This is a Preview release of the Application Signals API Reference. Operations and parameters are subject to change before the general availability release.
Use CloudWatch Application Signals for comprehensive observability of your cloud-based applications. It enables real-time service health dashboards and helps you track long-term performance trends against your business goals. The application-centric view provides you with unified visibility across your applications, services, and dependencies, so you can proactively monitor and efficiently triage any issues that may arise, ensuring optimal customer experience.
Application Signals provides the following benefits:
Automatically collect metrics and traces from your applications, and display key metrics such as call volume, availability, latency, faults, and errors.
Create and monitor service level objectives (SLOs).
See a map of your application topology that Application Signals automatically discovers, that gives you a visual representation of your applications, dependencies, and their connectivity.
Use CloudWatch Application Signals for comprehensive observability of your cloud-based applications. It enables real-time service health dashboards and helps you track long-term performance trends against your business goals. The application-centric view provides you with unified visibility across your applications, services, and dependencies, so you can proactively monitor and efficiently triage any issues that may arise, ensuring optimal customer experience.
Application Signals provides the following benefits:
Automatically collect metrics and traces from your applications, and display key metrics such as call volume, availability, latency, faults, and errors.
Create and monitor service level objectives (SLOs).
See a map of your application topology that Application Signals automatically discovers, that gives you a visual representation of your applications, dependencies, and their connectivity.
Application Signals works with CloudWatch RUM, CloudWatch Synthetics canaries, and Amazon Web Services Service Catalog AppRegistry, to display your client pages, Synthetics canaries, and application names within dashboards and maps.
", "operations": { "BatchGetServiceLevelObjectiveBudgetReport": "Use this operation to retrieve one or more service level objective (SLO) budget reports.
An error budget is the amount of time in unhealthy periods that your service can accumulate during an interval before your overall SLO budget health is breached and the SLO is considered to be unmet. For example, an SLO with a threshold of 99.95% and a monthly interval translates to an error budget of 21.9 minutes of downtime in a 30-day month.
Budget reports include a health indicator, the attainment value, and remaining budget.
For more information about SLO error budgets, see SLO concepts.
", "CreateServiceLevelObjective": "Creates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want.
Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached.
When you create an SLO, you set an attainment goal for it. An attainment goal is the ratio of good periods that meet the threshold requirements to the total periods within the interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state.
After you have created an SLO, you can retrieve error budget reports for it. An error budget is the number of periods or amount of time that your service can accumulate during an interval before your overall SLO budget health is breached and the SLO is considered to be unmet. for example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month.
When you call this operation, Application Signals creates the AWSServiceRoleForCloudWatchApplicationSignals service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions:
xray:GetServiceGraph
logs:StartQuery
logs:GetQueryResults
cloudwatch:GetMetricData
cloudwatch:ListMetrics
tag:GetResources
autoscaling:DescribeAutoScalingGroups
You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series.
For more information about SLOs, see Service level objectives (SLOs).
", @@ -71,6 +71,7 @@ "ListServiceDependentsInput$KeyAttributes": "Use this field to specify which service you want to retrieve information for. You must specify at least the Type, Name, and Environment attributes.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
You can use this optional field to specify which services you want to retrieve SLO information for.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
Use this field to specify which service you want to retrieve information for. You must specify at least the Type, Name, and Environment attributes.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
An array of string-to-string maps that each contain information about one log group associated with this service. Each string-to-string map includes the following fields:
\"Type\": \"AWS::Resource\"
\"ResourceType\": \"AWS::Logs::LogGroup\"
\"Identifier\": \"name-of-log-group\"
An array of string-to-string maps that each contain information about one log group associated with this service. Each string-to-string map includes the following fields:
\"Type\": \"AWS::Resource\"
\"ResourceType\": \"AWS::Logs::LogGroup\"
\"Identifier\": \"name-of-log-group\"
This structure defines the metric used for a service level indicator, including the metric name, namespace, and dimensions
", "refs": { @@ -426,7 +434,7 @@ "ResourceId": { "base": null, "refs": { - "ResourceNotFoundException$ResourceId": "Cannot find the resource id.
" + "ResourceNotFoundException$ResourceId": "Can't find the resource id.
" } }, "ResourceNotFoundException": { @@ -772,26 +780,26 @@ "BatchGetServiceLevelObjectiveBudgetReportInput$Timestamp": "The date and time that you want the report to be for. It is expressed as the number of milliseconds since Jan 1, 1970 00:00:00 UTC.
", "BatchGetServiceLevelObjectiveBudgetReportOutput$Timestamp": "The date and time that the report is for. It is expressed as the number of milliseconds since Jan 1, 1970 00:00:00 UTC.
", "CalendarInterval$StartTime": "The date and time when you want the first interval to start. Be sure to choose a time that configures the intervals the way that you want. For example, if you want weekly intervals starting on Mondays at 6 a.m., be sure to specify a start time that is a Monday at 6 a.m.
When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
As soon as one calendar interval ends, another automatically begins.
", - "GetServiceInput$StartTime": "The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057.
The end time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057.
The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "GetServiceInput$EndTime": "The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "GetServiceOutput$StartTime": "The start time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057.
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "GetServiceOutput$EndTime": "The end time of the data included in the response. In a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057.
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServiceDependenciesInput$StartTime": "The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "ListServiceDependenciesInput$EndTime": "The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested end time will be rounded to the nearest hour.
", + "ListServiceDependenciesOutput$StartTime": "The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServiceDependenciesOutput$EndTime": "The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServiceDependentsInput$StartTime": "The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "ListServiceDependentsInput$EndTime": "The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "ListServiceDependentsOutput$StartTime": "The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServiceDependentsOutput$EndTime": "The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServiceOperationsInput$StartTime": "The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "ListServiceOperationsInput$EndTime": "The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested end time will be rounded to the nearest hour.
", + "ListServiceOperationsOutput$StartTime": "The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServiceOperationsOutput$EndTime": "The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServicesInput$StartTime": "The start of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "ListServicesInput$EndTime": "The end of the time period to retrieve information about. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
Your requested start time will be rounded to the nearest hour.
", + "ListServicesOutput$StartTime": "The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", + "ListServicesOutput$EndTime": "The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: 1698778057
This displays the time that Application Signals used for the request. It might not match your request exactly, because it was rounded to the nearest hour.
", "ServiceLevelObjective$CreatedTime": "The date and time that this SLO was created. When used in a raw HTTP Query API, it is formatted as yyyy-MM-dd'T'HH:mm:ss. For example, 2019-07-01T23:59:59.
The time that this SLO was most recently updated. When used in a raw HTTP Query API, it is formatted as yyyy-MM-dd'T'HH:mm:ss. For example, 2019-07-01T23:59:59.
The date and time that this service level objective was created. It is expressed as the number of milliseconds since Jan 1, 1970 00:00:00 UTC.
" diff --git a/models/apis/bedrock-runtime/2023-09-30/api-2.json b/models/apis/bedrock-runtime/2023-09-30/api-2.json index e1ccc1db5a0..5629225035b 100644 --- a/models/apis/bedrock-runtime/2023-09-30/api-2.json +++ b/models/apis/bedrock-runtime/2023-09-30/api-2.json @@ -1,9 +1,14 @@ { "metadata": { "apiVersion": "2023-09-30", + "auth": [ + "aws.auth#sigv4" + ], "endpointPrefix": "bedrock-runtime", - "jsonVersion": "1.1", "protocol": "rest-json", + "protocols": [ + "rest-json" + ], "serviceFullName": "Amazon Bedrock Runtime", "serviceId": "Bedrock Runtime", "signatureVersion": "v4", @@ -62,6 +67,9 @@ { "shape": "InternalServerException" }, + { + "shape": "ServiceUnavailableException" + }, { "shape": "ValidationException" }, @@ -102,6 +110,9 @@ { "shape": "InternalServerException" }, + { + "shape": "ServiceUnavailableException" + }, { "shape": "ValidationException" }, @@ -142,6 +153,9 @@ { "shape": "InternalServerException" }, + { + "shape": "ServiceUnavailableException" + }, { "shape": "ValidationException" }, @@ -185,6 +199,9 @@ { "shape": "InternalServerException" }, + { + "shape": "ServiceUnavailableException" + }, { "shape": "ModelStreamErrorException" }, @@ -546,6 +563,9 @@ "modelStreamErrorException": { "shape": "ModelStreamErrorException" }, + "serviceUnavailableException": { + "shape": "ServiceUnavailableException" + }, "throttlingException": { "shape": "ThrottlingException" }, @@ -1717,6 +1737,9 @@ "modelTimeoutException": { "shape": "ModelTimeoutException" }, + "serviceUnavailableException": { + "shape": "ServiceUnavailableException" + }, "throttlingException": { "shape": "ThrottlingException" }, @@ -1739,6 +1762,19 @@ }, "type": "structure" }, + "ServiceUnavailableException": { + "error": { + "httpStatusCode": 503 + }, + "exception": true, + "fault": true, + "members": { + "message": { + "shape": "NonBlankString" + } + }, + "type": "structure" + }, "SpecificToolChoice": { "members": { "name": { diff --git a/models/apis/bedrock-runtime/2023-09-30/docs-2.json b/models/apis/bedrock-runtime/2023-09-30/docs-2.json index e4b04391bc2..902d547662e 100644 --- a/models/apis/bedrock-runtime/2023-09-30/docs-2.json +++ b/models/apis/bedrock-runtime/2023-09-30/docs-2.json @@ -3,10 +3,10 @@ "service": "Describes the API operations for running inference using Amazon Bedrock models.
", "operations": { "ApplyGuardrail": "The action to apply a guardrail.
", - "Converse": "Sends messages to the specified Amazon Bedrock model. Converse provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model.
For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide
For example code, see Converse API examples in the Amazon Bedrock User Guide.
This operation requires permission for the bedrock:InvokeModel action.
Sends messages to the specified Amazon Bedrock model and returns the response in a stream. ConverseStream provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model.
To find out if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response.
For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide
For example code, see Conversation streaming example in the Amazon Bedrock User Guide.
This operation requires permission for the bedrock:InvokeModelWithResponseStream action.
Sends messages to the specified Amazon Bedrock model. Converse provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. If a model has unique inference parameters, you can also pass those unique parameters to the model.
Amazon Bedrock doesn't store any text, images, or documents that you provide as content. The data is only used to generate the response.
For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide
For example code, see Converse API examples in the Amazon Bedrock User Guide.
This operation requires permission for the bedrock:InvokeModel action.
Sends messages to the specified Amazon Bedrock model and returns the response in a stream. ConverseStream provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model.
To find out if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response.
The CLI doesn't support streaming operations in Amazon Bedrock, including ConverseStream.
Amazon Bedrock doesn't store any text, images, or documents that you provide as content. The data is only used to generate the response.
For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide
For example code, see Conversation streaming example in the Amazon Bedrock User Guide.
This operation requires permission for the bedrock:InvokeModelWithResponseStream action.
Invokes the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. You use model inference to generate text, images, and embeddings.
For example code, see Invoke model code examples in the Amazon Bedrock User Guide.
This operation requires permission for the bedrock:InvokeModel action.
Invoke the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. The response is returned in a stream.
To see if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response.
The CLI doesn't support InvokeModelWithResponseStream.
For example code, see Invoke model with streaming code example in the Amazon Bedrock User Guide.
This operation requires permissions to perform the bedrock:InvokeModelWithResponseStream action.
Invoke the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. The response is returned in a stream.
To see if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response.
The CLI doesn't support streaming operations in Amazon Bedrock, including InvokeModelWithResponseStream.
For example code, see Invoke model with streaming code example in the Amazon Bedrock User Guide.
This operation requires permissions to perform the bedrock:InvokeModelWithResponseStream action.
The number of requests exceeds the service quota. Resubmit your request later.
", + "base": "Your request exceeds the service quota for your account. You can view your quotas at Viewing service quotas. You can resubmit your request later.
", "refs": { } }, + "ServiceUnavailableException": { + "base": "The service isn't currently available. Try again later.
", + "refs": { + "ConverseStreamOutput$serviceUnavailableException": "The service isn't currently available. Try again later.
", + "ResponseStream$serviceUnavailableException": null + } + }, "SpecificToolChoice": { "base": "The model must request a specific tool. For example, {\"tool\" : {\"name\" : \"Your tool name\"}}.
This field is only supported by Anthropic Claude 3 models.
The number of requests exceeds the limit. Resubmit your request later.
", + "base": "Your request was throttled because of service-wide limitations. Resubmit your request later or in a different region. You can also purchase Provisioned Throughput to increase the rate or number of tokens you can process.
", "refs": { "ConverseStreamOutput$throttlingException": "The number of requests exceeds the limit. Resubmit your request later.
", - "ResponseStream$throttlingException": "The number or frequency of requests exceeds the limit. Resubmit your request later.
" + "ResponseStream$throttlingException": "Your request was throttled because of service-wide limitations. Resubmit your request later or in a different region. You can also purchase Provisioned Throughput to increase the rate or number of tokens you can process.
" } }, "TokenUsage": { diff --git a/models/apis/codecommit/2015-04-13/api-2.json b/models/apis/codecommit/2015-04-13/api-2.json index 8d74930d694..022a529a400 100644 --- a/models/apis/codecommit/2015-04-13/api-2.json +++ b/models/apis/codecommit/2015-04-13/api-2.json @@ -5,12 +5,14 @@ "endpointPrefix":"codecommit", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"CodeCommit", "serviceFullName":"AWS CodeCommit", "serviceId":"CodeCommit", "signatureVersion":"v4", "targetPrefix":"CodeCommit_20150413", - "uid":"codecommit-2015-04-13" + "uid":"codecommit-2015-04-13", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateApprovalRuleTemplateWithRepository":{ @@ -316,6 +318,7 @@ {"shape":"InvalidRepositoryNameException"}, {"shape":"InvalidRepositoryDescriptionException"}, {"shape":"RepositoryLimitExceededException"}, + {"shape":"OperationNotAllowedException"}, {"shape":"EncryptionIntegrityChecksFailedException"}, {"shape":"EncryptionKeyAccessDeniedException"}, {"shape":"EncryptionKeyDisabledException"}, @@ -4531,6 +4534,12 @@ "base":{"shape":"ObjectTypeEnum"} } }, + "OperationNotAllowedException":{ + "type":"structure", + "members":{ + }, + "exception":true + }, "OrderEnum":{ "type":"string", "enum":[ diff --git a/models/apis/codecommit/2015-04-13/docs-2.json b/models/apis/codecommit/2015-04-13/docs-2.json index 90fa6600b68..10b9ebe528c 100644 --- a/models/apis/codecommit/2015-04-13/docs-2.json +++ b/models/apis/codecommit/2015-04-13/docs-2.json @@ -1925,9 +1925,9 @@ "KmsKeyId": { "base": null, "refs": { - "CreateRepositoryInput$kmsKeyId": "The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for kmsKeyID, see KeyId in the Decrypt API description in the Key Management Service API Reference.
If no key is specified, the default aws/codecommit Amazon Web Services managed key is used.
The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for kmsKeyID, see KeyId in the Decrypt API description in the Key Management Service API Reference.
If no key is specified, the default aws/codecommit Amazon Web Services managed key is used.
The ID of the Key Management Service encryption key used to encrypt and decrypt the repository.
", - "UpdateRepositoryEncryptionKeyInput$kmsKeyId": "The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for keyID, see KeyId in the Decrypt API description in the Key Management Service API Reference.
", + "UpdateRepositoryEncryptionKeyInput$kmsKeyId": "The ID of the encryption key. You can view the ID of an encryption key in the KMS console, or use the KMS APIs to programmatically retrieve a key ID. For more information about acceptable values for keyID, see KeyId in the Decrypt API description in the Key Management Service API Reference.
", "UpdateRepositoryEncryptionKeyOutput$kmsKeyId": "The ID of the encryption key.
", "UpdateRepositoryEncryptionKeyOutput$originalKmsKeyId": "The ID of the encryption key formerly used to encrypt and decrypt the repository.
" } @@ -2429,6 +2429,11 @@ "ConflictMetadata$objectTypes": "Information about any object type conflicts in a merge operation.
" } }, + "OperationNotAllowedException": { + "base": "The requested action is not allowed.
", + "refs": { + } + }, "OrderEnum": { "base": null, "refs": { diff --git a/models/apis/datazone/2018-05-10/api-2.json b/models/apis/datazone/2018-05-10/api-2.json index f1f5f74755b..51116abcf2d 100644 --- a/models/apis/datazone/2018-05-10/api-2.json +++ b/models/apis/datazone/2018-05-10/api-2.json @@ -1071,6 +1071,24 @@ {"shape":"UnauthorizedException"} ] }, + "GetEnvironmentCredentials":{ + "name":"GetEnvironmentCredentials", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/environments/{environmentIdentifier}/credentials", + "responseCode":200 + }, + "input":{"shape":"GetEnvironmentCredentialsInput"}, + "output":{"shape":"GetEnvironmentCredentialsOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ] + }, "GetEnvironmentProfile":{ "name":"GetEnvironmentProfile", "http":{ @@ -5608,6 +5626,35 @@ "userParameters":{"shape":"CustomParameterList"} } }, + "GetEnvironmentCredentialsInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "environmentIdentifier" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "location":"uri", + "locationName":"domainIdentifier" + }, + "environmentIdentifier":{ + "shape":"EnvironmentId", + "location":"uri", + "locationName":"environmentIdentifier" + } + } + }, + "GetEnvironmentCredentialsOutput":{ + "type":"structure", + "members":{ + "accessKeyId":{"shape":"String"}, + "expiration":{"shape":"SyntheticTimestamp_date_time"}, + "secretAccessKey":{"shape":"String"}, + "sessionToken":{"shape":"String"} + }, + "sensitive":true + }, "GetEnvironmentInput":{ "type":"structure", "required":[ diff --git a/models/apis/datazone/2018-05-10/docs-2.json b/models/apis/datazone/2018-05-10/docs-2.json index 68b01944d47..496f003b54d 100644 --- a/models/apis/datazone/2018-05-10/docs-2.json +++ b/models/apis/datazone/2018-05-10/docs-2.json @@ -57,6 +57,7 @@ "GetEnvironmentAction": "Gets the specified environment action.
", "GetEnvironmentBlueprint": "Gets an Amazon DataZone blueprint.
", "GetEnvironmentBlueprintConfiguration": "Gets the blueprint configuration in Amazon DataZone.
", + "GetEnvironmentCredentials": "Gets the credentials of an environment in Amazon DataZone.
", "GetEnvironmentProfile": "Gets an evinronment profile in Amazon DataZone.
", "GetFormType": "Gets a metadata form type in Amazon DataZone.
", "GetGlossary": "Gets a business glossary in Amazon DataZone.
", @@ -1544,6 +1545,7 @@ "GetEnvironmentBlueprintConfigurationInput$domainIdentifier": "The ID of the Amazon DataZone domain where this blueprint exists.
", "GetEnvironmentBlueprintConfigurationOutput$domainId": "The ID of the Amazon DataZone domain where this blueprint exists.
", "GetEnvironmentBlueprintInput$domainIdentifier": "The identifier of the domain in which this blueprint exists.
", + "GetEnvironmentCredentialsInput$domainIdentifier": "The ID of the Amazon DataZone domain in which this environment and its credentials exist.
", "GetEnvironmentInput$domainIdentifier": "The ID of the Amazon DataZone domain where the environment exists.
", "GetEnvironmentOutput$domainId": "The ID of the Amazon DataZone domain where the environment exists.
", "GetEnvironmentProfileInput$domainIdentifier": "The ID of the Amazon DataZone domain in which this environment profile exists.
", @@ -1852,6 +1854,7 @@ "GetDataSourceOutput$environmentId": "The ID of the environment where this data source creates and publishes assets,
", "GetEnvironmentActionInput$environmentIdentifier": "The environment ID of the environment action.
", "GetEnvironmentActionOutput$environmentId": "The environment ID of the environment action.
", + "GetEnvironmentCredentialsInput$environmentIdentifier": "The ID of the environment whose credentials this operation gets.
", "GetEnvironmentInput$identifier": "The ID of the Amazon DataZone environment.
", "GetEnvironmentOutput$id": "The ID of the environment.
", "GetSubscriptionTargetInput$environmentIdentifier": "The ID of the environment associated with the subscription target.
", @@ -2316,6 +2319,16 @@ "refs": { } }, + "GetEnvironmentCredentialsInput": { + "base": null, + "refs": { + } + }, + "GetEnvironmentCredentialsOutput": { + "base": null, + "refs": { + } + }, "GetEnvironmentInput": { "base": null, "refs": { @@ -4371,6 +4384,9 @@ "GetEnvironmentActionOutput$description": "The description of the environment action.
", "GetEnvironmentActionOutput$name": "The name of the environment action.
", "GetEnvironmentBlueprintOutput$provider": "The provider of this Amazon DataZone blueprint.
", + "GetEnvironmentCredentialsOutput$accessKeyId": "The access key ID of the environment.
", + "GetEnvironmentCredentialsOutput$secretAccessKey": "The secret access key of the environment credentials.
", + "GetEnvironmentCredentialsOutput$sessionToken": "The session token of the environment credentials.
", "GetEnvironmentOutput$createdBy": "The Amazon DataZone user who created the environment.
", "GetEnvironmentOutput$provider": "The provider of this Amazon DataZone environment.
", "GetEnvironmentProfileOutput$createdBy": "The Amazon DataZone user who created this environment profile.
", @@ -4799,6 +4815,7 @@ "GetEnvironmentBlueprintConfigurationOutput$updatedAt": "The timestamp of when this blueprint was upated.
", "GetEnvironmentBlueprintOutput$createdAt": "A timestamp of when this blueprint was created.
", "GetEnvironmentBlueprintOutput$updatedAt": "The timestamp of when this blueprint was updated.
", + "GetEnvironmentCredentialsOutput$expiration": "The expiration timestamp of the environment credentials.
", "GetEnvironmentOutput$createdAt": "The timestamp of when the environment was created.
", "GetEnvironmentOutput$updatedAt": "The timestamp of when this environment was updated.
", "GetEnvironmentProfileOutput$createdAt": "The timestamp of when this environment profile was created.
", diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 2b89c1c2fcc..3c7b64aeaab 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -39384,7 +39384,6 @@ "verified-access-trust-provider", "vpn-connection-device-type", "vpc-block-public-access-exclusion", - "vpc-encryption-control", "ipam-resource-discovery", "ipam-resource-discovery-association", "instance-connect-endpoint", diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 14ac36f431e..dc1a538ac5b 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -11036,13 +11036,13 @@ "EnableImageRequest$ImageId": "The ID of the AMI.
", "ExportImageRequest$ImageId": "The ID of the image.
", "FastLaunchImageIdList$member": null, - "FleetLaunchTemplateOverrides$ImageId": "The ID of the AMI. An AMI is required to launch an instance. This parameter is only available for fleets of type instant. For fleets of type maintain and request, you must specify the AMI ID in the launch template.
The ID of the AMI. An AMI is required to launch an instance. This parameter is only available for fleets of type instant. For fleets of type maintain and request, you must specify the AMI ID in the launch template.
The ID of the AMI in the format ami-17characters00000.
Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.
To reference a public parameter:
resolve:ssm:public-parameter
To reference a parameter stored in the same account:
resolve:ssm:parameter-name
resolve:ssm:parameter-name:version-number
resolve:ssm:parameter-name:label
To reference a parameter shared from another Amazon Web Services account:
resolve:ssm:parameter-ARN
resolve:ssm:parameter-ARN:version-number
resolve:ssm:parameter-ARN:label
For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.
This parameter is only available for fleets of type instant. For fleets of type maintain and request, you must specify the AMI ID in the launch template.
The ID of the AMI in the format ami-17characters00000.
Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.
To reference a public parameter:
resolve:ssm:public-parameter
To reference a parameter stored in the same account:
resolve:ssm:parameter-name
resolve:ssm:parameter-name:version-number
resolve:ssm:parameter-name:label
To reference a parameter shared from another Amazon Web Services account:
resolve:ssm:parameter-ARN
resolve:ssm:parameter-ARN:version-number
resolve:ssm:parameter-ARN:label
For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.
This parameter is only available for fleets of type instant. For fleets of type maintain and request, you must specify the AMI ID in the launch template.
The ID of the AMI.
", "ReplaceRootVolumeTask$ImageId": "The ID of the AMI used to create the replacement root volume.
", - "RequestLaunchTemplateData$ImageId": "The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch.
Valid formats:
ami-17characters00000
resolve:ssm:parameter-name
resolve:ssm:parameter-name:version-number
resolve:ssm:parameter-name:label
resolve:ssm:public-parameter
Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet, you must specify the AMI ID.
For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.
", + "RequestLaunchTemplateData$ImageId": "The ID of the AMI in the format ami-17characters00000.
Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.
To reference a public parameter:
resolve:ssm:public-parameter
To reference a parameter stored in the same account:
resolve:ssm:parameter-name
resolve:ssm:parameter-name:version-number
resolve:ssm:parameter-name:label
To reference a parameter shared from another Amazon Web Services account:
resolve:ssm:parameter-ARN
resolve:ssm:parameter-ARN:version-number
resolve:ssm:parameter-ARN:label
For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.
If the launch template will be used for an EC2 Fleet or Spot Fleet, note the following:
Only EC2 Fleets of type instant support specifying a Systems Manager parameter.
For EC2 Fleets of type maintain or request, or for Spot Fleets, you must specify the AMI ID.
The ID of the AMI.
", "ResetImageAttributeRequest$ImageId": "The ID of the AMI.
", "RestoreImageFromRecycleBinRequest$ImageId": "The ID of the AMI to restore.
", diff --git a/models/apis/ecr/2015-09-21/api-2.json b/models/apis/ecr/2015-09-21/api-2.json index 036799e6152..8d1be9de82b 100644 --- a/models/apis/ecr/2015-09-21/api-2.json +++ b/models/apis/ecr/2015-09-21/api-2.json @@ -133,6 +133,22 @@ {"shape":"KmsException"} ] }, + "CreateRepositoryCreationTemplate":{ + "name":"CreateRepositoryCreationTemplate", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateRepositoryCreationTemplateRequest"}, + "output":{"shape":"CreateRepositoryCreationTemplateResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidParameterException"}, + {"shape":"LimitExceededException"}, + {"shape":"TemplateAlreadyExistsException"} + ] + }, "DeleteLifecyclePolicy":{ "name":"DeleteLifecyclePolicy", "http":{ @@ -195,6 +211,21 @@ {"shape":"KmsException"} ] }, + "DeleteRepositoryCreationTemplate":{ + "name":"DeleteRepositoryCreationTemplate", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteRepositoryCreationTemplateRequest"}, + "output":{"shape":"DeleteRepositoryCreationTemplateResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TemplateNotFoundException"} + ] + }, "DeleteRepositoryPolicy":{ "name":"DeleteRepositoryPolicy", "http":{ @@ -301,6 +332,20 @@ {"shape":"RepositoryNotFoundException"} ] }, + "DescribeRepositoryCreationTemplates":{ + "name":"DescribeRepositoryCreationTemplates", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeRepositoryCreationTemplatesRequest"}, + "output":{"shape":"DescribeRepositoryCreationTemplatesResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidParameterException"} + ] + }, "GetAuthorizationToken":{ "name":"GetAuthorizationToken", "http":{ @@ -656,6 +701,21 @@ {"shape":"UnableToDecryptSecretValueException"} ] }, + "UpdateRepositoryCreationTemplate":{ + "name":"UpdateRepositoryCreationTemplate", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateRepositoryCreationTemplateRequest"}, + "output":{"shape":"UpdateRepositoryCreationTemplateResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TemplateNotFoundException"} + ] + }, "UploadLayerPart":{ "name":"UploadLayerPart", "http":{ @@ -879,6 +939,31 @@ "credentialArn":{"shape":"CredentialArn"} } }, + "CreateRepositoryCreationTemplateRequest":{ + "type":"structure", + "required":[ + "prefix", + "appliedFor" + ], + "members":{ + "prefix":{"shape":"Prefix"}, + "description":{"shape":"RepositoryTemplateDescription"}, + "encryptionConfiguration":{"shape":"EncryptionConfigurationForRepositoryCreationTemplate"}, + "resourceTags":{"shape":"TagList"}, + "imageTagMutability":{"shape":"ImageTagMutability"}, + "repositoryPolicy":{"shape":"RepositoryPolicyText"}, + "lifecyclePolicy":{"shape":"LifecyclePolicyTextForRepositoryCreationTemplate"}, + "appliedFor":{"shape":"RCTAppliedForList"}, + "customRoleArn":{"shape":"CustomRoleArn"} + } + }, + "CreateRepositoryCreationTemplateResponse":{ + "type":"structure", + "members":{ + "registryId":{"shape":"RegistryId"}, + "repositoryCreationTemplate":{"shape":"RepositoryCreationTemplate"} + } + }, "CreateRepositoryRequest":{ "type":"structure", "required":["repositoryName"], @@ -904,6 +989,10 @@ "min":50, "pattern":"^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\\-pullthroughcache\\/[a-zA-Z0-9\\/_+=.@-]+$" }, + "CustomRoleArn":{ + "type":"string", + "max":2048 + }, "CvssScore":{ "type":"structure", "members":{ @@ -986,6 +1075,20 @@ "policyText":{"shape":"RegistryPolicyText"} } }, + "DeleteRepositoryCreationTemplateRequest":{ + "type":"structure", + "required":["prefix"], + "members":{ + "prefix":{"shape":"Prefix"} + } + }, + "DeleteRepositoryCreationTemplateResponse":{ + "type":"structure", + "members":{ + "registryId":{"shape":"RegistryId"}, + "repositoryCreationTemplate":{"shape":"RepositoryCreationTemplate"} + } + }, "DeleteRepositoryPolicyRequest":{ "type":"structure", "required":["repositoryName"], @@ -1131,6 +1234,22 @@ "nextToken":{"shape":"NextToken"} } }, + "DescribeRepositoryCreationTemplatesRequest":{ + "type":"structure", + "members":{ + "prefixes":{"shape":"PrefixList"}, + "nextToken":{"shape":"NextToken"}, + "maxResults":{"shape":"MaxResults"} + } + }, + "DescribeRepositoryCreationTemplatesResponse":{ + "type":"structure", + "members":{ + "registryId":{"shape":"RegistryId"}, + "repositoryCreationTemplates":{"shape":"RepositoryCreationTemplateList"}, + "nextToken":{"shape":"NextToken"} + } + }, "EmptyUploadException":{ "type":"structure", "members":{ @@ -1146,6 +1265,14 @@ "kmsKey":{"shape":"KmsKey"} } }, + "EncryptionConfigurationForRepositoryCreationTemplate":{ + "type":"structure", + "required":["encryptionType"], + "members":{ + "encryptionType":{"shape":"EncryptionType"}, + "kmsKey":{"shape":"KmsKeyForRepositoryCreationTemplate"} + } + }, "EncryptionType":{ "type":"string", "enum":[ @@ -1582,6 +1709,12 @@ "max":2048, "min":1 }, + "KmsKeyForRepositoryCreationTemplate":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"^$|arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-z0-9-]+" + }, "Layer":{ "type":"structure", "members":{ @@ -1737,6 +1870,11 @@ "max":30720, "min":100 }, + "LifecyclePolicyTextForRepositoryCreationTemplate":{ + "type":"string", + "max":30720, + "min":0 + }, "LifecyclePreviewMaxResults":{ "type":"integer", "max":100, @@ -1822,6 +1960,16 @@ "min":0 }, "Platform":{"type":"string"}, + "Prefix":{ + "type":"string", + "max":256, + "min":1, + "pattern":"^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$" + }, + "PrefixList":{ + "type":"list", + "member":{"shape":"Prefix"} + }, "ProxyEndpoint":{"type":"string"}, "PullThroughCacheRule":{ "type":"structure", @@ -1987,6 +2135,17 @@ "replicationConfiguration":{"shape":"ReplicationConfiguration"} } }, + "RCTAppliedFor":{ + "type":"string", + "enum":[ + "REPLICATION", + "PULL_THROUGH_CACHE" + ] + }, + "RCTAppliedForList":{ + "type":"list", + "member":{"shape":"RCTAppliedFor"} + }, "Reason":{"type":"string"}, "Recommendation":{ "type":"structure", @@ -2133,6 +2292,26 @@ }, "exception":true }, + "RepositoryCreationTemplate":{ + "type":"structure", + "members":{ + "prefix":{"shape":"Prefix"}, + "description":{"shape":"RepositoryTemplateDescription"}, + "encryptionConfiguration":{"shape":"EncryptionConfigurationForRepositoryCreationTemplate"}, + "resourceTags":{"shape":"TagList"}, + "imageTagMutability":{"shape":"ImageTagMutability"}, + "repositoryPolicy":{"shape":"RepositoryPolicyText"}, + "lifecyclePolicy":{"shape":"LifecyclePolicyTextForRepositoryCreationTemplate"}, + "appliedFor":{"shape":"RCTAppliedForList"}, + "customRoleArn":{"shape":"CustomRoleArn"}, + "createdAt":{"shape":"Date"}, + "updatedAt":{"shape":"Date"} + } + }, + "RepositoryCreationTemplateList":{ + "type":"list", + "member":{"shape":"RepositoryCreationTemplate"} + }, "RepositoryFilter":{ "type":"structure", "required":[ @@ -2228,6 +2407,10 @@ "type":"list", "member":{"shape":"RepositoryScanningConfiguration"} }, + "RepositoryTemplateDescription":{ + "type":"string", + "max":256 + }, "Resource":{ "type":"structure", "members":{ @@ -2465,6 +2648,20 @@ "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"} }, + "TemplateAlreadyExistsException":{ + "type":"structure", + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "exception":true + }, + "TemplateNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "exception":true + }, "Title":{"type":"string"}, "TooManyTagsException":{ "type":"structure", @@ -2553,6 +2750,28 @@ "credentialArn":{"shape":"CredentialArn"} } }, + "UpdateRepositoryCreationTemplateRequest":{ + "type":"structure", + "required":["prefix"], + "members":{ + "prefix":{"shape":"Prefix"}, + "description":{"shape":"RepositoryTemplateDescription"}, + "encryptionConfiguration":{"shape":"EncryptionConfigurationForRepositoryCreationTemplate"}, + "resourceTags":{"shape":"TagList"}, + "imageTagMutability":{"shape":"ImageTagMutability"}, + "repositoryPolicy":{"shape":"RepositoryPolicyText"}, + "lifecyclePolicy":{"shape":"LifecyclePolicyTextForRepositoryCreationTemplate"}, + "appliedFor":{"shape":"RCTAppliedForList"}, + "customRoleArn":{"shape":"CustomRoleArn"} + } + }, + "UpdateRepositoryCreationTemplateResponse":{ + "type":"structure", + "members":{ + "registryId":{"shape":"RegistryId"}, + "repositoryCreationTemplate":{"shape":"RepositoryCreationTemplate"} + } + }, "UpdatedTimestamp":{"type":"timestamp"}, "UploadId":{ "type":"string", diff --git a/models/apis/ecr/2015-09-21/docs-2.json b/models/apis/ecr/2015-09-21/docs-2.json index ed097ad4e6c..1184eb21b24 100644 --- a/models/apis/ecr/2015-09-21/docs-2.json +++ b/models/apis/ecr/2015-09-21/docs-2.json @@ -9,10 +9,12 @@ "CompleteLayerUpload": "Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a sha256 digest of the image layer for data validation purposes.
When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.
", "CreateRepository": "Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide.
", + "CreateRepositoryCreationTemplate": "Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide.
", "DeleteLifecyclePolicy": "Deletes the lifecycle policy associated with the specified repository.
", "DeletePullThroughCacheRule": "Deletes a pull through cache rule.
", "DeleteRegistryPolicy": "Deletes the registry permissions policy.
", "DeleteRepository": "Deletes a repository. If the repository isn't empty, you must either delete the contents of the repository or use the force option to delete the repository and have Amazon ECR delete all of its contents on your behalf.
Deletes a repository creation template.
", "DeleteRepositoryPolicy": "Deletes the repository policy associated with the specified repository.
", "DescribeImageReplicationStatus": "Returns the replication status for a specified image.
", "DescribeImageScanFindings": "Returns the scan findings for the specified image.
", @@ -20,6 +22,7 @@ "DescribePullThroughCacheRules": "Returns the pull through cache rules for a registry.
", "DescribeRegistry": "Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.
", "DescribeRepositories": "Describes image repositories in a registry.
", + "DescribeRepositoryCreationTemplates": "Returns details about the repository creation templates in a registry. The prefixes request parameter can be used to return the details for a specific repository creation template.
Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.
The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The CLI offers an get-login-password command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide.
Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.
When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached.
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
Retrieves the lifecycle policy for the specified repository.
", @@ -36,13 +39,14 @@ "PutLifecyclePolicy": "Creates or updates the lifecycle policy for the specified repository. For more information, see Lifecycle policy template.
", "PutRegistryPolicy": "Creates or updates the permissions policy for your registry.
A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.
", "PutRegistryScanningConfiguration": "Creates or updates the scanning configuration for your private registry.
", - "PutReplicationConfiguration": "Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide.
When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.
Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide. For more information on the custom role for replication, see Creating an IAM role for replication.
When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.
Applies a repository policy to the specified repository to control access permissions. For more information, see Amazon ECR Repository policies in the Amazon Elastic Container Registry User Guide.
", "StartImageScan": "Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see Image scanning in the Amazon Elastic Container Registry User Guide.
", "StartLifecyclePolicyPreview": "Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.
", "TagResource": "Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.
", "UntagResource": "Deletes specified tags from a resource.
", "UpdatePullThroughCacheRule": "Updates an existing pull through cache rule.
", + "UpdateRepositoryCreationTemplate": "Updates an existing repository creation template.
", "UploadLayerPart": "Uploads an image layer part to Amazon ECR.
When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part.
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.
" }, @@ -197,6 +201,16 @@ "refs": { } }, + "CreateRepositoryCreationTemplateRequest": { + "base": null, + "refs": { + } + }, + "CreateRepositoryCreationTemplateResponse": { + "base": null, + "refs": { + } + }, "CreateRepositoryRequest": { "base": null, "refs": { @@ -228,6 +242,14 @@ "ValidatePullThroughCacheRuleResponse$credentialArn": "The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
" } }, + "CustomRoleArn": { + "base": null, + "refs": { + "CreateRepositoryCreationTemplateRequest$customRoleArn": "The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring.
", + "RepositoryCreationTemplate$customRoleArn": "The ARN of the role to be assumed by Amazon ECR.
", + "UpdateRepositoryCreationTemplateRequest$customRoleArn": "The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring.
" + } + }, "CvssScore": { "base": "The CVSS score for a finding.
", "refs": { @@ -266,7 +288,9 @@ "EnhancedImageScanFinding$lastObservedAt": "The date and time that the finding was last observed.
", "EnhancedImageScanFinding$updatedAt": "The date and time the finding was last updated at.
", "PackageVulnerabilityDetails$vendorCreatedAt": "The date and time that this vulnerability was first added to the vendor's database.
", - "PackageVulnerabilityDetails$vendorUpdatedAt": "The date and time the vendor last updated this vulnerability in their database.
" + "PackageVulnerabilityDetails$vendorUpdatedAt": "The date and time the vendor last updated this vulnerability in their database.
", + "RepositoryCreationTemplate$createdAt": "The date and time, in JavaScript date format, when the repository creation template was created.
", + "RepositoryCreationTemplate$updatedAt": "The date and time, in JavaScript date format, when the repository creation template was last updated.
" } }, "DeleteLifecyclePolicyRequest": { @@ -299,6 +323,16 @@ "refs": { } }, + "DeleteRepositoryCreationTemplateRequest": { + "base": null, + "refs": { + } + }, + "DeleteRepositoryCreationTemplateResponse": { + "base": null, + "refs": { + } + }, "DeleteRepositoryPolicyRequest": { "base": null, "refs": { @@ -385,22 +419,41 @@ "refs": { } }, + "DescribeRepositoryCreationTemplatesRequest": { + "base": null, + "refs": { + } + }, + "DescribeRepositoryCreationTemplatesResponse": { + "base": null, + "refs": { + } + }, "EmptyUploadException": { "base": "The specified layer upload does not contain any layer parts.
", "refs": { } }, "EncryptionConfiguration": { - "base": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.
", + "base": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.
For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.
", "refs": { "CreateRepositoryRequest$encryptionConfiguration": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
", "Repository$encryptionConfiguration": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
" } }, + "EncryptionConfigurationForRepositoryCreationTemplate": { + "base": "The encryption configuration to associate with the repository creation template.
", + "refs": { + "CreateRepositoryCreationTemplateRequest$encryptionConfiguration": "The encryption configuration to use for repositories created using the template.
", + "RepositoryCreationTemplate$encryptionConfiguration": "The encryption configuration associated with the repository creation template.
", + "UpdateRepositoryCreationTemplateRequest$encryptionConfiguration": null + } + }, "EncryptionType": { "base": null, "refs": { - "EncryptionConfiguration$encryptionType": "The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.
The error message associated with the exception.
", + "TemplateAlreadyExistsException$message": null, + "TemplateNotFoundException$message": null, "TooManyTagsException$message": null, "UnableToAccessSecretException$message": null, "UnableToDecryptSecretValueException$message": null, @@ -801,10 +856,13 @@ "ImageTagMutability": { "base": null, "refs": { + "CreateRepositoryCreationTemplateRequest$imageTagMutability": "The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
The tag mutability setting for the repository. If MUTABLE is specified, image tags can be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
The image tag mutability setting for the repository.
", - "Repository$imageTagMutability": "The tag mutability setting for the repository.
" + "Repository$imageTagMutability": "The tag mutability setting for the repository.
", + "RepositoryCreationTemplate$imageTagMutability": "The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
", + "UpdateRepositoryCreationTemplateRequest$imageTagMutability": "Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
An object representing an Amazon ECR image layer.
", "refs": { @@ -1026,6 +1090,14 @@ "StartLifecyclePolicyPreviewResponse$lifecyclePolicyText": "The JSON repository policy text.
" } }, + "LifecyclePolicyTextForRepositoryCreationTemplate": { + "base": null, + "refs": { + "CreateRepositoryCreationTemplateRequest$lifecyclePolicy": "The lifecycle policy to use for repositories created using the template.
", + "RepositoryCreationTemplate$lifecyclePolicy": "The lifecycle policy to use for repositories created using the template.
", + "UpdateRepositoryCreationTemplateRequest$lifecyclePolicy": "Updates the lifecycle policy associated with the specified repository creation template.
" + } + }, "LifecyclePreviewMaxResults": { "base": null, "refs": { @@ -1070,6 +1142,7 @@ "DescribeImagesRequest$maxResults": "The maximum number of repository results returned by DescribeImages in paginated output. When this parameter is used, DescribeImages only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImages request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImages returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify images with imageIds.
The maximum number of pull through cache rules returned by DescribePullThroughCacheRulesRequest in paginated output. When this parameter is used, DescribePullThroughCacheRulesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribePullThroughCacheRulesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribePullThroughCacheRulesRequest returns up to 100 results and a nextToken value, if applicable.
The maximum number of repository results returned by DescribeRepositories in paginated output. When this parameter is used, DescribeRepositories only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositories request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositories returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify repositories with repositoryNames.
The maximum number of repository results returned by DescribeRepositoryCreationTemplatesRequest in paginated output. When this parameter is used, DescribeRepositoryCreationTemplatesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositoryCreationTemplatesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositoryCreationTemplatesRequest returns up to 100 results and a nextToken value, if applicable.
The maximum number of image results returned by ListImages in paginated output. When this parameter is used, ListImages only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListImages request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then ListImages returns up to 100 results and a nextToken value, if applicable.
The nextToken value to include in a future DescribePullThroughCacheRulesRequest request. When the results of a DescribePullThroughCacheRulesRequest request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
The nextToken value returned from a previous paginated DescribeRepositories request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify repositories with repositoryNames.
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
The nextToken value to include in a future DescribeRepositories request. When the results of a DescribeRepositories request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
The nextToken value returned from a previous paginated DescribeRepositoryCreationTemplates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
The nextToken value to include in a future DescribeRepositoryCreationTemplates request. When the results of a DescribeRepositoryCreationTemplates request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
The nextToken value returned from a previous paginated
GetLifecyclePolicyPreviewRequest request where maxResults was used and the
results exceeded the value of that parameter. Pagination continues from the end of the
previous results that returned the nextToken value. This value is
null when there are no more results to return. This option cannot be used when you specify images with imageIds.
The nextToken value to include in a future GetLifecyclePolicyPreview request. When the results of a GetLifecyclePolicyPreview request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
The nextToken value returned from a previous paginated ListImages request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
The platform of the Amazon ECR container image.
" } }, + "Prefix": { + "base": null, + "refs": { + "CreateRepositoryCreationTemplateRequest$prefix": "The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/. Similarly, a prefix of prod/team would apply to all repositories beginning with prod/team/.
To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.
There is always an assumed / applied to the end of the prefix. If you specify ecr-public as the prefix, Amazon ECR treats that as ecr-public/. When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.
The repository namespace prefix associated with the repository creation template.
", + "PrefixList$member": null, + "RepositoryCreationTemplate$prefix": "The repository namespace prefix associated with the repository creation template.
", + "UpdateRepositoryCreationTemplateRequest$prefix": "The repository namespace prefix that matches an existing repository creation template in the registry. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/. This includes a repository named prod/team1 as well as a repository named prod/repository1.
To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.
The repository namespace prefixes associated with the repository creation templates to describe. If this value is not specified, all repository creation templates are returned.
" + } + }, "ProxyEndpoint": { "base": null, "refs": { @@ -1273,6 +1364,20 @@ "refs": { } }, + "RCTAppliedFor": { + "base": null, + "refs": { + "RCTAppliedForList$member": null + } + }, + "RCTAppliedForList": { + "base": null, + "refs": { + "CreateRepositoryCreationTemplateRequest$appliedFor": "A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
", + "UpdateRepositoryCreationTemplateRequest$appliedFor": "Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
The registry ID associated with the request.
", "CreatePullThroughCacheRuleRequest$registryId": "The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.
", "CreatePullThroughCacheRuleResponse$registryId": "The registry ID associated with the request.
", + "CreateRepositoryCreationTemplateResponse$registryId": "The registry ID associated with the request.
", "CreateRepositoryRequest$registryId": "The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.
", "DeleteLifecyclePolicyRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
", "DeleteLifecyclePolicyResponse$registryId": "The registry ID associated with the request.
", "DeletePullThroughCacheRuleRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.
", "DeletePullThroughCacheRuleResponse$registryId": "The registry ID associated with the request.
", "DeleteRegistryPolicyResponse$registryId": "The registry ID associated with the request.
", + "DeleteRepositoryCreationTemplateResponse$registryId": "The registry ID associated with the request.
", "DeleteRepositoryPolicyRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository policy to delete. If you do not specify a registry, the default registry is assumed.
", "DeleteRepositoryPolicyResponse$registryId": "The registry ID associated with the request.
", "DeleteRepositoryRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository to delete. If you do not specify a registry, the default registry is assumed.
", @@ -1340,8 +1447,9 @@ "DescribeImageScanFindingsResponse$registryId": "The registry ID associated with the request.
", "DescribeImagesRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository in which to describe images. If you do not specify a registry, the default registry is assumed.
", "DescribePullThroughCacheRulesRequest$registryId": "The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.
", - "DescribeRegistryResponse$registryId": "The ID of the registry.
", + "DescribeRegistryResponse$registryId": "The registry ID associated with the request.
", "DescribeRepositoriesRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repositories to be described. If you do not specify a registry, the default registry is assumed.
", + "DescribeRepositoryCreationTemplatesResponse$registryId": "The registry ID associated with the request.
", "EnhancedImageScanFinding$awsAccountId": "The Amazon Web Services account ID associated with the image.
", "GetAuthorizationTokenRegistryIdList$member": null, "GetDownloadUrlForLayerRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the image layer to download. If you do not specify a registry, the default registry is assumed.
", @@ -1349,8 +1457,8 @@ "GetLifecyclePolicyPreviewResponse$registryId": "The registry ID associated with the request.
", "GetLifecyclePolicyRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
", "GetLifecyclePolicyResponse$registryId": "The registry ID associated with the request.
", - "GetRegistryPolicyResponse$registryId": "The ID of the registry.
", - "GetRegistryScanningConfigurationResponse$registryId": "The ID of the registry.
", + "GetRegistryPolicyResponse$registryId": "The registry ID associated with the request.
", + "GetRegistryScanningConfigurationResponse$registryId": "The registry ID associated with the request.
", "GetRepositoryPolicyRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
", "GetRepositoryPolicyResponse$registryId": "The registry ID associated with the request.
", "Image$registryId": "The Amazon Web Services account ID associated with the registry containing the image.
", @@ -1367,7 +1475,7 @@ "PutImageTagMutabilityResponse$registryId": "The registry ID associated with the request.
", "PutLifecyclePolicyRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
", "PutLifecyclePolicyResponse$registryId": "The registry ID associated with the request.
", - "PutRegistryPolicyResponse$registryId": "The registry ID.
", + "PutRegistryPolicyResponse$registryId": "The registry ID associated with the request.
", "ReplicationDestination$registryId": "The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.
", "Repository$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository.
", "SetRepositoryPolicyRequest$registryId": "The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
", @@ -1378,6 +1486,7 @@ "StartLifecyclePolicyPreviewResponse$registryId": "The registry ID associated with the request.
", "UpdatePullThroughCacheRuleRequest$registryId": "The Amazon Web Services account ID associated with the registry associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.
", "UpdatePullThroughCacheRuleResponse$registryId": "The registry ID associated with the request.
", + "UpdateRepositoryCreationTemplateResponse$registryId": "The registry ID associated with the request.
", "UploadLayerPartRequest$registryId": "The Amazon Web Services account ID associated with the registry to which you are uploading layer parts. If you do not specify a registry, the default registry is assumed.
", "UploadLayerPartResponse$registryId": "The registry ID associated with the request.
", "ValidatePullThroughCacheRuleRequest$registryId": "The registry ID associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.
", @@ -1499,6 +1608,21 @@ "refs": { } }, + "RepositoryCreationTemplate": { + "base": "The details of the repository creation template associated with the request.
", + "refs": { + "CreateRepositoryCreationTemplateResponse$repositoryCreationTemplate": "The details of the repository creation template associated with the request.
", + "DeleteRepositoryCreationTemplateResponse$repositoryCreationTemplate": "The details of the repository creation template that was deleted.
", + "RepositoryCreationTemplateList$member": null, + "UpdateRepositoryCreationTemplateResponse$repositoryCreationTemplate": "The details of the repository creation template associated with the request.
" + } + }, + "RepositoryCreationTemplateList": { + "base": null, + "refs": { + "DescribeRepositoryCreationTemplatesResponse$repositoryCreationTemplates": "The details of the repository creation templates.
" + } + }, "RepositoryFilter": { "base": "The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated.
", "refs": { @@ -1607,10 +1731,13 @@ "RepositoryPolicyText": { "base": null, "refs": { + "CreateRepositoryCreationTemplateRequest$repositoryPolicy": "The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
", "DeleteRepositoryPolicyResponse$policyText": "The JSON repository policy that was deleted from the repository.
", "GetRepositoryPolicyResponse$policyText": "The JSON repository policy text associated with the repository.
", + "RepositoryCreationTemplate$repositoryPolicy": "he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
", "SetRepositoryPolicyRequest$policyText": "The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.
", - "SetRepositoryPolicyResponse$policyText": "The JSON repository policy text applied to the repository.
" + "SetRepositoryPolicyResponse$policyText": "The JSON repository policy text applied to the repository.
", + "UpdateRepositoryCreationTemplateRequest$repositoryPolicy": "Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
" } }, "RepositoryScanningConfiguration": { @@ -1637,6 +1764,14 @@ "BatchGetRepositoryScanningConfigurationResponse$scanningConfigurations": "The scanning configuration for the requested repositories.
" } }, + "RepositoryTemplateDescription": { + "base": null, + "refs": { + "CreateRepositoryCreationTemplateRequest$description": "A description for the repository creation template.
", + "RepositoryCreationTemplate$description": "The description associated with the repository creation template.
", + "UpdateRepositoryCreationTemplateRequest$description": "A description for the repository creation template.
" + } + }, "Resource": { "base": "Details about the resource involved in a finding.
", "refs": { @@ -1865,9 +2000,12 @@ "TagList": { "base": null, "refs": { + "CreateRepositoryCreationTemplateRequest$resourceTags": "The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
", "CreateRepositoryRequest$tags": "The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
", "ListTagsForResourceResponse$tags": "The tags for the resource.
", - "TagResourceRequest$tags": "The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
" + "RepositoryCreationTemplate$resourceTags": "The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
", + "TagResourceRequest$tags": "The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
", + "UpdateRepositoryCreationTemplateRequest$resourceTags": "The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
" } }, "TagResourceRequest": { @@ -1901,6 +2039,16 @@ "Resource$tags": "The tags attached to the resource.
" } }, + "TemplateAlreadyExistsException": { + "base": "The repository creation template already exists. Specify a unique prefix and try again.
", + "refs": { + } + }, + "TemplateNotFoundException": { + "base": "The specified repository creation template can't be found. Verify the registry ID and prefix and try again.
", + "refs": { + } + }, "Title": { "base": null, "refs": { @@ -1969,6 +2117,16 @@ "refs": { } }, + "UpdateRepositoryCreationTemplateRequest": { + "base": null, + "refs": { + } + }, + "UpdateRepositoryCreationTemplateResponse": { + "base": null, + "refs": { + } + }, "UpdatedTimestamp": { "base": null, "refs": { @@ -2013,7 +2171,7 @@ "Url": { "base": null, "refs": { - "CreatePullThroughCacheRuleRequest$upstreamRegistryUrl": "The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.
Amazon ECR Public (ecr-public) - public.ecr.aws
Docker Hub (docker-hub) - registry-1.docker.io
Quay (quay) - quay.io
Kubernetes (k8s) - registry.k8s.io
GitHub Container Registry (github-container-registry) - ghcr.io
Microsoft Azure Container Registry (azure-container-registry) - <custom>.azurecr.io
GitLab Container Registry (gitlab-container-registry) - registry.gitlab.com
The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.
Amazon ECR Public (ecr-public) - public.ecr.aws
Docker Hub (docker-hub) - registry-1.docker.io
Quay (quay) - quay.io
Kubernetes (k8s) - registry.k8s.io
GitHub Container Registry (github-container-registry) - ghcr.io
Microsoft Azure Container Registry (azure-container-registry) - <custom>.azurecr.io
The upstream registry URL associated with the pull through cache rule.
", "DeletePullThroughCacheRuleResponse$upstreamRegistryUrl": "The upstream registry URL associated with the pull through cache rule.
", "GetDownloadUrlForLayerResponse$downloadUrl": "The pre-signed Amazon S3 download URL for the requested layer.
", diff --git a/models/apis/ecr/2015-09-21/examples-1.json b/models/apis/ecr/2015-09-21/examples-1.json index fa1a309ac6f..67b40f08c4a 100644 --- a/models/apis/ecr/2015-09-21/examples-1.json +++ b/models/apis/ecr/2015-09-21/examples-1.json @@ -87,6 +87,64 @@ "title": "To create a new repository" } ], + "CreateRepositoryCreationTemplate": [ + { + "input": { + "appliedFor": [ + "REPLICATION", + "PULL_THROUGH_CACHE" + ], + "description": "Repos for testing images", + "encryptionConfiguration": { + "encryptionType": "AES256" + }, + "imageTagMutability": "MUTABLE", + "lifecyclePolicy": "{\r\n \"rules\": [\r\n {\r\n \"rulePriority\": 1,\r\n \"description\": \"Expire images older than 14 days\",\r\n \"selection\": {\r\n \"tagStatus\": \"untagged\",\r\n \"countType\": \"sinceImagePushed\",\r\n \"countUnit\": \"days\",\r\n \"countNumber\": 14\r\n },\r\n \"action\": {\r\n \"type\": \"expire\"\r\n }\r\n }\r\n ]\r\n}", + "prefix": "eng/test", + "repositoryPolicy": "{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n {\r\n \"Sid\": \"LambdaECRPullPolicy\",\r\n \"Effect\": \"Allow\",\r\n \"Principal\": {\r\n \"Service\": \"lambda.amazonaws.com\"\r\n },\r\n \"Action\": \"ecr:BatchGetImage\"\r\n }\r\n ]\r\n}", + "resourceTags": [ + { + "Key": "environment", + "Value": "test" + } + ] + }, + "output": { + "registryId": "012345678901", + "repositoryCreationTemplate": { + "appliedFor": [ + "REPLICATION", + "PULL_THROUGH_CACHE" + ], + "createdAt": "2023-12-16T17:29:02-07:00", + "description": "Repos for testing images", + "encryptionConfiguration": { + "encryptionType": "AES256" + }, + "imageTagMutability": "MUTABLE", + "lifecyclePolicy": "{\r\n \"rules\": [\r\n {\r\n \"rulePriority\": 1,\r\n \"description\": \"Expire images older than 14 days\",\r\n \"selection\": {\r\n \"tagStatus\": \"untagged\",\r\n \"countType\": \"sinceImagePushed\",\r\n \"countUnit\": \"days\",\r\n \"countNumber\": 14\r\n },\r\n \"action\": {\r\n \"type\": \"expire\"\r\n }\r\n }\r\n ]\r\n}", + "prefix": "eng/test", + "repositoryPolicy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"LambdaECRPullPolicy\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"Service\" : \"lambda.amazonaws.com\"\n },\n \"Action\" : \"ecr:BatchGetImage\"\n } ]\n}", + "resourceTags": [ + { + "Key": "environment", + "Value": "test" + } + ], + "updatedAt": "2023-12-16T17:29:02-07:00" + } + }, + "comments": { + "input": { + }, + "output": { + } + }, + "description": "This example creates a repository creation template.", + "id": "create-a-new-repository-creation-template-1713296923053", + "title": "Create a new repository creation template" + } + ], "DeleteRepository": [ { "input": { @@ -110,6 +168,34 @@ "title": "To force delete a repository" } ], + "DeleteRepositoryCreationTemplate": [ + { + "input": { + "prefix": "eng" + }, + "output": { + "registryId": "012345678901", + "repositoryCreationTemplate": { + "createdAt": "2023-12-03T16:27:57.933000-08:00", + "encryptionConfiguration": { + "encryptionType": "AES256" + }, + "imageTagMutability": "MUTABLE", + "prefix": "eng", + "updatedAt": "2023-12-03T16:27:57.933000-08:00" + } + }, + "comments": { + "input": { + }, + "output": { + } + }, + "description": "This example deletes a repository creation template.", + "id": "delete-a-repository-creation-template-1713298142230", + "title": "Delete a repository creation template" + } + ], "DeleteRepositoryPolicy": [ { "input": { @@ -154,6 +240,57 @@ "title": "To describe all repositories in the current account" } ], + "DescribeRepositoryCreationTemplates": [ + { + "input": { + "maxResults": 123, + "nextToken": "", + "prefixes": [ + "eng" + ] + }, + "output": { + "nextToken": "", + "registryId": "012345678901", + "repositoryCreationTemplates": [ + { + "appliedFor": [ + "PULL_THROUGH_CACHE", + "REPLICATION" + ], + "createdAt": "2023-12-16T17:29:02-07:00", + "encryptionConfiguration": { + "encryptionType": "AES256" + }, + "imageTagMutability": "MUTABLE", + "prefix": "eng/test", + "updatedAt": "2023-12-16T19:55:02-07:00" + }, + { + "appliedFor": [ + "REPLICATION" + ], + "createdAt": "2023-12-14T17:29:02-07:00", + "encryptionConfiguration": { + "encryptionType": "AES256" + }, + "imageTagMutability": "IMMUTABLE", + "prefix": "eng/replication-test", + "updatedAt": "2023-12-14T19:55:02-07:00" + } + ] + }, + "comments": { + "input": { + }, + "output": { + } + }, + "description": "This example describes the contents of a repository creation template.", + "id": "describe-a-repository-creation-template-1713298784302", + "title": "Describe a repository creation template" + } + ], "GetAuthorizationToken": [ { "input": { @@ -210,6 +347,55 @@ "id": "listimages-example-1470868161594", "title": "To list all images in a repository" } + ], + "UpdateRepositoryCreationTemplate": [ + { + "input": { + "appliedFor": [ + "REPLICATION" + ], + "prefix": "eng/test", + "resourceTags": [ + { + "Key": "environment", + "Value": "test" + } + ] + }, + "output": { + "registryId": "012345678901", + "repositoryCreationTemplate": { + "appliedFor": [ + "REPLICATION" + ], + "createdAt": "2023-12-16T17:29:02-07:00", + "description": "Repos for testing images", + "encryptionConfiguration": { + "encryptionType": "AES256" + }, + "imageTagMutability": "MUTABLE", + "lifecyclePolicy": "{\r\n \"rules\": [\r\n {\r\n \"rulePriority\": 1,\r\n \"description\": \"Expire images older than 14 days\",\r\n \"selection\": {\r\n \"tagStatus\": \"untagged\",\r\n \"countType\": \"sinceImagePushed\",\r\n \"countUnit\": \"days\",\r\n \"countNumber\": 14\r\n },\r\n \"action\": {\r\n \"type\": \"expire\"\r\n }\r\n }\r\n ]\r\n}", + "prefix": "eng/test", + "repositoryPolicy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"LambdaECRPullPolicy\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"Service\" : \"lambda.amazonaws.com\"\n },\n \"Action\" : \"ecr:BatchGetImage\"\n } ]\n}", + "resourceTags": [ + { + "Key": "environment", + "Value": "test" + } + ], + "updatedAt": "2023-12-16T19:55:02-07:00" + } + }, + "comments": { + "input": { + }, + "output": { + } + }, + "description": "This example updates a repository creation template.", + "id": "update-a-repository-creation-template-1713299261276", + "title": "Update a repository creation template" + } ] } } diff --git a/models/apis/ecr/2015-09-21/paginators-1.json b/models/apis/ecr/2015-09-21/paginators-1.json index e382b79e440..ff500182c51 100644 --- a/models/apis/ecr/2015-09-21/paginators-1.json +++ b/models/apis/ecr/2015-09-21/paginators-1.json @@ -34,6 +34,15 @@ "output_token": "nextToken", "result_key": "repositories" }, + "DescribeRepositoryCreationTemplates": { + "input_token": "nextToken", + "limit_key": "maxResults", + "non_aggregate_keys": [ + "registryId" + ], + "output_token": "nextToken", + "result_key": "repositoryCreationTemplates" + }, "GetLifecyclePolicyPreview": { "input_token": "nextToken", "limit_key": "maxResults", diff --git a/models/apis/eks/2017-11-01/api-2.json b/models/apis/eks/2017-11-01/api-2.json index bc9658f02a8..84800e598eb 100644 --- a/models/apis/eks/2017-11-01/api-2.json +++ b/models/apis/eks/2017-11-01/api-2.json @@ -1294,7 +1294,8 @@ "id":{"shape":"String"}, "health":{"shape":"ClusterHealth"}, "outpostConfig":{"shape":"OutpostConfigResponse"}, - "accessConfig":{"shape":"AccessConfigResponse"} + "accessConfig":{"shape":"AccessConfigResponse"}, + "upgradePolicy":{"shape":"UpgradePolicyResponse"} } }, "ClusterHealth":{ @@ -1504,7 +1505,8 @@ "encryptionConfig":{"shape":"EncryptionConfigList"}, "outpostConfig":{"shape":"OutpostConfigRequest"}, "accessConfig":{"shape":"CreateAccessConfigRequest"}, - "bootstrapSelfManagedAddons":{"shape":"BoxedBoolean"} + "bootstrapSelfManagedAddons":{"shape":"BoxedBoolean"}, + "upgradePolicy":{"shape":"UpgradePolicyRequest"} } }, "CreateClusterResponse":{ @@ -3383,6 +3385,13 @@ "type":"list", "member":{"shape":"String"} }, + "SupportType":{ + "type":"string", + "enum":[ + "STANDARD", + "EXTENDED" + ] + }, "TagKey":{ "type":"string", "max":128, @@ -3574,7 +3583,8 @@ "shape":"String", "idempotencyToken":true }, - "accessConfig":{"shape":"UpdateAccessConfigRequest"} + "accessConfig":{"shape":"UpdateAccessConfigRequest"}, + "upgradePolicy":{"shape":"UpgradePolicyRequest"} } }, "UpdateClusterConfigResponse":{ @@ -3743,7 +3753,8 @@ "SecurityGroups", "Subnets", "AuthenticationMode", - "PodIdentityAssociations" + "PodIdentityAssociations", + "UpgradePolicy" ] }, "UpdateParams":{ @@ -3808,9 +3819,22 @@ "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", - "AccessConfigUpdate" + "AccessConfigUpdate", + "UpgradePolicyUpdate" ] }, + "UpgradePolicyRequest":{ + "type":"structure", + "members":{ + "supportType":{"shape":"SupportType"} + } + }, + "UpgradePolicyResponse":{ + "type":"structure", + "members":{ + "supportType":{"shape":"SupportType"} + } + }, "VpcConfigRequest":{ "type":"structure", "members":{ diff --git a/models/apis/eks/2017-11-01/docs-2.json b/models/apis/eks/2017-11-01/docs-2.json index 1225df5d2c3..38478096872 100644 --- a/models/apis/eks/2017-11-01/docs-2.json +++ b/models/apis/eks/2017-11-01/docs-2.json @@ -1863,6 +1863,13 @@ "VpcConfigResponse$publicAccessCidrs": "The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.
" } }, + "SupportType": { + "base": null, + "refs": { + "UpgradePolicyRequest$supportType": "If the cluster is set to EXTENDED, it will enter extended support at the end of standard support. If the cluster is set to STANDARD, it will be automatically upgraded at the end of standard support.
Learn more about EKS Extended Support in the EKS User Guide.
", + "UpgradePolicyResponse$supportType": "If the cluster is set to EXTENDED, it will enter extended support at the end of standard support. If the cluster is set to STANDARD, it will be automatically upgraded at the end of standard support.
Learn more about EKS Extended Support in the EKS User Guide.
" + } + }, "TagKey": { "base": "One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
The type of the update.
" } }, + "UpgradePolicyRequest": { + "base": "The support policy to use for the cluster. Extended support allows you to remain on specific Kubernetes versions for longer. Clusters in extended support have higher costs. The default value is EXTENDED. Use STANDARD to disable extended support.
Learn more about EKS Extended Support in the EKS User Guide.
", + "refs": { + "CreateClusterRequest$upgradePolicy": "New clusters, by default, have extended support enabled. You can disable extended support when creating a cluster by setting this value to STANDARD.
You can enable or disable extended support for clusters currently on standard support. You cannot disable extended support once it starts. You must enable extended support before your cluster exits standard support.
" + } + }, + "UpgradePolicyResponse": { + "base": "This value indicates if extended support is enabled or disabled for the cluster.
Learn more about EKS Extended Support in the EKS User Guide.
", + "refs": { + "Cluster$upgradePolicy": "This value indicates if extended support is enabled or disabled for the cluster.
Learn more about EKS Extended Support in the EKS User Guide.
" + } + }, "VpcConfigRequest": { "base": "An object representing the VPC configuration to use for an Amazon EKS cluster.
", "refs": { diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json b/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json index 0a8390ec3bf..ddfac122a21 100644 --- a/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json +++ b/models/apis/elasticloadbalancingv2/2015-12-01/api-2.json @@ -10,7 +10,8 @@ "serviceId":"Elastic Load Balancing v2", "signatureVersion":"v4", "uid":"elasticloadbalancingv2-2015-12-01", - "xmlNamespace":"http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/" + "xmlNamespace":"http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddListenerCertificates":{ @@ -246,6 +247,23 @@ {"shape":"OperationNotPermittedException"} ] }, + "DeleteSharedTrustStoreAssociation":{ + "name":"DeleteSharedTrustStoreAssociation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteSharedTrustStoreAssociationInput"}, + "output":{ + "shape":"DeleteSharedTrustStoreAssociationOutput", + "resultWrapper":"DeleteSharedTrustStoreAssociationResult" + }, + "errors":[ + {"shape":"TrustStoreNotFoundException"}, + {"shape":"DeleteAssociationSameAccountException"}, + {"shape":"TrustStoreAssociationNotFoundException"} + ] + }, "DeleteTargetGroup":{ "name":"DeleteTargetGroup", "http":{ @@ -512,6 +530,21 @@ {"shape":"TrustStoreNotFoundException"} ] }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetResourcePolicyInput"}, + "output":{ + "shape":"GetResourcePolicyOutput", + "resultWrapper":"GetResourcePolicyResult" + }, + "errors":[ + {"shape":"ResourceNotFoundException"} + ] + }, "GetTrustStoreCaCertificatesBundle":{ "name":"GetTrustStoreCaCertificatesBundle", "http":{ @@ -1220,6 +1253,17 @@ }, "DNSName":{"type":"string"}, "Default":{"type":"boolean"}, + "DeleteAssociationSameAccountException":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"DeleteAssociationSameAccount", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "DeleteListenerInput":{ "type":"structure", "required":["ListenerArn"], @@ -1256,6 +1300,22 @@ "members":{ } }, + "DeleteSharedTrustStoreAssociationInput":{ + "type":"structure", + "required":[ + "TrustStoreArn", + "ResourceArn" + ], + "members":{ + "TrustStoreArn":{"shape":"TrustStoreArn"}, + "ResourceArn":{"shape":"ResourceArn"} + } + }, + "DeleteSharedTrustStoreAssociationOutput":{ + "type":"structure", + "members":{ + } + }, "DeleteTargetGroupInput":{ "type":"structure", "required":["TargetGroupArn"], @@ -1624,6 +1684,19 @@ "TargetGroupStickinessConfig":{"shape":"TargetGroupStickinessConfig"} } }, + "GetResourcePolicyInput":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{"shape":"ResourceArn"} + } + }, + "GetResourcePolicyOutput":{ + "type":"structure", + "members":{ + "Policy":{"shape":"Policy"} + } + }, "GetTrustStoreCaCertificatesBundleInput":{ "type":"structure", "required":["TrustStoreArn"], @@ -2110,7 +2183,8 @@ "members":{ "Mode":{"shape":"Mode"}, "TrustStoreArn":{"shape":"TrustStoreArn"}, - "IgnoreClientCertificateExpiry":{"shape":"IgnoreClientCertificateExpiry"} + "IgnoreClientCertificateExpiry":{"shape":"IgnoreClientCertificateExpiry"}, + "TrustStoreAssociationStatus":{"shape":"TrustStoreAssociationStatusEnum"} } }, "Name":{"type":"string"}, @@ -2144,6 +2218,10 @@ "Values":{"shape":"ListOfString"} } }, + "Policy":{ + "type":"string", + "min":1 + }, "Port":{ "type":"integer", "max":65535, @@ -2310,6 +2388,17 @@ }, "exception":true }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"ResourceNotFound", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "RevocationContent":{ "type":"structure", "members":{ @@ -2934,7 +3023,25 @@ "ResourceArn":{"shape":"TrustStoreAssociationResourceArn"} } }, + "TrustStoreAssociationNotFoundException":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"AssociationNotFound", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "TrustStoreAssociationResourceArn":{"type":"string"}, + "TrustStoreAssociationStatusEnum":{ + "type":"string", + "enum":[ + "active", + "removed" + ] + }, "TrustStoreAssociations":{ "type":"list", "member":{"shape":"TrustStoreAssociation"} diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json b/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json index fbeaf822772..55bcedcb365 100644 --- a/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json +++ b/models/apis/elasticloadbalancingv2/2015-12-01/docs-2.json @@ -13,6 +13,7 @@ "DeleteListener": "Deletes the specified listener.
Alternatively, your listener is deleted when you delete the load balancer to which it is attached.
", "DeleteLoadBalancer": "Deletes the specified Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. Deleting a load balancer also deletes its listeners.
You can't delete a load balancer if deletion protection is enabled. If the load balancer does not exist or has already been deleted, the call succeeds.
Deleting a load balancer does not affect its registered targets. For example, your EC2 instances continue to run and are still registered to their target groups. If you no longer need these EC2 instances, you can stop or terminate them.
", "DeleteRule": "Deletes the specified rule.
You can't delete the default rule.
", + "DeleteSharedTrustStoreAssociation": "Deletes a shared trust store association.
", "DeleteTargetGroup": "Deletes the specified target group.
You can delete a target group if it is not referenced by any actions. Deleting a target group also deletes any associated health checks. Deleting a target group does not affect its registered targets. For example, any EC2 instances continue to run until you stop or terminate them.
", "DeleteTrustStore": "Deletes a trust store.
", "DeregisterTargets": "Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.
The load balancer stops sending requests to targets that are deregistering, but uses connection draining to ensure that in-flight traffic completes on the existing connections. This deregistration delay is configured by default but can be updated for each target group.
For more information, see the following:
Deregistration delay in the Application Load Balancers User Guide
Deregistration delay in the Network Load Balancers User Guide
Deregistration delay in the Gateway Load Balancers User Guide
Note: If the specified target does not exist, the action returns successfully.
", @@ -28,8 +29,9 @@ "DescribeTargetGroups": "Describes the specified target groups or all of your target groups. By default, all target groups are described. Alternatively, you can specify one of the following to filter the results: the ARN of the load balancer, the names of one or more target groups, or the ARNs of one or more target groups.
", "DescribeTargetHealth": "Describes the health of the specified targets or all of your targets.
", "DescribeTrustStoreAssociations": "Describes all resources associated with the specified trust store.
", - "DescribeTrustStoreRevocations": "Describes the revocation files in use by the specified trust store arn, or revocation ID.
", - "DescribeTrustStores": "Describes all trust stores for a given account by trust store arn’s or name.
", + "DescribeTrustStoreRevocations": "Describes the revocation files in use by the specified trust store or revocation files.
", + "DescribeTrustStores": "Describes all trust stores for the specified account.
", + "GetResourcePolicy": "Retrieves the resource policy for a specified resource.
", "GetTrustStoreCaCertificatesBundle": "Retrieves the ca certificate bundle.
This action returns a pre-signed S3 URI which is active for ten minutes.
", "GetTrustStoreRevocationContent": "Retrieves the specified revocation file.
This action returns a pre-signed S3 URI which is active for ten minutes.
", "ModifyListener": "Replaces the specified properties of the specified listener. Any properties that you do not specify remain unchanged.
Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the security policy and default certificate properties. If you change the protocol from HTTP to HTTPS, or from TCP to TLS, you must add the security policy and default certificate properties.
To add an item to a list, remove an item from a list, or update an item in a list, you must provide the entire list. For example, to add an action, specify a list with the current actions plus the new action.
", @@ -37,7 +39,7 @@ "ModifyRule": "Replaces the specified properties of the specified rule. Any properties that you do not specify are unchanged.
To add an item to a list, remove an item from a list, or update an item in a list, you must provide the entire list. For example, to add an action, specify a list with the current actions plus the new action.
", "ModifyTargetGroup": "Modifies the health checks used when evaluating the health state of the targets in the specified target group.
", "ModifyTargetGroupAttributes": "Modifies the specified attributes of the specified target group.
", - "ModifyTrustStore": "Update the ca certificate bundle for a given trust store.
", + "ModifyTrustStore": "Update the ca certificate bundle for the specified trust store.
", "RegisterTargets": "Registers the specified targets with the specified target group.
If the target is an EC2 instance, it must be in the running state when you register it.
By default, the load balancer routes requests to registered targets using the protocol and port for the target group. Alternatively, you can override the port for a target when you register it. You can register each EC2 instance or IP address with the same target group multiple times using different ports.
With a Network Load Balancer, you cannot register instances by instance ID if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by IP address.
", "RemoveListenerCertificates": "Removes the specified certificate from the certificate list for the specified HTTPS or TLS listener.
", "RemoveTags": "Removes the specified tags from the specified Elastic Load Balancing resources. You can remove the tags for one or more Application Load Balancers, Network Load Balancers, Gateway Load Balancers, target groups, listeners, or rules.
", @@ -469,6 +471,11 @@ "Certificate$IsDefault": "Indicates whether the certificate is the default certificate. Do not set this value when specifying a certificate as an input. This value is not included in the output when describing a listener, but is included when describing listener certificates.
" } }, + "DeleteAssociationSameAccountException": { + "base": "The specified association cannot be within the same account.
", + "refs": { + } + }, "DeleteListenerInput": { "base": null, "refs": { @@ -499,6 +506,16 @@ "refs": { } }, + "DeleteSharedTrustStoreAssociationInput": { + "base": null, + "refs": { + } + }, + "DeleteSharedTrustStoreAssociationOutput": { + "base": null, + "refs": { + } + }, "DeleteTargetGroupInput": { "base": null, "refs": { @@ -761,6 +778,16 @@ "Action$ForwardConfig": "Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
Note: Internal load balancers must use the ipv4 IP address type.
[Application Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses), dualstack (for IPv4 and IPv6 addresses), and dualstack-without-public-ipv4 (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).
[Network Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
[Gateway Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
[Application Load Balancers] The type of IP addresses used for public or private connections by the subnets attached to your load balancer. The possible values are ipv4 (for only IPv4 addresses), dualstack (for IPv4 and IPv6 addresses), and dualstack-without-public-ipv4 (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).
[Network Load Balancers and Gateway Load Balancers] The type of IP addresses used for public or private connections by the subnets attached to your load balancer. The possible values are ipv4 (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
Note: Internal load balancers must use the ipv4 IP address type.
[Application Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses), dualstack (for IPv4 and IPv6 addresses), and dualstack-without-public-ipv4 (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).
[Network Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
[Gateway Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
Note: Internal load balancers must use the ipv4 IP address type.
[Application Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses), dualstack (for IPv4 and IPv6 addresses), and dualstack-without-public-ipv4 (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).
Note: Application Load Balancer authentication only supports IPv4 addresses when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer cannot complete the authentication process, resulting in HTTP 500 errors.
[Network Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
[Gateway Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
The IP address type.
", "SetSubnetsInput$IpAddressType": "[Application Load Balancers] The IP address type. The possible values are ipv4 (for only IPv4 addresses), dualstack (for IPv4 and IPv6 addresses), and dualstack-without-public-ipv4 (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).
[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
[Gateway Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
[Application Load Balancers] The IP address type.
[Network Load Balancers] The IP address type.
[Gateway Load Balancers] The IP address type.
" @@ -962,7 +989,7 @@ "ListOfDescribeTargetHealthIncludeOptions": { "base": null, "refs": { - "DescribeTargetHealthInput$Include": "Used to inclue anomaly detection information.
" + "DescribeTargetHealthInput$Include": "Used to include anomaly detection information.
" } }, "ListOfString": { @@ -1322,6 +1349,12 @@ "RuleCondition$PathPatternConfig": "Information for a path pattern condition. Specify only when Field is path-pattern.
The content of the resource policy.
" + } + }, "Port": { "base": null, "refs": { @@ -1468,6 +1501,8 @@ "ResourceArn": { "base": null, "refs": { + "DeleteSharedTrustStoreAssociationInput$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
", + "GetResourcePolicyInput$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
", "ResourceArns$member": null, "TagDescription$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
" } @@ -1485,6 +1520,11 @@ "refs": { } }, + "ResourceNotFoundException": { + "base": "The specified resource does not exist.
", + "refs": { + } + }, "RevocationContent": { "base": "Information about a revocation file.
", "refs": { @@ -2095,6 +2135,7 @@ "base": null, "refs": { "AddTrustStoreRevocationsInput$TrustStoreArn": "The Amazon Resource Name (ARN) of the trust store.
", + "DeleteSharedTrustStoreAssociationInput$TrustStoreArn": "The Amazon Resource Name (ARN) of the trust store.
", "DeleteTrustStoreInput$TrustStoreArn": "The Amazon Resource Name (ARN) of the trust store.
", "DescribeTrustStoreAssociationsInput$TrustStoreArn": "The Amazon Resource Name (ARN) of the trust store.
", "DescribeTrustStoreRevocation$TrustStoreArn": "The Amazon Resource Name (ARN) of the trust store.
", @@ -2121,12 +2162,23 @@ "TrustStoreAssociations$member": null } }, + "TrustStoreAssociationNotFoundException": { + "base": "The specified association does not exist.
", + "refs": { + } + }, "TrustStoreAssociationResourceArn": { "base": null, "refs": { "TrustStoreAssociation$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
" } }, + "TrustStoreAssociationStatusEnum": { + "base": null, + "refs": { + "MutualAuthenticationAttributes$TrustStoreAssociationStatus": "Indicates a shared trust stores association status.
" + } + }, "TrustStoreAssociations": { "base": null, "refs": { diff --git a/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json b/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json index 508b0991ca2..0d0eaaf462d 100644 --- a/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json +++ b/models/apis/elasticloadbalancingv2/2015-12-01/examples-1.json @@ -363,6 +363,23 @@ "title": "To delete a rule" } ], + "DeleteSharedTrustStoreAssociation": [ + { + "input": { + "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/80233fa81d678c2c", + "TrustStoreArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:truststore/my-trust-store/73e2d6bc24d8a063" + }, + "comments": { + "input": { + }, + "output": { + } + }, + "description": "This example deletes the association between the specified trust store and the specified load balancer.", + "id": "delete-a-shared-trust-store-association-1721684063527", + "title": "Delete a shared trust store association" + } + ], "DeleteTargetGroup": [ { "input": { @@ -859,6 +876,22 @@ "title": "To describe the health of a target" } ], + "GetResourcePolicy": [ + { + "input": { + "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:truststore/my-trust-store/73e2d6bc24d8a067" + }, + "comments": { + "input": { + }, + "output": { + } + }, + "description": "This example retrieves the resource policy for the specified trust store.", + "id": "retrieve-a-resource-policy-1721684356628", + "title": "Retrieve a resource policy" + } + ], "ModifyListener": [ { "input": { diff --git a/models/apis/network-firewall/2020-11-12/api-2.json b/models/apis/network-firewall/2020-11-12/api-2.json index 5f61b3c4f57..40fcbf2c7bd 100644 --- a/models/apis/network-firewall/2020-11-12/api-2.json +++ b/models/apis/network-firewall/2020-11-12/api-2.json @@ -5,13 +5,15 @@ "endpointPrefix":"network-firewall", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"Network Firewall", "serviceFullName":"AWS Network Firewall", "serviceId":"Network Firewall", "signatureVersion":"v4", "signingName":"network-firewall", "targetPrefix":"NetworkFirewall_20201112", - "uid":"network-firewall-2020-11-12" + "uid":"network-firewall-2020-11-12", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateFirewallPolicy":{ @@ -1510,7 +1512,8 @@ "type":"string", "enum":[ "ALERT", - "FLOW" + "FLOW", + "TLS" ] }, "LoggingConfiguration":{ diff --git a/models/apis/network-firewall/2020-11-12/docs-2.json b/models/apis/network-firewall/2020-11-12/docs-2.json index 7d325639a9b..7e3a2c9f64a 100644 --- a/models/apis/network-firewall/2020-11-12/docs-2.json +++ b/models/apis/network-firewall/2020-11-12/docs-2.json @@ -7,7 +7,7 @@ "CreateFirewall": "Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.
The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.
After you create a firewall, you can provide additional settings, like the logging configuration.
To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.
To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
", "CreateFirewallPolicy": "Creates the firewall policy for the firewall according to the specifications.
An Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.
", "CreateRuleGroup": "Creates the specified stateless or stateful rule group, which includes the rules for network traffic inspection, a capacity setting, and tags.
You provide your rule group specification in your request using either RuleGroup or Rules.
Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains Certificate Manager certificate associations between and the scope configurations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall.
After you create a TLS inspection configuration, you can associate it with a new firewall policy.
To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.
To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.
For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
", + "CreateTLSInspectionConfiguration": "Creates an Network Firewall TLS inspection configuration. Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using ACM, create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall.
To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.
To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.
For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
", "DeleteFirewall": "Deletes the specified Firewall and its FirewallStatus. This operation requires the firewall's DeleteProtection flag to be FALSE. You can't revert this operation.
You can check whether a firewall is in use by reviewing the route tables for the Availability Zones where you have firewall subnet mappings. Retrieve the subnet mappings by calling DescribeFirewall. You define and update the route tables through Amazon VPC. As needed, update the route tables for the zones to remove the firewall endpoints. When the route tables no longer use the firewall endpoints, you can remove the firewall safely.
To delete a firewall, remove the delete protection if you need to using UpdateFirewallDeleteProtection, then delete the firewall by calling DeleteFirewall.
", "DeleteFirewallPolicy": "Deletes the specified FirewallPolicy.
", "DeleteResourcePolicy": "Deletes a resource policy that you created in a PutResourcePolicy request.
", @@ -746,7 +746,7 @@ } }, "LogDestinationConfig": { - "base": "Defines where Network Firewall sends logs for the firewall for one log type. This is used in LoggingConfiguration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
Network Firewall generates logs for stateful rule groups. You can save alert and flow log types. The stateful rules engine records flow logs for all network traffic that it receives. It records alert logs for traffic that matches stateful rules that have the rule action set to DROP or ALERT.
Defines where Network Firewall sends logs for the firewall for one log type. This is used in LoggingConfiguration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
Network Firewall generates logs for stateful rule groups. You can save alert, flow, and TLS log types.
", "refs": { "LogDestinationConfigs$member": null } @@ -760,7 +760,7 @@ "LogDestinationMap": { "base": null, "refs": { - "LogDestinationConfig$LogDestination": "The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type.
For an Amazon S3 bucket, provide the name of the bucket, with key bucketName, and optionally provide a prefix, with key prefix. The following example specifies an Amazon S3 bucket named DOC-EXAMPLE-BUCKET and the prefix alerts:
\"LogDestination\": { \"bucketName\": \"DOC-EXAMPLE-BUCKET\", \"prefix\": \"alerts\" }
For a CloudWatch log group, provide the name of the CloudWatch log group, with key logGroup. The following example specifies a log group named alert-log-group:
\"LogDestination\": { \"logGroup\": \"alert-log-group\" }
For a Kinesis Data Firehose delivery stream, provide the name of the delivery stream, with key deliveryStream. The following example specifies a delivery stream named alert-delivery-stream:
\"LogDestination\": { \"deliveryStream\": \"alert-delivery-stream\" }
The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type.
For an Amazon S3 bucket, provide the name of the bucket, with key bucketName, and optionally provide a prefix, with key prefix.
The following example specifies an Amazon S3 bucket named DOC-EXAMPLE-BUCKET and the prefix alerts:
\"LogDestination\": { \"bucketName\": \"DOC-EXAMPLE-BUCKET\", \"prefix\": \"alerts\" }
For a CloudWatch log group, provide the name of the CloudWatch log group, with key logGroup. The following example specifies a log group named alert-log-group:
\"LogDestination\": { \"logGroup\": \"alert-log-group\" }
For a Firehose delivery stream, provide the name of the delivery stream, with key deliveryStream. The following example specifies a delivery stream named alert-delivery-stream:
\"LogDestination\": { \"deliveryStream\": \"alert-delivery-stream\" }
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
" + "LogDestinationConfig$LogDestinationType": "The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
" } }, "LogType": { "base": null, "refs": { - "LogDestinationConfig$LogType": "The type of log to send. Alert logs report traffic that matches a StatefulRule with an action setting that sends an alert log message. Flow logs are standard network traffic flow logs.
" + "LogDestinationConfig$LogType": "The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.
ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see StatefulRule.
FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
PASS - Permits the packets to go to the intended destination.
DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
ALERT - Sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with ALERT action, verify in the logs that the rule is filtering as you want, then change the action to DROP.
Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
PASS - Permits the packets to go to the intended destination.
DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
ALERT - Sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with ALERT action, verify in the logs that the rule is filtering as you want, then change the action to DROP.
REJECT - Drops traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and an RST bit contained in the TCP header flags. REJECT is available only for TCP traffic. This option doesn't support FTP or IMAP protocols.
The uplink speed the rack should support for the connection to the Region.
" } }, + "VCPUCount": { + "base": null, + "refs": { + "InstanceTypeItem$VCPUs": "The number of default VCPUs in an instance type.
" + } + }, "ValidationException": { "base": "A parameter is not valid.
", "refs": { diff --git a/models/apis/states/2016-11-23/api-2.json b/models/apis/states/2016-11-23/api-2.json index 95e8a621820..f96536dda92 100644 --- a/models/apis/states/2016-11-23/api-2.json +++ b/models/apis/states/2016-11-23/api-2.json @@ -25,8 +25,12 @@ "output":{"shape":"CreateActivityOutput"}, "errors":[ {"shape":"ActivityLimitExceeded"}, + {"shape":"ActivityAlreadyExists"}, {"shape":"InvalidName"}, - {"shape":"TooManyTags"} + {"shape":"TooManyTags"}, + {"shape":"InvalidEncryptionConfiguration"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsThrottlingException"} ], "idempotent":true }, @@ -50,7 +54,10 @@ {"shape":"StateMachineTypeNotSupported"}, {"shape":"TooManyTags"}, {"shape":"ValidationException"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"InvalidEncryptionConfiguration"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsThrottlingException"} ], "idempotent":true }, @@ -149,7 +156,10 @@ "output":{"shape":"DescribeExecutionOutput"}, "errors":[ {"shape":"ExecutionDoesNotExist"}, - {"shape":"InvalidArn"} + {"shape":"InvalidArn"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "DescribeMapRun":{ @@ -175,7 +185,10 @@ "output":{"shape":"DescribeStateMachineOutput"}, "errors":[ {"shape":"InvalidArn"}, - {"shape":"StateMachineDoesNotExist"} + {"shape":"StateMachineDoesNotExist"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "DescribeStateMachineAlias":{ @@ -202,7 +215,10 @@ "output":{"shape":"DescribeStateMachineForExecutionOutput"}, "errors":[ {"shape":"ExecutionDoesNotExist"}, - {"shape":"InvalidArn"} + {"shape":"InvalidArn"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "GetActivityTask":{ @@ -216,7 +232,10 @@ "errors":[ {"shape":"ActivityDoesNotExist"}, {"shape":"ActivityWorkerLimitExceeded"}, - {"shape":"InvalidArn"} + {"shape":"InvalidArn"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "GetExecutionHistory":{ @@ -230,7 +249,10 @@ "errors":[ {"shape":"ExecutionDoesNotExist"}, {"shape":"InvalidArn"}, - {"shape":"InvalidToken"} + {"shape":"InvalidToken"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "ListActivities":{ @@ -377,7 +399,10 @@ "errors":[ {"shape":"TaskDoesNotExist"}, {"shape":"InvalidToken"}, - {"shape":"TaskTimedOut"} + {"shape":"TaskTimedOut"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "SendTaskHeartbeat":{ @@ -406,7 +431,10 @@ {"shape":"TaskDoesNotExist"}, {"shape":"InvalidOutput"}, {"shape":"InvalidToken"}, - {"shape":"TaskTimedOut"} + {"shape":"TaskTimedOut"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "StartExecution":{ @@ -425,7 +453,10 @@ {"shape":"InvalidName"}, {"shape":"StateMachineDoesNotExist"}, {"shape":"StateMachineDeleting"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ], "idempotent":true }, @@ -443,7 +474,10 @@ {"shape":"InvalidName"}, {"shape":"StateMachineDoesNotExist"}, {"shape":"StateMachineDeleting"}, - {"shape":"StateMachineTypeNotSupported"} + {"shape":"StateMachineTypeNotSupported"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ], "endpoint":{"hostPrefix":"sync-"} }, @@ -458,7 +492,10 @@ "errors":[ {"shape":"ExecutionDoesNotExist"}, {"shape":"InvalidArn"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"KmsThrottlingException"} ] }, "TagResource":{ @@ -536,7 +573,10 @@ {"shape":"StateMachineDoesNotExist"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"InvalidEncryptionConfiguration"}, + {"shape":"KmsAccessDeniedException"}, + {"shape":"KmsThrottlingException"} ], "idempotent":true }, @@ -570,6 +610,13 @@ } }, "shapes":{ + "ActivityAlreadyExists":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "exception":true + }, "ActivityDoesNotExist":{ "type":"structure", "members":{ @@ -726,7 +773,8 @@ "required":["name"], "members":{ "name":{"shape":"Name"}, - "tags":{"shape":"TagList"} + "tags":{"shape":"TagList"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} } }, "CreateActivityOutput":{ @@ -779,7 +827,8 @@ "tags":{"shape":"TagList"}, "tracingConfiguration":{"shape":"TracingConfiguration"}, "publish":{"shape":"Publish"}, - "versionDescription":{"shape":"VersionDescription"} + "versionDescription":{"shape":"VersionDescription"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} } }, "CreateStateMachineOutput":{ @@ -865,14 +914,16 @@ "members":{ "activityArn":{"shape":"Arn"}, "name":{"shape":"Name"}, - "creationDate":{"shape":"Timestamp"} + "creationDate":{"shape":"Timestamp"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} } }, "DescribeExecutionInput":{ "type":"structure", "required":["executionArn"], "members":{ - "executionArn":{"shape":"Arn"} + "executionArn":{"shape":"Arn"}, + "includedData":{"shape":"IncludedData"} } }, "DescribeExecutionOutput":{ @@ -963,7 +1014,8 @@ "type":"structure", "required":["executionArn"], "members":{ - "executionArn":{"shape":"Arn"} + "executionArn":{"shape":"Arn"}, + "includedData":{"shape":"IncludedData"} } }, "DescribeStateMachineForExecutionOutput":{ @@ -985,14 +1037,16 @@ "tracingConfiguration":{"shape":"TracingConfiguration"}, "mapRunArn":{"shape":"LongArn"}, "label":{"shape":"MapRunLabel"}, - "revisionId":{"shape":"RevisionId"} + "revisionId":{"shape":"RevisionId"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} } }, "DescribeStateMachineInput":{ "type":"structure", "required":["stateMachineArn"], "members":{ - "stateMachineArn":{"shape":"Arn"} + "stateMachineArn":{"shape":"Arn"}, + "includedData":{"shape":"IncludedData"} } }, "DescribeStateMachineOutput":{ @@ -1017,10 +1071,30 @@ "tracingConfiguration":{"shape":"TracingConfiguration"}, "label":{"shape":"MapRunLabel"}, "revisionId":{"shape":"RevisionId"}, - "description":{"shape":"VersionDescription"} + "description":{"shape":"VersionDescription"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} } }, "Enabled":{"type":"boolean"}, + "EncryptionConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "kmsKeyId":{"shape":"KmsKeyId"}, + "kmsDataKeyReusePeriodSeconds":{ + "shape":"KmsDataKeyReusePeriodSeconds", + "box":true + }, + "type":{"shape":"EncryptionType"} + } + }, + "EncryptionType":{ + "type":"string", + "enum":[ + "AWS_OWNED_KEY", + "CUSTOMER_MANAGED_KMS_KEY" + ] + }, "ErrorMessage":{"type":"string"}, "EventId":{"type":"long"}, "ExecutionAbortedEventDetails":{ @@ -1330,6 +1404,13 @@ "type":"boolean", "box":true }, + "IncludedData":{ + "type":"string", + "enum":[ + "ALL_DATA", + "METADATA_ONLY" + ] + }, "InspectionData":{ "type":"structure", "members":{ @@ -1386,6 +1467,13 @@ }, "exception":true }, + "InvalidEncryptionConfiguration":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "exception":true + }, "InvalidExecutionInput":{ "type":"structure", "members":{ @@ -1428,6 +1516,49 @@ }, "exception":true }, + "KmsAccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "exception":true + }, + "KmsDataKeyReusePeriodSeconds":{ + "type":"integer", + "box":true, + "max":900, + "min":60 + }, + "KmsInvalidStateException":{ + "type":"structure", + "members":{ + "kmsKeyState":{"shape":"KmsKeyState"}, + "message":{"shape":"ErrorMessage"} + }, + "exception":true + }, + "KmsKeyId":{ + "type":"string", + "max":2048, + "min":1 + }, + "KmsKeyState":{ + "type":"string", + "enum":[ + "DISABLED", + "PENDING_DELETION", + "PENDING_IMPORT", + "UNAVAILABLE", + "CREATING" + ] + }, + "KmsThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "exception":true + }, "LambdaFunctionFailedEventDetails":{ "type":"structure", "members":{ @@ -1937,7 +2068,8 @@ "stateMachineArn":{"shape":"Arn"}, "name":{"shape":"Name"}, "input":{"shape":"SensitiveData"}, - "traceHeader":{"shape":"TraceHeader"} + "traceHeader":{"shape":"TraceHeader"}, + "includedData":{"shape":"IncludedData"} } }, "StartSyncExecutionOutput":{ @@ -2286,7 +2418,7 @@ }, "TaskToken":{ "type":"string", - "max":1024, + "max":2048, "min":1 }, "TestExecutionStatus":{ @@ -2429,7 +2561,8 @@ "loggingConfiguration":{"shape":"LoggingConfiguration"}, "tracingConfiguration":{"shape":"TracingConfiguration"}, "publish":{"shape":"Publish"}, - "versionDescription":{"shape":"VersionDescription"} + "versionDescription":{"shape":"VersionDescription"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} } }, "UpdateStateMachineOutput":{ diff --git a/models/apis/states/2016-11-23/docs-2.json b/models/apis/states/2016-11-23/docs-2.json index 9c4a495f719..05123f8d11f 100644 --- a/models/apis/states/2016-11-23/docs-2.json +++ b/models/apis/states/2016-11-23/docs-2.json @@ -1,9 +1,9 @@ { "version": "2.0", - "service": "Step Functions is a service that lets you coordinate the components of distributed applications and microservices using visual workflows.
You can use Step Functions to build applications from individual components, each of which performs a discrete function, or task, allowing you to scale and change applications quickly. Step Functions provides a console that helps visualize the components of your application as a series of steps. Step Functions automatically triggers and tracks each step, and retries steps when there are errors, so your application executes predictably and in the right order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any issues.
Step Functions manages operations and underlying infrastructure to ensure your application is available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API. For more information about Step Functions, see the Step Functions Developer Guide .
If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action startSyncExecution and specify its parameter as StateMachineArn.
Step Functions coordinates the components of distributed applications and microservices using visual workflows.
You can use Step Functions to build applications from individual components, each of which performs a discrete function, or task, allowing you to scale and change applications quickly. Step Functions provides a console that helps visualize the components of your application as a series of steps. Step Functions automatically triggers and tracks each step, and retries steps when there are errors, so your application executes predictably and in the right order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any issues.
Step Functions manages operations and underlying infrastructure to ensure your application is available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API. For more information about Step Functions, see the Step Functions Developer Guide .
If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action startSyncExecution and specify its parameter as StateMachineArn.
Creates an activity. An activity is a task that you write in any programming language and host on any machine that has access to Step Functions. Activities must poll Step Functions using the GetActivityTask API action and respond using SendTask* API actions. This function lets Step Functions know the existence of your activity and returns an identifier for use in a state machine and when polling from the activity.
This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
CreateActivity is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. CreateActivity's idempotency check is based on the activity name. If a following request has different tags values, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, tags will not be updated, even if they are different.
Creates a state machine. A state machine consists of a collection of states that can do work (Task states), determine to which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. State machines are specified using a JSON-based, structured language. For more information, see Amazon States Language in the Step Functions User Guide.
If you set the publish parameter of this API action to true, it publishes version 1 as the first revision of the state machine.
This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
CreateStateMachine is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. CreateStateMachine's idempotency check is based on the state machine name, definition, type, LoggingConfiguration, and TracingConfiguration. The check is also based on the publish and versionDescription parameters. If a following request has a different roleArn or tags, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, roleArn and tags will not be updated, even if they are different.
Creates a state machine. A state machine consists of a collection of states that can do work (Task states), determine to which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. State machines are specified using a JSON-based, structured language. For more information, see Amazon States Language in the Step Functions User Guide.
If you set the publish parameter of this API action to true, it publishes version 1 as the first revision of the state machine.
For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine. The execution history and state machine definition will be encrypted with the key applied to the State Machine.
This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
CreateStateMachine is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. CreateStateMachine's idempotency check is based on the state machine name, definition, type, LoggingConfiguration, TracingConfiguration, and EncryptionConfiguration The check is also based on the publish and versionDescription parameters. If a following request has a different roleArn or tags, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, roleArn and tags will not be updated, even if they are different.
Creates an alias for a state machine that points to one or two versions of the same state machine. You can set your application to call StartExecution with an alias and update the version the alias uses without changing the client's code.
You can also map an alias to split StartExecution requests between two versions of a state machine. To do this, add a second RoutingConfig object in the routingConfiguration parameter. You must also specify the percentage of execution run requests each version should receive in both RoutingConfig objects. Step Functions randomly chooses which version runs a given execution based on the percentage you specify.
To create an alias that points to a single version, specify a single RoutingConfig object with a weight set to 100.
You can create up to 100 aliases for each state machine. You must delete unused aliases using the DeleteStateMachineAlias API action.
CreateStateMachineAlias is an idempotent API. Step Functions bases the idempotency check on the stateMachineArn, description, name, and routingConfiguration parameters. Requests that contain the same values for these parameters return a successful idempotent response without creating a duplicate resource.
Related operations:
", "DeleteActivity": "Deletes an activity.
", "DeleteStateMachine": "Deletes a state machine. This is an asynchronous operation. It sets the state machine's status to DELETING and begins the deletion process. A state machine is deleted only when all its executions are completed. On the next state transition, the state machine's executions are terminated.
A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.
The following are some examples of qualified and unqualified state machine ARNs:
The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.
arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel
If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.
The following unqualified state machine ARN refers to a state machine named myStateMachine.
arn:partition:states:region:account-id:stateMachine:myStateMachine
This API action also deletes all versions and aliases associated with a state machine.
For EXPRESS state machines, the deletion happens eventually (usually in less than a minute). Running executions may emit logs after DeleteStateMachine API is called.
List tags for a given resource.
Tags may only contain Unicode letters, digits, white space, or these symbols: _ . : / = + - @.
Creates a version from the current revision of a state machine. Use versions to create immutable snapshots of your state machine. You can start executions from versions either directly or with an alias. To create an alias, use CreateStateMachineAlias.
You can publish up to 1000 versions for each state machine. You must manually delete unused versions using the DeleteStateMachineVersion API action.
PublishStateMachineVersion is an idempotent API. It doesn't create a duplicate state machine version if it already exists for the current revision. Step Functions bases PublishStateMachineVersion's idempotency check on the stateMachineArn, name, and revisionId parameters. Requests with the same parameters return a successful idempotent response. If you don't specify a revisionId, Step Functions checks for a previously published version of the state machine's current revision.
Related operations:
", "RedriveExecution": "Restarts unsuccessful executions of Standard workflows that didn't complete successfully in the last 14 days. These include failed, aborted, or timed out executions. When you redrive an execution, it continues the failed execution from the unsuccessful step and uses the same input. Step Functions preserves the results and execution history of the successful steps, and doesn't rerun these steps when you redrive an execution. Redriven executions use the same state machine definition and execution ARN as the original execution attempt.
For workflows that include an Inline Map or Parallel state, RedriveExecution API action reschedules and redrives only the iterations and branches that failed or aborted.
To redrive a workflow that includes a Distributed Map state whose Map Run failed, you must redrive the parent workflow. The parent workflow redrives all the unsuccessful states, including a failed Map Run. If a Map Run was not started in the original execution attempt, the redriven parent workflow starts the Map Run.
This API action is not supported by EXPRESS state machines.
However, you can restart the unsuccessful executions of Express child workflows in a Distributed Map by redriving its Map Run. When you redrive a Map Run, the Express child workflows are rerun using the StartExecution API action. For more information, see Redriving Map Runs.
You can redrive executions if your original execution meets the following conditions:
The execution status isn't SUCCEEDED.
Your workflow execution has not exceeded the redrivable period of 14 days. Redrivable period refers to the time during which you can redrive a given execution. This period starts from the day a state machine completes its execution.
The workflow execution has not exceeded the maximum open time of one year. For more information about state machine quotas, see Quotas related to state machine executions.
The execution event history count is less than 24,999. Redriven executions append their event history to the existing event history. Make sure your workflow execution contains less than 24,999 events to accommodate the ExecutionRedriven history event and at least one other history event.
Used by activity workers, Task states using the callback pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed.
Used by activity workers, Task states using the callback pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed.
For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.
A caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.
Used by activity workers and Task states using the callback pattern, and optionally Task states using the job run pattern to report to Step Functions that the task represented by the specified taskToken is still making progress. This action resets the Heartbeat clock. The Heartbeat threshold is specified in the state machine's Amazon States Language definition (HeartbeatSeconds). This action does not in itself create an event in the execution history. However, if the task times out, the execution history contains an ActivityTimedOut entry for activities, or a TaskTimedOut entry for tasks using the job run or callback pattern.
The Timeout of a task, defined in the state machine's Amazon States Language definition, is its maximum allowed duration, regardless of the number of SendTaskHeartbeat requests received. Use HeartbeatSeconds to configure the timeout interval for heartbeats.
Used by activity workers, Task states using the callback pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken completed successfully.
Starts a state machine execution.
A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.
The following are some examples of qualified and unqualified state machine ARNs:
The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.
arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel
If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.
The following qualified state machine ARN refers to an alias named PROD.
arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine:PROD>
If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.
The following unqualified state machine ARN refers to a state machine named myStateMachine.
arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine>
If you start an execution with an unqualified state machine ARN, Step Functions uses the latest revision of the state machine for the execution.
To start executions of a state machine version, call StartExecution and provide the version ARN or the ARN of an alias that points to the version.
StartExecution is idempotent for STANDARD workflows. For a STANDARD workflow, if you call StartExecution with the same name and input as a running execution, the call succeeds and return the same response as the original request. If the execution is closed or if the input is different, it returns a 400 ExecutionAlreadyExists error. You can reuse names after 90 days.
StartExecution isn't idempotent for EXPRESS workflows.
Starts a Synchronous Express state machine execution. StartSyncExecution is not available for STANDARD workflows.
StartSyncExecution will return a 200 OK response, even if your execution fails, because the status code in the API response doesn't reflect function errors. Error codes are reserved for errors that prevent your execution from running, such as permissions errors, limit errors, or issues with your state machine code and configuration.
This API action isn't logged in CloudTrail.
Stops an execution.
This API action is not supported by EXPRESS state machines.
Stops an execution.
This API action is not supported by EXPRESS state machines.
For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.
A caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.
Add a tag to a Step Functions resource.
An array of key-value pairs. For more information, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide, and Controlling Access Using IAM Tags.
Tags may only contain Unicode letters, digits, white space, or these symbols: _ . : / = + - @.
Accepts the definition of a single state and executes it. You can test a state without creating a state machine or updating an existing state machine. Using this API, you can test the following:
A state's input and output processing data flow
An Amazon Web Services service integration request and response
An HTTP Task request and response
You can call this API on only one state at a time. The states that you can test include the following:
The TestState API assumes an IAM role which must contain the required IAM permissions for the resources your state is accessing. For information about the permissions a state might need, see IAM permissions to test a state.
The TestState API can run for up to five minutes. If the execution of a state exceeds this duration, it fails with the States.Timeout error.
TestState doesn't support Activity tasks, .sync or .waitForTaskToken service integration patterns, Parallel, or Map states.
Remove a tag from a Step Functions resource
", "UpdateMapRun": "Updates an in-progress Map Run's configuration to include changes to the settings that control maximum concurrency and Map Run failure.
", - "UpdateStateMachine": "Updates an existing state machine by modifying its definition, roleArn, or loggingConfiguration. Running executions will continue to use the previous definition and roleArn. You must include at least one of definition or roleArn or you will receive a MissingRequiredParameter error.
A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName.
A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.
The following are some examples of qualified and unqualified state machine ARNs:
The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.
arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel
If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.
The following qualified state machine ARN refers to an alias named PROD.
arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine:PROD>
If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.
The following unqualified state machine ARN refers to a state machine named myStateMachine.
arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine>
After you update your state machine, you can set the publish parameter to true in the same action to publish a new version. This way, you can opt-in to strict versioning of your state machine.
Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.
All StartExecution calls within a few seconds use the updated definition and roleArn. Executions started immediately after you call UpdateStateMachine may use the previous state machine definition and roleArn.
Updates an existing state machine by modifying its definition, roleArn, loggingConfiguration, or EncryptionConfiguration. Running executions will continue to use the previous definition and roleArn. You must include at least one of definition or roleArn or you will receive a MissingRequiredParameter error.
A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName.
A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.
The following are some examples of qualified and unqualified state machine ARNs:
The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.
arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel
If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.
The following qualified state machine ARN refers to an alias named PROD.
arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine:PROD>
If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.
The following unqualified state machine ARN refers to a state machine named myStateMachine.
arn:<partition>:states:<region>:<account-id>:stateMachine:<myStateMachine>
After you update your state machine, you can set the publish parameter to true in the same action to publish a new version. This way, you can opt-in to strict versioning of your state machine.
Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.
All StartExecution calls within a few seconds use the updated definition and roleArn. Executions started immediately after you call UpdateStateMachine may use the previous state machine definition and roleArn.
Updates the configuration of an existing state machine alias by modifying its description or routingConfiguration.
You must specify at least one of the description or routingConfiguration parameters to update a state machine alias.
UpdateStateMachineAlias is an idempotent API. Step Functions bases the idempotency check on the stateMachineAliasArn, description, and routingConfiguration parameters. Requests with the same parameters return an idempotent response.
This operation is eventually consistent. All StartExecution requests made within a few seconds use the latest alias configuration. Executions started immediately after calling UpdateStateMachineAlias may use the previous routing configuration.
Related operations:
", "ValidateStateMachineDefinition": "Validates the syntax of a state machine definition.
You can validate that a state machine definition is correct without creating a state machine resource. Step Functions will implicitly perform the same syntax check when you invoke CreateStateMachine and UpdateStateMachine. State machine definitions are specified using a JSON-based, structured language. For more information on Amazon States Language see Amazon States Language (ASL).
Suggested uses for ValidateStateMachineDefinition:
Integrate automated checks into your code review or Continuous Integration (CI) process to validate state machine definitions before starting deployments.
Run the validation from a Git pre-commit hook to check your state machine definitions before committing them to your source repository.
Errors found in the state machine definition will be returned in the response as a list of diagnostic elements, rather than raise an exception.
Activity already exists. EncryptionConfiguration may not be updated.
The specified activity does not exist.
", "refs": { @@ -272,7 +277,7 @@ "refs": { "CreateStateMachineInput$definition": "The Amazon States Language definition of the state machine. See Amazon States Language.
", "DescribeStateMachineForExecutionOutput$definition": "The Amazon States Language definition of the state machine. See Amazon States Language.
", - "DescribeStateMachineOutput$definition": "The Amazon States Language definition of the state machine. See Amazon States Language.
", + "DescribeStateMachineOutput$definition": "The Amazon States Language definition of the state machine. See Amazon States Language.
If called with includedData = METADATA_ONLY, the returned definition will be {}.
The Amazon States Language (ASL) definition of the state.
", "UpdateStateMachineInput$definition": "The Amazon States Language definition of the state machine. See Amazon States Language.
", "ValidateStateMachineDefinitionInput$definition": "The Amazon States Language definition of the state machine. For more information, see Amazon States Language (ASL).
" @@ -384,9 +389,27 @@ "TracingConfiguration$enabled": "When set to true, X-Ray tracing is enabled.
Settings to configure server-side encryption.
For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines and activities. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine, and when creating an Activity. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity.
Step Functions automatically enables encryption at rest using Amazon Web Services owned keys at no charge. However, KMS charges apply when using a customer managed key. For more information about pricing, see Key Management Service pricing.
For more information on KMS, see What is Key Management Service?
", + "refs": { + "CreateActivityInput$encryptionConfiguration": "Settings to configure server-side encryption.
", + "CreateStateMachineInput$encryptionConfiguration": "Settings to configure server-side encryption.
", + "DescribeActivityOutput$encryptionConfiguration": "Settings for configured server-side encryption.
", + "DescribeStateMachineForExecutionOutput$encryptionConfiguration": "Settings to configure server-side encryption.
", + "DescribeStateMachineOutput$encryptionConfiguration": "Settings to configure server-side encryption.
", + "UpdateStateMachineInput$encryptionConfiguration": "Settings to configure server-side encryption.
" + } + }, + "EncryptionType": { + "base": null, + "refs": { + "EncryptionConfiguration$type": "Encryption type
" + } + }, "ErrorMessage": { "base": null, "refs": { + "ActivityAlreadyExists$message": null, "ActivityDoesNotExist$message": null, "ActivityLimitExceeded$message": null, "ActivityWorkerLimitExceeded$message": null, @@ -397,12 +420,16 @@ "ExecutionNotRedrivable$message": null, "InvalidArn$message": null, "InvalidDefinition$message": null, + "InvalidEncryptionConfiguration$message": null, "InvalidExecutionInput$message": null, "InvalidLoggingConfiguration$message": null, "InvalidName$message": null, "InvalidOutput$message": null, "InvalidToken$message": null, "InvalidTracingConfiguration$message": null, + "KmsAccessDeniedException$message": null, + "KmsInvalidStateException$message": null, + "KmsThrottlingException$message": null, "MissingRequiredParameter$message": null, "ResourceNotFound$message": null, "ServiceQuotaExceededException$message": null, @@ -622,6 +649,15 @@ "GetExecutionHistoryInput$includeExecutionData": "You can select whether execution data (input or output of a history event) is returned. The default is true.
If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call DescribeStateMachine API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.
If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.
If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.
When calling a labelled ARN for an encrypted state machine, the includedData = METADATA_ONLY parameter will not apply because Step Functions needs to decrypt the entire state machine definition to get the Distributed Map state’s definition. In this case, the API caller needs to have kms:Decrypt permission.
If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.
Contains additional details about the state's execution, including its input and output data processing flow, and HTTP request and response information.
", "refs": { @@ -656,13 +692,18 @@ "refs": { } }, + "InvalidEncryptionConfiguration": { + "base": "Received when encryptionConfiguration is specified but various conditions exist which make the configuration invalid. For example, if type is set to CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds is not between 60 and 900, or the KMS key is not symmetric or inactive.
The provided JSON input data is not valid.
", "refs": { } }, "InvalidLoggingConfiguration": { - "base": "", + "base": "Configuration is not valid.
", "refs": { } }, @@ -686,6 +727,39 @@ "refs": { } }, + "KmsAccessDeniedException": { + "base": "Either your KMS key policy or API caller does not have the required permissions.
", + "refs": { + } + }, + "KmsDataKeyReusePeriodSeconds": { + "base": null, + "refs": { + "EncryptionConfiguration$kmsDataKeyReusePeriodSeconds": "Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.
The KMS key is not in valid state, for example: Disabled or Deleted.
", + "refs": { + } + }, + "KmsKeyId": { + "base": null, + "refs": { + "EncryptionConfiguration$kmsKeyId": "An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
" + } + }, + "KmsKeyState": { + "base": null, + "refs": { + "KmsInvalidStateException$kmsKeyState": "Current status of the KMS; key. For example: DISABLED, PENDING_DELETION, PENDING_IMPORT, UNAVAILABLE, CREATING.
Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.
Contains details about a Lambda function that failed during an execution.
", "refs": { @@ -1295,7 +1369,7 @@ } }, "StateMachineTypeNotSupported": { - "base": "", + "base": "State machine type is not supported.
", "refs": { } }, diff --git a/service/applicationautoscaling/api.go b/service/applicationautoscaling/api.go index 8067729abba..8baa0b5ac70 100644 --- a/service/applicationautoscaling/api.go +++ b/service/applicationautoscaling/api.go @@ -7804,6 +7804,12 @@ const ( // MetricTypeWorkSpacesAverageUserSessionsCapacityUtilization is a MetricType enum value MetricTypeWorkSpacesAverageUserSessionsCapacityUtilization = "WorkSpacesAverageUserSessionsCapacityUtilization" + + // MetricTypeSageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution is a MetricType enum value + MetricTypeSageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution = "SageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution" + + // MetricTypeSageMakerVariantConcurrentRequestsPerModelHighResolution is a MetricType enum value + MetricTypeSageMakerVariantConcurrentRequestsPerModelHighResolution = "SageMakerVariantConcurrentRequestsPerModelHighResolution" ) // MetricType_Values returns all elements of the MetricType enum @@ -7834,6 +7840,8 @@ func MetricType_Values() []string { MetricTypeElastiCacheDatabaseCapacityUsageCountedForEvictPercentage, MetricTypeSageMakerInferenceComponentInvocationsPerCopy, MetricTypeWorkSpacesAverageUserSessionsCapacityUtilization, + MetricTypeSageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution, + MetricTypeSageMakerVariantConcurrentRequestsPerModelHighResolution, } } diff --git a/service/applicationsignals/api.go b/service/applicationsignals/api.go index d4af84426b4..d140673636f 100644 --- a/service/applicationsignals/api.go +++ b/service/applicationsignals/api.go @@ -2311,6 +2311,8 @@ type GetServiceInput struct { // raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // EndTime is a required field EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"` @@ -2340,6 +2342,8 @@ type GetServiceInput struct { // a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // StartTime is a required field StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"` } @@ -2492,9 +2496,24 @@ type GetServiceOutput struct { // The end time of the data included in the response. In a raw HTTP Query API, // it is formatted as be epoch time in seconds. For example: 1698778057. // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // EndTime is a required field EndTime *time.Time `type:"timestamp" required:"true"` + // An array of string-to-string maps that each contain information about one + // log group associated with this service. Each string-to-string map includes + // the following fields: + // + // * "Type": "AWS::Resource" + // + // * "ResourceType": "AWS::Logs::LogGroup" + // + // * "Identifier": "name-of-log-group" + LogGroupReferences []map[string]*string `type:"list"` + // A structure containing information about the service. // // Service is a required field @@ -2503,6 +2522,10 @@ type GetServiceOutput struct { // The start time of the data included in the response. In a raw HTTP Query // API, it is formatted as be epoch time in seconds. For example: 1698778057. // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // StartTime is a required field StartTime *time.Time `type:"timestamp" required:"true"` } @@ -2531,6 +2554,12 @@ func (s *GetServiceOutput) SetEndTime(v time.Time) *GetServiceOutput { return s } +// SetLogGroupReferences sets the LogGroupReferences field's value. +func (s *GetServiceOutput) SetLogGroupReferences(v []map[string]*string) *GetServiceOutput { + s.LogGroupReferences = v + return s +} + // SetService sets the Service field's value. func (s *GetServiceOutput) SetService(v *Service) *GetServiceOutput { s.Service = v @@ -2691,6 +2720,8 @@ type ListServiceDependenciesInput struct { // raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested end time will be rounded to the nearest hour. + // // EndTime is a required field EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"` @@ -2728,6 +2759,8 @@ type ListServiceDependenciesInput struct { // a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // StartTime is a required field StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"` } @@ -2812,6 +2845,10 @@ type ListServiceDependenciesOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // EndTime is a required field EndTime *time.Time `type:"timestamp" required:"true"` @@ -2829,6 +2866,10 @@ type ListServiceDependenciesOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // StartTime is a required field StartTime *time.Time `type:"timestamp" required:"true"` } @@ -2882,6 +2923,8 @@ type ListServiceDependentsInput struct { // raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // EndTime is a required field EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"` @@ -2919,6 +2962,8 @@ type ListServiceDependentsInput struct { // a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // StartTime is a required field StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"` } @@ -3003,6 +3048,10 @@ type ListServiceDependentsOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // EndTime is a required field EndTime *time.Time `type:"timestamp" required:"true"` @@ -3020,6 +3069,10 @@ type ListServiceDependentsOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // StartTime is a required field StartTime *time.Time `type:"timestamp" required:"true"` } @@ -3211,6 +3264,8 @@ type ListServiceOperationsInput struct { // raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested end time will be rounded to the nearest hour. + // // EndTime is a required field EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"` @@ -3248,6 +3303,8 @@ type ListServiceOperationsInput struct { // a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // StartTime is a required field StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"` } @@ -3332,6 +3389,10 @@ type ListServiceOperationsOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // EndTime is a required field EndTime *time.Time `type:"timestamp" required:"true"` @@ -3349,6 +3410,10 @@ type ListServiceOperationsOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // StartTime is a required field StartTime *time.Time `type:"timestamp" required:"true"` } @@ -3402,6 +3467,8 @@ type ListServicesInput struct { // raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // EndTime is a required field EndTime *time.Time `location:"querystring" locationName:"EndTime" type:"timestamp" required:"true"` @@ -3417,6 +3484,8 @@ type ListServicesInput struct { // a raw HTTP Query API, it is formatted as be epoch time in seconds. For example: // 1698778057 // + // Your requested start time will be rounded to the nearest hour. + // // StartTime is a required field StartTime *time.Time `location:"querystring" locationName:"StartTime" type:"timestamp" required:"true"` } @@ -3489,6 +3558,10 @@ type ListServicesOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // EndTime is a required field EndTime *time.Time `type:"timestamp" required:"true"` @@ -3505,6 +3578,10 @@ type ListServicesOutput struct { // used in a raw HTTP Query API, it is formatted as be epoch time in seconds. // For example: 1698778057 // + // This displays the time that Application Signals used for the request. It + // might not match your request exactly, because it was rounded to the nearest + // hour. + // // StartTime is a required field StartTime *time.Time `type:"timestamp" required:"true"` } @@ -4079,7 +4156,7 @@ type ResourceNotFoundException struct { Message_ *string `locationName:"Message" type:"string"` - // Cannot find the resource id. + // Can't find the resource id. // // ResourceId is a required field ResourceId *string `type:"string" required:"true"` @@ -4286,6 +4363,17 @@ type Service struct { // KeyAttributes is a required field KeyAttributes map[string]*string `min:"1" type:"map" required:"true"` + // An array of string-to-string maps that each contain information about one + // log group associated with this service. Each string-to-string map includes + // the following fields: + // + // * "Type": "AWS::Resource" + // + // * "ResourceType": "AWS::Logs::LogGroup" + // + // * "Identifier": "name-of-log-group" + LogGroupReferences []map[string]*string `type:"list"` + // An array of structures that each contain information about one metric associated // with this service. // @@ -4323,6 +4411,12 @@ func (s *Service) SetKeyAttributes(v map[string]*string) *Service { return s } +// SetLogGroupReferences sets the LogGroupReferences field's value. +func (s *Service) SetLogGroupReferences(v []map[string]*string) *Service { + s.LogGroupReferences = v + return s +} + // SetMetricReferences sets the MetricReferences field's value. func (s *Service) SetMetricReferences(v []*MetricReference) *Service { s.MetricReferences = v diff --git a/service/applicationsignals/doc.go b/service/applicationsignals/doc.go index 8758c447693..d039a0b43ac 100644 --- a/service/applicationsignals/doc.go +++ b/service/applicationsignals/doc.go @@ -3,9 +3,6 @@ // Package applicationsignals provides the client and types for making API // requests to Amazon CloudWatch Application Signals. // -// This is a Preview release of the Application Signals API Reference. Operations -// and parameters are subject to change before the general availability release. -// // Use CloudWatch Application Signals for comprehensive observability of your // cloud-based applications. It enables real-time service health dashboards // and helps you track long-term performance trends against your business goals. @@ -26,6 +23,10 @@ // discovers, that gives you a visual representation of your applications, // dependencies, and their connectivity. // +// Application Signals works with CloudWatch RUM, CloudWatch Synthetics canaries, +// and Amazon Web Services Service Catalog AppRegistry, to display your client +// pages, Synthetics canaries, and application names within dashboards and maps. +// // See https://docs.aws.amazon.com/goto/WebAPI/application-signals-2024-04-15 for more information on this service. // // See applicationsignals package documentation for more information. diff --git a/service/bedrockruntime/api.go b/service/bedrockruntime/api.go index c408d4567eb..5aa76467e15 100644 --- a/service/bedrockruntime/api.go +++ b/service/bedrockruntime/api.go @@ -83,7 +83,10 @@ func (c *BedrockRuntime) ApplyGuardrailRequest(input *ApplyGuardrailInput) (req // again. // // - ThrottlingException -// The number of requests exceeds the limit. Resubmit your request later. +// Your request was throttled because of service-wide limitations. Resubmit +// your request later or in a different region. You can also purchase Provisioned +// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html) +// to increase the rate or number of tokens you can process. // // - InternalServerException // An internal server error occurred. Retry your request. @@ -92,7 +95,9 @@ func (c *BedrockRuntime) ApplyGuardrailRequest(input *ApplyGuardrailInput) (req // Input validation failed. Check your request parameters and retry the request. // // - ServiceQuotaExceededException -// The number of requests exceeds the service quota. Resubmit your request later. +// Your request exceeds the service quota for your account. You can view your +// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html). +// You can resubmit your request later. // // See also, https://docs.aws.amazon.com/goto/WebAPI/bedrock-runtime-2023-09-30/ApplyGuardrail func (c *BedrockRuntime) ApplyGuardrail(input *ApplyGuardrailInput) (*ApplyGuardrailOutput, error) { @@ -161,10 +166,13 @@ func (c *BedrockRuntime) ConverseRequest(input *ConverseInput) (req *request.Req // // Sends messages to the specified Amazon Bedrock model. Converse provides a // consistent interface that works with all models that support messages. This -// allows you to write code once and use it with different models. Should a -// model have unique inference parameters, you can also pass those unique parameters +// allows you to write code once and use it with different models. If a model +// has unique inference parameters, you can also pass those unique parameters // to the model. // +// Amazon Bedrock doesn't store any text, images, or documents that you provide +// as content. The data is only used to generate the response. +// // For information about the Converse API, see Use the Converse API in the Amazon // Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse // API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool @@ -191,7 +199,10 @@ func (c *BedrockRuntime) ConverseRequest(input *ConverseInput) (req *request.Req // again. // // - ThrottlingException -// The number of requests exceeds the limit. Resubmit your request later. +// Your request was throttled because of service-wide limitations. Resubmit +// your request later or in a different region. You can also purchase Provisioned +// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html) +// to increase the rate or number of tokens you can process. // // - ModelTimeoutException // The request took too long to process. Processing time exceeded the model @@ -200,6 +211,9 @@ func (c *BedrockRuntime) ConverseRequest(input *ConverseInput) (req *request.Req // - InternalServerException // An internal server error occurred. Retry your request. // +// - ServiceUnavailableException +// The service isn't currently available. Try again later. +// // - ValidationException // Input validation failed. Check your request parameters and retry the request. // @@ -291,6 +305,12 @@ func (c *BedrockRuntime) ConverseStreamRequest(input *ConverseStreamInput) (req // To find out if a model supports streaming, call GetFoundationModel (https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html) // and check the responseStreamingSupported field in the response. // +// The CLI doesn't support streaming operations in Amazon Bedrock, including +// ConverseStream. +// +// Amazon Bedrock doesn't store any text, images, or documents that you provide +// as content. The data is only used to generate the response. +// // For information about the Converse API, see Use the Converse API in the Amazon // Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse // API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool @@ -319,7 +339,10 @@ func (c *BedrockRuntime) ConverseStreamRequest(input *ConverseStreamInput) (req // again. // // - ThrottlingException -// The number of requests exceeds the limit. Resubmit your request later. +// Your request was throttled because of service-wide limitations. Resubmit +// your request later or in a different region. You can also purchase Provisioned +// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html) +// to increase the rate or number of tokens you can process. // // - ModelTimeoutException // The request took too long to process. Processing time exceeded the model @@ -328,6 +351,9 @@ func (c *BedrockRuntime) ConverseStreamRequest(input *ConverseStreamInput) (req // - InternalServerException // An internal server error occurred. Retry your request. // +// - ServiceUnavailableException +// The service isn't currently available. Try again later. +// // - ValidationException // Input validation failed. Check your request parameters and retry the request. // @@ -581,7 +607,10 @@ func (c *BedrockRuntime) InvokeModelRequest(input *InvokeModelInput) (req *reque // again. // // - ThrottlingException -// The number of requests exceeds the limit. Resubmit your request later. +// Your request was throttled because of service-wide limitations. Resubmit +// your request later or in a different region. You can also purchase Provisioned +// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html) +// to increase the rate or number of tokens you can process. // // - ModelTimeoutException // The request took too long to process. Processing time exceeded the model @@ -590,6 +619,9 @@ func (c *BedrockRuntime) InvokeModelRequest(input *InvokeModelInput) (req *reque // - InternalServerException // An internal server error occurred. Retry your request. // +// - ServiceUnavailableException +// The service isn't currently available. Try again later. +// // - ValidationException // Input validation failed. Check your request parameters and retry the request. // @@ -597,7 +629,9 @@ func (c *BedrockRuntime) InvokeModelRequest(input *InvokeModelInput) (req *reque // The model specified in the request is not ready to serve inference requests. // // - ServiceQuotaExceededException -// The number of requests exceeds the service quota. Resubmit your request later. +// Your request exceeds the service quota for your account. You can view your +// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html). +// You can resubmit your request later. // // - ModelErrorException // The request failed due to an error while processing the model. @@ -682,7 +716,8 @@ func (c *BedrockRuntime) InvokeModelWithResponseStreamRequest(input *InvokeModel // To see if a model supports streaming, call GetFoundationModel (https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetFoundationModel.html) // and check the responseStreamingSupported field in the response. // -// The CLI doesn't support InvokeModelWithResponseStream. +// The CLI doesn't support streaming operations in Amazon Bedrock, including +// InvokeModelWithResponseStream. // // For example code, see Invoke model with streaming code example in the Amazon // Bedrock User Guide. @@ -707,7 +742,10 @@ func (c *BedrockRuntime) InvokeModelWithResponseStreamRequest(input *InvokeModel // again. // // - ThrottlingException -// The number of requests exceeds the limit. Resubmit your request later. +// Your request was throttled because of service-wide limitations. Resubmit +// your request later or in a different region. You can also purchase Provisioned +// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html) +// to increase the rate or number of tokens you can process. // // - ModelTimeoutException // The request took too long to process. Processing time exceeded the model @@ -716,6 +754,9 @@ func (c *BedrockRuntime) InvokeModelWithResponseStreamRequest(input *InvokeModel // - InternalServerException // An internal server error occurred. Retry your request. // +// - ServiceUnavailableException +// The service isn't currently available. Try again later. +// // - ModelStreamErrorException // An error occurred while streaming the response. Retry your request. // @@ -726,7 +767,9 @@ func (c *BedrockRuntime) InvokeModelWithResponseStreamRequest(input *InvokeModel // The model specified in the request is not ready to serve inference requests. // // - ServiceQuotaExceededException -// The number of requests exceeds the service quota. Resubmit your request later. +// Your request exceeds the service quota for your account. You can view your +// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html). +// You can resubmit your request later. // // - ModelErrorException // The request failed due to an error while processing the model. @@ -2356,6 +2399,8 @@ func (u unmarshalerForConverseStreamOutput_Event) UnmarshalerForEventName(eventT return newErrorInternalServerException(u.metadata).(eventstreamapi.Unmarshaler), nil case "modelStreamErrorException": return newErrorModelStreamErrorException(u.metadata).(eventstreamapi.Unmarshaler), nil + case "serviceUnavailableException": + return newErrorServiceUnavailableException(u.metadata).(eventstreamapi.Unmarshaler), nil case "throttlingException": return newErrorThrottlingException(u.metadata).(eventstreamapi.Unmarshaler), nil case "validationException": @@ -5276,6 +5321,8 @@ func (u unmarshalerForResponseStreamEvent) UnmarshalerForEventName(eventType str return newErrorModelStreamErrorException(u.metadata).(eventstreamapi.Unmarshaler), nil case "modelTimeoutException": return newErrorModelTimeoutException(u.metadata).(eventstreamapi.Unmarshaler), nil + case "serviceUnavailableException": + return newErrorServiceUnavailableException(u.metadata).(eventstreamapi.Unmarshaler), nil case "throttlingException": return newErrorThrottlingException(u.metadata).(eventstreamapi.Unmarshaler), nil case "validationException": @@ -5314,7 +5361,9 @@ func (e *ResponseStreamUnknownEvent) UnmarshalEvent( return nil } -// The number of requests exceeds the service quota. Resubmit your request later. +// Your request exceeds the service quota for your account. You can view your +// quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html). +// You can resubmit your request later. type ServiceQuotaExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -5378,6 +5427,102 @@ func (s *ServiceQuotaExceededException) RequestID() string { return s.RespMetadata.RequestID } +// The service isn't currently available. Try again later. +type ServiceUnavailableException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) GoString() string { + return s.String() +} + +// The ServiceUnavailableException is and event in the ConverseStreamOutput_ group of events. +func (s *ServiceUnavailableException) eventConverseStreamOutput_() {} + +// The ServiceUnavailableException is and event in the ResponseStream group of events. +func (s *ServiceUnavailableException) eventResponseStream() {} + +// UnmarshalEvent unmarshals the EventStream Message into the ServiceUnavailableException value. +// This method is only used internally within the SDK's EventStream handling. +func (s *ServiceUnavailableException) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + if err := payloadUnmarshaler.UnmarshalPayload( + bytes.NewReader(msg.Payload), s, + ); err != nil { + return err + } + return nil +} + +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *ServiceUnavailableException) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.ExceptionMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err +} + +func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error { + return &ServiceUnavailableException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ServiceUnavailableException) Code() string { + return "ServiceUnavailableException" +} + +// Message returns the exception's message. +func (s *ServiceUnavailableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ServiceUnavailableException) OrigErr() error { + return nil +} + +func (s *ServiceUnavailableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ServiceUnavailableException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ServiceUnavailableException) RequestID() string { + return s.RespMetadata.RequestID +} + // The model must request a specific tool. For example, {"tool" : {"name" : // "Your tool name"}}. // @@ -5495,7 +5640,10 @@ func (s *SystemContentBlock) SetText(v string) *SystemContentBlock { return s } -// The number of requests exceeds the limit. Resubmit your request later. +// Your request was throttled because of service-wide limitations. Resubmit +// your request later or in a different region. You can also purchase Provisioned +// Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html) +// to increase the rate or number of tokens you can process. type ThrottlingException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` diff --git a/service/bedrockruntime/errors.go b/service/bedrockruntime/errors.go index b78384445bb..cecb3e5de06 100644 --- a/service/bedrockruntime/errors.go +++ b/service/bedrockruntime/errors.go @@ -55,13 +55,24 @@ const ( // ErrCodeServiceQuotaExceededException for service response error code // "ServiceQuotaExceededException". // - // The number of requests exceeds the service quota. Resubmit your request later. + // Your request exceeds the service quota for your account. You can view your + // quotas at Viewing service quotas (https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html). + // You can resubmit your request later. ErrCodeServiceQuotaExceededException = "ServiceQuotaExceededException" + // ErrCodeServiceUnavailableException for service response error code + // "ServiceUnavailableException". + // + // The service isn't currently available. Try again later. + ErrCodeServiceUnavailableException = "ServiceUnavailableException" + // ErrCodeThrottlingException for service response error code // "ThrottlingException". // - // The number of requests exceeds the limit. Resubmit your request later. + // Your request was throttled because of service-wide limitations. Resubmit + // your request later or in a different region. You can also purchase Provisioned + // Throughput (https://docs.aws.amazon.com/bedrock/latest/userguide/prov-throughput.html) + // to increase the rate or number of tokens you can process. ErrCodeThrottlingException = "ThrottlingException" // ErrCodeValidationException for service response error code @@ -80,6 +91,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "ModelTimeoutException": newErrorModelTimeoutException, "ResourceNotFoundException": newErrorResourceNotFoundException, "ServiceQuotaExceededException": newErrorServiceQuotaExceededException, + "ServiceUnavailableException": newErrorServiceUnavailableException, "ThrottlingException": newErrorThrottlingException, "ValidationException": newErrorValidationException, } diff --git a/service/bedrockruntime/eventstream_test.go b/service/bedrockruntime/eventstream_test.go index b00292c9afb..eb5ad916ea5 100644 --- a/service/bedrockruntime/eventstream_test.go +++ b/service/bedrockruntime/eventstream_test.go @@ -2041,6 +2041,7 @@ func TestConverseStream_ReadException(t *testing.T) { var _ awserr.Error = (*InternalServerException)(nil) var _ awserr.Error = (*ModelStreamErrorException)(nil) +var _ awserr.Error = (*ServiceUnavailableException)(nil) var _ awserr.Error = (*ThrottlingException)(nil) var _ awserr.Error = (*ValidationException)(nil) @@ -2341,6 +2342,7 @@ func TestInvokeModelWithResponseStream_ReadException(t *testing.T) { var _ awserr.Error = (*InternalServerException)(nil) var _ awserr.Error = (*ModelStreamErrorException)(nil) var _ awserr.Error = (*ModelTimeoutException)(nil) +var _ awserr.Error = (*ServiceUnavailableException)(nil) var _ awserr.Error = (*ThrottlingException)(nil) var _ awserr.Error = (*ValidationException)(nil) diff --git a/service/codecommit/api.go b/service/codecommit/api.go index 0fe4ba9adc2..07c3e8cfb51 100644 --- a/service/codecommit/api.go +++ b/service/codecommit/api.go @@ -1591,6 +1591,9 @@ func (c *CodeCommit) CreateRepositoryRequest(input *CreateRepositoryInput) (req // - RepositoryLimitExceededException // A repository resource limit was exceeded. // +// - OperationNotAllowedException +// The requested action is not allowed. +// // - EncryptionIntegrityChecksFailedException // An encryption integrity check failed. // @@ -16210,7 +16213,7 @@ type CreateRepositoryInput struct { // The ID of the encryption key. You can view the ID of an encryption key in // the KMS console, or use the KMS APIs to programmatically retrieve a key ID. - // For more information about acceptable values for kmsKeyID, see KeyId (https://docs.aws.amazon.com/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId) + // For more information about acceptable values for kmsKeyID, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId) // in the Decrypt API description in the Key Management Service API Reference. // // If no key is specified, the default aws/codecommit Amazon Web Services managed @@ -29546,6 +29549,70 @@ func (s *ObjectTypes) SetSource(v string) *ObjectTypes { return s } +// The requested action is not allowed. +type OperationNotAllowedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OperationNotAllowedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OperationNotAllowedException) GoString() string { + return s.String() +} + +func newErrorOperationNotAllowedException(v protocol.ResponseMetadata) error { + return &OperationNotAllowedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *OperationNotAllowedException) Code() string { + return "OperationNotAllowedException" +} + +// Message returns the exception's message. +func (s *OperationNotAllowedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *OperationNotAllowedException) OrigErr() error { + return nil +} + +func (s *OperationNotAllowedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *OperationNotAllowedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *OperationNotAllowedException) RequestID() string { + return s.RespMetadata.RequestID +} + // Returns information about the template that created the approval rule for // a pull request. type OriginApprovalRuleTemplate struct { @@ -36606,7 +36673,7 @@ type UpdateRepositoryEncryptionKeyInput struct { // The ID of the encryption key. You can view the ID of an encryption key in // the KMS console, or use the KMS APIs to programmatically retrieve a key ID. - // For more information about acceptable values for keyID, see KeyId (https://docs.aws.amazon.com/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId) + // For more information about acceptable values for keyID, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html#KMS-Decrypt-request-KeyId) // in the Decrypt API description in the Key Management Service API Reference. // // KmsKeyId is a required field diff --git a/service/codecommit/errors.go b/service/codecommit/errors.go index b3b8dade8ac..96f5e2b55e6 100644 --- a/service/codecommit/errors.go +++ b/service/codecommit/errors.go @@ -966,6 +966,12 @@ const ( // of approval rules associated with it. ErrCodeNumberOfRulesExceededException = "NumberOfRulesExceededException" + // ErrCodeOperationNotAllowedException for service response error code + // "OperationNotAllowedException". + // + // The requested action is not allowed. + ErrCodeOperationNotAllowedException = "OperationNotAllowedException" + // ErrCodeOverrideAlreadySetException for service response error code // "OverrideAlreadySetException". // @@ -1435,6 +1441,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "NoChangeException": newErrorNoChangeException, "NumberOfRuleTemplatesExceededException": newErrorNumberOfRuleTemplatesExceededException, "NumberOfRulesExceededException": newErrorNumberOfRulesExceededException, + "OperationNotAllowedException": newErrorOperationNotAllowedException, "OverrideAlreadySetException": newErrorOverrideAlreadySetException, "OverrideStatusRequiredException": newErrorOverrideStatusRequiredException, "ParentCommitDoesNotExistException": newErrorParentCommitDoesNotExistException, diff --git a/service/datazone/api.go b/service/datazone/api.go index ac7a59e9a20..25aa7b4c2e7 100644 --- a/service/datazone/api.go +++ b/service/datazone/api.go @@ -5409,6 +5409,101 @@ func (c *DataZone) GetEnvironmentBlueprintConfigurationWithContext(ctx aws.Conte return out, req.Send() } +const opGetEnvironmentCredentials = "GetEnvironmentCredentials" + +// GetEnvironmentCredentialsRequest generates a "aws/request.Request" representing the +// client's request for the GetEnvironmentCredentials operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetEnvironmentCredentials for more information on using the GetEnvironmentCredentials +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetEnvironmentCredentialsRequest method. +// req, resp := client.GetEnvironmentCredentialsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/datazone-2018-05-10/GetEnvironmentCredentials +func (c *DataZone) GetEnvironmentCredentialsRequest(input *GetEnvironmentCredentialsInput) (req *request.Request, output *GetEnvironmentCredentialsOutput) { + op := &request.Operation{ + Name: opGetEnvironmentCredentials, + HTTPMethod: "GET", + HTTPPath: "/v2/domains/{domainIdentifier}/environments/{environmentIdentifier}/credentials", + } + + if input == nil { + input = &GetEnvironmentCredentialsInput{} + } + + output = &GetEnvironmentCredentialsOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetEnvironmentCredentials API operation for Amazon DataZone. +// +// Gets the credentials of an environment in Amazon DataZone. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon DataZone's +// API operation GetEnvironmentCredentials for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// The request has failed because of an unknown error, exception or failure. +// +// - ResourceNotFoundException +// The specified resource cannot be found. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - ValidationException +// The input fails to satisfy the constraints specified by the Amazon Web Services +// service. +// +// - UnauthorizedException +// You do not have permission to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/datazone-2018-05-10/GetEnvironmentCredentials +func (c *DataZone) GetEnvironmentCredentials(input *GetEnvironmentCredentialsInput) (*GetEnvironmentCredentialsOutput, error) { + req, out := c.GetEnvironmentCredentialsRequest(input) + return out, req.Send() +} + +// GetEnvironmentCredentialsWithContext is the same as GetEnvironmentCredentials with the addition of +// the ability to pass a context and additional request options. +// +// See GetEnvironmentCredentials for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *DataZone) GetEnvironmentCredentialsWithContext(ctx aws.Context, input *GetEnvironmentCredentialsInput, opts ...request.Option) (*GetEnvironmentCredentialsOutput, error) { + req, out := c.GetEnvironmentCredentialsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetEnvironmentProfile = "GetEnvironmentProfile" // GetEnvironmentProfileRequest generates a "aws/request.Request" representing the @@ -27683,6 +27778,131 @@ func (s *GetEnvironmentBlueprintOutput) SetUserParameters(v []*CustomParameter) return s } +type GetEnvironmentCredentialsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The ID of the Amazon DataZone domain in which this environment and its credentials + // exist. + // + // DomainIdentifier is a required field + DomainIdentifier *string `location:"uri" locationName:"domainIdentifier" type:"string" required:"true"` + + // The ID of the environment whose credentials this operation gets. + // + // EnvironmentIdentifier is a required field + EnvironmentIdentifier *string `location:"uri" locationName:"environmentIdentifier" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetEnvironmentCredentialsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetEnvironmentCredentialsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetEnvironmentCredentialsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetEnvironmentCredentialsInput"} + if s.DomainIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DomainIdentifier")) + } + if s.DomainIdentifier != nil && len(*s.DomainIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DomainIdentifier", 1)) + } + if s.EnvironmentIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("EnvironmentIdentifier")) + } + if s.EnvironmentIdentifier != nil && len(*s.EnvironmentIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("EnvironmentIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDomainIdentifier sets the DomainIdentifier field's value. +func (s *GetEnvironmentCredentialsInput) SetDomainIdentifier(v string) *GetEnvironmentCredentialsInput { + s.DomainIdentifier = &v + return s +} + +// SetEnvironmentIdentifier sets the EnvironmentIdentifier field's value. +func (s *GetEnvironmentCredentialsInput) SetEnvironmentIdentifier(v string) *GetEnvironmentCredentialsInput { + s.EnvironmentIdentifier = &v + return s +} + +type GetEnvironmentCredentialsOutput struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The access key ID of the environment. + AccessKeyId *string `locationName:"accessKeyId" type:"string"` + + // The expiration timestamp of the environment credentials. + Expiration *time.Time `locationName:"expiration" type:"timestamp" timestampFormat:"iso8601"` + + // The secret access key of the environment credentials. + SecretAccessKey *string `locationName:"secretAccessKey" type:"string"` + + // The session token of the environment credentials. + SessionToken *string `locationName:"sessionToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetEnvironmentCredentialsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetEnvironmentCredentialsOutput) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *GetEnvironmentCredentialsOutput) SetAccessKeyId(v string) *GetEnvironmentCredentialsOutput { + s.AccessKeyId = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *GetEnvironmentCredentialsOutput) SetExpiration(v time.Time) *GetEnvironmentCredentialsOutput { + s.Expiration = &v + return s +} + +// SetSecretAccessKey sets the SecretAccessKey field's value. +func (s *GetEnvironmentCredentialsOutput) SetSecretAccessKey(v string) *GetEnvironmentCredentialsOutput { + s.SecretAccessKey = &v + return s +} + +// SetSessionToken sets the SessionToken field's value. +func (s *GetEnvironmentCredentialsOutput) SetSessionToken(v string) *GetEnvironmentCredentialsOutput { + s.SessionToken = &v + return s +} + type GetEnvironmentInput struct { _ struct{} `type:"structure" nopayload:"true"` diff --git a/service/datazone/datazoneiface/interface.go b/service/datazone/datazoneiface/interface.go index 92d67fea1ba..5ac48acf3cb 100644 --- a/service/datazone/datazoneiface/interface.go +++ b/service/datazone/datazoneiface/interface.go @@ -280,6 +280,10 @@ type DataZoneAPI interface { GetEnvironmentBlueprintConfigurationWithContext(aws.Context, *datazone.GetEnvironmentBlueprintConfigurationInput, ...request.Option) (*datazone.GetEnvironmentBlueprintConfigurationOutput, error) GetEnvironmentBlueprintConfigurationRequest(*datazone.GetEnvironmentBlueprintConfigurationInput) (*request.Request, *datazone.GetEnvironmentBlueprintConfigurationOutput) + GetEnvironmentCredentials(*datazone.GetEnvironmentCredentialsInput) (*datazone.GetEnvironmentCredentialsOutput, error) + GetEnvironmentCredentialsWithContext(aws.Context, *datazone.GetEnvironmentCredentialsInput, ...request.Option) (*datazone.GetEnvironmentCredentialsOutput, error) + GetEnvironmentCredentialsRequest(*datazone.GetEnvironmentCredentialsInput) (*request.Request, *datazone.GetEnvironmentCredentialsOutput) + GetEnvironmentProfile(*datazone.GetEnvironmentProfileInput) (*datazone.GetEnvironmentProfileOutput, error) GetEnvironmentProfileWithContext(aws.Context, *datazone.GetEnvironmentProfileInput, ...request.Option) (*datazone.GetEnvironmentProfileOutput, error) GetEnvironmentProfileRequest(*datazone.GetEnvironmentProfileInput) (*request.Request, *datazone.GetEnvironmentProfileOutput) diff --git a/service/ec2/api.go b/service/ec2/api.go index 02e0ebd835e..38db957a3c1 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -124700,9 +124700,38 @@ type FleetLaunchTemplateOverrides struct { // The Availability Zone in which to launch the instances. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` - // The ID of the AMI. An AMI is required to launch an instance. This parameter - // is only available for fleets of type instant. For fleets of type maintain - // and request, you must specify the AMI ID in the launch template. + // The ID of the AMI in the format ami-17characters00000. + // + // Alternatively, you can specify a Systems Manager parameter, using one of + // the following formats. The Systems Manager parameter will resolve to an AMI + // ID on launch. + // + // To reference a public parameter: + // + // * resolve:ssm:public-parameter + // + // To reference a parameter stored in the same account: + // + // * resolve:ssm:parameter-name + // + // * resolve:ssm:parameter-name:version-number + // + // * resolve:ssm:parameter-name:label + // + // To reference a parameter shared from another Amazon Web Services account: + // + // * resolve:ssm:parameter-ARN + // + // * resolve:ssm:parameter-ARN:version-number + // + // * resolve:ssm:parameter-ARN:label + // + // For more information, see Use a Systems Manager parameter instead of an AMI + // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id) + // in the Amazon EC2 User Guide. + // + // This parameter is only available for fleets of type instant. For fleets of + // type maintain and request, you must specify the AMI ID in the launch template. ImageId *string `locationName:"imageId" type:"string"` // The attributes for the instance types. When you specify instance attributes, @@ -124845,9 +124874,38 @@ type FleetLaunchTemplateOverridesRequest struct { // The Availability Zone in which to launch the instances. AvailabilityZone *string `type:"string"` - // The ID of the AMI. An AMI is required to launch an instance. This parameter - // is only available for fleets of type instant. For fleets of type maintain - // and request, you must specify the AMI ID in the launch template. + // The ID of the AMI in the format ami-17characters00000. + // + // Alternatively, you can specify a Systems Manager parameter, using one of + // the following formats. The Systems Manager parameter will resolve to an AMI + // ID on launch. + // + // To reference a public parameter: + // + // * resolve:ssm:public-parameter + // + // To reference a parameter stored in the same account: + // + // * resolve:ssm:parameter-name + // + // * resolve:ssm:parameter-name:version-number + // + // * resolve:ssm:parameter-name:label + // + // To reference a parameter shared from another Amazon Web Services account: + // + // * resolve:ssm:parameter-ARN + // + // * resolve:ssm:parameter-ARN:version-number + // + // * resolve:ssm:parameter-ARN:label + // + // For more information, see Use a Systems Manager parameter instead of an AMI + // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id) + // in the Amazon EC2 User Guide. + // + // This parameter is only available for fleets of type instant. For fleets of + // type maintain and request, you must specify the AMI ID in the launch template. ImageId *string `type:"string"` // The attributes for the instance types. When you specify instance attributes, @@ -168935,12 +168993,17 @@ type RequestLaunchTemplateData struct { // The name or Amazon Resource Name (ARN) of an IAM instance profile. IamInstanceProfile *LaunchTemplateIamInstanceProfileSpecificationRequest `type:"structure"` - // The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, - // which will resolve to an AMI ID on launch. + // The ID of the AMI in the format ami-17characters00000. + // + // Alternatively, you can specify a Systems Manager parameter, using one of + // the following formats. The Systems Manager parameter will resolve to an AMI + // ID on launch. // - // Valid formats: + // To reference a public parameter: // - // * ami-17characters00000 + // * resolve:ssm:public-parameter + // + // To reference a parameter stored in the same account: // // * resolve:ssm:parameter-name // @@ -168948,15 +169011,26 @@ type RequestLaunchTemplateData struct { // // * resolve:ssm:parameter-name:label // - // * resolve:ssm:public-parameter + // To reference a parameter shared from another Amazon Web Services account: // - // Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager - // parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet, - // you must specify the AMI ID. + // * resolve:ssm:parameter-ARN + // + // * resolve:ssm:parameter-ARN:version-number + // + // * resolve:ssm:parameter-ARN:label // // For more information, see Use a Systems Manager parameter instead of an AMI // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id) // in the Amazon EC2 User Guide. + // + // If the launch template will be used for an EC2 Fleet or Spot Fleet, note + // the following: + // + // * Only EC2 Fleets of type instant support specifying a Systems Manager + // parameter. + // + // * For EC2 Fleets of type maintain or request, or for Spot Fleets, you + // must specify the AMI ID. ImageId *string `type:"string"` // Indicates whether an instance stops or terminates when you initiate shutdown @@ -201114,9 +201188,6 @@ const ( // ResourceTypeVpcBlockPublicAccessExclusion is a ResourceType enum value ResourceTypeVpcBlockPublicAccessExclusion = "vpc-block-public-access-exclusion" - // ResourceTypeVpcEncryptionControl is a ResourceType enum value - ResourceTypeVpcEncryptionControl = "vpc-encryption-control" - // ResourceTypeIpamResourceDiscovery is a ResourceType enum value ResourceTypeIpamResourceDiscovery = "ipam-resource-discovery" @@ -201216,7 +201287,6 @@ func ResourceType_Values() []string { ResourceTypeVerifiedAccessTrustProvider, ResourceTypeVpnConnectionDeviceType, ResourceTypeVpcBlockPublicAccessExclusion, - ResourceTypeVpcEncryptionControl, ResourceTypeIpamResourceDiscovery, ResourceTypeIpamResourceDiscoveryAssociation, ResourceTypeInstanceConnectEndpoint, diff --git a/service/ecr/api.go b/service/ecr/api.go index 7eac525518c..5d89b40a301 100644 --- a/service/ecr/api.go +++ b/service/ecr/api.go @@ -727,6 +727,105 @@ func (c *ECR) CreateRepositoryWithContext(ctx aws.Context, input *CreateReposito return out, req.Send() } +const opCreateRepositoryCreationTemplate = "CreateRepositoryCreationTemplate" + +// CreateRepositoryCreationTemplateRequest generates a "aws/request.Request" representing the +// client's request for the CreateRepositoryCreationTemplate operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateRepositoryCreationTemplate for more information on using the CreateRepositoryCreationTemplate +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateRepositoryCreationTemplateRequest method. +// req, resp := client.CreateRepositoryCreationTemplateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/CreateRepositoryCreationTemplate +func (c *ECR) CreateRepositoryCreationTemplateRequest(input *CreateRepositoryCreationTemplateInput) (req *request.Request, output *CreateRepositoryCreationTemplateOutput) { + op := &request.Operation{ + Name: opCreateRepositoryCreationTemplate, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateRepositoryCreationTemplateInput{} + } + + output = &CreateRepositoryCreationTemplateOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateRepositoryCreationTemplate API operation for Amazon EC2 Container Registry. +// +// Creates a repository creation template. This template is used to define the +// settings for repositories created by Amazon ECR on your behalf. For example, +// repositories created through pull through cache actions. For more information, +// see Private repository creation templates (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-creation-templates.html) +// in the Amazon Elastic Container Registry User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon EC2 Container Registry's +// API operation CreateRepositoryCreationTemplate for usage and error information. +// +// Returned Error Types: +// +// - ServerException +// These errors are usually caused by a server-side issue. +// +// - ValidationException +// There was an exception validating this request. +// +// - InvalidParameterException +// The specified parameter is invalid. Review the available parameters for the +// API request. +// +// - LimitExceededException +// The operation did not succeed because it would have exceeded a service limit +// for your account. For more information, see Amazon ECR service quotas (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html) +// in the Amazon Elastic Container Registry User Guide. +// +// - TemplateAlreadyExistsException +// The repository creation template already exists. Specify a unique prefix +// and try again. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/CreateRepositoryCreationTemplate +func (c *ECR) CreateRepositoryCreationTemplate(input *CreateRepositoryCreationTemplateInput) (*CreateRepositoryCreationTemplateOutput, error) { + req, out := c.CreateRepositoryCreationTemplateRequest(input) + return out, req.Send() +} + +// CreateRepositoryCreationTemplateWithContext is the same as CreateRepositoryCreationTemplate with the addition of +// the ability to pass a context and additional request options. +// +// See CreateRepositoryCreationTemplate for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ECR) CreateRepositoryCreationTemplateWithContext(ctx aws.Context, input *CreateRepositoryCreationTemplateInput, opts ...request.Option) (*CreateRepositoryCreationTemplateOutput, error) { + req, out := c.CreateRepositoryCreationTemplateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteLifecyclePolicy = "DeleteLifecyclePolicy" // DeleteLifecyclePolicyRequest generates a "aws/request.Request" representing the @@ -1095,6 +1194,96 @@ func (c *ECR) DeleteRepositoryWithContext(ctx aws.Context, input *DeleteReposito return out, req.Send() } +const opDeleteRepositoryCreationTemplate = "DeleteRepositoryCreationTemplate" + +// DeleteRepositoryCreationTemplateRequest generates a "aws/request.Request" representing the +// client's request for the DeleteRepositoryCreationTemplate operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteRepositoryCreationTemplate for more information on using the DeleteRepositoryCreationTemplate +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteRepositoryCreationTemplateRequest method. +// req, resp := client.DeleteRepositoryCreationTemplateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteRepositoryCreationTemplate +func (c *ECR) DeleteRepositoryCreationTemplateRequest(input *DeleteRepositoryCreationTemplateInput) (req *request.Request, output *DeleteRepositoryCreationTemplateOutput) { + op := &request.Operation{ + Name: opDeleteRepositoryCreationTemplate, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteRepositoryCreationTemplateInput{} + } + + output = &DeleteRepositoryCreationTemplateOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteRepositoryCreationTemplate API operation for Amazon EC2 Container Registry. +// +// Deletes a repository creation template. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon EC2 Container Registry's +// API operation DeleteRepositoryCreationTemplate for usage and error information. +// +// Returned Error Types: +// +// - ServerException +// These errors are usually caused by a server-side issue. +// +// - ValidationException +// There was an exception validating this request. +// +// - InvalidParameterException +// The specified parameter is invalid. Review the available parameters for the +// API request. +// +// - TemplateNotFoundException +// The specified repository creation template can't be found. Verify the registry +// ID and prefix and try again. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DeleteRepositoryCreationTemplate +func (c *ECR) DeleteRepositoryCreationTemplate(input *DeleteRepositoryCreationTemplateInput) (*DeleteRepositoryCreationTemplateOutput, error) { + req, out := c.DeleteRepositoryCreationTemplateRequest(input) + return out, req.Send() +} + +// DeleteRepositoryCreationTemplateWithContext is the same as DeleteRepositoryCreationTemplate with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteRepositoryCreationTemplate for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ECR) DeleteRepositoryCreationTemplateWithContext(ctx aws.Context, input *DeleteRepositoryCreationTemplateInput, opts ...request.Option) (*DeleteRepositoryCreationTemplateOutput, error) { + req, out := c.DeleteRepositoryCreationTemplateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteRepositoryPolicy = "DeleteRepositoryPolicy" // DeleteRepositoryPolicyRequest generates a "aws/request.Request" representing the @@ -1964,6 +2153,151 @@ func (c *ECR) DescribeRepositoriesPagesWithContext(ctx aws.Context, input *Descr return p.Err() } +const opDescribeRepositoryCreationTemplates = "DescribeRepositoryCreationTemplates" + +// DescribeRepositoryCreationTemplatesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeRepositoryCreationTemplates operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeRepositoryCreationTemplates for more information on using the DescribeRepositoryCreationTemplates +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeRepositoryCreationTemplatesRequest method. +// req, resp := client.DescribeRepositoryCreationTemplatesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeRepositoryCreationTemplates +func (c *ECR) DescribeRepositoryCreationTemplatesRequest(input *DescribeRepositoryCreationTemplatesInput) (req *request.Request, output *DescribeRepositoryCreationTemplatesOutput) { + op := &request.Operation{ + Name: opDescribeRepositoryCreationTemplates, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeRepositoryCreationTemplatesInput{} + } + + output = &DescribeRepositoryCreationTemplatesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeRepositoryCreationTemplates API operation for Amazon EC2 Container Registry. +// +// Returns details about the repository creation templates in a registry. The +// prefixes request parameter can be used to return the details for a specific +// repository creation template. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon EC2 Container Registry's +// API operation DescribeRepositoryCreationTemplates for usage and error information. +// +// Returned Error Types: +// +// - ServerException +// These errors are usually caused by a server-side issue. +// +// - ValidationException +// There was an exception validating this request. +// +// - InvalidParameterException +// The specified parameter is invalid. Review the available parameters for the +// API request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/DescribeRepositoryCreationTemplates +func (c *ECR) DescribeRepositoryCreationTemplates(input *DescribeRepositoryCreationTemplatesInput) (*DescribeRepositoryCreationTemplatesOutput, error) { + req, out := c.DescribeRepositoryCreationTemplatesRequest(input) + return out, req.Send() +} + +// DescribeRepositoryCreationTemplatesWithContext is the same as DescribeRepositoryCreationTemplates with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeRepositoryCreationTemplates for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ECR) DescribeRepositoryCreationTemplatesWithContext(ctx aws.Context, input *DescribeRepositoryCreationTemplatesInput, opts ...request.Option) (*DescribeRepositoryCreationTemplatesOutput, error) { + req, out := c.DescribeRepositoryCreationTemplatesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeRepositoryCreationTemplatesPages iterates over the pages of a DescribeRepositoryCreationTemplates operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeRepositoryCreationTemplates method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeRepositoryCreationTemplates operation. +// pageNum := 0 +// err := client.DescribeRepositoryCreationTemplatesPages(params, +// func(page *ecr.DescribeRepositoryCreationTemplatesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ECR) DescribeRepositoryCreationTemplatesPages(input *DescribeRepositoryCreationTemplatesInput, fn func(*DescribeRepositoryCreationTemplatesOutput, bool) bool) error { + return c.DescribeRepositoryCreationTemplatesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeRepositoryCreationTemplatesPagesWithContext same as DescribeRepositoryCreationTemplatesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ECR) DescribeRepositoryCreationTemplatesPagesWithContext(ctx aws.Context, input *DescribeRepositoryCreationTemplatesInput, fn func(*DescribeRepositoryCreationTemplatesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeRepositoryCreationTemplatesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeRepositoryCreationTemplatesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeRepositoryCreationTemplatesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetAuthorizationToken = "GetAuthorizationToken" // GetAuthorizationTokenRequest generates a "aws/request.Request" representing the @@ -3631,7 +3965,9 @@ func (c *ECR) PutReplicationConfigurationRequest(input *PutReplicationConfigurat // a service-linked IAM role is created in your account for the replication // process. For more information, see Using service-linked roles for Amazon // ECR (https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html) -// in the Amazon Elastic Container Registry User Guide. +// in the Amazon Elastic Container Registry User Guide. For more information +// on the custom role for replication, see Creating an IAM role for replication +// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication-creation-templates.html#roles-creatingrole-user-console). // // When configuring cross-account replication, the destination account must // grant the source account permission to replicate. This permission is controlled @@ -4267,31 +4603,121 @@ func (c *ECR) UpdatePullThroughCacheRuleWithContext(ctx aws.Context, input *Upda return out, req.Send() } -const opUploadLayerPart = "UploadLayerPart" +const opUpdateRepositoryCreationTemplate = "UpdateRepositoryCreationTemplate" -// UploadLayerPartRequest generates a "aws/request.Request" representing the -// client's request for the UploadLayerPart operation. The "output" return +// UpdateRepositoryCreationTemplateRequest generates a "aws/request.Request" representing the +// client's request for the UpdateRepositoryCreationTemplate operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See UploadLayerPart for more information on using the UploadLayerPart +// See UpdateRepositoryCreationTemplate for more information on using the UpdateRepositoryCreationTemplate // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the UploadLayerPartRequest method. -// req, resp := client.UploadLayerPartRequest(params) +// // Example sending a request using the UpdateRepositoryCreationTemplateRequest method. +// req, resp := client.UpdateRepositoryCreationTemplateRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UploadLayerPart +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UpdateRepositoryCreationTemplate +func (c *ECR) UpdateRepositoryCreationTemplateRequest(input *UpdateRepositoryCreationTemplateInput) (req *request.Request, output *UpdateRepositoryCreationTemplateOutput) { + op := &request.Operation{ + Name: opUpdateRepositoryCreationTemplate, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateRepositoryCreationTemplateInput{} + } + + output = &UpdateRepositoryCreationTemplateOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateRepositoryCreationTemplate API operation for Amazon EC2 Container Registry. +// +// Updates an existing repository creation template. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon EC2 Container Registry's +// API operation UpdateRepositoryCreationTemplate for usage and error information. +// +// Returned Error Types: +// +// - ServerException +// These errors are usually caused by a server-side issue. +// +// - ValidationException +// There was an exception validating this request. +// +// - InvalidParameterException +// The specified parameter is invalid. Review the available parameters for the +// API request. +// +// - TemplateNotFoundException +// The specified repository creation template can't be found. Verify the registry +// ID and prefix and try again. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UpdateRepositoryCreationTemplate +func (c *ECR) UpdateRepositoryCreationTemplate(input *UpdateRepositoryCreationTemplateInput) (*UpdateRepositoryCreationTemplateOutput, error) { + req, out := c.UpdateRepositoryCreationTemplateRequest(input) + return out, req.Send() +} + +// UpdateRepositoryCreationTemplateWithContext is the same as UpdateRepositoryCreationTemplate with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateRepositoryCreationTemplate for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ECR) UpdateRepositoryCreationTemplateWithContext(ctx aws.Context, input *UpdateRepositoryCreationTemplateInput, opts ...request.Option) (*UpdateRepositoryCreationTemplateOutput, error) { + req, out := c.UpdateRepositoryCreationTemplateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUploadLayerPart = "UploadLayerPart" + +// UploadLayerPartRequest generates a "aws/request.Request" representing the +// client's request for the UploadLayerPart operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UploadLayerPart for more information on using the UploadLayerPart +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UploadLayerPartRequest method. +// req, resp := client.UploadLayerPartRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/UploadLayerPart func (c *ECR) UploadLayerPartRequest(input *UploadLayerPartInput) (req *request.Request, output *UploadLayerPartOutput) { op := &request.Operation{ Name: opUploadLayerPart, @@ -5330,8 +5756,6 @@ type CreatePullThroughCacheRuleInput struct { // // * Microsoft Azure Container Registry (azure-container-registry) -