From a0eda2510c845ecd95297a2a2cf26ad54239b2af Mon Sep 17 00:00:00 2001 From: awstools Date: Tue, 10 Sep 2024 18:26:23 +0000 Subject: [PATCH] feat(client-pipes): This release adds support for customer managed KMS keys in Amazon EventBridge Pipe --- .../src/commands/CreatePipeCommand.ts | 1 + .../src/commands/DescribePipeCommand.ts | 1 + .../src/commands/UpdatePipeCommand.ts | 1 + clients/client-pipes/src/models/models_0.ts | 70 ++++++++++--------- .../src/protocols/Aws_restJson1.ts | 3 + codegen/sdk-codegen/aws-models/pipes.json | 34 ++++++++- 6 files changed, 73 insertions(+), 37 deletions(-) diff --git a/clients/client-pipes/src/commands/CreatePipeCommand.ts b/clients/client-pipes/src/commands/CreatePipeCommand.ts index 8ac35b0e003f..f429b6f8f68f 100644 --- a/clients/client-pipes/src/commands/CreatePipeCommand.ts +++ b/clients/client-pipes/src/commands/CreatePipeCommand.ts @@ -389,6 +389,7 @@ export interface CreatePipeCommandOutput extends CreatePipeResponse, __MetadataB * "STRING_VALUE", * ], * }, + * KmsKeyIdentifier: "STRING_VALUE", * }; * const command = new CreatePipeCommand(input); * const response = await client.send(command); diff --git a/clients/client-pipes/src/commands/DescribePipeCommand.ts b/clients/client-pipes/src/commands/DescribePipeCommand.ts index 66cc50038abf..4f21ba0e473e 100644 --- a/clients/client-pipes/src/commands/DescribePipeCommand.ts +++ b/clients/client-pipes/src/commands/DescribePipeCommand.ts @@ -398,6 +398,7 @@ export interface DescribePipeCommandOutput extends DescribePipeResponse, __Metad * // "STRING_VALUE", * // ], * // }, + * // KmsKeyIdentifier: "STRING_VALUE", * // }; * * ``` diff --git a/clients/client-pipes/src/commands/UpdatePipeCommand.ts b/clients/client-pipes/src/commands/UpdatePipeCommand.ts index 062c5802492c..2d95f5be4b17 100644 --- a/clients/client-pipes/src/commands/UpdatePipeCommand.ts +++ b/clients/client-pipes/src/commands/UpdatePipeCommand.ts @@ -380,6 +380,7 @@ export interface UpdatePipeCommandOutput extends UpdatePipeResponse, __MetadataB * "STRING_VALUE", * ], * }, + * KmsKeyIdentifier: "STRING_VALUE", * }; * const command = new UpdatePipeCommand(input); * const response = await client.send(command); diff --git a/clients/client-pipes/src/models/models_0.ts b/clients/client-pipes/src/models/models_0.ts index b4cf5c95615a..adfea7c5093d 100644 --- a/clients/client-pipes/src/models/models_0.ts +++ b/clients/client-pipes/src/models/models_0.ts @@ -620,22 +620,7 @@ export interface S3LogDestinationParameters { /** *

How EventBridge should format the log records.

- * + *

EventBridge currently only supports json formatting.

* @public */ OutputFormat?: S3OutputFormat; @@ -1260,8 +1245,7 @@ export interface SelfManagedKafkaAccessConfigurationVpc { /** *

Specifies the security groups associated with the stream. These security groups must all - * be in the same VPC. You can specify as many as five security groups. If you do not specify - * a security group, the default security group for the VPC is used.

+ * be in the same VPC. You can specify as many as five security groups.

* @public */ SecurityGroup?: string[]; @@ -2736,6 +2720,18 @@ export interface CreatePipeRequest { * @public */ LogConfiguration?: PipeLogConfigurationParameters; + + /** + *

The identifier of the KMS + * customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key + * Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

+ *

If you do not specify a customer managed key identifier, EventBridge uses an + * Amazon Web Services owned key to encrypt pipe data.

+ *

For more information, see Managing keys in the Key Management Service + * Developer Guide.

+ * @public + */ + KmsKeyIdentifier?: string; } /** @@ -3109,22 +3105,7 @@ export interface S3LogDestination { /** *

The format EventBridge uses for the log records.

- * + *

EventBridge currently only supports json formatting.

* @public */ OutputFormat?: S3OutputFormat; @@ -3277,6 +3258,14 @@ export interface DescribePipeResponse { * @public */ LogConfiguration?: PipeLogConfiguration; + + /** + *

The identifier of the KMS + * customer managed key for EventBridge to use to encrypt pipe data, if one has been specified.

+ *

For more information, see Data encryption in EventBridge in the Amazon EventBridge User Guide.

+ * @public + */ + KmsKeyIdentifier?: string; } /** @@ -3899,6 +3888,19 @@ export interface UpdatePipeRequest { * @public */ LogConfiguration?: PipeLogConfigurationParameters; + + /** + *

The identifier of the KMS + * customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key + * Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

+ *

To update a pipe that is using the default Amazon Web Services owned key to use a customer managed key instead, or update a pipe that is using a customer managed key to use a + * different customer managed key, specify a customer managed key identifier.

+ *

To update a pipe that is using a customer managed key to use the default Amazon Web Services owned key, specify an empty string.

+ *

For more information, see Managing keys in the Key Management Service + * Developer Guide.

+ * @public + */ + KmsKeyIdentifier?: string; } /** diff --git a/clients/client-pipes/src/protocols/Aws_restJson1.ts b/clients/client-pipes/src/protocols/Aws_restJson1.ts index 8aa2cc98fd2f..4647d8c7e428 100644 --- a/clients/client-pipes/src/protocols/Aws_restJson1.ts +++ b/clients/client-pipes/src/protocols/Aws_restJson1.ts @@ -136,6 +136,7 @@ export const se_CreatePipeCommand = async ( DesiredState: [], Enrichment: [], EnrichmentParameters: (_) => _json(_), + KmsKeyIdentifier: [], LogConfiguration: (_) => _json(_), RoleArn: [], Source: [], @@ -318,6 +319,7 @@ export const se_UpdatePipeCommand = async ( DesiredState: [], Enrichment: [], EnrichmentParameters: (_) => _json(_), + KmsKeyIdentifier: [], LogConfiguration: (_) => _json(_), RoleArn: [], SourceParameters: (_) => _json(_), @@ -403,6 +405,7 @@ export const de_DescribePipeCommand = async ( DesiredState: __expectString, Enrichment: __expectString, EnrichmentParameters: _json, + KmsKeyIdentifier: __expectString, LastModifiedTime: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), LogConfiguration: _json, Name: __expectString, diff --git a/codegen/sdk-codegen/aws-models/pipes.json b/codegen/sdk-codegen/aws-models/pipes.json index c8f548554a1b..e65943aae6ff 100644 --- a/codegen/sdk-codegen/aws-models/pipes.json +++ b/codegen/sdk-codegen/aws-models/pipes.json @@ -547,6 +547,12 @@ "aws.cloudformation#cfnMutability": "write", "smithy.api#documentation": "

The logging configuration settings for the pipe.

" } + }, + "KmsKeyIdentifier": { + "target": "com.amazonaws.pipes#KmsKeyIdentifier", + "traits": { + "smithy.api#documentation": "

The identifier of the KMS\n customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key \n Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

\n

If you do not specify a customer managed key identifier, EventBridge uses an\n Amazon Web Services owned key to encrypt pipe data.

\n

For more information, see Managing keys in the Key Management Service\n Developer Guide.

" + } } }, "traits": { @@ -887,6 +893,12 @@ "aws.cloudformation#cfnMutability": "read", "smithy.api#documentation": "

The logging configuration settings for the pipe.

" } + }, + "KmsKeyIdentifier": { + "target": "com.amazonaws.pipes#KmsKeyIdentifier", + "traits": { + "smithy.api#documentation": "

The identifier of the KMS\n customer managed key for EventBridge to use to encrypt pipe data, if one has been specified.

\n

For more information, see Data encryption in EventBridge in the Amazon EventBridge User Guide.

" + } } }, "traits": { @@ -1563,6 +1575,16 @@ ] } }, + "com.amazonaws.pipes#KmsKeyIdentifier": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 2048 + }, + "smithy.api#pattern": "^[a-zA-Z0-9_\\-/:]*$" + } + }, "com.amazonaws.pipes#LaunchType": { "type": "string", "traits": { @@ -4383,7 +4405,7 @@ "OutputFormat": { "target": "com.amazonaws.pipes#S3OutputFormat", "traits": { - "smithy.api#documentation": "

The format EventBridge uses for the log records.

\n " + "smithy.api#documentation": "

The format EventBridge uses for the log records.

\n

EventBridge currently only supports json formatting.

" } } }, @@ -4416,7 +4438,7 @@ "OutputFormat": { "target": "com.amazonaws.pipes#S3OutputFormat", "traits": { - "smithy.api#documentation": "

How EventBridge should format the log records.

\n " + "smithy.api#documentation": "

How EventBridge should format the log records.

\n

EventBridge currently only supports json formatting.

" } }, "Prefix": { @@ -4620,7 +4642,7 @@ "SecurityGroup": { "target": "com.amazonaws.pipes#SecurityGroupIds", "traits": { - "smithy.api#documentation": "

Specifies the security groups associated with the stream. These security groups must all\n be in the same VPC. You can specify as many as five security groups. If you do not specify\n a security group, the default security group for the VPC is used.

" + "smithy.api#documentation": "

Specifies the security groups associated with the stream. These security groups must all\n be in the same VPC. You can specify as many as five security groups.

" } } }, @@ -5402,6 +5424,12 @@ "aws.cloudformation#cfnMutability": "write", "smithy.api#documentation": "

The logging configuration settings for the pipe.

" } + }, + "KmsKeyIdentifier": { + "target": "com.amazonaws.pipes#KmsKeyIdentifier", + "traits": { + "smithy.api#documentation": "

The identifier of the KMS\n customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key \n Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

\n

To update a pipe that is using the default Amazon Web Services owned key to use a customer managed key instead, or update a pipe that is using a customer managed key to use a\n different customer managed key, specify a customer managed key identifier.

\n

To update a pipe that is using a customer managed key to use the default Amazon Web Services owned key, specify an empty string.

\n

For more information, see Managing keys in the Key Management Service\n Developer Guide.

" + } } }, "traits": {