A list of resources for the access permissions. Any strings that can be used as a resource in an IAM policy can be used in the list of resources to check.
" + "documentation":"A list of resources for the access permissions. Any strings that can be used as an Amazon Resource Name (ARN) in an IAM policy can be used in the list of resources to check. You can only use a wildcard in the portion of the ARN that specifies the resource ID.
" } }, "documentation":"Contains information about actions and resources that define permissions to check against a policy.
" @@ -830,6 +831,10 @@ "sources":{ "shape":"FindingSourceList", "documentation":"The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
" + }, + "resourceControlPolicyRestriction":{ + "shape":"ResourceControlPolicyRestriction", + "documentation":"The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).
" } }, "documentation":"An access preview finding generated by the access preview.
" @@ -1197,11 +1202,11 @@ }, "access":{ "shape":"CheckAccessNotGrantedRequestAccessList", - "documentation":"An access object containing the permissions that shouldn't be granted by the specified policy. If only actions are specified, IAM Access Analyzer checks for access of the actions on all resources in the policy. If only resources are specified, then IAM Access Analyzer checks which actions have access to the specified resources. If both actions and resources are specified, then IAM Access Analyzer checks which of the specified actions have access to the specified resources.
" + "documentation":"An access object containing the permissions that shouldn't be granted by the specified policy. If only actions are specified, IAM Access Analyzer checks for access to peform at least one of the actions on any resource in the policy. If only resources are specified, then IAM Access Analyzer checks for access to perform any action on at least one of the resources. If both actions and resources are specified, IAM Access Analyzer checks for access to perform at least one of the specified actions on at least one of the specified resources.
" }, "policyType":{ "shape":"AccessCheckPolicyType", - "documentation":"The type of policy. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
" + "documentation":"The type of policy. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets.
" } } }, @@ -1749,6 +1754,10 @@ "sources":{ "shape":"FindingSourceList", "documentation":"The sources of the external access finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
" + }, + "resourceControlPolicyRestriction":{ + "shape":"ResourceControlPolicyRestriction", + "documentation":"The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).
" } }, "documentation":"Contains information about an external access finding.
" @@ -1826,6 +1835,10 @@ "sources":{ "shape":"FindingSourceList", "documentation":"The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
" + }, + "resourceControlPolicyRestriction":{ + "shape":"ResourceControlPolicyRestriction", + "documentation":"The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).
" } }, "documentation":"Contains information about a finding.
" @@ -1999,6 +2012,10 @@ "sources":{ "shape":"FindingSourceList", "documentation":"The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
" + }, + "resourceControlPolicyRestriction":{ + "shape":"ResourceControlPolicyRestriction", + "documentation":"The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).
" } }, "documentation":"Contains information about a finding.
" @@ -3256,7 +3273,8 @@ "enum":[ "IDENTITY_POLICY", "RESOURCE_POLICY", - "SERVICE_CONTROL_POLICY" + "SERVICE_CONTROL_POLICY", + "RESOURCE_CONTROL_POLICY" ] }, "Position":{ @@ -3453,6 +3471,14 @@ "type":"string", "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:.*" }, + "ResourceControlPolicyRestriction":{ + "type":"string", + "enum":[ + "APPLICABLE", + "FAILED_TO_EVALUATE_RCP", + "NOT_APPLICABLE" + ] + }, "ResourceNotFoundException":{ "type":"structure", "required":[ diff --git a/botocore/data/application-signals/2024-04-15/service-2.json b/botocore/data/application-signals/2024-04-15/service-2.json index 1d944fe2a1..e23bc3d426 100644 --- a/botocore/data/application-signals/2024-04-15/service-2.json +++ b/botocore/data/application-signals/2024-04-15/service-2.json @@ -342,6 +342,29 @@ "type":"integer", "box":true }, + "BurnRateConfiguration":{ + "type":"structure", + "required":["LookBackWindowMinutes"], + "members":{ + "LookBackWindowMinutes":{ + "shape":"BurnRateLookBackWindowMinutes", + "documentation":"The number of minutes to use as the look-back window.
" + } + }, + "documentation":"This object defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly.
For example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following:
burn rate = error rate over the look-back window / (1 - attainment goal percentage)
For more information about burn rates, see Calculate burn rates.
" + }, + "BurnRateConfigurations":{ + "type":"list", + "member":{"shape":"BurnRateConfiguration"}, + "max":10, + "min":0 + }, + "BurnRateLookBackWindowMinutes":{ + "type":"integer", + "box":true, + "max":10080, + "min":1 + }, "CalendarInterval":{ "type":"structure", "required":[ @@ -410,6 +433,10 @@ "Tags":{ "shape":"TagList", "documentation":"A list of key-value pairs to associate with the SLO. You can associate as many as 50 tags with an SLO. To be able to associate tags with the SLO when you create the SLO, you must have the cloudwatch:TagResource permission.
Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.
" + }, + "BurnRateConfigurations":{ + "shape":"BurnRateConfigurations", + "documentation":"Use this array to create burn rates for this SLO. Each burn rate is a metric that indicates how fast the service is consuming the error budget, relative to the attainment goal of the SLO.
" } } }, @@ -1535,7 +1562,11 @@ "shape":"EvaluationType", "documentation":"Displays whether this is a period-based SLO or a request-based SLO.
" }, - "Goal":{"shape":"Goal"} + "Goal":{"shape":"Goal"}, + "BurnRateConfigurations":{ + "shape":"BurnRateConfigurations", + "documentation":"Each object in this array defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO.
" + } }, "documentation":"A structure containing information about one service level objective (SLO) that has been created in Application Signals. Creating SLOs can help you ensure your services are performing to the level that you expect. SLOs help you set and track a specific target level for the reliability and availability of your applications and services. Each SLO uses a service level indicator (SLI), which is a key performance metric, to calculate how much underperformance can be tolerated before the goal that you set for the SLO is not achieved.
" }, @@ -1940,6 +1971,10 @@ "Goal":{ "shape":"Goal", "documentation":"A structure that contains the attributes that determine the goal of the SLO. This includes the time period for evaluation and the attainment threshold.
" + }, + "BurnRateConfigurations":{ + "shape":"BurnRateConfigurations", + "documentation":"Use this array to create burn rates for this SLO. Each burn rate is a metric that indicates how fast the service is consuming the error budget, relative to the attainment goal of the SLO.
" } } }, diff --git a/botocore/data/b2bi/2022-06-23/service-2.json b/botocore/data/b2bi/2022-06-23/service-2.json index 9b4e349d7f..16aa860abe 100644 --- a/botocore/data/b2bi/2022-06-23/service-2.json +++ b/botocore/data/b2bi/2022-06-23/service-2.json @@ -184,6 +184,23 @@ "documentation":"Deletes the specified transformer. A transformer can take an EDI file as input and transform it into a JSON-or XML-formatted document. Alternatively, a transformer can take a JSON-or XML-formatted document as input and transform it into an EDI file.
", "idempotent":true }, + "GenerateMapping":{ + "name":"GenerateMapping", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GenerateMappingRequest"}, + "output":{"shape":"GenerateMappingResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Takes sample input and output documents and uses Amazon Bedrock to generate a mapping automatically. Depending on the accuracy and other factors, you can then edit the mapping for your needs.
Before you can use the AI-assisted feature for Amazon Web Services B2B Data Interchange you must enable models in Amazon Bedrock. For details, see AI-assisted template mapping prerequisites in the Amazon Web Services B2B Data Interchange User guide.
Provide the contents of a sample X12 EDI file (for inbound EDI) or JSON/XML file (for outbound EDI) to use as a starting point for the mapping.
" + }, + "outputFileContent":{ + "shape":"GenerateMappingOutputFileContent", + "documentation":"Provide the contents of a sample X12 EDI file (for outbound EDI) or JSON/XML file (for inbound EDI) to use as a target for the mapping.
" + }, + "mappingType":{ + "shape":"MappingType", + "documentation":"Specify the mapping type: either JSONATA or XSLT.
Returns a mapping template based on your inputs.
" + }, + "mappingAccuracy":{ + "shape":"GenerateMappingResponseMappingAccuracyFloat", + "documentation":"Returns a percentage that estimates the accuracy of the generated mapping.
" + } + } + }, + "GenerateMappingResponseMappingAccuracyFloat":{ + "type":"float", + "box":true, + "max":1.0, + "min":0.0 + }, "GetCapabilityRequest":{ "type":"structure", "required":["capabilityId"], @@ -2646,7 +2715,7 @@ }, "status":{ "shape":"TransformerStatus", - "documentation":"Specifies the transformer's status. You can update the state of the transformer, from active to inactive, or inactive to active.
Specifies the transformer's status. You can update the state of the transformer from inactive to active.
Lists the billing views available for a given time period.
Every Amazon Web Services account has a unique PRIMARY billing view that represents the billing data available by default. Accounts that use Billing Conductor also have BILLING_GROUP billing views representing pro forma costs associated with each created billing group.
You don't have sufficient access to perform this action.
", + "exception":true + }, + "AccountId":{ + "type":"string", + "pattern":"[0-9]{12}" + }, + "ActiveTimeRange":{ + "type":"structure", + "required":[ + "activeAfterInclusive", + "activeBeforeInclusive" + ], + "members":{ + "activeAfterInclusive":{ + "shape":"Timestamp", + "documentation":"The inclusive time range start date.
" + }, + "activeBeforeInclusive":{ + "shape":"Timestamp", + "documentation":"The inclusive time range end date.
" + } + }, + "documentation":"A time range with a start and end time.
" + }, + "BillingViewArn":{ + "type":"string", + "pattern":"arn:aws[a-z-]*:(billing)::[0-9]{12}:billingview/[a-zA-Z0-9_\\+=\\.\\-@]{1,43}" + }, + "BillingViewList":{ + "type":"list", + "member":{"shape":"BillingViewListElement"} + }, + "BillingViewListElement":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"BillingViewArn", + "documentation":"The Amazon Resource Name (ARN) that can be used to uniquely identify the billing view.
" + }, + "name":{ + "shape":"BillingViewName", + "documentation":"A list of names of the Billing view.
" + }, + "ownerAccountId":{ + "shape":"AccountId", + "documentation":"The list of owners of the Billing view.
" + }, + "billingViewType":{ + "shape":"BillingViewType", + "documentation":"The type of billing view.
" + } + }, + "documentation":"A representation of a billing view.
" + }, + "BillingViewName":{ + "type":"string", + "pattern":"[ a-zA-Z0-9_\\+=\\.\\-@]+", + "sensitive":true + }, + "BillingViewType":{ + "type":"string", + "enum":[ + "PRIMARY", + "BILLING_GROUP" + ] + }, + "BillingViewsMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ErrorMessage":{ + "type":"string", + "max":1024, + "min":0 + }, + "FieldName":{ + "type":"string", + "max":100, + "min":0 + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"The request processing failed because of an unknown error, exception, or failure.
", + "exception":true, + "fault":true + }, + "ListBillingViewsRequest":{ + "type":"structure", + "required":["activeTimeRange"], + "members":{ + "activeTimeRange":{ + "shape":"ActiveTimeRange", + "documentation":" The time range for the billing views listed. PRIMARY billing view is always listed. BILLING_GROUP billing views are listed for time ranges when the associated billing group resource in Billing Conductor is active. The time range must be within one calendar month.
The maximum number of billing views to retrieve. Default is 100.
" + }, + "nextToken":{ + "shape":"PageToken", + "documentation":"The pagination token that is used on subsequent calls to list billing views.
" + } + } + }, + "ListBillingViewsResponse":{ + "type":"structure", + "required":["billingViews"], + "members":{ + "billingViews":{ + "shape":"BillingViewList", + "documentation":"A list of BillingViewListElement retrieved.
The pagination token to use on subsequent calls to list billing views.
" + } + } + }, + "PageToken":{ + "type":"string", + "max":2047, + "min":1 + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"The request was denied due to request throttling.
", + "exception":true + }, + "Timestamp":{"type":"timestamp"}, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{"shape":"ErrorMessage"}, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
" + } + }, + "documentation":"The input fails to satisfy the constraints specified by an Amazon Web Services service.
", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"FieldName", + "documentation":"The name of the field.
" + }, + "message":{ + "shape":"ErrorMessage", + "documentation":"The message describing why the field failed validation.
" + } + }, + "documentation":"The field's information of a request that resulted in an exception.
" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "unknownOperation", + "cannotParse", + "fieldValidationFailed", + "other" + ] + } + }, + "documentation":"You can use the Billing API to programatically list the billing views available to you for a given time period. A billing view represents a set of billing data.
The Billing API provides the following endpoint:
https://billing.us-east-1.api.aws
Enables Lake query federation on the specified event data store. Federating an event data store lets you view the metadata associated with the event data store in the Glue Data Catalog and run SQL queries against your event data using Amazon Athena. The table metadata stored in the Glue Data Catalog lets the Athena query engine know how to find, read, and process the data that you want to query.
When you enable Lake query federation, CloudTrail creates a managed database named aws:cloudtrail (if the database doesn't already exist) and a managed federated table in the Glue Data Catalog. The event data store ID is used for the table name. CloudTrail registers the role ARN and event data store in Lake Formation, the service responsible for allowing fine-grained access control of the federated resources in the Glue Data Catalog.
For more information about Lake query federation, see Federate an event data store.
" }, + "GenerateQuery":{ + "name":"GenerateQuery", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GenerateQueryRequest"}, + "output":{"shape":"GenerateQueryResponse"}, + "errors":[ + {"shape":"EventDataStoreARNInvalidException"}, + {"shape":"EventDataStoreNotFoundException"}, + {"shape":"InactiveEventDataStoreException"}, + {"shape":"InvalidParameterException"}, + {"shape":"GenerateResponseException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"NoManagementAccountSLRExistsException"} + ], + "documentation":"Generates a query from a natural language prompt. This operation uses generative artificial intelligence (generative AI) to produce a ready-to-use SQL query from the prompt.
The prompt can be a question or a statement about the event data in your event data store. For example, you can enter prompts like \"What are my top errors in the past month?\" and “Give me a list of users that used SNS.”
The prompt must be in English. For information about limitations, permissions, and supported Regions, see Create CloudTrail Lake queries from natural language prompts in the CloudTrail user guide.
Do not include any personally identifying, confidential, or sensitive information in your prompts.
This feature uses generative AI large language models (LLMs); we recommend double-checking the LLM response.
Removes the specified tags from a trail, event data store, or channel.
", "idempotent":true @@ -1220,7 +1242,7 @@ "documentation":"Contains all selector statements in an advanced event selector.
" } }, - "documentation":"Advanced event selectors let you create fine-grained selectors for CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the Logging data events, Logging network activity events, and Logging management events topics in the CloudTrail User Guide.
You cannot apply both event selectors and advanced event selectors to a trail.
Supported CloudTrail event record fields for management events
eventCategory (required)
eventSource
readOnly
Supported CloudTrail event record fields for data events
eventCategory (required)
resources.type (required)
readOnly
eventName
resources.ARN
Supported CloudTrail event record fields for network activity events
Network activity events is in preview release for CloudTrail and is subject to change.
eventCategory (required)
eventSource (required)
eventName
errorCode - The only valid value for errorCode is VpceAccessDenied.
vpcEndpointId
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is eventCategory.
Advanced event selectors let you create fine-grained selectors for CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the Logging data events, Logging network activity events, and Logging management events topics in the CloudTrail User Guide.
You cannot apply both event selectors and advanced event selectors to a trail.
Supported CloudTrail event record fields for management events
eventCategory (required)
eventSource
readOnly
The following additional fields are available for event data stores:
eventName
eventType
sessionCredentialFromConsole
userIdentity.arn
Supported CloudTrail event record fields for data events
eventCategory (required)
resources.type (required)
readOnly
eventName
resources.ARN
The following additional fields are available for event data stores:
eventSource
eventType
sessionCredentialFromConsole
userIdentity.arn
Supported CloudTrail event record fields for network activity events
Network activity events is in preview release for CloudTrail and is subject to change.
eventCategory (required)
eventSource (required)
eventName
errorCode - The only valid value for errorCode is VpceAccessDenied.
vpcEndpointId
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is eventCategory.
A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for selecting events as filtering is not supported.
For CloudTrail management events, supported fields include eventCategory (required), eventSource, and readOnly.
For CloudTrail data events, supported fields include eventCategory (required), resources.type (required), eventName, readOnly, and resources.ARN.
For CloudTrail network activity events, supported fields include eventCategory (required), eventSource (required), eventName, errorCode, and vpcEndpointId.
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is eventCategory.
readOnly - This is an optional field that is only used for management events and data events. This field can be set to Equals with a value of true or false. If you do not add this field, CloudTrail logs both read and write events. A value of true logs only read events. A value of false logs only write events.
eventSource - This field is only used for management events and network activity events.
For management events, this is an optional field that can be set to NotEquals kms.amazonaws.com to exclude KMS management events, or NotEquals rdsdata.amazonaws.com to exclude RDS management events.
For network activity events, this is a required field that only uses the Equals operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source.
The following are valid values for network activity events:
cloudtrail.amazonaws.com
ec2.amazonaws.com
kms.amazonaws.com
secretsmanager.amazonaws.com
eventName - This is an optional field that is only used for data events and network activity events. You can use any operator with eventName. You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas.
eventCategory - This field is required and must be set to Equals.
For CloudTrail management events, the value must be Management.
For CloudTrail data events, the value must be Data.
For CloudTrail network activity events, the value must be NetworkActivity.
The following are used only for event data stores:
For CloudTrail Insights events, the value must be Insight.
For Config configuration items, the value must be ConfigurationItem.
For Audit Manager evidence, the value must be Evidence.
For non-Amazon Web Services events, the value must be ActivityAuditLog.
errorCode - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid errorCode is VpceAccessDenied. errorCode can only use the Equals operator.
resources.type - This field is required for CloudTrail data events. resources.type can only use the Equals operator.
The value can be one of the following:
AWS::AppConfig::Configuration
AWS::B2BI::Transformer
AWS::Bedrock::AgentAlias
AWS::Bedrock::FlowAlias
AWS::Bedrock::Guardrail
AWS::Bedrock::KnowledgeBase
AWS::Cassandra::Table
AWS::CloudFront::KeyValueStore
AWS::CloudTrail::Channel
AWS::CloudWatch::Metric
AWS::CodeWhisperer::Customization
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::DynamoDB::Table
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GreengrassV2::ComponentVersion
AWS::GreengrassV2::Deployment
AWS::GuardDuty::Detector
AWS::IoT::Certificate
AWS::IoT::Thing
AWS::IoTSiteWise::Asset
AWS::IoTSiteWise::TimeSeries
AWS::IoTTwinMaker::Entity
AWS::IoTTwinMaker::Workspace
AWS::KendraRanking::ExecutionPlan
AWS::Kinesis::Stream
AWS::Kinesis::StreamConsumer
AWS::KinesisVideo::Stream
AWS::Lambda::Function
AWS::MachineLearning::MlModel
AWS::ManagedBlockchain::Network
AWS::ManagedBlockchain::Node
AWS::MedicalImaging::Datastore
AWS::NeptuneGraph::Graph
AWS::One::UKey
AWS::One::User
AWS::PaymentCryptography::Alias
AWS::PaymentCryptography::Key
AWS::PCAConnectorAD::Connector
AWS::PCAConnectorSCEP::Connector
AWS::QApps:QApp
AWS::QBusiness::Application
AWS::QBusiness::DataSource
AWS::QBusiness::Index
AWS::QBusiness::WebExperience
AWS::RDS::DBCluster
AWS::RUM::AppMonitor
AWS::S3::AccessPoint
AWS::S3::Object
AWS::S3Express::Object
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
AWS::SageMaker::Endpoint
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::ServiceDiscovery::Namespace
AWS::ServiceDiscovery::Service
AWS::SCN::Instance
AWS::SNS::PlatformEndpoint
AWS::SNS::Topic
AWS::SQS::Queue
AWS::SSM::ManagedNode
AWS::SSMMessages::ControlChannel
AWS::StepFunctions::StateMachine
AWS::SWF::Domain
AWS::ThinClient::Device
AWS::ThinClient::Environment
AWS::Timestream::Database
AWS::Timestream::Table
AWS::VerifiedPermissions::PolicyStore
AWS::XRay::Trace
You can have only one resources.type field per selector. To log events on more than one resource type, add another selector.
resources.ARN - The resources.ARN is an optional field for data events. You can use any operator with resources.ARN, but if you use Equals or NotEquals, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the matching value.
For information about filtering data events on the resources.ARN field, see Filtering data events by resources.ARN in the CloudTrail User Guide.
You can't use the resources.ARN field to filter resource types that do not have ARNs.
vpcEndpointId - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with vpcEndpointId.
A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for selecting events as filtering is not supported.
For CloudTrail management events, supported fields include eventCategory (required), eventSource, and readOnly. The following additional fields are available for event data stores: eventName, eventType, sessionCredentialFromConsole, and userIdentity.arn.
For CloudTrail data events, supported fields include eventCategory (required), resources.type (required), eventName, readOnly, and resources.ARN. The following additional fields are available for event data stores: eventSource, eventType, sessionCredentialFromConsole, and userIdentity.arn.
For CloudTrail network activity events, supported fields include eventCategory (required), eventSource (required), eventName, errorCode, and vpcEndpointId.
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is eventCategory.
readOnly - This is an optional field that is only used for management events and data events. This field can be set to Equals with a value of true or false. If you do not add this field, CloudTrail logs both read and write events. A value of true logs only read events. A value of false logs only write events.
eventSource - This field is only used for management events, data events (for event data stores only), and network activity events.
For management events for trails, this is an optional field that can be set to NotEquals kms.amazonaws.com to exclude KMS management events, or NotEquals rdsdata.amazonaws.com to exclude RDS management events.
For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator.
For network activity events, this is a required field that only uses the Equals operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source.
The following are valid values for network activity events:
cloudtrail.amazonaws.com
ec2.amazonaws.com
kms.amazonaws.com
secretsmanager.amazonaws.com
eventName - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with eventName. You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas.
eventCategory - This field is required and must be set to Equals.
For CloudTrail management events, the value must be Management.
For CloudTrail data events, the value must be Data.
For CloudTrail network activity events, the value must be NetworkActivity.
The following are used only for event data stores:
For CloudTrail Insights events, the value must be Insight.
For Config configuration items, the value must be ConfigurationItem.
For Audit Manager evidence, the value must be Evidence.
For events outside of Amazon Web Services, the value must be ActivityAuditLog.
eventType - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see CloudTrail record contents in the CloudTrail user guide.
errorCode - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid errorCode is VpceAccessDenied. errorCode can only use the Equals operator.
sessionCredentialFromConsole - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an Amazon Web Services Management Console session. sessionCredentialFromConsole can only use the Equals and NotEquals operators.
resources.type - This field is required for CloudTrail data events. resources.type can only use the Equals operator.
For a list of available resource types for data events, see Data events in the CloudTrail User Guide.
You can have only one resources.type field per selector. To log events on more than one resource type, add another selector.
resources.ARN - The resources.ARN is an optional field for data events. You can use any operator with resources.ARN, but if you use Equals or NotEquals, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the matching value.
For information about filtering data events on the resources.ARN field, see Filtering data events by resources.ARN in the CloudTrail User Guide.
You can't use the resources.ARN field to filter resource types that do not have ARNs.
userIdentity.arn - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with userIdentity.arn. For more information on the userIdentity element, see CloudTrail userIdentity element in the CloudTrail User Guide.
vpcEndpointId - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with vpcEndpointId.
The resource type in which you want to log data events. You can specify the following basic event selector resource types:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
Additional resource types are available through advanced event selectors. For more information about these additional resource types, see AdvancedFieldSelector.
" + "documentation":"The resource type in which you want to log data events. You can specify the following basic event selector resource types:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
Additional resource types are available through advanced event selectors. For more information, see AdvancedEventSelector.
" }, "Values":{ "shape":"DataResourceValues", @@ -1855,6 +1877,10 @@ "DeliveryStatus":{ "shape":"DeliveryStatus", "documentation":"The delivery status.
" + }, + "Prompt":{ + "shape":"Prompt", + "documentation":"The prompt used for a generated query. For information about generated queries, see Create CloudTrail Lake queries from natural language prompts in the CloudTrail user guide.
" } } }, @@ -2130,6 +2156,12 @@ "min":1, "pattern":"^[a-zA-Z0-9._/\\-:]+$" }, + "EventDataStoreList":{ + "type":"list", + "member":{"shape":"EventDataStoreArn"}, + "max":1, + "min":1 + }, "EventDataStoreMaxLimitExceededException":{ "type":"structure", "members":{ @@ -2231,6 +2263,43 @@ "DISABLED" ] }, + "GenerateQueryRequest":{ + "type":"structure", + "required":[ + "EventDataStores", + "Prompt" + ], + "members":{ + "EventDataStores":{ + "shape":"EventDataStoreList", + "documentation":"The ARN (or ID suffix of the ARN) of the event data store that you want to query. You can only specify one event data store.
" + }, + "Prompt":{ + "shape":"Prompt", + "documentation":"The prompt that you want to use to generate the query. The prompt must be in English. For example prompts, see Example prompts in the CloudTrail user guide.
" + } + } + }, + "GenerateQueryResponse":{ + "type":"structure", + "members":{ + "QueryStatement":{ + "shape":"QueryStatement", + "documentation":"The SQL query statement generated from the prompt.
" + }, + "QueryAlias":{ + "shape":"QueryAlias", + "documentation":" An alias that identifies the prompt. When you run the StartQuery operation, you can pass in either the QueryAlias or QueryStatement parameter.
This exception is thrown when a valid query could not be generated for the provided prompt.
", + "exception":true + }, "GetChannelRequest":{ "type":"structure", "required":["Channel"], @@ -3646,6 +3715,12 @@ "min":0, "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*" }, + "Prompt":{ + "type":"string", + "max":500, + "min":3, + "pattern":"^[ -~\\n]*$" + }, "PublicKey":{ "type":"structure", "members":{ diff --git a/botocore/data/dynamodb/2012-08-10/service-2.json b/botocore/data/dynamodb/2012-08-10/service-2.json index e3511f9b90..a203f64e48 100644 --- a/botocore/data/dynamodb/2012-08-10/service-2.json +++ b/botocore/data/dynamodb/2012-08-10/service-2.json @@ -1977,6 +1977,10 @@ "OnDemandThroughput":{ "shape":"OnDemandThroughput", "documentation":"The maximum number of read and write units for the global secondary index being created. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Represents the warm throughput value (in read units per second and write units per second) when creating a secondary index.
" } }, "documentation":"Represents a new global secondary index to be added to an existing table.
" @@ -2105,6 +2109,10 @@ "shape":"DeletionProtectionEnabled", "documentation":"Indicates whether deletion protection is to be enabled (true) or disabled (false) on the table.
" }, + "WarmThroughput":{ + "shape":"WarmThroughput", + "documentation":"Represents the warm throughput (in read units per second and write units per second) for creating a table.
" + }, "ResourcePolicy":{ "shape":"ResourcePolicy", "documentation":"An Amazon Web Services resource-based policy document in JSON format that will be attached to the table.
When you attach a resource-based policy while creating a table, the policy application is strongly consistent.
The maximum size supported for a resource-based policy document is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit. For a full list of all considerations that apply for resource-based policies, see Resource-based policy considerations.
You need to specify the CreateTable and PutResourcePolicy IAM actions for authorizing a user to create a table with a resource-based policy.
The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Represents the warm throughput value (in read units per second and write units per second) for the specified secondary index. If you use this parameter, you must specify ReadUnitsPerSecond, WriteUnitsPerSecond, or both.
Represents the properties of a global secondary index.
" @@ -3276,6 +3288,10 @@ "OnDemandThroughput":{ "shape":"OnDemandThroughput", "documentation":"The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Represents the warm throughput value (in read units per second and write units per second) for the specified secondary index.
" } }, "documentation":"Represents the properties of a global secondary index.
" @@ -3333,6 +3349,24 @@ "type":"list", "member":{"shape":"GlobalSecondaryIndexUpdate"} }, + "GlobalSecondaryIndexWarmThroughputDescription":{ + "type":"structure", + "members":{ + "ReadUnitsPerSecond":{ + "shape":"PositiveLongObject", + "documentation":"Represents warm throughput read units per second value for a global secondary index.
" + }, + "WriteUnitsPerSecond":{ + "shape":"PositiveLongObject", + "documentation":"Represents warm throughput write units per second value for a global secondary index.
" + }, + "Status":{ + "shape":"IndexStatus", + "documentation":"Represents the warm throughput status being created or updated on a global secondary index. The status can only be UPDATING or ACTIVE.
The description of the warm throughput value on a global secondary index.
" + }, "GlobalSecondaryIndexes":{ "type":"list", "member":{"shape":"GlobalSecondaryIndexInfo"} @@ -4908,6 +4942,10 @@ "shape":"OnDemandThroughputOverride", "documentation":"Overrides the maximum on-demand throughput settings for the specified replica table.
" }, + "WarmThroughput":{ + "shape":"TableWarmThroughputDescription", + "documentation":"Represents the warm throughput value for this replica.
" + }, "GlobalSecondaryIndexes":{ "shape":"ReplicaGlobalSecondaryIndexDescriptionList", "documentation":"Replica-specific global secondary index settings.
" @@ -4992,6 +5030,10 @@ "OnDemandThroughputOverride":{ "shape":"OnDemandThroughputOverride", "documentation":"Overrides the maximum on-demand throughput for the specified global secondary index in the specified replica table.
" + }, + "WarmThroughput":{ + "shape":"GlobalSecondaryIndexWarmThroughputDescription", + "documentation":"Represents the warm throughput of the global secondary index for this replica.
" } }, "documentation":"Represents the properties of a replica global secondary index.
" @@ -5933,6 +5975,10 @@ "OnDemandThroughput":{ "shape":"OnDemandThroughput", "documentation":"The maximum number of read and write units for the specified on-demand table. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Describes the warm throughput value of the base table.
" } }, "documentation":"Represents the properties of a table.
" @@ -5979,6 +6025,24 @@ "ARCHIVED" ] }, + "TableWarmThroughputDescription":{ + "type":"structure", + "members":{ + "ReadUnitsPerSecond":{ + "shape":"PositiveLongObject", + "documentation":"Represents the base table's warm throughput value in read units per second.
" + }, + "WriteUnitsPerSecond":{ + "shape":"PositiveLongObject", + "documentation":"Represents the base table's warm throughput value in write units per second.
" + }, + "Status":{ + "shape":"TableStatus", + "documentation":"Represents warm throughput value of the base table..
" + } + }, + "documentation":"Represents the warm throughput value (in read units per second and write units per second) of the base table.
" + }, "Tag":{ "type":"structure", "required":[ @@ -6350,6 +6414,10 @@ "OnDemandThroughput":{ "shape":"OnDemandThroughput", "documentation":"Updates the maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Represents the warm throughput value of the new provisioned throughput settings to be applied to a global secondary index.
" } }, "documentation":"Represents the new provisioned throughput settings to be applied to a global secondary index.
" @@ -6630,6 +6698,10 @@ "OnDemandThroughput":{ "shape":"OnDemandThroughput", "documentation":"Updates the maximum number of read and write units for the specified table in on-demand capacity mode. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Represents the warm throughput (in read units per second and write units per second) for updating a table.
" } }, "documentation":"Represents the input of an UpdateTable operation.
Represents the number of read operations your base table can instantaneously support.
" + }, + "WriteUnitsPerSecond":{ + "shape":"LongObject", + "documentation":"Represents the number of write operations your base table can instantaneously support.
" + } + }, + "documentation":"Provides visibility into the number of read and write operations your table or secondary index can instantaneously support. The settings can be modified using the UpdateTable operation to meet the throughput requirements of an upcoming peak event.
Create a new Capacity Reservation by splitting the available capacity of the source Capacity Reservation. The new Capacity Reservation will have the same attributes as the source Capacity Reservation except for tags. The source Capacity Reservation must be active and owned by your Amazon Web Services account.
Create a new Capacity Reservation by splitting the capacity of the source Capacity Reservation. The new Capacity Reservation will have the same attributes as the source Capacity Reservation except for tags. The source Capacity Reservation must be active and owned by your Amazon Web Services account.
Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.
The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.
You can have up to 5,000 key pairs per Amazon Web Services Region.
For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.
The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.
You can have up to 5,000 key pairs per Amazon Web Services Region.
For more information, see Amazon EC2 key pairs in the Amazon EC2 User Guide.
" }, "CreateLaunchTemplate":{ "name":"CreateLaunchTemplate", @@ -1077,7 +1077,7 @@ }, "input":{"shape":"CreateSecurityGroupRequest"}, "output":{"shape":"CreateSecurityGroupResult"}, - "documentation":"Creates a security group.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.
When you create a security group, you specify a friendly name of your choice. You can't have two security groups for the same VPC with the same name.
You have a default security group for use in your VPC. If you don't specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.
You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.
For more information about VPC security group limits, see Amazon VPC Limits.
" + "documentation":"Creates a security group.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon EC2 User Guide and Security groups for your VPC in the Amazon VPC User Guide.
When you create a security group, you specify a friendly name of your choice. You can't have two security groups for the same VPC with the same name.
You have a default security group for use in your VPC. If you don't specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.
You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.
For more information about VPC security group limits, see Amazon VPC Limits.
" }, "CreateSnapshot":{ "name":"CreateSnapshot", @@ -2905,7 +2905,7 @@ }, "input":{"shape":"DescribeKeyPairsRequest"}, "output":{"shape":"DescribeKeyPairsResult"}, - "documentation":"Describes the specified key pairs or all of your key pairs.
For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"Describes the specified key pairs or all of your key pairs.
For more information about key pairs, see Amazon EC2 key pairs in the Amazon EC2 User Guide.
" }, "DescribeLaunchTemplateVersions":{ "name":"DescribeLaunchTemplateVersions", @@ -4917,7 +4917,7 @@ }, "input":{"shape":"ImportKeyPairRequest"}, "output":{"shape":"ImportKeyPairResult"}, - "documentation":"Imports the public key from an RSA or ED25519 key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.
For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"Imports the public key from an RSA or ED25519 key pair that you created using a third-party tool. You give Amazon Web Services only the public key. The private key is never transferred between you and Amazon Web Services.
For more information about the requirements for importing a key pair, see Create a key pair and import the public key to Amazon EC2 in the Amazon EC2 User Guide.
" }, "ImportSnapshot":{ "name":"ImportSnapshot", @@ -12456,7 +12456,7 @@ }, "SourceCapacityReservationId":{ "shape":"CapacityReservationId", - "documentation":"The ID of the Capacity Reservation from which you want to split the available capacity.
" + "documentation":"The ID of the Capacity Reservation from which you want to split the capacity.
" }, "InstanceCount":{ "shape":"Integer", @@ -21261,7 +21261,7 @@ }, "Owners":{ "shape":"OwnerStringList", - "documentation":"Scopes the results to images with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, amazon, and aws-marketplace. If you omit this parameter, the results include all images for which you have launch permissions, regardless of ownership.
Scopes the results to images with the specified owners. You can specify a combination of Amazon Web Services account IDs, self, amazon, aws-backup-vault, and aws-marketplace. If you omit this parameter, the results include all images for which you have launch permissions, regardless of ownership.
The filters.
architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac | arm64_mac).
block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.
block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.
block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).
block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.
creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.
description - The description of the image (provided during image creation).
ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.
hypervisor - The hypervisor type (ovm | xen).
image-id - The ID of the image.
image-type - The image type (machine | kernel | ramdisk).
is-public - A Boolean that indicates whether the image is public.
kernel-id - The kernel ID.
manifest-location - The location of the image manifest.
name - The name of the AMI (provided during image creation).
owner-alias - The owner alias (amazon | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.
owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.
platform - The platform. The only supported value is windows.
product-code - The product code.
product-code.type - The type of the product code (marketplace).
ramdisk-id - The RAM disk ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-instance-id - The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This filter is applicable only if the AMI was created using CreateImage.
state - The state of the image (available | pending | failed).
state-reason-code - The reason code for the state change.
state-reason-message - The message for the state change.
sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
virtualization-type - The virtualization type (paravirtual | hvm).
The filters.
architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac | arm64_mac).
block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.
block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.
block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).
block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.
creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.
description - The description of the image (provided during image creation).
ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.
hypervisor - The hypervisor type (ovm | xen).
image-id - The ID of the image.
image-type - The image type (machine | kernel | ramdisk).
is-public - A Boolean that indicates whether the image is public.
kernel-id - The kernel ID.
manifest-location - The location of the image manifest.
name - The name of the AMI (provided during image creation).
owner-alias - The owner alias (amazon | aws-backup-vault | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.
owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.
platform - The platform. The only supported value is windows.
product-code - The product code.
product-code.type - The type of the product code (marketplace).
ramdisk-id - The RAM disk ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-instance-id - The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This filter is applicable only if the AMI was created using CreateImage.
state - The state of the image (available | pending | failed).
state-reason-code - The reason code for the state change.
state-reason-message - The message for the state change.
sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
virtualization-type - The virtualization type (paravirtual | hvm).
The owner alias (amazon | aws-marketplace).
The owner alias (amazon | aws-backup-vault | aws-marketplace).
The date and time, in ISO 8601 date-time format, when the AMI was last used to launch an EC2 instance. When the AMI is used to launch an instance, there is a 24-hour delay before that usage is reported.
lastLaunchedTime data is available starting April 2017.
The ID of the source AMI from which the AMI was created.
The ID only appears if the AMI was created using CreateImage, CopyImage, or CreateRestoreImageTask. The ID does not appear if the AMI was created using any other API. For some older AMIs, the ID might not be available. For more information, see Identify the source AMI used to create a new AMI in the Amazon EC2 User Guide.
", + "locationName":"sourceImageId" + }, + "SourceImageRegion":{ + "shape":"String", + "documentation":"The Region of the source AMI.
The Region only appears if the AMI was created using CreateImage, CopyImage, or CreateRestoreImageTask. The Region does not appear if the AMI was created using any other API. For some older AMIs, the Region might not be available. For more information, see Identify the source AMI used to create a new AMI in the Amazon EC2 User Guide.
", + "locationName":"sourceImageRegion" + }, "ImageId":{ "shape":"String", "documentation":"The ID of the AMI.
", @@ -34217,7 +34227,7 @@ }, "ImageOwnerAlias":{ "shape":"String", - "documentation":"The alias of the AMI owner.
Valid values: amazon | aws-marketplace
The alias of the AMI owner.
Valid values: amazon | aws-backup-vault | aws-marketplace
The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.
", + "documentation":"The public key.
", "locationName":"publicKeyMaterial" } } @@ -35357,7 +35367,7 @@ }, "LaunchTime":{ "shape":"DateTime", - "documentation":"The time the instance was launched.
", + "documentation":"The time that the instance was last launched. To determine the time that instance was first launched, see the attachment time for the primary network interface.
", "locationName":"launchTime" }, "Placement":{ @@ -52586,7 +52596,7 @@ }, "RevokeAllGroups":{ "shape":"Boolean", - "documentation":"Indicates whether access should be revoked for all clients.
" + "documentation":"Indicates whether access should be revoked for all groups for a single TargetNetworkCidr that earlier authorized ingress for all groups using AuthorizeAllGroups. This does not impact other authorization rules that allowed ingress to the same TargetNetworkCidr with a specific AccessGroupId.
The type of query to run. The following are the three types of queries that you can run using the Internet Monitor query interface:
MEASUREMENTS: Provides availability score, performance score, total traffic, and round-trip times, at 5 minute intervals.
TOP_LOCATIONS: Provides availability score, performance score, total traffic, and time to first byte (TTFB) information, for the top location and ASN combinations that you're monitoring, by traffic volume.
TOP_LOCATION_DETAILS: Provides TTFB for Amazon CloudFront, your current configuration, and the best performing EC2 configuration, at 1 hour intervals.
OVERALL_TRAFFIC_SUGGESTIONS: Provides TTFB, using a 30-day weighted average, for all traffic in each Amazon Web Services location that is monitored.
OVERALL_TRAFFIC_SUGGESTIONS_DETAILS: Provides TTFB, using a 30-day weighted average, for each top location, for a proposed Amazon Web Services location. Must provide a Amazon Web Services location to search.
For lists of the fields returned with each query type and more information about how each type of query is performed, see Using the Amazon CloudWatch Internet Monitor query interface in the Amazon CloudWatch Internet Monitor User Guide.
" + "documentation":"The type of query to run. The following are the three types of queries that you can run using the Internet Monitor query interface:
MEASUREMENTS: Provides availability score, performance score, total traffic, and round-trip times, at 5 minute intervals.
TOP_LOCATIONS: Provides availability score, performance score, total traffic, and time to first byte (TTFB) information, for the top location and ASN combinations that you're monitoring, by traffic volume.
TOP_LOCATION_DETAILS: Provides TTFB for Amazon CloudFront, your current configuration, and the best performing EC2 configuration, at 1 hour intervals.
OVERALL_TRAFFIC_SUGGESTIONS: Provides TTFB, using a 30-day weighted average, for all traffic in each Amazon Web Services location that is monitored.
OVERALL_TRAFFIC_SUGGESTIONS_DETAILS: Provides TTFB, using a 30-day weighted average, for each top location, for a proposed Amazon Web Services location. Must provide an Amazon Web Services location to search.
ROUTING_SUGGESTIONS: Provides the predicted average round-trip time (RTT) from an IP prefix toward an Amazon Web Services location for a DNS resolver. The RTT is calculated at one hour intervals, over a one hour period.
For lists of the fields returned with each query type and more information about how each type of query is performed, see Using the Amazon CloudWatch Internet Monitor query interface in the Amazon CloudWatch Internet Monitor User Guide.
" }, "FilterParameters":{ "shape":"FilterParameters", diff --git a/botocore/data/mediaconvert/2017-08-29/service-2.json b/botocore/data/mediaconvert/2017-08-29/service-2.json index bf4edcb915..82a39c0632 100644 --- a/botocore/data/mediaconvert/2017-08-29/service-2.json +++ b/botocore/data/mediaconvert/2017-08-29/service-2.json @@ -8296,7 +8296,7 @@ "NielsenNonLinearWatermark": { "shape": "NielsenNonLinearWatermarkSettings", "locationName": "nielsenNonLinearWatermark", - "documentation": "Ignore these settings unless you are using Nielsen non-linear watermarking. Specify the values that MediaConvert uses to generate and place Nielsen watermarks in your output audio. In addition to specifying these values, you also need to set up your cloud TIC server. These settings apply to every output in your job. The MediaConvert implementation is currently with the following Nielsen versions: Nielsen Watermark SDK Version 5.2.1 Nielsen NLM Watermark Engine Version 1.2.7 Nielsen Watermark Authenticator [SID_TIC] Version [5.0.0]" + "documentation": "Ignore these settings unless you are using Nielsen non-linear watermarking. Specify the values that MediaConvert uses to generate and place Nielsen watermarks in your output audio. In addition to specifying these values, you also need to set up your cloud TIC server. These settings apply to every output in your job. The MediaConvert implementation is currently with the following Nielsen versions: Nielsen Watermark SDK Version 6.0.13 Nielsen NLM Watermark Engine Version 1.3.3 Nielsen Watermark Authenticator [SID_TIC] Version [7.0.0]" }, "OutputGroups": { "shape": "__listOfOutputGroup", @@ -8467,7 +8467,7 @@ "NielsenNonLinearWatermark": { "shape": "NielsenNonLinearWatermarkSettings", "locationName": "nielsenNonLinearWatermark", - "documentation": "Ignore these settings unless you are using Nielsen non-linear watermarking. Specify the values that MediaConvert uses to generate and place Nielsen watermarks in your output audio. In addition to specifying these values, you also need to set up your cloud TIC server. These settings apply to every output in your job. The MediaConvert implementation is currently with the following Nielsen versions: Nielsen Watermark SDK Version 5.2.1 Nielsen NLM Watermark Engine Version 1.2.7 Nielsen Watermark Authenticator [SID_TIC] Version [5.0.0]" + "documentation": "Ignore these settings unless you are using Nielsen non-linear watermarking. Specify the values that MediaConvert uses to generate and place Nielsen watermarks in your output audio. In addition to specifying these values, you also need to set up your cloud TIC server. These settings apply to every output in your job. The MediaConvert implementation is currently with the following Nielsen versions: Nielsen Watermark SDK Version 6.0.13 Nielsen NLM Watermark Engine Version 1.3.3 Nielsen Watermark Authenticator [SID_TIC] Version [7.0.0]" }, "OutputGroups": { "shape": "__listOfOutputGroup", @@ -8501,7 +8501,7 @@ "documentation": "Specify a unique identifier for Kantar to use for this piece of content." }, "CredentialsSecretName": { - "shape": "__stringMin1Max512PatternAZAZ09", + "shape": "__stringMin1Max2048PatternArnAwsAwsUsGovAwsCnSecretsmanagerUsGovApCaCnEuSaCentralNorthSouthEastWestDD12SecretAZAZ09", "locationName": "credentialsSecretName", "documentation": "Provide the name of the AWS Secrets Manager secret where your Kantar credentials are stored. Note that your MediaConvert service role must provide access to this secret. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/granting-permissions-for-mediaconvert-to-access-secrets-manager-secret.html. For instructions on creating a secret, see https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html, in the AWS Secrets Manager User Guide." }, @@ -10563,7 +10563,7 @@ "documentation": "To create assets that have the same TIC values in each audio track, keep the default value Share TICs. To create assets that have unique TIC values for each audio track, choose Use unique TICs." } }, - "documentation": "Ignore these settings unless you are using Nielsen non-linear watermarking. Specify the values that MediaConvert uses to generate and place Nielsen watermarks in your output audio. In addition to specifying these values, you also need to set up your cloud TIC server. These settings apply to every output in your job. The MediaConvert implementation is currently with the following Nielsen versions: Nielsen Watermark SDK Version 5.2.1 Nielsen NLM Watermark Engine Version 1.2.7 Nielsen Watermark Authenticator [SID_TIC] Version [5.0.0]" + "documentation": "Ignore these settings unless you are using Nielsen non-linear watermarking. Specify the values that MediaConvert uses to generate and place Nielsen watermarks in your output audio. In addition to specifying these values, you also need to set up your cloud TIC server. These settings apply to every output in your job. The MediaConvert implementation is currently with the following Nielsen versions: Nielsen Watermark SDK Version 6.0.13 Nielsen NLM Watermark Engine Version 1.3.3 Nielsen Watermark Authenticator [SID_TIC] Version [7.0.0]" }, "NielsenSourceWatermarkStatusType": { "type": "string", @@ -14619,6 +14619,12 @@ "min": 1, "max": 20 }, + "__stringMin1Max2048PatternArnAwsAwsUsGovAwsCnSecretsmanagerUsGovApCaCnEuSaCentralNorthSouthEastWestDD12SecretAZAZ09": { + "type": "string", + "min": 1, + "max": 2048, + "pattern": "^(arn:(aws|aws-us-gov|aws-cn):secretsmanager:(us(-gov)?|ap|ca|cn|eu|sa)-(central|(north|south)?(east|west)?)-\\d:\\d{12}:secret:)?[a-zA-Z0-9_\\/_+=.@-]*$" + }, "__stringMin1Max256": { "type": "string", "min": 1, @@ -14635,12 +14641,6 @@ "max": 50, "pattern": "^[a-zA-Z0-9_\\/_+=.@-]*$" }, - "__stringMin1Max512PatternAZAZ09": { - "type": "string", - "min": 1, - "max": 512, - "pattern": "^[a-zA-Z0-9_\\/_+=.@-]*$" - }, "__stringMin24Max512PatternAZaZ0902": { "type": "string", "min": 24, diff --git a/botocore/data/organizations/2016-11-28/service-2.json b/botocore/data/organizations/2016-11-28/service-2.json index c45fae4ca1..7641719be4 100644 --- a/botocore/data/organizations/2016-11-28/service-2.json +++ b/botocore/data/organizations/2016-11-28/service-2.json @@ -60,7 +60,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
" + "documentation":"Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
" }, "CancelHandshake":{ "name":"CancelHandshake", @@ -1661,7 +1661,7 @@ }, "Type":{ "shape":"PolicyType", - "documentation":"The type of policy to create. You can specify one of the following values:
" + "documentation":"The type of policy to create. You can specify one of the following values:
The policy type that you want to disable in this root. You can specify one of the following values:
" + "documentation":"The policy type that you want to disable in this root. You can specify one of the following values:
The policy type that you want to enable. You can specify one of the following values:
" + "documentation":"The policy type that you want to enable. You can specify one of the following values:
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
INVALID_ENUM: You specified an invalid value.
INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count against your tags per resource limit.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
INVALID_ENUM: You specified an invalid value.
INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_PRINCIPAL: You specified an invalid principal element in the policy.
INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count against your tags per resource limit.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
NON_DETACHABLE_POLICY: You can't detach this Amazon Web Services Managed Policy.
TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
The type of policy that you want to include in the returned list. You must specify one of the following values:
" + "documentation":"The type of policy that you want to include in the returned list. You must specify one of the following values:
Specifies the type of policy that you want to include in the response. You must specify one of the following values:
" + "documentation":"Specifies the type of policy that you want to include in the response. You must specify one of the following values:
" }, "NextToken":{ "shape":"NextToken", @@ -3265,6 +3267,7 @@ "type":"string", "enum":[ "SERVICE_CONTROL_POLICY", + "RESOURCE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", diff --git a/docs/source/conf.py b/docs/source/conf.py index d7a3a58c0c..6195d5e697 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -59,7 +59,7 @@ # The short X.Y version. version = '1.35.' # The full version, including alpha/beta/rc tags. -release = '1.35.59' +release = '1.35.60' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/tests/functional/endpoint-rules/billing/endpoint-tests-1.json b/tests/functional/endpoint-rules/billing/endpoint-tests-1.json new file mode 100644 index 0000000000..9e8c1f5585 --- /dev/null +++ b/tests/functional/endpoint-rules/billing/endpoint-tests-1.json @@ -0,0 +1,313 @@ +{ + "testCases": [ + { + "documentation": "For custom endpoint with region not set and fips disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Endpoint": "https://example.com", + "UseFIPS": false + } + }, + { + "documentation": "For custom endpoint with fips enabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Endpoint": "https://example.com", + "UseFIPS": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "url": "https://billing-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "url": "https://billing.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-northwest-1" + } + ] + }, + "url": "https://billing-fips.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-northwest-1", + "UseFIPS": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-northwest-1" + } + ] + }, + "url": "https://billing.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-northwest-1", + "UseFIPS": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "url": "https://billing-fips.us-gov-west-1.api.aws" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseFIPS": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "url": "https://billing.us-gov-west-1.api.aws" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseFIPS": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-iso-east-1" + } + ] + }, + "url": "https://billing-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-iso-east-1" + } + ] + }, + "url": "https://billing.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isob-east-1" + } + ] + }, + "url": "https://billing-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isob-east-1" + } + ] + }, + "url": "https://billing.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false + } + }, + { + "documentation": "For region eu-isoe-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eu-isoe-west-1" + } + ] + }, + "url": "https://billing-fips.eu-isoe-west-1.cloud.adc-e.uk" + } + }, + "params": { + "Region": "eu-isoe-west-1", + "UseFIPS": true + } + }, + { + "documentation": "For region eu-isoe-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eu-isoe-west-1" + } + ] + }, + "url": "https://billing.eu-isoe-west-1.cloud.adc-e.uk" + } + }, + "params": { + "Region": "eu-isoe-west-1", + "UseFIPS": false + } + }, + { + "documentation": "For region us-isof-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isof-south-1" + } + ] + }, + "url": "https://billing-fips.us-isof-south-1.csp.hci.ic.gov" + } + }, + "params": { + "Region": "us-isof-south-1", + "UseFIPS": true + } + }, + { + "documentation": "For region us-isof-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isof-south-1" + } + ] + }, + "url": "https://billing.us-isof-south-1.csp.hci.ic.gov" + } + }, + "params": { + "Region": "us-isof-south-1", + "UseFIPS": false + } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } + } + ], + "version": "1.0" +} \ No newline at end of file