Updates an existing framework identified by its FrameworkName with the input document in JSON format.
Updates whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not an Organizations management account. Use the DescribeGlobalSettings API to determine the current settings.
Sets the transition lifecycle of a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
This operation does not support continuous backups.
", - "UpdateRegionSettings": "Updates the current service opt-in settings for the Region. If service-opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region. Use the DescribeRegionSettings API to determine the resource types that are supported.
Updates the current service opt-in settings for the Region.
Use the DescribeRegionSettings API to determine the resource types that are supported.
Updates an existing report plan identified by its ReportPlanName with the input document in JSON format.
This request will send changes to your specified restore testing plan. RestoreTestingPlanName cannot be updated after it is created.
RecoveryPointSelection can contain:
Algorithm
ExcludeVaults
IncludeVaults
RecoveryPointTypes
SelectionWindowDays
Most elements except the RestoreTestingSelectionName can be updated with this request.
RestoreTestingSelection can use either protected resource ARNs or conditions, but not both. That is, if your selection has ProtectedResourceArns, requesting an update with the parameter ProtectedResourceConditions will be unsuccessful.
Returns metadata associated with a restore job listed by resource type.
", "GetRecoveryPointRestoreMetadataOutput$ResourceType": "This is the resource type associated with the recovery point.
", "ListBackupJobSummariesInput$ResourceType": "Returns the job count for the specified resource type. Use request GetSupportedResourceTypes to obtain strings for supported resource types.
The the value ANY returns count of all resource types.
AGGREGATE_ALL aggregates job counts for all resource types and returns the sum.
The type of Amazon Web Services resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", - "ListBackupJobsInput$ByResourceType": "Returns only backup jobs for the specified resources:
Aurora for Amazon Aurora
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
RDS for Amazon Relational Database Service
Storage Gateway for Storage Gateway
S3 for Amazon S3
VirtualMachine for virtual machines
Returns only backup jobs for the specified resources:
Aurora for Amazon Aurora
CloudFormation for CloudFormation
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
Redshift for Amazon Redshift
RDS for Amazon Relational Database Service
SAP HANA on Amazon EC2 for SAP HANA databases
Storage Gateway for Storage Gateway
S3 for Amazon S3
Timestream for Amazon Timestream
VirtualMachine for virtual machines
Returns the job count for the specified resource type. Use request GetSupportedResourceTypes to obtain strings for supported resource types.
The the value ANY returns count of all resource types.
AGGREGATE_ALL aggregates job counts for all resource types and returns the sum.
The type of Amazon Web Services resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", - "ListCopyJobsInput$ByResourceType": "Returns only backup jobs for the specified resources:
Aurora for Amazon Aurora
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
RDS for Amazon Relational Database Service
Storage Gateway for Storage Gateway
S3 for Amazon S3
VirtualMachine for virtual machines
Returns only recovery points that match the specified resource type.
", + "ListCopyJobsInput$ByResourceType": "Returns only backup jobs for the specified resources:
Aurora for Amazon Aurora
CloudFormation for CloudFormation
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
Redshift for Amazon Redshift
RDS for Amazon Relational Database Service
SAP HANA on Amazon EC2 for SAP HANA databases
Storage Gateway for Storage Gateway
S3 for Amazon S3
Timestream for Amazon Timestream
VirtualMachine for virtual machines
Returns only recovery points that match the specified resource type(s):
Aurora for Amazon Aurora
CloudFormation for CloudFormation
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
Redshift for Amazon Redshift
RDS for Amazon Relational Database Service
SAP HANA on Amazon EC2 for SAP HANA databases
Storage Gateway for Storage Gateway
S3 for Amazon S3
Timestream for Amazon Timestream
VirtualMachine for virtual machines
Returns the job count for the specified resource type. Use request GetSupportedResourceTypes to obtain strings for supported resource types.
The the value ANY returns count of all resource types.
AGGREGATE_ALL aggregates job counts for all resource types and returns the sum.
The type of Amazon Web Services resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", + "ListRestoreJobsInput$ByResourceType": "Include this parameter to return only restore jobs for the specified resources:
Aurora for Amazon Aurora
CloudFormation for CloudFormation
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
Redshift for Amazon Redshift
RDS for Amazon Relational Database Service
SAP HANA on Amazon EC2 for SAP HANA databases
Storage Gateway for Storage Gateway
S3 for Amazon S3
Timestream for Amazon Timestream
VirtualMachine for virtual machines
The type of Amazon Web Services resource; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
", "RecoveryPointByBackupVault$ResourceType": "The type of Amazon Web Services resource saved as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
", "RecoveryPointMember$ResourceType": "This is the Amazon Web Services resource type that is saved as a recovery point.
", @@ -1879,7 +1880,7 @@ "base": null, "refs": { "DescribeRegionSettingsOutput$ResourceTypeOptInPreference": "Returns a list of all services along with the opt-in preferences in the Region.
", - "UpdateRegionSettingsInput$ResourceTypeOptInPreference": "Updates the list of services along with the opt-in preferences for the Region.
" + "UpdateRegionSettingsInput$ResourceTypeOptInPreference": "Updates the list of services along with the opt-in preferences for the Region.
If resource assignments are only based on tags, then service opt-in settings are applied. If a resource type is explicitly assigned to a backup plan, such as Amazon S3, Amazon EC2, or Amazon RDS, it will be included in the backup even if the opt-in is not enabled for that particular service. If both a resource type and tags are specified in a resource assignment, the resource type specified in the backup plan takes priority over the tag condition. Service opt-in settings are disregarded in this situation.
" } }, "ResourceTypes": { @@ -2332,7 +2333,9 @@ "base": null, "refs": { "DescribeBackupVaultOutput$VaultType": "This is the type of vault described.
", - "ListBackupVaultsInput$ByVaultType": "This parameter will sort the list of vaults by vault type.
" + "DescribeRecoveryPointOutput$VaultType": "This is the type of vault in which the described recovery point is stored.
", + "ListBackupVaultsInput$ByVaultType": "This parameter will sort the list of vaults by vault type.
", + "RecoveryPointByBackupVault$VaultType": "This is the type of vault in which the described recovery point is stored.
" } }, "WindowMinutes": { diff --git a/models/apis/comprehend/2017-11-27/docs-2.json b/models/apis/comprehend/2017-11-27/docs-2.json index 0cfd9982b91..0dc413cf898 100644 --- a/models/apis/comprehend/2017-11-27/docs-2.json +++ b/models/apis/comprehend/2017-11-27/docs-2.json @@ -8,7 +8,7 @@ "BatchDetectSentiment": "Inspects a batch of documents and returns an inference of the prevailing sentiment, POSITIVE, NEUTRAL, MIXED, or NEGATIVE, in each one.
Inspects the text of a batch of documents for the syntax and part of speech of the words in the document and returns information about them. For more information, see Syntax in the Comprehend Developer Guide.
", "BatchDetectTargetedSentiment": "Inspects a batch of documents and returns a sentiment analysis for each entity identified in the documents.
For more information about targeted sentiment, see Targeted sentiment in the Amazon Comprehend Developer Guide.
", - "ClassifyDocument": "Creates a classification request to analyze a single document in real-time. ClassifyDocument supports the following model types:
Custom classifier - a custom model that you have created and trained. For input, you can provide plain text, a single-page document (PDF, Word, or image), or Textract API output. For more information, see Custom classification in the Amazon Comprehend Developer Guide.
Prompt classifier - Amazon Comprehend provides a model for classifying prompts. For input, you provide English plain text input. For prompt classification, the response includes only the Classes field. For more information about prompt classifiers, see Prompt classifiers in the Amazon Comprehend Developer Guide.
If the system detects errors while processing a page in the input document, the API response includes an entry in Errors that describes the errors.
If the system detects a document-level error in your input document, the API returns an InvalidRequestException error response. For details about this exception, see Errors in semi-structured documents in the Comprehend Developer Guide.
Creates a classification request to analyze a single document in real-time. ClassifyDocument supports the following model types:
Custom classifier - a custom model that you have created and trained. For input, you can provide plain text, a single-page document (PDF, Word, or image), or Amazon Textract API output. For more information, see Custom classification in the Amazon Comprehend Developer Guide.
Prompt safety classifier - Amazon Comprehend provides a pre-trained model for classifying input prompts for generative AI applications. For input, you provide English plain text input. For prompt safety classification, the response includes only the Classes field. For more information about prompt safety classifiers, see Prompt safety classification in the Amazon Comprehend Developer Guide.
If the system detects errors while processing a page in the input document, the API response includes an Errors field that describes the errors.
If the system detects a document-level error in your input document, the API returns an InvalidRequestException error response. For details about this exception, see Errors in semi-structured documents in the Comprehend Developer Guide.
Analyzes input text for the presence of personally identifiable information (PII) and returns the labels of identified PII entity types such as name, address, bank account number, or phone number.
", "CreateDataset": "Creates a dataset to upload training or test data for a model associated with a flywheel. For more information about datasets, see Flywheel overview in the Amazon Comprehend Developer Guide.
", "CreateDocumentClassifier": "Creates a new document classifier that you can use to categorize documents. To create a classifier, you provide a set of training documents that are labeled with the categories that you want to use. For more information, see Training classifier models in the Comprehend Developer Guide.
", @@ -43,7 +43,7 @@ "DetectSentiment": "Inspects text and returns an inference of the prevailing sentiment (POSITIVE, NEUTRAL, MIXED, or NEGATIVE).
Inspects text for syntax and the part of speech of words in the document. For more information, see Syntax in the Comprehend Developer Guide.
", "DetectTargetedSentiment": "Inspects the input text and returns a sentiment analysis for each entity identified in the text.
For more information about targeted sentiment, see Targeted sentiment in the Amazon Comprehend Developer Guide.
", - "DetectToxicContent": "Performs toxicity analysis on the list of text strings that you provide as input. The analysis uses the order of strings in the list to determine context when predicting toxicity. The API response contains a results list that matches the size of the input list. For more information about toxicity detection, see Toxicity detection in the Amazon Comprehend Developer Guide
", + "DetectToxicContent": "Performs toxicity analysis on the list of text strings that you provide as input. The API response contains a results list that matches the size of the input list. For more information about toxicity detection, see Toxicity detection in the Amazon Comprehend Developer Guide.
", "ImportModel": "Creates a new custom model that replicates a source custom model that you import. The source model can be in your Amazon Web Services account or another one.
If the source model is in another Amazon Web Services account, then it must have a resource-based policy that authorizes you to import it.
The source model must be in the same Amazon Web Services Region that you're using when you import. You can't import a model that's in a different Region.
", "ListDatasets": "List the datasets that you have configured in this Region. For more information about datasets, see Flywheel overview in the Amazon Comprehend Developer Guide.
", "ListDocumentClassificationJobs": "Gets a list of the documentation classification jobs that you have submitted.
", @@ -64,7 +64,7 @@ "ListTargetedSentimentDetectionJobs": "Gets a list of targeted sentiment detection jobs that you have submitted.
", "ListTopicsDetectionJobs": "Gets a list of the topic detection jobs that you have submitted.
", "PutResourcePolicy": "Attaches a resource-based policy to a custom model. You can use this policy to authorize an entity in another Amazon Web Services account to import the custom model, which replicates it in Amazon Comprehend in their account.
", - "StartDocumentClassificationJob": "Starts an asynchronous document classification job. Use the DescribeDocumentClassificationJob operation to track the progress of the job.
Starts an asynchronous document classification job using a custom classification model. Use the DescribeDocumentClassificationJob operation to track the progress of the job.
Starts an asynchronous dominant language detection job for a collection of documents. Use the operation to track the status of a job.
", "StartEntitiesDetectionJob": "Starts an asynchronous entity detection job for a collection of documents. Use the operation to track the status of a job.
This API can be used for either standard entity detection or custom entity recognition. In order to be used for custom entity recognition, the optional EntityRecognizerArn must be used in order to provide access to the recognizer being used to detect the custom entity.
Starts an asynchronous event detection job for a collection of documents.
", @@ -999,7 +999,7 @@ "DocumentClassifierEndpointArn": { "base": null, "refs": { - "ClassifyDocumentRequest$EndpointArn": "The Amazon Resource Number (ARN) of the endpoint.
For prompt classification, Amazon Comprehend provides the endpoint ARN: zzz.
For custom classification, you create an endpoint for your custom model. For more information, see Using Amazon Comprehend endpoints.
" + "ClassifyDocumentRequest$EndpointArn": "The Amazon Resource Number (ARN) of the endpoint.
For prompt safety classification, Amazon Comprehend provides the endpoint ARN. For more information about prompt safety classifiers, see Prompt safety classification in the Amazon Comprehend Developer Guide
For custom classification, you create an endpoint for your custom model. For more information, see Using Amazon Comprehend endpoints.
" } }, "DocumentClassifierFilter": { @@ -1018,7 +1018,7 @@ "DocumentClassifierMode": { "base": null, "refs": { - "CreateDocumentClassifierRequest$Mode": "Indicates the mode in which the classifier will be trained. The classifier can be trained in multi-class mode, which identifies one and only one class for each document, or multi-label mode, which identifies one or more labels for each document. In multi-label mode, multiple labels for an individual document are separated by a delimiter. The default delimiter between labels is a pipe (|).
", + "CreateDocumentClassifierRequest$Mode": "Indicates the mode in which the classifier will be trained. The classifier can be trained in multi-class (single-label) mode or multi-label mode. Multi-class mode identifies a single class label for each document and multi-label mode identifies one or more class labels for each document. Multiple labels for an individual document are separated by a delimiter. The default delimiter between labels is a pipe (|).
", "DocumentClassificationConfig$Mode": "Classification mode indicates whether the documents are MULTI_CLASS or MULTI_LABEL.
Indicates the mode in which the specific classifier was trained. This also indicates the format of input documents and the format of the confusion matrix. Each classifier can only be trained in one mode and this cannot be changed once the classifier is trained.
" } @@ -1075,7 +1075,7 @@ } }, "DocumentReadFeatureTypes": { - "base": "Specifies the type of Amazon Textract features to apply. If you chose TEXTRACT_ANALYZE_DOCUMENT as the read action, you must specify one or both of the following values:
TABLES - Returns additional information about any tables that are detected in the input document.
FORMS - Returns additional information about any forms that are detected in the input document.
TABLES or FORMS
", "refs": { "ListOfDocumentReadFeatureTypes$member": null } @@ -1345,7 +1345,7 @@ "EntityTypeName": { "base": null, "refs": { - "EntityTypesListItem$Type": "An entity type within a labeled training dataset that Amazon Comprehend uses to train a custom entity recognizer.
Entity types must not contain the following invalid characters: \\n (line break), \\\\n (escaped line break, \\r (carriage return), \\\\r (escaped carriage return), \\t (tab), \\\\t (escaped tab), space, and , (comma).
" + "EntityTypesListItem$Type": "An entity type within a labeled training dataset that Amazon Comprehend uses to train a custom entity recognizer.
Entity types must not contain the following invalid characters: \\n (line break), \\\\n (escaped line break, \\r (carriage return), \\\\r (escaped carriage return), \\t (tab), \\\\t (escaped tab), and , (comma).
" } }, "EntityTypesEvaluationMetrics": { @@ -1428,7 +1428,7 @@ "TargetedSentimentMention$Score": "Model confidence that the entity is relevant. Value range is zero to one, where one is highest confidence.
", "TargetedSentimentMention$GroupScore": "The confidence that all the entities mentioned in the group relate to the same entity.
", "ToxicContent$Score": "Model confidence in the detected content type. Value range is zero to one, where one is highest confidence.
", - "ToxicLabels$Toxicity": "Overall toxicity score for the string.
" + "ToxicLabels$Toxicity": "Overall toxicity score for the string. Value range is zero to one, where one is the highest confidence.
" } }, "FlywheelFilter": { @@ -1660,7 +1660,7 @@ } }, "InvalidRequestDetail": { - "base": "Provides additional detail about why the request failed:
Document size is too large - Check the size of your file and resubmit the request.
Document type is not supported - Check the file type and resubmit the request.
Too many pages in the document - Check the number of pages in your file and resubmit the request.
Access denied to Amazon Textract - Verify that your account has permission to use Amazon Textract API operations and resubmit the request.
Provides additional detail about why the request failed.
", "refs": { "InvalidRequestException$Detail": null } @@ -1668,7 +1668,7 @@ "InvalidRequestDetailReason": { "base": null, "refs": { - "InvalidRequestDetail$Reason": "Reason code is INVALID_DOCUMENT.
Reason codes include the following values:
DOCUMENT_SIZE_EXCEEDED - Document size is too large. Check the size of your file and resubmit the request.
UNSUPPORTED_DOC_TYPE - Document type is not supported. Check the file type and resubmit the request.
PAGE_LIMIT_EXCEEDED - Too many pages in the document. Check the number of pages in your file and resubmit the request.
TEXTRACT_ACCESS_DENIED - Access denied to Amazon Textract. Verify that your account has permission to use Amazon Textract API operations and resubmit the request.
NOT_TEXTRACT_JSON - Document is not Amazon Textract JSON format. Verify the format and resubmit the request.
MISMATCHED_TOTAL_PAGE_COUNT - Check the number of pages in your file and resubmit the request.
INVALID_DOCUMENT - Invalid document. Check the file and resubmit the request.
The classes used by the document being analyzed. These are used for multi-class trained models. Individual classes are mutually exclusive and each document is expected to have only a single class assigned to it. For example, an animal can be a dog or a cat, but not both at the same time.
For prompt classification, the response includes a single class (UNDESIRED_PROMPT), along with a confidence score. A higher confidence score indicates that the input prompt is undesired in nature.
The classes used by the document being analyzed. These are used for models trained in multi-class mode. Individual classes are mutually exclusive and each document is expected to have only a single class assigned to it. For example, an animal can be a dog or a cat, but not both at the same time.
For prompt safety classification, the response includes only two classes (SAFE_PROMPT and UNSAFE_PROMPT), along with a confidence score for each class. The value range of the score is zero to one, where one is the highest confidence.
" } }, "ListOfDescriptiveMentionIndices": { @@ -2121,7 +2121,7 @@ "ListOfDocumentReadFeatureTypes": { "base": null, "refs": { - "DocumentReaderConfig$FeatureTypes": "Specifies the type of Amazon Textract features to apply. If you chose TEXTRACT_ANALYZE_DOCUMENT as the read action, you must specify one or both of the following values:
TABLES - Returns information about any tables that are detected in the input document.
FORMS - Returns information and the data from any forms that are detected in the input document.
Specifies the type of Amazon Textract features to apply. If you chose TEXTRACT_ANALYZE_DOCUMENT as the read action, you must specify one or both of the following values:
TABLES - Returns additional information about any tables that are detected in the input document.
FORMS - Returns additional information about any forms that are detected in the input document.
The labels used the document being analyzed. These are used for multi-label trained models. Individual labels represent different categories that are related in some manner and are not mutually exclusive. For example, a movie can be just an action movie, or it can be an action movie, a science fiction movie, and a comedy, all at the same time.
" + "ClassifyDocumentResponse$Labels": "The labels used in the document being analyzed. These are used for multi-label trained models. Individual labels represent different categories that are related in some manner and are not mutually exclusive. For example, a movie can be just an action movie, or it can be an action movie, a science fiction movie, and a comedy, all at the same time.
" } }, "ListOfMentions": { @@ -2218,7 +2218,7 @@ "ListOfTextSegments": { "base": null, "refs": { - "DetectToxicContentRequest$TextSegments": "A list of up to 10 text strings. The maximum size for the list is 10 KB.
" + "DetectToxicContentRequest$TextSegments": "A list of up to 10 text strings. Each string has a maximum size of 1 KB, and the maximum size of the list is 10 KB.
" } }, "ListOfToxicContent": { @@ -2580,7 +2580,7 @@ "SemiStructuredDocumentBlob": { "base": null, "refs": { - "ClassifyDocumentRequest$Bytes": "Use the Bytes parameter to input a text, PDF, Word or image file.
When you classify a document using a custom model, you can also use the Bytes parameter to input an Amazon Textract DetectDocumentText or AnalyzeDocument output file.
To classify a document using the prompt classifier, use the Text parameter for input.
Provide the input document as a sequence of base64-encoded bytes. If your code uses an Amazon Web Services SDK to classify documents, the SDK may encode the document file bytes for you.
The maximum length of this field depends on the input document type. For details, see Inputs for real-time custom analysis in the Comprehend Developer Guide.
If you use the Bytes parameter, do not use the Text parameter.
Use the Bytes parameter to input a text, PDF, Word or image file.
When you classify a document using a custom model, you can also use the Bytes parameter to input an Amazon Textract DetectDocumentText or AnalyzeDocument output file.
To classify a document using the prompt safety classifier, use the Text parameter for input.
Provide the input document as a sequence of base64-encoded bytes. If your code uses an Amazon Web Services SDK to classify documents, the SDK may encode the document file bytes for you.
The maximum length of this field depends on the input document type. For details, see Inputs for real-time custom analysis in the Comprehend Developer Guide.
If you use the Bytes parameter, do not use the Text parameter.
This field applies only when you use a custom entity recognition model that was trained with PDF annotations. For other cases, enter your text input in the Text field.
Use the Bytes parameter to input a text, PDF, Word or image file. Using a plain-text file in the Bytes parameter is equivelent to using the Text parameter (the Entities field in the response is identical).
You can also use the Bytes parameter to input an Amazon Textract DetectDocumentText or AnalyzeDocument output file.
Provide the input document as a sequence of base64-encoded bytes. If your code uses an Amazon Web Services SDK to detect entities, the SDK may encode the document file bytes for you.
The maximum length of this field depends on the input document type. For details, see Inputs for real-time custom analysis in the Comprehend Developer Guide.
If you use the Bytes parameter, do not use the Text parameter.
Toxicity analysis result for one string. For more information about toxicity detection, see Toxicity detection in the Amazon Comprehend Developer Guide
", + "base": "Toxicity analysis result for one string. For more information about toxicity detection, see Toxicity detection in the Amazon Comprehend Developer Guide.
", "refs": { "ListOfToxicLabels$member": null } }, "UnsupportedLanguageException": { - "base": "Amazon Comprehend can't process the language of the input text. For custom entity recognition APIs, only English, Spanish, French, Italian, German, or Portuguese are accepted. For a list of supported languages, Supported languages in the Comprehend Developer Guide.
", + "base": "Amazon Comprehend can't process the language of the input text. For a list of supported languages, Supported languages in the Comprehend Developer Guide.
", "refs": { } }, diff --git a/models/apis/connect/2017-08-08/api-2.json b/models/apis/connect/2017-08-08/api-2.json index e3f4e871742..35932fb710a 100644 --- a/models/apis/connect/2017-08-08/api-2.json +++ b/models/apis/connect/2017-08-08/api-2.json @@ -4987,7 +4987,8 @@ "InstanceAlias":{"shape":"DirectoryAlias"}, "DirectoryId":{"shape":"DirectoryId"}, "InboundCallsEnabled":{"shape":"InboundCallsEnabled"}, - "OutboundCallsEnabled":{"shape":"OutboundCallsEnabled"} + "OutboundCallsEnabled":{"shape":"OutboundCallsEnabled"}, + "Tags":{"shape":"TagMap"} } }, "CreateInstanceResponse":{ @@ -8359,7 +8360,8 @@ "StatusReason":{"shape":"InstanceStatusReason"}, "InboundCallsEnabled":{"shape":"InboundCallsEnabled"}, "OutboundCallsEnabled":{"shape":"OutboundCallsEnabled"}, - "InstanceAccessUrl":{"shape":"Url"} + "InstanceAccessUrl":{"shape":"Url"}, + "Tags":{"shape":"TagMap"} } }, "InstanceArn":{ diff --git a/models/apis/connect/2017-08-08/docs-2.json b/models/apis/connect/2017-08-08/docs-2.json index fc6803cde77..5f3c02e0d1c 100644 --- a/models/apis/connect/2017-08-08/docs-2.json +++ b/models/apis/connect/2017-08-08/docs-2.json @@ -6716,6 +6716,7 @@ "CreateContactFlowModuleRequest$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", "CreateContactFlowRequest$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", "CreateHoursOfOperationRequest$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", + "CreateInstanceRequest$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", "CreatePromptRequest$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", "CreateQueueRequest$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", @@ -6734,6 +6735,7 @@ "HierarchyGroup$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", "HoursOfOperation$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", "ImportPhoneNumberRequest$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", + "Instance$Tags": "The tags of an instance.
", "ListTagsForResourceResponse$tags": "Information about the tags.
", "Prompt$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", "Queue$Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
", diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 838b8cb8cb7..267eccf3918 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -10118,6 +10118,7 @@ "amazon-web-services" ] }, + "CpuManufacturerName":{"type":"string"}, "CpuManufacturerSet":{ "type":"list", "member":{ @@ -36296,6 +36297,10 @@ "SupportedFeatures":{ "shape":"SupportedAdditionalProcessorFeatureList", "locationName":"supportedFeatures" + }, + "Manufacturer":{ + "shape":"CpuManufacturerName", + "locationName":"manufacturer" } } }, diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 936ec9261e7..9eebc8afa84 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -4030,6 +4030,12 @@ "CpuManufacturerSet$member": null } }, + "CpuManufacturerName": { + "base": null, + "refs": { + "ProcessorInfo$Manufacturer": "The manufacturer of the processor.
" + } + }, "CpuManufacturerSet": { "base": null, "refs": { diff --git a/models/apis/payment-cryptography/2021-09-14/api-2.json b/models/apis/payment-cryptography/2021-09-14/api-2.json index 2d52af3ff8b..e9bb9b2a876 100644 --- a/models/apis/payment-cryptography/2021-09-14/api-2.json +++ b/models/apis/payment-cryptography/2021-09-14/api-2.json @@ -30,7 +30,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} - ] + ], + "idempotent":true }, "CreateKey":{ "name":"CreateKey", @@ -67,7 +68,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} - ] + ], + "idempotent":true }, "DeleteKey":{ "name":"DeleteKey", @@ -85,7 +87,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} - ] + ], + "idempotent":true }, "ExportKey":{ "name":"ExportKey", @@ -490,6 +493,20 @@ "Key":{"shape":"Key"} } }, + "ExportAttributes":{ + "type":"structure", + "members":{ + "ExportDukptInitialKey":{"shape":"ExportDukptInitialKey"}, + "KeyCheckValueAlgorithm":{"shape":"KeyCheckValueAlgorithm"} + } + }, + "ExportDukptInitialKey":{ + "type":"structure", + "required":["KeySerialNumber"], + "members":{ + "KeySerialNumber":{"shape":"HexLength20Or24"} + } + }, "ExportKeyInput":{ "type":"structure", "required":[ @@ -497,6 +514,7 @@ "KeyMaterial" ], "members":{ + "ExportAttributes":{"shape":"ExportAttributes"}, "ExportKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, "KeyMaterial":{"shape":"ExportKeyMaterial"} } @@ -650,6 +668,12 @@ "min":16, "pattern":"^[0-9A-F]+$" }, + "HexLength20Or24":{ + "type":"string", + "max":24, + "min":20, + "pattern":"^[0-9A-F]{20}$|^[0-9A-F]{24}$" + }, "ImportKeyInput":{ "type":"structure", "required":["KeyMaterial"], @@ -1175,6 +1199,8 @@ "WrappingKeyArn" ], "members":{ + "KeyCheckValue":{"shape":"KeyCheckValue"}, + "KeyCheckValueAlgorithm":{"shape":"KeyCheckValueAlgorithm"}, "KeyMaterial":{"shape":"KeyMaterial"}, "WrappedKeyMaterialFormat":{"shape":"WrappedKeyMaterialFormat"}, "WrappingKeyArn":{"shape":"KeyArn"} diff --git a/models/apis/payment-cryptography/2021-09-14/docs-2.json b/models/apis/payment-cryptography/2021-09-14/docs-2.json index 40201cc970b..a20ad1a284f 100644 --- a/models/apis/payment-cryptography/2021-09-14/docs-2.json +++ b/models/apis/payment-cryptography/2021-09-14/docs-2.json @@ -1,18 +1,18 @@ { "version": "2.0", - "service": "You use the Amazon Web Services Payment Cryptography Control Plane to manage the encryption keys you use for payment-related cryptographic operations. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys. For more information, see Identity and access management in the Amazon Web Services Payment Cryptography User Guide.
To use encryption keys for payment-related transaction processing and associated cryptographic operations, you use the Amazon Web Services Payment Cryptography Data Plane. You can encrypt, decrypt, generate, verify, and translate payment-related cryptographic operations.
All Amazon Web Services Payment Cryptography API calls must be signed and transmitted using Transport Layer Security (TLS). We recommend you always use the latest supported TLS version for logging API requests.
Amazon Web Services Payment Cryptography supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to Amazon Web Services Payment Cryptography, who made the request, when it was made, and so on. If you don't configure a trail, you can still view the most recent events in the CloudTrail console. For more information, see the CloudTrail User Guide.
", + "service": "Amazon Web Services Payment Cryptography Control Plane APIs manage encryption keys for use during payment-related cryptographic operations. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys. For more information, see Identity and access management in the Amazon Web Services Payment Cryptography User Guide.
To use encryption keys for payment-related transaction processing and associated cryptographic operations, you use the Amazon Web Services Payment Cryptography Data Plane. You can perform actions like encrypt, decrypt, generate, and verify payment-related data.
All Amazon Web Services Payment Cryptography API calls must be signed and transmitted using Transport Layer Security (TLS). We recommend you always use the latest supported TLS version for logging API requests.
Amazon Web Services Payment Cryptography supports CloudTrail for control plane operations, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket you specify. By using the information collected by CloudTrail, you can determine what requests were made to Amazon Web Services Payment Cryptography, who made the request, when it was made, and so on. If you don't configure a trail, you can still view the most recent events in the CloudTrail console. For more information, see the CloudTrail User Guide.
", "operations": { "CreateAlias": "Creates an alias, or a friendly name, for an Amazon Web Services Payment Cryptography key. You can use an alias to identify a key in the console and when you call cryptographic operations such as EncryptData or DecryptData.
You can associate the alias with any key in the same Amazon Web Services Region. Each alias is associated with only one key at a time, but a key can have multiple aliases. You can't create an alias without a key. The alias must be unique in the account and Amazon Web Services Region, but you can create another alias with the same name in a different Amazon Web Services Region.
To change the key that's associated with the alias, call UpdateAlias. To delete the alias, call DeleteAlias. These operations don't affect the underlying key. To get the alias that you created, call ListAliases.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "CreateKey": "Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as encryption and decryption.
In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that defines the scope and cryptographic operations that you can perform using the key, for example key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: Encrypt). For information about valid combinations of key attributes, see Understanding key attributes in the Amazon Web Services Payment Cryptography User Guide. The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "CreateKey": "Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as encryption and decryption.
In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that define the scope and cryptographic operations that you can perform using the key, for example key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: Encrypt). For information about valid combinations of key attributes, see Understanding key attributes in the Amazon Web Services Payment Cryptography User Guide. The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "DeleteAlias": "Deletes the alias, but doesn't affect the underlying key.
Each key can have multiple aliases. To get the aliases of all keys, use the ListAliases operation. To change the alias of a key, first use DeleteAlias to delete the current alias and then use CreateAlias to create a new alias. To associate an existing alias with a different key, call UpdateAlias.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "DeleteKey": "Deletes the key material and all metadata associated with Amazon Web Services Payment Cryptography key.
Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key. For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key, and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period. The default waiting period is 7 days. To set a different waiting period, set DeleteKeyInDays. During the waiting period, the KeyState is DELETE_PENDING. After the key is deleted, the KeyState is DELETE_COMPLETE.
If you delete key material, you can use ImportKey to reimport the same key material into the Amazon Web Services Payment Cryptography key.
You should delete a key only when you are sure that you don't need to use it anymore and no other parties are utilizing this key. If you aren't sure, consider deactivating it instead by calling StopKeyUsage.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "ExportKey": "Exports a key from Amazon Web Services Payment Cryptography using either ANSI X9 TR-34 or TR-31 key export standard.
Amazon Web Services Payment Cryptography simplifies main or root key exchange process by eliminating the need of a paper-based key exchange process. It takes a modern and secure approach based of the ANSI X9 TR-34 key exchange standard.
You can use ExportKey to export main or root keys such as KEK (Key Encryption Key), using asymmetric key exchange technique following ANSI X9 TR-34 standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional trust between the two parties exchanging keys. After which you can export working keys using the ANSI X9 TR-31 symmetric key exchange standard as mandated by PCI PIN. Using this operation, you can share your Amazon Web Services Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of Amazon Web Services Payment Cryptography
TR-34 key export
Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange standard to export main keys such as KEK. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Host (KRH). In key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export. KRH is the user receiving the key. Before you initiate TR-34 key export, you must obtain an export token by calling GetParametersForExport. This operation also returns the signing key certificate that KDH uses to sign the wrapped key to generate a TR-34 wrapped key block. The export token expires after 7 days.
Set the following parameters:
The KeyARN of the certificate chain that will sign the wrapping key certificate. This must exist within Amazon Web Services Payment Cryptography before you initiate TR-34 key export. If it does not exist, you can import it by calling ImportKey for RootCertificatePublicKey.
Obtained from KDH by calling GetParametersForExport.
Amazon Web Services Payment Cryptography uses this to wrap the key under export.
When this operation is successful, Amazon Web Services Payment Cryptography returns the TR-34 wrapped key block.
TR-31 key export
Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange standard to export working keys. In TR-31, you must use a main key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use CreateKey or ImportKey. When this operation is successful, Amazon Web Services Payment Cryptography returns a TR-31 wrapped key block.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "DeleteKey": "Deletes the key material and metadata associated with Amazon Web Services Payment Cryptography key.
Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key. For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key, and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period set using DeleteKeyInDays. The default waiting period is 7 days. During the waiting period, the KeyState is DELETE_PENDING. After the key is deleted, the KeyState is DELETE_COMPLETE.
You should delete a key only when you are sure that you don't need to use it anymore and no other parties are utilizing this key. If you aren't sure, consider deactivating it instead by calling StopKeyUsage.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "ExportKey": "Exports a key from Amazon Web Services Payment Cryptography.
Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach with a modern electronic approach. With ExportKey you can export symmetric keys using either symmetric and asymmetric key exchange mechanisms. Using this operation, you can share your Amazon Web Services Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of Amazon Web Services Payment Cryptography
For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 norm . Asymmetric key exchange methods are typically used to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange such as Key Encryption Key (KEK). After which you can export working keys using symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.
The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block.
You can also use ExportKey functionality to generate and export an IPEK (Initial Pin Encryption Key) from Amazon Web Services Payment Cryptography using either TR-31 or TR-34 export key exchange. IPEK is generated from BDK (Base Derivation Key) and ExportDukptInitialKey attribute KSN (KeySerialNumber). The generated IPEK does not persist within Amazon Web Services Payment Cryptography and has to be re-generated each time during export.
To export KEK or IPEK using TR-34
Using this operation, you can export initial key using TR-34 asymmetric key exchange. You can only export KEK generated within Amazon Web Services Payment Cryptography. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD). During key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export and KRD is the user receiving the key.
To initiate TR-34 key export, the KRD must obtain an export token by calling GetParametersForExport. This operation also generates a key pair for the purpose of key export, signs the key and returns back the signing public key certificate (also known as KDH signing certificate) and root certificate chain. The KDH uses the private key to sign the the export payload and the signing public key certificate is provided to KRD to verify the signature. The KRD can import the root certificate into its Hardware Security Module (HSM), as required. The export token and the associated KDH signing certificate expires after 7 days.
Next the KRD generates a key pair for the the purpose of encrypting the KDH key and provides the public key cerificate (also known as KRD wrapping certificate) back to KDH. The KRD will also import the root cerificate chain into Amazon Web Services Payment Cryptography by calling ImportKey for RootCertificatePublicKey. The KDH, Amazon Web Services Payment Cryptography, will use the KRD wrapping cerificate to encrypt (wrap) the key under export and signs it with signing private key to generate a TR-34 WrappedKeyBlock. For more information on TR-34 key export, see section Exporting symmetric keys in the Amazon Web Services Payment Cryptography User Guide.
Set the following parameters:
ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for KEK export.
ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.
KeyMaterial: Use Tr34KeyBlock parameters.
CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed the KRD wrapping key certificate.
ExportToken: Obtained from KDH by calling GetParametersForImport.
WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KRD wrapping key Amazon Web Services Payment Cryptography uses for encryption of the TR-34 export payload. This certificate must be signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon Web Services Payment Cryptography.
When this operation is successful, Amazon Web Services Payment Cryptography returns the KEK or IPEK as a TR-34 WrappedKeyBlock.
To export WK (Working Key) or IPEK using TR-31
Using this operation, you can export working keys or IPEK using TR-31 symmetric key exchange. In TR-31, you must use an initial key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use CreateKey or ImportKey.
Set the following parameters:
ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for KEK export.
ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.
KeyMaterial: Use Tr31KeyBlock parameters.
When this operation is successful, Amazon Web Services Payment Cryptography returns the WK or IPEK as a TR-31 WrappedKeyBlock.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "GetAlias": "Gets the Amazon Web Services Payment Cryptography key associated with the alias.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "GetKey": "Gets the key material for an Amazon Web Services Payment Cryptography key, including the immutable and mutable data specified when the key was created.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "GetParametersForExport": "Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.
The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 7 days. You can use the same export token to export multiple keys from your service account.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "GetParametersForImport": "Gets the import token and the wrapping key certificate to initiate a TR-34 key import into Amazon Web Services Payment Cryptography.
The wrapping key certificate wraps the key under import within the TR-34 key payload. The import token and wrapping key certificate must be in place and operational before calling ImportKey. The import token expires in 7 days. The same import token can be used to import multiple keys into your service account.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GetParametersForImport": "Gets the import token and the wrapping key certificate in PEM format (base64 encoded) to initiate a TR-34 WrappedKeyBlock.
The wrapping key certificate wraps the key under import. The import token and wrapping key certificate must be in place and operational before calling ImportKey. The import token expires in 7 days. You can use the same import token to import multiple keys into your service account.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "GetPublicKeyCertificate": "Gets the public key certificate of the asymmetric key pair that exists within Amazon Web Services Payment Cryptography.
Unlike the private key of an asymmetric key, which never leaves Amazon Web Services Payment Cryptography unencrypted, callers with GetPublicKeyCertificate permission can download the public key certificate of the asymmetric key. You can share the public key certificate to allow others to encrypt messages and verify signatures outside of Amazon Web Services Payment Cryptography
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
", - "ImportKey": "Imports keys and public key certificates into Amazon Web Services Payment Cryptography.
Amazon Web Services Payment Cryptography simplifies main or root key exchange process by eliminating the need of a paper-based key exchange process. It takes a modern and secure approach based of the ANSI X9 TR-34 key exchange standard.
You can use ImportKey to import main or root keys such as KEK (Key Encryption Key) using asymmetric key exchange technique following the ANSI X9 TR-34 standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional trust between the two parties exchanging keys.
After you have imported a main or root key, you can import working keys to perform various cryptographic operations within Amazon Web Services Payment Cryptography using the ANSI X9 TR-31 symmetric key exchange standard as mandated by PCI PIN.
You can also import a root public key certificate, a self-signed certificate used to sign other public key certificates, or a trusted public key certificate under an already established root public key certificate.
To import a public root key certificate
Using this operation, you can import the public component (in PEM cerificate format) of your private root key. You can use the imported public root key certificate for digital signatures, for example signing wrapping key or signing key in TR-34, within your Amazon Web Services Payment Cryptography account.
Set the following parameters:
KeyMaterial: RootCertificatePublicKey
KeyClass: PUBLIC_KEY
KeyModesOfUse: Verify
KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
PublicKeyCertificate: The certificate authority used to sign the root public key certificate.
To import a trusted public key certificate
The root public key certificate must be in place and operational before you import a trusted public key certificate. Set the following parameters:
KeyMaterial: TrustedCertificatePublicKey
CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey.
KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations such as wrap, sign, or encrypt that you will allow the trusted public key certificate to perform.
PublicKeyCertificate: The certificate authority used to sign the trusted public key certificate.
Import main keys
Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange standard to import main keys such as KEK. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Host (KRH). During the key import process, KDH is the user who initiates the key import and KRH is Amazon Web Services Payment Cryptography who receives the key. Before initiating TR-34 key import, you must obtain an import token by calling GetParametersForImport. This operation also returns the wrapping key certificate that KDH uses wrap key under import to generate a TR-34 wrapped key block. The import token expires after 7 days.
Set the following parameters:
CertificateAuthorityPublicKeyIdentifier: The KeyArn of the certificate chain that will sign the signing key certificate and should exist within Amazon Web Services Payment Cryptography before initiating TR-34 key import. If it does not exist, you can import it by calling by calling ImportKey for RootCertificatePublicKey.
ImportToken: Obtained from KRH by calling GetParametersForImport.
WrappedKeyBlock: The TR-34 wrapped key block from KDH. It contains the KDH key under import, wrapped with KRH provided wrapping key certificate and signed by the KDH private signing key. This TR-34 key block is generated by the KDH Hardware Security Module (HSM) outside of Amazon Web Services Payment Cryptography.
SigningKeyCertificate: The public component of the private key that signed the KDH TR-34 wrapped key block. In PEM certificate format.
TR-34 is intended primarily to exchange 3DES keys. Your ability to export AES-128 and larger AES keys may be dependent on your source system.
Import working keys
Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange standard to import working keys. A KEK must be established within Amazon Web Services Payment Cryptography by using TR-34 key import. To initiate a TR-31 key import, set the following parameters:
WrappedKeyBlock: The key under import and encrypted using KEK. The TR-31 key block generated by your HSM outside of Amazon Web Services Payment Cryptography.
WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services Payment Cryptography uses to decrypt or unwrap the key under import.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "ImportKey": "Imports symmetric keys and public key certificates in PEM format (base64 encoded) into Amazon Web Services Payment Cryptography.
Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach with a modern electronic approach. With ImportKey you can import symmetric keys using either symmetric and asymmetric key exchange mechanisms.
For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 norm . Asymmetric key exchange methods are typically used to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange such as Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can import working keys using symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.
The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block.
You can also import a root public key certificate, used to sign other public key certificates, or a trusted public key certificate under an already established root public key certificate.
To import a public root key certificate
You can also import a root public key certificate, used to sign other public key certificates, or a trusted public key certificate under an already established root public key certificate.
To import a public root key certificate
Using this operation, you can import the public component (in PEM cerificate format) of your private root key. You can use the imported public root key certificate for digital signatures, for example signing wrapping key or signing key in TR-34, within your Amazon Web Services Payment Cryptography account.
Set the following parameters:
KeyMaterial: RootCertificatePublicKey
KeyClass: PUBLIC_KEY
KeyModesOfUse: Verify
KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
PublicKeyCertificate: The public key certificate in PEM format (base64 encoded) of the private root key under import.
To import a trusted public key certificate
The root public key certificate must be in place and operational before you import a trusted public key certificate. Set the following parameters:
KeyMaterial: TrustedCertificatePublicKey
CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey.
KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations such as wrap, sign, or encrypt that you will allow the trusted public key certificate to perform.
PublicKeyCertificate: The trusted public key certificate in PEM format (base64 encoded) under import.
To import KEK or ZMK using TR-34
Using this operation, you can import initial key using TR-34 asymmetric key exchange. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD). During the key import process, KDH is the user who initiates the key import and KRD is Amazon Web Services Payment Cryptography who receives the key.
To initiate TR-34 key import, the KDH must obtain an import token by calling GetParametersForImport. This operation generates an encryption keypair for the purpose of key import, signs the key and returns back the wrapping key certificate (also known as KRD wrapping certificate) and the root certificate chain. The KDH must trust and install the KRD wrapping certificate on its HSM and use it to encrypt (wrap) the KDH key during TR-34 WrappedKeyBlock generation. The import token and associated KRD wrapping certificate expires after 7 days.
Next the KDH generates a key pair for the purpose of signing the encrypted KDH key and provides the public certificate of the signing key to Amazon Web Services Payment Cryptography. The KDH will also need to import the root certificate chain of the KDH signing certificate by calling ImportKey for RootCertificatePublicKey. For more information on TR-34 key import, see section Importing symmetric keys in the Amazon Web Services Payment Cryptography User Guide.
Set the following parameters:
KeyMaterial: Use Tr34KeyBlock parameters.
CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed the KDH signing key certificate.
ImportToken: Obtained from KRD by calling GetParametersForImport.
WrappedKeyBlock: The TR-34 wrapped key material from KDH. It contains the KDH key under import, wrapped with KRD wrapping certificate and signed by KDH signing private key. This TR-34 key block is typically generated by the KDH Hardware Security Module (HSM) outside of Amazon Web Services Payment Cryptography.
SigningKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KDH signing key generated under the root certificate (CertificateAuthorityPublicKeyIdentifier) imported in Amazon Web Services Payment Cryptography.
To import WK (Working Key) using TR-31
Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange norm to import working keys. A KEK must be established within Amazon Web Services Payment Cryptography by using TR-34 key import or by using CreateKey. To initiate a TR-31 key import, set the following parameters:
KeyMaterial: Use Tr31KeyBlock parameters.
WrappedKeyBlock: The TR-31 wrapped key material. It contains the key under import, encrypted using KEK. The TR-31 key block is typically generated by a HSM outside of Amazon Web Services Payment Cryptography.
WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services Payment Cryptography uses to decrypt or unwrap the key under import.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "ListAliases": "Lists the aliases for all keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the list of aliases. For more information, see Using aliases in the Amazon Web Services Payment Cryptography User Guide.
This is a paginated operation, which means that each response might contain only a subset of all the aliases. When the response contains only a subset of aliases, it includes a NextToken value. Use this value in a subsequent ListAliases request to get more aliases. When you receive a response with no NextToken (or an empty or null value), that means there are no more aliases to get.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "ListKeys": "Lists the keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the list of keys.
This is a paginated operation, which means that each response might contain only a subset of all the keys. When the response contains only a subset of keys, it includes a NextToken value. Use this value in a subsequent ListKeys request to get more keys. When you receive a response with no NextToken (or an empty or null value), that means there are no more keys to get.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "ListTagsForResource": "Lists the tags for an Amazon Web Services resource.
This is a paginated operation, which means that each response might contain only a subset of all the tags. When the response contains only a subset of tags, it includes a NextToken value. Use this value in a subsequent ListTagsForResource request to get more tags. When you receive a response with no NextToken (or an empty or null value), that means there are no more tags to get.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", @@ -42,7 +42,7 @@ "base": null, "refs": { "Alias$AliasName": "A friendly name that you can use to refer to a key. The value must begin with alias/.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
A friendly name that you can use to refer a key. An alias must begin with alias/ followed by a name, for example alias/ExampleAlias. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
A friendly name that you can use to refer to a key. An alias must begin with alias/ followed by a name, for example alias/ExampleAlias. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
A friendly name that you can use to refer Amazon Web Services Payment Cryptography key. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.
The alias of the Amazon Web Services Payment Cryptography key.
", "UpdateAliasInput$AliasName": "The alias whose associated key is changing.
" @@ -57,7 +57,7 @@ "Boolean": { "base": null, "refs": { - "CreateKeyInput$Enabled": "Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key not enabled, then it is created but not activated. The default value is enabled.
", + "CreateKeyInput$Enabled": "Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key is not enabled, then it is created but not activated. The default value is enabled.
", "CreateKeyInput$Exportable": "Specifies whether the key is exportable from the service.
", "ImportKeyInput$Enabled": "Specifies whether import key is enabled.
", "Key$Enabled": "Specifies whether the key is enabled.
", @@ -70,13 +70,13 @@ "base": null, "refs": { "ExportTr34KeyBlock$WrappingKeyCertificate": "The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography uses this certificate to wrap the key under export.
The signing key certificate of the public key for signature within the TR-34 key block cryptogram. The certificate expires after 7 days.
", - "GetParametersForExportOutput$SigningKeyCertificateChain": "The certificate chain that signed the signing key certificate. This is the root certificate authority (CA) within your service account.
", - "GetParametersForImportOutput$WrappingKeyCertificate": "The wrapping key certificate of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.
", - "GetParametersForImportOutput$WrappingKeyCertificateChain": "The Amazon Web Services Payment Cryptography certificate chain that signed the wrapping key certificate. This is the root certificate authority (CA) within your service account.
", - "GetPublicKeyCertificateOutput$KeyCertificate": "The public key component of the asymmetric key pair in a certificate (PEM) format. It is signed by the root certificate authority (CA) within your service account. The certificate expires in 90 days.
", - "GetPublicKeyCertificateOutput$KeyCertificateChain": "The certificate chain that signed the public key certificate of the asymmetric key pair. This is the root certificate authority (CA) within your service account.
", - "ImportTr34KeyBlock$SigningKeyCertificate": "The public key component in PEM certificate format of the private key that signs the KDH TR-34 wrapped key block.
", + "GetParametersForExportOutput$SigningKeyCertificate": "The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 7 days.
", + "GetParametersForExportOutput$SigningKeyCertificateChain": "The root certificate authority (CA) that signed the signing key certificate in PEM format (base64 encoded).
", + "GetParametersForImportOutput$WrappingKeyCertificate": "The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.
", + "GetParametersForImportOutput$WrappingKeyCertificateChain": "The Amazon Web Services Payment Cryptography root certificate authority (CA) that signed the wrapping key certificate in PEM format (base64 encoded).
", + "GetPublicKeyCertificateOutput$KeyCertificate": "The public key component of the asymmetric key pair in a certificate PEM format (base64 encoded). It is signed by the root certificate authority (CA). The certificate expires in 90 days.
", + "GetPublicKeyCertificateOutput$KeyCertificateChain": "The root certificate authority (CA) that signed the public key certificate in PEM format (base64 encoded) of the asymmetric key pair.
", + "ImportTr34KeyBlock$SigningKeyCertificate": "The public key component in PEM certificate format of the private key that signs the KDH TR-34 WrappedKeyBlock.
", "RootCertificatePublicKey$PublicKeyCertificate": "Parameter information for root public key certificate import.
", "TrustedCertificatePublicKey$PublicKeyCertificate": "Parameter information for trusted public key certificate import.
" } @@ -132,13 +132,25 @@ "refs": { } }, + "ExportAttributes": { + "base": "The attributes for IPEK generation during export.
", + "refs": { + "ExportKeyInput$ExportAttributes": "The attributes for IPEK generation during export.
" + } + }, + "ExportDukptInitialKey": { + "base": "Parameter information for IPEK generation during export.
", + "refs": { + "ExportAttributes$ExportDukptInitialKey": "Parameter information for IPEK export.
" + } + }, "ExportKeyInput": { "base": null, "refs": { } }, "ExportKeyMaterial": { - "base": "Parameter information for key material export from Amazon Web Services Payment Cryptography.
", + "base": "Parameter information for key material export from Amazon Web Services Payment Cryptography using TR-31 or TR-34 key exchange method.
", "refs": { "ExportKeyInput$KeyMaterial": "The key block format type, for example, TR-34 or TR-31, to use during key material export.
" } @@ -156,15 +168,15 @@ } }, "ExportTr31KeyBlock": { - "base": "Parameter information for key material export using TR-31 standard.
", + "base": "Parameter information for key material export using symmetric TR-31 key exchange method.
", "refs": { - "ExportKeyMaterial$Tr31KeyBlock": "Parameter information for key material export using TR-31 standard.
" + "ExportKeyMaterial$Tr31KeyBlock": "Parameter information for key material export using symmetric TR-31 key exchange method.
" } }, "ExportTr34KeyBlock": { - "base": "Parameter information for key material export using TR-34 standard.
", + "base": "Parameter information for key material export using the asymmetric TR-34 key exchange method.
", "refs": { - "ExportKeyMaterial$Tr34KeyBlock": "Parameter information for key material export using TR-34 standard.
" + "ExportKeyMaterial$Tr34KeyBlock": "Parameter information for key material export using the asymmetric TR-34 key exchange method.
" } }, "GetAliasInput": { @@ -224,13 +236,19 @@ "ImportTr34KeyBlock$RandomNonce": "A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
" } }, + "HexLength20Or24": { + "base": null, + "refs": { + "ExportDukptInitialKey$KeySerialNumber": "The KSN for IPEK generation using DUKPT.
KSN must be padded before sending to Amazon Web Services Payment Cryptography. KSN hex length should be 20 for a TDES_2KEY key or 24 for an AES key.
" + } + }, "ImportKeyInput": { "base": null, "refs": { } }, "ImportKeyMaterial": { - "base": "Parameter information for key material import.
", + "base": "Parameter information for key material import into Amazon Web Services Payment Cryptography using TR-31 or TR-34 key exchange method.
", "refs": { "ImportKeyInput$KeyMaterial": "The key or public key certificate type to use during key material import, for example TR-34 or RootCertificatePublicKey.
" } @@ -244,19 +262,19 @@ "base": null, "refs": { "GetParametersForImportOutput$ImportToken": "The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 7 days. You can use the same import token to import multiple keys to the same service account.
", - "ImportTr34KeyBlock$ImportToken": "The import token that initiates key import into Amazon Web Services Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.
" + "ImportTr34KeyBlock$ImportToken": "The import token that initiates key import using the asymmetric TR-34 key exchange method into Amazon Web Services Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.
" } }, "ImportTr31KeyBlock": { - "base": "Parameter information for key material import using TR-31 standard.
", + "base": "Parameter information for key material import using symmetric TR-31 key exchange method.
", "refs": { - "ImportKeyMaterial$Tr31KeyBlock": "Parameter information for key material import using TR-31 standard.
" + "ImportKeyMaterial$Tr31KeyBlock": "Parameter information for key material import using symmetric TR-31 key exchange method.
" } }, "ImportTr34KeyBlock": { - "base": "Parameter information for key material import using TR-34 standard.
", + "base": "Parameter information for key material import using the asymmetric TR-34 key exchange method.
", "refs": { - "ImportKeyMaterial$Tr34KeyBlock": "Parameter information for key material import using TR-34 standard.
" + "ImportKeyMaterial$Tr34KeyBlock": "Parameter information for key material import using the asymmetric TR-34 key exchange method.
" } }, "InternalServerException": { @@ -279,10 +297,10 @@ "KeyAlgorithm": { "base": null, "refs": { - "GetParametersForExportInput$SigningKeyAlgorithm": "The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block cryptogram. RSA_2048 is the only signing key algorithm allowed.
The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block. RSA_2048 is the only signing key algorithm allowed.
The algorithm of the signing key certificate for use in TR-34 key block generation. RSA_2048 is the only signing key algorithm allowed.
The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import within the TR-34 key block cryptogram. RSA_2048 is the only wrapping key algorithm allowed.
The algorithm of the wrapping key for use within TR-34 key block. RSA_2048 is the only wrapping key algorithm allowed.
The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import.
At this time, RSA_2048, RSA_3072, RSA_4096 are the only allowed algorithms for TR-34 WrappedKeyBlock import.
The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock.
", "KeyAttributes$KeyAlgorithm": "The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.
For symmetric keys, Amazon Web Services Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports RSA and ECC_NIST algorithms.
The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "KeySummary$KeyCheckValue": "The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
" + "Key$KeyCheckValue": "The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
", + "KeySummary$KeyCheckValue": "The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
", + "WrappedKey$KeyCheckValue": "The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
" } }, "KeyCheckValueAlgorithm": { "base": null, "refs": { - "CreateKeyInput$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV) for DES and AES keys.
For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
", - "ImportKeyInput$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV) for DES and AES keys.
For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
", - "Key$KeyCheckValueAlgorithm": "The algorithm used for calculating key check value (KCV) for DES and AES keys. For a DES key, Amazon Web Services Payment Cryptography computes the KCV by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For an AES key, Amazon Web Services Payment Cryptography computes the KCV by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
" + "CreateKeyInput$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
", + "ExportAttributes$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. Specify KCV for IPEK export only.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
", + "ImportKeyInput$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
", + "Key$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
", + "WrappedKey$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
" } }, "KeyClass": { @@ -348,14 +369,14 @@ "KeyMaterial": { "base": null, "refs": { - "WrappedKey$KeyMaterial": "Parameter information for generating a wrapped key using TR-31 or TR-34 standard.
" + "WrappedKey$KeyMaterial": "Parameter information for generating a wrapped key using TR-31 or TR-34 skey exchange method.
" } }, "KeyMaterialType": { "base": null, "refs": { "GetParametersForExportInput$KeyMaterialType": "The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.
The key block format type such as TR-34 or TR-31 to use during key material import. Import token is only required for TR-34 key import TR34_KEY_BLOCK. Import token is not required for TR-31 key import.
The method to use for key material import. Import token is only required for TR-34 WrappedKeyBlock (TR34_KEY_BLOCK).
Import token is not required for TR-31, root public key cerificate or trusted public key certificate.
" } }, "KeyModesOfUse": { @@ -430,8 +451,8 @@ "base": null, "refs": { "ListAliasesInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
", - "ListKeysInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
", - "ListTagsForResourceInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
" + "ListKeysInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
", + "ListTagsForResourceInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
" } }, "NextToken": { @@ -569,10 +590,10 @@ "Tags": { "base": null, "refs": { - "CreateKeyInput$Tags": "The tags to attach to the key. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
To use this parameter, you must have TagResource permission.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
The tags to attach to the key. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.
To use this parameter, you must have TagResource permission.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is imported. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
The list of tags associated with a ResourceArn. Each tag will list the key-value pair contained within that tag.
One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
To use this parameter, you must have TagResource permission in an IAM policy.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
To use this parameter, you must have TagResource permission in an IAM policy.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
The TR-34 wrapped key block to import.
" + "ImportTr31KeyBlock$WrappedKeyBlock": "The TR-31 wrapped key block to import.
" } }, "Tr34KeyBlockFormat": { @@ -643,9 +664,9 @@ } }, "WrappedKey": { - "base": "Parameter information for generating a wrapped key using TR-31 or TR-34 standard.
", + "base": "Parameter information for generating a WrappedKeyBlock for key exchange.
", "refs": { - "ExportKeyOutput$WrappedKey": "The key material under export as a TR-34 or TR-31 wrapped key block.
" + "ExportKeyOutput$WrappedKey": "The key material under export as a TR-34 WrappedKeyBlock or a TR-31 WrappedKeyBlock.
" } }, "WrappedKeyMaterialFormat": { diff --git a/models/apis/payment-cryptography/2021-09-14/endpoint-rule-set-1.json b/models/apis/payment-cryptography/2021-09-14/endpoint-rule-set-1.json index ff2c3e5d3ab..26afb5d7738 100644 --- a/models/apis/payment-cryptography/2021-09-14/endpoint-rule-set-1.json +++ b/models/apis/payment-cryptography/2021-09-14/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff --git a/models/apis/payment-cryptography/2021-09-14/endpoint-tests-1.json b/models/apis/payment-cryptography/2021-09-14/endpoint-tests-1.json index 859cd0c5242..f1004e41dd7 100644 --- a/models/apis/payment-cryptography/2021-09-14/endpoint-tests-1.json +++ b/models/apis/payment-cryptography/2021-09-14/endpoint-tests-1.json @@ -1,54 +1,54 @@ { "testCases": [ { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography-fips.us-gov-east-1.api.aws" + "url": "https://controlplane.payment-cryptography-fips.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseFIPS": true, - "Region": "us-gov-east-1", "UseDualStack": true } }, { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography-fips.us-gov-east-1.amazonaws.com" + "url": "https://controlplane.payment-cryptography-fips.us-east-1.amazonaws.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": true, - "Region": "us-gov-east-1", "UseDualStack": false } }, { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography.us-gov-east-1.api.aws" + "url": "https://controlplane.payment-cryptography.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, - "Region": "us-gov-east-1", "UseDualStack": true } }, { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography.us-gov-east-1.amazonaws.com" + "url": "https://controlplane.payment-cryptography.us-east-1.amazonaws.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, - "Region": "us-gov-east-1", "UseDualStack": false } }, @@ -60,8 +60,8 @@ } }, "params": { - "UseFIPS": true, "Region": "cn-north-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -73,8 +73,8 @@ } }, "params": { - "UseFIPS": true, "Region": "cn-north-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -86,8 +86,8 @@ } }, "params": { - "UseFIPS": false, "Region": "cn-north-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -99,108 +99,108 @@ } }, "params": { - "UseFIPS": false, "Region": "cn-north-1", + "UseFIPS": false, "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { - "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.us-gov-east-1.api.aws" + } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-iso-east-1", "UseDualStack": true } }, { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography-fips.us-iso-east-1.c2s.ic.gov" + "url": "https://controlplane.payment-cryptography-fips.us-gov-east-1.amazonaws.com" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-iso-east-1", "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { - "error": "DualStack is enabled but this partition does not support DualStack" + "endpoint": { + "url": "https://controlplane.payment-cryptography.us-gov-east-1.api.aws" + } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": false, - "Region": "us-iso-east-1", "UseDualStack": true } }, { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography.us-iso-east-1.c2s.ic.gov" + "url": "https://controlplane.payment-cryptography.us-gov-east-1.amazonaws.com" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": false, - "Region": "us-iso-east-1", "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://controlplane.payment-cryptography-fips.us-east-1.api.aws" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { + "Region": "us-iso-east-1", "UseFIPS": true, - "Region": "us-east-1", "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography-fips.us-east-1.amazonaws.com" + "url": "https://controlplane.payment-cryptography-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { + "Region": "us-iso-east-1", "UseFIPS": true, - "Region": "us-east-1", "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://controlplane.payment-cryptography.us-east-1.api.aws" - } + "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { + "Region": "us-iso-east-1", "UseFIPS": false, - "Region": "us-east-1", "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://controlplane.payment-cryptography.us-east-1.amazonaws.com" + "url": "https://controlplane.payment-cryptography.us-iso-east-1.c2s.ic.gov" } }, "params": { + "Region": "us-iso-east-1", "UseFIPS": false, - "Region": "us-east-1", "UseDualStack": false } }, @@ -210,8 +210,8 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseFIPS": true, "Region": "us-isob-east-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -223,8 +223,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-isob-east-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -234,8 +234,8 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseFIPS": false, "Region": "us-isob-east-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -247,21 +247,34 @@ } }, "params": { - "UseFIPS": false, "Region": "us-isob-east-1", + "UseFIPS": false, "UseDualStack": false } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, "UseDualStack": false, "Endpoint": "https://example.com" } @@ -272,8 +285,8 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseFIPS": true, "Region": "us-east-1", + "UseFIPS": true, "UseDualStack": false, "Endpoint": "https://example.com" } @@ -284,11 +297,17 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/service/backup/api.go b/service/backup/api.go index b8e23c39911..881568843d8 100644 --- a/service/backup/api.go +++ b/service/backup/api.go @@ -9413,12 +9413,10 @@ func (c *Backup) UpdateRegionSettingsRequest(input *UpdateRegionSettingsInput) ( // UpdateRegionSettings API operation for AWS Backup. // -// Updates the current service opt-in settings for the Region. If service-opt-in -// is enabled for a service, Backup tries to protect that service's resources -// in this Region, when the resource is included in an on-demand backup or scheduled -// backup plan. Otherwise, Backup does not try to protect that service's resources -// in this Region. Use the DescribeRegionSettings API to determine the resource -// types that are supported. +// Updates the current service opt-in settings for the Region. +// +// Use the DescribeRegionSettings API to determine the resource types that are +// supported. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14729,6 +14727,9 @@ type DescribeRecoveryPointOutput struct { // Specifies the storage class of the recovery point. Valid values are WARM // or COLD. StorageClass *string `type:"string" enum:"StorageClass"` + + // This is the type of vault in which the described recovery point is stored. + VaultType *string `type:"string" enum:"VaultType"` } // String returns the string representation. @@ -14887,6 +14888,12 @@ func (s *DescribeRecoveryPointOutput) SetStorageClass(v string) *DescribeRecover return s } +// SetVaultType sets the VaultType field's value. +func (s *DescribeRecoveryPointOutput) SetVaultType(v string) *DescribeRecoveryPointOutput { + s.VaultType = &v + return s +} + type DescribeRegionSettingsInput struct { _ struct{} `type:"structure" nopayload:"true"` } @@ -18329,6 +18336,8 @@ type ListBackupJobsInput struct { // // * Aurora for Amazon Aurora // + // * CloudFormation for CloudFormation + // // * DocumentDB for Amazon DocumentDB (with MongoDB compatibility) // // * DynamoDB for Amazon DynamoDB @@ -18343,12 +18352,18 @@ type ListBackupJobsInput struct { // // * Neptune for Amazon Neptune // + // * Redshift for Amazon Redshift + // // * RDS for Amazon Relational Database Service // + // * SAP HANA on Amazon EC2 for SAP HANA databases + // // * Storage Gateway for Storage Gateway // // * S3 for Amazon S3 // + // * Timestream for Amazon Timestream + // // * VirtualMachine for virtual machines ByResourceType *string `location:"querystring" locationName:"resourceType" type:"string"` @@ -19330,6 +19345,8 @@ type ListCopyJobsInput struct { // // * Aurora for Amazon Aurora // + // * CloudFormation for CloudFormation + // // * DocumentDB for Amazon DocumentDB (with MongoDB compatibility) // // * DynamoDB for Amazon DynamoDB @@ -19344,12 +19361,18 @@ type ListCopyJobsInput struct { // // * Neptune for Amazon Neptune // + // * Redshift for Amazon Redshift + // // * RDS for Amazon Relational Database Service // + // * SAP HANA on Amazon EC2 for SAP HANA databases + // // * Storage Gateway for Storage Gateway // // * S3 for Amazon S3 // + // * Timestream for Amazon Timestream + // // * VirtualMachine for virtual machines ByResourceType *string `location:"querystring" locationName:"resourceType" type:"string"` @@ -19978,7 +20001,39 @@ type ListRecoveryPointsByBackupVaultInput struct { // Name (ARN). ByResourceArn *string `location:"querystring" locationName:"resourceArn" type:"string"` - // Returns only recovery points that match the specified resource type. + // Returns only recovery points that match the specified resource type(s): + // + // * Aurora for Amazon Aurora + // + // * CloudFormation for CloudFormation + // + // * DocumentDB for Amazon DocumentDB (with MongoDB compatibility) + // + // * DynamoDB for Amazon DynamoDB + // + // * EBS for Amazon Elastic Block Store + // + // * EC2 for Amazon Elastic Compute Cloud + // + // * EFS for Amazon Elastic File System + // + // * FSx for Amazon FSx + // + // * Neptune for Amazon Neptune + // + // * Redshift for Amazon Redshift + // + // * RDS for Amazon Relational Database Service + // + // * SAP HANA on Amazon EC2 for SAP HANA databases + // + // * Storage Gateway for Storage Gateway + // + // * S3 for Amazon S3 + // + // * Timestream for Amazon Timestream + // + // * VirtualMachine for virtual machines ByResourceType *string `location:"querystring" locationName:"resourceType" type:"string"` // The maximum number of items to be returned. @@ -20959,6 +21014,41 @@ type ListRestoreJobsInput struct { // Returns only restore jobs that were created before the specified date. ByCreatedBefore *time.Time `location:"querystring" locationName:"createdBefore" type:"timestamp"` + // Include this parameter to return only restore jobs for the specified resources: + // + // * Aurora for Amazon Aurora + // + // * CloudFormation for CloudFormation + // + // * DocumentDB for Amazon DocumentDB (with MongoDB compatibility) + // + // * DynamoDB for Amazon DynamoDB + // + // * EBS for Amazon Elastic Block Store + // + // * EC2 for Amazon Elastic Compute Cloud + // + // * EFS for Amazon Elastic File System + // + // * FSx for Amazon FSx + // + // * Neptune for Amazon Neptune + // + // * Redshift for Amazon Redshift + // + // * RDS for Amazon Relational Database Service + // + // * SAP HANA on Amazon EC2 for SAP HANA databases + // + // * Storage Gateway for Storage Gateway + // + // * S3 for Amazon S3 + // + // * Timestream for Amazon Timestream + // + // * VirtualMachine for virtual machines + ByResourceType *string `location:"querystring" locationName:"resourceType" type:"string"` + // This returns only restore testing jobs that match the specified resource // Amazon Resource Name (ARN). ByRestoreTestingPlanArn *string `location:"querystring" locationName:"restoreTestingPlanArn" type:"string"` @@ -21037,6 +21127,12 @@ func (s *ListRestoreJobsInput) SetByCreatedBefore(v time.Time) *ListRestoreJobsI return s } +// SetByResourceType sets the ByResourceType field's value. +func (s *ListRestoreJobsInput) SetByResourceType(v string) *ListRestoreJobsInput { + s.ByResourceType = &v + return s +} + // SetByRestoreTestingPlanArn sets the ByRestoreTestingPlanArn field's value. func (s *ListRestoreJobsInput) SetByRestoreTestingPlanArn(v string) *ListRestoreJobsInput { s.ByRestoreTestingPlanArn = &v @@ -22543,6 +22639,9 @@ type RecoveryPointByBackupVault struct { // A message explaining the reason of the recovery point deletion failure. StatusMessage *string `type:"string"` + + // This is the type of vault in which the described recovery point is stored. + VaultType *string `type:"string" enum:"VaultType"` } // String returns the string representation. @@ -22695,6 +22794,12 @@ func (s *RecoveryPointByBackupVault) SetStatusMessage(v string) *RecoveryPointBy return s } +// SetVaultType sets the VaultType field's value. +func (s *RecoveryPointByBackupVault) SetVaultType(v string) *RecoveryPointByBackupVault { + s.VaultType = &v + return s +} + // Contains detailed information about a saved recovery point. type RecoveryPointByResource struct { _ struct{} `type:"structure"` @@ -27044,6 +27149,14 @@ type UpdateRegionSettingsInput struct { ResourceTypeManagementPreference map[string]*bool `type:"map"` // Updates the list of services along with the opt-in preferences for the Region. + // + // If resource assignments are only based on tags, then service opt-in settings + // are applied. If a resource type is explicitly assigned to a backup plan, + // such as Amazon S3, Amazon EC2, or Amazon RDS, it will be included in the + // backup even if the opt-in is not enabled for that particular service. If + // both a resource type and tags are specified in a resource assignment, the + // resource type specified in the backup plan takes priority over the tag condition. + // Service opt-in settings are disregarded in this situation. ResourceTypeOptInPreference map[string]*bool `type:"map"` } diff --git a/service/comprehend/api.go b/service/comprehend/api.go index 9ed24af97ab..b2d077e3dd5 100644 --- a/service/comprehend/api.go +++ b/service/comprehend/api.go @@ -168,10 +168,8 @@ func (c *Comprehend) BatchDetectEntitiesRequest(input *BatchDetectEntitiesInput) // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - BatchSizeLimitExceededException @@ -264,10 +262,8 @@ func (c *Comprehend) BatchDetectKeyPhrasesRequest(input *BatchDetectKeyPhrasesIn // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - BatchSizeLimitExceededException @@ -361,10 +357,8 @@ func (c *Comprehend) BatchDetectSentimentRequest(input *BatchDetectSentimentInpu // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - BatchSizeLimitExceededException @@ -460,10 +454,8 @@ func (c *Comprehend) BatchDetectSyntaxRequest(input *BatchDetectSyntaxInput) (re // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - BatchSizeLimitExceededException @@ -560,10 +552,8 @@ func (c *Comprehend) BatchDetectTargetedSentimentRequest(input *BatchDetectTarge // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - BatchSizeLimitExceededException @@ -643,18 +633,19 @@ func (c *Comprehend) ClassifyDocumentRequest(input *ClassifyDocumentInput) (req // // - Custom classifier - a custom model that you have created and trained. // For input, you can provide plain text, a single-page document (PDF, Word, -// or image), or Textract API output. For more information, see Custom classification -// (https://docs.aws.amazon.com/comprehend/latest/dg/how-document-classification.html) +// or image), or Amazon Textract API output. For more information, see Custom +// classification (https://docs.aws.amazon.com/comprehend/latest/dg/how-document-classification.html) // in the Amazon Comprehend Developer Guide. // -// - Prompt classifier - Amazon Comprehend provides a model for classifying -// prompts. For input, you provide English plain text input. For prompt classification, +// - Prompt safety classifier - Amazon Comprehend provides a pre-trained +// model for classifying input prompts for generative AI applications. For +// input, you provide English plain text input. For prompt safety classification, // the response includes only the Classes field. For more information about -// prompt classifiers, see Prompt classifiers (https://docs.aws.amazon.com/comprehend/latest/dg/prompt-classification.html) +// prompt safety classifiers, see Prompt safety classification (https://docs.aws.amazon.com/comprehend/latest/dg/trust-safety.html#prompt-classification) // in the Amazon Comprehend Developer Guide. // // If the system detects errors while processing a page in the input document, -// the API response includes an entry in Errors that describes the errors. +// the API response includes an Errors field that describes the errors. // // If the system detects a document-level error in your input document, the // API returns an InvalidRequestException error response. For details about @@ -768,10 +759,8 @@ func (c *Comprehend) ContainsPiiEntitiesRequest(input *ContainsPiiEntitiesInput) // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -982,10 +971,8 @@ func (c *Comprehend) CreateDocumentClassifierRequest(input *CreateDocumentClassi // resources, and then try your request again. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - KmsKeyValidationException @@ -1201,10 +1188,8 @@ func (c *Comprehend) CreateEntityRecognizerRequest(input *CreateEntityRecognizer // resources, and then try your request again. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - KmsKeyValidationException @@ -1327,10 +1312,8 @@ func (c *Comprehend) CreateFlywheelRequest(input *CreateFlywheelInput) (req *req // resources, and then try your request again. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - KmsKeyValidationException @@ -3465,10 +3448,8 @@ func (c *Comprehend) DetectEntitiesRequest(input *DetectEntitiesInput) (req *req // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -3557,10 +3538,8 @@ func (c *Comprehend) DetectKeyPhrasesRequest(input *DetectKeyPhrasesInput) (req // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -3650,10 +3629,8 @@ func (c *Comprehend) DetectPiiEntitiesRequest(input *DetectPiiEntitiesInput) (re // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -3743,10 +3720,8 @@ func (c *Comprehend) DetectSentimentRequest(input *DetectSentimentInput) (req *r // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -3837,10 +3812,8 @@ func (c *Comprehend) DetectSyntaxRequest(input *DetectSyntaxInput) (req *request // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -3933,10 +3906,8 @@ func (c *Comprehend) DetectTargetedSentimentRequest(input *DetectTargetedSentime // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -4008,11 +3979,10 @@ func (c *Comprehend) DetectToxicContentRequest(input *DetectToxicContentInput) ( // DetectToxicContent API operation for Amazon Comprehend. // // Performs toxicity analysis on the list of text strings that you provide as -// input. The analysis uses the order of strings in the list to determine context -// when predicting toxicity. The API response contains a results list that matches -// the size of the input list. For more information about toxicity detection, -// see Toxicity detection (https://docs.aws.amazon.com/comprehend/latest/dg/toxicity-detection.html) -// in the Amazon Comprehend Developer Guide +// input. The API response contains a results list that matches the size of +// the input list. For more information about toxicity detection, see Toxicity +// detection (https://docs.aws.amazon.com/comprehend/latest/dg/toxicity-detection.html) +// in the Amazon Comprehend Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4030,10 +4000,8 @@ func (c *Comprehend) DetectToxicContentRequest(input *DetectToxicContentInput) ( // The size of the input text exceeds the limit. Use a smaller document. // // - UnsupportedLanguageException -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. // // - InternalServerException @@ -6872,8 +6840,9 @@ func (c *Comprehend) StartDocumentClassificationJobRequest(input *StartDocumentC // StartDocumentClassificationJob API operation for Amazon Comprehend. // -// Starts an asynchronous document classification job. Use the DescribeDocumentClassificationJob -// operation to track the progress of the job. +// Starts an asynchronous document classification job using a custom classification +// model. Use the DescribeDocumentClassificationJob operation to track the progress +// of the job. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10728,7 +10697,7 @@ type ClassifyDocumentInput struct { // parameter to input an Amazon Textract DetectDocumentText or AnalyzeDocument // output file. // - // To classify a document using the prompt classifier, use the Text parameter + // To classify a document using the prompt safety classifier, use the Text parameter // for input. // // Provide the input document as a sequence of base64-encoded bytes. If your @@ -10749,7 +10718,10 @@ type ClassifyDocumentInput struct { // The Amazon Resource Number (ARN) of the endpoint. // - // For prompt classification, Amazon Comprehend provides the endpoint ARN: zzz. + // For prompt safety classification, Amazon Comprehend provides the endpoint + // ARN. For more information about prompt safety classifiers, see Prompt safety + // classification (https://docs.aws.amazon.com/comprehend/latest/dg/trust-safety.html#prompt-classification) + // in the Amazon Comprehend Developer Guide // // For custom classification, you create an endpoint for your custom model. // For more information, see Using Amazon Comprehend endpoints (https://docs.aws.amazon.com/comprehend/latest/dg/using-endpoints.html). @@ -10835,14 +10807,14 @@ func (s *ClassifyDocumentInput) SetText(v string) *ClassifyDocumentInput { type ClassifyDocumentOutput struct { _ struct{} `type:"structure" sensitive:"true"` - // The classes used by the document being analyzed. These are used for multi-class - // trained models. Individual classes are mutually exclusive and each document - // is expected to have only a single class assigned to it. For example, an animal - // can be a dog or a cat, but not both at the same time. + // The classes used by the document being analyzed. These are used for models + // trained in multi-class mode. Individual classes are mutually exclusive and + // each document is expected to have only a single class assigned to it. For + // example, an animal can be a dog or a cat, but not both at the same time. // - // For prompt classification, the response includes a single class (UNDESIRED_PROMPT), - // along with a confidence score. A higher confidence score indicates that the - // input prompt is undesired in nature. + // For prompt safety classification, the response includes only two classes + // (SAFE_PROMPT and UNSAFE_PROMPT), along with a confidence score for each class. + // The value range of the score is zero to one, where one is the highest confidence. Classes []*DocumentClass `type:"list"` // Extraction information about the document. This field is present in the response @@ -10857,7 +10829,7 @@ type ClassifyDocumentOutput struct { // The field is empty if the system encountered no errors. Errors []*ErrorsListItem `type:"list"` - // The labels used the document being analyzed. These are used for multi-label + // The labels used in the document being analyzed. These are used for multi-label // trained models. Individual labels represent different categories that are // related in some manner and are not mutually exclusive. For example, a movie // can be just an action movie, or it can be an action movie, a science fiction @@ -11282,11 +11254,11 @@ type CreateDocumentClassifierInput struct { LanguageCode *string `type:"string" required:"true" enum:"LanguageCode"` // Indicates the mode in which the classifier will be trained. The classifier - // can be trained in multi-class mode, which identifies one and only one class - // for each document, or multi-label mode, which identifies one or more labels - // for each document. In multi-label mode, multiple labels for an individual - // document are separated by a delimiter. The default delimiter between labels - // is a pipe (|). + // can be trained in multi-class (single-label) mode or multi-label mode. Multi-class + // mode identifies a single class label for each document and multi-label mode + // identifies one or more class labels for each document. Multiple labels for + // an individual document are separated by a delimiter. The default delimiter + // between labels is a pipe (|). Mode *string `type:"string" enum:"DocumentClassifierMode"` // ID for the KMS key that Amazon Comprehend uses to encrypt trained custom @@ -15424,7 +15396,8 @@ type DetectToxicContentInput struct { // LanguageCode is a required field LanguageCode *string `type:"string" required:"true" enum:"LanguageCode"` - // A list of up to 10 text strings. The maximum size for the list is 10 KB. + // A list of up to 10 text strings. Each string has a maximum size of 1 KB, + // and the maximum size of the list is 10 KB. // // TextSegments is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DetectToxicContentInput's @@ -16704,10 +16677,10 @@ type DocumentReaderConfig struct { // Specifies the type of Amazon Textract features to apply. If you chose TEXTRACT_ANALYZE_DOCUMENT // as the read action, you must specify one or both of the following values: // - // * TABLES - Returns information about any tables that are detected in the - // input document. + // * TABLES - Returns additional information about any tables that are detected + // in the input document. // - // * FORMS - Returns information and the data from any forms that are detected + // * FORMS - Returns additional information about any forms that are detected // in the input document. FeatureTypes []*string `min:"1" type:"list" enum:"DocumentReadFeatureTypes"` } @@ -18683,7 +18656,7 @@ type EntityTypesListItem struct { // // Entity types must not contain the following invalid characters: \n (line // break), \\n (escaped line break, \r (carriage return), \\r (escaped carriage - // return), \t (tab), \\t (escaped tab), space, and , (comma). + // return), \t (tab), \\t (escaped tab), and , (comma). // // Type is a required field Type *string `type:"string" required:"true"` @@ -19970,23 +19943,33 @@ func (s *InvalidFilterException) RequestID() string { return s.RespMetadata.RequestID } -// Provides additional detail about why the request failed: -// -// - Document size is too large - Check the size of your file and resubmit -// the request. -// -// - Document type is not supported - Check the file type and resubmit the -// request. -// -// - Too many pages in the document - Check the number of pages in your file -// and resubmit the request. -// -// - Access denied to Amazon Textract - Verify that your account has permission -// to use Amazon Textract API operations and resubmit the request. +// Provides additional detail about why the request failed. type InvalidRequestDetail struct { _ struct{} `type:"structure"` - // Reason code is INVALID_DOCUMENT. + // Reason codes include the following values: + // + // * DOCUMENT_SIZE_EXCEEDED - Document size is too large. Check the size + // of your file and resubmit the request. + // + // * UNSUPPORTED_DOC_TYPE - Document type is not supported. Check the file + // type and resubmit the request. + // + // * PAGE_LIMIT_EXCEEDED - Too many pages in the document. Check the number + // of pages in your file and resubmit the request. + // + // * TEXTRACT_ACCESS_DENIED - Access denied to Amazon Textract. Verify that + // your account has permission to use Amazon Textract API operations and + // resubmit the request. + // + // * NOT_TEXTRACT_JSON - Document is not Amazon Textract JSON format. Verify + // the format and resubmit the request. + // + // * MISMATCHED_TOTAL_PAGE_COUNT - Check the number of pages in your file + // and resubmit the request. + // + // * INVALID_DOCUMENT - Invalid document. Check the file and resubmit the + // request. Reason *string `type:"string" enum:"InvalidRequestDetailReason"` } @@ -20019,19 +20002,7 @@ type InvalidRequestException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // Provides additional detail about why the request failed: - // - // * Document size is too large - Check the size of your file and resubmit - // the request. - // - // * Document type is not supported - Check the file type and resubmit the - // request. - // - // * Too many pages in the document - Check the number of pages in your file - // and resubmit the request. - // - // * Access denied to Amazon Textract - Verify that your account has permission - // to use Amazon Textract API operations and resubmit the request. + // Provides additional detail about why the request failed. Detail *InvalidRequestDetail `type:"structure"` Message_ *string `locationName:"Message" min:"1" type:"string"` @@ -28239,14 +28210,15 @@ func (s *ToxicContent) SetScore(v float64) *ToxicContent { // Toxicity analysis result for one string. For more information about toxicity // detection, see Toxicity detection (https://docs.aws.amazon.com/comprehend/latest/dg/toxicity-detection.html) -// in the Amazon Comprehend Developer Guide +// in the Amazon Comprehend Developer Guide. type ToxicLabels struct { _ struct{} `type:"structure"` // Array of toxic content types identified in the string. Labels []*ToxicContent `type:"list"` - // Overall toxicity score for the string. + // Overall toxicity score for the string. Value range is zero to one, where + // one is the highest confidence. Toxicity *float64 `type:"float"` } @@ -28280,10 +28252,8 @@ func (s *ToxicLabels) SetToxicity(v float64) *ToxicLabels { return s } -// Amazon Comprehend can't process the language of the input text. For custom -// entity recognition APIs, only English, Spanish, French, Italian, German, -// or Portuguese are accepted. For a list of supported languages, Supported -// languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) +// Amazon Comprehend can't process the language of the input text. For a list +// of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. type UnsupportedLanguageException struct { _ struct{} `type:"structure"` @@ -29024,14 +28994,7 @@ func DocumentReadAction_Values() []string { } } -// Specifies the type of Amazon Textract features to apply. If you chose TEXTRACT_ANALYZE_DOCUMENT -// as the read action, you must specify one or both of the following values: -// -// - TABLES - Returns additional information about any tables that are detected -// in the input document. -// -// - FORMS - Returns additional information about any forms that are detected -// in the input document. +// TABLES or FORMS const ( // DocumentReadFeatureTypesTables is a DocumentReadFeatureTypes enum value DocumentReadFeatureTypesTables = "TABLES" diff --git a/service/comprehend/errors.go b/service/comprehend/errors.go index 804c8cbaa37..7f13d3b7753 100644 --- a/service/comprehend/errors.go +++ b/service/comprehend/errors.go @@ -111,10 +111,8 @@ const ( // ErrCodeUnsupportedLanguageException for service response error code // "UnsupportedLanguageException". // - // Amazon Comprehend can't process the language of the input text. For custom - // entity recognition APIs, only English, Spanish, French, Italian, German, - // or Portuguese are accepted. For a list of supported languages, Supported - // languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) + // Amazon Comprehend can't process the language of the input text. For a list + // of supported languages, Supported languages (https://docs.aws.amazon.com/comprehend/latest/dg/supported-languages.html) // in the Comprehend Developer Guide. ErrCodeUnsupportedLanguageException = "UnsupportedLanguageException" ) diff --git a/service/connect/api.go b/service/connect/api.go index 9a8d6e2e643..a12b5ac66bf 100644 --- a/service/connect/api.go +++ b/service/connect/api.go @@ -30262,6 +30262,10 @@ type CreateInstanceInput struct { // // OutboundCallsEnabled is a required field OutboundCallsEnabled *bool `type:"boolean" required:"true"` + + // The tags used to organize, track, or control access for this resource. For + // example, { "tags": {"key1":"value1", "key2":"value2"} }. + Tags map[string]*string `min:"1" type:"map"` } // String returns the string representation. @@ -30300,6 +30304,9 @@ func (s *CreateInstanceInput) Validate() error { if s.OutboundCallsEnabled == nil { invalidParams.Add(request.NewErrParamRequired("OutboundCallsEnabled")) } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } if invalidParams.Len() > 0 { return invalidParams @@ -30343,6 +30350,12 @@ func (s *CreateInstanceInput) SetOutboundCallsEnabled(v bool) *CreateInstanceInp return s } +// SetTags sets the Tags field's value. +func (s *CreateInstanceInput) SetTags(v map[string]*string) *CreateInstanceInput { + s.Tags = v + return s +} + type CreateInstanceOutput struct { _ struct{} `type:"structure"` @@ -46006,6 +46019,9 @@ type Instance struct { // Relevant details why the instance was not successfully created. StatusReason *InstanceStatusReason `type:"structure"` + + // The tags of an instance. + Tags map[string]*string `min:"1" type:"map"` } // String returns the string representation. @@ -46092,6 +46108,12 @@ func (s *Instance) SetStatusReason(v *InstanceStatusReason) *Instance { return s } +// SetTags sets the Tags field's value. +func (s *Instance) SetTags(v map[string]*string) *Instance { + s.Tags = v + return s +} + // Relevant details why the instance was not successfully created. type InstanceStatusReason struct { _ struct{} `type:"structure"` diff --git a/service/ec2/api.go b/service/ec2/api.go index 56f6e620125..b2008fba6cf 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -161017,6 +161017,9 @@ func (s *PrivateIpAddressSpecification) SetPrivateIpAddress(v string) *PrivateIp type ProcessorInfo struct { _ struct{} `type:"structure"` + // The manufacturer of the processor. + Manufacturer *string `locationName:"manufacturer" type:"string"` + // The architectures supported by the instance type. SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"` @@ -161047,6 +161050,12 @@ func (s ProcessorInfo) GoString() string { return s.String() } +// SetManufacturer sets the Manufacturer field's value. +func (s *ProcessorInfo) SetManufacturer(v string) *ProcessorInfo { + s.Manufacturer = &v + return s +} + // SetSupportedArchitectures sets the SupportedArchitectures field's value. func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo { s.SupportedArchitectures = v diff --git a/service/paymentcryptography/api.go b/service/paymentcryptography/api.go index 580eb904314..2e489559552 100644 --- a/service/paymentcryptography/api.go +++ b/service/paymentcryptography/api.go @@ -193,7 +193,7 @@ func (c *PaymentCryptography) CreateKeyRequest(input *CreateKeyInput) (req *requ // key usage, key origin, creation date, description, and key state. // // When you create a key, you specify both immutable and mutable data about -// the key. The immutable data contains key attributes that defines the scope +// the key. The immutable data contains key attributes that define the scope // and cryptographic operations that you can perform using the key, for example // key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key // usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: @@ -435,7 +435,7 @@ func (c *PaymentCryptography) DeleteKeyRequest(input *DeleteKeyInput) (req *requ // DeleteKey API operation for Payment Cryptography Control Plane. // -// Deletes the key material and all metadata associated with Amazon Web Services +// Deletes the key material and metadata associated with Amazon Web Services // Payment Cryptography key. // // Key deletion is irreversible. After a key is deleted, you can't perform cryptographic @@ -444,13 +444,10 @@ func (c *PaymentCryptography) DeleteKeyRequest(input *DeleteKeyInput) (req *requ // become unrecoverable. Because key deletion is destructive, Amazon Web Services // Payment Cryptography has a safety mechanism to prevent accidental deletion // of a key. When you call this operation, Amazon Web Services Payment Cryptography -// disables the specified key but doesn't delete it until after a waiting period. -// The default waiting period is 7 days. To set a different waiting period, -// set DeleteKeyInDays. During the waiting period, the KeyState is DELETE_PENDING. -// After the key is deleted, the KeyState is DELETE_COMPLETE. -// -// If you delete key material, you can use ImportKey to reimport the same key -// material into the Amazon Web Services Payment Cryptography key. +// disables the specified key but doesn't delete it until after a waiting period +// set using DeleteKeyInDays. The default waiting period is 7 days. During the +// waiting period, the KeyState is DELETE_PENDING. After the key is deleted, +// the KeyState is DELETE_COMPLETE. // // You should delete a key only when you are sure that you don't need to use // it anymore and no other parties are utilizing this key. If you aren't sure, @@ -563,64 +560,109 @@ func (c *PaymentCryptography) ExportKeyRequest(input *ExportKeyInput) (req *requ // ExportKey API operation for Payment Cryptography Control Plane. // -// Exports a key from Amazon Web Services Payment Cryptography using either -// ANSI X9 TR-34 or TR-31 key export standard. -// -// Amazon Web Services Payment Cryptography simplifies main or root key exchange -// process by eliminating the need of a paper-based key exchange process. It -// takes a modern and secure approach based of the ANSI X9 TR-34 key exchange -// standard. -// -// You can use ExportKey to export main or root keys such as KEK (Key Encryption -// Key), using asymmetric key exchange technique following ANSI X9 TR-34 standard. -// The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional -// trust between the two parties exchanging keys. After which you can export -// working keys using the ANSI X9 TR-31 symmetric key exchange standard as mandated -// by PCI PIN. Using this operation, you can share your Amazon Web Services -// Payment Cryptography generated keys with other service partners to perform -// cryptographic operations outside of Amazon Web Services Payment Cryptography -// -// # TR-34 key export -// -// Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange -// standard to export main keys such as KEK. In TR-34 terminology, the sending -// party of the key is called Key Distribution Host (KDH) and the receiving -// party of the key is called Key Receiving Host (KRH). In key export process, -// KDH is Amazon Web Services Payment Cryptography which initiates key export. -// KRH is the user receiving the key. Before you initiate TR-34 key export, -// you must obtain an export token by calling GetParametersForExport. This operation -// also returns the signing key certificate that KDH uses to sign the wrapped -// key to generate a TR-34 wrapped key block. The export token expires after -// 7 days. +// Exports a key from Amazon Web Services Payment Cryptography. +// +// Amazon Web Services Payment Cryptography simplifies key exchange by replacing +// the existing paper-based approach with a modern electronic approach. With +// ExportKey you can export symmetric keys using either symmetric and asymmetric +// key exchange mechanisms. Using this operation, you can share your Amazon +// Web Services Payment Cryptography generated keys with other service partners +// to perform cryptographic operations outside of Amazon Web Services Payment +// Cryptography +// +// For symmetric key exchange, Amazon Web Services Payment Cryptography uses +// the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric +// key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 +// norm . Asymmetric key exchange methods are typically used to establish bi-directional +// trust between the two parties exhanging keys and are used for initial key +// exchange such as Key Encryption Key (KEK). After which you can export working +// keys using symmetric method to perform various cryptographic operations within +// Amazon Web Services Payment Cryptography. +// +// The TR-34 norm is intended for exchanging 3DES keys only and keys are imported +// in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm, +// KeyModesOfUse, Exportability) are contained within the key block. +// +// You can also use ExportKey functionality to generate and export an IPEK (Initial +// Pin Encryption Key) from Amazon Web Services Payment Cryptography using either +// TR-31 or TR-34 export key exchange. IPEK is generated from BDK (Base Derivation +// Key) and ExportDukptInitialKey attribute KSN (KeySerialNumber). The generated +// IPEK does not persist within Amazon Web Services Payment Cryptography and +// has to be re-generated each time during export. +// +// # To export KEK or IPEK using TR-34 +// +// Using this operation, you can export initial key using TR-34 asymmetric key +// exchange. You can only export KEK generated within Amazon Web Services Payment +// Cryptography. In TR-34 terminology, the sending party of the key is called +// Key Distribution Host (KDH) and the receiving party of the key is called +// Key Receiving Device (KRD). During key export process, KDH is Amazon Web +// Services Payment Cryptography which initiates key export and KRD is the user +// receiving the key. +// +// To initiate TR-34 key export, the KRD must obtain an export token by calling +// GetParametersForExport. This operation also generates a key pair for the +// purpose of key export, signs the key and returns back the signing public +// key certificate (also known as KDH signing certificate) and root certificate +// chain. The KDH uses the private key to sign the the export payload and the +// signing public key certificate is provided to KRD to verify the signature. +// The KRD can import the root certificate into its Hardware Security Module +// (HSM), as required. The export token and the associated KDH signing certificate +// expires after 7 days. +// +// Next the KRD generates a key pair for the the purpose of encrypting the KDH +// key and provides the public key cerificate (also known as KRD wrapping certificate) +// back to KDH. The KRD will also import the root cerificate chain into Amazon +// Web Services Payment Cryptography by calling ImportKey for RootCertificatePublicKey. +// The KDH, Amazon Web Services Payment Cryptography, will use the KRD wrapping +// cerificate to encrypt (wrap) the key under export and signs it with signing +// private key to generate a TR-34 WrappedKeyBlock. For more information on +// TR-34 key export, see section Exporting symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-export.html) +// in the Amazon Web Services Payment Cryptography User Guide. // // Set the following parameters: // -// # CertificateAuthorityPublicKeyIdentifier +// - ExportAttributes: Specify export attributes in case of IPEK export. +// This parameter is optional for KEK export. // -// The KeyARN of the certificate chain that will sign the wrapping key certificate. -// This must exist within Amazon Web Services Payment Cryptography before you -// initiate TR-34 key export. If it does not exist, you can import it by calling -// ImportKey for RootCertificatePublicKey. +// - ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) +// under export. // -// # ExportToken +// - KeyMaterial: Use Tr34KeyBlock parameters. // -// Obtained from KDH by calling GetParametersForExport. +// - CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate +// chain that signed the KRD wrapping key certificate. // -// # WrappingKeyCertificate +// - ExportToken: Obtained from KDH by calling GetParametersForImport. // -// Amazon Web Services Payment Cryptography uses this to wrap the key under -// export. +// - WrappingKeyCertificate: The public key certificate in PEM format (base64 +// encoded) of the KRD wrapping key Amazon Web Services Payment Cryptography +// uses for encryption of the TR-34 export payload. This certificate must +// be signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) +// imported into Amazon Web Services Payment Cryptography. // // When this operation is successful, Amazon Web Services Payment Cryptography -// returns the TR-34 wrapped key block. +// returns the KEK or IPEK as a TR-34 WrappedKeyBlock. // -// # TR-31 key export +// # To export WK (Working Key) or IPEK using TR-31 // -// Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange -// standard to export working keys. In TR-31, you must use a main key such as -// KEK to encrypt or wrap the key under export. To establish a KEK, you can -// use CreateKey or ImportKey. When this operation is successful, Amazon Web -// Services Payment Cryptography returns a TR-31 wrapped key block. +// Using this operation, you can export working keys or IPEK using TR-31 symmetric +// key exchange. In TR-31, you must use an initial key such as KEK to encrypt +// or wrap the key under export. To establish a KEK, you can use CreateKey or +// ImportKey. +// +// Set the following parameters: +// +// - ExportAttributes: Specify export attributes in case of IPEK export. +// This parameter is optional for KEK export. +// +// - ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) +// under export. +// +// - KeyMaterial: Use Tr31KeyBlock parameters. +// +// When this operation is successful, Amazon Web Services Payment Cryptography +// returns the WK or IPEK as a TR-31 WrappedKeyBlock. // // Cross-account use: This operation can't be used across different Amazon Web // Services accounts. @@ -1060,14 +1102,13 @@ func (c *PaymentCryptography) GetParametersForImportRequest(input *GetParameters // GetParametersForImport API operation for Payment Cryptography Control Plane. // -// Gets the import token and the wrapping key certificate to initiate a TR-34 -// key import into Amazon Web Services Payment Cryptography. +// Gets the import token and the wrapping key certificate in PEM format (base64 +// encoded) to initiate a TR-34 WrappedKeyBlock. // -// The wrapping key certificate wraps the key under import within the TR-34 -// key payload. The import token and wrapping key certificate must be in place -// and operational before calling ImportKey. The import token expires in 7 days. -// The same import token can be used to import multiple keys into your service -// account. +// The wrapping key certificate wraps the key under import. The import token +// and wrapping key certificate must be in place and operational before calling +// ImportKey. The import token expires in 7 days. You can use the same import +// token to import multiple keys into your service account. // // Cross-account use: This operation can't be used across different Amazon Web // Services accounts. @@ -1282,27 +1323,36 @@ func (c *PaymentCryptography) ImportKeyRequest(input *ImportKeyInput) (req *requ // ImportKey API operation for Payment Cryptography Control Plane. // -// Imports keys and public key certificates into Amazon Web Services Payment -// Cryptography. +// Imports symmetric keys and public key certificates in PEM format (base64 +// encoded) into Amazon Web Services Payment Cryptography. // -// Amazon Web Services Payment Cryptography simplifies main or root key exchange -// process by eliminating the need of a paper-based key exchange process. It -// takes a modern and secure approach based of the ANSI X9 TR-34 key exchange -// standard. +// Amazon Web Services Payment Cryptography simplifies key exchange by replacing +// the existing paper-based approach with a modern electronic approach. With +// ImportKey you can import symmetric keys using either symmetric and asymmetric +// key exchange mechanisms. // -// You can use ImportKey to import main or root keys such as KEK (Key Encryption -// Key) using asymmetric key exchange technique following the ANSI X9 TR-34 -// standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes -// bi-directional trust between the two parties exchanging keys. +// For symmetric key exchange, Amazon Web Services Payment Cryptography uses +// the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric +// key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 +// norm . Asymmetric key exchange methods are typically used to establish bi-directional +// trust between the two parties exhanging keys and are used for initial key +// exchange such as Key Encryption Key (KEK) or Zone Master Key (ZMK). After +// which you can import working keys using symmetric method to perform various +// cryptographic operations within Amazon Web Services Payment Cryptography. // -// After you have imported a main or root key, you can import working keys to -// perform various cryptographic operations within Amazon Web Services Payment -// Cryptography using the ANSI X9 TR-31 symmetric key exchange standard as mandated -// by PCI PIN. +// The TR-34 norm is intended for exchanging 3DES keys only and keys are imported +// in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm, +// KeyModesOfUse, Exportability) are contained within the key block. // -// You can also import a root public key certificate, a self-signed certificate -// used to sign other public key certificates, or a trusted public key certificate -// under an already established root public key certificate. +// You can also import a root public key certificate, used to sign other public +// key certificates, or a trusted public key certificate under an already established +// root public key certificate. +// +// # To import a public root key certificate +// +// You can also import a root public key certificate, used to sign other public +// key certificates, or a trusted public key certificate under an already established +// root public key certificate. // // # To import a public root key certificate // @@ -1321,8 +1371,8 @@ func (c *PaymentCryptography) ImportKeyRequest(input *ImportKeyInput) (req *requ // // - KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE // -// - PublicKeyCertificate: The certificate authority used to sign the root -// public key certificate. +// - PublicKeyCertificate: The public key certificate in PEM format (base64 +// encoded) of the private root key under import. // // # To import a trusted public key certificate // @@ -1337,54 +1387,66 @@ func (c *PaymentCryptography) ImportKeyRequest(input *ImportKeyInput) (req *requ // such as wrap, sign, or encrypt that you will allow the trusted public // key certificate to perform. // -// - PublicKeyCertificate: The certificate authority used to sign the trusted -// public key certificate. -// -// # Import main keys -// -// Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange -// standard to import main keys such as KEK. In TR-34 terminology, the sending -// party of the key is called Key Distribution Host (KDH) and the receiving -// party of the key is called Key Receiving Host (KRH). During the key import -// process, KDH is the user who initiates the key import and KRH is Amazon Web -// Services Payment Cryptography who receives the key. Before initiating TR-34 -// key import, you must obtain an import token by calling GetParametersForImport. -// This operation also returns the wrapping key certificate that KDH uses wrap -// key under import to generate a TR-34 wrapped key block. The import token -// expires after 7 days. +// - PublicKeyCertificate: The trusted public key certificate in PEM format +// (base64 encoded) under import. +// +// # To import KEK or ZMK using TR-34 +// +// Using this operation, you can import initial key using TR-34 asymmetric key +// exchange. In TR-34 terminology, the sending party of the key is called Key +// Distribution Host (KDH) and the receiving party of the key is called Key +// Receiving Device (KRD). During the key import process, KDH is the user who +// initiates the key import and KRD is Amazon Web Services Payment Cryptography +// who receives the key. +// +// To initiate TR-34 key import, the KDH must obtain an import token by calling +// GetParametersForImport. This operation generates an encryption keypair for +// the purpose of key import, signs the key and returns back the wrapping key +// certificate (also known as KRD wrapping certificate) and the root certificate +// chain. The KDH must trust and install the KRD wrapping certificate on its +// HSM and use it to encrypt (wrap) the KDH key during TR-34 WrappedKeyBlock +// generation. The import token and associated KRD wrapping certificate expires +// after 7 days. +// +// Next the KDH generates a key pair for the purpose of signing the encrypted +// KDH key and provides the public certificate of the signing key to Amazon +// Web Services Payment Cryptography. The KDH will also need to import the root +// certificate chain of the KDH signing certificate by calling ImportKey for +// RootCertificatePublicKey. For more information on TR-34 key import, see section +// Importing symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-import.html) +// in the Amazon Web Services Payment Cryptography User Guide. // // Set the following parameters: // -// - CertificateAuthorityPublicKeyIdentifier: The KeyArn of the certificate -// chain that will sign the signing key certificate and should exist within -// Amazon Web Services Payment Cryptography before initiating TR-34 key import. -// If it does not exist, you can import it by calling by calling ImportKey -// for RootCertificatePublicKey. +// - KeyMaterial: Use Tr34KeyBlock parameters. // -// - ImportToken: Obtained from KRH by calling GetParametersForImport. +// - CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate +// chain that signed the KDH signing key certificate. // -// - WrappedKeyBlock: The TR-34 wrapped key block from KDH. It contains the -// KDH key under import, wrapped with KRH provided wrapping key certificate -// and signed by the KDH private signing key. This TR-34 key block is generated +// - ImportToken: Obtained from KRD by calling GetParametersForImport. +// +// - WrappedKeyBlock: The TR-34 wrapped key material from KDH. It contains +// the KDH key under import, wrapped with KRD wrapping certificate and signed +// by KDH signing private key. This TR-34 key block is typically generated // by the KDH Hardware Security Module (HSM) outside of Amazon Web Services // Payment Cryptography. // -// - SigningKeyCertificate: The public component of the private key that -// signed the KDH TR-34 wrapped key block. In PEM certificate format. -// -// TR-34 is intended primarily to exchange 3DES keys. Your ability to export -// AES-128 and larger AES keys may be dependent on your source system. +// - SigningKeyCertificate: The public key certificate in PEM format (base64 +// encoded) of the KDH signing key generated under the root certificate (CertificateAuthorityPublicKeyIdentifier) +// imported in Amazon Web Services Payment Cryptography. // -// # Import working keys +// # To import WK (Working Key) using TR-31 // // Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange -// standard to import working keys. A KEK must be established within Amazon -// Web Services Payment Cryptography by using TR-34 key import. To initiate -// a TR-31 key import, set the following parameters: +// norm to import working keys. A KEK must be established within Amazon Web +// Services Payment Cryptography by using TR-34 key import or by using CreateKey. +// To initiate a TR-31 key import, set the following parameters: // -// - WrappedKeyBlock: The key under import and encrypted using KEK. The TR-31 -// key block generated by your HSM outside of Amazon Web Services Payment -// Cryptography. +// - KeyMaterial: Use Tr31KeyBlock parameters. +// +// - WrappedKeyBlock: The TR-31 wrapped key material. It contains the key +// under import, encrypted using KEK. The TR-31 key block is typically generated +// by a HSM outside of Amazon Web Services Payment Cryptography. // // - WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services // Payment Cryptography uses to decrypt or unwrap the key under import. @@ -2831,13 +2893,13 @@ func (s *ConflictException) RequestID() string { type CreateAliasInput struct { _ struct{} `type:"structure"` - // A friendly name that you can use to refer a key. An alias must begin with + // A friendly name that you can use to refer to a key. An alias must begin with // alias/ followed by a name, for example alias/ExampleAlias. It can contain // only alphanumeric characters, forward slashes (/), underscores (_), and dashes // (-). // - // Don't include confidential or sensitive information in this field. This field - // may be displayed in plaintext in CloudTrail logs and other output. + // Don't include personal, confidential or sensitive information in this field. + // This field may be displayed in plaintext in CloudTrail logs and other output. // // AliasName is a required field AliasName *string `min:"7" type:"string" required:"true"` @@ -2932,8 +2994,8 @@ type CreateKeyInput struct { _ struct{} `type:"structure"` // Specifies whether to enable the key. If the key is enabled, it is activated - // for use within the service. If the key not enabled, then it is created but - // not activated. The default value is enabled. + // for use within the service. If the key is not enabled, then it is created + // but not activated. The default value is enabled. Enabled *bool `type:"boolean"` // Specifies whether the key is exportable from the service. @@ -2948,24 +3010,26 @@ type CreateKeyInput struct { KeyAttributes *KeyAttributes `type:"structure" required:"true"` // The algorithm that Amazon Web Services Payment Cryptography uses to calculate - // the key check value (KCV) for DES and AES keys. + // the key check value (KCV). It is used to validate the key integrity. // - // For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', - // with the key to be checked and retaining the 3 highest order bytes of the - // encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, - // each with value '01', with the key to be checked and retaining the 3 highest - // order bytes of the encrypted result. + // For TDES keys, the KCV is computed by encrypting 8 bytes, each with value + // of zero, with the key to be checked and retaining the 3 highest order bytes + // of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm + // where the input data is 16 bytes of zero and retaining the 3 highest order + // bytes of the encrypted result. KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"` - // The tags to attach to the key. Each tag consists of a tag key and a tag value. - // Both the tag key and the tag value are required, but the tag value can be - // an empty (null) string. You can't have more than one tag on an Amazon Web - // Services Payment Cryptography key with the same tag key. + // Assigns one or more tags to the Amazon Web Services Payment Cryptography + // key. Use this parameter to tag a key when it is created. To tag an existing + // Amazon Web Services Payment Cryptography key, use the TagResource operation. // - // To use this parameter, you must have TagResource permission. + // Each tag consists of a tag key and a tag value. Both the tag key and the + // tag value are required, but the tag value can be an empty (null) string. + // You can't have more than one tag on an Amazon Web Services Payment Cryptography + // key with the same tag key. // - // Don't include confidential or sensitive information in this field. This field - // may be displayed in plaintext in CloudTrail logs and other output. + // Don't include personal, confidential or sensitive information in this field. + // This field may be displayed in plaintext in CloudTrail logs and other output. // // Tagging or untagging an Amazon Web Services Payment Cryptography key can // allow or deny permission to the key. @@ -3250,9 +3314,129 @@ func (s *DeleteKeyOutput) SetKey(v *Key) *DeleteKeyOutput { return s } +// The attributes for IPEK generation during export. +type ExportAttributes struct { + _ struct{} `type:"structure"` + + // Parameter information for IPEK export. + ExportDukptInitialKey *ExportDukptInitialKey `type:"structure"` + + // The algorithm that Amazon Web Services Payment Cryptography uses to calculate + // the key check value (KCV). It is used to validate the key integrity. Specify + // KCV for IPEK export only. + // + // For TDES keys, the KCV is computed by encrypting 8 bytes, each with value + // of zero, with the key to be checked and retaining the 3 highest order bytes + // of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm + // where the input data is 16 bytes of zero and retaining the 3 highest order + // bytes of the encrypted result. + KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportAttributes"} + if s.ExportDukptInitialKey != nil { + if err := s.ExportDukptInitialKey.Validate(); err != nil { + invalidParams.AddNested("ExportDukptInitialKey", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetExportDukptInitialKey sets the ExportDukptInitialKey field's value. +func (s *ExportAttributes) SetExportDukptInitialKey(v *ExportDukptInitialKey) *ExportAttributes { + s.ExportDukptInitialKey = v + return s +} + +// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value. +func (s *ExportAttributes) SetKeyCheckValueAlgorithm(v string) *ExportAttributes { + s.KeyCheckValueAlgorithm = &v + return s +} + +// Parameter information for IPEK generation during export. +type ExportDukptInitialKey struct { + _ struct{} `type:"structure"` + + // The KSN for IPEK generation using DUKPT. + // + // KSN must be padded before sending to Amazon Web Services Payment Cryptography. + // KSN hex length should be 20 for a TDES_2KEY key or 24 for an AES key. + // + // KeySerialNumber is a required field + KeySerialNumber *string `min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportDukptInitialKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportDukptInitialKey) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportDukptInitialKey) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportDukptInitialKey"} + if s.KeySerialNumber == nil { + invalidParams.Add(request.NewErrParamRequired("KeySerialNumber")) + } + if s.KeySerialNumber != nil && len(*s.KeySerialNumber) < 20 { + invalidParams.Add(request.NewErrParamMinLen("KeySerialNumber", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeySerialNumber sets the KeySerialNumber field's value. +func (s *ExportDukptInitialKey) SetKeySerialNumber(v string) *ExportDukptInitialKey { + s.KeySerialNumber = &v + return s +} + type ExportKeyInput struct { _ struct{} `type:"structure"` + // The attributes for IPEK generation during export. + ExportAttributes *ExportAttributes `type:"structure"` + // The KeyARN of the key under export from Amazon Web Services Payment Cryptography. // // ExportKeyIdentifier is a required field @@ -3295,6 +3479,11 @@ func (s *ExportKeyInput) Validate() error { if s.KeyMaterial == nil { invalidParams.Add(request.NewErrParamRequired("KeyMaterial")) } + if s.ExportAttributes != nil { + if err := s.ExportAttributes.Validate(); err != nil { + invalidParams.AddNested("ExportAttributes", err.(request.ErrInvalidParams)) + } + } if s.KeyMaterial != nil { if err := s.KeyMaterial.Validate(); err != nil { invalidParams.AddNested("KeyMaterial", err.(request.ErrInvalidParams)) @@ -3307,6 +3496,12 @@ func (s *ExportKeyInput) Validate() error { return nil } +// SetExportAttributes sets the ExportAttributes field's value. +func (s *ExportKeyInput) SetExportAttributes(v *ExportAttributes) *ExportKeyInput { + s.ExportAttributes = v + return s +} + // SetExportKeyIdentifier sets the ExportKeyIdentifier field's value. func (s *ExportKeyInput) SetExportKeyIdentifier(v string) *ExportKeyInput { s.ExportKeyIdentifier = &v @@ -3320,14 +3515,16 @@ func (s *ExportKeyInput) SetKeyMaterial(v *ExportKeyMaterial) *ExportKeyInput { } // Parameter information for key material export from Amazon Web Services Payment -// Cryptography. +// Cryptography using TR-31 or TR-34 key exchange method. type ExportKeyMaterial struct { _ struct{} `type:"structure"` - // Parameter information for key material export using TR-31 standard. + // Parameter information for key material export using symmetric TR-31 key exchange + // method. Tr31KeyBlock *ExportTr31KeyBlock `type:"structure"` - // Parameter information for key material export using TR-34 standard. + // Parameter information for key material export using the asymmetric TR-34 + // key exchange method. Tr34KeyBlock *ExportTr34KeyBlock `type:"structure"` } @@ -3384,7 +3581,7 @@ func (s *ExportKeyMaterial) SetTr34KeyBlock(v *ExportTr34KeyBlock) *ExportKeyMat type ExportKeyOutput struct { _ struct{} `type:"structure"` - // The key material under export as a TR-34 or TR-31 wrapped key block. + // The key material under export as a TR-34 WrappedKeyBlock or a TR-31 WrappedKeyBlock. WrappedKey *WrappedKey `type:"structure"` } @@ -3412,7 +3609,8 @@ func (s *ExportKeyOutput) SetWrappedKey(v *WrappedKey) *ExportKeyOutput { return s } -// Parameter information for key material export using TR-31 standard. +// Parameter information for key material export using symmetric TR-31 key exchange +// method. type ExportTr31KeyBlock struct { _ struct{} `type:"structure"` @@ -3463,7 +3661,8 @@ func (s *ExportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ExportTr31KeyBl return s } -// Parameter information for key material export using TR-34 standard. +// Parameter information for key material export using the asymmetric TR-34 +// key exchange method. type ExportTr34KeyBlock struct { _ struct{} `type:"structure"` @@ -3758,8 +3957,8 @@ type GetParametersForExportInput struct { KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"` // The signing key algorithm to generate a signing key certificate. This certificate - // signs the wrapped key under export within the TR-34 key block cryptogram. - // RSA_2048 is the only signing key algorithm allowed. + // signs the wrapped key under export within the TR-34 key block. RSA_2048 is + // the only signing key algorithm allowed. // // SigningKeyAlgorithm is a required field SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` @@ -3832,8 +4031,9 @@ type GetParametersForExportOutput struct { // SigningKeyAlgorithm is a required field SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` - // The signing key certificate of the public key for signature within the TR-34 - // key block cryptogram. The certificate expires after 7 days. + // The signing key certificate in PEM format (base64 encoded) of the public + // key for signature within the TR-34 key block. The certificate expires after + // 7 days. // // SigningKeyCertificate is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetParametersForExportOutput's @@ -3842,8 +4042,8 @@ type GetParametersForExportOutput struct { // SigningKeyCertificate is a required field SigningKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` - // The certificate chain that signed the signing key certificate. This is the - // root certificate authority (CA) within your service account. + // The root certificate authority (CA) that signed the signing key certificate + // in PEM format (base64 encoded). // // SigningKeyCertificateChain is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetParametersForExportOutput's @@ -3904,16 +4104,20 @@ func (s *GetParametersForExportOutput) SetSigningKeyCertificateChain(v string) * type GetParametersForImportInput struct { _ struct{} `type:"structure"` - // The key block format type such as TR-34 or TR-31 to use during key material - // import. Import token is only required for TR-34 key import TR34_KEY_BLOCK. - // Import token is not required for TR-31 key import. + // The method to use for key material import. Import token is only required + // for TR-34 WrappedKeyBlock (TR34_KEY_BLOCK). + // + // Import token is not required for TR-31, root public key cerificate or trusted + // public key certificate. // // KeyMaterialType is a required field KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"` // The wrapping key algorithm to generate a wrapping key certificate. This certificate - // wraps the key under import within the TR-34 key block cryptogram. RSA_2048 - // is the only wrapping key algorithm allowed. + // wraps the key under import. + // + // At this time, RSA_2048, RSA_3072, RSA_4096 are the only allowed algorithms + // for TR-34 WrappedKeyBlock import. // // WrappingKeyAlgorithm is a required field WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` @@ -3980,14 +4184,13 @@ type GetParametersForImportOutput struct { // ParametersValidUntilTimestamp is a required field ParametersValidUntilTimestamp *time.Time `type:"timestamp" required:"true"` - // The algorithm of the wrapping key for use within TR-34 key block. RSA_2048 - // is the only wrapping key algorithm allowed. + // The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock. // // WrappingKeyAlgorithm is a required field WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` - // The wrapping key certificate of the wrapping key for use within the TR-34 - // key block. The certificate expires in 7 days. + // The wrapping key certificate in PEM format (base64 encoded) of the wrapping + // key for use within the TR-34 key block. The certificate expires in 7 days. // // WrappingKeyCertificate is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetParametersForImportOutput's @@ -3996,9 +4199,8 @@ type GetParametersForImportOutput struct { // WrappingKeyCertificate is a required field WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` - // The Amazon Web Services Payment Cryptography certificate chain that signed - // the wrapping key certificate. This is the root certificate authority (CA) - // within your service account. + // The Amazon Web Services Payment Cryptography root certificate authority (CA) + // that signed the wrapping key certificate in PEM format (base64 encoded). // // WrappingKeyCertificateChain is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetParametersForImportOutput's @@ -4108,9 +4310,9 @@ func (s *GetPublicKeyCertificateInput) SetKeyIdentifier(v string) *GetPublicKeyC type GetPublicKeyCertificateOutput struct { _ struct{} `type:"structure"` - // The public key component of the asymmetric key pair in a certificate (PEM) - // format. It is signed by the root certificate authority (CA) within your service - // account. The certificate expires in 90 days. + // The public key component of the asymmetric key pair in a certificate PEM + // format (base64 encoded). It is signed by the root certificate authority (CA). + // The certificate expires in 90 days. // // KeyCertificate is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's @@ -4119,9 +4321,8 @@ type GetPublicKeyCertificateOutput struct { // KeyCertificate is a required field KeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` - // The certificate chain that signed the public key certificate of the asymmetric - // key pair. This is the root certificate authority (CA) within your service - // account. + // The root certificate authority (CA) that signed the public key certificate + // in PEM format (base64 encoded) of the asymmetric key pair. // // KeyCertificateChain is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's @@ -4168,13 +4369,13 @@ type ImportKeyInput struct { Enabled *bool `type:"boolean"` // The algorithm that Amazon Web Services Payment Cryptography uses to calculate - // the key check value (KCV) for DES and AES keys. + // the key check value (KCV). It is used to validate the key integrity. // - // For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', - // with the key to be checked and retaining the 3 highest order bytes of the - // encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, - // each with value '01', with the key to be checked and retaining the 3 highest - // order bytes of the encrypted result. + // For TDES keys, the KCV is computed by encrypting 8 bytes, each with value + // of zero, with the key to be checked and retaining the 3 highest order bytes + // of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm + // where the input data is 16 bytes of zero and retaining the 3 highest order + // bytes of the encrypted result. KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"` // The key or public key certificate type to use during key material import, @@ -4183,20 +4384,19 @@ type ImportKeyInput struct { // KeyMaterial is a required field KeyMaterial *ImportKeyMaterial `type:"structure" required:"true"` - // The tags to attach to the key. Each tag consists of a tag key and a tag value. - // Both the tag key and the tag value are required, but the tag value can be - // an empty (null) string. You can't have more than one tag on an Amazon Web - // Services Payment Cryptography key with the same tag key. + // Assigns one or more tags to the Amazon Web Services Payment Cryptography + // key. Use this parameter to tag a key when it is imported. To tag an existing + // Amazon Web Services Payment Cryptography key, use the TagResource operation. // + // Each tag consists of a tag key and a tag value. Both the tag key and the + // tag value are required, but the tag value can be an empty (null) string. // You can't have more than one tag on an Amazon Web Services Payment Cryptography // key with the same tag key. If you specify an existing tag key with a different // tag value, Amazon Web Services Payment Cryptography replaces the current // tag value with the specified one. // - // To use this parameter, you must have TagResource permission. - // - // Don't include confidential or sensitive information in this field. This field - // may be displayed in plaintext in CloudTrail logs and other output. + // Don't include personal, confidential or sensitive information in this field. + // This field may be displayed in plaintext in CloudTrail logs and other output. // // Tagging or untagging an Amazon Web Services Payment Cryptography key can // allow or deny permission to the key. @@ -4273,17 +4473,20 @@ func (s *ImportKeyInput) SetTags(v []*Tag) *ImportKeyInput { return s } -// Parameter information for key material import. +// Parameter information for key material import into Amazon Web Services Payment +// Cryptography using TR-31 or TR-34 key exchange method. type ImportKeyMaterial struct { _ struct{} `type:"structure"` // Parameter information for root public key certificate import. RootCertificatePublicKey *RootCertificatePublicKey `type:"structure"` - // Parameter information for key material import using TR-31 standard. + // Parameter information for key material import using symmetric TR-31 key exchange + // method. Tr31KeyBlock *ImportTr31KeyBlock `type:"structure"` - // Parameter information for key material import using TR-34 standard. + // Parameter information for key material import using the asymmetric TR-34 + // key exchange method. Tr34KeyBlock *ImportTr34KeyBlock `type:"structure"` // Parameter information for trusted public key certificate import. @@ -4396,11 +4599,12 @@ func (s *ImportKeyOutput) SetKey(v *Key) *ImportKeyOutput { return s } -// Parameter information for key material import using TR-31 standard. +// Parameter information for key material import using symmetric TR-31 key exchange +// method. type ImportTr31KeyBlock struct { _ struct{} `type:"structure"` - // The TR-34 wrapped key block to import. + // The TR-31 wrapped key block to import. // // WrappedKeyBlock is a required field WrappedKeyBlock *string `min:"56" type:"string" required:"true"` @@ -4464,7 +4668,8 @@ func (s *ImportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ImportTr31KeyBl return s } -// Parameter information for key material import using TR-34 standard. +// Parameter information for key material import using the asymmetric TR-34 +// key exchange method. type ImportTr34KeyBlock struct { _ struct{} `type:"structure"` @@ -4474,9 +4679,10 @@ type ImportTr34KeyBlock struct { // CertificateAuthorityPublicKeyIdentifier is a required field CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"` - // The import token that initiates key import into Amazon Web Services Payment - // Cryptography. It expires after 7 days. You can use the same import token - // to import multiple keys to the same service account. + // The import token that initiates key import using the asymmetric TR-34 key + // exchange method into Amazon Web Services Payment Cryptography. It expires + // after 7 days. You can use the same import token to import multiple keys to + // the same service account. // // ImportToken is a required field ImportToken *string `type:"string" required:"true"` @@ -4493,7 +4699,7 @@ type ImportTr34KeyBlock struct { RandomNonce *string `min:"16" type:"string"` // The public key component in PEM certificate format of the private key that - // signs the KDH TR-34 wrapped key block. + // signs the KDH TR-34 WrappedKeyBlock. // // SigningKeyCertificate is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ImportTr34KeyBlock's @@ -4706,21 +4912,19 @@ type Key struct { KeyAttributes *KeyAttributes `type:"structure" required:"true"` // The key check value (KCV) is used to check if all parties holding a given - // key have the same key or to detect that a key has changed. Amazon Web Services - // Payment Cryptography calculates the KCV by using standard algorithms, typically - // by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result - // to the first 3 bytes, or 6 hex digits, of the resulting cryptogram. + // key have the same key or to detect that a key has changed. // // KeyCheckValue is a required field KeyCheckValue *string `min:"4" type:"string" required:"true"` - // The algorithm used for calculating key check value (KCV) for DES and AES - // keys. For a DES key, Amazon Web Services Payment Cryptography computes the - // KCV by encrypting 8 bytes, each with value '00', with the key to be checked - // and retaining the 3 highest order bytes of the encrypted result. For an AES - // key, Amazon Web Services Payment Cryptography computes the KCV by encrypting - // 8 bytes, each with value '01', with the key to be checked and retaining the - // 3 highest order bytes of the encrypted result. + // The algorithm that Amazon Web Services Payment Cryptography uses to calculate + // the key check value (KCV). It is used to validate the key integrity. + // + // For TDES keys, the KCV is computed by encrypting 8 bytes, each with value + // of zero, with the key to be checked and retaining the 3 highest order bytes + // of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm + // where the input data is 16 bytes of zero and retaining the 3 highest order + // bytes of the encrypted result. // // KeyCheckValueAlgorithm is a required field KeyCheckValueAlgorithm *string `type:"string" required:"true" enum:"KeyCheckValueAlgorithm"` @@ -5082,10 +5286,7 @@ type KeySummary struct { KeyAttributes *KeyAttributes `type:"structure" required:"true"` // The key check value (KCV) is used to check if all parties holding a given - // key have the same key or to detect that a key has changed. Amazon Web Services - // Payment Cryptography calculates the KCV by using standard algorithms, typically - // by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result - // to the first 3 bytes, or 6 hex digits, of the resulting cryptogram. + // key have the same key or to detect that a key has changed. // // KeyCheckValue is a required field KeyCheckValue *string `min:"4" type:"string" required:"true"` @@ -5266,6 +5467,9 @@ type ListKeysInput struct { // Use this parameter to specify the maximum number of items to return. When // this value is present, Amazon Web Services Payment Cryptography does not // return more than the specified number of items, but it might return fewer. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. MaxResults *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with @@ -5376,6 +5580,9 @@ type ListTagsForResourceInput struct { // Use this parameter to specify the maximum number of items to return. When // this value is present, Amazon Web Services Payment Cryptography does not // return more than the specified number of items, but it might return fewer. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. MaxResults *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with @@ -6082,13 +6289,13 @@ type TagResourceInput struct { // you specify an existing tag key with a different tag value, Amazon Web Services // Payment Cryptography replaces the current tag value with the new one. // - // Don't include confidential or sensitive information in this field. This field - // may be displayed in plaintext in CloudTrail logs and other output. + // Don't include personal, confidential or sensitive information in this field. + // This field may be displayed in plaintext in CloudTrail logs and other output. // // To use this parameter, you must have TagResource permission in an IAM policy. // - // Don't include confidential or sensitive information in this field. This field - // may be displayed in plaintext in CloudTrail logs and other output. + // Don't include personal, confidential or sensitive information in this field. + // This field may be displayed in plaintext in CloudTrail logs and other output. // // Tags is a required field Tags []*Tag `type:"list" required:"true"` @@ -6580,11 +6787,26 @@ func (s *ValidationException) RequestID() string { return s.RespMetadata.RequestID } -// Parameter information for generating a wrapped key using TR-31 or TR-34 standard. +// Parameter information for generating a WrappedKeyBlock for key exchange. type WrappedKey struct { _ struct{} `type:"structure"` - // Parameter information for generating a wrapped key using TR-31 or TR-34 standard. + // The key check value (KCV) is used to check if all parties holding a given + // key have the same key or to detect that a key has changed. + KeyCheckValue *string `min:"4" type:"string"` + + // The algorithm that Amazon Web Services Payment Cryptography uses to calculate + // the key check value (KCV). It is used to validate the key integrity. + // + // For TDES keys, the KCV is computed by encrypting 8 bytes, each with value + // of zero, with the key to be checked and retaining the 3 highest order bytes + // of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm + // where the input data is 16 bytes of zero and retaining the 3 highest order + // bytes of the encrypted result. + KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"` + + // Parameter information for generating a wrapped key using TR-31 or TR-34 skey + // exchange method. // // KeyMaterial is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by WrappedKey's @@ -6622,6 +6844,18 @@ func (s WrappedKey) GoString() string { return s.String() } +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *WrappedKey) SetKeyCheckValue(v string) *WrappedKey { + s.KeyCheckValue = &v + return s +} + +// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value. +func (s *WrappedKey) SetKeyCheckValueAlgorithm(v string) *WrappedKey { + s.KeyCheckValueAlgorithm = &v + return s +} + // SetKeyMaterial sets the KeyMaterial field's value. func (s *WrappedKey) SetKeyMaterial(v string) *WrappedKey { s.KeyMaterial = &v diff --git a/service/paymentcryptography/doc.go b/service/paymentcryptography/doc.go index 218eddc705e..4cb0f8fca69 100644 --- a/service/paymentcryptography/doc.go +++ b/service/paymentcryptography/doc.go @@ -3,31 +3,31 @@ // Package paymentcryptography provides the client and types for making API // requests to Payment Cryptography Control Plane. // -// You use the Amazon Web Services Payment Cryptography Control Plane to manage -// the encryption keys you use for payment-related cryptographic operations. -// You can create, import, export, share, manage, and delete keys. You can also -// manage Identity and Access Management (IAM) policies for keys. For more information, -// see Identity and access management (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security-iam.html) +// Amazon Web Services Payment Cryptography Control Plane APIs manage encryption +// keys for use during payment-related cryptographic operations. You can create, +// import, export, share, manage, and delete keys. You can also manage Identity +// and Access Management (IAM) policies for keys. For more information, see +// Identity and access management (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security-iam.html) // in the Amazon Web Services Payment Cryptography User Guide. // // To use encryption keys for payment-related transaction processing and associated // cryptographic operations, you use the Amazon Web Services Payment Cryptography // Data Plane (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/Welcome.html). -// You can encrypt, decrypt, generate, verify, and translate payment-related -// cryptographic operations. +// You can perform actions like encrypt, decrypt, generate, and verify payment-related +// data. // // All Amazon Web Services Payment Cryptography API calls must be signed and // transmitted using Transport Layer Security (TLS). We recommend you always // use the latest supported TLS version for logging API requests. // -// Amazon Web Services Payment Cryptography supports CloudTrail, a service that -// logs Amazon Web Services API calls and related events for your Amazon Web -// Services account and delivers them to an Amazon S3 bucket that you specify. -// By using the information collected by CloudTrail, you can determine what -// requests were made to Amazon Web Services Payment Cryptography, who made -// the request, when it was made, and so on. If you don't configure a trail, -// you can still view the most recent events in the CloudTrail console. For -// more information, see the CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +// Amazon Web Services Payment Cryptography supports CloudTrail for control +// plane operations, a service that logs Amazon Web Services API calls and related +// events for your Amazon Web Services account and delivers them to an Amazon +// S3 bucket you specify. By using the information collected by CloudTrail, +// you can determine what requests were made to Amazon Web Services Payment +// Cryptography, who made the request, when it was made, and so on. If you don't +// configure a trail, you can still view the most recent events in the CloudTrail +// console. For more information, see the CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). // // See https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14 for more information on this service. //