With Application Auto Scaling, you can configure automatic scaling for the following resources:
Amazon AppStream 2.0 fleets
Amazon Aurora Replicas
Amazon Comprehend document classification and entity recognizer endpoints
Amazon DynamoDB tables and global secondary indexes throughput capacity
Amazon ECS services
Amazon ElastiCache for Redis clusters (replication groups)
Amazon EMR clusters
Amazon Keyspaces (for Apache Cassandra) tables
Lambda function provisioned concurrency
Amazon Managed Streaming for Apache Kafka broker storage
Amazon Neptune clusters
Amazon SageMaker endpoint variants
Spot Fleets (Amazon EC2)
Custom resources provided by your own applications or services
API Summary
The Application Auto Scaling service API includes three key sets of actions:
Register and manage scalable targets - Register Amazon Web Services or custom resources as scalable targets (a resource that Application Auto Scaling can scale), set minimum and maximum capacity limits, and retrieve information on existing scalable targets.
Configure and manage automatic scaling - Define scaling policies to dynamically scale your resources in response to CloudWatch alarms, schedule one-time or recurring scaling actions, and retrieve your recent scaling activity history.
Suspend and resume scaling - Temporarily suspend and later resume automatic scaling by calling the RegisterScalableTarget API action for any Application Auto Scaling scalable target. You can suspend and resume (individually or in combination) scale-out activities that are triggered by a scaling policy, scale-in activities that are triggered by a scaling policy, and scheduled scaling.
To learn more about Application Auto Scaling, including information about granting IAM users required permissions for Application Auto Scaling actions, see the Application Auto Scaling User Guide.
", + "service": "With Application Auto Scaling, you can configure automatic scaling for the following resources:
Amazon AppStream 2.0 fleets
Amazon Aurora Replicas
Amazon Comprehend document classification and entity recognizer endpoints
Amazon DynamoDB tables and global secondary indexes throughput capacity
Amazon ECS services
Amazon ElastiCache for Redis clusters (replication groups)
Amazon EMR clusters
Amazon Keyspaces (for Apache Cassandra) tables
Lambda function provisioned concurrency
Amazon Managed Streaming for Apache Kafka broker storage
Amazon Neptune clusters
Amazon SageMaker endpoint variants
Spot Fleets (Amazon EC2)
Custom resources provided by your own applications or services
To learn more about Application Auto Scaling, see the Application Auto Scaling User Guide.
API Summary
The Application Auto Scaling service API includes three key sets of actions:
Register and manage scalable targets - Register Amazon Web Services or custom resources as scalable targets (a resource that Application Auto Scaling can scale), set minimum and maximum capacity limits, and retrieve information on existing scalable targets.
Configure and manage automatic scaling - Define scaling policies to dynamically scale your resources in response to CloudWatch alarms, schedule one-time or recurring scaling actions, and retrieve your recent scaling activity history.
Suspend and resume scaling - Temporarily suspend and later resume automatic scaling by calling the RegisterScalableTarget API action for any Application Auto Scaling scalable target. You can suspend and resume (individually or in combination) scale-out activities that are triggered by a scaling policy, scale-in activities that are triggered by a scaling policy, and scheduled scaling.
Deletes the specified scaling policy for an Application Auto Scaling scalable target.
Deleting a step scaling policy deletes the underlying alarm action, but does not delete the CloudWatch alarm associated with the scaling policy, even if it no longer has an associated action.
For more information, see Delete a step scaling policy and Delete a target tracking scaling policy in the Application Auto Scaling User Guide.
", "DeleteScheduledAction": "Deletes the specified scheduled action for an Application Auto Scaling scalable target.
For more information, see Delete a scheduled action in the Application Auto Scaling User Guide.
", @@ -47,7 +47,7 @@ } }, "CustomizedMetricSpecification": { - "base": "Represents a CloudWatch metric of your choosing for a target tracking scaling policy to use with Application Auto Scaling.
For information about the available metrics for a service, see Amazon Web Services services that publish CloudWatch metrics in the Amazon CloudWatch User Guide.
To create your customized metric specification:
Add values for each required parameter from CloudWatch. You can use an existing metric, or a new metric that you create. To use your own metric, you must first publish the metric to CloudWatch. For more information, see Publish custom metrics in the Amazon CloudWatch User Guide.
Choose a metric that changes proportionally with capacity. The value of the metric should increase or decrease in inverse proportion to the number of capacity units. That is, the value of the metric should decrease when capacity increases, and increase when capacity decreases.
For an example of how creating new metrics can be useful, see Scaling based on Amazon SQS in the Amazon EC2 Auto Scaling User Guide. This topic mentions Auto Scaling groups, but the same scenario for Amazon SQS can apply to the target tracking scaling policies that you create for a Spot Fleet by using the Application Auto Scaling API.
For more information about the CloudWatch terminology below, see Amazon CloudWatch concepts in the Amazon CloudWatch User Guide.
", + "base": "Represents a CloudWatch metric of your choosing for a target tracking scaling policy to use with Application Auto Scaling.
For information about the available metrics for a service, see Amazon Web Services services that publish CloudWatch metrics in the Amazon CloudWatch User Guide.
To create your customized metric specification:
Add values for each required parameter from CloudWatch. You can use an existing metric, or a new metric that you create. To use your own metric, you must first publish the metric to CloudWatch. For more information, see Publish custom metrics in the Amazon CloudWatch User Guide.
Choose a metric that changes proportionally with capacity. The value of the metric should increase or decrease in inverse proportion to the number of capacity units. That is, the value of the metric should decrease when capacity increases, and increase when capacity decreases.
For more information about the CloudWatch terminology below, see Amazon CloudWatch concepts in the Amazon CloudWatch User Guide.
", "refs": { "TargetTrackingScalingPolicyConfiguration$CustomizedMetricSpecification": "A customized metric. You can specify either a predefined metric or a customized metric.
" } @@ -140,11 +140,23 @@ "ValidationException$Message": null } }, + "Expression": { + "base": null, + "refs": { + "TargetTrackingMetricDataQuery$Expression": "The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the Id of the other metrics to refer to those metrics, and can also use the Id of other expressions to use the result of those expressions.
Conditional: Within each TargetTrackingMetricDataQuery object, you must specify either Expression or MetricStat, but not both.
Failed access to resources caused an exception. This exception is thrown when Application Auto Scaling is unable to retrieve the alarms associated with a scaling policy due to a client error, for example, if the role ARN specified for a scalable target does not have permission to call the CloudWatch DescribeAlarms on your behalf.
", "refs": { } }, + "Id": { + "base": null, + "refs": { + "TargetTrackingMetricDataQuery$Id": "A short name that identifies the object's results in the response. This name must be unique among all MetricDataQuery objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.
Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is ALBRequestCountPerTarget and there is a target group attached to the Spot Fleet or ECS service.
You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). The format of the resource label is:
app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff.
Where:
app/<load-balancer-name>/<load-balancer-id> is the final portion of the load balancer ARN
targetgroup/<target-group-name>/<target-group-id> is the final portion of the target group ARN.
To find the ARN for an Application Load Balancer, use the DescribeLoadBalancers API operation. To find the ARN for the target group, use the DescribeTargetGroups API operation.
" } }, + "ReturnData": { + "base": null, + "refs": { + "TargetTrackingMetricDataQuery$ReturnData": "Indicates whether to return the timestamps and raw data values of this metric.
If you use any math expressions, specify true for this value for only the final math expression that the metric specification is based on. You must specify false for ReturnData for all the other metrics and expressions used in the metric specification.
If you are only retrieving metrics and not performing any math expressions, do not specify anything for ReturnData. This sets it to its default (true).
Specifies whether the scaling activities for a scalable target are in a suspended state.
", "refs": { "RegisterScalableTargetRequest$SuspendedState": "An embedded object that contains attributes and attribute values that are used to suspend and resume automatic scaling. Setting the value of an attribute to true suspends the specified scaling activities. Setting it to false (default) resumes the specified scaling activities.
Suspension Outcomes
For DynamicScalingInSuspended, while a suspension is in effect, all scale-in activities that are triggered by a scaling policy are suspended.
For DynamicScalingOutSuspended, while a suspension is in effect, all scale-out activities that are triggered by a scaling policy are suspended.
For ScheduledScalingSuspended, while a suspension is in effect, all scaling activities that involve scheduled actions are suspended.
For more information, see Suspending and resuming scaling in the Application Auto Scaling User Guide.
", - "ScalableTarget$SuspendedState": null + "ScalableTarget$SuspendedState": "Specifies whether the scaling activities for a scalable target are in a suspended state.
" + } + }, + "TargetTrackingMetric": { + "base": "Represents a specific metric.
Metric is a property of the TargetTrackingMetricStat object.
", + "refs": { + "TargetTrackingMetricStat$Metric": "The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the Metric object that is returned by a call to ListMetrics.
" + } + }, + "TargetTrackingMetricDataQueries": { + "base": null, + "refs": { + "CustomizedMetricSpecification$Metrics": "The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions.
" + } + }, + "TargetTrackingMetricDataQuery": { + "base": "The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp.
For more information and examples, see Create a target tracking scaling policy for Application Auto Scaling using metric math in the Application Auto Scaling User Guide.
", + "refs": { + "TargetTrackingMetricDataQueries$member": null + } + }, + "TargetTrackingMetricDimension": { + "base": "Describes the dimension of a metric.
", + "refs": { + "TargetTrackingMetricDimensions$member": null + } + }, + "TargetTrackingMetricDimensionName": { + "base": null, + "refs": { + "TargetTrackingMetricDimension$Name": "The name of the dimension.
" + } + }, + "TargetTrackingMetricDimensionValue": { + "base": null, + "refs": { + "TargetTrackingMetricDimension$Value": "The value of the dimension.
" + } + }, + "TargetTrackingMetricDimensions": { + "base": null, + "refs": { + "TargetTrackingMetric$Dimensions": "The dimensions for the metric. For the list of available dimensions, see the Amazon Web Services documentation available from the table in Amazon Web Services services that publish CloudWatch metrics in the Amazon CloudWatch User Guide.
Conditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.
" + } + }, + "TargetTrackingMetricName": { + "base": null, + "refs": { + "TargetTrackingMetric$MetricName": "The name of the metric.
" + } + }, + "TargetTrackingMetricNamespace": { + "base": null, + "refs": { + "TargetTrackingMetric$Namespace": "The namespace of the metric. For more information, see the table in Amazon Web Services services that publish CloudWatch metrics in the Amazon CloudWatch User Guide.
" + } + }, + "TargetTrackingMetricStat": { + "base": "This structure defines the CloudWatch metric to return, along with the statistic, period, and unit.
For more information about the CloudWatch terminology below, see Amazon CloudWatch concepts in the Amazon CloudWatch User Guide.
", + "refs": { + "TargetTrackingMetricDataQuery$MetricStat": "Information about the metric data to return.
Conditional: Within each MetricDataQuery object, you must specify either Expression or MetricStat, but not both.
The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the MetricDatum data type in the Amazon CloudWatch API Reference.
" } }, "TargetTrackingScalingPolicyConfiguration": { @@ -569,7 +653,9 @@ "ScalingActivity$Description": "A simple description of what action the scaling activity intends to accomplish.
", "ScalingActivity$Cause": "A simple description of what caused the scaling activity to happen.
", "ScalingActivity$StatusMessage": "A simple message about the current status of the scaling activity.
", - "ScalingActivity$Details": "The details about the scaling activity.
" + "ScalingActivity$Details": "The details about the scaling activity.
", + "TargetTrackingMetricDataQuery$Label": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.
", + "TargetTrackingMetricStat$Stat": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in Statistics in the Amazon CloudWatch User Guide.
The most commonly used metrics for scaling is Average
The type of resource related to the error.
" } }, + "KmsKeyArn": { + "base": null, + "refs": { + "KmsKeyToGrant$KmsKeyArn": "The AWS KMS CMK (Key Management System Customer Managed Key) used to encrypt S3 objects in the shared S3 Bucket. AWS Data exchange will create a KMS grant for each subscriber to allow them to access and decrypt their entitled data that is encrypted using this KMS key specified.
" + } + }, + "KmsKeyToGrant": { + "base": "The Amazon Resource Name (ARN) of the AWS KMS key used to encrypt the shared S3 objects.
", + "refs": { + "ListOfKmsKeysToGrant$member": null + } + }, "LFPermission": { "base": null, "refs": { @@ -734,6 +746,13 @@ "JobEntry$Errors": "Errors for jobs.
" } }, + "ListOfKmsKeysToGrant": { + "base": null, + "refs": { + "S3DataAccessAsset$KmsKeysToGrant": "List of AWS KMS CMKs (Key Management System Customer Managed Keys) and ARNs used to encrypt S3 objects being shared in this S3 Data Access asset. Providers must include all AWS KMS keys used to encrypt these shared S3 objects.
", + "S3DataAccessAssetSourceEntry$KmsKeysToGrant": "List of AWS KMS CMKs (Key Management System Customer Managed Keys) and ARNs used to encrypt S3 objects being shared in this S3 Data Access asset.
" + } + }, "ListOfLFPermissions": { "base": null, "refs": { diff --git a/models/apis/dataexchange/2017-07-25/endpoint-rule-set-1.json b/models/apis/dataexchange/2017-07-25/endpoint-rule-set-1.json index 6c8aa80368..1efff28c88 100644 --- a/models/apis/dataexchange/2017-07-25/endpoint-rule-set-1.json +++ b/models/apis/dataexchange/2017-07-25/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,23 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] - }, - { - "fn": "parseURL", - "argv": [ - { - "ref": "Endpoint" - } - ], - "assign": "url" } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -71,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -140,90 +111,215 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] }, - "supportsFIPS" + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://dataexchange-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] }, { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://dataexchange-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://dataexchange-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://dataexchange.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -231,7 +327,7 @@ { "conditions": [], "endpoint": { - "url": "https://dataexchange-fips.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://dataexchange.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -240,74 +336,13 @@ ] } ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://dataexchange.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://dataexchange.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/dataexchange/2017-07-25/endpoint-tests-1.json b/models/apis/dataexchange/2017-07-25/endpoint-tests-1.json index 04b505dca7..48f4c2a2e8 100644 --- a/models/apis/dataexchange/2017-07-25/endpoint-tests-1.json +++ b/models/apis/dataexchange/2017-07-25/endpoint-tests-1.json @@ -1,198 +1,81 @@ { "testCases": [ { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "eu-central-1", - "UseFIPS": true - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "Region": "eu-central-1", - "UseFIPS": true - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "eu-central-1", - "UseFIPS": false - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "Region": "eu-central-1", - "UseFIPS": false - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "us-west-1", - "UseFIPS": true - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "Region": "us-west-1", - "UseFIPS": true - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "us-west-1", - "UseFIPS": false - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "Region": "us-west-1", - "UseFIPS": false - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.us-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "us-west-2", - "UseFIPS": true - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.us-west-2.amazonaws.com" + "url": "https://dataexchange.ap-northeast-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "Region": "us-west-2", - "UseFIPS": true + "Region": "ap-northeast-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.us-west-2.api.aws" + "url": "https://dataexchange.ap-northeast-2.amazonaws.com" } }, "params": { - "UseDualStack": true, - "Region": "us-west-2", - "UseFIPS": false + "Region": "ap-northeast-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.us-west-2.amazonaws.com" + "url": "https://dataexchange.ap-southeast-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "Region": "us-west-2", - "UseFIPS": false + "Region": "ap-southeast-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.eu-west-2.api.aws" + "url": "https://dataexchange.ap-southeast-2.amazonaws.com" } }, "params": { - "UseDualStack": true, - "Region": "eu-west-2", - "UseFIPS": true + "Region": "ap-southeast-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.eu-west-2.amazonaws.com" + "url": "https://dataexchange.eu-central-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "Region": "eu-west-2", - "UseFIPS": true + "Region": "eu-central-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.eu-west-2.api.aws" + "url": "https://dataexchange.eu-west-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "Region": "eu-west-2", - "UseFIPS": false + "Region": "eu-west-1", + "UseFIPS": false, + "UseDualStack": false } }, { @@ -203,386 +86,282 @@ } }, "params": { - "UseDualStack": false, "Region": "eu-west-2", - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "eu-west-1", - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "Region": "eu-west-1", - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "eu-west-1", - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "Region": "eu-west-1", - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-northeast-2.api.aws" + "url": "https://dataexchange.us-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "Region": "ap-northeast-2", - "UseFIPS": true + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-northeast-2.amazonaws.com" + "url": "https://dataexchange.us-east-2.amazonaws.com" } }, "params": { - "UseDualStack": false, - "Region": "ap-northeast-2", - "UseFIPS": true + "Region": "us-east-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-northeast-2.api.aws" + "url": "https://dataexchange.us-west-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "Region": "ap-northeast-2", - "UseFIPS": false + "Region": "us-west-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-northeast-2.amazonaws.com" + "url": "https://dataexchange.us-west-2.amazonaws.com" } }, "params": { - "UseDualStack": false, - "Region": "ap-northeast-2", - "UseFIPS": false + "Region": "us-west-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-northeast-1.api.aws" + "url": "https://dataexchange-fips.us-east-1.api.aws" } }, "params": { - "UseDualStack": true, - "Region": "ap-northeast-1", - "UseFIPS": true + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-northeast-1.amazonaws.com" + "url": "https://dataexchange-fips.us-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "Region": "ap-northeast-1", - "UseFIPS": true + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-northeast-1.api.aws" + "url": "https://dataexchange.us-east-1.api.aws" } }, "params": { - "UseDualStack": true, - "Region": "ap-northeast-1", - "UseFIPS": false + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-northeast-1.amazonaws.com" + "url": "https://dataexchange-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "UseDualStack": false, - "Region": "ap-northeast-1", - "UseFIPS": false + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-southeast-1.api.aws" + "url": "https://dataexchange-fips.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": true, - "Region": "ap-southeast-1", - "UseFIPS": true + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-southeast-1.amazonaws.com" + "url": "https://dataexchange.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "UseDualStack": false, - "Region": "ap-southeast-1", - "UseFIPS": true + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-southeast-1.api.aws" + "url": "https://dataexchange.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": true, - "Region": "ap-southeast-1", - "UseFIPS": false + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-southeast-1.amazonaws.com" + "url": "https://dataexchange-fips.us-gov-east-1.api.aws" } }, "params": { - "UseDualStack": false, - "Region": "ap-southeast-1", - "UseFIPS": false + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-southeast-2.api.aws" + "url": "https://dataexchange-fips.us-gov-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "Region": "ap-southeast-2", - "UseFIPS": true + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.ap-southeast-2.amazonaws.com" + "url": "https://dataexchange.us-gov-east-1.api.aws" } }, "params": { - "UseDualStack": false, - "Region": "ap-southeast-2", - "UseFIPS": true + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-southeast-2.api.aws" + "url": "https://dataexchange.us-gov-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "Region": "ap-southeast-2", - "UseFIPS": false + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.ap-southeast-2.amazonaws.com" + "url": "https://dataexchange-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseDualStack": false, - "Region": "ap-southeast-2", - "UseFIPS": false + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.us-east-1.api.aws" + "url": "https://dataexchange.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseDualStack": true, - "Region": "us-east-1", - "UseFIPS": true + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange-fips.us-east-1.amazonaws.com" + "url": "https://dataexchange-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseDualStack": false, - "Region": "us-east-1", - "UseFIPS": true + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.us-east-1.api.aws" + "url": "https://dataexchange.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseDualStack": true, - "Region": "us-east-1", - "UseFIPS": false + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://dataexchange.us-east-1.amazonaws.com" + "url": "https://example.com" } }, "params": { - "UseDualStack": false, "Region": "us-east-1", - "UseFIPS": false - } - }, - { - "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.us-east-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "us-east-2", - "UseFIPS": true - } - }, - { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange-fips.us-east-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "Region": "us-east-2", - "UseFIPS": true - } - }, - { - "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.us-east-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "Region": "us-east-2", - "UseFIPS": false - } - }, - { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://dataexchange.us-east-2.amazonaws.com" - } - }, - "params": { + "UseFIPS": false, "UseDualStack": false, - "Region": "us-east-2", - "UseFIPS": false + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { - "UseDualStack": false, - "Region": "us-east-1", "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -592,9 +371,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseDualStack": false, "Region": "us-east-1", "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -604,9 +383,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseDualStack": true, "Region": "us-east-1", "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } } diff --git a/models/apis/directconnect/2012-10-25/docs-2.json b/models/apis/directconnect/2012-10-25/docs-2.json index fcd3bba6ac..5331b20824 100644 --- a/models/apis/directconnect/2012-10-25/docs-2.json +++ b/models/apis/directconnect/2012-10-25/docs-2.json @@ -17,7 +17,7 @@ "ConfirmPrivateVirtualInterface": "Accepts ownership of a private virtual interface created by another Amazon Web Services account.
After the virtual interface owner makes this call, the virtual interface is created and attached to the specified virtual private gateway or Direct Connect gateway, and is made available to handle traffic.
", "ConfirmPublicVirtualInterface": "Accepts ownership of a public virtual interface created by another Amazon Web Services account.
After the virtual interface owner makes this call, the specified virtual interface is created and made available to handle traffic.
", "ConfirmTransitVirtualInterface": "Accepts ownership of a transit virtual interface created by another Amazon Web Services account.
After the owner of the transit virtual interface makes this call, the specified transit virtual interface is created and made available to handle traffic.
", - "CreateBGPPeer": "Creates a BGP peer on the specified virtual interface.
You must create a BGP peer for the corresponding address family (IPv4/IPv6) in order to access Amazon Web Services resources that also use that address family.
If logical redundancy is not supported by the connection, interconnect, or LAG, the BGP peer cannot be in the same address family as an existing BGP peer on the virtual interface.
When creating a IPv6 BGP peer, omit the Amazon address and customer address. IPv6 addresses are automatically assigned from the Amazon pool of IPv6 addresses; you cannot specify custom IPv6 addresses.
For a public virtual interface, the Autonomous System Number (ASN) must be private or already on the allow list for the virtual interface.
", + "CreateBGPPeer": "Creates a BGP peer on the specified virtual interface.
You must create a BGP peer for the corresponding address family (IPv4/IPv6) in order to access Amazon Web Services resources that also use that address family.
If logical redundancy is not supported by the connection, interconnect, or LAG, the BGP peer cannot be in the same address family as an existing BGP peer on the virtual interface.
When creating a IPv6 BGP peer, omit the Amazon address and customer address. IPv6 addresses are automatically assigned from the Amazon pool of IPv6 addresses; you cannot specify custom IPv6 addresses.
If you let Amazon Web Services auto-assign IPv4 addresses, a /30 CIDR will be allocated from 169.254.0.0/16. Amazon Web Services does not recommend this option if you intend to use the customer router peer IP address as the source and destination for traffic. Instead you should use RFC 1918 or other addressing, and specify the address yourself. For more information about RFC 1918 see Address Allocation for Private Internets.
For a public virtual interface, the Autonomous System Number (ASN) must be private or already on the allow list for the virtual interface.
", "CreateConnection": "Creates a connection between a customer network and a specific Direct Connect location.
A connection links your internal network to an Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an Direct Connect router.
To find the locations for your Region, use DescribeLocations.
You can automatically add the new connection to a link aggregation group (LAG) by specifying a LAG ID in the request. This ensures that the new connection is allocated on the same Direct Connect endpoint that hosts the specified LAG. If there are no available ports on the endpoint, the request fails and no connection is created.
", "CreateDirectConnectGateway": "Creates a Direct Connect gateway, which is an intermediate object that enables you to connect a set of virtual interfaces and virtual private gateways. A Direct Connect gateway is global and visible in any Amazon Web Services Region after it is created. The virtual interfaces and virtual private gateways that are connected through a Direct Connect gateway can be in different Amazon Web Services Regions. This enables you to connect to a VPC in any Region, regardless of the Region in which the virtual interfaces are located, and pass traffic between them.
", "CreateDirectConnectGatewayAssociation": "Creates an association between a Direct Connect gateway and a virtual private gateway. The virtual private gateway must be attached to a VPC and must not be associated with another Direct Connect gateway.
", @@ -26,7 +26,7 @@ "CreateLag": "Creates a link aggregation group (LAG) with the specified number of bundled physical dedicated connections between the customer network and a specific Direct Connect location. A LAG is a logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple interfaces, enabling you to treat them as a single interface.
All connections in a LAG must use the same bandwidth (either 1Gbps or 10Gbps) and must terminate at the same Direct Connect endpoint.
You can have up to 10 dedicated connections per LAG. Regardless of this limit, if you request more connections for the LAG than Direct Connect can allocate on a single endpoint, no LAG is created.
You can specify an existing physical dedicated connection or interconnect to include in the LAG (which counts towards the total number of connections). Doing so interrupts the current physical dedicated connection, and re-establishes them as a member of the LAG. The LAG will be created on the same Direct Connect endpoint to which the dedicated connection terminates. Any virtual interfaces associated with the dedicated connection are automatically disassociated and re-associated with the LAG. The connection ID does not change.
If the Amazon Web Services account used to create a LAG is a registered Direct Connect Partner, the LAG is automatically enabled to host sub-connections. For a LAG owned by a partner, any associated virtual interfaces cannot be directly configured.
", "CreatePrivateVirtualInterface": "Creates a private virtual interface. A virtual interface is the VLAN that transports Direct Connect traffic. A private virtual interface can be connected to either a Direct Connect gateway or a Virtual Private Gateway (VGW). Connecting the private virtual interface to a Direct Connect gateway enables the possibility for connecting to multiple VPCs, including VPCs in different Amazon Web Services Regions. Connecting the private virtual interface to a VGW only provides access to a single VPC within the same Region.
Setting the MTU of a virtual interface to 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether your connection supports jumbo frames, call DescribeConnections. To check whether your virtual interface supports jumbo frames, call DescribeVirtualInterfaces.
", "CreatePublicVirtualInterface": "Creates a public virtual interface. A virtual interface is the VLAN that transports Direct Connect traffic. A public virtual interface supports sending traffic to public services of Amazon Web Services such as Amazon S3.
When creating an IPv6 public virtual interface (addressFamily is ipv6), leave the customer and amazon address fields blank to use auto-assigned IPv6 space. Custom IPv6 addresses are not supported.
Creates a transit virtual interface. A transit virtual interface should be used to access one or more transit gateways associated with Direct Connect gateways. A transit virtual interface enables the connection of multiple VPCs attached to a transit gateway to a Direct Connect gateway.
If you associate your transit gateway with one or more Direct Connect gateways, the Autonomous System Number (ASN) used by the transit gateway and the Direct Connect gateway must be different. For example, if you use the default ASN 64512 for both your the transit gateway and Direct Connect gateway, the association request fails.
Setting the MTU of a virtual interface to 8500 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether your connection supports jumbo frames, call DescribeConnections. To check whether your virtual interface supports jumbo frames, call DescribeVirtualInterfaces.
", + "CreateTransitVirtualInterface": "Creates a transit virtual interface. A transit virtual interface should be used to access one or more transit gateways associated with Direct Connect gateways. A transit virtual interface enables the connection of multiple VPCs attached to a transit gateway to a Direct Connect gateway.
If you associate your transit gateway with one or more Direct Connect gateways, the Autonomous System Number (ASN) used by the transit gateway and the Direct Connect gateway must be different. For example, if you use the default ASN 64512 for both your the transit gateway and Direct Connect gateway, the association request fails.
A jumbo MTU value must be either 1500 or 8500. No other values will be accepted. Setting the MTU of a virtual interface to 8500 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether your connection supports jumbo frames, call DescribeConnections. To check whether your virtual interface supports jumbo frames, call DescribeVirtualInterfaces.
", "DeleteBGPPeer": "Deletes the specified BGP peer on the specified virtual interface with the specified customer address and ASN.
You cannot delete the last BGP peer from a virtual interface.
", "DeleteConnection": "Deletes the specified connection.
Deleting a connection only stops the Direct Connect port hour and data transfer charges. If you are partnering with any third parties to connect with the Direct Connect location, you must cancel your service with them separately.
", "DeleteDirectConnectGateway": "Deletes the specified Direct Connect gateway. You must first delete all virtual interfaces that are attached to the Direct Connect gateway and disassociate all virtual private gateways associated with the Direct Connect gateway.
", @@ -817,7 +817,7 @@ "DirectConnectGatewayAssociationState": { "base": null, "refs": { - "DirectConnectGatewayAssociation$associationState": "The state of the association. The following are the possible values:
associating: The initial state after calling CreateDirectConnectGatewayAssociation.
associated: The Direct Connect gateway and virtual private gateway or transit gateway are successfully associated and ready to pass traffic.
disassociating: The initial state after calling DeleteDirectConnectGatewayAssociation.
disassociated: The virtual private gateway or transit gateway is disassociated from the Direct Connect gateway. Traffic flow between the Direct Connect gateway and virtual private gateway or transit gateway is stopped.
The state of the association. The following are the possible values:
associating: The initial state after calling CreateDirectConnectGatewayAssociation.
associated: The Direct Connect gateway and virtual private gateway or transit gateway are successfully associated and ready to pass traffic.
disassociating: The initial state after calling DeleteDirectConnectGatewayAssociation.
disassociated: The virtual private gateway or transit gateway is disassociated from the Direct Connect gateway. Traffic flow between the Direct Connect gateway and virtual private gateway or transit gateway is stopped.
updating: The CIDR blocks for the virtual private gateway or transit gateway are currently being updated. This could be new CIDR blocks added or current CIDR blocks removed.
The time in minutes that the virtual interface failover test will last.
Maximum value: 180 minutes (3 hours).
Default: 180 minutes (3 hours).
", + "StartBgpFailoverTestRequest$testDurationInMinutes": "The time in minutes that the virtual interface failover test will last.
Maximum value: 4,320 minutes (72 hours).
Default: 180 minutes (3 hours).
", "VirtualInterfaceTestHistory$testDurationInMinutes": "The time that the virtual interface failover test ran in minutes.
" } }, diff --git a/models/apis/directconnect/2012-10-25/endpoint-rule-set-1.json b/models/apis/directconnect/2012-10-25/endpoint-rule-set-1.json new file mode 100644 index 0000000000..ca7630b255 --- /dev/null +++ b/models/apis/directconnect/2012-10-25/endpoint-rule-set-1.json @@ -0,0 +1,388 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://directconnect-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://directconnect-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://directconnect.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-east-1" + ] + } + ], + "endpoint": { + "url": "https://directconnect.us-gov-east-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-west-1" + ] + } + ], + "endpoint": { + "url": "https://directconnect.us-gov-west-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://directconnect.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + } + ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/directconnect/2012-10-25/endpoint-tests-1.json b/models/apis/directconnect/2012-10-25/endpoint-tests-1.json new file mode 100644 index 0000000000..c49c167623 --- /dev/null +++ b/models/apis/directconnect/2012-10-25/endpoint-tests-1.json @@ -0,0 +1,615 @@ +{ + "testCases": [ + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "af-south-1" + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-east-1" + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-northeast-1" + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-northeast-2" + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-northeast-3" + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-south-1" + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-southeast-1" + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-southeast-2" + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ap-southeast-3" + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "ca-central-1" + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "eu-central-1" + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "eu-north-1" + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "eu-south-1" + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "eu-west-1" + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "eu-west-2" + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "eu-west-3" + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "me-south-1" + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "sa-east-1" + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-east-1" + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-east-1" + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-east-2" + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-east-2" + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-west-1" + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-west-1" + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-west-2" + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-west-2" + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": true, + "Region": "us-east-1" + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": true, + "Region": "us-east-1" + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "cn-north-1" + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "cn-northwest-1" + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": true, + "Region": "cn-north-1" + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "cn-north-1" + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://directconnect.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": true, + "Region": "cn-north-1" + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-gov-east-1" + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-gov-west-1" + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": true, + "Region": "us-gov-east-1" + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-gov-east-1" + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": true, + "Region": "us-gov-east-1" + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-iso-east-1" + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-iso-west-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-iso-west-1" + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-iso-east-1" + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-isob-east-1" + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://directconnect-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-isob-east-1" + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Region": "us-east-1", + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "UseFIPS": true, + "UseDualStack": false, + "Region": "us-east-1", + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "UseFIPS": false, + "UseDualStack": true, + "Region": "us-east-1", + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index c48510c3c5..d7df0ec548 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -19667,13 +19667,18 @@ "DnsRecordIpType":{ "shape":"DnsRecordIpType", "locationName":"dnsRecordIpType" + }, + "PrivateDnsOnlyForInboundResolverEndpoint":{ + "shape":"Boolean", + "locationName":"privateDnsOnlyForInboundResolverEndpoint" } } }, "DnsOptionsSpecification":{ "type":"structure", "members":{ - "DnsRecordIpType":{"shape":"DnsRecordIpType"} + "DnsRecordIpType":{"shape":"DnsRecordIpType"}, + "PrivateDnsOnlyForInboundResolverEndpoint":{"shape":"Boolean"} } }, "DnsRecordIpType":{ diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 083bd18ad4..732a571aa7 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -2293,6 +2293,8 @@ "DisassociateTransitGatewayRouteTableRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
Indicates whether to enable private DNS only for inbound endpoints.
", + "DnsOptionsSpecification$PrivateDnsOnlyForInboundResolverEndpoint": "Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint.
", "DnsServersOptionsModifyStructure$Enabled": "Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers.
Indicates whether the EBS volume is deleted on instance termination. For more information, see Preserving Amazon EBS volumes on instance termination in the Amazon EC2 User Guide.
", "EbsBlockDevice$Encrypted": "Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide.
In no case can you remove encryption from an encrypted volume.
Encrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.
This parameter is not returned by DescribeImageAttribute.
For CreateImage and RegisterImage, whether you can include this parameter, and the allowed values differ depending on the type of block device mapping you are creating.
If you are creating a block device mapping for a new (empty) volume, you can include this parameter, and specify either true for an encrypted volume, or false for an unencrypted volume. If you omit this parameter, it defaults to false (unencrypted).
If you are creating a block device mapping from an existing encrypted or unencrypted snapshot, you must omit this parameter. If you include this parameter, the request will fail, regardless of the value that you specify.
If you are creating a block device mapping from an existing unencrypted volume, you can include this parameter, but you must specify false. If you specify true, the request will fail. In this case, we recommend that you omit the parameter.
If you are creating a block device mapping from an existing encrypted volume, you can include this parameter, and specify either true or false. However, if you specify false, the parameter is ignored and the block device mapping is always encrypted. In this case, we recommend that you omit the parameter.
Creates a new group.
For information about the number of groups you can create, see IAM and STS quotas in the IAM User Guide.
", "CreateInstanceProfile": "Creates a new instance profile. For information about instance profiles, see Using roles for applications on Amazon EC2 in the IAM User Guide, and Instance profiles in the Amazon EC2 User Guide.
For information about the number of instance profiles you can create, see IAM object quotas in the IAM User Guide.
", "CreateLoginProfile": "Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services services through the Amazon Web Services Management Console.
You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the Amazon Web Services Management Console.
For more information about managing passwords, see Managing passwords in the IAM User Guide.
", - "CreateOpenIDConnectProvider": "Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and the OIDC provider.
If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.
When you create the IAM OIDC provider, you specify the following:
The URL of the OIDC identity provider (IdP) to trust
A list of client IDs (also known as audiences) that identify the application or applications allowed to authenticate using the OIDC provider
A list of thumbprints of one or more server certificates that the IdP uses
You get all of this information from the OIDC IdP you want to use to access Amazon Web Services.
Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our library of trusted certificate authorities (CAs) instead of using a certificate thumbprint to verify your IdP server certificate. These OIDC IdPs include Google, Auth0, and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint remains in your configuration, but is no longer used for validation.
The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.
Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and the OIDC provider.
If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.
When you create the IAM OIDC provider, you specify the following:
The URL of the OIDC identity provider (IdP) to trust
A list of client IDs (also known as audiences) that identify the application or applications allowed to authenticate using the OIDC provider
A list of tags that are attached to the specified IAM OIDC provider
A list of thumbprints of one or more server certificates that the IdP uses
You get all of this information from the OIDC IdP you want to use to access Amazon Web Services.
Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our library of trusted certificate authorities (CAs) instead of using a certificate thumbprint to verify your IdP server certificate. These OIDC IdPs include Google, Auth0, and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint remains in your configuration, but is no longer used for validation.
The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.
Creates a new managed policy for your Amazon Web Services account.
This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for managed policies in the IAM User Guide.
As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.
For more information about managed policies in general, see Managed policies and inline policies in the IAM User Guide.
", "CreatePolicyVersion": "Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.
Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.
For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.
", "CreateRole": "Creates a new role for your Amazon Web Services account. For more information about roles, see IAM roles. For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the IAM User Guide.
", @@ -66,7 +66,7 @@ "GetInstanceProfile": "Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role. For more information about instance profiles, see About instance profiles in the IAM User Guide.
", "GetLoginProfile": "Retrieves the user name for the specified IAM user. A login profile is created when you create a password for the user to access the Amazon Web Services Management Console. If the user does not exist or does not have a password, the operation returns a 404 (NoSuchEntity) error.
If you create an IAM user with access to the console, the CreateDate reflects the date you created the initial password for the user.
If you create an IAM user with programmatic access, and then later add a password for the user to access the Amazon Web Services Management Console, the CreateDate reflects the initial password creation date. A user with programmatic access does not have a login profile unless you create a password for the user to access the Amazon Web Services Management Console.
Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM.
", - "GetOrganizationsAccessReport": "Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.
Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
For each service that principals in an account (root users, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.
By default, the list is sorted by service namespace.
", + "GetOrganizationsAccessReport": "Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.
Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
For each service that principals in an account (root user, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.
By default, the list is sorted by service namespace.
", "GetPolicy": "Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. This operation returns metadata about the policy. To retrieve the actual policy document for a specific version of the policy, use GetPolicyVersion.
This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded with an IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
For more information about policies, see Managed policies and inline policies in the IAM User Guide.
", "GetPolicyVersion": "Retrieves information about the specified version of the specified managed policy, including the policy document.
Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
To list the available versions for a policy, use ListPolicyVersions.
This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
For more information about the types of policies, see Managed policies and inline policies in the IAM User Guide.
For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.
", "GetRole": "Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role. For more information about roles, see Working with roles.
Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to. You can simulate resources that don't exist in your account.
You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.
You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation for IAM users only.
The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.
Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.
Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.
If the output is long, you can use the MaxItems and Marker parameters to paginate the results.
The IAM policy simulator evaluates statements in the identity-based policy and the inputs that you provide during simulation. The policy simulator results can differ from your live Amazon Web Services environment. We recommend that you check your policies against your live Amazon Web Services environment after testing using the policy simulator to confirm that you have the desired results. For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.
Adds one or more tags to an IAM instance profile. If a tag with the same key name already exists, then that tag is overwritten with the new value.
Each tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM instance profile that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM virtual MFA device that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For more information about these providers, see About web identity federation. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an OIDC provider that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For more information about these providers, see About web identity federation. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM identity-based and resource-based policies. You can use tags to restrict access to only an OIDC provider that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM customer managed policy. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM customer managed policy that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM role that has a specified tag attached. You can also restrict access to only those resources that have a certain tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
For more information about tagging, see Tagging IAM identities in the IAM User Guide.
", "TagSAMLProvider": "Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider. For more information about these providers, see About SAML 2.0-based federation . If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only a SAML identity provider that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM server certificate. If a tag with the same key name already exists, then that tag is overwritten with the new value.
For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only a server certificate that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM requesting user that has a specified tag attached. You can also restrict access to only those resources that have a certain tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
For more information about tagging, see Tagging IAM identities in the IAM User Guide.
", + "TagUser": "Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM identity-based and resource-based policies. You can use tags to restrict access to only an IAM requesting user that has a specified tag attached. You can also restrict access to only those resources that have a certain tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
For more information about tagging, see Tagging IAM identities in the IAM User Guide.
", "UntagInstanceProfile": "Removes the specified tags from the IAM instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
", "UntagMFADevice": "Removes the specified tags from the IAM virtual multi-factor authentication (MFA) device. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
", "UntagOpenIDConnectProvider": "Removes the specified tags from the specified OpenID Connect (OIDC)-compatible identity provider in IAM. For more information about OIDC providers, see About web identity federation. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
", @@ -1737,9 +1737,9 @@ } }, "RoleLastUsed": { - "base": "Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.
", + "base": "Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM user Guide.
This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.
", "refs": { - "Role$RoleLastUsed": "Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
", + "Role$RoleLastUsed": "Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM user Guide.
", "RoleDetail$RoleLastUsed": "Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
" } }, @@ -2660,7 +2660,7 @@ "integerType": { "base": null, "refs": { - "AccessDetail$TotalAuthenticatedEntities": "The number of accounts with authenticated principals (root users, IAM users, and IAM roles) that attempted to access the service in the tracking period.
", + "AccessDetail$TotalAuthenticatedEntities": "The number of accounts with authenticated principals (root user, IAM users, and IAM roles) that attempted to access the service in the tracking period.
", "GetOrganizationsAccessReportResponse$NumberOfServicesAccessible": "The number of services that the applicable SCPs allow account principals to access.
", "GetOrganizationsAccessReportResponse$NumberOfServicesNotAccessed": "The number of services that account principals are allowed but did not attempt to access.
", "ServiceLastAccessed$TotalAuthenticatedEntities": "The total number of authenticated principals (root user, IAM users, or IAM roles) that have attempted to access the service.
This field is null if no principals attempted to access the service within the tracking period.
" @@ -2859,7 +2859,7 @@ "organizationsEntityPathType": { "base": null, "refs": { - "AccessDetail$EntityPath": "The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the tracking period.
", + "AccessDetail$EntityPath": "The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no principals (IAM users, IAM roles, or root user) in the reported Organizations entity attempted to access the service within the tracking period.
", "GenerateOrganizationsAccessReportRequest$EntityPath": "The path of the Organizations entity (root, OU, or account). You can build an entity path using the known structure of your organization. For example, assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
The name of the role to add.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
", "AttachRolePolicyRequest$RoleName": "The name (friendly name, not ARN) of the role to attach the policy to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
", - "CreateRoleRequest$RoleName": "The name of the role to create.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both \"MyResource\" and \"myresource\".
", + "CreateRoleRequest$RoleName": "The name of the role to create.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both \"MyResource\" and \"myresource\".
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
", "DeleteRolePermissionsBoundaryRequest$RoleName": "The name (friendly name, not ARN) of the IAM role from which you want to remove the permissions boundary.
", "DeleteRolePolicyRequest$RoleName": "The name (friendly name, not ARN) identifying the role that the policy is embedded in.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
", "DeleteRoleRequest$RoleName": "The name of the role to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
", @@ -3432,7 +3432,7 @@ "thumbprintListType": { "base": "Contains a list of thumbprints of identity provider server certificates.
", "refs": { - "CreateOpenIDConnectProviderRequest$ThumbprintList": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates. Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates.
The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string.
You must provide at least one thumbprint when creating an IAM OIDC provider. For example, assume that the OIDC provider is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect. In that case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com.
For more information about obtaining the OIDC provider thumbprint, see Obtaining the thumbprint for an OpenID Connect provider in the IAM User Guide.
", + "CreateOpenIDConnectProviderRequest$ThumbprintList": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates. Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates.
The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string.
You must provide at least one thumbprint when creating an IAM OIDC provider. For example, assume that the OIDC provider is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect. In that case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com.
For more information about obtaining the OIDC provider thumbprint, see Obtaining the thumbprint for an OpenID Connect provider in the IAM user Guide.
", "GetOpenIDConnectProviderResponse$ThumbprintList": "A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
", "UpdateOpenIDConnectProviderThumbprintRequest$ThumbprintList": "A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
" } @@ -3516,7 +3516,7 @@ "virtualMFADeviceName": { "base": null, "refs": { - "CreateVirtualMFADeviceRequest$VirtualMFADeviceName": "The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" + "CreateVirtualMFADeviceRequest$VirtualMFADeviceName": "The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" } } } diff --git a/models/apis/iam/2010-05-08/endpoint-rule-set-1.json b/models/apis/iam/2010-05-08/endpoint-rule-set-1.json index cd01afb8e7..c1cc7ead31 100644 --- a/models/apis/iam/2010-05-08/endpoint-rule-set-1.json +++ b/models/apis/iam/2010-05-08/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,64 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "isSet", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - }, - "aws" + "ref": "Region" + } ] } ], @@ -128,22 +111,13 @@ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "type": "tree", @@ -151,100 +125,221 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" + ] + }, + "aws" + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] }, { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://iam-fips.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "endpoint": { - "url": "https://iam-fips.amazonaws.com", + "url": "https://iam.amazonaws.com", "properties": { "authSchemes": [ { "name": "sigv4", - "signingRegion": "us-east-1", - "signingName": "iam" + "signingName": "iam", + "signingRegion": "us-east-1" } ] }, @@ -254,828 +349,886 @@ } ] }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-cn" ] } ], "type": "tree", "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://iam.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://iam.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-east-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.api.amazonwebservices.com.cn", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] }, - "name" - ] - }, - "aws-cn" - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.amazonaws.com.cn", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam.{Region}.api.amazonwebservices.com.cn", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] }, - true + { + "conditions": [], + "endpoint": { + "url": "https://iam.cn-north-1.amazonaws.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "cn-north-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" + ] + }, + "aws-us-gov" + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] }, { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam.us-gov.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, { "conditions": [], "endpoint": { - "url": "https://iam-fips.{Region}.api.amazonwebservices.com.cn", - "properties": {}, + "url": "https://iam.us-gov.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-gov-west-1" + } + ] + }, "headers": {} }, "type": "endpoint" } ] }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-iso" ] } ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.c2s.ic.gov", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, { "conditions": [], "endpoint": { - "url": "https://iam-fips.{Region}.amazonaws.com.cn", - "properties": {}, + "url": "https://iam.us-iso-east-1.c2s.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-iso-east-1" + } + ] + }, "headers": {} }, "type": "endpoint" } ] }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-iso-b" ] } ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.sc2s.sgov.gov", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, { "conditions": [], "endpoint": { - "url": "https://iam.{Region}.api.amazonwebservices.com.cn", - "properties": {}, + "url": "https://iam.us-isob-east-1.sc2s.sgov.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-isob-east-1" + } + ] + }, "headers": {} }, "type": "endpoint" } ] }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://iam.cn-north-1.amazonaws.com.cn", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "cn-north-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - }, - "aws-us-gov" - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } + "ref": "UseFIPS" + }, + true ] }, { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "UseDualStack" + }, + true ] } ], "type": "tree", "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://iam-fips.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ + true, { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://iam.us-gov.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-gov-west-1", - "signingName": "iam" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] } ] }, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ + true, { - "ref": "PartitionResult" - }, - "supportsDualStack" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://iam.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://iam.us-gov.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-gov-west-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - }, - "aws-iso" - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, + ], + "type": "tree", + "rules": [ { - "fn": "getAttr", - "argv": [ + "conditions": [], + "type": "tree", + "rules": [ { - "ref": "PartitionResult" - }, - "supportsFIPS" + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } ] } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], - "endpoint": { - "url": "https://iam-fips.{Region}.c2s.ic.gov", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://iam.us-iso-east-1.c2s.ic.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-iso-east-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - }, - "aws-iso-b" - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } + "ref": "UseFIPS" + }, + true ] } ], "type": "tree", "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://iam-fips.{Region}.sc2s.sgov.gov", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://iam.us-isob-east-1.sc2s.sgov.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-isob-east-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ + "conditions": [ { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ { - "ref": "PartitionResult" - }, - "supportsDualStack" + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "aws-global" + ] + } + ], + "endpoint": { + "url": "https://iam-fips.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "aws-us-gov-global" + ] + } + ], + "endpoint": { + "url": "https://iam.us-gov.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ + }, { "conditions": [], - "endpoint": { - "url": "https://iam-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } - ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" + ] }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -1093,13 +1246,40 @@ } ], "endpoint": { - "url": "https://iam-fips.amazonaws.com", + "url": "https://iam.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "aws-cn-global" + ] + } + ], + "endpoint": { + "url": "https://iam.cn-north-1.amazonaws.com.cn", "properties": { "authSchemes": [ { "name": "sigv4", - "signingRegion": "us-east-1", - "signingName": "iam" + "signingName": "iam", + "signingRegion": "cn-north-1" } ] }, @@ -1125,8 +1305,8 @@ "authSchemes": [ { "name": "sigv4", - "signingRegion": "us-gov-west-1", - "signingName": "iam" + "signingName": "iam", + "signingRegion": "us-gov-west-1" } ] }, @@ -1135,67 +1315,63 @@ "type": "endpoint" }, { - "conditions": [], + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "aws-iso-global" + ] + } + ], "endpoint": { - "url": "https://iam-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, + "url": "https://iam.us-iso-east-1.c2s.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-iso-east-1" + } + ] + }, "headers": {} }, "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", - "argv": [ + "conditions": [ { - "ref": "PartitionResult" + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "aws-iso-b-global" + ] + } + ], + "endpoint": { + "url": "https://iam.us-isob-east-1.sc2s.sgov.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-isob-east-1" + } + ] }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [], "endpoint": { - "url": "https://iam.{Region}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://iam.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -1204,163 +1380,13 @@ ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "aws-global" - ] - } - ], - "endpoint": { - "url": "https://iam.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-east-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "aws-cn-global" - ] - } - ], - "endpoint": { - "url": "https://iam.cn-north-1.amazonaws.com.cn", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "cn-north-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "aws-us-gov-global" - ] - } - ], - "endpoint": { - "url": "https://iam.us-gov.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-gov-west-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "aws-iso-global" - ] - } - ], - "endpoint": { - "url": "https://iam.us-iso-east-1.c2s.ic.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-iso-east-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "aws-iso-b-global" - ] - } - ], - "endpoint": { - "url": "https://iam.us-isob-east-1.sc2s.sgov.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-isob-east-1", - "signingName": "iam" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://iam.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/iam/2010-05-08/endpoint-tests-1.json b/models/apis/iam/2010-05-08/endpoint-tests-1.json index 763c33059b..f1ce381e69 100644 --- a/models/apis/iam/2010-05-08/endpoint-tests-1.json +++ b/models/apis/iam/2010-05-08/endpoint-tests-1.json @@ -1,72 +1,107 @@ { "testCases": [ { - "documentation": "For region aws-iso-global with FIPS disabled and DualStack disabled", + "documentation": "For region aws-global with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-iso-east-1", - "name": "sigv4" + "signingRegion": "us-east-1" } ] }, - "url": "https://iam.us-iso-east-1.c2s.ic.gov" + "url": "https://iam.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "aws-iso-global" + "Region": "aws-global" } }, { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region aws-global with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://iam-fips.us-iso-east-1.c2s.ic.gov" + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-east-1" + } + ] + }, + "url": "https://iam-fips.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "aws-global" } }, { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://iam-fips.us-east-1.api.aws" + } + }, + "params": { + "UseDualStack": true, + "UseFIPS": true, + "Region": "us-east-1" + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-iso-east-1", - "name": "sigv4" + "signingRegion": "us-east-1" } ] }, - "url": "https://iam.us-iso-east-1.c2s.ic.gov" + "url": "https://iam-fips.amazonaws.com" } }, "params": { "UseDualStack": false, + "UseFIPS": true, + "Region": "us-east-1" + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://iam.us-east-1.api.aws" + } + }, + "params": { + "UseDualStack": true, "UseFIPS": false, - "Region": "us-iso-east-1" + "Region": "us-east-1" } }, { - "documentation": "For region aws-global with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-east-1", - "name": "sigv4" + "signingRegion": "us-east-1" } ] }, @@ -76,99 +111,90 @@ "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "aws-global" + "Region": "us-east-1" } }, { - "documentation": "For region aws-global with FIPS enabled and DualStack disabled", + "documentation": "For region aws-cn-global with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-east-1", - "name": "sigv4" + "signingRegion": "cn-north-1" } ] }, - "url": "https://iam-fips.amazonaws.com" + "url": "https://iam.cn-north-1.amazonaws.com.cn" } }, "params": { "UseDualStack": false, - "UseFIPS": true, - "Region": "aws-global" + "UseFIPS": false, + "Region": "aws-cn-global" } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://iam-fips.us-east-1.api.aws" + "url": "https://iam-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { "UseDualStack": true, "UseFIPS": true, - "Region": "us-east-1" + "Region": "cn-north-1" } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "properties": { - "authSchemes": [ - { - "signingName": "iam", - "signingRegion": "us-east-1", - "name": "sigv4" - } - ] - }, - "url": "https://iam-fips.amazonaws.com" + "url": "https://iam-fips.cn-north-1.amazonaws.com.cn" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "us-east-1" + "Region": "cn-north-1" } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://iam.us-east-1.api.aws" + "url": "https://iam.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { "UseDualStack": true, "UseFIPS": false, - "Region": "us-east-1" + "Region": "cn-north-1" } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-east-1", - "name": "sigv4" + "signingRegion": "cn-north-1" } ] }, - "url": "https://iam.amazonaws.com" + "url": "https://iam.cn-north-1.amazonaws.com.cn" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1" + "Region": "cn-north-1" } }, { @@ -178,9 +204,9 @@ "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-gov-west-1", - "name": "sigv4" + "signingRegion": "us-gov-west-1" } ] }, @@ -200,9 +226,9 @@ "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-gov-west-1", - "name": "sigv4" + "signingRegion": "us-gov-west-1" } ] }, @@ -235,9 +261,9 @@ "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-gov-west-1", - "name": "sigv4" + "signingRegion": "us-gov-west-1" } ] }, @@ -270,9 +296,9 @@ "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-gov-west-1", - "name": "sigv4" + "signingRegion": "us-gov-west-1" } ] }, @@ -286,147 +312,135 @@ } }, { - "documentation": "For region aws-iso-b-global with FIPS disabled and DualStack disabled", + "documentation": "For region aws-iso-global with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-isob-east-1", - "name": "sigv4" + "signingRegion": "us-iso-east-1" } ] }, - "url": "https://iam.us-isob-east-1.sc2s.sgov.gov" + "url": "https://iam.us-iso-east-1.c2s.ic.gov" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "aws-iso-b-global" + "Region": "aws-iso-global" } }, { - "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://iam-fips.us-isob-east-1.sc2s.sgov.gov" + "url": "https://iam-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "us-isob-east-1" + "Region": "us-iso-east-1" } }, { - "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "us-isob-east-1", - "name": "sigv4" + "signingRegion": "us-iso-east-1" } ] }, - "url": "https://iam.us-isob-east-1.sc2s.sgov.gov" + "url": "https://iam.us-iso-east-1.c2s.ic.gov" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "us-isob-east-1" + "Region": "us-iso-east-1" } }, { - "documentation": "For region aws-cn-global with FIPS disabled and DualStack disabled", + "documentation": "For region aws-iso-b-global with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { + "name": "sigv4", "signingName": "iam", - "signingRegion": "cn-north-1", - "name": "sigv4" + "signingRegion": "us-isob-east-1" } ] }, - "url": "https://iam.cn-north-1.amazonaws.com.cn" + "url": "https://iam.us-isob-east-1.sc2s.sgov.gov" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "aws-cn-global" - } - }, - { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://iam-fips.cn-north-1.api.amazonwebservices.com.cn" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "cn-north-1" + "Region": "aws-iso-b-global" } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://iam-fips.cn-north-1.amazonaws.com.cn" + "url": "https://iam-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "cn-north-1" + "Region": "us-isob-east-1" } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://iam.cn-north-1.api.amazonwebservices.com.cn" + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "iam", + "signingRegion": "us-isob-east-1" + } + ] + }, + "url": "https://iam.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseDualStack": true, + "UseDualStack": false, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "us-isob-east-1" } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "properties": { - "authSchemes": [ - { - "signingName": "iam", - "signingRegion": "cn-north-1", - "name": "sigv4" - } - ] - }, - "url": "https://iam.cn-north-1.amazonaws.com.cn" + "url": "https://example.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "us-east-1", + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" @@ -435,7 +449,6 @@ "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, diff --git a/models/apis/keyspaces/2022-02-10/api-2.json b/models/apis/keyspaces/2022-02-10/api-2.json index d132d5ca45..0ab97bb46e 100644 --- a/models/apis/keyspaces/2022-02-10/api-2.json +++ b/models/apis/keyspaces/2022-02-10/api-2.json @@ -266,6 +266,17 @@ "box":true, "min":1 }, + "ClientSideTimestamps":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{"shape":"ClientSideTimestampsStatus"} + } + }, + "ClientSideTimestampsStatus":{ + "type":"string", + "enum":["ENABLED"] + }, "ClusteringKey":{ "type":"structure", "required":[ @@ -343,7 +354,8 @@ "pointInTimeRecovery":{"shape":"PointInTimeRecovery"}, "ttl":{"shape":"TimeToLive"}, "defaultTimeToLive":{"shape":"DefaultTimeToLive"}, - "tags":{"shape":"TagList"} + "tags":{"shape":"TagList"}, + "clientSideTimestamps":{"shape":"ClientSideTimestamps"} } }, "CreateTableResponse":{ @@ -451,7 +463,8 @@ "pointInTimeRecovery":{"shape":"PointInTimeRecoverySummary"}, "ttl":{"shape":"TimeToLive"}, "defaultTimeToLive":{"shape":"DefaultTimeToLive"}, - "comment":{"shape":"Comment"} + "comment":{"shape":"Comment"}, + "clientSideTimestamps":{"shape":"ClientSideTimestamps"} } }, "InternalServerException":{ @@ -776,7 +789,8 @@ "encryptionSpecification":{"shape":"EncryptionSpecification"}, "pointInTimeRecovery":{"shape":"PointInTimeRecovery"}, "ttl":{"shape":"TimeToLive"}, - "defaultTimeToLive":{"shape":"DefaultTimeToLive"} + "defaultTimeToLive":{"shape":"DefaultTimeToLive"}, + "clientSideTimestamps":{"shape":"ClientSideTimestamps"} } }, "UpdateTableResponse":{ diff --git a/models/apis/keyspaces/2022-02-10/docs-2.json b/models/apis/keyspaces/2022-02-10/docs-2.json index cc7bf762ec..70e6a9c9f9 100644 --- a/models/apis/keyspaces/2022-02-10/docs-2.json +++ b/models/apis/keyspaces/2022-02-10/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "Amazon Keyspaces (for Apache Cassandra) is a scalable, highly available, and managed Apache Cassandra-compatible database service. Amazon Keyspaces makes it easy to migrate, run, and scale Cassandra workloads in the Amazon Web Services Cloud. With just a few clicks on the Amazon Web Services Management Console or a few lines of code, you can create keyspaces and tables in Amazon Keyspaces, without deploying any infrastructure or installing software.
In addition to supporting Cassandra Query Language (CQL) requests via open-source Cassandra drivers, Amazon Keyspaces supports data definition language (DDL) operations to manage keyspaces and tables using the Amazon Web Services SDK and CLI. This API reference describes the supported DDL operations in detail.
For the list of all supported CQL APIs, see Supported Cassandra APIs, operations, and data types in Amazon Keyspaces in the Amazon Keyspaces Developer Guide.
To learn how Amazon Keyspaces API actions are recorded with CloudTrail, see Amazon Keyspaces information in CloudTrail in the Amazon Keyspaces Developer Guide.
For more information about Amazon Web Services APIs, for example how to implement retry logic or how to sign Amazon Web Services API requests, see Amazon Web Services APIs in the General Reference.
", + "service": "Amazon Keyspaces (for Apache Cassandra) is a scalable, highly available, and managed Apache Cassandra-compatible database service. Amazon Keyspaces makes it easy to migrate, run, and scale Cassandra workloads in the Amazon Web Services Cloud. With just a few clicks on the Amazon Web Services Management Console or a few lines of code, you can create keyspaces and tables in Amazon Keyspaces, without deploying any infrastructure or installing software.
In addition to supporting Cassandra Query Language (CQL) requests via open-source Cassandra drivers, Amazon Keyspaces supports data definition language (DDL) operations to manage keyspaces and tables using the Amazon Web Services SDK and CLI, as well as infrastructure as code (IaC) services and tools such as CloudFormation and Terraform. This API reference describes the supported DDL operations in detail.
For the list of all supported CQL APIs, see Supported Cassandra APIs, operations, and data types in Amazon Keyspaces in the Amazon Keyspaces Developer Guide.
To learn how Amazon Keyspaces API actions are recorded with CloudTrail, see Amazon Keyspaces information in CloudTrail in the Amazon Keyspaces Developer Guide.
For more information about Amazon Web Services APIs, for example how to implement retry logic or how to sign Amazon Web Services API requests, see Amazon Web Services APIs in the General Reference.
", "operations": { "CreateKeyspace": "The CreateKeyspace operation adds a new keyspace to your account. In an Amazon Web Services account, keyspace names must be unique within each Region.
CreateKeyspace is an asynchronous operation. You can monitor the creation status of the new keyspace by using the GetKeyspace operation.
For more information, see Creating keyspaces in the Amazon Keyspaces Developer Guide.
", "CreateTable": "The CreateTable operation adds a new table to the specified keyspace. Within a keyspace, table names must be unique.
CreateTable is an asynchronous operation. When the request is received, the status of the table is set to CREATING. You can monitor the creation status of the new table by using the GetTable operation, which returns the current status of the table. You can start using a table when the status is ACTIVE.
For more information, see Creating tables in the Amazon Keyspaces Developer Guide.
", @@ -11,7 +11,7 @@ "ListKeyspaces": "Returns a list of keyspaces.
", "ListTables": "Returns a list of tables for a specified keyspace.
", "ListTagsForResource": "Returns a list of all tags associated with the specified Amazon Keyspaces resource.
", - "RestoreTable": "Restores the specified table to the specified point in time within the earliest_restorable_timestamp and the current time. For more information about restore points, see Time window for PITR continuous backups in the Amazon Keyspaces Developer Guide.
Any number of users can execute up to 4 concurrent restores (any type of restore) in a given account.
When you restore using point in time recovery, Amazon Keyspaces restores your source table's schema and data to the state based on the selected timestamp (day:hour:minute:second) to a new table. The Time to Live (TTL) settings are also restored to the state based on the selected timestamp.
In addition to the table's schema, data, and TTL settings, RestoreTable restores the capacity mode, encryption, and point-in-time recovery settings from the source table. Unlike the table's schema data and TTL settings, which are restored based on the selected timestamp, these settings are always restored based on the table's settings as of the current time or when the table was deleted.
You can also overwrite these settings during restore:
• Read/write capacity mode
• Provisioned throughput capacity settings
• Point-in-time (PITR) settings
• Tags
For more information, see PITR restore settings in the Amazon Keyspaces Developer Guide.
Note that the following settings are not restored, and you must configure them manually for the new table:
• Automatic scaling policies (for tables that use provisioned capacity mode)
• Identity and Access Management (IAM) policies
• Amazon CloudWatch metrics and alarms
", + "RestoreTable": "Restores the specified table to the specified point in time within the earliest_restorable_timestamp and the current time. For more information about restore points, see Time window for PITR continuous backups in the Amazon Keyspaces Developer Guide.
Any number of users can execute up to 4 concurrent restores (any type of restore) in a given account.
When you restore using point in time recovery, Amazon Keyspaces restores your source table's schema and data to the state based on the selected timestamp (day:hour:minute:second) to a new table. The Time to Live (TTL) settings are also restored to the state based on the selected timestamp.
In addition to the table's schema, data, and TTL settings, RestoreTable restores the capacity mode, encryption, and point-in-time recovery settings from the source table. Unlike the table's schema data and TTL settings, which are restored based on the selected timestamp, these settings are always restored based on the table's settings as of the current time or when the table was deleted.
You can also overwrite these settings during restore:
Read/write capacity mode
Provisioned throughput capacity settings
Point-in-time (PITR) settings
Tags
For more information, see PITR restore settings in the Amazon Keyspaces Developer Guide.
Note that the following settings are not restored, and you must configure them manually for the new table:
Automatic scaling policies (for tables that use provisioned capacity mode)
Identity and Access Management (IAM) policies
Amazon CloudWatch metrics and alarms
Associates a set of tags with a Amazon Keyspaces resource. You can then activate these user-defined tags so that they appear on the Cost Management Console for cost allocation tracking. For more information, see Adding tags and labels to Amazon Keyspaces resources in the Amazon Keyspaces Developer Guide.
For IAM policy examples that show how to control access to Amazon Keyspaces resources based on tags, see Amazon Keyspaces resource access based on tags in the Amazon Keyspaces Developer Guide.
", "UntagResource": "Removes the association of tags from a Amazon Keyspaces resource.
", "UpdateTable": "Adds new columns to the table or updates one of the table's settings, for example capacity mode, encryption, point-in-time recovery, or ttl settings. Note that you can only update one specific table setting per update operation.
" @@ -40,17 +40,17 @@ } }, "CapacitySpecification": { - "base": "Amazon Keyspaces has two read/write capacity modes for processing reads and writes on your tables:
• On-demand (default)
• Provisioned
The read/write capacity mode that you choose controls how you are charged for read and write throughput and how table throughput capacity is managed.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", + "base": "Amazon Keyspaces has two read/write capacity modes for processing reads and writes on your tables:
On-demand (default)
Provisioned
The read/write capacity mode that you choose controls how you are charged for read and write throughput and how table throughput capacity is managed.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", "refs": { - "CreateTableRequest$capacitySpecification": "Specifies the read/write throughput capacity mode for the table. The options are:
• throughputMode:PAY_PER_REQUEST and
• throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", - "RestoreTableRequest$capacitySpecificationOverride": "Specifies the read/write throughput capacity mode for the target table. The options are:
• throughputMode:PAY_PER_REQUEST
• throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", - "UpdateTableRequest$capacitySpecification": "Modifies the read/write throughput capacity mode for the table. The options are:
• throughputMode:PAY_PER_REQUEST and
• throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
" + "CreateTableRequest$capacitySpecification": "Specifies the read/write throughput capacity mode for the table. The options are:
throughputMode:PAY_PER_REQUEST and
throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", + "RestoreTableRequest$capacitySpecificationOverride": "Specifies the read/write throughput capacity mode for the target table. The options are:
throughputMode:PAY_PER_REQUEST
throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", + "UpdateTableRequest$capacitySpecification": "Modifies the read/write throughput capacity mode for the table. The options are:
throughputMode:PAY_PER_REQUEST and
throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
" } }, "CapacitySpecificationSummary": { - "base": "The read/write throughput capacity mode for a table. The options are:
• throughputMode:PAY_PER_REQUEST and
• throughputMode:PROVISIONED.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", + "base": "The read/write throughput capacity mode for a table. The options are:
throughputMode:PAY_PER_REQUEST and
throughputMode:PROVISIONED.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", "refs": { - "GetTableResponse$capacitySpecification": "The read/write throughput capacity mode for a table. The options are:
• throughputMode:PAY_PER_REQUEST
• throughputMode:PROVISIONED
The read/write throughput capacity mode for a table. The options are:
throughputMode:PAY_PER_REQUEST
throughputMode:PROVISIONED
The throughput capacity specified for write operations defined in write capacity units (WCUs).
The client-side timestamp setting of the table.
For more information, see How it works: Amazon Keyspaces client-side timestamps in the Amazon Keyspaces Developer Guide.
", + "refs": { + "CreateTableRequest$clientSideTimestamps": "Enables client-side timestamps for the table. By default, the setting is disabled. You can enable client-side timestamps with the following option:
status: \"enabled\"
Once client-side timestamps are enabled for a table, this setting cannot be disabled.
", + "GetTableResponse$clientSideTimestamps": "The client-side timestamps setting of the table.
", + "UpdateTableRequest$clientSideTimestamps": "Enables client-side timestamps for the table. By default, the setting is disabled. You can enable client-side timestamps with the following option:
status: \"enabled\"
Once client-side timestamps are enabled for a table, this setting cannot be disabled.
" + } + }, + "ClientSideTimestampsStatus": { + "base": null, + "refs": { + "ClientSideTimestamps$status": "Shows how to enable client-side timestamps settings for the specified table.
" + } + }, "ClusteringKey": { "base": "The optional clustering column portion of your primary key determines how the data is clustered and sorted within each partition.
", "refs": { @@ -84,7 +98,7 @@ "base": null, "refs": { "SchemaDefinition$allColumns": "The regular columns of the table.
", - "UpdateTableRequest$addColumns": "For each column to be added to the specified table:
• name - The name of the column.
• type - An Amazon Keyspaces data type. For more information, see Data types in the Amazon Keyspaces Developer Guide.
For each column to be added to the specified table:
name - The name of the column.
type - An Amazon Keyspaces data type. For more information, see Data types in the Amazon Keyspaces Developer Guide.
The default Time to Live setting in seconds for the table.
For more information, see Setting the default TTL value for a table in the Amazon Keyspaces Developer Guide.
", - "GetTableResponse$defaultTimeToLive": "The default Time to Live settings of the specified table.
", + "GetTableResponse$defaultTimeToLive": "The default Time to Live settings in seconds of the specified table.
", "UpdateTableRequest$defaultTimeToLive": "The default Time to Live setting in seconds for the table.
For more information, see Setting the default TTL value for a table in the Amazon Keyspaces Developer Guide.
" } }, @@ -148,18 +162,18 @@ } }, "EncryptionSpecification": { - "base": "Amazon Keyspaces encrypts and decrypts the table data at rest transparently and integrates with Key Management Service for storing and managing the encryption key. You can choose one of the following KMS keys (KMS keys):
• Amazon Web Services owned key - This is the default encryption type. The key is owned by Amazon Keyspaces (no additional charge).
• Customer managed key - This key is stored in your account and is created, owned, and managed by you. You have full control over the customer managed key (KMS charges apply).
For more information about encryption at rest in Amazon Keyspaces, see Encryption at rest in the Amazon Keyspaces Developer Guide.
For more information about KMS, see KMS management service concepts in the Key Management Service Developer Guide.
", + "base": "Amazon Keyspaces encrypts and decrypts the table data at rest transparently and integrates with Key Management Service for storing and managing the encryption key. You can choose one of the following KMS keys (KMS keys):
Amazon Web Services owned key - This is the default encryption type. The key is owned by Amazon Keyspaces (no additional charge).
Customer managed key - This key is stored in your account and is created, owned, and managed by you. You have full control over the customer managed key (KMS charges apply).
For more information about encryption at rest in Amazon Keyspaces, see Encryption at rest in the Amazon Keyspaces Developer Guide.
For more information about KMS, see KMS management service concepts in the Key Management Service Developer Guide.
", "refs": { - "CreateTableRequest$encryptionSpecification": "Specifies how the encryption key for encryption at rest is managed for the table. You can choose one of the following KMS key (KMS key):
• type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
• type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is type:AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
", + "CreateTableRequest$encryptionSpecification": "Specifies how the encryption key for encryption at rest is managed for the table. You can choose one of the following KMS key (KMS key):
type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is type:AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
", "GetTableResponse$encryptionSpecification": "The encryption settings of the specified table.
", - "RestoreTableRequest$encryptionSpecificationOverride": "Specifies the encryption settings for the target table. You can choose one of the following KMS key (KMS key):
• type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
• type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is type:AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
", - "UpdateTableRequest$encryptionSpecification": "Modifies the encryption settings of the table. You can choose one of the following KMS key (KMS key):
• type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
• type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
" + "RestoreTableRequest$encryptionSpecificationOverride": "Specifies the encryption settings for the target table. You can choose one of the following KMS key (KMS key):
type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is type:AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
", + "UpdateTableRequest$encryptionSpecification": "Modifies the encryption settings of the table. You can choose one of the following KMS key (KMS key):
type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
" } }, "EncryptionType": { "base": null, "refs": { - "EncryptionSpecification$type": "The encryption option specified for the table. You can choose one of the following KMS keys (KMS keys):
• type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
• type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is type:AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
" + "EncryptionSpecification$type": "The encryption option specified for the table. You can choose one of the following KMS keys (KMS keys):
type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.
type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.
The default is type:AWS_OWNED_KMS_KEY.
For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
" } }, "GenericString": { @@ -292,15 +306,15 @@ "PointInTimeRecovery": { "base": "Point-in-time recovery (PITR) helps protect your Amazon Keyspaces tables from accidental write or delete operations by providing you continuous backups of your table data.
For more information, see Point-in-time recovery in the Amazon Keyspaces Developer Guide.
", "refs": { - "CreateTableRequest$pointInTimeRecovery": "Specifies if pointInTimeRecovery is enabled or disabled for the table. The options are:
• ENABLED
• DISABLED
If it's not specified, the default is DISABLED.
For more information, see Point-in-time recovery in the Amazon Keyspaces Developer Guide.
", - "RestoreTableRequest$pointInTimeRecoveryOverride": "Specifies the pointInTimeRecovery settings for the target table. The options are:
• ENABLED
• DISABLED
If it's not specified, the default is DISABLED.
For more information, see Point-in-time recovery in the Amazon Keyspaces Developer Guide.
", - "UpdateTableRequest$pointInTimeRecovery": "Modifies the pointInTimeRecovery settings of the table. The options are:
• ENABLED
• DISABLED
If it's not specified, the default is DISABLED.
For more information, see Point-in-time recovery in the Amazon Keyspaces Developer Guide.
" + "CreateTableRequest$pointInTimeRecovery": "Specifies if pointInTimeRecovery is enabled or disabled for the table. The options are:
status=ENABLED
status=DISABLED
If it's not specified, the default is status=DISABLED.
For more information, see Point-in-time recovery in the Amazon Keyspaces Developer Guide.
", + "RestoreTableRequest$pointInTimeRecoveryOverride": "Specifies the pointInTimeRecovery settings for the target table. The options are:
status=ENABLED
status=DISABLED
If it's not specified, the default is status=DISABLED.
For more information, see Point-in-time recovery in the Amazon Keyspaces Developer Guide.
", + "UpdateTableRequest$pointInTimeRecovery": "Modifies the pointInTimeRecovery settings of the table. The options are:
status=ENABLED
status=DISABLED
If it's not specified, the default is status=DISABLED.
For more information, see Point-in-time recovery in the Amazon Keyspaces Developer Guide.
" } }, "PointInTimeRecoveryStatus": { "base": null, "refs": { - "PointInTimeRecovery$status": "The options are:
• ENABLED
• DISABLED
The options are:
status=ENABLED
status=DISABLED
Shows if point-in-time recovery is enabled or disabled for the specified table.
" } }, @@ -328,7 +342,7 @@ "SchemaDefinition": { "base": "Describes the schema of the table.
", "refs": { - "CreateTableRequest$schemaDefinition": "The schemaDefinition consists of the following parameters.
For each column to be created:
• name - The name of the column.
• type - An Amazon Keyspaces data type. For more information, see Data types in the Amazon Keyspaces Developer Guide.
The primary key of the table consists of the following columns:
• partitionKeys - The partition key can be a single column, or it can be a compound value composed of two or more columns. The partition key portion of the primary key is required and determines how Amazon Keyspaces stores your data.
• name - The name of each partition key column.
• clusteringKeys - The optional clustering column portion of your primary key determines how the data is clustered and sorted within each partition.
• name - The name of the clustering column.
• orderBy - Sets the ascendant (ASC) or descendant (DESC) order modifier.
To define a column as static use staticColumns - Static columns store values that are shared by all rows in the same partition:
• name - The name of the column.
• type - An Amazon Keyspaces data type.
The schemaDefinition consists of the following parameters.
For each column to be created:
name - The name of the column.
type - An Amazon Keyspaces data type. For more information, see Data types in the Amazon Keyspaces Developer Guide.
The primary key of the table consists of the following columns:
partitionKeys - The partition key can be a single column, or it can be a compound value composed of two or more columns. The partition key portion of the primary key is required and determines how Amazon Keyspaces stores your data.
name - The name of each partition key column.
clusteringKeys - The optional clustering column portion of your primary key determines how the data is clustered and sorted within each partition.
name - The name of the clustering column.
orderBy - Sets the ascendant (ASC) or descendant (DESC) order modifier.
To define a column as static use staticColumns - Static columns store values that are shared by all rows in the same partition:
name - The name of the column.
type - An Amazon Keyspaces data type.
The schema definition of the specified table.
" } }, @@ -440,16 +454,16 @@ "ThroughputMode": { "base": null, "refs": { - "CapacitySpecification$throughputMode": "The read/write throughput capacity mode for a table. The options are:
• throughputMode:PAY_PER_REQUEST and
• throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", - "CapacitySpecificationSummary$throughputMode": "The read/write throughput capacity mode for a table. The options are:
• throughputMode:PAY_PER_REQUEST and
• throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
" + "CapacitySpecification$throughputMode": "The read/write throughput capacity mode for a table. The options are:
throughputMode:PAY_PER_REQUEST and
throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
", + "CapacitySpecificationSummary$throughputMode": "The read/write throughput capacity mode for a table. The options are:
throughputMode:PAY_PER_REQUEST and
throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits and writeCapacityUnits as input.
The default is throughput_mode:PAY_PER_REQUEST.
For more information, see Read/write capacity modes in the Amazon Keyspaces Developer Guide.
" } }, "TimeToLive": { "base": "Enable custom Time to Live (TTL) settings for rows and columns without setting a TTL default for the specified table.
For more information, see Enabling TTL on tables in the Amazon Keyspaces Developer Guide.
", "refs": { - "CreateTableRequest$ttl": "Enables Time to Live custom settings for the table. The options are:
• status:enabled
• status:disabled
The default is status:disabled. After ttl is enabled, you can't disable it for the table.
For more information, see Expiring data by using Amazon Keyspaces Time to Live (TTL) in the Amazon Keyspaces Developer Guide.
", + "CreateTableRequest$ttl": "Enables Time to Live custom settings for the table. The options are:
status:enabled
status:disabled
The default is status:disabled. After ttl is enabled, you can't disable it for the table.
For more information, see Expiring data by using Amazon Keyspaces Time to Live (TTL) in the Amazon Keyspaces Developer Guide.
", "GetTableResponse$ttl": "The custom Time to Live settings of the specified table.
", - "UpdateTableRequest$ttl": "Modifies Time to Live custom settings for the table. The options are:
• status:enabled
• status:disabled
The default is status:disabled. After ttl is enabled, you can't disable it for the table.
For more information, see Expiring data by using Amazon Keyspaces Time to Live (TTL) in the Amazon Keyspaces Developer Guide.
" + "UpdateTableRequest$ttl": "Modifies Time to Live custom settings for the table. The options are:
status:enabled
status:disabled
The default is status:disabled. After ttl is enabled, you can't disable it for the table.
For more information, see Expiring data by using Amazon Keyspaces Time to Live (TTL) in the Amazon Keyspaces Developer Guide.
" } }, "TimeToLiveStatus": { diff --git a/models/apis/keyspaces/2022-02-10/endpoint-rule-set-1.json b/models/apis/keyspaces/2022-02-10/endpoint-rule-set-1.json index 74d4f797a4..eaa1d7b0c1 100644 --- a/models/apis/keyspaces/2022-02-10/endpoint-rule-set-1.json +++ b/models/apis/keyspaces/2022-02-10/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,179 +111,240 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cassandra-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://cassandra-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-us-gov", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] } ] } ], - "endpoint": { - "url": "https://cassandra.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://cassandra.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://cassandra-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] }, { "conditions": [], - "endpoint": { - "url": "https://cassandra-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cassandra.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -311,7 +352,7 @@ { "conditions": [], "endpoint": { - "url": "https://cassandra.{Region}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://cassandra.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -320,28 +361,13 @@ ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://cassandra.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/keyspaces/2022-02-10/endpoint-tests-1.json b/models/apis/keyspaces/2022-02-10/endpoint-tests-1.json index 63ecfebde5..cd6fb84032 100644 --- a/models/apis/keyspaces/2022-02-10/endpoint-tests-1.json +++ b/models/apis/keyspaces/2022-02-10/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "Region": "ap-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-east-1" } }, { @@ -21,9 +21,9 @@ } }, "params": { - "Region": "ap-northeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-1" } }, { @@ -34,9 +34,9 @@ } }, "params": { - "Region": "ap-northeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-2" } }, { @@ -47,9 +47,9 @@ } }, "params": { - "Region": "ap-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-south-1" } }, { @@ -60,9 +60,9 @@ } }, "params": { - "Region": "ap-southeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-1" } }, { @@ -73,9 +73,9 @@ } }, "params": { - "Region": "ap-southeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-2" } }, { @@ -86,9 +86,9 @@ } }, "params": { - "Region": "ca-central-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ca-central-1" } }, { @@ -99,9 +99,9 @@ } }, "params": { - "Region": "eu-central-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-central-1" } }, { @@ -112,9 +112,9 @@ } }, "params": { - "Region": "eu-north-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-north-1" } }, { @@ -125,9 +125,9 @@ } }, "params": { - "Region": "eu-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-1" } }, { @@ -138,9 +138,9 @@ } }, "params": { - "Region": "eu-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-2" } }, { @@ -151,9 +151,9 @@ } }, "params": { - "Region": "eu-west-3", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-3" } }, { @@ -164,9 +164,9 @@ } }, "params": { - "Region": "me-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "me-south-1" } }, { @@ -177,9 +177,9 @@ } }, "params": { - "Region": "sa-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "sa-east-1" } }, { @@ -190,9 +190,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -203,9 +203,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -216,9 +216,9 @@ } }, "params": { - "Region": "us-east-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-2" } }, { @@ -229,9 +229,9 @@ } }, "params": { - "Region": "us-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-west-1" } }, { @@ -242,9 +242,9 @@ } }, "params": { - "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-west-2" } }, { @@ -255,9 +255,9 @@ } }, "params": { - "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-west-2" } }, { @@ -268,9 +268,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -281,9 +281,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -294,9 +294,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -307,9 +307,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -320,9 +320,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -333,9 +333,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -346,9 +346,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -359,9 +359,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -372,9 +372,9 @@ } }, "params": { - "Region": "us-gov-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-west-1" } }, { @@ -385,9 +385,9 @@ } }, "params": { - "Region": "us-gov-west-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-west-1" } }, { @@ -398,9 +398,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -411,9 +411,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -424,9 +424,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-iso-east-1" } }, { @@ -437,9 +437,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-iso-east-1" } }, { @@ -450,9 +450,9 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-isob-east-1" } }, { @@ -463,20 +463,33 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-isob-east-1" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { + "UseDualStack": false, + "UseFIPS": false, "Region": "us-east-1", + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { "UseDualStack": false, "UseFIPS": false, "Endpoint": "https://example.com" @@ -488,9 +501,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": false, "UseFIPS": true, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -500,9 +513,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": true, "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } } diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index dabbac6a66..39905427e7 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -5138,6 +5138,7 @@ "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, @@ -18129,12 +18130,34 @@ "credentialScope" : { "region" : "us-gov-east-1" }, + "hostname" : "access-analyzer.us-gov-east-1.amazonaws.com", + "variants" : [ { + "hostname" : "access-analyzer.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-east-1-fips" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, "hostname" : "access-analyzer.us-gov-east-1.amazonaws.com" }, "us-gov-west-1" : { "credentialScope" : { "region" : "us-gov-west-1" }, + "hostname" : "access-analyzer.us-gov-west-1.amazonaws.com", + "variants" : [ { + "hostname" : "access-analyzer.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1-fips" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, "hostname" : "access-analyzer.us-gov-west-1.amazonaws.com" } } diff --git a/service/applicationautoscaling/api.go b/service/applicationautoscaling/api.go index 64795a0467..b091ce2493 100644 --- a/service/applicationautoscaling/api.go +++ b/service/applicationautoscaling/api.go @@ -1450,13 +1450,6 @@ func (s *ConcurrentUpdateException) RequestID() string { // number of capacity units. That is, the value of the metric should decrease // when capacity increases, and increase when capacity decreases. // -// For an example of how creating new metrics can be useful, see Scaling based -// on Amazon SQS (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html) -// in the Amazon EC2 Auto Scaling User Guide. This topic mentions Auto Scaling -// groups, but the same scenario for Amazon SQS can apply to the target tracking -// scaling policies that you create for a Spot Fleet by using the Application -// Auto Scaling API. -// // For more information about the CloudWatch terminology below, see Amazon CloudWatch // concepts (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) // in the Amazon CloudWatch User Guide. @@ -1472,19 +1465,17 @@ type CustomizedMetricSpecification struct { // The name of the metric. To get the exact metric name, namespace, and dimensions, // inspect the Metric (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) // object that is returned by a call to ListMetrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html). - // - // MetricName is a required field - MetricName *string `type:"string" required:"true"` + MetricName *string `type:"string"` + + // The metrics to include in the target tracking scaling policy, as a metric + // data query. This can include both raw metric and metric math expressions. + Metrics []*TargetTrackingMetricDataQuery `type:"list"` // The namespace of the metric. - // - // Namespace is a required field - Namespace *string `type:"string" required:"true"` + Namespace *string `type:"string"` // The statistic of the metric. - // - // Statistic is a required field - Statistic *string `type:"string" required:"true" enum:"MetricStatistic"` + Statistic *string `type:"string" enum:"MetricStatistic"` // The unit of the metric. For a complete list of the units that CloudWatch // supports, see the MetricDatum (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) @@ -1513,15 +1504,6 @@ func (s CustomizedMetricSpecification) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CustomizedMetricSpecification) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CustomizedMetricSpecification"} - if s.MetricName == nil { - invalidParams.Add(request.NewErrParamRequired("MetricName")) - } - if s.Namespace == nil { - invalidParams.Add(request.NewErrParamRequired("Namespace")) - } - if s.Statistic == nil { - invalidParams.Add(request.NewErrParamRequired("Statistic")) - } if s.Dimensions != nil { for i, v := range s.Dimensions { if v == nil { @@ -1532,6 +1514,16 @@ func (s *CustomizedMetricSpecification) Validate() error { } } } + if s.Metrics != nil { + for i, v := range s.Metrics { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Metrics", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -1551,6 +1543,12 @@ func (s *CustomizedMetricSpecification) SetMetricName(v string) *CustomizedMetri return s } +// SetMetrics sets the Metrics field's value. +func (s *CustomizedMetricSpecification) SetMetrics(v []*TargetTrackingMetricDataQuery) *CustomizedMetricSpecification { + s.Metrics = v + return s +} + // SetNamespace sets the Namespace field's value. func (s *CustomizedMetricSpecification) SetNamespace(v string) *CustomizedMetricSpecification { s.Namespace = &v @@ -6182,6 +6180,375 @@ func (s *SuspendedState) SetScheduledScalingSuspended(v bool) *SuspendedState { return s } +// Represents a specific metric. +// +// Metric is a property of the TargetTrackingMetricStat object. +type TargetTrackingMetric struct { + _ struct{} `type:"structure"` + + // The dimensions for the metric. For the list of available dimensions, see + // the Amazon Web Services documentation available from the table in Amazon + // Web Services services that publish CloudWatch metrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) + // in the Amazon CloudWatch User Guide. + // + // Conditional: If you published your metric with dimensions, you must specify + // the same dimensions in your scaling policy. + Dimensions []*TargetTrackingMetricDimension `type:"list"` + + // The name of the metric. + MetricName *string `min:"1" type:"string"` + + // The namespace of the metric. For more information, see the table in Amazon + // Web Services services that publish CloudWatch metrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) + // in the Amazon CloudWatch User Guide. + Namespace *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetric) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetric) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TargetTrackingMetric) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TargetTrackingMetric"} + if s.MetricName != nil && len(*s.MetricName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) + } + if s.Namespace != nil && len(*s.Namespace) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) + } + if s.Dimensions != nil { + for i, v := range s.Dimensions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Dimensions", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDimensions sets the Dimensions field's value. +func (s *TargetTrackingMetric) SetDimensions(v []*TargetTrackingMetricDimension) *TargetTrackingMetric { + s.Dimensions = v + return s +} + +// SetMetricName sets the MetricName field's value. +func (s *TargetTrackingMetric) SetMetricName(v string) *TargetTrackingMetric { + s.MetricName = &v + return s +} + +// SetNamespace sets the Namespace field's value. +func (s *TargetTrackingMetric) SetNamespace(v string) *TargetTrackingMetric { + s.Namespace = &v + return s +} + +// The metric data to return. Also defines whether this call is returning data +// for one metric only, or whether it is performing a math expression on the +// values of returned metric statistics to create a new time series. A time +// series is a series of data points, each of which is associated with a timestamp. +// +// For more information and examples, see Create a target tracking scaling policy +// for Application Auto Scaling using metric math (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking-metric-math.html) +// in the Application Auto Scaling User Guide. +type TargetTrackingMetricDataQuery struct { + _ struct{} `type:"structure"` + + // The math expression to perform on the returned data, if this object is performing + // a math expression. This expression can use the Id of the other metrics to + // refer to those metrics, and can also use the Id of other expressions to use + // the result of those expressions. + // + // Conditional: Within each TargetTrackingMetricDataQuery object, you must specify + // either Expression or MetricStat, but not both. + Expression *string `min:"1" type:"string"` + + // A short name that identifies the object's results in the response. This name + // must be unique among all MetricDataQuery objects specified for a single scaling + // policy. If you are performing math expressions on this set of data, this + // name represents that data and can serve as a variable in the mathematical + // expression. The valid characters are letters, numbers, and underscores. The + // first character must be a lowercase letter. + // + // Id is a required field + Id *string `min:"1" type:"string" required:"true"` + + // A human-readable label for this metric or expression. This is especially + // useful if this is a math expression, so that you know what the value represents. + Label *string `type:"string"` + + // Information about the metric data to return. + // + // Conditional: Within each MetricDataQuery object, you must specify either + // Expression or MetricStat, but not both. + MetricStat *TargetTrackingMetricStat `type:"structure"` + + // Indicates whether to return the timestamps and raw data values of this metric. + // + // If you use any math expressions, specify true for this value for only the + // final math expression that the metric specification is based on. You must + // specify false for ReturnData for all the other metrics and expressions used + // in the metric specification. + // + // If you are only retrieving metrics and not performing any math expressions, + // do not specify anything for ReturnData. This sets it to its default (true). + ReturnData *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetricDataQuery) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetricDataQuery) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TargetTrackingMetricDataQuery) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TargetTrackingMetricDataQuery"} + if s.Expression != nil && len(*s.Expression) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Expression", 1)) + } + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + if s.MetricStat != nil { + if err := s.MetricStat.Validate(); err != nil { + invalidParams.AddNested("MetricStat", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetExpression sets the Expression field's value. +func (s *TargetTrackingMetricDataQuery) SetExpression(v string) *TargetTrackingMetricDataQuery { + s.Expression = &v + return s +} + +// SetId sets the Id field's value. +func (s *TargetTrackingMetricDataQuery) SetId(v string) *TargetTrackingMetricDataQuery { + s.Id = &v + return s +} + +// SetLabel sets the Label field's value. +func (s *TargetTrackingMetricDataQuery) SetLabel(v string) *TargetTrackingMetricDataQuery { + s.Label = &v + return s +} + +// SetMetricStat sets the MetricStat field's value. +func (s *TargetTrackingMetricDataQuery) SetMetricStat(v *TargetTrackingMetricStat) *TargetTrackingMetricDataQuery { + s.MetricStat = v + return s +} + +// SetReturnData sets the ReturnData field's value. +func (s *TargetTrackingMetricDataQuery) SetReturnData(v bool) *TargetTrackingMetricDataQuery { + s.ReturnData = &v + return s +} + +// Describes the dimension of a metric. +type TargetTrackingMetricDimension struct { + _ struct{} `type:"structure"` + + // The name of the dimension. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` + + // The value of the dimension. + // + // Value is a required field + Value *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetricDimension) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetricDimension) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TargetTrackingMetricDimension) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TargetTrackingMetricDimension"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.Value == nil { + invalidParams.Add(request.NewErrParamRequired("Value")) + } + if s.Value != nil && len(*s.Value) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Value", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *TargetTrackingMetricDimension) SetName(v string) *TargetTrackingMetricDimension { + s.Name = &v + return s +} + +// SetValue sets the Value field's value. +func (s *TargetTrackingMetricDimension) SetValue(v string) *TargetTrackingMetricDimension { + s.Value = &v + return s +} + +// This structure defines the CloudWatch metric to return, along with the statistic, +// period, and unit. +// +// For more information about the CloudWatch terminology below, see Amazon CloudWatch +// concepts (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) +// in the Amazon CloudWatch User Guide. +type TargetTrackingMetricStat struct { + _ struct{} `type:"structure"` + + // The CloudWatch metric to return, including the metric name, namespace, and + // dimensions. To get the exact metric name, namespace, and dimensions, inspect + // the Metric (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) + // object that is returned by a call to ListMetrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html). + // + // Metric is a required field + Metric *TargetTrackingMetric `type:"structure" required:"true"` + + // The statistic to return. It can include any CloudWatch statistic or extended + // statistic. For a list of valid values, see the table in Statistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) + // in the Amazon CloudWatch User Guide. + // + // The most commonly used metrics for scaling is Average + // + // Stat is a required field + Stat *string `type:"string" required:"true"` + + // The unit to use for the returned data points. For a complete list of the + // units that CloudWatch supports, see the MetricDatum (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) + // data type in the Amazon CloudWatch API Reference. + Unit *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetricStat) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetTrackingMetricStat) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TargetTrackingMetricStat) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TargetTrackingMetricStat"} + if s.Metric == nil { + invalidParams.Add(request.NewErrParamRequired("Metric")) + } + if s.Stat == nil { + invalidParams.Add(request.NewErrParamRequired("Stat")) + } + if s.Unit != nil && len(*s.Unit) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Unit", 1)) + } + if s.Metric != nil { + if err := s.Metric.Validate(); err != nil { + invalidParams.AddNested("Metric", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMetric sets the Metric field's value. +func (s *TargetTrackingMetricStat) SetMetric(v *TargetTrackingMetric) *TargetTrackingMetricStat { + s.Metric = v + return s +} + +// SetStat sets the Stat field's value. +func (s *TargetTrackingMetricStat) SetStat(v string) *TargetTrackingMetricStat { + s.Stat = &v + return s +} + +// SetUnit sets the Unit field's value. +func (s *TargetTrackingMetricStat) SetUnit(v string) *TargetTrackingMetricStat { + s.Unit = &v + return s +} + // Represents a target tracking scaling policy configuration to use with Application // Auto Scaling. type TargetTrackingScalingPolicyConfiguration struct { diff --git a/service/applicationautoscaling/doc.go b/service/applicationautoscaling/doc.go index 644d330d00..51caf93cb7 100644 --- a/service/applicationautoscaling/doc.go +++ b/service/applicationautoscaling/doc.go @@ -34,6 +34,9 @@ // // - Custom resources provided by your own applications or services // +// To learn more about Application Auto Scaling, see the Application Auto Scaling +// User Guide (https://docs.aws.amazon.com/autoscaling/application/userguide/what-is-application-auto-scaling.html). +// // # API Summary // // The Application Auto Scaling service API includes three key sets of actions: @@ -55,10 +58,6 @@ // are triggered by a scaling policy, scale-in activities that are triggered // by a scaling policy, and scheduled scaling. // -// To learn more about Application Auto Scaling, including information about -// granting IAM users required permissions for Application Auto Scaling actions, -// see the Application Auto Scaling User Guide (https://docs.aws.amazon.com/autoscaling/application/userguide/what-is-application-auto-scaling.html). -// // See https://docs.aws.amazon.com/goto/WebAPI/application-autoscaling-2016-02-06 for more information on this service. // // See applicationautoscaling package documentation for more information. diff --git a/service/dataexchange/api.go b/service/dataexchange/api.go index 164fae35f7..5e076736af 100644 --- a/service/dataexchange/api.go +++ b/service/dataexchange/api.go @@ -7983,6 +7983,60 @@ func (s *JobError) SetResourceType(v string) *JobError { return s } +// The Amazon Resource Name (ARN) of the AWS KMS key used to encrypt the shared +// S3 objects. +type KmsKeyToGrant struct { + _ struct{} `type:"structure"` + + // The AWS KMS CMK (Key Management System Customer Managed Key) used to encrypt + // S3 objects in the shared S3 Bucket. AWS Data exchange will create a KMS grant + // for each subscriber to allow them to access and decrypt their entitled data + // that is encrypted using this KMS key specified. + // + // KmsKeyArn is a required field + KmsKeyArn *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsKeyToGrant) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsKeyToGrant) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *KmsKeyToGrant) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "KmsKeyToGrant"} + if s.KmsKeyArn == nil { + invalidParams.Add(request.NewErrParamRequired("KmsKeyArn")) + } + if s.KmsKeyArn != nil && len(*s.KmsKeyArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KmsKeyArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKmsKeyArn sets the KmsKeyArn field's value. +func (s *KmsKeyToGrant) SetKmsKeyArn(v string) *KmsKeyToGrant { + s.KmsKeyArn = &v + return s +} + // Details about the AWS Lake Formation resource (Table or Database) included // in the AWS Lake Formation data permission. type LFResourceDetails struct { @@ -9823,6 +9877,11 @@ type S3DataAccessAsset struct { // S3 keys made available using this asset. Keys []*string `type:"list"` + // List of AWS KMS CMKs (Key Management System Customer Managed Keys) and ARNs + // used to encrypt S3 objects being shared in this S3 Data Access asset. Providers + // must include all AWS KMS keys used to encrypt these shared S3 objects. + KmsKeysToGrant []*KmsKeyToGrant `min:"1" type:"list"` + // The automatically-generated bucket-style alias for your Amazon S3 Access // Point. Customers can access their entitled data using the S3 Access Point // alias. @@ -9869,6 +9928,12 @@ func (s *S3DataAccessAsset) SetKeys(v []*string) *S3DataAccessAsset { return s } +// SetKmsKeysToGrant sets the KmsKeysToGrant field's value. +func (s *S3DataAccessAsset) SetKmsKeysToGrant(v []*KmsKeyToGrant) *S3DataAccessAsset { + s.KmsKeysToGrant = v + return s +} + // SetS3AccessPointAlias sets the S3AccessPointAlias field's value. func (s *S3DataAccessAsset) SetS3AccessPointAlias(v string) *S3DataAccessAsset { s.S3AccessPointAlias = &v @@ -9895,6 +9960,10 @@ type S3DataAccessAssetSourceEntry struct { // The keys used to create the Amazon S3 data access. Keys []*string `type:"list"` + + // List of AWS KMS CMKs (Key Management System Customer Managed Keys) and ARNs + // used to encrypt S3 objects being shared in this S3 Data Access asset. + KmsKeysToGrant []*KmsKeyToGrant `min:"1" type:"list"` } // String returns the string representation. @@ -9921,6 +9990,19 @@ func (s *S3DataAccessAssetSourceEntry) Validate() error { if s.Bucket == nil { invalidParams.Add(request.NewErrParamRequired("Bucket")) } + if s.KmsKeysToGrant != nil && len(s.KmsKeysToGrant) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KmsKeysToGrant", 1)) + } + if s.KmsKeysToGrant != nil { + for i, v := range s.KmsKeysToGrant { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "KmsKeysToGrant", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -9946,6 +10028,12 @@ func (s *S3DataAccessAssetSourceEntry) SetKeys(v []*string) *S3DataAccessAssetSo return s } +// SetKmsKeysToGrant sets the KmsKeysToGrant field's value. +func (s *S3DataAccessAssetSourceEntry) SetKmsKeysToGrant(v []*KmsKeyToGrant) *S3DataAccessAssetSourceEntry { + s.KmsKeysToGrant = v + return s +} + // The Amazon S3 object that is the asset. type S3SnapshotAsset struct { _ struct{} `type:"structure"` diff --git a/service/directconnect/api.go b/service/directconnect/api.go index 4f1171c611..f22adf1aa6 100644 --- a/service/directconnect/api.go +++ b/service/directconnect/api.go @@ -1439,6 +1439,13 @@ func (c *DirectConnect) CreateBGPPeerRequest(input *CreateBGPPeerInput) (req *re // IPv6 addresses are automatically assigned from the Amazon pool of IPv6 addresses; // you cannot specify custom IPv6 addresses. // +// If you let Amazon Web Services auto-assign IPv4 addresses, a /30 CIDR will +// be allocated from 169.254.0.0/16. Amazon Web Services does not recommend +// this option if you intend to use the customer router peer IP address as the +// source and destination for traffic. Instead you should use RFC 1918 or other +// addressing, and specify the address yourself. For more information about +// RFC 1918 see Address Allocation for Private Internets (https://datatracker.ietf.org/doc/html/rfc1918). +// // For a public virtual interface, the Autonomous System Number (ASN) must be // private or already on the allow list for the virtual interface. // @@ -2310,6 +2317,7 @@ func (c *DirectConnect) CreateTransitVirtualInterfaceRequest(input *CreateTransi // 64512 for both your the transit gateway and Direct Connect gateway, the association // request fails. // +// A jumbo MTU value must be either 1500 or 8500. No other values will be accepted. // Setting the MTU of a virtual interface to 8500 (jumbo frames) can cause an // update to the underlying physical connection if it wasn't updated to support // jumbo frames. Updating the connection disrupts network connectivity for all @@ -11040,6 +11048,10 @@ type GatewayAssociation struct { // * disassociated: The virtual private gateway or transit gateway is disassociated // from the Direct Connect gateway. Traffic flow between the Direct Connect // gateway and virtual private gateway or transit gateway is stopped. + // + // * updating: The CIDR blocks for the virtual private gateway or transit + // gateway are currently being updated. This could be new CIDR blocks added + // or current CIDR blocks removed. AssociationState *string `locationName:"associationState" type:"string" enum:"GatewayAssociationState"` // The ID of the Direct Connect gateway. @@ -13260,7 +13272,7 @@ type StartBgpFailoverTestInput struct { // The time in minutes that the virtual interface failover test will last. // - // Maximum value: 180 minutes (3 hours). + // Maximum value: 4,320 minutes (72 hours). // // Default: 180 minutes (3 hours). TestDurationInMinutes *int64 `locationName:"testDurationInMinutes" type:"integer"` diff --git a/service/ec2/api.go b/service/ec2/api.go index 9dfe4a86c8..10a883bf17 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -111781,6 +111781,9 @@ type DnsOptions struct { // The DNS records created for the endpoint. DnsRecordIpType *string `locationName:"dnsRecordIpType" type:"string" enum:"DnsRecordIpType"` + + // Indicates whether to enable private DNS only for inbound endpoints. + PrivateDnsOnlyForInboundResolverEndpoint *bool `locationName:"privateDnsOnlyForInboundResolverEndpoint" type:"boolean"` } // String returns the string representation. @@ -111807,12 +111810,24 @@ func (s *DnsOptions) SetDnsRecordIpType(v string) *DnsOptions { return s } +// SetPrivateDnsOnlyForInboundResolverEndpoint sets the PrivateDnsOnlyForInboundResolverEndpoint field's value. +func (s *DnsOptions) SetPrivateDnsOnlyForInboundResolverEndpoint(v bool) *DnsOptions { + s.PrivateDnsOnlyForInboundResolverEndpoint = &v + return s +} + // Describes the DNS options for an endpoint. type DnsOptionsSpecification struct { _ struct{} `type:"structure"` // The DNS records created for the endpoint. DnsRecordIpType *string `type:"string" enum:"DnsRecordIpType"` + + // Indicates whether to enable private DNS only for inbound endpoints. This + // option is available only for services that support both gateway and interface + // endpoints. It routes traffic that originates from the VPC to the gateway + // endpoint and traffic that originates from on-premises to the interface endpoint. + PrivateDnsOnlyForInboundResolverEndpoint *bool `type:"boolean"` } // String returns the string representation. @@ -111839,6 +111854,12 @@ func (s *DnsOptionsSpecification) SetDnsRecordIpType(v string) *DnsOptionsSpecif return s } +// SetPrivateDnsOnlyForInboundResolverEndpoint sets the PrivateDnsOnlyForInboundResolverEndpoint field's value. +func (s *DnsOptionsSpecification) SetPrivateDnsOnlyForInboundResolverEndpoint(v bool) *DnsOptionsSpecification { + s.PrivateDnsOnlyForInboundResolverEndpoint = &v + return s +} + // Information about the DNS server to be used. type DnsServersOptionsModifyStructure struct { _ struct{} `type:"structure"` diff --git a/service/iam/api.go b/service/iam/api.go index 04a2b6d7df..5a657f4c7c 100644 --- a/service/iam/api.go +++ b/service/iam/api.go @@ -1340,6 +1340,8 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // - A list of client IDs (also known as audiences) that identify the application // or applications allowed to authenticate using the OIDC provider // +// - A list of tags that are attached to the specified IAM OIDC provider +// // - A list of thumbprints of one or more server certificates that the IdP // uses // @@ -6773,7 +6775,7 @@ func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessR // permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. // -// For each service that principals in an account (root users, IAM users, or +// For each service that principals in an account (root user, IAM users, or // IAM roles) could access using SCPs, the operation returns details about the // most recent access attempt. If there was no attempt, the service is listed // without details about the most recent attempt to access the service. If the @@ -14323,10 +14325,10 @@ func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInp // Or search for all resources with the key name Cost Center and the value // 41200. // -// - Access control - Include tags in IAM user-based and resource-based policies. -// You can use tags to restrict access to only an OIDC provider that has -// a specified tag attached. For examples of policies that show how to use -// tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) +// - Access control - Include tags in IAM identity-based and resource-based +// policies. You can use tags to restrict access to only an OIDC provider +// that has a specified tag attached. For examples of policies that show +// how to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum @@ -14968,13 +14970,13 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // Or search for all resources with the key name Cost Center and the value // 41200. // -// - Access control - Include tags in IAM user-based and resource-based policies. -// You can use tags to restrict access to only an IAM requesting user that -// has a specified tag attached. You can also restrict access to only those -// resources that have a certain tag attached. For examples of policies that -// show how to use tags to control access, see Control access using IAM tags -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in -// the IAM User Guide. +// - Access control - Include tags in IAM identity-based and resource-based +// policies. You can use tags to restrict access to only an IAM requesting +// user that has a specified tag attached. You can also restrict access to +// only those resources that have a certain tag attached. For examples of +// policies that show how to use tags to control access, see Control access +// using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) +// in the IAM User Guide. // // - Cost allocation - Use tags to help track which individuals and teams // are using which Amazon Web Services resources. @@ -17604,7 +17606,7 @@ type AccessDetail struct { // from which an authenticated principal last attempted to access the service. // Amazon Web Services does not report unauthenticated requests. // - // This field is null if no principals (IAM users, IAM roles, or root users) + // This field is null if no principals (IAM users, IAM roles, or root user) // in the reported Organizations entity attempted to access the service within // the tracking period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). EntityPath *string `min:"19" type:"string"` @@ -17641,7 +17643,7 @@ type AccessDetail struct { // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` - // The number of accounts with authenticated principals (root users, IAM users, + // The number of accounts with authenticated principals (root user, IAM users, // and IAM roles) that attempted to access the service in the tracking period. TotalAuthenticatedEntities *int64 `type:"integer"` } @@ -19368,7 +19370,7 @@ type CreateOpenIDConnectProviderInput struct { // // For more information about obtaining the OIDC provider thumbprint, see Obtaining // the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html) - // in the IAM User Guide. + // in the IAM user Guide. // // ThumbprintList is a required field ThumbprintList []*string `type:"list" required:"true"` @@ -19924,6 +19926,10 @@ type CreateRoleInput struct { // Names are not distinguished by case. For example, you cannot create resources // named both "MyResource" and "myresource". // + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- + // // RoleName is a required field RoleName *string `min:"1" type:"string" required:"true"` @@ -20626,8 +20632,8 @@ type CreateVirtualMFADeviceInput struct { // of tags, then the entire request fails and the resource is not created. Tags []*Tag `type:"list"` - // The name of the virtual MFA device. Use with path to uniquely identify a - // virtual MFA device. + // The name of the virtual MFA device, which must be unique. Use with path to + // uniquely identify a virtual MFA device. // // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) // a string of characters consisting of upper and lowercase alphanumeric characters @@ -34270,7 +34276,7 @@ type Role struct { // if your Region began supporting these features within the last year. The // role might have been used more than 400 days ago. For more information, see // Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) - // in the IAM User Guide. + // in the IAM user Guide. RoleLastUsed *RoleLastUsed `type:"structure"` // The friendly name that identifies the role. @@ -34531,7 +34537,7 @@ func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail { // if your Region began supporting these features within the last year. The // role might have been used more than 400 days ago. For more information, see // Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) -// in the IAM User Guide. +// in the IAM user Guide. // // This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails // operations. diff --git a/service/keyspaces/api.go b/service/keyspaces/api.go index 0ffb3e9354..db7fec5398 100644 --- a/service/keyspaces/api.go +++ b/service/keyspaces/api.go @@ -1149,13 +1149,13 @@ func (c *Keyspaces) RestoreTableRequest(input *RestoreTableInput) (req *request. // // You can also overwrite these settings during restore: // -// • Read/write capacity mode +// - Read/write capacity mode // -// • Provisioned throughput capacity settings +// - Provisioned throughput capacity settings // -// • Point-in-time (PITR) settings +// - Point-in-time (PITR) settings // -// • Tags +// - Tags // // For more information, see PITR restore settings (https://docs.aws.amazon.com/keyspaces/latest/devguide/PointInTimeRecovery_HowItWorks.html#howitworks_backup_settings) // in the Amazon Keyspaces Developer Guide. @@ -1163,12 +1163,12 @@ func (c *Keyspaces) RestoreTableRequest(input *RestoreTableInput) (req *request. // Note that the following settings are not restored, and you must configure // them manually for the new table: // -// • Automatic scaling policies (for tables that use provisioned capacity -// mode) +// - Automatic scaling policies (for tables that use provisioned capacity +// mode) // -// • Identity and Access Management (IAM) policies +// - Identity and Access Management (IAM) policies // -// • Amazon CloudWatch metrics and alarms +// - Amazon CloudWatch metrics and alarms // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1600,9 +1600,9 @@ func (s *AccessDeniedException) RequestID() string { // Amazon Keyspaces has two read/write capacity modes for processing reads and // writes on your tables: // -// • On-demand (default) +// - On-demand (default) // -// • Provisioned +// - Provisioned // // The read/write capacity mode that you choose controls how you are charged // for read and write throughput and how table throughput capacity is managed. @@ -1618,10 +1618,10 @@ type CapacitySpecification struct { // The read/write throughput capacity mode for a table. The options are: // - // • throughputMode:PAY_PER_REQUEST and + // * throughputMode:PAY_PER_REQUEST and // - // • throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits - // and writeCapacityUnits as input. + // * throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits + // and writeCapacityUnits as input. // // The default is throughput_mode:PAY_PER_REQUEST. // @@ -1693,9 +1693,9 @@ func (s *CapacitySpecification) SetWriteCapacityUnits(v int64) *CapacitySpecific // The read/write throughput capacity mode for a table. The options are: // -// • throughputMode:PAY_PER_REQUEST and +// - throughputMode:PAY_PER_REQUEST and // -// • throughputMode:PROVISIONED. +// - throughputMode:PROVISIONED. // // For more information, see Read/write capacity modes (https://docs.aws.amazon.com/keyspaces/latest/devguide/ReadWriteCapacityMode.html) // in the Amazon Keyspaces Developer Guide. @@ -1712,10 +1712,10 @@ type CapacitySpecificationSummary struct { // The read/write throughput capacity mode for a table. The options are: // - // • throughputMode:PAY_PER_REQUEST and + // * throughputMode:PAY_PER_REQUEST and // - // • throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits - // and writeCapacityUnits as input. + // * throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits + // and writeCapacityUnits as input. // // The default is throughput_mode:PAY_PER_REQUEST. // @@ -1772,6 +1772,57 @@ func (s *CapacitySpecificationSummary) SetWriteCapacityUnits(v int64) *CapacityS return s } +// The client-side timestamp setting of the table. +// +// For more information, see How it works: Amazon Keyspaces client-side timestamps +// (https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps-how-it-works.html) +// in the Amazon Keyspaces Developer Guide. +type ClientSideTimestamps struct { + _ struct{} `type:"structure"` + + // Shows how to enable client-side timestamps settings for the specified table. + // + // Status is a required field + Status *string `locationName:"status" type:"string" required:"true" enum:"ClientSideTimestampsStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ClientSideTimestamps) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ClientSideTimestamps) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ClientSideTimestamps) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ClientSideTimestamps"} + if s.Status == nil { + invalidParams.Add(request.NewErrParamRequired("Status")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetStatus sets the Status field's value. +func (s *ClientSideTimestamps) SetStatus(v string) *ClientSideTimestamps { + s.Status = &v + return s +} + // The optional clustering column portion of your primary key determines how // the data is clustered and sorted within each partition. type ClusteringKey struct { @@ -2125,10 +2176,10 @@ type CreateTableInput struct { // Specifies the read/write throughput capacity mode for the table. The options // are: // - // • throughputMode:PAY_PER_REQUEST and + // * throughputMode:PAY_PER_REQUEST and // - // • throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits - // and writeCapacityUnits as input. + // * throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits + // and writeCapacityUnits as input. // // The default is throughput_mode:PAY_PER_REQUEST. // @@ -2136,6 +2187,15 @@ type CreateTableInput struct { // in the Amazon Keyspaces Developer Guide. CapacitySpecification *CapacitySpecification `locationName:"capacitySpecification" type:"structure"` + // Enables client-side timestamps for the table. By default, the setting is + // disabled. You can enable client-side timestamps with the following option: + // + // * status: "enabled" + // + // Once client-side timestamps are enabled for a table, this setting cannot + // be disabled. + ClientSideTimestamps *ClientSideTimestamps `locationName:"clientSideTimestamps" type:"structure"` + // This parameter allows to enter a description of the table. Comment *Comment `locationName:"comment" type:"structure"` @@ -2148,11 +2208,11 @@ type CreateTableInput struct { // Specifies how the encryption key for encryption at rest is managed for the // table. You can choose one of the following KMS key (KMS key): // - // • type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. + // * type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. // - // • type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and - // is created, owned, and managed by you. This option requires the kms_key_identifier - // of the KMS key in Amazon Resource Name (ARN) format as input. + // * type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and + // is created, owned, and managed by you. This option requires the kms_key_identifier + // of the KMS key in Amazon Resource Name (ARN) format as input. // // The default is type:AWS_OWNED_KMS_KEY. // @@ -2168,11 +2228,11 @@ type CreateTableInput struct { // Specifies if pointInTimeRecovery is enabled or disabled for the table. The // options are: // - // • ENABLED + // * status=ENABLED // - // • DISABLED + // * status=DISABLED // - // If it's not specified, the default is DISABLED. + // If it's not specified, the default is status=DISABLED. // // For more information, see Point-in-time recovery (https://docs.aws.amazon.com/keyspaces/latest/devguide/PointInTimeRecovery.html) // in the Amazon Keyspaces Developer Guide. @@ -2182,34 +2242,33 @@ type CreateTableInput struct { // // For each column to be created: // - // • name - The name of the column. + // * name - The name of the column. // - // • type - An Amazon Keyspaces data type. For more information, see Data - // types (https://docs.aws.amazon.com/keyspaces/latest/devguide/cql.elements.html#cql.data-types) - // in the Amazon Keyspaces Developer Guide. + // * type - An Amazon Keyspaces data type. For more information, see Data + // types (https://docs.aws.amazon.com/keyspaces/latest/devguide/cql.elements.html#cql.data-types) + // in the Amazon Keyspaces Developer Guide. // // The primary key of the table consists of the following columns: // - // • partitionKeys - The partition key can be a single column, or it can be - // a compound value composed of two or more columns. The partition key portion - // of the primary key is required and determines how Amazon Keyspaces stores - // your data. + // * partitionKeys - The partition key can be a single column, or it can + // be a compound value composed of two or more columns. The partition key + // portion of the primary key is required and determines how Amazon Keyspaces + // stores your data. // - // • name - The name of each partition key column. + // * name - The name of each partition key column. // - // • clusteringKeys - The optional clustering column portion of your primary - // key determines how the data is clustered and sorted within each partition. + // * clusteringKeys - The optional clustering column portion of your primary + // key determines how the data is clustered and sorted within each partition. // - // • name - The name of the clustering column. + // * name - The name of the clustering column. // - // • orderBy - Sets the ascendant (ASC) or descendant (DESC) order modifier. + // * orderBy - Sets the ascendant (ASC) or descendant (DESC) order modifier. + // To define a column as static use staticColumns - Static columns store + // values that are shared by all rows in the same partition: // - // To define a column as static use staticColumns - Static columns store values - // that are shared by all rows in the same partition: + // * name - The name of the column. // - // • name - The name of the column. - // - // • type - An Amazon Keyspaces data type. + // * type - An Amazon Keyspaces data type. // // SchemaDefinition is a required field SchemaDefinition *SchemaDefinition `locationName:"schemaDefinition" type:"structure" required:"true"` @@ -2228,9 +2287,9 @@ type CreateTableInput struct { // Enables Time to Live custom settings for the table. The options are: // - // • status:enabled + // * status:enabled // - // • status:disabled + // * status:disabled // // The default is status:disabled. After ttl is enabled, you can't disable it // for the table. @@ -2288,6 +2347,11 @@ func (s *CreateTableInput) Validate() error { invalidParams.AddNested("CapacitySpecification", err.(request.ErrInvalidParams)) } } + if s.ClientSideTimestamps != nil { + if err := s.ClientSideTimestamps.Validate(); err != nil { + invalidParams.AddNested("ClientSideTimestamps", err.(request.ErrInvalidParams)) + } + } if s.Comment != nil { if err := s.Comment.Validate(); err != nil { invalidParams.AddNested("Comment", err.(request.ErrInvalidParams)) @@ -2336,6 +2400,12 @@ func (s *CreateTableInput) SetCapacitySpecification(v *CapacitySpecification) *C return s } +// SetClientSideTimestamps sets the ClientSideTimestamps field's value. +func (s *CreateTableInput) SetClientSideTimestamps(v *ClientSideTimestamps) *CreateTableInput { + s.ClientSideTimestamps = v + return s +} + // SetComment sets the Comment field's value. func (s *CreateTableInput) SetComment(v *Comment) *CreateTableInput { s.Comment = v @@ -2587,12 +2657,12 @@ func (s DeleteTableOutput) GoString() string { // and integrates with Key Management Service for storing and managing the encryption // key. You can choose one of the following KMS keys (KMS keys): // -// • Amazon Web Services owned key - This is the default encryption type. -// The key is owned by Amazon Keyspaces (no additional charge). +// - Amazon Web Services owned key - This is the default encryption type. +// The key is owned by Amazon Keyspaces (no additional charge). // -// • Customer managed key - This key is stored in your account and is created, -// owned, and managed by you. You have full control over the customer managed -// key (KMS charges apply). +// - Customer managed key - This key is stored in your account and is created, +// owned, and managed by you. You have full control over the customer managed +// key (KMS charges apply). // // For more information about encryption at rest in Amazon Keyspaces, see Encryption // at rest (https://docs.aws.amazon.com/keyspaces/latest/devguide/EncryptionAtRest.html) @@ -2610,11 +2680,11 @@ type EncryptionSpecification struct { // The encryption option specified for the table. You can choose one of the // following KMS keys (KMS keys): // - // • type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. + // * type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. // - // • type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and - // is created, owned, and managed by you. This option requires the kms_key_identifier - // of the KMS key in Amazon Resource Name (ARN) format as input. + // * type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and + // is created, owned, and managed by you. This option requires the kms_key_identifier + // of the KMS key in Amazon Resource Name (ARN) format as input. // // The default is type:AWS_OWNED_KMS_KEY. // @@ -2835,18 +2905,21 @@ type GetTableOutput struct { // The read/write throughput capacity mode for a table. The options are: // - // • throughputMode:PAY_PER_REQUEST + // * throughputMode:PAY_PER_REQUEST // - // • throughputMode:PROVISIONED + // * throughputMode:PROVISIONED CapacitySpecification *CapacitySpecificationSummary `locationName:"capacitySpecification" type:"structure"` + // The client-side timestamps setting of the table. + ClientSideTimestamps *ClientSideTimestamps `locationName:"clientSideTimestamps" type:"structure"` + // The the description of the specified table. Comment *Comment `locationName:"comment" type:"structure"` // The creation timestamp of the specified table. CreationTimestamp *time.Time `locationName:"creationTimestamp" type:"timestamp"` - // The default Time to Live settings of the specified table. + // The default Time to Live settings in seconds of the specified table. DefaultTimeToLive *int64 `locationName:"defaultTimeToLive" min:"1" type:"integer"` // The encryption settings of the specified table. @@ -2904,6 +2977,12 @@ func (s *GetTableOutput) SetCapacitySpecification(v *CapacitySpecificationSummar return s } +// SetClientSideTimestamps sets the ClientSideTimestamps field's value. +func (s *GetTableOutput) SetClientSideTimestamps(v *ClientSideTimestamps) *GetTableOutput { + s.ClientSideTimestamps = v + return s +} + // SetComment sets the Comment field's value. func (s *GetTableOutput) SetComment(v *Comment) *GetTableOutput { s.Comment = v @@ -3480,9 +3559,9 @@ type PointInTimeRecovery struct { // The options are: // - // • ENABLED + // * status=ENABLED // - // • DISABLED + // * status=DISABLED // // Status is a required field Status *string `locationName:"status" type:"string" required:"true" enum:"PointInTimeRecoveryStatus"` @@ -3644,10 +3723,10 @@ type RestoreTableInput struct { // Specifies the read/write throughput capacity mode for the target table. The // options are: // - // • throughputMode:PAY_PER_REQUEST + // * throughputMode:PAY_PER_REQUEST // - // • throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits - // and writeCapacityUnits as input. + // * throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits + // and writeCapacityUnits as input. // // The default is throughput_mode:PAY_PER_REQUEST. // @@ -3658,11 +3737,11 @@ type RestoreTableInput struct { // Specifies the encryption settings for the target table. You can choose one // of the following KMS key (KMS key): // - // • type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. + // * type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. // - // • type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and - // is created, owned, and managed by you. This option requires the kms_key_identifier - // of the KMS key in Amazon Resource Name (ARN) format as input. + // * type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and + // is created, owned, and managed by you. This option requires the kms_key_identifier + // of the KMS key in Amazon Resource Name (ARN) format as input. // // The default is type:AWS_OWNED_KMS_KEY. // @@ -3673,11 +3752,11 @@ type RestoreTableInput struct { // Specifies the pointInTimeRecovery settings for the target table. The options // are: // - // • ENABLED + // * status=ENABLED // - // • DISABLED + // * status=DISABLED // - // If it's not specified, the default is DISABLED. + // If it's not specified, the default is status=DISABLED. // // For more information, see Point-in-time recovery (https://docs.aws.amazon.com/keyspaces/latest/devguide/PointInTimeRecovery.html) // in the Amazon Keyspaces Developer Guide. @@ -4514,20 +4593,20 @@ type UpdateTableInput struct { // For each column to be added to the specified table: // - // • name - The name of the column. + // * name - The name of the column. // - // • type - An Amazon Keyspaces data type. For more information, see Data - // types (https://docs.aws.amazon.com/keyspaces/latest/devguide/cql.elements.html#cql.data-types) - // in the Amazon Keyspaces Developer Guide. + // * type - An Amazon Keyspaces data type. For more information, see Data + // types (https://docs.aws.amazon.com/keyspaces/latest/devguide/cql.elements.html#cql.data-types) + // in the Amazon Keyspaces Developer Guide. AddColumns []*ColumnDefinition `locationName:"addColumns" min:"1" type:"list"` // Modifies the read/write throughput capacity mode for the table. The options // are: // - // • throughputMode:PAY_PER_REQUEST and + // * throughputMode:PAY_PER_REQUEST and // - // • throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits - // and writeCapacityUnits as input. + // * throughputMode:PROVISIONED - Provisioned capacity mode requires readCapacityUnits + // and writeCapacityUnits as input. // // The default is throughput_mode:PAY_PER_REQUEST. // @@ -4535,6 +4614,15 @@ type UpdateTableInput struct { // in the Amazon Keyspaces Developer Guide. CapacitySpecification *CapacitySpecification `locationName:"capacitySpecification" type:"structure"` + // Enables client-side timestamps for the table. By default, the setting is + // disabled. You can enable client-side timestamps with the following option: + // + // * status: "enabled" + // + // Once client-side timestamps are enabled for a table, this setting cannot + // be disabled. + ClientSideTimestamps *ClientSideTimestamps `locationName:"clientSideTimestamps" type:"structure"` + // The default Time to Live setting in seconds for the table. // // For more information, see Setting the default TTL value for a table (https://docs.aws.amazon.com/keyspaces/latest/devguide/TTL-how-it-works.html#ttl-howitworks_default_ttl) @@ -4544,11 +4632,11 @@ type UpdateTableInput struct { // Modifies the encryption settings of the table. You can choose one of the // following KMS key (KMS key): // - // • type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. + // * type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces. // - // • type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and - // is created, owned, and managed by you. This option requires the kms_key_identifier - // of the KMS key in Amazon Resource Name (ARN) format as input. + // * type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and + // is created, owned, and managed by you. This option requires the kms_key_identifier + // of the KMS key in Amazon Resource Name (ARN) format as input. // // The default is AWS_OWNED_KMS_KEY. // @@ -4563,11 +4651,11 @@ type UpdateTableInput struct { // Modifies the pointInTimeRecovery settings of the table. The options are: // - // • ENABLED + // * status=ENABLED // - // • DISABLED + // * status=DISABLED // - // If it's not specified, the default is DISABLED. + // If it's not specified, the default is status=DISABLED. // // For more information, see Point-in-time recovery (https://docs.aws.amazon.com/keyspaces/latest/devguide/PointInTimeRecovery.html) // in the Amazon Keyspaces Developer Guide. @@ -4580,9 +4668,9 @@ type UpdateTableInput struct { // Modifies Time to Live custom settings for the table. The options are: // - // • status:enabled + // * status:enabled // - // • status:disabled + // * status:disabled // // The default is status:disabled. After ttl is enabled, you can't disable it // for the table. @@ -4647,6 +4735,11 @@ func (s *UpdateTableInput) Validate() error { invalidParams.AddNested("CapacitySpecification", err.(request.ErrInvalidParams)) } } + if s.ClientSideTimestamps != nil { + if err := s.ClientSideTimestamps.Validate(); err != nil { + invalidParams.AddNested("ClientSideTimestamps", err.(request.ErrInvalidParams)) + } + } if s.EncryptionSpecification != nil { if err := s.EncryptionSpecification.Validate(); err != nil { invalidParams.AddNested("EncryptionSpecification", err.(request.ErrInvalidParams)) @@ -4681,6 +4774,12 @@ func (s *UpdateTableInput) SetCapacitySpecification(v *CapacitySpecification) *U return s } +// SetClientSideTimestamps sets the ClientSideTimestamps field's value. +func (s *UpdateTableInput) SetClientSideTimestamps(v *ClientSideTimestamps) *UpdateTableInput { + s.ClientSideTimestamps = v + return s +} + // SetDefaultTimeToLive sets the DefaultTimeToLive field's value. func (s *UpdateTableInput) SetDefaultTimeToLive(v int64) *UpdateTableInput { s.DefaultTimeToLive = &v @@ -4814,6 +4913,18 @@ func (s *ValidationException) RequestID() string { return s.RespMetadata.RequestID } +const ( + // ClientSideTimestampsStatusEnabled is a ClientSideTimestampsStatus enum value + ClientSideTimestampsStatusEnabled = "ENABLED" +) + +// ClientSideTimestampsStatus_Values returns all elements of the ClientSideTimestampsStatus enum +func ClientSideTimestampsStatus_Values() []string { + return []string{ + ClientSideTimestampsStatusEnabled, + } +} + const ( // EncryptionTypeCustomerManagedKmsKey is a EncryptionType enum value EncryptionTypeCustomerManagedKmsKey = "CUSTOMER_MANAGED_KMS_KEY" diff --git a/service/keyspaces/doc.go b/service/keyspaces/doc.go index f1d494b424..229c243f1b 100644 --- a/service/keyspaces/doc.go +++ b/service/keyspaces/doc.go @@ -13,7 +13,9 @@ // In addition to supporting Cassandra Query Language (CQL) requests via open-source // Cassandra drivers, Amazon Keyspaces supports data definition language (DDL) // operations to manage keyspaces and tables using the Amazon Web Services SDK -// and CLI. This API reference describes the supported DDL operations in detail. +// and CLI, as well as infrastructure as code (IaC) services and tools such +// as CloudFormation and Terraform. This API reference describes the supported +// DDL operations in detail. // // For the list of all supported CQL APIs, see Supported Cassandra APIs, operations, // and data types in Amazon Keyspaces (https://docs.aws.amazon.com/keyspaces/latest/devguide/cassandra-apis.html)