.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `locationName:"nextToken" type:"string"`
}
@@ -11159,24 +13587,26 @@ func (s *ListFargateProfilesOutput) SetNextToken(v string) *ListFargateProfilesO
type ListIdentityProviderConfigsInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The cluster name that you want to list identity provider configurations for.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // The maximum number of identity provider configurations returned by ListIdentityProviderConfigs
- // in paginated output. When you use this parameter, ListIdentityProviderConfigs
- // returns only maxResults results in a single page along with a nextToken response
- // element. You can see the remaining results of the initial request by sending
- // another ListIdentityProviderConfigs request with the returned nextToken value.
- // This value can be between 1 and 100. If you don't use this parameter, ListIdentityProviderConfigs
- // returns up to 100 results and a nextToken value, if applicable.
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The nextToken value returned from a previous paginated IdentityProviderConfigsRequest
- // where maxResults was used and the results exceeded the value of that parameter.
- // Pagination continues from the end of the previous results that returned the
- // nextToken value.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
}
@@ -11281,25 +13711,26 @@ func (s *ListIdentityProviderConfigsOutput) SetNextToken(v string) *ListIdentity
type ListNodegroupsInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The name of the Amazon EKS cluster that you would like to list node groups
- // in.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // The maximum number of node group results returned by ListNodegroups in paginated
- // output. When you use this parameter, ListNodegroups returns only maxResults
- // results in a single page along with a nextToken response element. You can
- // see the remaining results of the initial request by sending another ListNodegroups
- // request with the returned nextToken value. This value can be between 1 and
- // 100. If you don't use this parameter, ListNodegroups returns up to 100 results
- // and a nextToken value if applicable.
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
- // The nextToken value returned from a previous paginated ListNodegroups request
- // where maxResults was used and the results exceeded the value of that parameter.
- // Pagination continues from the end of the previous results that returned the
- // nextToken value.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
}
@@ -11361,10 +13792,13 @@ func (s *ListNodegroupsInput) SetNextToken(v string) *ListNodegroupsInput {
type ListNodegroupsOutput struct {
_ struct{} `type:"structure"`
- // The nextToken value to include in a future ListNodegroups request. When the
- // results of a ListNodegroups request exceed maxResults, you can use this value
- // to retrieve the next page of results. This value is null when there are no
- // more results to return.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `locationName:"nextToken" type:"string"`
// A list of all of the node groups associated with the specified cluster.
@@ -11563,9 +13997,8 @@ func (s *ListPodIdentityAssociationsOutput) SetNextToken(v string) *ListPodIdent
type ListTagsForResourceInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The Amazon Resource Name (ARN) that identifies the resource for which to
- // list the tags. Currently, the supported resources are Amazon EKS clusters
- // and managed node groups.
+ // The Amazon Resource Name (ARN) that identifies the resource to list tags
+ // for.
//
// ResourceArn is a required field
ResourceArn *string `location:"uri" locationName:"resourceArn" type:"string" required:"true"`
@@ -11648,13 +14081,12 @@ type ListUpdatesInput struct {
// The names of the installed add-ons that have available updates.
AddonName *string `location:"querystring" locationName:"addonName" type:"string"`
- // The maximum number of update results returned by ListUpdates in paginated
- // output. When you use this parameter, ListUpdates returns only maxResults
- // results in a single page along with a nextToken response element. You can
- // see the remaining results of the initial request by sending another ListUpdates
- // request with the returned nextToken value. This value can be between 1 and
- // 100. If you don't use this parameter, ListUpdates returns up to 100 results
- // and a nextToken value if applicable.
+ // The maximum number of results, returned in paginated output. You receive
+ // maxResults in a single page, along with a nextToken response element. You
+ // can see the remaining results of the initial request by sending another request
+ // with the returned nextToken value. This value can be between 1 and 100. If
+ // you don't use this parameter, 100 results and a nextToken value, if applicable,
+ // are returned.
MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
// The name of the Amazon EKS cluster to list updates for.
@@ -11662,10 +14094,13 @@ type ListUpdatesInput struct {
// Name is a required field
Name *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // The nextToken value returned from a previous paginated ListUpdates request
- // where maxResults was used and the results exceeded the value of that parameter.
- // Pagination continues from the end of the previous results that returned the
- // nextToken value.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
// The name of the Amazon EKS managed node group to list updates for.
@@ -11742,10 +14177,13 @@ func (s *ListUpdatesInput) SetNodegroupName(v string) *ListUpdatesInput {
type ListUpdatesOutput struct {
_ struct{} `type:"structure"`
- // The nextToken value to include in a future ListUpdates request. When the
- // results of a ListUpdates request exceed maxResults, you can use this value
- // to retrieve the next page of results. This value is null when there are no
- // more results to return.
+ // The nextToken value returned from a previous paginated request, where maxResults
+ // was used and the results exceeded the value of that parameter. Pagination
+ // continues from the end of the previous results that returned the nextToken
+ // value. This value is null when there are no more results to return.
+ //
+ // This token should be treated as an opaque identifier that is used only to
+ // retrieve the next items in a list and not for other programmatic purposes.
NextToken *string `locationName:"nextToken" type:"string"`
// A list of all the updates for the specified cluster and Region.
@@ -11912,10 +14350,10 @@ type Nodegroup struct {
// The capacity type of your managed node group.
CapacityType *string `locationName:"capacityType" type:"string" enum:"CapacityTypes"`
- // The name of the cluster that the managed node group resides in.
+ // The name of your cluster.
ClusterName *string `locationName:"clusterName" type:"string"`
- // The Unix epoch timestamp in seconds for when the managed node group was created.
+ // The Unix epoch timestamp at object creation.
CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
// If the node group wasn't deployed with a launch template, then this is the
@@ -11942,8 +14380,7 @@ type Nodegroup struct {
// launch template that was used.
LaunchTemplate *LaunchTemplateSpecification `locationName:"launchTemplate" type:"structure"`
- // The Unix epoch timestamp in seconds for when the managed node group was last
- // modified.
+ // The Unix epoch timestamp for the last modification to the object.
ModifiedAt *time.Time `locationName:"modifiedAt" type:"timestamp"`
// The IAM role associated with your node group. The Amazon EKS node kubelet
@@ -11984,10 +14421,9 @@ type Nodegroup struct {
// with your node group.
Subnets []*string `locationName:"subnets" type:"list"`
- // The metadata applied to the node group to assist with categorization and
- // organization. Each tag consists of a key and an optional value. You define
- // both. Node group tags do not propagate to any other resources associated
- // with the node group, such as the Amazon EC2 instances or subnets.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
// The Kubernetes taints to be applied to the nodes in the node group when they
@@ -12244,9 +14680,9 @@ type NodegroupScalingConfig struct {
// The current number of nodes that the managed node group should maintain.
//
- // If you use Cluster Autoscaler, you shouldn't change the desiredSize value
- // directly, as this can cause the Cluster Autoscaler to suddenly scale up or
- // scale down.
+ // If you use the Kubernetes Cluster Autoscaler (https://github.com/kubernetes/autoscaler#kubernetes-autoscaler),
+ // you shouldn't change the desiredSize value directly, as this can cause the
+ // Cluster Autoscaler to suddenly scale up or scale down.
//
// Whenever this parameter changes, the number of worker nodes in the node group
// is updated to the specified size. If this parameter is given a value that
@@ -12258,10 +14694,11 @@ type NodegroupScalingConfig struct {
// This parameter can be different from minSize in some cases, such as when
// starting with extra hosts for testing. This parameter can also be different
// when you want to start with an estimated number of needed hosts, but let
- // Cluster Autoscaler reduce the number if there are too many. When Cluster
- // Autoscaler is used, the desiredSize parameter is altered by Cluster Autoscaler
- // (but can be out-of-date for short periods of time). Cluster Autoscaler doesn't
- // scale a managed node group lower than minSize or higher than maxSize.
+ // the Cluster Autoscaler reduce the number if there are too many. When the
+ // Cluster Autoscaler is used, the desiredSize parameter is altered by the Cluster
+ // Autoscaler (but can be out-of-date for short periods of time). the Cluster
+ // Autoscaler doesn't scale a managed node group lower than minSize or higher
+ // than maxSize.
DesiredSize *int64 `locationName:"desiredSize" type:"integer"`
// The maximum number of nodes that the managed node group can scale out to.
@@ -12328,13 +14765,13 @@ type NodegroupUpdateConfig struct {
_ struct{} `type:"structure"`
// The maximum number of nodes unavailable at once during a version update.
- // Nodes will be updated in parallel. This value or maxUnavailablePercentage
- // is required to have a value.The maximum number is 100.
+ // Nodes are updated in parallel. This value or maxUnavailablePercentage is
+ // required to have a value.The maximum number is 100.
MaxUnavailable *int64 `locationName:"maxUnavailable" min:"1" type:"integer"`
// The maximum percentage of nodes unavailable during a version update. This
- // percentage of nodes will be updated in parallel, up to 100 nodes at once.
- // This value or maxUnavailable is required to have a value.
+ // percentage of nodes are updated in parallel, up to 100 nodes at once. This
+ // value or maxUnavailable is required to have a value.
MaxUnavailablePercentage *int64 `locationName:"maxUnavailablePercentage" min:"1" type:"integer"`
}
@@ -12493,7 +14930,7 @@ type OidcIdentityProviderConfig struct {
// authentication requests to the OIDC identity provider.
ClientId *string `locationName:"clientId" type:"string"`
- // The cluster that the configuration is associated to.
+ // The name of your cluster.
ClusterName *string `locationName:"clusterName" type:"string"`
// The JSON web token (JWT) claim that the provider uses to return your groups.
@@ -12522,9 +14959,9 @@ type OidcIdentityProviderConfig struct {
// The status of the OIDC identity provider.
Status *string `locationName:"status" type:"string" enum:"ConfigStatus"`
- // The metadata to apply to the provider configuration to assist with categorization
- // and organization. Each tag consists of a key and an optional value. You define
- // both.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
// The JSON Web token (JWT) claim that is used as the username.
@@ -12627,13 +15064,13 @@ func (s *OidcIdentityProviderConfig) SetUsernamePrefix(v string) *OidcIdentityPr
// An object representing an OpenID Connect (OIDC) configuration. Before associating
// an OIDC identity provider to your cluster, review the considerations in Authenticating
-// users for your cluster from an OpenID Connect identity provider (https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html)
+// users for your cluster from an OIDC identity provider (https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html)
// in the Amazon EKS User Guide.
type OidcIdentityProviderConfigRequest struct {
_ struct{} `type:"structure"`
// This is also known as audience. The ID for the client application that makes
- // authentication requests to the OpenID identity provider.
+ // authentication requests to the OIDC identity provider.
//
// ClientId is a required field
ClientId *string `locationName:"clientId" type:"string" required:"true"`
@@ -12651,11 +15088,11 @@ type OidcIdentityProviderConfigRequest struct {
// IdentityProviderConfigName is a required field
IdentityProviderConfigName *string `locationName:"identityProviderConfigName" type:"string" required:"true"`
- // The URL of the OpenID identity provider that allows the API server to discover
+ // The URL of the OIDC identity provider that allows the API server to discover
// public signing keys for verifying tokens. The URL must begin with https://
// and should correspond to the iss claim in the provider's OIDC ID tokens.
- // Per the OIDC standard, path components are allowed but query parameters are
- // not. Typically the URL consists of only a hostname, like https://server.example.org
+ // Based on the OIDC standard, path components are allowed but query parameters
+ // are not. Typically the URL consists of only a hostname, like https://server.example.org
// or https://example.com. This URL should point to the level below .well-known/openid-configuration
// and must be publicly accessible over the internet.
//
@@ -12671,7 +15108,7 @@ type OidcIdentityProviderConfigRequest struct {
// The JSON Web Token (JWT) claim to use as the username. The default is sub,
// which is expected to be a unique identifier of the end user. You can choose
- // other claims, such as email or name, depending on the OpenID identity provider.
+ // other claims, such as email or name, depending on the OIDC identity provider.
// Claims other than email are prefixed with the issuer URL to prevent naming
// clashes with other plug-ins.
UsernameClaim *string `locationName:"usernameClaim" type:"string"`
@@ -12916,8 +15353,8 @@ func (s *OutpostConfigResponse) SetOutpostArns(v []*string) *OutpostConfigRespon
}
// Amazon EKS Pod Identity associations provide the ability to manage credentials
-// for your applications, similar to the way that 7EC2l instance profiles provide
-// credentials to Amazon EC2 instances.
+// for your applications, similar to the way that Amazon EC2 instance profiles
+// provide credentials to Amazon EC2 instances.
type PodIdentityAssociation struct {
_ struct{} `type:"structure"`
@@ -12950,9 +15387,9 @@ type PodIdentityAssociation struct {
// the IAM credentials with.
ServiceAccount *string `locationName:"serviceAccount" type:"string"`
- // The metadata that you apply to a resource to assist with categorization and
- // organization. Each tag consists of a key and an optional value. You define
- // both.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
//
// The following basic restrictions apply to tags:
//
@@ -13173,7 +15610,7 @@ func (s *Provider) SetKeyArn(v string) *Provider {
type RegisterClusterInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
@@ -13183,15 +15620,14 @@ type RegisterClusterInput struct {
// ConnectorConfig is a required field
ConnectorConfig *ConnectorConfigRequest `locationName:"connectorConfig" type:"structure" required:"true"`
- // Define a unique name for this cluster for your Region.
+ // A unique name for this cluster in your Amazon Web Services Region.
//
// Name is a required field
Name *string `locationName:"name" min:"1" type:"string" required:"true"`
- // The metadata that you apply to the cluster to assist with categorization
- // and organization. Each tag consists of a key and an optional value, both
- // of which you define. Cluster tags do not propagate to any other resources
- // associated with the cluster.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
}
@@ -13498,7 +15934,7 @@ func (s *ResourceLimitExceededException) RequestID() string {
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
-// Amazon EKS clusters and node groups are Region-specific.
+// Amazon EKS clusters and node groups are Amazon Web Services Region specific.
type ResourceNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -13790,13 +16226,14 @@ func (s *ServiceUnavailableException) RequestID() string {
type TagResourceInput struct {
_ struct{} `type:"structure"`
- // The Amazon Resource Name (ARN) of the resource to which to add tags. Currently,
- // the supported resources are Amazon EKS clusters and managed node groups.
+ // The Amazon Resource Name (ARN) of the resource to add tags to.
//
// ResourceArn is a required field
ResourceArn *string `location:"uri" locationName:"resourceArn" type:"string" required:"true"`
- // The tags to add to the resource. A tag is an array of key-value pairs.
+ // Metadata that assists with categorization and organization. Each tag consists
+ // of a key and an optional value. You define both. Tags don't propagate to
+ // any other cluster or Amazon Web Services resources.
//
// Tags is a required field
Tags map[string]*string `locationName:"tags" min:"1" type:"map" required:"true"`
@@ -13876,8 +16313,9 @@ func (s TagResourceOutput) GoString() string {
return s.String()
}
-// A property that allows a node to repel a set of pods. For more information,
-// see Node taints on managed node groups (https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html).
+// A property that allows a node to repel a Pod. For more information, see Node
+// taints on managed node groups (https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html)
+// in the Amazon EKS User Guide.
type Taint struct {
_ struct{} `type:"structure"`
@@ -14024,14 +16462,12 @@ func (s *UnsupportedAvailabilityZoneException) RequestID() string {
type UntagResourceInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // The Amazon Resource Name (ARN) of the resource from which to delete tags.
- // Currently, the supported resources are Amazon EKS clusters and managed node
- // groups.
+ // The Amazon Resource Name (ARN) of the resource to delete tags from.
//
// ResourceArn is a required field
ResourceArn *string `location:"uri" locationName:"resourceArn" type:"string" required:"true"`
- // The keys of the tags to be removed.
+ // The keys of the tags to remove.
//
// TagKeys is a required field
TagKeys []*string `location:"querystring" locationName:"tagKeys" min:"1" type:"list" required:"true"`
@@ -14115,7 +16551,7 @@ func (s UntagResourceOutput) GoString() string {
type Update struct {
_ struct{} `type:"structure"`
- // The Unix epoch timestamp in seconds for when the update was created.
+ // The Unix epoch timestamp at object creation.
CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
// Any errors associated with a Failed update.
@@ -14188,6 +16624,183 @@ func (s *Update) SetType(v string) *Update {
return s
}
+// The access configuration information for the cluster.
+type UpdateAccessConfigRequest struct {
+ _ struct{} `type:"structure"`
+
+ // The desired authentication mode for the cluster.
+ AuthenticationMode *string `locationName:"authenticationMode" type:"string" enum:"AuthenticationMode"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessConfigRequest) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessConfigRequest) GoString() string {
+ return s.String()
+}
+
+// SetAuthenticationMode sets the AuthenticationMode field's value.
+func (s *UpdateAccessConfigRequest) SetAuthenticationMode(v string) *UpdateAccessConfigRequest {
+ s.AuthenticationMode = &v
+ return s
+}
+
+type UpdateAccessEntryInput struct {
+ _ struct{} `type:"structure"`
+
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
+ // of the request.
+ ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
+
+ // The name of your cluster.
+ //
+ // ClusterName is a required field
+ ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
+
+ // The value for name that you've specified for kind: Group as a subject in
+ // a Kubernetes RoleBinding or ClusterRoleBinding object. Amazon EKS doesn't
+ // confirm that the value for name exists in any bindings on your cluster. You
+ // can specify one or more names.
+ //
+ // Kubernetes authorizes the principalArn of the access entry to access any
+ // cluster objects that you've specified in a Kubernetes Role or ClusterRole
+ // object that is also specified in a binding's roleRef. For more information
+ // about creating Kubernetes RoleBinding, ClusterRoleBinding, Role, or ClusterRole
+ // objects, see Using RBAC Authorization in the Kubernetes documentation (https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
+ //
+ // If you want Amazon EKS to authorize the principalArn (instead of, or in addition
+ // to Kubernetes authorizing the principalArn), you can associate one or more
+ // access policies to the access entry using AssociateAccessPolicy. If you associate
+ // any access policies, the principalARN has all permissions assigned in the
+ // associated access policies and all permissions in any Kubernetes Role or
+ // ClusterRole objects that the group names are bound to.
+ KubernetesGroups []*string `locationName:"kubernetesGroups" type:"list"`
+
+ // The ARN of the IAM principal for the AccessEntry.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `location:"uri" locationName:"principalArn" type:"string" required:"true"`
+
+ // The username to authenticate to Kubernetes with. We recommend not specifying
+ // a username and letting Amazon EKS specify it for you. For more information
+ // about the value Amazon EKS specifies for you, or constraints before specifying
+ // your own username, see Creating access entries (https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries)
+ // in the Amazon EKS User Guide.
+ Username *string `locationName:"username" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessEntryInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessEntryInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateAccessEntryInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateAccessEntryInput"}
+ if s.ClusterName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClusterName"))
+ }
+ if s.ClusterName != nil && len(*s.ClusterName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClusterName", 1))
+ }
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.PrincipalArn != nil && len(*s.PrincipalArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientRequestToken sets the ClientRequestToken field's value.
+func (s *UpdateAccessEntryInput) SetClientRequestToken(v string) *UpdateAccessEntryInput {
+ s.ClientRequestToken = &v
+ return s
+}
+
+// SetClusterName sets the ClusterName field's value.
+func (s *UpdateAccessEntryInput) SetClusterName(v string) *UpdateAccessEntryInput {
+ s.ClusterName = &v
+ return s
+}
+
+// SetKubernetesGroups sets the KubernetesGroups field's value.
+func (s *UpdateAccessEntryInput) SetKubernetesGroups(v []*string) *UpdateAccessEntryInput {
+ s.KubernetesGroups = v
+ return s
+}
+
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *UpdateAccessEntryInput) SetPrincipalArn(v string) *UpdateAccessEntryInput {
+ s.PrincipalArn = &v
+ return s
+}
+
+// SetUsername sets the Username field's value.
+func (s *UpdateAccessEntryInput) SetUsername(v string) *UpdateAccessEntryInput {
+ s.Username = &v
+ return s
+}
+
+type UpdateAccessEntryOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The ARN of the IAM principal for the AccessEntry.
+ AccessEntry *AccessEntry `locationName:"accessEntry" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessEntryOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessEntryOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessEntry sets the AccessEntry field's value.
+func (s *UpdateAccessEntryOutput) SetAccessEntry(v *AccessEntry) *UpdateAccessEntryOutput {
+ s.AccessEntry = v
+ return s
+}
+
type UpdateAddonInput struct {
_ struct{} `type:"structure"`
@@ -14201,18 +16814,17 @@ type UpdateAddonInput struct {
// by DescribeAddonVersions (https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html).
AddonVersion *string `locationName:"addonVersion" type:"string"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the cluster.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" min:"1" type:"string" required:"true"`
// The set of configuration values for the add-on that's created. The values
- // that you provide are validated against the schema in DescribeAddonConfiguration
- // (https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonConfiguration.html).
+ // that you provide are validated against the schema returned by DescribeAddonConfiguration.
ConfigurationValues *string `locationName:"configurationValues" type:"string"`
// How to resolve field value conflicts for an Amazon EKS add-on if you've changed
@@ -14362,7 +16974,10 @@ func (s *UpdateAddonOutput) SetUpdate(v *Update) *UpdateAddonOutput {
type UpdateClusterConfigInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // The access configuration for the cluster.
+ AccessConfig *UpdateAccessConfigRequest `locationName:"accessConfig" type:"structure"`
+
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
@@ -14420,6 +17035,12 @@ func (s *UpdateClusterConfigInput) Validate() error {
return nil
}
+// SetAccessConfig sets the AccessConfig field's value.
+func (s *UpdateClusterConfigInput) SetAccessConfig(v *UpdateAccessConfigRequest) *UpdateClusterConfigInput {
+ s.AccessConfig = v
+ return s
+}
+
// SetClientRequestToken sets the ClientRequestToken field's value.
func (s *UpdateClusterConfigInput) SetClientRequestToken(v string) *UpdateClusterConfigInput {
s.ClientRequestToken = &v
@@ -14478,7 +17099,7 @@ func (s *UpdateClusterConfigOutput) SetUpdate(v *Update) *UpdateClusterConfigOut
type UpdateClusterVersionInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
@@ -14686,10 +17307,10 @@ func (s *UpdateEksAnywhereSubscriptionOutput) SetSubscription(v *EksAnywhereSubs
type UpdateLabelsPayload struct {
_ struct{} `type:"structure"`
- // Kubernetes labels to be added or updated.
+ // The Kubernetes labels to add or update.
AddOrUpdateLabels map[string]*string `locationName:"addOrUpdateLabels" type:"map"`
- // Kubernetes labels to be removed.
+ // The Kubernetes labels to remove.
RemoveLabels []*string `locationName:"removeLabels" type:"list"`
}
@@ -14726,17 +17347,16 @@ func (s *UpdateLabelsPayload) SetRemoveLabels(v []*string) *UpdateLabelsPayload
type UpdateNodegroupConfigInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the Amazon EKS cluster that the managed node group resides in.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // The Kubernetes labels to be applied to the nodes in the node group after
- // the update.
+ // The Kubernetes labels to apply to the nodes in the node group after the update.
Labels *UpdateLabelsPayload `locationName:"labels" type:"structure"`
// The name of the managed node group to update.
@@ -14887,20 +17507,19 @@ func (s *UpdateNodegroupConfigOutput) SetUpdate(v *Update) *UpdateNodegroupConfi
type UpdateNodegroupVersionInput struct {
_ struct{} `type:"structure"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
- // The name of the Amazon EKS cluster that is associated with the managed node
- // group to update.
+ // The name of your cluster.
//
// ClusterName is a required field
ClusterName *string `location:"uri" locationName:"name" type:"string" required:"true"`
- // Force the update if the existing node group's pods are unable to be drained
- // due to a pod disruption budget issue. If an update fails because pods could
- // not be drained, you can force the update after it fails to terminate the
- // old node whether or not any pods are running on the node.
+ // Force the update if any Pod on the existing node group can't be drained due
+ // to a Pod disruption budget issue. If an update fails because all Pods can't
+ // be drained, you can force the update after it fails to terminate the old
+ // node whether or not any Pod is running on the node.
Force *bool `locationName:"force" type:"boolean"`
// An object representing a node group's launch template specification. You
@@ -15102,7 +17721,7 @@ type UpdatePodIdentityAssociationInput struct {
// AssociationId is a required field
AssociationId *string `location:"uri" locationName:"associationId" type:"string" required:"true"`
- // Unique, case-sensitive identifier that you provide to ensure the idempotency
+ // A unique, case-sensitive identifier that you provide to ensure the idempotency
// of the request.
ClientRequestToken *string `locationName:"clientRequestToken" type:"string" idempotencyToken:"true"`
@@ -15211,7 +17830,8 @@ func (s *UpdatePodIdentityAssociationOutput) SetAssociation(v *PodIdentityAssoci
}
// An object representing the details of an update to a taints payload. For
-// more information, see Node taints on managed node groups (https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html).
+// more information, see Node taints on managed node groups (https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html)
+// in the Amazon EKS User Guide.
type UpdateTaintsPayload struct {
_ struct{} `type:"structure"`
@@ -15309,9 +17929,9 @@ type VpcConfigRequest struct {
// The CIDR blocks that are allowed access to your cluster's public Kubernetes
// API server endpoint. Communication to the endpoint from addresses outside
// of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0.
- // If you've disabled private endpoint access and you have nodes or Fargate
- // pods in the cluster, then ensure that you specify the necessary CIDR blocks.
- // For more information, see Amazon EKS cluster endpoint access control (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html)
+ // If you've disabled private endpoint access, make sure that you specify the
+ // necessary CIDR blocks for every node and Fargate Pod in the cluster. For
+ // more information, see Amazon EKS cluster endpoint access control (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html)
// in the Amazon EKS User Guide .
PublicAccessCidrs []*string `locationName:"publicAccessCidrs" type:"list"`
@@ -15398,19 +18018,11 @@ type VpcConfigResponse struct {
// in the Amazon EKS User Guide .
EndpointPrivateAccess *bool `locationName:"endpointPrivateAccess" type:"boolean"`
- // This parameter indicates whether the Amazon EKS public API server endpoint
- // is enabled. If the Amazon EKS public API server endpoint is disabled, your
- // cluster's Kubernetes API server can only receive requests that originate
- // from within the cluster VPC.
+ // Whether the public API server endpoint is enabled.
EndpointPublicAccess *bool `locationName:"endpointPublicAccess" type:"boolean"`
// The CIDR blocks that are allowed access to your cluster's public Kubernetes
- // API server endpoint. Communication to the endpoint from addresses outside
- // of the listed CIDR blocks is denied. The default value is 0.0.0.0/0. If you've
- // disabled private endpoint access and you have nodes or Fargate pods in the
- // cluster, then ensure that the necessary CIDR blocks are listed. For more
- // information, see Amazon EKS cluster endpoint access control (https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html)
- // in the Amazon EKS User Guide .
+ // API server endpoint.
PublicAccessCidrs []*string `locationName:"publicAccessCidrs" type:"list"`
// The security groups associated with the cross-account elastic network interfaces
@@ -15541,6 +18153,22 @@ func AMITypes_Values() []string {
}
}
+const (
+ // AccessScopeTypeCluster is a AccessScopeType enum value
+ AccessScopeTypeCluster = "cluster"
+
+ // AccessScopeTypeNamespace is a AccessScopeType enum value
+ AccessScopeTypeNamespace = "namespace"
+)
+
+// AccessScopeType_Values returns all elements of the AccessScopeType enum
+func AccessScopeType_Values() []string {
+ return []string{
+ AccessScopeTypeCluster,
+ AccessScopeTypeNamespace,
+ }
+}
+
const (
// AddonIssueCodeAccessDenied is a AddonIssueCode enum value
AddonIssueCodeAccessDenied = "AccessDenied"
@@ -15621,6 +18249,26 @@ func AddonStatus_Values() []string {
}
}
+const (
+ // AuthenticationModeApi is a AuthenticationMode enum value
+ AuthenticationModeApi = "API"
+
+ // AuthenticationModeApiAndConfigMap is a AuthenticationMode enum value
+ AuthenticationModeApiAndConfigMap = "API_AND_CONFIG_MAP"
+
+ // AuthenticationModeConfigMap is a AuthenticationMode enum value
+ AuthenticationModeConfigMap = "CONFIG_MAP"
+)
+
+// AuthenticationMode_Values returns all elements of the AuthenticationMode enum
+func AuthenticationMode_Values() []string {
+ return []string{
+ AuthenticationModeApi,
+ AuthenticationModeApiAndConfigMap,
+ AuthenticationModeConfigMap,
+ }
+}
+
const (
// CapacityTypesOnDemand is a CapacityTypes enum value
CapacityTypesOnDemand = "ON_DEMAND"
@@ -16315,6 +18963,9 @@ const (
// UpdateParamTypeSubnets is a UpdateParamType enum value
UpdateParamTypeSubnets = "Subnets"
+
+ // UpdateParamTypeAuthenticationMode is a UpdateParamType enum value
+ UpdateParamTypeAuthenticationMode = "AuthenticationMode"
)
// UpdateParamType_Values returns all elements of the UpdateParamType enum
@@ -16346,6 +18997,7 @@ func UpdateParamType_Values() []string {
UpdateParamTypeConfigurationValues,
UpdateParamTypeSecurityGroups,
UpdateParamTypeSubnets,
+ UpdateParamTypeAuthenticationMode,
}
}
@@ -16400,6 +19052,9 @@ const (
// UpdateTypeVpcConfigUpdate is a UpdateType enum value
UpdateTypeVpcConfigUpdate = "VpcConfigUpdate"
+
+ // UpdateTypeAccessConfigUpdate is a UpdateType enum value
+ UpdateTypeAccessConfigUpdate = "AccessConfigUpdate"
)
// UpdateType_Values returns all elements of the UpdateType enum
@@ -16414,5 +19069,6 @@ func UpdateType_Values() []string {
UpdateTypeAssociateEncryptionConfig,
UpdateTypeAddonUpdate,
UpdateTypeVpcConfigUpdate,
+ UpdateTypeAccessConfigUpdate,
}
}
diff --git a/service/eks/doc.go b/service/eks/doc.go
index e8bcc7e905b..13c520f5fca 100644
--- a/service/eks/doc.go
+++ b/service/eks/doc.go
@@ -5,8 +5,8 @@
//
// Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that
// makes it easy for you to run Kubernetes on Amazon Web Services without needing
-// to stand up or maintain your own Kubernetes control plane. Kubernetes is
-// an open-source system for automating the deployment, scaling, and management
+// to setup or maintain your own Kubernetes control plane. Kubernetes is an
+// open-source system for automating the deployment, scaling, and management
// of containerized applications.
//
// Amazon EKS runs up-to-date versions of the open-source Kubernetes software,
diff --git a/service/eks/eksiface/interface.go b/service/eks/eksiface/interface.go
index 2f090e2f0bc..283f5ffcc26 100644
--- a/service/eks/eksiface/interface.go
+++ b/service/eks/eksiface/interface.go
@@ -26,7 +26,7 @@ import (
// // myFunc uses an SDK service client to make a request to
// // Amazon Elastic Kubernetes Service.
// func myFunc(svc eksiface.EKSAPI) bool {
-// // Make svc.AssociateEncryptionConfig request
+// // Make svc.AssociateAccessPolicy request
// }
//
// func main() {
@@ -42,7 +42,7 @@ import (
// type mockEKSClient struct {
// eksiface.EKSAPI
// }
-// func (m *mockEKSClient) AssociateEncryptionConfig(input *eks.AssociateEncryptionConfigInput) (*eks.AssociateEncryptionConfigOutput, error) {
+// func (m *mockEKSClient) AssociateAccessPolicy(input *eks.AssociateAccessPolicyInput) (*eks.AssociateAccessPolicyOutput, error) {
// // mock response/functionality
// }
//
@@ -60,6 +60,10 @@ import (
// and waiters. Its suggested to use the pattern above for testing, or using
// tooling to generate mocks to satisfy the interfaces.
type EKSAPI interface {
+ AssociateAccessPolicy(*eks.AssociateAccessPolicyInput) (*eks.AssociateAccessPolicyOutput, error)
+ AssociateAccessPolicyWithContext(aws.Context, *eks.AssociateAccessPolicyInput, ...request.Option) (*eks.AssociateAccessPolicyOutput, error)
+ AssociateAccessPolicyRequest(*eks.AssociateAccessPolicyInput) (*request.Request, *eks.AssociateAccessPolicyOutput)
+
AssociateEncryptionConfig(*eks.AssociateEncryptionConfigInput) (*eks.AssociateEncryptionConfigOutput, error)
AssociateEncryptionConfigWithContext(aws.Context, *eks.AssociateEncryptionConfigInput, ...request.Option) (*eks.AssociateEncryptionConfigOutput, error)
AssociateEncryptionConfigRequest(*eks.AssociateEncryptionConfigInput) (*request.Request, *eks.AssociateEncryptionConfigOutput)
@@ -68,6 +72,10 @@ type EKSAPI interface {
AssociateIdentityProviderConfigWithContext(aws.Context, *eks.AssociateIdentityProviderConfigInput, ...request.Option) (*eks.AssociateIdentityProviderConfigOutput, error)
AssociateIdentityProviderConfigRequest(*eks.AssociateIdentityProviderConfigInput) (*request.Request, *eks.AssociateIdentityProviderConfigOutput)
+ CreateAccessEntry(*eks.CreateAccessEntryInput) (*eks.CreateAccessEntryOutput, error)
+ CreateAccessEntryWithContext(aws.Context, *eks.CreateAccessEntryInput, ...request.Option) (*eks.CreateAccessEntryOutput, error)
+ CreateAccessEntryRequest(*eks.CreateAccessEntryInput) (*request.Request, *eks.CreateAccessEntryOutput)
+
CreateAddon(*eks.CreateAddonInput) (*eks.CreateAddonOutput, error)
CreateAddonWithContext(aws.Context, *eks.CreateAddonInput, ...request.Option) (*eks.CreateAddonOutput, error)
CreateAddonRequest(*eks.CreateAddonInput) (*request.Request, *eks.CreateAddonOutput)
@@ -92,6 +100,10 @@ type EKSAPI interface {
CreatePodIdentityAssociationWithContext(aws.Context, *eks.CreatePodIdentityAssociationInput, ...request.Option) (*eks.CreatePodIdentityAssociationOutput, error)
CreatePodIdentityAssociationRequest(*eks.CreatePodIdentityAssociationInput) (*request.Request, *eks.CreatePodIdentityAssociationOutput)
+ DeleteAccessEntry(*eks.DeleteAccessEntryInput) (*eks.DeleteAccessEntryOutput, error)
+ DeleteAccessEntryWithContext(aws.Context, *eks.DeleteAccessEntryInput, ...request.Option) (*eks.DeleteAccessEntryOutput, error)
+ DeleteAccessEntryRequest(*eks.DeleteAccessEntryInput) (*request.Request, *eks.DeleteAccessEntryOutput)
+
DeleteAddon(*eks.DeleteAddonInput) (*eks.DeleteAddonOutput, error)
DeleteAddonWithContext(aws.Context, *eks.DeleteAddonInput, ...request.Option) (*eks.DeleteAddonOutput, error)
DeleteAddonRequest(*eks.DeleteAddonInput) (*request.Request, *eks.DeleteAddonOutput)
@@ -120,6 +132,10 @@ type EKSAPI interface {
DeregisterClusterWithContext(aws.Context, *eks.DeregisterClusterInput, ...request.Option) (*eks.DeregisterClusterOutput, error)
DeregisterClusterRequest(*eks.DeregisterClusterInput) (*request.Request, *eks.DeregisterClusterOutput)
+ DescribeAccessEntry(*eks.DescribeAccessEntryInput) (*eks.DescribeAccessEntryOutput, error)
+ DescribeAccessEntryWithContext(aws.Context, *eks.DescribeAccessEntryInput, ...request.Option) (*eks.DescribeAccessEntryOutput, error)
+ DescribeAccessEntryRequest(*eks.DescribeAccessEntryInput) (*request.Request, *eks.DescribeAccessEntryOutput)
+
DescribeAddon(*eks.DescribeAddonInput) (*eks.DescribeAddonOutput, error)
DescribeAddonWithContext(aws.Context, *eks.DescribeAddonInput, ...request.Option) (*eks.DescribeAddonOutput, error)
DescribeAddonRequest(*eks.DescribeAddonInput) (*request.Request, *eks.DescribeAddonOutput)
@@ -163,10 +179,28 @@ type EKSAPI interface {
DescribeUpdateWithContext(aws.Context, *eks.DescribeUpdateInput, ...request.Option) (*eks.DescribeUpdateOutput, error)
DescribeUpdateRequest(*eks.DescribeUpdateInput) (*request.Request, *eks.DescribeUpdateOutput)
+ DisassociateAccessPolicy(*eks.DisassociateAccessPolicyInput) (*eks.DisassociateAccessPolicyOutput, error)
+ DisassociateAccessPolicyWithContext(aws.Context, *eks.DisassociateAccessPolicyInput, ...request.Option) (*eks.DisassociateAccessPolicyOutput, error)
+ DisassociateAccessPolicyRequest(*eks.DisassociateAccessPolicyInput) (*request.Request, *eks.DisassociateAccessPolicyOutput)
+
DisassociateIdentityProviderConfig(*eks.DisassociateIdentityProviderConfigInput) (*eks.DisassociateIdentityProviderConfigOutput, error)
DisassociateIdentityProviderConfigWithContext(aws.Context, *eks.DisassociateIdentityProviderConfigInput, ...request.Option) (*eks.DisassociateIdentityProviderConfigOutput, error)
DisassociateIdentityProviderConfigRequest(*eks.DisassociateIdentityProviderConfigInput) (*request.Request, *eks.DisassociateIdentityProviderConfigOutput)
+ ListAccessEntries(*eks.ListAccessEntriesInput) (*eks.ListAccessEntriesOutput, error)
+ ListAccessEntriesWithContext(aws.Context, *eks.ListAccessEntriesInput, ...request.Option) (*eks.ListAccessEntriesOutput, error)
+ ListAccessEntriesRequest(*eks.ListAccessEntriesInput) (*request.Request, *eks.ListAccessEntriesOutput)
+
+ ListAccessEntriesPages(*eks.ListAccessEntriesInput, func(*eks.ListAccessEntriesOutput, bool) bool) error
+ ListAccessEntriesPagesWithContext(aws.Context, *eks.ListAccessEntriesInput, func(*eks.ListAccessEntriesOutput, bool) bool, ...request.Option) error
+
+ ListAccessPolicies(*eks.ListAccessPoliciesInput) (*eks.ListAccessPoliciesOutput, error)
+ ListAccessPoliciesWithContext(aws.Context, *eks.ListAccessPoliciesInput, ...request.Option) (*eks.ListAccessPoliciesOutput, error)
+ ListAccessPoliciesRequest(*eks.ListAccessPoliciesInput) (*request.Request, *eks.ListAccessPoliciesOutput)
+
+ ListAccessPoliciesPages(*eks.ListAccessPoliciesInput, func(*eks.ListAccessPoliciesOutput, bool) bool) error
+ ListAccessPoliciesPagesWithContext(aws.Context, *eks.ListAccessPoliciesInput, func(*eks.ListAccessPoliciesOutput, bool) bool, ...request.Option) error
+
ListAddons(*eks.ListAddonsInput) (*eks.ListAddonsOutput, error)
ListAddonsWithContext(aws.Context, *eks.ListAddonsInput, ...request.Option) (*eks.ListAddonsOutput, error)
ListAddonsRequest(*eks.ListAddonsInput) (*request.Request, *eks.ListAddonsOutput)
@@ -174,6 +208,13 @@ type EKSAPI interface {
ListAddonsPages(*eks.ListAddonsInput, func(*eks.ListAddonsOutput, bool) bool) error
ListAddonsPagesWithContext(aws.Context, *eks.ListAddonsInput, func(*eks.ListAddonsOutput, bool) bool, ...request.Option) error
+ ListAssociatedAccessPolicies(*eks.ListAssociatedAccessPoliciesInput) (*eks.ListAssociatedAccessPoliciesOutput, error)
+ ListAssociatedAccessPoliciesWithContext(aws.Context, *eks.ListAssociatedAccessPoliciesInput, ...request.Option) (*eks.ListAssociatedAccessPoliciesOutput, error)
+ ListAssociatedAccessPoliciesRequest(*eks.ListAssociatedAccessPoliciesInput) (*request.Request, *eks.ListAssociatedAccessPoliciesOutput)
+
+ ListAssociatedAccessPoliciesPages(*eks.ListAssociatedAccessPoliciesInput, func(*eks.ListAssociatedAccessPoliciesOutput, bool) bool) error
+ ListAssociatedAccessPoliciesPagesWithContext(aws.Context, *eks.ListAssociatedAccessPoliciesInput, func(*eks.ListAssociatedAccessPoliciesOutput, bool) bool, ...request.Option) error
+
ListClusters(*eks.ListClustersInput) (*eks.ListClustersOutput, error)
ListClustersWithContext(aws.Context, *eks.ListClustersInput, ...request.Option) (*eks.ListClustersOutput, error)
ListClustersRequest(*eks.ListClustersInput) (*request.Request, *eks.ListClustersOutput)
@@ -239,6 +280,10 @@ type EKSAPI interface {
UntagResourceWithContext(aws.Context, *eks.UntagResourceInput, ...request.Option) (*eks.UntagResourceOutput, error)
UntagResourceRequest(*eks.UntagResourceInput) (*request.Request, *eks.UntagResourceOutput)
+ UpdateAccessEntry(*eks.UpdateAccessEntryInput) (*eks.UpdateAccessEntryOutput, error)
+ UpdateAccessEntryWithContext(aws.Context, *eks.UpdateAccessEntryInput, ...request.Option) (*eks.UpdateAccessEntryOutput, error)
+ UpdateAccessEntryRequest(*eks.UpdateAccessEntryInput) (*request.Request, *eks.UpdateAccessEntryOutput)
+
UpdateAddon(*eks.UpdateAddonInput) (*eks.UpdateAddonOutput, error)
UpdateAddonWithContext(aws.Context, *eks.UpdateAddonInput, ...request.Option) (*eks.UpdateAddonOutput, error)
UpdateAddonRequest(*eks.UpdateAddonInput) (*request.Request, *eks.UpdateAddonOutput)
diff --git a/service/eks/errors.go b/service/eks/errors.go
index ad8048119db..8f3bb3a3c19 100644
--- a/service/eks/errors.go
+++ b/service/eks/errors.go
@@ -73,7 +73,7 @@ const (
//
// The specified resource could not be found. You can view your available clusters
// with ListClusters. You can view your available managed node groups with ListNodegroups.
- // Amazon EKS clusters and node groups are Region-specific.
+ // Amazon EKS clusters and node groups are Amazon Web Services Region specific.
ErrCodeResourceNotFoundException = "ResourceNotFoundException"
// ErrCodeResourcePropagationDelayException for service response error code
diff --git a/service/quicksight/api.go b/service/quicksight/api.go
index 749f91fe4ef..7386b7e33f1 100644
--- a/service/quicksight/api.go
+++ b/service/quicksight/api.go
@@ -1062,7 +1062,7 @@ func (c *QuickSight) CreateGroupRequest(input *CreateGroupInput) (req *request.R
//
// Use the CreateGroup operation to create a group in Amazon QuickSight. You
// can create up to 10,000 groups in a namespace. If you want to create more
-// than 10,000 groups in a namespace, contact AWS Support.
+// than 10,000 groups in a namespace, contact Amazon Web Services Support.
//
// The permissions resource is arn:aws:quicksight:::group/default/ .
//
diff --git a/service/route53resolver/api.go b/service/route53resolver/api.go
index f54d669cea9..a9d0d845958 100644
--- a/service/route53resolver/api.go
+++ b/service/route53resolver/api.go
@@ -71,8 +71,8 @@ func (c *Route53Resolver) AssociateFirewallRuleGroupRequest(input *AssociateFire
// The specified resource doesn't exist.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - LimitExceededException
// The request caused one or more limits to be exceeded.
@@ -491,8 +491,8 @@ func (c *Route53Resolver) CreateFirewallDomainListRequest(input *CreateFirewallD
// The request caused one or more limits to be exceeded.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -585,8 +585,8 @@ func (c *Route53Resolver) CreateFirewallRuleRequest(input *CreateFirewallRuleInp
// The specified resource doesn't exist.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - LimitExceededException
// The request caused one or more limits to be exceeded.
@@ -682,8 +682,8 @@ func (c *Route53Resolver) CreateFirewallRuleGroupRequest(input *CreateFirewallRu
// The request caused one or more limits to be exceeded.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -760,7 +760,7 @@ func (c *Route53Resolver) CreateOutpostResolverRequest(input *CreateOutpostResol
// CreateOutpostResolver API operation for Amazon Route 53 Resolver.
//
-// Creates an Route 53 Resolver on an Outpost.
+// Creates a Route 53 Resolver on an Outpost.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -788,8 +788,8 @@ func (c *Route53Resolver) CreateOutpostResolverRequest(input *CreateOutpostResol
// The request was throttled. Try again in a few minutes.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateOutpostResolver
func (c *Route53Resolver) CreateOutpostResolver(input *CreateOutpostResolverInput) (*CreateOutpostResolverOutput, error) {
@@ -886,6 +886,10 @@ func (c *Route53Resolver) CreateResolverEndpointRequest(input *CreateResolverEnd
// - ResourceExistsException
// The resource that you tried to create already exists.
//
+// - AccessDeniedException
+// The current account doesn't have the IAM permissions required to perform
+// the specified Resolver operation.
+//
// - LimitExceededException
// The request caused one or more limits to be exceeded.
//
@@ -1107,6 +1111,10 @@ func (c *Route53Resolver) CreateResolverRuleRequest(input *CreateResolverRuleInp
// - InternalServiceErrorException
// We encountered an unknown error. Try again in a few minutes.
//
+// - AccessDeniedException
+// The current account doesn't have the IAM permissions required to perform
+// the specified Resolver operation.
+//
// - ThrottlingException
// The request was throttled. Try again in a few minutes.
//
@@ -1378,8 +1386,8 @@ func (c *Route53Resolver) DeleteFirewallRuleGroupRequest(input *DeleteFirewallRu
// import domains into a domain list that is in the process of being deleted.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -1486,8 +1494,8 @@ func (c *Route53Resolver) DeleteOutpostResolverRequest(input *DeleteOutpostResol
// The request was throttled. Try again in a few minutes.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteOutpostResolver
func (c *Route53Resolver) DeleteOutpostResolver(input *DeleteOutpostResolverInput) (*DeleteOutpostResolverOutput, error) {
@@ -1869,8 +1877,8 @@ func (c *Route53Resolver) DisassociateFirewallRuleGroupRequest(input *Disassocia
// The specified resource doesn't exist.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -2274,8 +2282,8 @@ func (c *Route53Resolver) GetFirewallConfigRequest(input *GetFirewallConfigInput
// The request was throttled. Try again in a few minutes.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallConfig
func (c *Route53Resolver) GetFirewallConfig(input *GetFirewallConfigInput) (*GetFirewallConfigOutput, error) {
@@ -2626,8 +2634,8 @@ func (c *Route53Resolver) GetFirewallRuleGroupPolicyRequest(input *GetFirewallRu
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - ResourceNotFoundException
// The specified resource doesn't exist.
@@ -2733,8 +2741,8 @@ func (c *Route53Resolver) GetOutpostResolverRequest(input *GetOutpostResolverInp
// The request was throttled. Try again in a few minutes.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetOutpostResolver
func (c *Route53Resolver) GetOutpostResolver(input *GetOutpostResolverInput) (*GetOutpostResolverOutput, error) {
@@ -2830,8 +2838,8 @@ func (c *Route53Resolver) GetResolverConfigRequest(input *GetResolverConfigInput
// the specified Resolver operation.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverConfig
func (c *Route53Resolver) GetResolverConfig(input *GetResolverConfigInput) (*GetResolverConfigOutput, error) {
@@ -3666,8 +3674,8 @@ func (c *Route53Resolver) ImportFirewallDomainsRequest(input *ImportFirewallDoma
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -3777,8 +3785,8 @@ func (c *Route53Resolver) ListFirewallConfigsRequest(input *ListFirewallConfigsI
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -3929,8 +3937,8 @@ func (c *Route53Resolver) ListFirewallDomainListsRequest(input *ListFirewallDoma
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -4083,8 +4091,8 @@ func (c *Route53Resolver) ListFirewallDomainsRequest(input *ListFirewallDomainsI
// The specified resource doesn't exist.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -4234,8 +4242,8 @@ func (c *Route53Resolver) ListFirewallRuleGroupAssociationsRequest(input *ListFi
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -4385,8 +4393,8 @@ func (c *Route53Resolver) ListFirewallRuleGroupsRequest(input *ListFirewallRuleG
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -4540,8 +4548,8 @@ func (c *Route53Resolver) ListFirewallRulesRequest(input *ListFirewallRulesInput
// The specified resource doesn't exist.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -4701,8 +4709,8 @@ func (c *Route53Resolver) ListOutpostResolversRequest(input *ListOutpostResolver
// The request was throttled. Try again in a few minutes.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListOutpostResolvers
func (c *Route53Resolver) ListOutpostResolvers(input *ListOutpostResolversInput) (*ListOutpostResolversOutput, error) {
@@ -4858,8 +4866,8 @@ func (c *Route53Resolver) ListResolverConfigsRequest(input *ListResolverConfigsI
// the specified Resolver operation.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListResolverConfigs
func (c *Route53Resolver) ListResolverConfigs(input *ListResolverConfigsInput) (*ListResolverConfigsOutput, error) {
@@ -6197,8 +6205,8 @@ func (c *Route53Resolver) PutFirewallRuleGroupPolicyRequest(input *PutFirewallRu
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - ResourceNotFoundException
// The specified resource doesn't exist.
@@ -6673,8 +6681,8 @@ func (c *Route53Resolver) UpdateFirewallConfigRequest(input *UpdateFirewallConfi
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - ResourceNotFoundException
// The specified resource doesn't exist.
@@ -6766,8 +6774,8 @@ func (c *Route53Resolver) UpdateFirewallDomainsRequest(input *UpdateFirewallDoma
// Returned Error Types:
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - AccessDeniedException
// The current account doesn't have the IAM permissions required to perform
@@ -6870,8 +6878,8 @@ func (c *Route53Resolver) UpdateFirewallRuleRequest(input *UpdateFirewallRuleInp
// The specified resource doesn't exist.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - ConflictException
// The requested state transition isn't valid. For example, you can't delete
@@ -6969,8 +6977,8 @@ func (c *Route53Resolver) UpdateFirewallRuleGroupAssociationRequest(input *Updat
// The specified resource doesn't exist.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// - ConflictException
// The requested state transition isn't valid. For example, you can't delete
@@ -7086,8 +7094,8 @@ func (c *Route53Resolver) UpdateOutpostResolverRequest(input *UpdateOutpostResol
// The request was throttled. Try again in a few minutes.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateOutpostResolver
func (c *Route53Resolver) UpdateOutpostResolver(input *UpdateOutpostResolverInput) (*UpdateOutpostResolverOutput, error) {
@@ -7192,8 +7200,8 @@ func (c *Route53Resolver) UpdateResolverConfigRequest(input *UpdateResolverConfi
// the specified Resolver operation.
//
// - ValidationException
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateResolverConfig
func (c *Route53Resolver) UpdateResolverConfig(input *UpdateResolverConfigInput) (*UpdateResolverConfigOutput, error) {
@@ -7356,7 +7364,7 @@ func (c *Route53Resolver) UpdateResolverEndpointRequest(input *UpdateResolverEnd
// UpdateResolverEndpoint API operation for Amazon Route 53 Resolver.
//
-// Updates the name, or enpoint type for an inbound or an outbound Resolver
+// Updates the name, or endpoint type for an inbound or an outbound Resolver
// endpoint. You can only update between IPV4 and DUALSTACK, IPV6 endpoint type
// can't be updated to other type.
//
@@ -7378,6 +7386,10 @@ func (c *Route53Resolver) UpdateResolverEndpointRequest(input *UpdateResolverEnd
// - InvalidRequestException
// The request is invalid.
//
+// - AccessDeniedException
+// The current account doesn't have the IAM permissions required to perform
+// the specified Resolver operation.
+//
// - InternalServiceErrorException
// We encountered an unknown error. Try again in a few minutes.
//
@@ -7483,6 +7495,10 @@ func (c *Route53Resolver) UpdateResolverRuleRequest(input *UpdateResolverRuleInp
// - ThrottlingException
// The request was throttled. Try again in a few minutes.
//
+// - AccessDeniedException
+// The current account doesn't have the IAM permissions required to perform
+// the specified Resolver operation.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateResolverRule
func (c *Route53Resolver) UpdateResolverRule(input *UpdateResolverRuleInput) (*UpdateResolverRuleOutput, error) {
req, out := c.UpdateResolverRuleRequest(input)
@@ -8775,8 +8791,11 @@ type CreateResolverEndpointInput struct {
// (for outbound endpoints) or that you forward DNS queries to (for inbound
// endpoints). The subnet ID uniquely identifies a VPC.
//
+ // Even though the minimum is 1, Route 53 requires that you create at least
+ // two.
+ //
// IpAddresses is a required field
- IpAddresses []*IpAddressRequest `min:"1" type:"list" required:"true"`
+ IpAddresses []*IpAddressRequest `min:"2" type:"list" required:"true"`
// A friendly name that lets you easily find a configuration in the Resolver
// dashboard in the Route 53 console.
@@ -8790,6 +8809,34 @@ type CreateResolverEndpointInput struct {
// the OutpostArn.
PreferredInstanceType *string `min:"1" type:"string"`
+ // The protocols you want to use for the endpoint. DoH-FIPS is applicable for
+ // inbound endpoints only.
+ //
+ // For an inbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 and DoH-FIPS in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * DoH-FIPS alone.
+ //
+ // * None, which is treated as Do53.
+ //
+ // For an outbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * None, which is treated as Do53.
+ Protocols []*string `min:"1" type:"list" enum:"Protocol"`
+
// For the endpoint type you can choose either IPv4, IPv6, or dual-stack. A
// dual-stack endpoint means that it will resolve via both IPv4 and IPv6. This
// endpoint type is applied to all IP addresses.
@@ -8842,8 +8889,8 @@ func (s *CreateResolverEndpointInput) Validate() error {
if s.IpAddresses == nil {
invalidParams.Add(request.NewErrParamRequired("IpAddresses"))
}
- if s.IpAddresses != nil && len(s.IpAddresses) < 1 {
- invalidParams.Add(request.NewErrParamMinLen("IpAddresses", 1))
+ if s.IpAddresses != nil && len(s.IpAddresses) < 2 {
+ invalidParams.Add(request.NewErrParamMinLen("IpAddresses", 2))
}
if s.OutpostArn != nil && len(*s.OutpostArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("OutpostArn", 1))
@@ -8851,6 +8898,9 @@ func (s *CreateResolverEndpointInput) Validate() error {
if s.PreferredInstanceType != nil && len(*s.PreferredInstanceType) < 1 {
invalidParams.Add(request.NewErrParamMinLen("PreferredInstanceType", 1))
}
+ if s.Protocols != nil && len(s.Protocols) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Protocols", 1))
+ }
if s.SecurityGroupIds == nil {
invalidParams.Add(request.NewErrParamRequired("SecurityGroupIds"))
}
@@ -8917,6 +8967,12 @@ func (s *CreateResolverEndpointInput) SetPreferredInstanceType(v string) *Create
return s
}
+// SetProtocols sets the Protocols field's value.
+func (s *CreateResolverEndpointInput) SetProtocols(v []*string) *CreateResolverEndpointInput {
+ s.Protocols = v
+ return s
+}
+
// SetResolverEndpointType sets the ResolverEndpointType field's value.
func (s *CreateResolverEndpointInput) SetResolverEndpointType(v string) *CreateResolverEndpointInput {
s.ResolverEndpointType = &v
@@ -9122,9 +9178,7 @@ type CreateResolverRuleInput struct {
// specify in TargetIps. If a query matches multiple Resolver rules (example.com
// and www.example.com), outbound DNS queries are routed using the Resolver
// rule that contains the most specific domain name (www.example.com).
- //
- // DomainName is a required field
- DomainName *string `min:"1" type:"string" required:"true"`
+ DomainName *string `min:"1" type:"string"`
// A friendly name that lets you easily find a rule in the Resolver dashboard
// in the Route 53 console.
@@ -9190,9 +9244,6 @@ func (s *CreateResolverRuleInput) Validate() error {
if s.CreatorRequestId != nil && len(*s.CreatorRequestId) < 1 {
invalidParams.Add(request.NewErrParamMinLen("CreatorRequestId", 1))
}
- if s.DomainName == nil {
- invalidParams.Add(request.NewErrParamRequired("DomainName"))
- }
if s.DomainName != nil && len(*s.DomainName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("DomainName", 1))
}
@@ -14436,7 +14487,8 @@ type ListResolverDnssecConfigsOutput struct {
// An array that contains one ResolverDnssecConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_ResolverDnssecConfig.html)
// element for each configuration for DNSSEC validation that is associated with
- // the current Amazon Web Services account.
+ // the current Amazon Web Services account. It doesn't contain disabled DNSSEC
+ // configurations for the resource.
ResolverDnssecConfigs []*ResolverDnssecConfig `type:"list"`
}
@@ -16196,6 +16248,34 @@ type ResolverEndpoint struct {
// The Amazon EC2 instance type.
PreferredInstanceType *string `min:"1" type:"string"`
+ // Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints
+ // only.
+ //
+ // For an inbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 and DoH-FIPS in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * DoH-FIPS alone.
+ //
+ // * None, which is treated as Do53.
+ //
+ // For an outbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * None, which is treated as Do53.
+ Protocols []*string `min:"1" type:"list" enum:"Protocol"`
+
// The Resolver endpoint IP address type.
ResolverEndpointType *string `type:"string" enum:"ResolverEndpointType"`
@@ -16328,6 +16408,12 @@ func (s *ResolverEndpoint) SetPreferredInstanceType(v string) *ResolverEndpoint
return s
}
+// SetProtocols sets the Protocols field's value.
+func (s *ResolverEndpoint) SetProtocols(v []*string) *ResolverEndpoint {
+ s.Protocols = v
+ return s
+}
+
// SetResolverEndpointType sets the ResolverEndpointType field's value.
func (s *ResolverEndpoint) SetResolverEndpointType(v string) *ResolverEndpoint {
s.ResolverEndpointType = &v
@@ -17478,6 +17564,34 @@ type TargetAddress struct {
// The port at Ip that you want to forward DNS queries to.
Port *int64 `type:"integer"`
+
+ // The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound
+ // endpoints only.
+ //
+ // For an inbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 and DoH-FIPS in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * DoH-FIPS alone.
+ //
+ // * None, which is treated as Do53.
+ //
+ // For an outbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * None, which is treated as Do53.
+ Protocol *string `type:"string" enum:"Protocol"`
}
// String returns the string representation.
@@ -17532,6 +17646,12 @@ func (s *TargetAddress) SetPort(v int64) *TargetAddress {
return s
}
+// SetProtocol sets the Protocol field's value.
+func (s *TargetAddress) SetProtocol(v string) *TargetAddress {
+ s.Protocol = &v
+ return s
+}
+
// The request was throttled. Try again in a few minutes.
type ThrottlingException struct {
_ struct{} `type:"structure"`
@@ -18720,6 +18840,41 @@ type UpdateResolverEndpointInput struct {
// The name of the Resolver endpoint that you want to update.
Name *string `type:"string"`
+ // The protocols you want to use for the endpoint. DoH-FIPS is applicable for
+ // inbound endpoints only.
+ //
+ // For an inbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 and DoH-FIPS in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * DoH-FIPS alone.
+ //
+ // * None, which is treated as Do53.
+ //
+ // For an outbound endpoint you can apply the protocols as follows:
+ //
+ // * Do53 and DoH in combination.
+ //
+ // * Do53 alone.
+ //
+ // * DoH alone.
+ //
+ // * None, which is treated as Do53.
+ //
+ // You can't change the protocol of an inbound endpoint directly from only Do53
+ // to only DoH, or DoH-FIPS. This is to prevent a sudden disruption to incoming
+ // traffic that relies on Do53. To change the protocol from Do53 to DoH, or
+ // DoH-FIPS, you must first enable both Do53 and DoH, or Do53 and DoH-FIPS,
+ // to make sure that all incoming traffic has transferred to using the DoH protocol,
+ // or DoH-FIPS, and then remove the Do53.
+ Protocols []*string `min:"1" type:"list" enum:"Protocol"`
+
// The ID of the Resolver endpoint that you want to update.
//
// ResolverEndpointId is a required field
@@ -18758,6 +18913,9 @@ func (s UpdateResolverEndpointInput) GoString() string {
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateResolverEndpointInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateResolverEndpointInput"}
+ if s.Protocols != nil && len(s.Protocols) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Protocols", 1))
+ }
if s.ResolverEndpointId == nil {
invalidParams.Add(request.NewErrParamRequired("ResolverEndpointId"))
}
@@ -18787,6 +18945,12 @@ func (s *UpdateResolverEndpointInput) SetName(v string) *UpdateResolverEndpointI
return s
}
+// SetProtocols sets the Protocols field's value.
+func (s *UpdateResolverEndpointInput) SetProtocols(v []*string) *UpdateResolverEndpointInput {
+ s.Protocols = v
+ return s
+}
+
// SetResolverEndpointId sets the ResolverEndpointId field's value.
func (s *UpdateResolverEndpointInput) SetResolverEndpointId(v string) *UpdateResolverEndpointInput {
s.ResolverEndpointId = &v
@@ -18935,8 +19099,8 @@ func (s *UpdateResolverRuleOutput) SetResolverRule(v *ResolverRule) *UpdateResol
return s
}
-// You have provided an invalid command. Supported values are ADD, REMOVE, or
-// REPLACE a domain.
+// You have provided an invalid command. If you ran the UpdateFirewallDomains
+// request. supported values are ADD, REMOVE, or REPLACE a domain.
type ValidationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -19300,6 +19464,26 @@ func OutpostResolverStatus_Values() []string {
}
}
+const (
+ // ProtocolDoH is a Protocol enum value
+ ProtocolDoH = "DoH"
+
+ // ProtocolDo53 is a Protocol enum value
+ ProtocolDo53 = "Do53"
+
+ // ProtocolDoHFips is a Protocol enum value
+ ProtocolDoHFips = "DoH-FIPS"
+)
+
+// Protocol_Values returns all elements of the Protocol enum
+func Protocol_Values() []string {
+ return []string{
+ ProtocolDoH,
+ ProtocolDo53,
+ ProtocolDoHFips,
+ }
+}
+
const (
// ResolverAutodefinedReverseStatusEnabling is a ResolverAutodefinedReverseStatus enum value
ResolverAutodefinedReverseStatusEnabling = "ENABLING"
diff --git a/service/route53resolver/errors.go b/service/route53resolver/errors.go
index 80da1900bcc..8d028862f61 100644
--- a/service/route53resolver/errors.go
+++ b/service/route53resolver/errors.go
@@ -110,8 +110,8 @@ const (
// ErrCodeValidationException for service response error code
// "ValidationException".
//
- // You have provided an invalid command. Supported values are ADD, REMOVE, or
- // REPLACE a domain.
+ // You have provided an invalid command. If you ran the UpdateFirewallDomains
+ // request. supported values are ADD, REMOVE, or REPLACE a domain.
ErrCodeValidationException = "ValidationException"
)