feat(client-backup): This release introduces a new logically air-gapp…

…ed vault (Preview) in AWS Backup that stores immutable backup copies, which are locked by default and isolated with encryption using AWS owned keys. Logically air-gapped vault (Preview) allows secure recovery of application data across accounts.
aws · Aug 8, 2023 · 9ab7f45 · 9ab7f45
1 parent a9723dc
commit 9ab7f45
Show file tree

Hide file tree

Showing 16 changed files with 1,296 additions and 47 deletions.
diff --git a/clients/client-backup/README.md b/clients/client-backup/README.md
@@ -255,6 +255,14 @@ CreateLegalHold
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/classes/createlegalholdcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/createlegalholdcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/createlegalholdcommandoutput.html)
 
+</details>
+<details>
+<summary>
+CreateLogicallyAirGappedBackupVault
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/classes/createlogicallyairgappedbackupvaultcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/createlogicallyairgappedbackupvaultcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/createlogicallyairgappedbackupvaultcommandoutput.html)
+
 </details>
 <details>
 <summary>
@@ -599,6 +607,14 @@ ListProtectedResources
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/classes/listprotectedresourcescommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/listprotectedresourcescommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/listprotectedresourcescommandoutput.html)
 
+</details>
+<details>
+<summary>
+ListProtectedResourcesByBackupVault
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/classes/listprotectedresourcesbybackupvaultcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/listprotectedresourcesbybackupvaultcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-backup/interfaces/listprotectedresourcesbybackupvaultcommandoutput.html)
+
 </details>
 <details>
 <summary>

diff --git a/clients/client-backup/src/Backup.ts b/clients/client-backup/src/Backup.ts
@@ -33,6 +33,11 @@ import {
   CreateLegalHoldCommandInput,
   CreateLegalHoldCommandOutput,
 } from "./commands/CreateLegalHoldCommand";
+import {
+  CreateLogicallyAirGappedBackupVaultCommand,
+  CreateLogicallyAirGappedBackupVaultCommandInput,
+  CreateLogicallyAirGappedBackupVaultCommandOutput,
+} from "./commands/CreateLogicallyAirGappedBackupVaultCommand";
 import {
   CreateReportPlanCommand,
   CreateReportPlanCommandInput,
@@ -243,6 +248,11 @@ import {
   ListLegalHoldsCommandInput,
   ListLegalHoldsCommandOutput,
 } from "./commands/ListLegalHoldsCommand";
+import {
+  ListProtectedResourcesByBackupVaultCommand,
+  ListProtectedResourcesByBackupVaultCommandInput,
+  ListProtectedResourcesByBackupVaultCommandOutput,
+} from "./commands/ListProtectedResourcesByBackupVaultCommand";
 import {
   ListProtectedResourcesCommand,
   ListProtectedResourcesCommandInput,
@@ -363,6 +373,7 @@ const commands = {
   CreateBackupVaultCommand,
   CreateFrameworkCommand,
   CreateLegalHoldCommand,
+  CreateLogicallyAirGappedBackupVaultCommand,
   CreateReportPlanCommand,
   DeleteBackupPlanCommand,
   DeleteBackupSelectionCommand,
@@ -406,6 +417,7 @@ const commands = {
   ListFrameworksCommand,
   ListLegalHoldsCommand,
   ListProtectedResourcesCommand,
+  ListProtectedResourcesByBackupVaultCommand,
   ListRecoveryPointsByBackupVaultCommand,
   ListRecoveryPointsByLegalHoldCommand,
   ListRecoveryPointsByResourceCommand,
@@ -525,6 +537,23 @@ export interface Backup {
     cb: (err: any, data?: CreateLegalHoldCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link CreateLogicallyAirGappedBackupVaultCommand}
+   */
+  createLogicallyAirGappedBackupVault(
+    args: CreateLogicallyAirGappedBackupVaultCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<CreateLogicallyAirGappedBackupVaultCommandOutput>;
+  createLogicallyAirGappedBackupVault(
+    args: CreateLogicallyAirGappedBackupVaultCommandInput,
+    cb: (err: any, data?: CreateLogicallyAirGappedBackupVaultCommandOutput) => void
+  ): void;
+  createLogicallyAirGappedBackupVault(
+    args: CreateLogicallyAirGappedBackupVaultCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: CreateLogicallyAirGappedBackupVaultCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link CreateReportPlanCommand}
    */
@@ -1220,6 +1249,23 @@ export interface Backup {
     cb: (err: any, data?: ListProtectedResourcesCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link ListProtectedResourcesByBackupVaultCommand}
+   */
+  listProtectedResourcesByBackupVault(
+    args: ListProtectedResourcesByBackupVaultCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<ListProtectedResourcesByBackupVaultCommandOutput>;
+  listProtectedResourcesByBackupVault(
+    args: ListProtectedResourcesByBackupVaultCommandInput,
+    cb: (err: any, data?: ListProtectedResourcesByBackupVaultCommandOutput) => void
+  ): void;
+  listProtectedResourcesByBackupVault(
+    args: ListProtectedResourcesByBackupVaultCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: ListProtectedResourcesByBackupVaultCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link ListRecoveryPointsByBackupVaultCommand}
    */

diff --git a/clients/client-backup/src/BackupClient.ts b/clients/client-backup/src/BackupClient.ts
@@ -59,6 +59,10 @@ import {
 import { CreateBackupVaultCommandInput, CreateBackupVaultCommandOutput } from "./commands/CreateBackupVaultCommand";
 import { CreateFrameworkCommandInput, CreateFrameworkCommandOutput } from "./commands/CreateFrameworkCommand";
 import { CreateLegalHoldCommandInput, CreateLegalHoldCommandOutput } from "./commands/CreateLegalHoldCommand";
+import {
+  CreateLogicallyAirGappedBackupVaultCommandInput,
+  CreateLogicallyAirGappedBackupVaultCommandOutput,
+} from "./commands/CreateLogicallyAirGappedBackupVaultCommand";
 import { CreateReportPlanCommandInput, CreateReportPlanCommandOutput } from "./commands/CreateReportPlanCommand";
 import { DeleteBackupPlanCommandInput, DeleteBackupPlanCommandOutput } from "./commands/DeleteBackupPlanCommand";
 import {
@@ -167,6 +171,10 @@ import { ListBackupVaultsCommandInput, ListBackupVaultsCommandOutput } from "./c
 import { ListCopyJobsCommandInput, ListCopyJobsCommandOutput } from "./commands/ListCopyJobsCommand";
 import { ListFrameworksCommandInput, ListFrameworksCommandOutput } from "./commands/ListFrameworksCommand";
 import { ListLegalHoldsCommandInput, ListLegalHoldsCommandOutput } from "./commands/ListLegalHoldsCommand";
+import {
+  ListProtectedResourcesByBackupVaultCommandInput,
+  ListProtectedResourcesByBackupVaultCommandOutput,
+} from "./commands/ListProtectedResourcesByBackupVaultCommand";
 import {
   ListProtectedResourcesCommandInput,
   ListProtectedResourcesCommandOutput,
@@ -241,6 +249,7 @@ export type ServiceInputTypes =
   | CreateBackupVaultCommandInput
   | CreateFrameworkCommandInput
   | CreateLegalHoldCommandInput
+  | CreateLogicallyAirGappedBackupVaultCommandInput
   | CreateReportPlanCommandInput
   | DeleteBackupPlanCommandInput
   | DeleteBackupSelectionCommandInput
@@ -283,6 +292,7 @@ export type ServiceInputTypes =
   | ListCopyJobsCommandInput
   | ListFrameworksCommandInput
   | ListLegalHoldsCommandInput
+  | ListProtectedResourcesByBackupVaultCommandInput
   | ListProtectedResourcesCommandInput
   | ListRecoveryPointsByBackupVaultCommandInput
   | ListRecoveryPointsByLegalHoldCommandInput
@@ -318,6 +328,7 @@ export type ServiceOutputTypes =
   | CreateBackupVaultCommandOutput
   | CreateFrameworkCommandOutput
   | CreateLegalHoldCommandOutput
+  | CreateLogicallyAirGappedBackupVaultCommandOutput
   | CreateReportPlanCommandOutput
   | DeleteBackupPlanCommandOutput
   | DeleteBackupSelectionCommandOutput
@@ -360,6 +371,7 @@ export type ServiceOutputTypes =
   | ListCopyJobsCommandOutput
   | ListFrameworksCommandOutput
   | ListLegalHoldsCommandOutput
+  | ListProtectedResourcesByBackupVaultCommandOutput
   | ListProtectedResourcesCommandOutput
   | ListRecoveryPointsByBackupVaultCommandOutput
   | ListRecoveryPointsByLegalHoldCommandOutput

diff --git a/clients/client-backup/src/commands/CreateLogicallyAirGappedBackupVaultCommand.ts b/clients/client-backup/src/commands/CreateLogicallyAirGappedBackupVaultCommand.ts
@@ -0,0 +1,193 @@
+// smithy-typescript generated code
+import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http";
+import { Command as $Command } from "@smithy/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@smithy/types";
+
+import { BackupClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../BackupClient";
+import {
+  CreateLogicallyAirGappedBackupVaultInput,
+  CreateLogicallyAirGappedBackupVaultInputFilterSensitiveLog,
+  CreateLogicallyAirGappedBackupVaultOutput,
+} from "../models/models_0";
+import {
+  de_CreateLogicallyAirGappedBackupVaultCommand,
+  se_CreateLogicallyAirGappedBackupVaultCommand,
+} from "../protocols/Aws_restJson1";
+
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateLogicallyAirGappedBackupVaultCommand}.
+ */
+export interface CreateLogicallyAirGappedBackupVaultCommandInput extends CreateLogicallyAirGappedBackupVaultInput {}
+/**
+ * @public
+ *
+ * The output of {@link CreateLogicallyAirGappedBackupVaultCommand}.
+ */
+export interface CreateLogicallyAirGappedBackupVaultCommandOutput
+  extends CreateLogicallyAirGappedBackupVaultOutput,
+    __MetadataBearer {}
+
+/**
+ * @public
+ * <p>This request creates a logical container where backups are stored.</p>
+ *          <p>This request includes a name, optionally one or more resource tags, an encryption key,
+ *          and a request ID.</p>
+ *          <note>
+ *             <p>Do not include sensitive data, such as passport numbers, in the name of a backup
+ *          vault.</p>
+ *          </note>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { BackupClient, CreateLogicallyAirGappedBackupVaultCommand } from "@aws-sdk/client-backup"; // ES Modules import
+ * // const { BackupClient, CreateLogicallyAirGappedBackupVaultCommand } = require("@aws-sdk/client-backup"); // CommonJS import
+ * const client = new BackupClient(config);
+ * const input = { // CreateLogicallyAirGappedBackupVaultInput
+ *   BackupVaultName: "STRING_VALUE", // required
+ *   BackupVaultTags: { // Tags
+ *     "<keys>": "STRING_VALUE",
+ *   },
+ *   CreatorRequestId: "STRING_VALUE",
+ *   MinRetentionDays: Number("long"), // required
+ *   MaxRetentionDays: Number("long"), // required
+ * };
+ * const command = new CreateLogicallyAirGappedBackupVaultCommand(input);
+ * const response = await client.send(command);
+ * // { // CreateLogicallyAirGappedBackupVaultOutput
+ * //   BackupVaultName: "STRING_VALUE",
+ * //   BackupVaultArn: "STRING_VALUE",
+ * //   CreationDate: new Date("TIMESTAMP"),
+ * //   VaultState: "CREATING" || "AVAILABLE" || "FAILED",
+ * // };
+ *
+ * ```
+ *
+ * @param CreateLogicallyAirGappedBackupVaultCommandInput - {@link CreateLogicallyAirGappedBackupVaultCommandInput}
+ * @returns {@link CreateLogicallyAirGappedBackupVaultCommandOutput}
+ * @see {@link CreateLogicallyAirGappedBackupVaultCommandInput} for command's `input` shape.
+ * @see {@link CreateLogicallyAirGappedBackupVaultCommandOutput} for command's `response` shape.
+ * @see {@link BackupClientResolvedConfig | config} for BackupClient's `config` shape.
+ *
+ * @throws {@link AlreadyExistsException} (client fault)
+ *  <p>The required resource already exists.</p>
+ *
+ * @throws {@link InvalidParameterValueException} (client fault)
+ *  <p>Indicates that something is wrong with a parameter's value. For example, the value is
+ *          out of range.</p>
+ *
+ * @throws {@link InvalidRequestException} (client fault)
+ *  <p>Indicates that something is wrong with the input to the request. For example, a
+ *          parameter is of the wrong type.</p>
+ *
+ * @throws {@link LimitExceededException} (client fault)
+ *  <p>A limit in the request has been exceeded; for example, a maximum number of items allowed
+ *          in a request.</p>
+ *
+ * @throws {@link MissingParameterValueException} (client fault)
+ *  <p>Indicates that a required parameter is missing.</p>
+ *
+ * @throws {@link ServiceUnavailableException} (server fault)
+ *  <p>The request failed due to a temporary failure of the server.</p>
+ *
+ * @throws {@link BackupServiceException}
+ * <p>Base exception class for all service exceptions from Backup service.</p>
+ *
+ */
+export class CreateLogicallyAirGappedBackupVaultCommand extends $Command<
+  CreateLogicallyAirGappedBackupVaultCommandInput,
+  CreateLogicallyAirGappedBackupVaultCommandOutput,
+  BackupClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  public static getEndpointParameterInstructions(): EndpointParameterInstructions {
+    return {
+      UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
+      Endpoint: { type: "builtInParams", name: "endpoint" },
+      Region: { type: "builtInParams", name: "region" },
+      UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
+    };
+  }
+
+  /**
+   * @public
+   */
+  constructor(readonly input: CreateLogicallyAirGappedBackupVaultCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: BackupClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<CreateLogicallyAirGappedBackupVaultCommandInput, CreateLogicallyAirGappedBackupVaultCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+    this.middlewareStack.use(
+      getEndpointPlugin(configuration, CreateLogicallyAirGappedBackupVaultCommand.getEndpointParameterInstructions())
+    );
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "BackupClient";
+    const commandName = "CreateLogicallyAirGappedBackupVaultCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: CreateLogicallyAirGappedBackupVaultInputFilterSensitiveLog,
+      outputFilterSensitiveLog: (_: any) => _,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  /**
+   * @internal
+   */
+  private serialize(
+    input: CreateLogicallyAirGappedBackupVaultCommandInput,
+    context: __SerdeContext
+  ): Promise<__HttpRequest> {
+    return se_CreateLogicallyAirGappedBackupVaultCommand(input, context);
+  }
+
+  /**
+   * @internal
+   */
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<CreateLogicallyAirGappedBackupVaultCommandOutput> {
+    return de_CreateLogicallyAirGappedBackupVaultCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}
diff --git a/clients/client-backup/src/commands/DescribeBackupVaultCommand.ts b/clients/client-backup/src/commands/DescribeBackupVaultCommand.ts
@@ -45,12 +45,14 @@ export interface DescribeBackupVaultCommandOutput extends DescribeBackupVaultOut
  * const client = new BackupClient(config);
  * const input = { // DescribeBackupVaultInput
  *   BackupVaultName: "STRING_VALUE", // required
+ *   BackupVaultAccountId: "STRING_VALUE",
  * };
  * const command = new DescribeBackupVaultCommand(input);
  * const response = await client.send(command);
  * // { // DescribeBackupVaultOutput
  * //   BackupVaultName: "STRING_VALUE",
  * //   BackupVaultArn: "STRING_VALUE",
+ * //   VaultType: "BACKUP_VAULT" || "LOGICALLY_AIR_GAPPED_BACKUP_VAULT",
  * //   EncryptionKeyArn: "STRING_VALUE",
  * //   CreationDate: new Date("TIMESTAMP"),
  * //   CreatorRequestId: "STRING_VALUE",

diff --git a/clients/client-backup/src/commands/DescribeRecoveryPointCommand.ts b/clients/client-backup/src/commands/DescribeRecoveryPointCommand.ts
@@ -47,6 +47,7 @@ export interface DescribeRecoveryPointCommandOutput extends DescribeRecoveryPoin
  * const input = { // DescribeRecoveryPointInput
  *   BackupVaultName: "STRING_VALUE", // required
  *   RecoveryPointArn: "STRING_VALUE", // required
+ *   BackupVaultAccountId: "STRING_VALUE",
  * };
  * const command = new DescribeRecoveryPointCommand(input);
  * const response = await client.send(command);

diff --git a/clients/client-backup/src/commands/GetRecoveryPointRestoreMetadataCommand.ts b/clients/client-backup/src/commands/GetRecoveryPointRestoreMetadataCommand.ts
@@ -55,6 +55,7 @@ export interface GetRecoveryPointRestoreMetadataCommandOutput
  * const input = { // GetRecoveryPointRestoreMetadataInput
  *   BackupVaultName: "STRING_VALUE", // required
  *   RecoveryPointArn: "STRING_VALUE", // required
+ *   BackupVaultAccountId: "STRING_VALUE",
  * };
  * const command = new GetRecoveryPointRestoreMetadataCommand(input);
  * const response = await client.send(command);