diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e77ec918c..714f07def2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,21 @@
+Release v1.44.148 (2022-11-29)
+===
+
+### Service Client Updates
+* `service/ec2`: Updates service API, documentation, and paginators
+ * This release adds support for AWS Verified Access and the Hpc6id Amazon EC2 compute optimized instance type, which features 3rd generation Intel Xeon Scalable processors.
+ * This release adds support for AWS Verified Access and the Hpc6id Amazon EC2 compute optimized instance type, which features 3rd generation Intel Xeon Scalable processors.
+* `service/firehose`: Updates service API and documentation
+ * Allow support for the Serverless offering for Amazon OpenSearch Service as a Kinesis Data Firehose delivery destination.
+ * Allow support for the Serverless offering for Amazon OpenSearch Service as a Kinesis Data Firehose delivery destination.
+* `service/kms`: Updates service API, documentation, paginators, and examples
+ * AWS KMS introduces the External Key Store (XKS), a new feature for customers who want to protect their data with encryption keys stored in an external key management system under their control.
+ * AWS KMS introduces the External Key Store (XKS), a new feature for customers who want to protect their data with encryption keys stored in an external key management system under their control.
+* `service/omics`: Updates service API, documentation, waiters, paginators, and examples
+* `service/opensearchserverless`: Adds new service
+* `service/securitylake`: Adds new service
+* `service/simspaceweaver`: Adds new service
+
Release v1.44.147 (2022-11-29)
===
diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go
index 2fefde1908..0e53126722 100644
--- a/aws/endpoints/defaults.go
+++ b/aws/endpoints/defaults.go
@@ -22113,6 +22113,31 @@ var awsPartition = partition{
},
},
},
+ "securitylake": service{
+ Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "ap-northeast-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "ap-southeast-2",
+ }: endpoint{},
+ endpointKey{
+ Region: "eu-central-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "eu-west-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-east-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-east-2",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-west-2",
+ }: endpoint{},
+ },
+ },
"serverlessrepo": service{
Defaults: endpointDefaults{
defaultKey{}: endpoint{
@@ -22857,6 +22882,34 @@ var awsPartition = partition{
},
},
},
+ "simspaceweaver": service{
+ Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "ap-southeast-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "ap-southeast-2",
+ }: endpoint{},
+ endpointKey{
+ Region: "eu-central-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "eu-north-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "eu-west-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-east-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-east-2",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-west-2",
+ }: endpoint{},
+ },
+ },
"sms": service{
Endpoints: serviceEndpoints{
endpointKey{
diff --git a/aws/version.go b/aws/version.go
index 2417675c26..2ce8f1c53e 100644
--- a/aws/version.go
+++ b/aws/version.go
@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.44.147"
+const SDKVersion = "1.44.148"
diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json
index a23c89a997..faf3cd8b49 100755
--- a/models/apis/ec2/2016-11-15/api-2.json
+++ b/models/apis/ec2/2016-11-15/api-2.json
@@ -280,6 +280,15 @@
"input":{"shape":"AttachNetworkInterfaceRequest"},
"output":{"shape":"AttachNetworkInterfaceResult"}
},
+ "AttachVerifiedAccessTrustProvider":{
+ "name":"AttachVerifiedAccessTrustProvider",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"AttachVerifiedAccessTrustProviderRequest"},
+ "output":{"shape":"AttachVerifiedAccessTrustProviderResult"}
+ },
"AttachVolume":{
"name":"AttachVolume",
"http":{
@@ -1059,6 +1068,42 @@
"input":{"shape":"CreateTransitGatewayVpcAttachmentRequest"},
"output":{"shape":"CreateTransitGatewayVpcAttachmentResult"}
},
+ "CreateVerifiedAccessEndpoint":{
+ "name":"CreateVerifiedAccessEndpoint",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"CreateVerifiedAccessEndpointRequest"},
+ "output":{"shape":"CreateVerifiedAccessEndpointResult"}
+ },
+ "CreateVerifiedAccessGroup":{
+ "name":"CreateVerifiedAccessGroup",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"CreateVerifiedAccessGroupRequest"},
+ "output":{"shape":"CreateVerifiedAccessGroupResult"}
+ },
+ "CreateVerifiedAccessInstance":{
+ "name":"CreateVerifiedAccessInstance",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"CreateVerifiedAccessInstanceRequest"},
+ "output":{"shape":"CreateVerifiedAccessInstanceResult"}
+ },
+ "CreateVerifiedAccessTrustProvider":{
+ "name":"CreateVerifiedAccessTrustProvider",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"CreateVerifiedAccessTrustProviderRequest"},
+ "output":{"shape":"CreateVerifiedAccessTrustProviderResult"}
+ },
"CreateVolume":{
"name":"CreateVolume",
"http":{
@@ -1655,6 +1700,42 @@
"input":{"shape":"DeleteTransitGatewayVpcAttachmentRequest"},
"output":{"shape":"DeleteTransitGatewayVpcAttachmentResult"}
},
+ "DeleteVerifiedAccessEndpoint":{
+ "name":"DeleteVerifiedAccessEndpoint",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DeleteVerifiedAccessEndpointRequest"},
+ "output":{"shape":"DeleteVerifiedAccessEndpointResult"}
+ },
+ "DeleteVerifiedAccessGroup":{
+ "name":"DeleteVerifiedAccessGroup",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DeleteVerifiedAccessGroupRequest"},
+ "output":{"shape":"DeleteVerifiedAccessGroupResult"}
+ },
+ "DeleteVerifiedAccessInstance":{
+ "name":"DeleteVerifiedAccessInstance",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DeleteVerifiedAccessInstanceRequest"},
+ "output":{"shape":"DeleteVerifiedAccessInstanceResult"}
+ },
+ "DeleteVerifiedAccessTrustProvider":{
+ "name":"DeleteVerifiedAccessTrustProvider",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DeleteVerifiedAccessTrustProviderRequest"},
+ "output":{"shape":"DeleteVerifiedAccessTrustProviderResult"}
+ },
"DeleteVolume":{
"name":"DeleteVolume",
"http":{
@@ -2873,6 +2954,51 @@
"input":{"shape":"DescribeTrunkInterfaceAssociationsRequest"},
"output":{"shape":"DescribeTrunkInterfaceAssociationsResult"}
},
+ "DescribeVerifiedAccessEndpoints":{
+ "name":"DescribeVerifiedAccessEndpoints",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DescribeVerifiedAccessEndpointsRequest"},
+ "output":{"shape":"DescribeVerifiedAccessEndpointsResult"}
+ },
+ "DescribeVerifiedAccessGroups":{
+ "name":"DescribeVerifiedAccessGroups",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DescribeVerifiedAccessGroupsRequest"},
+ "output":{"shape":"DescribeVerifiedAccessGroupsResult"}
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurations":{
+ "name":"DescribeVerifiedAccessInstanceLoggingConfigurations",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DescribeVerifiedAccessInstanceLoggingConfigurationsRequest"},
+ "output":{"shape":"DescribeVerifiedAccessInstanceLoggingConfigurationsResult"}
+ },
+ "DescribeVerifiedAccessInstances":{
+ "name":"DescribeVerifiedAccessInstances",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DescribeVerifiedAccessInstancesRequest"},
+ "output":{"shape":"DescribeVerifiedAccessInstancesResult"}
+ },
+ "DescribeVerifiedAccessTrustProviders":{
+ "name":"DescribeVerifiedAccessTrustProviders",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DescribeVerifiedAccessTrustProvidersRequest"},
+ "output":{"shape":"DescribeVerifiedAccessTrustProvidersResult"}
+ },
"DescribeVolumeAttribute":{
"name":"DescribeVolumeAttribute",
"http":{
@@ -3051,6 +3177,15 @@
},
"input":{"shape":"DetachNetworkInterfaceRequest"}
},
+ "DetachVerifiedAccessTrustProvider":{
+ "name":"DetachVerifiedAccessTrustProvider",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"DetachVerifiedAccessTrustProviderRequest"},
+ "output":{"shape":"DetachVerifiedAccessTrustProviderResult"}
+ },
"DetachVolume":{
"name":"DetachVolume",
"http":{
@@ -3765,6 +3900,24 @@
"input":{"shape":"GetTransitGatewayRouteTablePropagationsRequest"},
"output":{"shape":"GetTransitGatewayRouteTablePropagationsResult"}
},
+ "GetVerifiedAccessEndpointPolicy":{
+ "name":"GetVerifiedAccessEndpointPolicy",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"GetVerifiedAccessEndpointPolicyRequest"},
+ "output":{"shape":"GetVerifiedAccessEndpointPolicyResult"}
+ },
+ "GetVerifiedAccessGroupPolicy":{
+ "name":"GetVerifiedAccessGroupPolicy",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"GetVerifiedAccessGroupPolicyRequest"},
+ "output":{"shape":"GetVerifiedAccessGroupPolicyResult"}
+ },
"GetVpnConnectionDeviceSampleConfiguration":{
"name":"GetVpnConnectionDeviceSampleConfiguration",
"http":{
@@ -4226,6 +4379,69 @@
"input":{"shape":"ModifyTransitGatewayVpcAttachmentRequest"},
"output":{"shape":"ModifyTransitGatewayVpcAttachmentResult"}
},
+ "ModifyVerifiedAccessEndpoint":{
+ "name":"ModifyVerifiedAccessEndpoint",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"ModifyVerifiedAccessEndpointRequest"},
+ "output":{"shape":"ModifyVerifiedAccessEndpointResult"}
+ },
+ "ModifyVerifiedAccessEndpointPolicy":{
+ "name":"ModifyVerifiedAccessEndpointPolicy",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"ModifyVerifiedAccessEndpointPolicyRequest"},
+ "output":{"shape":"ModifyVerifiedAccessEndpointPolicyResult"}
+ },
+ "ModifyVerifiedAccessGroup":{
+ "name":"ModifyVerifiedAccessGroup",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"ModifyVerifiedAccessGroupRequest"},
+ "output":{"shape":"ModifyVerifiedAccessGroupResult"}
+ },
+ "ModifyVerifiedAccessGroupPolicy":{
+ "name":"ModifyVerifiedAccessGroupPolicy",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"ModifyVerifiedAccessGroupPolicyRequest"},
+ "output":{"shape":"ModifyVerifiedAccessGroupPolicyResult"}
+ },
+ "ModifyVerifiedAccessInstance":{
+ "name":"ModifyVerifiedAccessInstance",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"ModifyVerifiedAccessInstanceRequest"},
+ "output":{"shape":"ModifyVerifiedAccessInstanceResult"}
+ },
+ "ModifyVerifiedAccessInstanceLoggingConfiguration":{
+ "name":"ModifyVerifiedAccessInstanceLoggingConfiguration",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"ModifyVerifiedAccessInstanceLoggingConfigurationRequest"},
+ "output":{"shape":"ModifyVerifiedAccessInstanceLoggingConfigurationResult"}
+ },
+ "ModifyVerifiedAccessTrustProvider":{
+ "name":"ModifyVerifiedAccessTrustProvider",
+ "http":{
+ "method":"POST",
+ "requestUri":"/"
+ },
+ "input":{"shape":"ModifyVerifiedAccessTrustProviderRequest"},
+ "output":{"shape":"ModifyVerifiedAccessTrustProviderResult"}
+ },
"ModifyVolume":{
"name":"ModifyVolume",
"http":{
@@ -6725,6 +6941,35 @@
}
}
},
+ "AttachVerifiedAccessTrustProviderRequest":{
+ "type":"structure",
+ "required":[
+ "VerifiedAccessInstanceId",
+ "VerifiedAccessTrustProviderId"
+ ],
+ "members":{
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "VerifiedAccessTrustProviderId":{"shape":"VerifiedAccessTrustProviderId"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "AttachVerifiedAccessTrustProviderResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProvider":{
+ "shape":"VerifiedAccessTrustProvider",
+ "locationName":"verifiedAccessTrustProvider"
+ },
+ "VerifiedAccessInstance":{
+ "shape":"VerifiedAccessInstance",
+ "locationName":"verifiedAccessInstance"
+ }
+ }
+ },
"AttachVolumeRequest":{
"type":"structure",
"required":[
@@ -8116,6 +8361,7 @@
"deleted"
]
},
+ "CertificateArn":{"type":"string"},
"CertificateAuthentication":{
"type":"structure",
"members":{
@@ -11270,6 +11516,181 @@
}
}
},
+ "CreateVerifiedAccessEndpointEniOptions":{
+ "type":"structure",
+ "members":{
+ "NetworkInterfaceId":{"shape":"NetworkInterfaceId"},
+ "Protocol":{"shape":"VerifiedAccessEndpointProtocol"},
+ "Port":{"shape":"VerifiedAccessEndpointPortNumber"}
+ }
+ },
+ "CreateVerifiedAccessEndpointLoadBalancerOptions":{
+ "type":"structure",
+ "members":{
+ "Protocol":{"shape":"VerifiedAccessEndpointProtocol"},
+ "Port":{"shape":"VerifiedAccessEndpointPortNumber"},
+ "LoadBalancerArn":{"shape":"LoadBalancerArn"},
+ "SubnetIds":{
+ "shape":"CreateVerifiedAccessEndpointSubnetIdList",
+ "locationName":"SubnetId"
+ }
+ }
+ },
+ "CreateVerifiedAccessEndpointRequest":{
+ "type":"structure",
+ "required":[
+ "VerifiedAccessGroupId",
+ "EndpointType",
+ "AttachmentType",
+ "DomainCertificateArn",
+ "ApplicationDomain",
+ "EndpointDomainPrefix"
+ ],
+ "members":{
+ "VerifiedAccessGroupId":{"shape":"VerifiedAccessGroupId"},
+ "EndpointType":{"shape":"VerifiedAccessEndpointType"},
+ "AttachmentType":{"shape":"VerifiedAccessEndpointAttachmentType"},
+ "DomainCertificateArn":{"shape":"CertificateArn"},
+ "ApplicationDomain":{"shape":"String"},
+ "EndpointDomainPrefix":{"shape":"String"},
+ "SecurityGroupIds":{
+ "shape":"SecurityGroupIdList",
+ "locationName":"SecurityGroupId"
+ },
+ "LoadBalancerOptions":{"shape":"CreateVerifiedAccessEndpointLoadBalancerOptions"},
+ "NetworkInterfaceOptions":{"shape":"CreateVerifiedAccessEndpointEniOptions"},
+ "Description":{"shape":"String"},
+ "PolicyDocument":{"shape":"String"},
+ "TagSpecifications":{
+ "shape":"TagSpecificationList",
+ "locationName":"TagSpecification"
+ },
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "CreateVerifiedAccessEndpointResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessEndpoint":{
+ "shape":"VerifiedAccessEndpoint",
+ "locationName":"verifiedAccessEndpoint"
+ }
+ }
+ },
+ "CreateVerifiedAccessEndpointSubnetIdList":{
+ "type":"list",
+ "member":{
+ "shape":"SubnetId",
+ "locationName":"item"
+ }
+ },
+ "CreateVerifiedAccessGroupRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessInstanceId"],
+ "members":{
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "Description":{"shape":"String"},
+ "PolicyDocument":{"shape":"String"},
+ "TagSpecifications":{
+ "shape":"TagSpecificationList",
+ "locationName":"TagSpecification"
+ },
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "CreateVerifiedAccessGroupResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessGroup":{
+ "shape":"VerifiedAccessGroup",
+ "locationName":"verifiedAccessGroup"
+ }
+ }
+ },
+ "CreateVerifiedAccessInstanceRequest":{
+ "type":"structure",
+ "members":{
+ "Description":{"shape":"String"},
+ "TagSpecifications":{
+ "shape":"TagSpecificationList",
+ "locationName":"TagSpecification"
+ },
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "CreateVerifiedAccessInstanceResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstance":{
+ "shape":"VerifiedAccessInstance",
+ "locationName":"verifiedAccessInstance"
+ }
+ }
+ },
+ "CreateVerifiedAccessTrustProviderDeviceOptions":{
+ "type":"structure",
+ "members":{
+ "TenantId":{"shape":"String"}
+ }
+ },
+ "CreateVerifiedAccessTrustProviderOidcOptions":{
+ "type":"structure",
+ "members":{
+ "Issuer":{"shape":"String"},
+ "AuthorizationEndpoint":{"shape":"String"},
+ "TokenEndpoint":{"shape":"String"},
+ "UserInfoEndpoint":{"shape":"String"},
+ "ClientId":{"shape":"String"},
+ "ClientSecret":{"shape":"String"},
+ "Scope":{"shape":"String"}
+ }
+ },
+ "CreateVerifiedAccessTrustProviderRequest":{
+ "type":"structure",
+ "required":[
+ "TrustProviderType",
+ "PolicyReferenceName"
+ ],
+ "members":{
+ "TrustProviderType":{"shape":"TrustProviderType"},
+ "UserTrustProviderType":{"shape":"UserTrustProviderType"},
+ "DeviceTrustProviderType":{"shape":"DeviceTrustProviderType"},
+ "OidcOptions":{"shape":"CreateVerifiedAccessTrustProviderOidcOptions"},
+ "DeviceOptions":{"shape":"CreateVerifiedAccessTrustProviderDeviceOptions"},
+ "PolicyReferenceName":{"shape":"String"},
+ "Description":{"shape":"String"},
+ "TagSpecifications":{
+ "shape":"TagSpecificationList",
+ "locationName":"TagSpecification"
+ },
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "CreateVerifiedAccessTrustProviderResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProvider":{
+ "shape":"VerifiedAccessTrustProvider",
+ "locationName":"verifiedAccessTrustProvider"
+ }
+ }
+ },
"CreateVolumePermission":{
"type":"structure",
"members":{
@@ -12925,6 +13346,90 @@
}
}
},
+ "DeleteVerifiedAccessEndpointRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessEndpointId"],
+ "members":{
+ "VerifiedAccessEndpointId":{"shape":"VerifiedAccessEndpointId"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DeleteVerifiedAccessEndpointResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessEndpoint":{
+ "shape":"VerifiedAccessEndpoint",
+ "locationName":"verifiedAccessEndpoint"
+ }
+ }
+ },
+ "DeleteVerifiedAccessGroupRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessGroupId"],
+ "members":{
+ "VerifiedAccessGroupId":{"shape":"VerifiedAccessGroupId"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DeleteVerifiedAccessGroupResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessGroup":{
+ "shape":"VerifiedAccessGroup",
+ "locationName":"verifiedAccessGroup"
+ }
+ }
+ },
+ "DeleteVerifiedAccessInstanceRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessInstanceId"],
+ "members":{
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "DryRun":{"shape":"Boolean"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ }
+ }
+ },
+ "DeleteVerifiedAccessInstanceResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstance":{
+ "shape":"VerifiedAccessInstance",
+ "locationName":"verifiedAccessInstance"
+ }
+ }
+ },
+ "DeleteVerifiedAccessTrustProviderRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessTrustProviderId"],
+ "members":{
+ "VerifiedAccessTrustProviderId":{"shape":"VerifiedAccessTrustProviderId"},
+ "DryRun":{"shape":"Boolean"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ }
+ }
+ },
+ "DeleteVerifiedAccessTrustProviderResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProvider":{
+ "shape":"VerifiedAccessTrustProvider",
+ "locationName":"verifiedAccessTrustProvider"
+ }
+ }
+ },
"DeleteVolumeRequest":{
"type":"structure",
"required":["VolumeId"],
@@ -17072,6 +17577,179 @@
}
}
},
+ "DescribeVerifiedAccessEndpointsMaxResults":{
+ "type":"integer",
+ "max":1000,
+ "min":5
+ },
+ "DescribeVerifiedAccessEndpointsRequest":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessEndpointIds":{
+ "shape":"VerifiedAccessEndpointIdList",
+ "locationName":"VerifiedAccessEndpointId"
+ },
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "VerifiedAccessGroupId":{"shape":"VerifiedAccessGroupId"},
+ "MaxResults":{"shape":"DescribeVerifiedAccessEndpointsMaxResults"},
+ "NextToken":{"shape":"NextToken"},
+ "Filters":{
+ "shape":"FilterList",
+ "locationName":"Filter"
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DescribeVerifiedAccessEndpointsResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessEndpoints":{
+ "shape":"VerifiedAccessEndpointList",
+ "locationName":"verifiedAccessEndpointSet"
+ },
+ "NextToken":{
+ "shape":"NextToken",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "DescribeVerifiedAccessGroupMaxResults":{
+ "type":"integer",
+ "max":1000,
+ "min":5
+ },
+ "DescribeVerifiedAccessGroupsRequest":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessGroupIds":{
+ "shape":"VerifiedAccessGroupIdList",
+ "locationName":"VerifiedAccessGroupId"
+ },
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "MaxResults":{"shape":"DescribeVerifiedAccessGroupMaxResults"},
+ "NextToken":{"shape":"NextToken"},
+ "Filters":{
+ "shape":"FilterList",
+ "locationName":"Filter"
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DescribeVerifiedAccessGroupsResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessGroups":{
+ "shape":"VerifiedAccessGroupList",
+ "locationName":"verifiedAccessGroupSet"
+ },
+ "NextToken":{
+ "shape":"NextToken",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsMaxResults":{
+ "type":"integer",
+ "max":10,
+ "min":1
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsRequest":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstanceIds":{
+ "shape":"VerifiedAccessInstanceIdList",
+ "locationName":"VerifiedAccessInstanceId"
+ },
+ "MaxResults":{"shape":"DescribeVerifiedAccessInstanceLoggingConfigurationsMaxResults"},
+ "NextToken":{"shape":"NextToken"},
+ "Filters":{
+ "shape":"FilterList",
+ "locationName":"Filter"
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsResult":{
+ "type":"structure",
+ "members":{
+ "LoggingConfigurations":{
+ "shape":"VerifiedAccessInstanceLoggingConfigurationList",
+ "locationName":"loggingConfigurationSet"
+ },
+ "NextToken":{
+ "shape":"NextToken",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "DescribeVerifiedAccessInstancesMaxResults":{
+ "type":"integer",
+ "max":200,
+ "min":5
+ },
+ "DescribeVerifiedAccessInstancesRequest":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstanceIds":{
+ "shape":"VerifiedAccessInstanceIdList",
+ "locationName":"VerifiedAccessInstanceId"
+ },
+ "MaxResults":{"shape":"DescribeVerifiedAccessInstancesMaxResults"},
+ "NextToken":{"shape":"NextToken"},
+ "Filters":{
+ "shape":"FilterList",
+ "locationName":"Filter"
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DescribeVerifiedAccessInstancesResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstances":{
+ "shape":"VerifiedAccessInstanceList",
+ "locationName":"verifiedAccessInstanceSet"
+ },
+ "NextToken":{
+ "shape":"NextToken",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "DescribeVerifiedAccessTrustProvidersMaxResults":{
+ "type":"integer",
+ "max":200,
+ "min":5
+ },
+ "DescribeVerifiedAccessTrustProvidersRequest":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProviderIds":{
+ "shape":"VerifiedAccessTrustProviderIdList",
+ "locationName":"VerifiedAccessTrustProviderId"
+ },
+ "MaxResults":{"shape":"DescribeVerifiedAccessTrustProvidersMaxResults"},
+ "NextToken":{"shape":"NextToken"},
+ "Filters":{
+ "shape":"FilterList",
+ "locationName":"Filter"
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DescribeVerifiedAccessTrustProvidersResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProviders":{
+ "shape":"VerifiedAccessTrustProviderList",
+ "locationName":"verifiedAccessTrustProviderSet"
+ },
+ "NextToken":{
+ "shape":"NextToken",
+ "locationName":"nextToken"
+ }
+ }
+ },
"DescribeVolumeAttributeRequest":{
"type":"structure",
"required":[
@@ -17698,6 +18376,35 @@
}
}
},
+ "DetachVerifiedAccessTrustProviderRequest":{
+ "type":"structure",
+ "required":[
+ "VerifiedAccessInstanceId",
+ "VerifiedAccessTrustProviderId"
+ ],
+ "members":{
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "VerifiedAccessTrustProviderId":{"shape":"VerifiedAccessTrustProviderId"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "DetachVerifiedAccessTrustProviderResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProvider":{
+ "shape":"VerifiedAccessTrustProvider",
+ "locationName":"verifiedAccessTrustProvider"
+ },
+ "VerifiedAccessInstance":{
+ "shape":"VerifiedAccessInstance",
+ "locationName":"verifiedAccessInstance"
+ }
+ }
+ },
"DetachVolumeRequest":{
"type":"structure",
"required":["VolumeId"],
@@ -17727,6 +18434,22 @@
}
}
},
+ "DeviceOptions":{
+ "type":"structure",
+ "members":{
+ "TenantId":{
+ "shape":"String",
+ "locationName":"tenantId"
+ }
+ }
+ },
+ "DeviceTrustProviderType":{
+ "type":"string",
+ "enum":[
+ "jamf",
+ "crowdstrike"
+ ]
+ },
"DeviceType":{
"type":"string",
"enum":[
@@ -21874,6 +22597,48 @@
}
}
},
+ "GetVerifiedAccessEndpointPolicyRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessEndpointId"],
+ "members":{
+ "VerifiedAccessEndpointId":{"shape":"VerifiedAccessEndpointId"},
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "GetVerifiedAccessEndpointPolicyResult":{
+ "type":"structure",
+ "members":{
+ "PolicyEnabled":{
+ "shape":"Boolean",
+ "locationName":"policyEnabled"
+ },
+ "PolicyDocument":{
+ "shape":"String",
+ "locationName":"policyDocument"
+ }
+ }
+ },
+ "GetVerifiedAccessGroupPolicyRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessGroupId"],
+ "members":{
+ "VerifiedAccessGroupId":{"shape":"VerifiedAccessGroupId"},
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "GetVerifiedAccessGroupPolicyResult":{
+ "type":"structure",
+ "members":{
+ "PolicyEnabled":{
+ "shape":"Boolean",
+ "locationName":"policyEnabled"
+ },
+ "PolicyDocument":{
+ "shape":"String",
+ "locationName":"policyDocument"
+ }
+ }
+ },
"GetVpnConnectionDeviceSampleConfigurationRequest":{
"type":"structure",
"required":[
@@ -25512,7 +26277,8 @@
"u-18tb1.112xlarge",
"u-24tb1.112xlarge",
"trn1.2xlarge",
- "trn1.32xlarge"
+ "trn1.32xlarge",
+ "hpc6id.32xlarge"
]
},
"InstanceTypeHypervisor":{
@@ -27887,6 +28653,7 @@
"closed"
]
},
+ "LoadBalancerArn":{"type":"string"},
"LoadBalancersConfig":{
"type":"structure",
"members":{
@@ -29621,6 +30388,215 @@
}
}
},
+ "ModifyVerifiedAccessEndpointEniOptions":{
+ "type":"structure",
+ "members":{
+ "Protocol":{"shape":"VerifiedAccessEndpointProtocol"},
+ "Port":{"shape":"VerifiedAccessEndpointPortNumber"}
+ }
+ },
+ "ModifyVerifiedAccessEndpointLoadBalancerOptions":{
+ "type":"structure",
+ "members":{
+ "SubnetIds":{
+ "shape":"ModifyVerifiedAccessEndpointSubnetIdList",
+ "locationName":"SubnetId"
+ },
+ "Protocol":{"shape":"VerifiedAccessEndpointProtocol"},
+ "Port":{"shape":"VerifiedAccessEndpointPortNumber"}
+ }
+ },
+ "ModifyVerifiedAccessEndpointPolicyRequest":{
+ "type":"structure",
+ "required":[
+ "VerifiedAccessEndpointId",
+ "PolicyEnabled"
+ ],
+ "members":{
+ "VerifiedAccessEndpointId":{"shape":"VerifiedAccessEndpointId"},
+ "PolicyEnabled":{"shape":"Boolean"},
+ "PolicyDocument":{"shape":"String"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "ModifyVerifiedAccessEndpointPolicyResult":{
+ "type":"structure",
+ "members":{
+ "PolicyEnabled":{
+ "shape":"Boolean",
+ "locationName":"policyEnabled"
+ },
+ "PolicyDocument":{
+ "shape":"String",
+ "locationName":"policyDocument"
+ }
+ }
+ },
+ "ModifyVerifiedAccessEndpointRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessEndpointId"],
+ "members":{
+ "VerifiedAccessEndpointId":{"shape":"VerifiedAccessEndpointId"},
+ "VerifiedAccessGroupId":{"shape":"VerifiedAccessGroupId"},
+ "LoadBalancerOptions":{"shape":"ModifyVerifiedAccessEndpointLoadBalancerOptions"},
+ "NetworkInterfaceOptions":{"shape":"ModifyVerifiedAccessEndpointEniOptions"},
+ "Description":{"shape":"String"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "ModifyVerifiedAccessEndpointResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessEndpoint":{
+ "shape":"VerifiedAccessEndpoint",
+ "locationName":"verifiedAccessEndpoint"
+ }
+ }
+ },
+ "ModifyVerifiedAccessEndpointSubnetIdList":{
+ "type":"list",
+ "member":{
+ "shape":"SubnetId",
+ "locationName":"item"
+ }
+ },
+ "ModifyVerifiedAccessGroupPolicyRequest":{
+ "type":"structure",
+ "required":[
+ "VerifiedAccessGroupId",
+ "PolicyEnabled"
+ ],
+ "members":{
+ "VerifiedAccessGroupId":{"shape":"VerifiedAccessGroupId"},
+ "PolicyEnabled":{"shape":"Boolean"},
+ "PolicyDocument":{"shape":"String"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "ModifyVerifiedAccessGroupPolicyResult":{
+ "type":"structure",
+ "members":{
+ "PolicyEnabled":{
+ "shape":"Boolean",
+ "locationName":"policyEnabled"
+ },
+ "PolicyDocument":{
+ "shape":"String",
+ "locationName":"policyDocument"
+ }
+ }
+ },
+ "ModifyVerifiedAccessGroupRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessGroupId"],
+ "members":{
+ "VerifiedAccessGroupId":{"shape":"VerifiedAccessGroupId"},
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "Description":{"shape":"String"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ },
+ "DryRun":{"shape":"Boolean"}
+ }
+ },
+ "ModifyVerifiedAccessGroupResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessGroup":{
+ "shape":"VerifiedAccessGroup",
+ "locationName":"verifiedAccessGroup"
+ }
+ }
+ },
+ "ModifyVerifiedAccessInstanceLoggingConfigurationRequest":{
+ "type":"structure",
+ "required":[
+ "VerifiedAccessInstanceId",
+ "AccessLogs"
+ ],
+ "members":{
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "AccessLogs":{"shape":"VerifiedAccessLogOptions"},
+ "DryRun":{"shape":"Boolean"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ }
+ }
+ },
+ "ModifyVerifiedAccessInstanceLoggingConfigurationResult":{
+ "type":"structure",
+ "members":{
+ "LoggingConfiguration":{
+ "shape":"VerifiedAccessInstanceLoggingConfiguration",
+ "locationName":"loggingConfiguration"
+ }
+ }
+ },
+ "ModifyVerifiedAccessInstanceRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessInstanceId"],
+ "members":{
+ "VerifiedAccessInstanceId":{"shape":"VerifiedAccessInstanceId"},
+ "Description":{"shape":"String"},
+ "DryRun":{"shape":"Boolean"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ }
+ }
+ },
+ "ModifyVerifiedAccessInstanceResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstance":{
+ "shape":"VerifiedAccessInstance",
+ "locationName":"verifiedAccessInstance"
+ }
+ }
+ },
+ "ModifyVerifiedAccessTrustProviderOidcOptions":{
+ "type":"structure",
+ "members":{
+ "Scope":{"shape":"String"}
+ }
+ },
+ "ModifyVerifiedAccessTrustProviderRequest":{
+ "type":"structure",
+ "required":["VerifiedAccessTrustProviderId"],
+ "members":{
+ "VerifiedAccessTrustProviderId":{"shape":"VerifiedAccessTrustProviderId"},
+ "OidcOptions":{"shape":"ModifyVerifiedAccessTrustProviderOidcOptions"},
+ "Description":{"shape":"String"},
+ "DryRun":{"shape":"Boolean"},
+ "ClientToken":{
+ "shape":"String",
+ "idempotencyToken":true
+ }
+ }
+ },
+ "ModifyVerifiedAccessTrustProviderResult":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProvider":{
+ "shape":"VerifiedAccessTrustProvider",
+ "locationName":"verifiedAccessTrustProvider"
+ }
+ }
+ },
"ModifyVolumeAttributeRequest":{
"type":"structure",
"required":["VolumeId"],
@@ -31168,6 +32144,39 @@
"All Upfront"
]
},
+ "OidcOptions":{
+ "type":"structure",
+ "members":{
+ "Issuer":{
+ "shape":"String",
+ "locationName":"issuer"
+ },
+ "AuthorizationEndpoint":{
+ "shape":"String",
+ "locationName":"authorizationEndpoint"
+ },
+ "TokenEndpoint":{
+ "shape":"String",
+ "locationName":"tokenEndpoint"
+ },
+ "UserInfoEndpoint":{
+ "shape":"String",
+ "locationName":"userInfoEndpoint"
+ },
+ "ClientId":{
+ "shape":"String",
+ "locationName":"clientId"
+ },
+ "ClientSecret":{
+ "shape":"String",
+ "locationName":"clientSecret"
+ },
+ "Scope":{
+ "shape":"String",
+ "locationName":"scope"
+ }
+ }
+ },
"OnDemandAllocationStrategy":{
"type":"string",
"enum":[
@@ -34437,6 +35446,11 @@
"capacity-reservation-fleet",
"traffic-mirror-filter-rule",
"vpc-endpoint-connection-device-type",
+ "verified-access-instance",
+ "verified-access-group",
+ "verified-access-endpoint",
+ "verified-access-policy",
+ "verified-access-trust-provider",
"vpn-connection-device-type"
]
},
@@ -35707,6 +36721,13 @@
}
},
"SecurityGroupId":{"type":"string"},
+ "SecurityGroupIdList":{
+ "type":"list",
+ "member":{
+ "shape":"SecurityGroupId",
+ "locationName":"item"
+ }
+ },
"SecurityGroupIdStringList":{
"type":"list",
"member":{
@@ -39908,6 +40929,13 @@
"locationName":"item"
}
},
+ "TrustProviderType":{
+ "type":"string",
+ "enum":[
+ "user",
+ "device"
+ ]
+ },
"TunnelInsideIpVersion":{
"type":"string",
"enum":[
@@ -40323,6 +41351,13 @@
"locationName":"UserId"
}
},
+ "UserTrustProviderType":{
+ "type":"string",
+ "enum":[
+ "iam-identity-center",
+ "oidc"
+ ]
+ },
"VCpuCount":{"type":"integer"},
"VCpuCountRange":{
"type":"structure",
@@ -40399,6 +41434,535 @@
"locationName":"item"
}
},
+ "VerifiedAccessEndpoint":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstanceId":{
+ "shape":"String",
+ "locationName":"verifiedAccessInstanceId"
+ },
+ "VerifiedAccessGroupId":{
+ "shape":"String",
+ "locationName":"verifiedAccessGroupId"
+ },
+ "VerifiedAccessEndpointId":{
+ "shape":"String",
+ "locationName":"verifiedAccessEndpointId"
+ },
+ "ApplicationDomain":{
+ "shape":"String",
+ "locationName":"applicationDomain"
+ },
+ "EndpointType":{
+ "shape":"VerifiedAccessEndpointType",
+ "locationName":"endpointType"
+ },
+ "AttachmentType":{
+ "shape":"VerifiedAccessEndpointAttachmentType",
+ "locationName":"attachmentType"
+ },
+ "DomainCertificateArn":{
+ "shape":"String",
+ "locationName":"domainCertificateArn"
+ },
+ "EndpointDomain":{
+ "shape":"String",
+ "locationName":"endpointDomain"
+ },
+ "DeviceValidationDomain":{
+ "shape":"String",
+ "locationName":"deviceValidationDomain"
+ },
+ "SecurityGroupIds":{
+ "shape":"SecurityGroupIdList",
+ "locationName":"securityGroupIdSet"
+ },
+ "LoadBalancerOptions":{
+ "shape":"VerifiedAccessEndpointLoadBalancerOptions",
+ "locationName":"loadBalancerOptions"
+ },
+ "NetworkInterfaceOptions":{
+ "shape":"VerifiedAccessEndpointEniOptions",
+ "locationName":"networkInterfaceOptions"
+ },
+ "Status":{
+ "shape":"VerifiedAccessEndpointStatus",
+ "locationName":"status"
+ },
+ "Description":{
+ "shape":"String",
+ "locationName":"description"
+ },
+ "CreationTime":{
+ "shape":"String",
+ "locationName":"creationTime"
+ },
+ "LastUpdatedTime":{
+ "shape":"String",
+ "locationName":"lastUpdatedTime"
+ },
+ "DeletionTime":{
+ "shape":"String",
+ "locationName":"deletionTime"
+ },
+ "Tags":{
+ "shape":"TagList",
+ "locationName":"tagSet"
+ }
+ }
+ },
+ "VerifiedAccessEndpointAttachmentType":{
+ "type":"string",
+ "enum":["vpc"]
+ },
+ "VerifiedAccessEndpointEniOptions":{
+ "type":"structure",
+ "members":{
+ "NetworkInterfaceId":{
+ "shape":"NetworkInterfaceId",
+ "locationName":"networkInterfaceId"
+ },
+ "Protocol":{
+ "shape":"VerifiedAccessEndpointProtocol",
+ "locationName":"protocol"
+ },
+ "Port":{
+ "shape":"VerifiedAccessEndpointPortNumber",
+ "locationName":"port"
+ }
+ }
+ },
+ "VerifiedAccessEndpointId":{"type":"string"},
+ "VerifiedAccessEndpointIdList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessEndpointId",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessEndpointList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessEndpoint",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessEndpointLoadBalancerOptions":{
+ "type":"structure",
+ "members":{
+ "Protocol":{
+ "shape":"VerifiedAccessEndpointProtocol",
+ "locationName":"protocol"
+ },
+ "Port":{
+ "shape":"VerifiedAccessEndpointPortNumber",
+ "locationName":"port"
+ },
+ "LoadBalancerArn":{
+ "shape":"String",
+ "locationName":"loadBalancerArn"
+ },
+ "SubnetIds":{
+ "shape":"VerifiedAccessEndpointSubnetIdList",
+ "locationName":"subnetIdSet"
+ }
+ }
+ },
+ "VerifiedAccessEndpointPortNumber":{
+ "type":"integer",
+ "max":65535,
+ "min":1
+ },
+ "VerifiedAccessEndpointProtocol":{
+ "type":"string",
+ "enum":[
+ "http",
+ "https"
+ ]
+ },
+ "VerifiedAccessEndpointStatus":{
+ "type":"structure",
+ "members":{
+ "Code":{
+ "shape":"VerifiedAccessEndpointStatusCode",
+ "locationName":"code"
+ },
+ "Message":{
+ "shape":"String",
+ "locationName":"message"
+ }
+ }
+ },
+ "VerifiedAccessEndpointStatusCode":{
+ "type":"string",
+ "enum":[
+ "pending",
+ "active",
+ "updating",
+ "deleting",
+ "deleted"
+ ]
+ },
+ "VerifiedAccessEndpointSubnetIdList":{
+ "type":"list",
+ "member":{
+ "shape":"SubnetId",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessEndpointType":{
+ "type":"string",
+ "enum":[
+ "load-balancer",
+ "network-interface"
+ ]
+ },
+ "VerifiedAccessGroup":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessGroupId":{
+ "shape":"String",
+ "locationName":"verifiedAccessGroupId"
+ },
+ "VerifiedAccessInstanceId":{
+ "shape":"String",
+ "locationName":"verifiedAccessInstanceId"
+ },
+ "Description":{
+ "shape":"String",
+ "locationName":"description"
+ },
+ "Owner":{
+ "shape":"String",
+ "locationName":"owner"
+ },
+ "VerifiedAccessGroupArn":{
+ "shape":"String",
+ "locationName":"verifiedAccessGroupArn"
+ },
+ "CreationTime":{
+ "shape":"String",
+ "locationName":"creationTime"
+ },
+ "LastUpdatedTime":{
+ "shape":"String",
+ "locationName":"lastUpdatedTime"
+ },
+ "DeletionTime":{
+ "shape":"String",
+ "locationName":"deletionTime"
+ },
+ "Tags":{
+ "shape":"TagList",
+ "locationName":"tagSet"
+ }
+ }
+ },
+ "VerifiedAccessGroupId":{"type":"string"},
+ "VerifiedAccessGroupIdList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessGroupId",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessGroupList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessGroup",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessInstance":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstanceId":{
+ "shape":"String",
+ "locationName":"verifiedAccessInstanceId"
+ },
+ "Description":{
+ "shape":"String",
+ "locationName":"description"
+ },
+ "VerifiedAccessTrustProviders":{
+ "shape":"VerifiedAccessTrustProviderCondensedList",
+ "locationName":"verifiedAccessTrustProviderSet"
+ },
+ "CreationTime":{
+ "shape":"String",
+ "locationName":"creationTime"
+ },
+ "LastUpdatedTime":{
+ "shape":"String",
+ "locationName":"lastUpdatedTime"
+ },
+ "Tags":{
+ "shape":"TagList",
+ "locationName":"tagSet"
+ }
+ }
+ },
+ "VerifiedAccessInstanceId":{"type":"string"},
+ "VerifiedAccessInstanceIdList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessInstanceId",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessInstanceList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessInstance",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessInstanceLoggingConfiguration":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessInstanceId":{
+ "shape":"String",
+ "locationName":"verifiedAccessInstanceId"
+ },
+ "AccessLogs":{
+ "shape":"VerifiedAccessLogs",
+ "locationName":"accessLogs"
+ }
+ }
+ },
+ "VerifiedAccessInstanceLoggingConfigurationList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessInstanceLoggingConfiguration",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessLogCloudWatchLogsDestination":{
+ "type":"structure",
+ "members":{
+ "Enabled":{
+ "shape":"Boolean",
+ "locationName":"enabled"
+ },
+ "DeliveryStatus":{
+ "shape":"VerifiedAccessLogDeliveryStatus",
+ "locationName":"deliveryStatus"
+ },
+ "LogGroup":{
+ "shape":"String",
+ "locationName":"logGroup"
+ }
+ }
+ },
+ "VerifiedAccessLogCloudWatchLogsDestinationOptions":{
+ "type":"structure",
+ "required":["Enabled"],
+ "members":{
+ "Enabled":{"shape":"Boolean"},
+ "LogGroup":{"shape":"String"}
+ }
+ },
+ "VerifiedAccessLogDeliveryStatus":{
+ "type":"structure",
+ "members":{
+ "Code":{
+ "shape":"VerifiedAccessLogDeliveryStatusCode",
+ "locationName":"code"
+ },
+ "Message":{
+ "shape":"String",
+ "locationName":"message"
+ }
+ }
+ },
+ "VerifiedAccessLogDeliveryStatusCode":{
+ "type":"string",
+ "enum":[
+ "success",
+ "failed"
+ ]
+ },
+ "VerifiedAccessLogKinesisDataFirehoseDestination":{
+ "type":"structure",
+ "members":{
+ "Enabled":{
+ "shape":"Boolean",
+ "locationName":"enabled"
+ },
+ "DeliveryStatus":{
+ "shape":"VerifiedAccessLogDeliveryStatus",
+ "locationName":"deliveryStatus"
+ },
+ "DeliveryStream":{
+ "shape":"String",
+ "locationName":"deliveryStream"
+ }
+ }
+ },
+ "VerifiedAccessLogKinesisDataFirehoseDestinationOptions":{
+ "type":"structure",
+ "required":["Enabled"],
+ "members":{
+ "Enabled":{"shape":"Boolean"},
+ "DeliveryStream":{"shape":"String"}
+ }
+ },
+ "VerifiedAccessLogOptions":{
+ "type":"structure",
+ "members":{
+ "S3":{"shape":"VerifiedAccessLogS3DestinationOptions"},
+ "CloudWatchLogs":{"shape":"VerifiedAccessLogCloudWatchLogsDestinationOptions"},
+ "KinesisDataFirehose":{"shape":"VerifiedAccessLogKinesisDataFirehoseDestinationOptions"}
+ }
+ },
+ "VerifiedAccessLogS3Destination":{
+ "type":"structure",
+ "members":{
+ "Enabled":{
+ "shape":"Boolean",
+ "locationName":"enabled"
+ },
+ "DeliveryStatus":{
+ "shape":"VerifiedAccessLogDeliveryStatus",
+ "locationName":"deliveryStatus"
+ },
+ "BucketName":{
+ "shape":"String",
+ "locationName":"bucketName"
+ },
+ "Prefix":{
+ "shape":"String",
+ "locationName":"prefix"
+ },
+ "BucketOwner":{
+ "shape":"String",
+ "locationName":"bucketOwner"
+ }
+ }
+ },
+ "VerifiedAccessLogS3DestinationOptions":{
+ "type":"structure",
+ "required":["Enabled"],
+ "members":{
+ "Enabled":{"shape":"Boolean"},
+ "BucketName":{"shape":"String"},
+ "Prefix":{"shape":"String"},
+ "BucketOwner":{"shape":"String"}
+ }
+ },
+ "VerifiedAccessLogs":{
+ "type":"structure",
+ "members":{
+ "S3":{
+ "shape":"VerifiedAccessLogS3Destination",
+ "locationName":"s3"
+ },
+ "CloudWatchLogs":{
+ "shape":"VerifiedAccessLogCloudWatchLogsDestination",
+ "locationName":"cloudWatchLogs"
+ },
+ "KinesisDataFirehose":{
+ "shape":"VerifiedAccessLogKinesisDataFirehoseDestination",
+ "locationName":"kinesisDataFirehose"
+ }
+ }
+ },
+ "VerifiedAccessTrustProvider":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProviderId":{
+ "shape":"String",
+ "locationName":"verifiedAccessTrustProviderId"
+ },
+ "Description":{
+ "shape":"String",
+ "locationName":"description"
+ },
+ "TrustProviderType":{
+ "shape":"TrustProviderType",
+ "locationName":"trustProviderType"
+ },
+ "UserTrustProviderType":{
+ "shape":"UserTrustProviderType",
+ "locationName":"userTrustProviderType"
+ },
+ "DeviceTrustProviderType":{
+ "shape":"DeviceTrustProviderType",
+ "locationName":"deviceTrustProviderType"
+ },
+ "OidcOptions":{
+ "shape":"OidcOptions",
+ "locationName":"oidcOptions"
+ },
+ "DeviceOptions":{
+ "shape":"DeviceOptions",
+ "locationName":"deviceOptions"
+ },
+ "PolicyReferenceName":{
+ "shape":"String",
+ "locationName":"policyReferenceName"
+ },
+ "CreationTime":{
+ "shape":"String",
+ "locationName":"creationTime"
+ },
+ "LastUpdatedTime":{
+ "shape":"String",
+ "locationName":"lastUpdatedTime"
+ },
+ "Tags":{
+ "shape":"TagList",
+ "locationName":"tagSet"
+ }
+ }
+ },
+ "VerifiedAccessTrustProviderCondensed":{
+ "type":"structure",
+ "members":{
+ "VerifiedAccessTrustProviderId":{
+ "shape":"String",
+ "locationName":"verifiedAccessTrustProviderId"
+ },
+ "Description":{
+ "shape":"String",
+ "locationName":"description"
+ },
+ "TrustProviderType":{
+ "shape":"TrustProviderType",
+ "locationName":"trustProviderType"
+ },
+ "UserTrustProviderType":{
+ "shape":"UserTrustProviderType",
+ "locationName":"userTrustProviderType"
+ },
+ "DeviceTrustProviderType":{
+ "shape":"DeviceTrustProviderType",
+ "locationName":"deviceTrustProviderType"
+ }
+ }
+ },
+ "VerifiedAccessTrustProviderCondensedList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessTrustProviderCondensed",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessTrustProviderId":{"type":"string"},
+ "VerifiedAccessTrustProviderIdList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessTrustProviderId",
+ "locationName":"item"
+ }
+ },
+ "VerifiedAccessTrustProviderList":{
+ "type":"list",
+ "member":{
+ "shape":"VerifiedAccessTrustProvider",
+ "locationName":"item"
+ }
+ },
"VersionDescription":{
"type":"string",
"max":255,
diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json
index 014a4d30b8..9ec7607b66 100755
--- a/models/apis/ec2/2016-11-15/docs-2.json
+++ b/models/apis/ec2/2016-11-15/docs-2.json
@@ -32,6 +32,7 @@
"AttachClassicLinkVpc": " We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide.
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the running state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it.
After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.
Linking your instance to a VPC is sometimes referred to as attaching your instance.
",
"AttachInternetGateway": "Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.
",
"AttachNetworkInterface": "Attaches a network interface to an instance.
",
+ "AttachVerifiedAccessTrustProvider": "A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices. One or more trust providers can be attached to an Amazon Web Services Verified Access instance.
",
"AttachVolume": "Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.
After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.
If a volume has an Amazon Web Services Marketplace product code:
-
The volume can be attached only to a stopped instance.
-
Amazon Web Services Marketplace product codes are copied from the volume to the instance.
-
You must be subscribed to the product.
-
The instance type and operating system of the instance must support the product. For example, you can't detach a volume from a Windows instance and attach it to a Linux instance.
For more information, see Attach an Amazon EBS volume to an instance in the Amazon Elastic Compute Cloud User Guide.
",
"AttachVpnGateway": "Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
",
"AuthorizeClientVpnIngress": "Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks.
",
@@ -119,6 +120,10 @@
"CreateTransitGatewayRouteTable": "Creates a route table for the specified transit gateway.
",
"CreateTransitGatewayRouteTableAnnouncement": "Advertises a new transit gateway route table.
",
"CreateTransitGatewayVpcAttachment": "Attaches the specified VPC to the specified transit gateway.
If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.
To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute.
",
+ "CreateVerifiedAccessEndpoint": "An Amazon Web Services Verified Access endpoint is where you define your application along with an optional endpoint-level access policy.
",
+ "CreateVerifiedAccessGroup": "An Amazon Web Services Verified Access group is a collection of Amazon Web Services Verified Access endpoints who's associated applications have similar security requirements. Each instance within an Amazon Web Services Verified Access group shares an Amazon Web Services Verified Access policy. For example, you can group all Amazon Web Services Verified Access instances associated with “sales” applications together and use one common Amazon Web Services Verified Access policy.
",
+ "CreateVerifiedAccessInstance": "An Amazon Web Services Verified Access instance is a regional entity that evaluates application requests and grants access only when your security requirements are met.
",
+ "CreateVerifiedAccessTrustProvider": "A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices. When an application request is made, the identity information sent by the trust provider will be evaluated by Amazon Web Services Verified Access, before allowing or denying the application request.
",
"CreateVolume": "Creates an EBS volume that can be attached to an instance in the same Availability Zone.
You can create a new empty volume or restore a volume from an EBS snapshot. Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.
You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.
You can tag your volumes during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.
For more information, see Create an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.
",
"CreateVpc": "Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide.
You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
By default, each instance you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.
You can specify the instance tenancy value for the VPC when you create it. You can't change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.
",
"CreateVpcEndpoint": "Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink Guide.
",
@@ -187,6 +192,10 @@
"DeleteTransitGatewayRouteTable": "Deletes the specified transit gateway route table. You must disassociate the route table from any transit gateway route tables before you can delete it.
",
"DeleteTransitGatewayRouteTableAnnouncement": "Advertises to the transit gateway that a transit gateway route table is deleted.
",
"DeleteTransitGatewayVpcAttachment": "Deletes the specified VPC attachment.
",
+ "DeleteVerifiedAccessEndpoint": "Delete an Amazon Web Services Verified Access endpoint.
",
+ "DeleteVerifiedAccessGroup": "Delete an Amazon Web Services Verified Access group.
",
+ "DeleteVerifiedAccessInstance": "Delete an Amazon Web Services Verified Access instance.
",
+ "DeleteVerifiedAccessTrustProvider": "Delete an Amazon Web Services Verified Access trust provider.
",
"DeleteVolume": "Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).
The volume can remain in the deleting state for several minutes.
For more information, see Delete an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.
",
"DeleteVpc": "Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.
",
"DeleteVpcEndpointConnectionNotifications": "Deletes one or more VPC endpoint connection notifications.
",
@@ -323,6 +332,11 @@
"DescribeTransitGatewayVpcAttachments": "Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.
",
"DescribeTransitGateways": "Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.
",
"DescribeTrunkInterfaceAssociations": " This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.
Describes one or more network interface trunk associations.
",
+ "DescribeVerifiedAccessEndpoints": "Describe Amazon Web Services Verified Access endpoints.
",
+ "DescribeVerifiedAccessGroups": "Describe details of existing Verified Access groups.
",
+ "DescribeVerifiedAccessInstanceLoggingConfigurations": "Describes the current logging configuration for the Amazon Web Services Verified Access instances.
",
+ "DescribeVerifiedAccessInstances": "Describe Verified Access instances.
",
+ "DescribeVerifiedAccessTrustProviders": "Describe details of existing Verified Access trust providers.
",
"DescribeVolumeAttribute": "Describes the specified attribute of the specified volume. You can specify only one attribute at a time.
For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.
",
"DescribeVolumeStatus": "Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.
The DescribeVolumeStatus operation provides the following information about the specified volumes:
Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon Elastic Compute Cloud User Guide.
Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.
Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.
Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)
",
"DescribeVolumes": "Describes the specified EBS volumes or all of your EBS volumes.
If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the remaining results.
For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.
",
@@ -343,6 +357,7 @@
"DetachClassicLinkVpc": " We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide.
Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it's stopped.
",
"DetachInternetGateway": "Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.
",
"DetachNetworkInterface": "Detaches a network interface from an instance.
",
+ "DetachVerifiedAccessTrustProvider": "Detach a trust provider from an Amazon Web Services Verified Access instance.
",
"DetachVolume": "Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can't be detached while the instance is running. To detach the root volume, stop the instance first.
When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.
For more information, see Detach an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.
",
"DetachVpnGateway": "Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).
You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway.
",
"DisableAddressTransfer": "Disables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon Virtual Private Cloud User Guide.
",
@@ -423,6 +438,8 @@
"GetTransitGatewayPrefixListReferences": "Gets information about the prefix list references in a specified transit gateway route table.
",
"GetTransitGatewayRouteTableAssociations": "Gets information about the associations for the specified transit gateway route table.
",
"GetTransitGatewayRouteTablePropagations": "Gets information about the route table propagations for the specified transit gateway route table.
",
+ "GetVerifiedAccessEndpointPolicy": "Get the Verified Access policy associated with the endpoint.
",
+ "GetVerifiedAccessGroupPolicy": "Shows the contents of the Verified Access policy associated with the group.
",
"GetVpnConnectionDeviceSampleConfiguration": "Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection.
",
"GetVpnConnectionDeviceTypes": "Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.
",
"ImportClientVpnClientCertificateRevocationList": "Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.
Uploading a client certificate revocation list resets existing client connections.
",
@@ -475,6 +492,13 @@
"ModifyTransitGateway": "Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.
",
"ModifyTransitGatewayPrefixListReference": "Modifies a reference (route) to a prefix list in a specified transit gateway route table.
",
"ModifyTransitGatewayVpcAttachment": "Modifies the specified VPC attachment.
",
+ "ModifyVerifiedAccessEndpoint": "Modifies the configuration of an Amazon Web Services Verified Access endpoint.
",
+ "ModifyVerifiedAccessEndpointPolicy": "Modifies the specified Verified Access endpoint policy.
",
+ "ModifyVerifiedAccessGroup": "Modifies the specified Verified Access group configuration.
",
+ "ModifyVerifiedAccessGroupPolicy": "Modifies the specified Verified Access group policy.
",
+ "ModifyVerifiedAccessInstance": "Modifies the configuration of the specified Verified Access instance.
",
+ "ModifyVerifiedAccessInstanceLoggingConfiguration": "Modifies the logging configuration for the specified Amazon Web Services Verified Access instance.
",
+ "ModifyVerifiedAccessTrustProvider": "Modifies the configuration of the specified Amazon Web Services Verified Access trust provider.
",
"ModifyVolume": "You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes (Linux instances) or Amazon EBS Elastic Volumes (Windows instances).
When you complete a resize operation on your volume, you need to extend the volume's file-system size to take advantage of the new storage capacity. For more information, see Extend a Linux file system or Extend a Windows file system.
You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using DescribeVolumesModifications. For information about tracking status changes using either method, see Monitor the progress of volume modifications.
With previous-generation instance types, resizing an EBS volume might require detaching and reattaching the volume or stopping and restarting the instance.
After modifying a volume, you must wait at least six hours and ensure that the volume is in the in-use or available state before you can modify the same volume. This is sometimes referred to as a cooldown period.
",
"ModifyVolumeAttribute": "Modifies a volume attribute.
By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.
You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.
",
"ModifyVpcAttribute": "Modifies the specified attribute of the specified VPC.
",
@@ -1429,6 +1453,16 @@
"refs": {
}
},
+ "AttachVerifiedAccessTrustProviderRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "AttachVerifiedAccessTrustProviderResult": {
+ "base": null,
+ "refs": {
+ }
+ },
"AttachVolumeRequest": {
"base": null,
"refs": {
@@ -1789,6 +1823,7 @@
"AttachClassicLinkVpcResult$Return": "Returns true if the request succeeds; otherwise, it returns an error.
",
"AttachInternetGatewayRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"AttachNetworkInterfaceRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "AttachVerifiedAccessTrustProviderRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"AttachVolumeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"AttachVpnGatewayRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"AttachmentEnaSrdSpecification$EnaSrdEnabled": "Indicates whether ENA Express is enabled for the network interface that's attached to the instance.
",
@@ -1913,6 +1948,10 @@
"CreateTransitGatewayRouteTableAnnouncementRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"CreateTransitGatewayRouteTableRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"CreateTransitGatewayVpcAttachmentRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "CreateVerifiedAccessEndpointRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "CreateVerifiedAccessGroupRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "CreateVerifiedAccessInstanceRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "CreateVerifiedAccessTrustProviderRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"CreateVolumeRequest$Encrypted": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Encryption by default in the Amazon Elastic Compute Cloud User Guide.
Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.
",
"CreateVolumeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"CreateVolumeRequest$MultiAttachEnabled": "Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Instances built on the Nitro System in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.
",
@@ -1994,6 +2033,10 @@
"DeleteTransitGatewayRouteTableAnnouncementRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DeleteTransitGatewayRouteTableRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DeleteTransitGatewayVpcAttachmentRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DeleteVerifiedAccessEndpointRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DeleteVerifiedAccessGroupRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DeleteVerifiedAccessInstanceRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DeleteVerifiedAccessTrustProviderRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DeleteVolumeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DeleteVpcEndpointConnectionNotificationsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DeleteVpcEndpointServiceConfigurationsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
@@ -2127,6 +2170,11 @@
"DescribeTransitGatewayVpcAttachmentsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DescribeTransitGatewaysRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DescribeTrunkInterfaceAssociationsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DescribeVerifiedAccessEndpointsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DescribeVerifiedAccessGroupsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DescribeVerifiedAccessInstancesRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "DescribeVerifiedAccessTrustProvidersRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DescribeVolumeAttributeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DescribeVolumeStatusRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DescribeVolumesModificationsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
@@ -2152,6 +2200,7 @@
"DetachInternetGatewayRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DetachNetworkInterfaceRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DetachNetworkInterfaceRequest$Force": "Specifies whether to force a detachment.
-
Use the Force parameter only as a last resort to detach a network interface from a failed instance.
-
If you use the Force parameter to detach a network interface, you might not be able to attach a different network interface to the same index on the instance without first stopping and starting the instance.
-
If you force the detachment of a network interface, the instance metadata might not get updated. This means that the attributes associated with the detached network interface might still be visible. The instance metadata will get updated when you stop and start the instance.
",
+ "DetachVerifiedAccessTrustProviderRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DetachVolumeRequest$Force": "Forces detachment if the previous detachment attempt did not occur cleanly (for example, logging into an instance, unmounting the volume, and detaching normally). This option can lead to data loss or a corrupted file system. Use this option only as a last resort to detach a volume from a failed instance. The instance won't have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures.
",
"DetachVolumeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"DetachVpnGatewayRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
@@ -2265,6 +2314,10 @@
"GetTransitGatewayPrefixListReferencesRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"GetTransitGatewayRouteTableAssociationsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"GetTransitGatewayRouteTablePropagationsRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "GetVerifiedAccessEndpointPolicyRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "GetVerifiedAccessEndpointPolicyResult$PolicyEnabled": "The status of the Verified Access policy.
",
+ "GetVerifiedAccessGroupPolicyRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "GetVerifiedAccessGroupPolicyResult$PolicyEnabled": "The status of the Verified Access policy.
",
"GetVpnConnectionDeviceSampleConfigurationRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"GetVpnConnectionDeviceTypesRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"HibernationOptions$Configured": "If this parameter is set to true, your instance is enabled for hibernation; otherwise, it is not enabled for hibernation.
",
@@ -2381,6 +2434,17 @@
"ModifyTransitGatewayPrefixListReferenceRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"ModifyTransitGatewayRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"ModifyTransitGatewayVpcAttachmentRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "ModifyVerifiedAccessEndpointPolicyRequest$PolicyEnabled": "The status of the Verified Access policy.
",
+ "ModifyVerifiedAccessEndpointPolicyRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "ModifyVerifiedAccessEndpointPolicyResult$PolicyEnabled": "The status of the Verified Access policy.
",
+ "ModifyVerifiedAccessEndpointRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "ModifyVerifiedAccessGroupPolicyRequest$PolicyEnabled": "The status of the Verified Access policy.
",
+ "ModifyVerifiedAccessGroupPolicyRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "ModifyVerifiedAccessGroupPolicyResult$PolicyEnabled": "The status of the Verified Access policy.
",
+ "ModifyVerifiedAccessGroupRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "ModifyVerifiedAccessInstanceLoggingConfigurationRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "ModifyVerifiedAccessInstanceRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
+ "ModifyVerifiedAccessTrustProviderRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"ModifyVolumeAttributeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"ModifyVolumeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"ModifyVolumeRequest$MultiAttachEnabled": "Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro-based instances in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.
",
@@ -2567,6 +2631,12 @@
"UpdateSecurityGroupRuleDescriptionsEgressResult$Return": "Returns true if the request succeeds; otherwise, returns an error.
",
"UpdateSecurityGroupRuleDescriptionsIngressRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
",
"UpdateSecurityGroupRuleDescriptionsIngressResult$Return": "Returns true if the request succeeds; otherwise, returns an error.
",
+ "VerifiedAccessLogCloudWatchLogsDestination$Enabled": "Indicates whether logging is enabled.
",
+ "VerifiedAccessLogCloudWatchLogsDestinationOptions$Enabled": "Indicates whether logging is enabled.
",
+ "VerifiedAccessLogKinesisDataFirehoseDestination$Enabled": "Indicates whether logging is enabled.
",
+ "VerifiedAccessLogKinesisDataFirehoseDestinationOptions$Enabled": "Indicates whether logging is enabled.
",
+ "VerifiedAccessLogS3Destination$Enabled": "Indicates whether logging is enabled.
",
+ "VerifiedAccessLogS3DestinationOptions$Enabled": "Indicates whether logging is enabled.
",
"Volume$Encrypted": "Indicates whether the volume is encrypted.
",
"Volume$FastRestored": "Indicates whether the volume was created using fast snapshot restore.
",
"Volume$MultiAttachEnabled": "Indicates whether Amazon EBS Multi-Attach is enabled.
",
@@ -3082,6 +3152,12 @@
"CarrierGateway$State": "The state of the carrier gateway.
"
}
},
+ "CertificateArn": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointRequest$DomainCertificateArn": "The ARN of the public TLS/SSL certificate in Amazon Web Services Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application.
"
+ }
+ },
"CertificateAuthentication": {
"base": "Information about the client certificate used for authentication.
",
"refs": {
@@ -4340,6 +4416,76 @@
"refs": {
}
},
+ "CreateVerifiedAccessEndpointEniOptions": {
+ "base": "Options for a network interface-type endpoint.
",
+ "refs": {
+ "CreateVerifiedAccessEndpointRequest$NetworkInterfaceOptions": "The network interface details if creating the Amazon Web Services Verified Access endpoint as network-interfacetype.
"
+ }
+ },
+ "CreateVerifiedAccessEndpointLoadBalancerOptions": {
+ "base": "Describes a load balancer when creating an Amazon Web Services Verified Access endpoint using the load-balancer type.
",
+ "refs": {
+ "CreateVerifiedAccessEndpointRequest$LoadBalancerOptions": "The load balancer details if creating the Amazon Web Services Verified Access endpoint as load-balancertype.
"
+ }
+ },
+ "CreateVerifiedAccessEndpointRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVerifiedAccessEndpointResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVerifiedAccessEndpointSubnetIdList": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointLoadBalancerOptions$SubnetIds": "The IDs of the subnets.
"
+ }
+ },
+ "CreateVerifiedAccessGroupRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVerifiedAccessGroupResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVerifiedAccessInstanceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVerifiedAccessInstanceResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVerifiedAccessTrustProviderDeviceOptions": {
+ "base": "Options for a device-identity type trust provider.
",
+ "refs": {
+ "CreateVerifiedAccessTrustProviderRequest$DeviceOptions": "The options for device identity based trust providers.
"
+ }
+ },
+ "CreateVerifiedAccessTrustProviderOidcOptions": {
+ "base": "Options for an OIDC-based, user-identity type trust provider.
",
+ "refs": {
+ "CreateVerifiedAccessTrustProviderRequest$OidcOptions": "The OpenID Connect details for an oidc-type, user-identity based trust provider.
"
+ }
+ },
+ "CreateVerifiedAccessTrustProviderRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVerifiedAccessTrustProviderResult": {
+ "base": null,
+ "refs": {
+ }
+ },
"CreateVolumePermission": {
"base": "Describes the user or group to be added or removed from the list of create volume permissions for a volume.
",
"refs": {
@@ -5301,6 +5447,46 @@
"refs": {
}
},
+ "DeleteVerifiedAccessEndpointRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVerifiedAccessEndpointResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVerifiedAccessGroupRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVerifiedAccessGroupResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVerifiedAccessInstanceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVerifiedAccessInstanceResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVerifiedAccessTrustProviderRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVerifiedAccessTrustProviderResult": {
+ "base": null,
+ "refs": {
+ }
+ },
"DeleteVolumeRequest": {
"base": null,
"refs": {
@@ -6933,6 +7119,86 @@
"refs": {
}
},
+ "DescribeVerifiedAccessEndpointsMaxResults": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessEndpointsRequest$MaxResults": "The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
"
+ }
+ },
+ "DescribeVerifiedAccessEndpointsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessEndpointsResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessGroupMaxResults": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessGroupsRequest$MaxResults": "The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
"
+ }
+ },
+ "DescribeVerifiedAccessGroupsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessGroupsResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsMaxResults": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsRequest$MaxResults": "The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
"
+ }
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessInstancesMaxResults": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessInstancesRequest$MaxResults": "The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
"
+ }
+ },
+ "DescribeVerifiedAccessInstancesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessInstancesResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessTrustProvidersMaxResults": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessTrustProvidersRequest$MaxResults": "The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
"
+ }
+ },
+ "DescribeVerifiedAccessTrustProvidersRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeVerifiedAccessTrustProvidersResult": {
+ "base": null,
+ "refs": {
+ }
+ },
"DescribeVolumeAttributeRequest": {
"base": null,
"refs": {
@@ -7167,6 +7433,16 @@
"refs": {
}
},
+ "DetachVerifiedAccessTrustProviderRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DetachVerifiedAccessTrustProviderResult": {
+ "base": null,
+ "refs": {
+ }
+ },
"DetachVolumeRequest": {
"base": null,
"refs": {
@@ -7177,6 +7453,20 @@
"refs": {
}
},
+ "DeviceOptions": {
+ "base": "Options for an Amazon Web Services Verified Access device-identity based trust provider.
",
+ "refs": {
+ "VerifiedAccessTrustProvider$DeviceOptions": "The options for device-identity type trust provider.
"
+ }
+ },
+ "DeviceTrustProviderType": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessTrustProviderRequest$DeviceTrustProviderType": "The type of device-based trust provider.
",
+ "VerifiedAccessTrustProvider$DeviceTrustProviderType": "The type of device-based trust provider.
",
+ "VerifiedAccessTrustProviderCondensed$DeviceTrustProviderType": "The type of device-based trust provider.
"
+ }
+ },
"DeviceType": {
"base": null,
"refs": {
@@ -8546,6 +8836,11 @@
"DescribeTransitGatewayVpcAttachmentsRequest$Filters": "One or more filters. The possible values are:
-
state - The state of the attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting.
-
transit-gateway-attachment-id - The ID of the attachment.
-
transit-gateway-id - The ID of the transit gateway.
-
vpc-id - The ID of the VPC.
",
"DescribeTransitGatewaysRequest$Filters": "One or more filters. The possible values are:
-
options.propagation-default-route-table-id - The ID of the default propagation route table.
-
options.amazon-side-asn - The private ASN for the Amazon side of a BGP session.
-
options.association-default-route-table-id - The ID of the default association route table.
-
options.auto-accept-shared-attachments - Indicates whether there is automatic acceptance of attachment requests (enable | disable).
-
options.default-route-table-association - Indicates whether resource attachments are automatically associated with the default association route table (enable | disable).
-
options.default-route-table-propagation - Indicates whether resource attachments automatically propagate routes to the default propagation route table (enable | disable).
-
options.dns-support - Indicates whether DNS support is enabled (enable | disable).
-
options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol support is enabled (enable | disable).
-
owner-id - The ID of the Amazon Web Services account that owns the transit gateway.
-
state - The state of the transit gateway (available | deleted | deleting | modifying | pending).
-
transit-gateway-id - The ID of the transit gateway.
",
"DescribeTrunkInterfaceAssociationsRequest$Filters": "One or more filters.
",
+ "DescribeVerifiedAccessEndpointsRequest$Filters": "One or more filters. Filter names and values are case-sensitive.
",
+ "DescribeVerifiedAccessGroupsRequest$Filters": "One or more filters. Filter names and values are case-sensitive.
",
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsRequest$Filters": "One or more filters. Filter names and values are case-sensitive.
",
+ "DescribeVerifiedAccessInstancesRequest$Filters": "One or more filters. Filter names and values are case-sensitive.
",
+ "DescribeVerifiedAccessTrustProvidersRequest$Filters": "One or more filters. Filter names and values are case-sensitive.
",
"DescribeVolumeStatusRequest$Filters": "The filters.
-
action.code - The action code for the event (for example, enable-volume-io).
-
action.description - A description of the action.
-
action.event-id - The event ID associated with the action.
-
availability-zone - The Availability Zone of the instance.
-
event.description - A description of the event.
-
event.event-id - The event ID.
-
event.event-type - The event type (for io-enabled: passed | failed; for io-performance: io-performance:degraded | io-performance:severely-degraded | io-performance:stalled).
-
event.not-after - The latest end time for the event.
-
event.not-before - The earliest start time for the event.
-
volume-status.details-name - The cause for volume-status.status (io-enabled | io-performance).
-
volume-status.details-status - The status of volume-status.details-name (for io-enabled: passed | failed; for io-performance: normal | degraded | severely-degraded | stalled).
-
volume-status.status - The status of the volume (ok | impaired | warning | insufficient-data).
",
"DescribeVolumesModificationsRequest$Filters": "The filters.
-
modification-state - The current modification state (modifying | optimizing | completed | failed).
-
original-iops - The original IOPS rate of the volume.
-
original-size - The original size of the volume, in GiB.
-
original-volume-type - The original volume type of the volume (standard | io1 | io2 | gp2 | sc1 | st1).
-
originalMultiAttachEnabled - Indicates whether Multi-Attach support was enabled (true | false).
-
start-time - The modification start time.
-
target-iops - The target IOPS rate of the volume.
-
target-size - The target size of the volume, in GiB.
-
target-volume-type - The target volume type of the volume (standard | io1 | io2 | gp2 | sc1 | st1).
-
targetMultiAttachEnabled - Indicates whether Multi-Attach support is to be enabled (true | false).
-
volume-id - The ID of the volume.
",
"DescribeVolumesRequest$Filters": "The filters.
-
attachment.attach-time - The time stamp when the attachment initiated.
-
attachment.delete-on-termination - Whether the volume is deleted on instance termination.
-
attachment.device - The device name specified in the block device mapping (for example, /dev/sda1).
-
attachment.instance-id - The ID of the instance the volume is attached to.
-
attachment.status - The attachment state (attaching | attached | detaching).
-
availability-zone - The Availability Zone in which the volume was created.
-
create-time - The time stamp when the volume was created.
-
encrypted - Indicates whether the volume is encrypted (true | false)
-
multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach (true | false)
-
fast-restored - Indicates whether the volume was created from a snapshot that is enabled for fast snapshot restore (true | false).
-
size - The size of the volume, in GiB.
-
snapshot-id - The snapshot from which the volume was created.
-
status - The state of the volume (creating | available | in-use | deleting | deleted | error).
-
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
-
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
-
volume-id - The volume ID.
-
volume-type - The Amazon EBS volume type (gp2 | gp3 | io1 | io2 | st1 | sc1| standard)
",
@@ -9359,6 +9654,26 @@
"refs": {
}
},
+ "GetVerifiedAccessEndpointPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetVerifiedAccessEndpointPolicyResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetVerifiedAccessGroupPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetVerifiedAccessGroupPolicyResult": {
+ "base": null,
+ "refs": {
+ }
+ },
"GetVpnConnectionDeviceSampleConfigurationRequest": {
"base": null,
"refs": {
@@ -12451,6 +12766,12 @@
"ReservedInstancesListing$Status": "The status of the Reserved Instance listing.
"
}
},
+ "LoadBalancerArn": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointLoadBalancerOptions$LoadBalancerArn": "The ARN of the load balancer.
"
+ }
+ },
"LoadBalancersConfig": {
"base": "Describes the Classic Load Balancers and target groups to attach to a Spot Fleet request.
",
"refs": {
@@ -13415,6 +13736,100 @@
"refs": {
}
},
+ "ModifyVerifiedAccessEndpointEniOptions": {
+ "base": "Options for a network-interface type Verified Access endpoint.
",
+ "refs": {
+ "ModifyVerifiedAccessEndpointRequest$NetworkInterfaceOptions": "The network interface options.
"
+ }
+ },
+ "ModifyVerifiedAccessEndpointLoadBalancerOptions": {
+ "base": "Describes a load balancer when creating an Amazon Web Services Verified Access endpoint using the load-balancer type.
",
+ "refs": {
+ "ModifyVerifiedAccessEndpointRequest$LoadBalancerOptions": "The load balancer details if creating the Amazon Web Services Verified Access endpoint as load-balancertype.
"
+ }
+ },
+ "ModifyVerifiedAccessEndpointPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessEndpointPolicyResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessEndpointRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessEndpointResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessEndpointSubnetIdList": {
+ "base": null,
+ "refs": {
+ "ModifyVerifiedAccessEndpointLoadBalancerOptions$SubnetIds": "The IDs of the subnets.
"
+ }
+ },
+ "ModifyVerifiedAccessGroupPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessGroupPolicyResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessGroupRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessGroupResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessInstanceLoggingConfigurationRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessInstanceLoggingConfigurationResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessInstanceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessInstanceResult": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessTrustProviderOidcOptions": {
+ "base": "OpenID Connect options for an oidc-type, user-identity based trust provider.
",
+ "refs": {
+ "ModifyVerifiedAccessTrustProviderRequest$OidcOptions": "The OpenID Connect details for an oidc-type, user-identity based trust provider.
"
+ }
+ },
+ "ModifyVerifiedAccessTrustProviderRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ModifyVerifiedAccessTrustProviderResult": {
+ "base": null,
+ "refs": {
+ }
+ },
"ModifyVolumeAttributeRequest": {
"base": null,
"refs": {
@@ -13990,6 +14405,7 @@
"CreateRouteRequest$NetworkInterfaceId": "The ID of a network interface.
",
"CreateTrafficMirrorSessionRequest$NetworkInterfaceId": "The ID of the source network interface.
",
"CreateTrafficMirrorTargetRequest$NetworkInterfaceId": "The network interface ID that is associated with the target.
",
+ "CreateVerifiedAccessEndpointEniOptions$NetworkInterfaceId": "The ID of the network interface.
",
"DeleteNetworkInterfaceRequest$NetworkInterfaceId": "The ID of the network interface.
",
"DescribeNetworkInterfaceAttributeRequest$NetworkInterfaceId": "The ID of the network interface.
",
"InstanceNetworkInterfaceSpecification$NetworkInterfaceId": "The ID of the network interface.
If you are creating a Spot Fleet, omit this parameter because you can’t specify a network interface ID in a launch specification.
",
@@ -14004,7 +14420,8 @@
"ScheduledInstancesNetworkInterface$NetworkInterfaceId": "The ID of the network interface.
",
"TransitGatewayNetworkInterfaceIdList$member": null,
"UnassignIpv6AddressesRequest$NetworkInterfaceId": "The ID of the network interface.
",
- "UnassignPrivateIpAddressesRequest$NetworkInterfaceId": "The ID of the network interface.
"
+ "UnassignPrivateIpAddressesRequest$NetworkInterfaceId": "The ID of the network interface.
",
+ "VerifiedAccessEndpointEniOptions$NetworkInterfaceId": "The ID of the network interface.
"
}
},
"NetworkInterfaceIdList": {
@@ -14162,6 +14579,16 @@
"DescribeTrafficMirrorFiltersRequest$NextToken": "The token for the next page of results.
",
"DescribeTrafficMirrorSessionsRequest$NextToken": "The token for the next page of results.
",
"DescribeTrafficMirrorTargetsRequest$NextToken": "The token for the next page of results.
",
+ "DescribeVerifiedAccessEndpointsRequest$NextToken": "The token for the next page of results.
",
+ "DescribeVerifiedAccessEndpointsResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "DescribeVerifiedAccessGroupsRequest$NextToken": "The token for the next page of results.
",
+ "DescribeVerifiedAccessGroupsResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsRequest$NextToken": "The token for the next page of results.
",
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "DescribeVerifiedAccessInstancesRequest$NextToken": "The token for the next page of results.
",
+ "DescribeVerifiedAccessInstancesResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "DescribeVerifiedAccessTrustProvidersRequest$NextToken": "The token for the next page of results.
",
+ "DescribeVerifiedAccessTrustProvidersResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
"GetAssociatedIpv6PoolCidrsRequest$NextToken": "The token for the next page of results.
",
"GetIpamAddressHistoryRequest$NextToken": "The token for the next page of results.
",
"GetIpamAddressHistoryResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
@@ -14219,6 +14646,12 @@
"ReservedInstancesOffering$OfferingType": "The Reserved Instance offering type.
"
}
},
+ "OidcOptions": {
+ "base": "Options for OIDC-based, user-identity type trust provider.
",
+ "refs": {
+ "VerifiedAccessTrustProvider$OidcOptions": "The OpenID Connect details for an oidc-type, user-identity based trust provider.
"
+ }
+ },
"OnDemandAllocationStrategy": {
"base": null,
"refs": {
@@ -16361,6 +16794,7 @@
"RevokeSecurityGroupEgressRequest$GroupId": "The ID of the security group.
",
"RevokeSecurityGroupIngressRequest$GroupId": "The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
",
"ScheduledInstancesSecurityGroupIdSet$member": null,
+ "SecurityGroupIdList$member": null,
"SecurityGroupIdStringList$member": null,
"SecurityGroupRule$GroupId": "The ID of the security group.
",
"SecurityGroupRuleRequest$ReferencedGroupId": "The ID of the security group that is referenced in the security group rule.
",
@@ -16369,6 +16803,13 @@
"VpcEndpointSecurityGroupIdList$member": null
}
},
+ "SecurityGroupIdList": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointRequest$SecurityGroupIds": "The Amazon EC2 security groups to associate with the Amazon Web Services Verified Access endpoint.
",
+ "VerifiedAccessEndpoint$SecurityGroupIds": "The IDs of the security groups for the endpoint.
"
+ }
+ },
"SecurityGroupIdStringList": {
"base": null,
"refs": {
@@ -17179,6 +17620,7 @@
"AssociationStatus$Message": "A message about the status of the target network association, if applicable.
",
"AthenaIntegration$IntegrationResultS3DestinationArn": "The location in Amazon S3 to store the generated CloudFormation template.
",
"AttachNetworkInterfaceResult$AttachmentId": "The ID of the network interface attachment.
",
+ "AttachVerifiedAccessTrustProviderRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
"AttachVolumeRequest$Device": "The device name (for example, /dev/sdh or xvdh).
",
"AttributeValue$Value": "The attribute value. The value is case-sensitive.
",
"AuthorizationRule$ClientVpnEndpointId": "The ID of the Client VPN endpoint with which the authorization rule is associated.
",
@@ -17454,6 +17896,27 @@
"CreateTransitGatewayPeeringAttachmentRequest$PeerRegion": "The Region where the peer transit gateway is located.
",
"CreateTransitGatewayRequest$Description": "A description of the transit gateway.
",
"CreateTransitGatewayRouteRequest$DestinationCidrBlock": "The CIDR range used for destination matches. Routing decisions are based on the most specific match.
",
+ "CreateVerifiedAccessEndpointRequest$ApplicationDomain": "The DNS name for users to reach your application.
",
+ "CreateVerifiedAccessEndpointRequest$EndpointDomainPrefix": "A custom identifier that gets prepended to a DNS name that is generated for the endpoint.
",
+ "CreateVerifiedAccessEndpointRequest$Description": "A description for the Amazon Web Services Verified Access endpoint.
",
+ "CreateVerifiedAccessEndpointRequest$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
+ "CreateVerifiedAccessEndpointRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "CreateVerifiedAccessGroupRequest$Description": "A description for the Amazon Web Services Verified Access group.
",
+ "CreateVerifiedAccessGroupRequest$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
+ "CreateVerifiedAccessGroupRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "CreateVerifiedAccessInstanceRequest$Description": "A description for the Amazon Web Services Verified Access instance.
",
+ "CreateVerifiedAccessInstanceRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "CreateVerifiedAccessTrustProviderDeviceOptions$TenantId": "The ID of the tenant application with the device-identity provider.
",
+ "CreateVerifiedAccessTrustProviderOidcOptions$Issuer": "The OIDC issuer.
",
+ "CreateVerifiedAccessTrustProviderOidcOptions$AuthorizationEndpoint": "The OIDC authorization endpoint.
",
+ "CreateVerifiedAccessTrustProviderOidcOptions$TokenEndpoint": "The OIDC token endpoint.
",
+ "CreateVerifiedAccessTrustProviderOidcOptions$UserInfoEndpoint": "The OIDC user info endpoint.
",
+ "CreateVerifiedAccessTrustProviderOidcOptions$ClientId": "The client identifier.
",
+ "CreateVerifiedAccessTrustProviderOidcOptions$ClientSecret": "The client secret.
",
+ "CreateVerifiedAccessTrustProviderOidcOptions$Scope": "OpenID Connect (OIDC) scopes are used by an application during authentication to authorize access to a user's details. Each scope returns a specific set of user attributes.
",
+ "CreateVerifiedAccessTrustProviderRequest$PolicyReferenceName": "The identifier to be used when working with policy rules.
",
+ "CreateVerifiedAccessTrustProviderRequest$Description": "A description for the Amazon Web Services Verified Access trust provider.
",
+ "CreateVerifiedAccessTrustProviderRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
"CreateVolumePermission$UserId": "The ID of the Amazon Web Services account to be added or removed.
",
"CreateVolumeRequest$AvailabilityZone": "The Availability Zone in which to create the volume.
",
"CreateVolumeRequest$OutpostArn": "The Amazon Resource Name (ARN) of the Outpost.
",
@@ -17509,6 +17972,10 @@
"DeleteTrafficMirrorSessionResult$TrafficMirrorSessionId": "The ID of the deleted Traffic Mirror session.
",
"DeleteTrafficMirrorTargetResult$TrafficMirrorTargetId": "The ID of the deleted Traffic Mirror target.
",
"DeleteTransitGatewayRouteRequest$DestinationCidrBlock": "The CIDR range for the route. This must match the CIDR for the route exactly.
",
+ "DeleteVerifiedAccessEndpointRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "DeleteVerifiedAccessGroupRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "DeleteVerifiedAccessInstanceRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "DeleteVerifiedAccessTrustProviderRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
"DeleteVpnConnectionRouteRequest$DestinationCidrBlock": "The CIDR block associated with the local subnet of the customer network.
",
"DeprovisionByoipCidrRequest$Cidr": "The address range, in CIDR notation. The prefix must be the same prefix that you specified when you provisioned the address range.
",
"DeprovisionIpamPoolCidrRequest$Cidr": "The CIDR which you want to deprovision from the pool.
",
@@ -17705,7 +18172,9 @@
"DescribeVpcPeeringConnectionsResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
"DescribeVpcsRequest$NextToken": "The token for the next page of results.
",
"DescribeVpcsResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "DetachVerifiedAccessTrustProviderRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
"DetachVolumeRequest$Device": "The device name.
",
+ "DeviceOptions$TenantId": "The ID of the tenant application with the device-identity provider.
",
"DhcpConfiguration$Key": "The name of a DHCP option.
",
"DhcpOptions$DhcpOptionsId": "The ID of the set of DHCP options.
",
"DhcpOptions$OwnerId": "The ID of the Amazon Web Services account that owns the DHCP options set.
",
@@ -17905,6 +18374,8 @@
"GetTransitGatewayRouteTableAssociationsResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
"GetTransitGatewayRouteTablePropagationsRequest$NextToken": "The token for the next page of results.
",
"GetTransitGatewayRouteTablePropagationsResult$NextToken": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
",
+ "GetVerifiedAccessEndpointPolicyResult$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
+ "GetVerifiedAccessGroupPolicyResult$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
"GetVpnConnectionDeviceSampleConfigurationRequest$InternetKeyExchangeVersion": "The IKE version to be used in the sample configuration file for your customer gateway device. You can specify one of the following versions: ikev1 or ikev2.
",
"GroupIdentifier$GroupName": "The name of the security group.
",
"GroupIdentifier$GroupId": "The ID of the security group.
",
@@ -18280,6 +18751,22 @@
"ModifyTrafficMirrorFilterRuleRequest$Description": "The description to assign to the Traffic Mirror rule.
",
"ModifyTrafficMirrorSessionRequest$Description": "The description to assign to the Traffic Mirror session.
",
"ModifyTransitGatewayRequest$Description": "The description for the transit gateway.
",
+ "ModifyVerifiedAccessEndpointPolicyRequest$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
+ "ModifyVerifiedAccessEndpointPolicyRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "ModifyVerifiedAccessEndpointPolicyResult$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
+ "ModifyVerifiedAccessEndpointRequest$Description": "A description for the Amazon Web Services Verified Access endpoint.
",
+ "ModifyVerifiedAccessEndpointRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "ModifyVerifiedAccessGroupPolicyRequest$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
+ "ModifyVerifiedAccessGroupPolicyRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "ModifyVerifiedAccessGroupPolicyResult$PolicyDocument": "The Amazon Web Services Verified Access policy document.
",
+ "ModifyVerifiedAccessGroupRequest$Description": "A description for the Amazon Web Services Verified Access group.
",
+ "ModifyVerifiedAccessGroupRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "ModifyVerifiedAccessInstanceLoggingConfigurationRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "ModifyVerifiedAccessInstanceRequest$Description": "A description for the Amazon Web Services Verified Access instance.
",
+ "ModifyVerifiedAccessInstanceRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
+ "ModifyVerifiedAccessTrustProviderOidcOptions$Scope": "OpenID Connect (OIDC) scopes are used by an application during authentication to authorize access to a user's details. Each scope returns a specific set of user attributes.
",
+ "ModifyVerifiedAccessTrustProviderRequest$Description": "A description for the Amazon Web Services Verified Access trust provider.
",
+ "ModifyVerifiedAccessTrustProviderRequest$ClientToken": "A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.
",
"ModifyVpcEndpointConnectionNotificationRequest$ConnectionNotificationArn": "The ARN for the SNS topic for the notification.
",
"ModifyVpcEndpointRequest$PolicyDocument": "(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must be in valid JSON format.
",
"ModifyVpcEndpointServiceConfigurationRequest$PrivateDnsName": "(Interface endpoint configuration) The private DNS name to assign to the endpoint service.
",
@@ -18354,6 +18841,13 @@
"NetworkInterfacePrivateIpAddress$PrivateDnsName": "The private DNS name.
",
"NetworkInterfacePrivateIpAddress$PrivateIpAddress": "The private IPv4 address.
",
"NewDhcpConfiguration$Key": null,
+ "OidcOptions$Issuer": "The OIDC issuer.
",
+ "OidcOptions$AuthorizationEndpoint": "The OIDC authorization endpoint.
",
+ "OidcOptions$TokenEndpoint": "The OIDC token endpoint.
",
+ "OidcOptions$UserInfoEndpoint": "The OIDC user info endpoint.
",
+ "OidcOptions$ClientId": "The client identifier.
",
+ "OidcOptions$ClientSecret": "The client secret.
",
+ "OidcOptions$Scope": "The OpenID Connect (OIDC) scope specified.
",
"OnDemandOptions$MaxTotalPrice": "The maximum amount per hour for On-Demand Instances that you're willing to pay.
",
"OnDemandOptionsRequest$MaxTotalPrice": "The maximum amount per hour for On-Demand Instances that you're willing to pay.
",
"OrganizationArnStringList$member": null,
@@ -18881,6 +19375,50 @@
"ValidationError$Code": "The error code that indicates why the parameter or parameter combination is not valid. For more information about error codes, see Error codes.
",
"ValidationError$Message": "The error message that describes why the parameter or parameter combination is not valid. For more information about error messages, see Error codes.
",
"ValueStringList$member": null,
+ "VerifiedAccessEndpoint$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessEndpoint$VerifiedAccessGroupId": "The ID of the Amazon Web Services Verified Access group.
",
+ "VerifiedAccessEndpoint$VerifiedAccessEndpointId": "The ID of the Amazon Web Services Verified Access endpoint.
",
+ "VerifiedAccessEndpoint$ApplicationDomain": "The DNS name for users to reach your application.
",
+ "VerifiedAccessEndpoint$DomainCertificateArn": "The ARN of a public TLS/SSL certificate imported into or created with ACM.
",
+ "VerifiedAccessEndpoint$EndpointDomain": "A DNS name that is generated for the endpoint.
",
+ "VerifiedAccessEndpoint$DeviceValidationDomain": "Returned if endpoint has a device trust provider attached.
",
+ "VerifiedAccessEndpoint$Description": "A description for the Amazon Web Services Verified Access endpoint.
",
+ "VerifiedAccessEndpoint$CreationTime": "The creation time.
",
+ "VerifiedAccessEndpoint$LastUpdatedTime": "The last updated time.
",
+ "VerifiedAccessEndpoint$DeletionTime": "The deletion time.
",
+ "VerifiedAccessEndpointLoadBalancerOptions$LoadBalancerArn": "The ARN of the load balancer.
",
+ "VerifiedAccessEndpointStatus$Message": "The status message of the Verified Access endpoint.
",
+ "VerifiedAccessGroup$VerifiedAccessGroupId": "The ID of the Verified Access group.
",
+ "VerifiedAccessGroup$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessGroup$Description": "A description for the Amazon Web Services Verified Access group.
",
+ "VerifiedAccessGroup$Owner": "The Amazon Web Services account number that owns the group.
",
+ "VerifiedAccessGroup$VerifiedAccessGroupArn": "The ARN of the Verified Access group.
",
+ "VerifiedAccessGroup$CreationTime": "The creation time.
",
+ "VerifiedAccessGroup$LastUpdatedTime": "The last updated time.
",
+ "VerifiedAccessGroup$DeletionTime": "The deletion time.
",
+ "VerifiedAccessInstance$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessInstance$Description": "A description for the Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessInstance$CreationTime": "The creation time.
",
+ "VerifiedAccessInstance$LastUpdatedTime": "The last updated time.
",
+ "VerifiedAccessInstanceLoggingConfiguration$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessLogCloudWatchLogsDestination$LogGroup": "The ID of the CloudWatch Logs log group.
",
+ "VerifiedAccessLogCloudWatchLogsDestinationOptions$LogGroup": "The ID of the CloudWatch Logs log group.
",
+ "VerifiedAccessLogDeliveryStatus$Message": "The status message.
",
+ "VerifiedAccessLogKinesisDataFirehoseDestination$DeliveryStream": "The ID of the delivery stream.
",
+ "VerifiedAccessLogKinesisDataFirehoseDestinationOptions$DeliveryStream": "The ID of the delivery stream.
",
+ "VerifiedAccessLogS3Destination$BucketName": "The bucket name.
",
+ "VerifiedAccessLogS3Destination$Prefix": "The bucket prefix.
",
+ "VerifiedAccessLogS3Destination$BucketOwner": "The Amazon Web Services account number that owns the bucket.
",
+ "VerifiedAccessLogS3DestinationOptions$BucketName": "The bucket name.
",
+ "VerifiedAccessLogS3DestinationOptions$Prefix": "The bucket prefix.
",
+ "VerifiedAccessLogS3DestinationOptions$BucketOwner": "The ID of the Amazon Web Services account that owns the Amazon S3 bucket.
",
+ "VerifiedAccessTrustProvider$VerifiedAccessTrustProviderId": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "VerifiedAccessTrustProvider$Description": "A description for the Amazon Web Services Verified Access trust provider.
",
+ "VerifiedAccessTrustProvider$PolicyReferenceName": "The identifier to be used when working with policy rules.
",
+ "VerifiedAccessTrustProvider$CreationTime": "The creation time.
",
+ "VerifiedAccessTrustProvider$LastUpdatedTime": "The last updated time.
",
+ "VerifiedAccessTrustProviderCondensed$VerifiedAccessTrustProviderId": "The ID of the trust provider.
",
+ "VerifiedAccessTrustProviderCondensed$Description": "The description of trust provider.
",
"VersionStringList$member": null,
"VgwTelemetry$OutsideIpAddress": "The Internet-routable IP address of the virtual private gateway's outside interface.
",
"VgwTelemetry$StatusMessage": "If an error occurs, a description of the error.
",
@@ -19064,6 +19602,7 @@
"CreateNatGatewayRequest$SubnetId": "The subnet in which to create the NAT gateway.
",
"CreateNetworkInterfaceRequest$SubnetId": "The ID of the subnet to associate with the network interface.
",
"CreateSubnetCidrReservationRequest$SubnetId": "The ID of the subnet.
",
+ "CreateVerifiedAccessEndpointSubnetIdList$member": null,
"DeleteClientVpnRouteRequest$TargetVpcSubnetId": "The ID of the target subnet used by the route.
",
"DeleteSubnetRequest$SubnetId": "The ID of the subnet.
",
"FleetLaunchTemplateOverridesRequest$SubnetId": "The IDs of the subnets in which to launch the instances. Separate multiple subnet IDs using commas (for example, subnet-1234abcdeexample1, subnet-0987cdef6example2). A request of type instant can have only one subnet ID.
",
@@ -19074,6 +19613,7 @@
"LaunchTemplateOverrides$SubnetId": "The ID of the subnet in which to launch the instances.
",
"LocalGatewayRoute$SubnetId": "The ID of the subnet.
",
"ModifySubnetAttributeRequest$SubnetId": "The ID of the subnet.
",
+ "ModifyVerifiedAccessEndpointSubnetIdList$member": null,
"RequestSpotLaunchSpecification$SubnetId": "The ID of the subnet in which to launch the instance.
",
"RunInstancesRequest$SubnetId": "[EC2-VPC] The ID of the subnet to launch the instance into.
If you specify a network interface, you must specify any subnets as part of the network interface.
",
"ScheduledInstancesLaunchSpecification$SubnetId": "The ID of the subnet in which to launch the instances.
",
@@ -19082,6 +19622,7 @@
"SubnetCidrReservation$SubnetId": "The ID of the subnet.
",
"SubnetIdStringList$member": null,
"TransitGatewaySubnetIdList$member": null,
+ "VerifiedAccessEndpointSubnetIdList$member": null,
"VpcEndpointSubnetIdList$member": null
}
},
@@ -19281,6 +19822,10 @@
"TransitGatewayRouteTableAnnouncement$Tags": "The key-value pairs associated with the route table announcement.
",
"TransitGatewayVpcAttachment$Tags": "The tags for the VPC attachment.
",
"TrunkInterfaceAssociation$Tags": "The tags for the trunk interface association.
",
+ "VerifiedAccessEndpoint$Tags": "The tags.
",
+ "VerifiedAccessGroup$Tags": "The tags.
",
+ "VerifiedAccessInstance$Tags": "The tags.
",
+ "VerifiedAccessTrustProvider$Tags": "The tags.
",
"Volume$Tags": "Any tags assigned to the volume.
",
"Vpc$Tags": "Any tags assigned to the VPC.
",
"VpcClassicLink$Tags": "Any tags assigned to the VPC.
",
@@ -19357,6 +19902,10 @@
"CreateTransitGatewayRouteTableAnnouncementRequest$TagSpecifications": "The tags specifications applied to the transit gateway route table announcement.
",
"CreateTransitGatewayRouteTableRequest$TagSpecifications": "The tags to apply to the transit gateway route table.
",
"CreateTransitGatewayVpcAttachmentRequest$TagSpecifications": "The tags to apply to the VPC attachment.
",
+ "CreateVerifiedAccessEndpointRequest$TagSpecifications": "The tags to assign to the Amazon Web Services Verified Access endpoint.
",
+ "CreateVerifiedAccessGroupRequest$TagSpecifications": "The tags to assign to the Amazon Web Services Verified Access group.
",
+ "CreateVerifiedAccessInstanceRequest$TagSpecifications": "The tags to assign to the Amazon Web Services Verified Access instance.
",
+ "CreateVerifiedAccessTrustProviderRequest$TagSpecifications": "The tags to assign to the Amazon Web Services Verified Access trust provider.
",
"CreateVolumeRequest$TagSpecifications": "The tags to apply to the volume during creation.
",
"CreateVpcEndpointRequest$TagSpecifications": "The tags to associate with the endpoint.
",
"CreateVpcEndpointServiceConfigurationRequest$TagSpecifications": "The tags to associate with the service.
",
@@ -20582,6 +21131,14 @@
"DescribeTrunkInterfaceAssociationsResult$InterfaceAssociations": "Information about the trunk associations.
"
}
},
+ "TrustProviderType": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessTrustProviderRequest$TrustProviderType": "The type of trust provider can be either user or device-based.
",
+ "VerifiedAccessTrustProvider$TrustProviderType": "The type of Verified Access trust provider.
",
+ "VerifiedAccessTrustProviderCondensed$TrustProviderType": "The type of trust provider (user- or device-based).
"
+ }
+ },
"TunnelInsideIpVersion": {
"base": null,
"refs": {
@@ -20776,6 +21333,14 @@
"ModifySnapshotAttributeRequest$UserIds": "The account ID to modify for the snapshot.
"
}
},
+ "UserTrustProviderType": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessTrustProviderRequest$UserTrustProviderType": "The type of user-based trust provider.
",
+ "VerifiedAccessTrustProvider$UserTrustProviderType": "The type of user-based trust provider.
",
+ "VerifiedAccessTrustProviderCondensed$UserTrustProviderType": "The type of user-based trust provider.
"
+ }
+ },
"VCpuCount": {
"base": null,
"refs": {
@@ -20892,6 +21457,296 @@
"VpcEndpointConnection$GatewayLoadBalancerArns": "The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service.
"
}
},
+ "VerifiedAccessEndpoint": {
+ "base": "An Amazon Web Services Verified Access endpoint specifies the application that Amazon Web Services Verified Access provides access to. It must be attached to an Amazon Web Services Verified Access group. An Amazon Web Services Verified Access endpoint must also have an attached access policy before you attached it to a group.
",
+ "refs": {
+ "CreateVerifiedAccessEndpointResult$VerifiedAccessEndpoint": "The ID of the Amazon Web Services Verified Access endpoint.
",
+ "DeleteVerifiedAccessEndpointResult$VerifiedAccessEndpoint": "The ID of the Amazon Web Services Verified Access endpoint.
",
+ "ModifyVerifiedAccessEndpointResult$VerifiedAccessEndpoint": "The Amazon Web Services Verified Access endpoint details.
",
+ "VerifiedAccessEndpointList$member": null
+ }
+ },
+ "VerifiedAccessEndpointAttachmentType": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointRequest$AttachmentType": "The Amazon Web Services network component Verified Access attaches to.
",
+ "VerifiedAccessEndpoint$AttachmentType": "The type of attachment used to provide connectivity between the Amazon Web Services Verified Access endpoint and the application.
"
+ }
+ },
+ "VerifiedAccessEndpointEniOptions": {
+ "base": "Options for a network-interface type endpoint.
",
+ "refs": {
+ "VerifiedAccessEndpoint$NetworkInterfaceOptions": "The options for network-interface type endpoint.
"
+ }
+ },
+ "VerifiedAccessEndpointId": {
+ "base": null,
+ "refs": {
+ "DeleteVerifiedAccessEndpointRequest$VerifiedAccessEndpointId": "The ID of the Amazon Web Services Verified Access endpoint.
",
+ "GetVerifiedAccessEndpointPolicyRequest$VerifiedAccessEndpointId": "The ID of the Amazon Web Services Verified Access endpoint.
",
+ "ModifyVerifiedAccessEndpointPolicyRequest$VerifiedAccessEndpointId": "The ID of the Amazon Web Services Verified Access endpoint.
",
+ "ModifyVerifiedAccessEndpointRequest$VerifiedAccessEndpointId": "The ID of the Amazon Web Services Verified Access endpoint.
",
+ "VerifiedAccessEndpointIdList$member": null
+ }
+ },
+ "VerifiedAccessEndpointIdList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessEndpointsRequest$VerifiedAccessEndpointIds": "The ID of the Amazon Web Services Verified Access endpoint.
"
+ }
+ },
+ "VerifiedAccessEndpointList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessEndpointsResult$VerifiedAccessEndpoints": "The ID of the Amazon Web Services Verified Access endpoint.
"
+ }
+ },
+ "VerifiedAccessEndpointLoadBalancerOptions": {
+ "base": "Describes a load balancer when creating an Amazon Web Services Verified Access endpoint using the load-balancer type.
",
+ "refs": {
+ "VerifiedAccessEndpoint$LoadBalancerOptions": "The load balancer details if creating the Amazon Web Services Verified Access endpoint as load-balancertype.
"
+ }
+ },
+ "VerifiedAccessEndpointPortNumber": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointEniOptions$Port": "The IP port number.
",
+ "CreateVerifiedAccessEndpointLoadBalancerOptions$Port": "The IP port number.
",
+ "ModifyVerifiedAccessEndpointEniOptions$Port": "The IP port number.
",
+ "ModifyVerifiedAccessEndpointLoadBalancerOptions$Port": "The IP port number.
",
+ "VerifiedAccessEndpointEniOptions$Port": "The IP port number.
",
+ "VerifiedAccessEndpointLoadBalancerOptions$Port": "The IP port number.
"
+ }
+ },
+ "VerifiedAccessEndpointProtocol": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointEniOptions$Protocol": "The IP protocol.
",
+ "CreateVerifiedAccessEndpointLoadBalancerOptions$Protocol": "The IP protocol.
",
+ "ModifyVerifiedAccessEndpointEniOptions$Protocol": "The IP protocol.
",
+ "ModifyVerifiedAccessEndpointLoadBalancerOptions$Protocol": "The IP protocol.
",
+ "VerifiedAccessEndpointEniOptions$Protocol": "The IP protocol.
",
+ "VerifiedAccessEndpointLoadBalancerOptions$Protocol": "The IP protocol.
"
+ }
+ },
+ "VerifiedAccessEndpointStatus": {
+ "base": "Describes the status of a Verified Access endpoint.
",
+ "refs": {
+ "VerifiedAccessEndpoint$Status": "The endpoint status.
"
+ }
+ },
+ "VerifiedAccessEndpointStatusCode": {
+ "base": null,
+ "refs": {
+ "VerifiedAccessEndpointStatus$Code": "The status code of the Verified Access endpoint.
"
+ }
+ },
+ "VerifiedAccessEndpointSubnetIdList": {
+ "base": null,
+ "refs": {
+ "VerifiedAccessEndpointLoadBalancerOptions$SubnetIds": "The IDs of the subnets.
"
+ }
+ },
+ "VerifiedAccessEndpointType": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointRequest$EndpointType": "The type of Amazon Web Services Verified Access endpoint to create.
",
+ "VerifiedAccessEndpoint$EndpointType": "The type of Amazon Web Services Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.
"
+ }
+ },
+ "VerifiedAccessGroup": {
+ "base": "Describes a Verified Access group.
",
+ "refs": {
+ "CreateVerifiedAccessGroupResult$VerifiedAccessGroup": "The ID of the Verified Access group.
",
+ "DeleteVerifiedAccessGroupResult$VerifiedAccessGroup": "The ID of the Amazon Web Services Verified Access group.
",
+ "ModifyVerifiedAccessGroupResult$VerifiedAccessGroup": "Details of Amazon Web Services Verified Access group.
",
+ "VerifiedAccessGroupList$member": null
+ }
+ },
+ "VerifiedAccessGroupId": {
+ "base": null,
+ "refs": {
+ "CreateVerifiedAccessEndpointRequest$VerifiedAccessGroupId": "The ID of the Verified Access group to associate the endpoint with.
",
+ "DeleteVerifiedAccessGroupRequest$VerifiedAccessGroupId": "The ID of the Amazon Web Services Verified Access group.
",
+ "DescribeVerifiedAccessEndpointsRequest$VerifiedAccessGroupId": "The ID of the Amazon Web Services Verified Access group.
",
+ "GetVerifiedAccessGroupPolicyRequest$VerifiedAccessGroupId": "The ID of the Amazon Web Services Verified Access group.
",
+ "ModifyVerifiedAccessEndpointRequest$VerifiedAccessGroupId": "The ID of the Amazon Web Services Verified Access group.
",
+ "ModifyVerifiedAccessGroupPolicyRequest$VerifiedAccessGroupId": "The ID of the Amazon Web Services Verified Access group.
",
+ "ModifyVerifiedAccessGroupRequest$VerifiedAccessGroupId": "The ID of the Amazon Web Services Verified Access group.
",
+ "VerifiedAccessGroupIdList$member": null
+ }
+ },
+ "VerifiedAccessGroupIdList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessGroupsRequest$VerifiedAccessGroupIds": "The ID of the Amazon Web Services Verified Access groups.
"
+ }
+ },
+ "VerifiedAccessGroupList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessGroupsResult$VerifiedAccessGroups": "The ID of the Verified Access group.
"
+ }
+ },
+ "VerifiedAccessInstance": {
+ "base": "Describes a Verified Access instance.
",
+ "refs": {
+ "AttachVerifiedAccessTrustProviderResult$VerifiedAccessInstance": "The ID of the Amazon Web Services Verified Access instance.
",
+ "CreateVerifiedAccessInstanceResult$VerifiedAccessInstance": "The ID of the Amazon Web Services Verified Access instance.
",
+ "DeleteVerifiedAccessInstanceResult$VerifiedAccessInstance": "The ID of the Amazon Web Services Verified Access instance.
",
+ "DetachVerifiedAccessTrustProviderResult$VerifiedAccessInstance": "The ID of the Amazon Web Services Verified Access instance.
",
+ "ModifyVerifiedAccessInstanceResult$VerifiedAccessInstance": "The ID of the Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessInstanceList$member": null
+ }
+ },
+ "VerifiedAccessInstanceId": {
+ "base": null,
+ "refs": {
+ "AttachVerifiedAccessTrustProviderRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "CreateVerifiedAccessGroupRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "DeleteVerifiedAccessInstanceRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "DescribeVerifiedAccessEndpointsRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "DescribeVerifiedAccessGroupsRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "DetachVerifiedAccessTrustProviderRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "ModifyVerifiedAccessGroupRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "ModifyVerifiedAccessInstanceLoggingConfigurationRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "ModifyVerifiedAccessInstanceRequest$VerifiedAccessInstanceId": "The ID of the Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessInstanceIdList$member": null
+ }
+ },
+ "VerifiedAccessInstanceIdList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsRequest$VerifiedAccessInstanceIds": "The IDs of the Amazon Web Services Verified Access instances.
",
+ "DescribeVerifiedAccessInstancesRequest$VerifiedAccessInstanceIds": "The IDs of the Amazon Web Services Verified Access instances.
"
+ }
+ },
+ "VerifiedAccessInstanceList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessInstancesResult$VerifiedAccessInstances": "The IDs of the Amazon Web Services Verified Access instances.
"
+ }
+ },
+ "VerifiedAccessInstanceLoggingConfiguration": {
+ "base": "Describes logging options for an Amazon Web Services Verified Access instance.
",
+ "refs": {
+ "ModifyVerifiedAccessInstanceLoggingConfigurationResult$LoggingConfiguration": "The logging configuration for Amazon Web Services Verified Access instance.
",
+ "VerifiedAccessInstanceLoggingConfigurationList$member": null
+ }
+ },
+ "VerifiedAccessInstanceLoggingConfigurationList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessInstanceLoggingConfigurationsResult$LoggingConfigurations": "The current logging configuration for the Amazon Web Services Verified Access instances.
"
+ }
+ },
+ "VerifiedAccessLogCloudWatchLogsDestination": {
+ "base": "Options for CloudWatch Logs as a logging destination.
",
+ "refs": {
+ "VerifiedAccessLogs$CloudWatchLogs": "CloudWatch Logs logging destination.
"
+ }
+ },
+ "VerifiedAccessLogCloudWatchLogsDestinationOptions": {
+ "base": "Options for CloudWatch Logs as a logging destination.
",
+ "refs": {
+ "VerifiedAccessLogOptions$CloudWatchLogs": "Sends Verified Access logs to CloudWatch Logs.
"
+ }
+ },
+ "VerifiedAccessLogDeliveryStatus": {
+ "base": "Describes a log delivery status.
",
+ "refs": {
+ "VerifiedAccessLogCloudWatchLogsDestination$DeliveryStatus": "The delivery status for access logs.
",
+ "VerifiedAccessLogKinesisDataFirehoseDestination$DeliveryStatus": "The delivery status.
",
+ "VerifiedAccessLogS3Destination$DeliveryStatus": "The delivery status.
"
+ }
+ },
+ "VerifiedAccessLogDeliveryStatusCode": {
+ "base": null,
+ "refs": {
+ "VerifiedAccessLogDeliveryStatus$Code": "The status code.
"
+ }
+ },
+ "VerifiedAccessLogKinesisDataFirehoseDestination": {
+ "base": "Options for Kinesis as a logging destination.
",
+ "refs": {
+ "VerifiedAccessLogs$KinesisDataFirehose": "Kinesis logging destination.
"
+ }
+ },
+ "VerifiedAccessLogKinesisDataFirehoseDestinationOptions": {
+ "base": "Describes Amazon Kinesis Data Firehose logging options.
",
+ "refs": {
+ "VerifiedAccessLogOptions$KinesisDataFirehose": "Sends Verified Access logs to Kinesis.
"
+ }
+ },
+ "VerifiedAccessLogOptions": {
+ "base": "Describes the destinations for Verified Access logs.
",
+ "refs": {
+ "ModifyVerifiedAccessInstanceLoggingConfigurationRequest$AccessLogs": "The configuration options for Amazon Web Services Verified Access instances.
"
+ }
+ },
+ "VerifiedAccessLogS3Destination": {
+ "base": "Options for Amazon S3 as a logging destination.
",
+ "refs": {
+ "VerifiedAccessLogs$S3": "Amazon S3 logging options.
"
+ }
+ },
+ "VerifiedAccessLogS3DestinationOptions": {
+ "base": "Options for Amazon S3 as a logging destination.
",
+ "refs": {
+ "VerifiedAccessLogOptions$S3": "Sends Verified Access logs to Amazon S3.
"
+ }
+ },
+ "VerifiedAccessLogs": {
+ "base": "Describes the destinations for Verified Access logs.
",
+ "refs": {
+ "VerifiedAccessInstanceLoggingConfiguration$AccessLogs": "Details about the logging options.
"
+ }
+ },
+ "VerifiedAccessTrustProvider": {
+ "base": "Describes a Verified Access trust provider.
",
+ "refs": {
+ "AttachVerifiedAccessTrustProviderResult$VerifiedAccessTrustProvider": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "CreateVerifiedAccessTrustProviderResult$VerifiedAccessTrustProvider": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "DeleteVerifiedAccessTrustProviderResult$VerifiedAccessTrustProvider": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "DetachVerifiedAccessTrustProviderResult$VerifiedAccessTrustProvider": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "ModifyVerifiedAccessTrustProviderResult$VerifiedAccessTrustProvider": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "VerifiedAccessTrustProviderList$member": null
+ }
+ },
+ "VerifiedAccessTrustProviderCondensed": {
+ "base": "Condensed information about a trust provider.
",
+ "refs": {
+ "VerifiedAccessTrustProviderCondensedList$member": null
+ }
+ },
+ "VerifiedAccessTrustProviderCondensedList": {
+ "base": null,
+ "refs": {
+ "VerifiedAccessInstance$VerifiedAccessTrustProviders": "The IDs of the Amazon Web Services Verified Access trust providers.
"
+ }
+ },
+ "VerifiedAccessTrustProviderId": {
+ "base": null,
+ "refs": {
+ "AttachVerifiedAccessTrustProviderRequest$VerifiedAccessTrustProviderId": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "DeleteVerifiedAccessTrustProviderRequest$VerifiedAccessTrustProviderId": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "DetachVerifiedAccessTrustProviderRequest$VerifiedAccessTrustProviderId": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "ModifyVerifiedAccessTrustProviderRequest$VerifiedAccessTrustProviderId": "The ID of the Amazon Web Services Verified Access trust provider.
",
+ "VerifiedAccessTrustProviderIdList$member": null
+ }
+ },
+ "VerifiedAccessTrustProviderIdList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessTrustProvidersRequest$VerifiedAccessTrustProviderIds": "The IDs of the Amazon Web Services Verified Access trust providers.
"
+ }
+ },
+ "VerifiedAccessTrustProviderList": {
+ "base": null,
+ "refs": {
+ "DescribeVerifiedAccessTrustProvidersResult$VerifiedAccessTrustProviders": "The IDs of the Amazon Web Services Verified Access trust providers.
"
+ }
+ },
"VersionDescription": {
"base": null,
"refs": {
diff --git a/models/apis/ec2/2016-11-15/paginators-1.json b/models/apis/ec2/2016-11-15/paginators-1.json
index 9cabec38ff..8049e432fc 100755
--- a/models/apis/ec2/2016-11-15/paginators-1.json
+++ b/models/apis/ec2/2016-11-15/paginators-1.json
@@ -584,6 +584,36 @@
"output_token": "NextToken",
"result_key": "InterfaceAssociations"
},
+ "DescribeVerifiedAccessEndpoints": {
+ "input_token": "NextToken",
+ "limit_key": "MaxResults",
+ "output_token": "NextToken",
+ "result_key": "VerifiedAccessEndpoints"
+ },
+ "DescribeVerifiedAccessGroups": {
+ "input_token": "NextToken",
+ "limit_key": "MaxResults",
+ "output_token": "NextToken",
+ "result_key": "VerifiedAccessGroups"
+ },
+ "DescribeVerifiedAccessInstanceLoggingConfigurations": {
+ "input_token": "NextToken",
+ "limit_key": "MaxResults",
+ "output_token": "NextToken",
+ "result_key": "LoggingConfigurations"
+ },
+ "DescribeVerifiedAccessInstances": {
+ "input_token": "NextToken",
+ "limit_key": "MaxResults",
+ "output_token": "NextToken",
+ "result_key": "VerifiedAccessInstances"
+ },
+ "DescribeVerifiedAccessTrustProviders": {
+ "input_token": "NextToken",
+ "limit_key": "MaxResults",
+ "output_token": "NextToken",
+ "result_key": "VerifiedAccessTrustProviders"
+ },
"DescribeVolumeStatus": {
"input_token": "NextToken",
"limit_key": "MaxResults",
diff --git a/models/apis/firehose/2015-08-04/api-2.json b/models/apis/firehose/2015-08-04/api-2.json
index b987fb6862..eef3e6c7d0 100644
--- a/models/apis/firehose/2015-08-04/api-2.json
+++ b/models/apis/firehose/2015-08-04/api-2.json
@@ -190,6 +190,101 @@
"min":1,
"pattern":"arn:.*"
},
+ "AmazonOpenSearchServerlessBufferingHints":{
+ "type":"structure",
+ "members":{
+ "IntervalInSeconds":{"shape":"AmazonOpenSearchServerlessBufferingIntervalInSeconds"},
+ "SizeInMBs":{"shape":"AmazonOpenSearchServerlessBufferingSizeInMBs"}
+ }
+ },
+ "AmazonOpenSearchServerlessBufferingIntervalInSeconds":{
+ "type":"integer",
+ "max":900,
+ "min":60
+ },
+ "AmazonOpenSearchServerlessBufferingSizeInMBs":{
+ "type":"integer",
+ "max":100,
+ "min":1
+ },
+ "AmazonOpenSearchServerlessCollectionEndpoint":{
+ "type":"string",
+ "max":512,
+ "min":1,
+ "pattern":"https:.*"
+ },
+ "AmazonOpenSearchServerlessDestinationConfiguration":{
+ "type":"structure",
+ "required":[
+ "RoleARN",
+ "IndexName",
+ "S3Configuration"
+ ],
+ "members":{
+ "RoleARN":{"shape":"RoleARN"},
+ "CollectionEndpoint":{"shape":"AmazonOpenSearchServerlessCollectionEndpoint"},
+ "IndexName":{"shape":"AmazonOpenSearchServerlessIndexName"},
+ "BufferingHints":{"shape":"AmazonOpenSearchServerlessBufferingHints"},
+ "RetryOptions":{"shape":"AmazonOpenSearchServerlessRetryOptions"},
+ "S3BackupMode":{"shape":"AmazonOpenSearchServerlessS3BackupMode"},
+ "S3Configuration":{"shape":"S3DestinationConfiguration"},
+ "ProcessingConfiguration":{"shape":"ProcessingConfiguration"},
+ "CloudWatchLoggingOptions":{"shape":"CloudWatchLoggingOptions"},
+ "VpcConfiguration":{"shape":"VpcConfiguration"}
+ }
+ },
+ "AmazonOpenSearchServerlessDestinationDescription":{
+ "type":"structure",
+ "members":{
+ "RoleARN":{"shape":"RoleARN"},
+ "CollectionEndpoint":{"shape":"AmazonOpenSearchServerlessCollectionEndpoint"},
+ "IndexName":{"shape":"AmazonOpenSearchServerlessIndexName"},
+ "BufferingHints":{"shape":"AmazonOpenSearchServerlessBufferingHints"},
+ "RetryOptions":{"shape":"AmazonOpenSearchServerlessRetryOptions"},
+ "S3BackupMode":{"shape":"AmazonOpenSearchServerlessS3BackupMode"},
+ "S3DestinationDescription":{"shape":"S3DestinationDescription"},
+ "ProcessingConfiguration":{"shape":"ProcessingConfiguration"},
+ "CloudWatchLoggingOptions":{"shape":"CloudWatchLoggingOptions"},
+ "VpcConfigurationDescription":{"shape":"VpcConfigurationDescription"}
+ }
+ },
+ "AmazonOpenSearchServerlessDestinationUpdate":{
+ "type":"structure",
+ "members":{
+ "RoleARN":{"shape":"RoleARN"},
+ "CollectionEndpoint":{"shape":"AmazonOpenSearchServerlessCollectionEndpoint"},
+ "IndexName":{"shape":"AmazonOpenSearchServerlessIndexName"},
+ "BufferingHints":{"shape":"AmazonOpenSearchServerlessBufferingHints"},
+ "RetryOptions":{"shape":"AmazonOpenSearchServerlessRetryOptions"},
+ "S3Update":{"shape":"S3DestinationUpdate"},
+ "ProcessingConfiguration":{"shape":"ProcessingConfiguration"},
+ "CloudWatchLoggingOptions":{"shape":"CloudWatchLoggingOptions"}
+ }
+ },
+ "AmazonOpenSearchServerlessIndexName":{
+ "type":"string",
+ "max":80,
+ "min":1,
+ "pattern":".*"
+ },
+ "AmazonOpenSearchServerlessRetryDurationInSeconds":{
+ "type":"integer",
+ "max":7200,
+ "min":0
+ },
+ "AmazonOpenSearchServerlessRetryOptions":{
+ "type":"structure",
+ "members":{
+ "DurationInSeconds":{"shape":"AmazonOpenSearchServerlessRetryDurationInSeconds"}
+ }
+ },
+ "AmazonOpenSearchServerlessS3BackupMode":{
+ "type":"string",
+ "enum":[
+ "FailedDocumentsOnly",
+ "AllDocuments"
+ ]
+ },
"AmazonopensearchserviceBufferingHints":{
"type":"structure",
"members":{
@@ -410,7 +505,8 @@
"AmazonopensearchserviceDestinationConfiguration":{"shape":"AmazonopensearchserviceDestinationConfiguration"},
"SplunkDestinationConfiguration":{"shape":"SplunkDestinationConfiguration"},
"HttpEndpointDestinationConfiguration":{"shape":"HttpEndpointDestinationConfiguration"},
- "Tags":{"shape":"TagDeliveryStreamInputTagList"}
+ "Tags":{"shape":"TagDeliveryStreamInputTagList"},
+ "AmazonOpenSearchServerlessDestinationConfiguration":{"shape":"AmazonOpenSearchServerlessDestinationConfiguration"}
}
},
"CreateDeliveryStreamOutput":{
@@ -611,7 +707,8 @@
"ElasticsearchDestinationDescription":{"shape":"ElasticsearchDestinationDescription"},
"AmazonopensearchserviceDestinationDescription":{"shape":"AmazonopensearchserviceDestinationDescription"},
"SplunkDestinationDescription":{"shape":"SplunkDestinationDescription"},
- "HttpEndpointDestinationDescription":{"shape":"HttpEndpointDestinationDescription"}
+ "HttpEndpointDestinationDescription":{"shape":"HttpEndpointDestinationDescription"},
+ "AmazonOpenSearchServerlessDestinationDescription":{"shape":"AmazonOpenSearchServerlessDestinationDescription"}
}
},
"DestinationDescriptionList":{
@@ -1829,7 +1926,8 @@
"ElasticsearchDestinationUpdate":{"shape":"ElasticsearchDestinationUpdate"},
"AmazonopensearchserviceDestinationUpdate":{"shape":"AmazonopensearchserviceDestinationUpdate"},
"SplunkDestinationUpdate":{"shape":"SplunkDestinationUpdate"},
- "HttpEndpointDestinationUpdate":{"shape":"HttpEndpointDestinationUpdate"}
+ "HttpEndpointDestinationUpdate":{"shape":"HttpEndpointDestinationUpdate"},
+ "AmazonOpenSearchServerlessDestinationUpdate":{"shape":"AmazonOpenSearchServerlessDestinationUpdate"}
}
},
"UpdateDestinationOutput":{
diff --git a/models/apis/firehose/2015-08-04/docs-2.json b/models/apis/firehose/2015-08-04/docs-2.json
index 56072cf367..983b3dbcee 100644
--- a/models/apis/firehose/2015-08-04/docs-2.json
+++ b/models/apis/firehose/2015-08-04/docs-2.json
@@ -1,8 +1,8 @@
{
"version": "2.0",
- "service": "Amazon Kinesis Data Firehose API Reference Amazon Kinesis Data Firehose is a fully managed service that delivers real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon Elasticsearch Service (Amazon ES), Amazon Redshift, and Splunk.
",
+ "service": "Amazon Kinesis Data Firehose API Reference Amazon Kinesis Data Firehose is a fully managed service that delivers real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon OpenSearch Service, Amazon Redshift, Splunk, and various other supportd destinations.
",
"operations": {
- "CreateDeliveryStream": "Creates a Kinesis Data Firehose delivery stream.
By default, you can create up to 50 delivery streams per AWS Region.
This is an asynchronous operation that immediately returns. The initial status of the delivery stream is CREATING. After the delivery stream is created, its status is ACTIVE and it now accepts data. If the delivery stream creation fails, the status transitions to CREATING_FAILED. Attempts to send data to a delivery stream that is not in the ACTIVE state cause an exception. To check the state of a delivery stream, use DescribeDeliveryStream.
If the status of a delivery stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it.
A Kinesis Data Firehose delivery stream can be configured to receive records directly from providers using PutRecord or PutRecordBatch, or it can be configured to use an existing Kinesis stream as its source. To specify a Kinesis data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource, and provide the Kinesis stream Amazon Resource Name (ARN) and role ARN in the KinesisStreamSourceConfiguration parameter.
To create a delivery stream with server-side encryption (SSE) enabled, include DeliveryStreamEncryptionConfigurationInput in your request. This is optional. You can also invoke StartDeliveryStreamEncryption to turn on SSE for an existing delivery stream that doesn't have SSE enabled.
A delivery stream is configured with a single destination: Amazon S3, Amazon ES, Amazon Redshift, or Splunk. You must specify only one of the following destination configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration, ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration, or SplunkDestinationConfiguration.
When you specify S3DestinationConfiguration, you can also provide the following optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat. By default, if no BufferingHints value is provided, Kinesis Data Firehose buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied first. BufferingHints is a hint, so there are some cases where the service cannot adhere to these conditions strictly. For example, record boundaries might be such that the size is a little over or under the configured buffering size. By default, no encryption is performed. We strongly recommend that you enable encryption to ensure secure data storage in Amazon S3.
A few notes about Amazon Redshift as a destination:
-
An Amazon Redshift destination requires an S3 bucket as intermediate location. Kinesis Data Firehose first delivers data to Amazon S3 and then uses COPY syntax to load data into an Amazon Redshift table. This is specified in the RedshiftDestinationConfiguration.S3Configuration parameter.
-
The compression formats SNAPPY or ZIP cannot be specified in RedshiftDestinationConfiguration.S3Configuration because the Amazon Redshift COPY operation that reads from the S3 bucket doesn't support these compression formats.
-
We strongly recommend that you use the user name and password you provide exclusively with Kinesis Data Firehose, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.
Kinesis Data Firehose assumes the IAM role that is configured as part of the destination. The role should allow the Kinesis Data Firehose principal to assume the role, and the role should have permissions that allow the service to deliver the data. For more information, see Grant Kinesis Data Firehose Access to an Amazon S3 Destination in the Amazon Kinesis Data Firehose Developer Guide.
",
+ "CreateDeliveryStream": "Creates a Kinesis Data Firehose delivery stream.
By default, you can create up to 50 delivery streams per Amazon Web Services Region.
This is an asynchronous operation that immediately returns. The initial status of the delivery stream is CREATING. After the delivery stream is created, its status is ACTIVE and it now accepts data. If the delivery stream creation fails, the status transitions to CREATING_FAILED. Attempts to send data to a delivery stream that is not in the ACTIVE state cause an exception. To check the state of a delivery stream, use DescribeDeliveryStream.
If the status of a delivery stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it.
A Kinesis Data Firehose delivery stream can be configured to receive records directly from providers using PutRecord or PutRecordBatch, or it can be configured to use an existing Kinesis stream as its source. To specify a Kinesis data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource, and provide the Kinesis stream Amazon Resource Name (ARN) and role ARN in the KinesisStreamSourceConfiguration parameter.
To create a delivery stream with server-side encryption (SSE) enabled, include DeliveryStreamEncryptionConfigurationInput in your request. This is optional. You can also invoke StartDeliveryStreamEncryption to turn on SSE for an existing delivery stream that doesn't have SSE enabled.
A delivery stream is configured with a single destination: Amazon S3, Amazon ES, Amazon Redshift, or Splunk. You must specify only one of the following destination configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration, ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration, or SplunkDestinationConfiguration.
When you specify S3DestinationConfiguration, you can also provide the following optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat. By default, if no BufferingHints value is provided, Kinesis Data Firehose buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied first. BufferingHints is a hint, so there are some cases where the service cannot adhere to these conditions strictly. For example, record boundaries might be such that the size is a little over or under the configured buffering size. By default, no encryption is performed. We strongly recommend that you enable encryption to ensure secure data storage in Amazon S3.
A few notes about Amazon Redshift as a destination:
-
An Amazon Redshift destination requires an S3 bucket as intermediate location. Kinesis Data Firehose first delivers data to Amazon S3 and then uses COPY syntax to load data into an Amazon Redshift table. This is specified in the RedshiftDestinationConfiguration.S3Configuration parameter.
-
The compression formats SNAPPY or ZIP cannot be specified in RedshiftDestinationConfiguration.S3Configuration because the Amazon Redshift COPY operation that reads from the S3 bucket doesn't support these compression formats.
-
We strongly recommend that you use the user name and password you provide exclusively with Kinesis Data Firehose, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.
Kinesis Data Firehose assumes the IAM role that is configured as part of the destination. The role should allow the Kinesis Data Firehose principal to assume the role, and the role should have permissions that allow the service to deliver the data. For more information, see Grant Kinesis Data Firehose Access to an Amazon S3 Destination in the Amazon Kinesis Data Firehose Developer Guide.
",
"DeleteDeliveryStream": "Deletes a delivery stream and its data.
To check the state of a delivery stream, use DescribeDeliveryStream. You can delete a delivery stream only if it is in one of the following states: ACTIVE, DELETING, CREATING_FAILED, or DELETING_FAILED. You can't delete a delivery stream that is in the CREATING state. While the deletion request is in process, the delivery stream is in the DELETING state.
While the delivery stream is in the DELETING state, the service might continue to accept records, but it doesn't make any guarantees with respect to delivering the data. Therefore, as a best practice, first stop any applications that are sending records before you delete a delivery stream.
",
"DescribeDeliveryStream": "Describes the specified delivery stream and its status. For example, after your delivery stream is created, call DescribeDeliveryStream to see whether the delivery stream is ACTIVE and therefore ready for data to be sent to it.
If the status of a delivery stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it. If the status is DELETING_FAILED, you can force deletion by invoking DeleteDeliveryStream again but with DeleteDeliveryStreamInput$AllowForceDelete set to true.
",
"ListDeliveryStreams": "Lists your delivery streams in alphabetical order of their names.
The number of delivery streams might be too large to return using a single call to ListDeliveryStreams. You can limit the number of delivery streams returned, using the Limit parameter. To determine whether there are more delivery streams to list, check the value of HasMoreDeliveryStreams in the output. If there are more delivery streams to list, you can request them by calling this operation again and setting the ExclusiveStartDeliveryStreamName parameter to the name of the last delivery stream returned in the last call.
",
@@ -11,7 +11,7 @@
"PutRecordBatch": "Writes multiple data records into a delivery stream in a single call, which can achieve higher throughput per producer than when writing single records. To write single data records into a delivery stream, use PutRecord. Applications using these operations are referred to as producers.
For information about service quota, see Amazon Kinesis Data Firehose Quota.
Each PutRecordBatch request supports up to 500 records. Each record in the request can be as large as 1,000 KB (before base64 encoding), up to a limit of 4 MB for the entire request. These limits cannot be changed.
You must specify the name of the delivery stream and the data record when using PutRecord. The data record consists of a data blob that can be up to 1,000 KB in size, and any kind of data. For example, it could be a segment from a log file, geographic location data, website clickstream data, and so on.
Kinesis Data Firehose buffers records before delivering them to the destination. To disambiguate the data blobs at the destination, a common solution is to use delimiters in the data, such as a newline (\\n) or some other character unique within the data. This allows the consumer application to parse individual data items when reading the data from the destination.
The PutRecordBatch response includes a count of failed records, FailedPutCount, and an array of responses, RequestResponses. Even if the PutRecordBatch call succeeds, the value of FailedPutCount may be greater than 0, indicating that there are records for which the operation didn't succeed. Each entry in the RequestResponses array provides additional information about the processed record. It directly correlates with a record in the request array using the same ordering, from the top to the bottom. The response array always includes the same number of records as the request array. RequestResponses includes both successfully and unsuccessfully processed records. Kinesis Data Firehose tries to process all records in each PutRecordBatch request. A single record failure does not stop the processing of subsequent records.
A successfully processed record includes a RecordId value, which is unique for the record. An unsuccessfully processed record includes ErrorCode and ErrorMessage values. ErrorCode reflects the type of error, and is one of the following values: ServiceUnavailableException or InternalFailure. ErrorMessage provides more detailed information about the error.
If there is an internal server error or a timeout, the write might have completed or it might have failed. If FailedPutCount is greater than 0, retry the request, resending only those records that might have failed processing. This minimizes the possible duplicate records and also reduces the total bytes sent (and corresponding charges). We recommend that you handle any duplicates at the destination.
If PutRecordBatch throws ServiceUnavailableException, back off and retry. If the exception persists, it is possible that the throughput limits have been exceeded for the delivery stream.
Data records sent to Kinesis Data Firehose are stored for 24 hours from the time they are added to a delivery stream as it attempts to send the records to the destination. If the destination is unreachable for more than 24 hours, the data is no longer available.
Don't concatenate two or more base64 strings to form the data fields of your records. Instead, concatenate the raw data, then perform base64 encoding.
",
"StartDeliveryStreamEncryption": "Enables server-side encryption (SSE) for the delivery stream.
This operation is asynchronous. It returns immediately. When you invoke it, Kinesis Data Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively.
To check the encryption status of a delivery stream, use DescribeDeliveryStream.
Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Kinesis Data Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Kinesis Data Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant.
If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK.
If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Kinesis Data Firehose to invoke KMS encrypt and decrypt operations.
You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.
The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
",
"StopDeliveryStreamEncryption": "Disables server-side encryption (SSE) for the delivery stream.
This operation is asynchronous. It returns immediately. When you invoke it, Kinesis Data Firehose first sets the encryption status of the stream to DISABLING, and then to DISABLED. You can continue to read and write data to your stream while its status is DISABLING. It can take up to 5 seconds after the encryption status changes to DISABLED before all records written to the delivery stream are no longer subject to encryption. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively.
To check the encryption state of a delivery stream, use DescribeDeliveryStream.
If SSE is enabled using a customer managed CMK and then you invoke StopDeliveryStreamEncryption, Kinesis Data Firehose schedules the related KMS grant for retirement and then retires it after it ensures that it is finished delivering records to the destination.
The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
",
- "TagDeliveryStream": "Adds or updates tags for the specified delivery stream. A tag is a key-value pair that you can define and assign to AWS resources. If you specify a tag that already exists, the tag value is replaced with the value that you specify in the request. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide.
Each delivery stream can have up to 50 tags.
This operation has a limit of five transactions per second per account.
",
+ "TagDeliveryStream": "Adds or updates tags for the specified delivery stream. A tag is a key-value pair that you can define and assign to Amazon Web Services resources. If you specify a tag that already exists, the tag value is replaced with the value that you specify in the request. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.
Each delivery stream can have up to 50 tags.
This operation has a limit of five transactions per second per account.
",
"UntagDeliveryStream": "Removes tags from the specified delivery stream. Removed tags are deleted, and you can't recover them after this operation successfully completes.
If you specify a tag that doesn't exist, the operation ignores it.
This operation has a limit of five transactions per second per account.
",
"UpdateDestination": "Updates the specified destination of the specified delivery stream.
Use this operation to change the destination type (for example, to replace the Amazon S3 destination with Amazon Redshift) or change the parameters associated with a destination (for example, to change the bucket name of the Amazon S3 destination). The update might not occur immediately. The target delivery stream remains active while the configurations are updated, so data writes to the delivery stream can continue during this process. The updated configurations are usually effective within a few minutes.
Switching between Amazon ES and other services is not supported. For an Amazon ES destination, you can only update to another Amazon ES destination.
If the destination type is the same, Kinesis Data Firehose merges the configuration parameters specified with the destination configuration that already exists on the delivery stream. If any of the parameters are not specified in the call, the existing values are retained. For example, in the Amazon S3 destination, if EncryptionConfiguration is not specified, then the existing EncryptionConfiguration is maintained on the destination.
If the destination type is not the same, for example, changing the destination from Amazon S3 to Amazon Redshift, Kinesis Data Firehose does not merge any parameters. In this case, all parameters must be specified.
Kinesis Data Firehose uses CurrentDeliveryStreamVersionId to avoid race conditions and conflicting merges. This is a required field, and the service updates the configuration only if the existing configuration has a version ID that matches. After the update is applied successfully, the version ID is updated, and can be retrieved using DescribeDeliveryStream. Use the new version ID to set CurrentDeliveryStreamVersionId in the next call.
"
},
@@ -19,108 +19,183 @@
"AWSKMSKeyARN": {
"base": null,
"refs": {
- "DeliveryStreamEncryptionConfiguration$KeyARN": "If KeyType is CUSTOMER_MANAGED_CMK, this field contains the ARN of the customer managed CMK. If KeyType is AWS_OWNED_CMK, DeliveryStreamEncryptionConfiguration doesn't contain a value for KeyARN.
",
- "DeliveryStreamEncryptionConfigurationInput$KeyARN": "If you set KeyType to CUSTOMER_MANAGED_CMK, you must specify the Amazon Resource Name (ARN) of the CMK. If you set KeyType to AWS_OWNED_CMK, Kinesis Data Firehose uses a service-account CMK.
",
- "KMSEncryptionConfig$AWSKMSKeyARN": "The Amazon Resource Name (ARN) of the encryption key. Must belong to the same AWS Region as the destination Amazon S3 bucket. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
"
+ "DeliveryStreamEncryptionConfiguration$KeyARN": "If KeyType is CUSTOMER_MANAGED_CMK, this field contains the ARN of the customer managed CMK. If KeyType is Amazon Web Services_OWNED_CMK, DeliveryStreamEncryptionConfiguration doesn't contain a value for KeyARN.
",
+ "DeliveryStreamEncryptionConfigurationInput$KeyARN": "If you set KeyType to CUSTOMER_MANAGED_CMK, you must specify the Amazon Resource Name (ARN) of the CMK. If you set KeyType to Amazon Web Services_OWNED_CMK, Kinesis Data Firehose uses a service-account CMK.
",
+ "KMSEncryptionConfig$AWSKMSKeyARN": "The Amazon Resource Name (ARN) of the encryption key. Must belong to the same Amazon Web Services Region as the destination Amazon S3 bucket. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
"
}
},
- "AmazonopensearchserviceBufferingHints": {
+ "AmazonOpenSearchServerlessBufferingHints": {
+ "base": "Describes the buffering to perform before delivering data to the Serverless offering for Amazon OpenSearch Service destination.
",
+ "refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$BufferingHints": "The buffering options. If no value is specified, the default values for AmazonopensearchserviceBufferingHints are used.
",
+ "AmazonOpenSearchServerlessDestinationDescription$BufferingHints": "The buffering options.
",
+ "AmazonOpenSearchServerlessDestinationUpdate$BufferingHints": "The buffering options. If no value is specified, AmazonopensearchBufferingHints object default values are used.
"
+ }
+ },
+ "AmazonOpenSearchServerlessBufferingIntervalInSeconds": {
+ "base": null,
+ "refs": {
+ "AmazonOpenSearchServerlessBufferingHints$IntervalInSeconds": "Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300 (5 minutes).
"
+ }
+ },
+ "AmazonOpenSearchServerlessBufferingSizeInMBs": {
+ "base": null,
+ "refs": {
+ "AmazonOpenSearchServerlessBufferingHints$SizeInMBs": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.
We recommend setting this parameter to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec, the value should be 10 MB or higher.
"
+ }
+ },
+ "AmazonOpenSearchServerlessCollectionEndpoint": {
+ "base": null,
+ "refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$CollectionEndpoint": "The endpoint to use when communicating with the collection in the Serverless offering for Amazon OpenSearch Service.
",
+ "AmazonOpenSearchServerlessDestinationDescription$CollectionEndpoint": "The endpoint to use when communicating with the collection in the Serverless offering for Amazon OpenSearch Service.
",
+ "AmazonOpenSearchServerlessDestinationUpdate$CollectionEndpoint": "The endpoint to use when communicating with the collection in the Serverless offering for Amazon OpenSearch Service.
"
+ }
+ },
+ "AmazonOpenSearchServerlessDestinationConfiguration": {
+ "base": "Describes the configuration of a destination in the Serverless offering for Amazon OpenSearch Service.
",
+ "refs": {
+ "CreateDeliveryStreamInput$AmazonOpenSearchServerlessDestinationConfiguration": "The destination in the Serverless offering for Amazon OpenSearch Service. You can specify only one destination.
"
+ }
+ },
+ "AmazonOpenSearchServerlessDestinationDescription": {
+ "base": "The destination description in the Serverless offering for Amazon OpenSearch Service.
",
+ "refs": {
+ "DestinationDescription$AmazonOpenSearchServerlessDestinationDescription": "The destination in the Serverless offering for Amazon OpenSearch Service.
"
+ }
+ },
+ "AmazonOpenSearchServerlessDestinationUpdate": {
+ "base": "Describes an update for a destination in the Serverless offering for Amazon OpenSearch Service.
",
+ "refs": {
+ "UpdateDestinationInput$AmazonOpenSearchServerlessDestinationUpdate": "Describes an update for a destination in the Serverless offering for Amazon OpenSearch Service.
"
+ }
+ },
+ "AmazonOpenSearchServerlessIndexName": {
+ "base": null,
+ "refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$IndexName": "The Serverless offering for Amazon OpenSearch Service index name.
",
+ "AmazonOpenSearchServerlessDestinationDescription$IndexName": "The Serverless offering for Amazon OpenSearch Service index name.
",
+ "AmazonOpenSearchServerlessDestinationUpdate$IndexName": "The Serverless offering for Amazon OpenSearch Service index name.
"
+ }
+ },
+ "AmazonOpenSearchServerlessRetryDurationInSeconds": {
+ "base": null,
+ "refs": {
+ "AmazonOpenSearchServerlessRetryOptions$DurationInSeconds": "After an initial failure to deliver to the Serverless offering for Amazon OpenSearch Service, the total amount of time during which Kinesis Data Firehose retries delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. Default value is 300 seconds (5 minutes). A value of 0 (zero) results in no retries.
"
+ }
+ },
+ "AmazonOpenSearchServerlessRetryOptions": {
+ "base": "Configures retry behavior in case Kinesis Data Firehose is unable to deliver documents to the Serverless offering for Amazon OpenSearch Service.
",
+ "refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$RetryOptions": "The retry behavior in case Kinesis Data Firehose is unable to deliver documents to the Serverless offering for Amazon OpenSearch Service. The default value is 300 (5 minutes).
",
+ "AmazonOpenSearchServerlessDestinationDescription$RetryOptions": "The Serverless offering for Amazon OpenSearch Service retry options.
",
+ "AmazonOpenSearchServerlessDestinationUpdate$RetryOptions": "The retry behavior in case Kinesis Data Firehose is unable to deliver documents to the Serverless offering for Amazon OpenSearch Service. The default value is 300 (5 minutes).
"
+ }
+ },
+ "AmazonOpenSearchServerlessS3BackupMode": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$BufferingHints": null,
- "AmazonopensearchserviceDestinationDescription$BufferingHints": null,
- "AmazonopensearchserviceDestinationUpdate$BufferingHints": null
+ "AmazonOpenSearchServerlessDestinationConfiguration$S3BackupMode": "Defines how documents should be delivered to Amazon S3. When it is set to FailedDocumentsOnly, Kinesis Data Firehose writes any documents that could not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/ appended to the key prefix. When set to AllDocuments, Kinesis Data Firehose delivers all incoming records to Amazon S3, and also writes failed documents with AmazonOpenSearchService-failed/ appended to the prefix.
",
+ "AmazonOpenSearchServerlessDestinationDescription$S3BackupMode": "The Amazon S3 backup mode.
"
+ }
+ },
+ "AmazonopensearchserviceBufferingHints": {
+ "base": "Describes the buffering to perform before delivering data to the Amazon OpenSearch Service destination.
",
+ "refs": {
+ "AmazonopensearchserviceDestinationConfiguration$BufferingHints": "The buffering options. If no value is specified, the default values for AmazonopensearchserviceBufferingHints are used.
",
+ "AmazonopensearchserviceDestinationDescription$BufferingHints": "The buffering options.
",
+ "AmazonopensearchserviceDestinationUpdate$BufferingHints": "The buffering options. If no value is specified, AmazonopensearchBufferingHints object default values are used.
"
}
},
"AmazonopensearchserviceBufferingIntervalInSeconds": {
"base": null,
"refs": {
- "AmazonopensearchserviceBufferingHints$IntervalInSeconds": null
+ "AmazonopensearchserviceBufferingHints$IntervalInSeconds": "Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300 (5 minutes).
"
}
},
"AmazonopensearchserviceBufferingSizeInMBs": {
"base": null,
"refs": {
- "AmazonopensearchserviceBufferingHints$SizeInMBs": null
+ "AmazonopensearchserviceBufferingHints$SizeInMBs": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.
We recommend setting this parameter to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec, the value should be 10 MB or higher.
"
}
},
"AmazonopensearchserviceClusterEndpoint": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$ClusterEndpoint": null,
- "AmazonopensearchserviceDestinationDescription$ClusterEndpoint": null,
- "AmazonopensearchserviceDestinationUpdate$ClusterEndpoint": null
+ "AmazonopensearchserviceDestinationConfiguration$ClusterEndpoint": "The endpoint to use when communicating with the cluster. Specify either this ClusterEndpoint or the DomainARN field.
",
+ "AmazonopensearchserviceDestinationDescription$ClusterEndpoint": "The endpoint to use when communicating with the cluster. Kinesis Data Firehose uses either this ClusterEndpoint or the DomainARN field to send data to Amazon OpenSearch Service.
",
+ "AmazonopensearchserviceDestinationUpdate$ClusterEndpoint": "The endpoint to use when communicating with the cluster. Specify either this ClusterEndpoint or the DomainARN field.
"
}
},
"AmazonopensearchserviceDestinationConfiguration": {
- "base": null,
+ "base": "Describes the configuration of a destination in Amazon OpenSearch Service
",
"refs": {
- "CreateDeliveryStreamInput$AmazonopensearchserviceDestinationConfiguration": null
+ "CreateDeliveryStreamInput$AmazonopensearchserviceDestinationConfiguration": "The destination in Amazon OpenSearch Service. You can specify only one destination.
"
}
},
"AmazonopensearchserviceDestinationDescription": {
- "base": null,
+ "base": "The destination description in Amazon OpenSearch Service.
",
"refs": {
- "DestinationDescription$AmazonopensearchserviceDestinationDescription": null
+ "DestinationDescription$AmazonopensearchserviceDestinationDescription": "The destination in Amazon OpenSearch Service.
"
}
},
"AmazonopensearchserviceDestinationUpdate": {
- "base": null,
+ "base": "Describes an update for a destination in Amazon OpenSearch Service.
",
"refs": {
- "UpdateDestinationInput$AmazonopensearchserviceDestinationUpdate": null
+ "UpdateDestinationInput$AmazonopensearchserviceDestinationUpdate": "Describes an update for a destination in Amazon OpenSearch Service.
"
}
},
"AmazonopensearchserviceDomainARN": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$DomainARN": null,
- "AmazonopensearchserviceDestinationDescription$DomainARN": null,
- "AmazonopensearchserviceDestinationUpdate$DomainARN": null
+ "AmazonopensearchserviceDestinationConfiguration$DomainARN": "The ARN of the Amazon OpenSearch Service domain. The IAM role must have permissions for DescribeElasticsearchDomain, DescribeElasticsearchDomains, and DescribeElasticsearchDomainConfig after assuming the role specified in RoleARN.
",
+ "AmazonopensearchserviceDestinationDescription$DomainARN": "The ARN of the Amazon OpenSearch Service domain.
",
+ "AmazonopensearchserviceDestinationUpdate$DomainARN": "The ARN of the Amazon OpenSearch Service domain. The IAM role must have permissions for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming the IAM role specified in RoleARN.
"
}
},
"AmazonopensearchserviceIndexName": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$IndexName": null,
- "AmazonopensearchserviceDestinationDescription$IndexName": null,
- "AmazonopensearchserviceDestinationUpdate$IndexName": null
+ "AmazonopensearchserviceDestinationConfiguration$IndexName": "The ElasticsearAmazon OpenSearch Service index name.
",
+ "AmazonopensearchserviceDestinationDescription$IndexName": "The Amazon OpenSearch Service index name.
",
+ "AmazonopensearchserviceDestinationUpdate$IndexName": "The Amazon OpenSearch Service index name.
"
}
},
"AmazonopensearchserviceIndexRotationPeriod": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$IndexRotationPeriod": null,
- "AmazonopensearchserviceDestinationDescription$IndexRotationPeriod": null,
- "AmazonopensearchserviceDestinationUpdate$IndexRotationPeriod": null
+ "AmazonopensearchserviceDestinationConfiguration$IndexRotationPeriod": "The Amazon OpenSearch Service index rotation period. Index rotation appends a timestamp to the IndexName to facilitate the expiration of old data.
",
+ "AmazonopensearchserviceDestinationDescription$IndexRotationPeriod": "The Amazon OpenSearch Service index rotation period
",
+ "AmazonopensearchserviceDestinationUpdate$IndexRotationPeriod": "The Amazon OpenSearch Service index rotation period. Index rotation appends a timestamp to IndexName to facilitate the expiration of old data.
"
}
},
"AmazonopensearchserviceRetryDurationInSeconds": {
"base": null,
"refs": {
- "AmazonopensearchserviceRetryOptions$DurationInSeconds": null
+ "AmazonopensearchserviceRetryOptions$DurationInSeconds": "After an initial failure to deliver to Amazon OpenSearch Service, the total amount of time during which Kinesis Data Firehose retries delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. Default value is 300 seconds (5 minutes). A value of 0 (zero) results in no retries.
"
}
},
"AmazonopensearchserviceRetryOptions": {
- "base": null,
+ "base": "Configures retry behavior in case Kinesis Data Firehose is unable to deliver documents to Amazon OpenSearch Service.
",
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$RetryOptions": null,
- "AmazonopensearchserviceDestinationDescription$RetryOptions": null,
- "AmazonopensearchserviceDestinationUpdate$RetryOptions": null
+ "AmazonopensearchserviceDestinationConfiguration$RetryOptions": "The retry behavior in case Kinesis Data Firehose is unable to deliver documents to Amazon OpenSearch Service. The default value is 300 (5 minutes).
",
+ "AmazonopensearchserviceDestinationDescription$RetryOptions": "The Amazon OpenSearch Service retry options.
",
+ "AmazonopensearchserviceDestinationUpdate$RetryOptions": "The retry behavior in case Kinesis Data Firehose is unable to deliver documents to Amazon OpenSearch Service. The default value is 300 (5 minutes).
"
}
},
"AmazonopensearchserviceS3BackupMode": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$S3BackupMode": null,
- "AmazonopensearchserviceDestinationDescription$S3BackupMode": null
+ "AmazonopensearchserviceDestinationConfiguration$S3BackupMode": "Defines how documents should be delivered to Amazon S3. When it is set to FailedDocumentsOnly, Kinesis Data Firehose writes any documents that could not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/ appended to the key prefix. When set to AllDocuments, Kinesis Data Firehose delivers all incoming records to Amazon S3, and also writes failed documents with AmazonOpenSearchService-failed/ appended to the prefix.
",
+ "AmazonopensearchserviceDestinationDescription$S3BackupMode": "The Amazon S3 backup mode.
"
}
},
"AmazonopensearchserviceTypeName": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$TypeName": null,
- "AmazonopensearchserviceDestinationDescription$TypeName": null,
- "AmazonopensearchserviceDestinationUpdate$TypeName": null
+ "AmazonopensearchserviceDestinationConfiguration$TypeName": "The Amazon OpenSearch Service type name. For Elasticsearch 6.x, there can be only one type per index. If you try to specify a new type for an existing index that already has another type, Kinesis Data Firehose returns an error during run time.
",
+ "AmazonopensearchserviceDestinationDescription$TypeName": "The Amazon OpenSearch Service type name. This applies to Elasticsearch 6.x and lower versions. For Elasticsearch 7.x and OpenSearch Service 1.x, there's no value for TypeName.
",
+ "AmazonopensearchserviceDestinationUpdate$TypeName": "The Amazon OpenSearch Service type name. For Elasticsearch 6.x, there can be only one type per index. If you try to specify a new type for an existing index that already has another type, Kinesis Data Firehose returns an error during runtime.
If you upgrade Elasticsearch from 6.x to 7.x and don’t update your delivery stream, Kinesis Data Firehose still delivers data to Elasticsearch with the old index name and type name. If you want to update your delivery stream with a new index name, provide an empty string for TypeName.
"
}
},
"BlockSizeBytes": {
@@ -135,7 +210,7 @@
"refs": {
"CloudWatchLoggingOptions$Enabled": "Enables or disables CloudWatch logging.
",
"DataFormatConversionConfiguration$Enabled": "Defaults to true. Set it to false if you want to disable format conversion while preserving the configuration details.
",
- "DeleteDeliveryStreamInput$AllowForceDelete": "Set this to true if you want to delete the delivery stream even if Kinesis Data Firehose is unable to retire the grant for the CMK. Kinesis Data Firehose might be unable to retire the grant due to a customer error, such as when the CMK or the grant are in an invalid state. If you force deletion, you can then use the RevokeGrant operation to revoke the grant you gave to Kinesis Data Firehose. If a failure to retire the grant happens due to an AWS KMS issue, Kinesis Data Firehose keeps retrying the delete operation.
The default value is false.
",
+ "DeleteDeliveryStreamInput$AllowForceDelete": "Set this to true if you want to delete the delivery stream even if Kinesis Data Firehose is unable to retire the grant for the CMK. Kinesis Data Firehose might be unable to retire the grant due to a customer error, such as when the CMK or the grant are in an invalid state. If you force deletion, you can then use the RevokeGrant operation to revoke the grant you gave to Kinesis Data Firehose. If a failure to retire the grant happens due to an Amazon Web Services KMS issue, Kinesis Data Firehose keeps retrying the delete operation.
The default value is false.
",
"DeliveryStreamDescription$HasMoreDestinations": "Indicates whether there are more destinations available to list.
",
"DynamicPartitioningConfiguration$Enabled": "Specifies that the dynamic partitioning is enabled for this Kinesis Data Firehose delivery stream.
",
"ListDeliveryStreamsOutput$HasMoreDeliveryStreams": "Indicates whether there are more delivery streams available to list.
",
@@ -152,12 +227,12 @@
"BucketARN": {
"base": null,
"refs": {
- "ExtendedS3DestinationConfiguration$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "ExtendedS3DestinationDescription$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "ExtendedS3DestinationUpdate$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "S3DestinationConfiguration$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "S3DestinationDescription$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "S3DestinationUpdate$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
"
+ "ExtendedS3DestinationConfiguration$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "ExtendedS3DestinationDescription$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "ExtendedS3DestinationUpdate$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "S3DestinationConfiguration$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "S3DestinationDescription$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "S3DestinationUpdate$BucketARN": "The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
"
}
},
"BufferingHints": {
@@ -174,6 +249,9 @@
"CloudWatchLoggingOptions": {
"base": "Describes the Amazon CloudWatch logging options for your delivery stream.
",
"refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$CloudWatchLoggingOptions": null,
+ "AmazonOpenSearchServerlessDestinationDescription$CloudWatchLoggingOptions": null,
+ "AmazonOpenSearchServerlessDestinationUpdate$CloudWatchLoggingOptions": null,
"AmazonopensearchserviceDestinationConfiguration$CloudWatchLoggingOptions": null,
"AmazonopensearchserviceDestinationDescription$CloudWatchLoggingOptions": null,
"AmazonopensearchserviceDestinationUpdate$CloudWatchLoggingOptions": null,
@@ -264,7 +342,7 @@
}
},
"DataFormatConversionConfiguration": {
- "base": "Specifies that you want Kinesis Data Firehose to convert data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. Kinesis Data Firehose uses the serializer and deserializer that you specify, in addition to the column information from the AWS Glue table, to deserialize your input data from JSON and then serialize it to the Parquet or ORC format. For more information, see Kinesis Data Firehose Record Format Conversion.
",
+ "base": "Specifies that you want Kinesis Data Firehose to convert data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. Kinesis Data Firehose uses the serializer and deserializer that you specify, in addition to the column information from the Amazon Web Services Glue table, to deserialize your input data from JSON and then serialize it to the Parquet or ORC format. For more information, see Kinesis Data Firehose Record Format Conversion.
",
"refs": {
"ExtendedS3DestinationConfiguration$DataFormatConversionConfiguration": "The serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3.
",
"ExtendedS3DestinationDescription$DataFormatConversionConfiguration": "The serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3.
",
@@ -303,7 +381,7 @@
"base": null,
"refs": {
"CreateDeliveryStreamOutput$DeliveryStreamARN": "The ARN of the delivery stream.
",
- "DeliveryStreamDescription$DeliveryStreamARN": "The Amazon Resource Name (ARN) of the delivery stream. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
"
+ "DeliveryStreamDescription$DeliveryStreamARN": "The Amazon Resource Name (ARN) of the delivery stream. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
"
}
},
"DeliveryStreamDescription": {
@@ -340,7 +418,7 @@
"DeliveryStreamName": {
"base": null,
"refs": {
- "CreateDeliveryStreamInput$DeliveryStreamName": "The name of the delivery stream. This name must be unique per AWS account in the same AWS Region. If the delivery streams are in different accounts or different Regions, you can have multiple delivery streams with the same name.
",
+ "CreateDeliveryStreamInput$DeliveryStreamName": "The name of the delivery stream. This name must be unique per Amazon Web Services account in the same Amazon Web Services Region. If the delivery streams are in different accounts or different Regions, you can have multiple delivery streams with the same name.
",
"DeleteDeliveryStreamInput$DeliveryStreamName": "The name of the delivery stream.
",
"DeliveryStreamDescription$DeliveryStreamName": "The name of the delivery stream.
",
"DeliveryStreamNameList$member": null,
@@ -426,11 +504,11 @@
}
},
"DynamicPartitioningConfiguration": {
- "base": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations. For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
",
+ "base": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations.
",
"refs": {
- "ExtendedS3DestinationConfiguration$DynamicPartitioningConfiguration": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations. For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
",
- "ExtendedS3DestinationDescription$DynamicPartitioningConfiguration": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations. For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
",
- "ExtendedS3DestinationUpdate$DynamicPartitioningConfiguration": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations. For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
"
+ "ExtendedS3DestinationConfiguration$DynamicPartitioningConfiguration": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations.
",
+ "ExtendedS3DestinationDescription$DynamicPartitioningConfiguration": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations.
",
+ "ExtendedS3DestinationUpdate$DynamicPartitioningConfiguration": "The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations.
"
}
},
"ElasticsearchBufferingHints": {
@@ -482,9 +560,9 @@
"ElasticsearchDomainARN": {
"base": null,
"refs": {
- "ElasticsearchDestinationConfiguration$DomainARN": "The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeElasticsearchDomain, DescribeElasticsearchDomains, and DescribeElasticsearchDomainConfig after assuming the role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
Specify either ClusterEndpoint or DomainARN.
",
- "ElasticsearchDestinationDescription$DomainARN": "The ARN of the Amazon ES domain. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
Kinesis Data Firehose uses either ClusterEndpoint or DomainARN to send data to Amazon ES.
",
- "ElasticsearchDestinationUpdate$DomainARN": "The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeElasticsearchDomain, DescribeElasticsearchDomains, and DescribeElasticsearchDomainConfig after assuming the IAM role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
Specify either ClusterEndpoint or DomainARN.
"
+ "ElasticsearchDestinationConfiguration$DomainARN": "The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming the role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
Specify either ClusterEndpoint or DomainARN.
",
+ "ElasticsearchDestinationDescription$DomainARN": "The ARN of the Amazon ES domain. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
Kinesis Data Firehose uses either ClusterEndpoint or DomainARN to send data to Amazon ES.
",
+ "ElasticsearchDestinationUpdate$DomainARN": "The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming the IAM role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
Specify either ClusterEndpoint or DomainARN.
"
}
},
"ElasticsearchIndexName": {
@@ -520,7 +598,7 @@
"ElasticsearchS3BackupMode": {
"base": null,
"refs": {
- "ElasticsearchDestinationConfiguration$S3BackupMode": "Defines how documents should be delivered to Amazon S3. When it is set to FailedDocumentsOnly, Kinesis Data Firehose writes any documents that could not be indexed to the configured Amazon S3 destination, with elasticsearch-failed/ appended to the key prefix. When set to AllDocuments, Kinesis Data Firehose delivers all incoming records to Amazon S3, and also writes failed documents with elasticsearch-failed/ appended to the prefix. For more information, see Amazon S3 Backup for the Amazon ES Destination. Default value is FailedDocumentsOnly.
You can't change this backup mode after you create the delivery stream.
",
+ "ElasticsearchDestinationConfiguration$S3BackupMode": "Defines how documents should be delivered to Amazon S3. When it is set to FailedDocumentsOnly, Kinesis Data Firehose writes any documents that could not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/ appended to the key prefix. When set to AllDocuments, Kinesis Data Firehose delivers all incoming records to Amazon S3, and also writes failed documents with AmazonOpenSearchService-failed/ appended to the prefix. For more information, see Amazon S3 Backup for the Amazon ES Destination. Default value is FailedDocumentsOnly.
You can't change this backup mode after you create the delivery stream.
",
"ElasticsearchDestinationDescription$S3BackupMode": "The Amazon S3 backup mode.
"
}
},
@@ -528,7 +606,7 @@
"base": null,
"refs": {
"ElasticsearchDestinationConfiguration$TypeName": "The Elasticsearch type name. For Elasticsearch 6.x, there can be only one type per index. If you try to specify a new type for an existing index that already has another type, Kinesis Data Firehose returns an error during run time.
For Elasticsearch 7.x, don't specify a TypeName.
",
- "ElasticsearchDestinationDescription$TypeName": "The Elasticsearch type name. This applies to Elasticsearch 6.x and lower versions. For Elasticsearch 7.x, there's no value for TypeName.
",
+ "ElasticsearchDestinationDescription$TypeName": "The Elasticsearch type name. This applies to Elasticsearch 6.x and lower versions. For Elasticsearch 7.x and OpenSearch Service 1.x, there's no value for TypeName.
",
"ElasticsearchDestinationUpdate$TypeName": "The Elasticsearch type name. For Elasticsearch 6.x, there can be only one type per index. If you try to specify a new type for an existing index that already has another type, Kinesis Data Firehose returns an error during runtime.
If you upgrade Elasticsearch from 6.x to 7.x and don’t update your delivery stream, Kinesis Data Firehose still delivers data to Elasticsearch with the old index name and type name. If you want to update your delivery stream with a new index name, provide an empty string for TypeName.
"
}
},
@@ -793,8 +871,8 @@
"KeyType": {
"base": null,
"refs": {
- "DeliveryStreamEncryptionConfiguration$KeyType": "Indicates the type of customer master key (CMK) that is used for encryption. The default setting is AWS_OWNED_CMK. For more information about CMKs, see Customer Master Keys (CMKs).
",
- "DeliveryStreamEncryptionConfigurationInput$KeyType": "Indicates the type of customer master key (CMK) to use for encryption. The default setting is AWS_OWNED_CMK. For more information about CMKs, see Customer Master Keys (CMKs). When you invoke CreateDeliveryStream or StartDeliveryStreamEncryption with KeyType set to CUSTOMER_MANAGED_CMK, Kinesis Data Firehose invokes the Amazon KMS operation CreateGrant to create a grant that allows the Kinesis Data Firehose service to use the customer managed CMK to perform encryption and decryption. Kinesis Data Firehose manages that grant.
When you invoke StartDeliveryStreamEncryption to change the CMK for a delivery stream that is encrypted with a customer managed CMK, Kinesis Data Firehose schedules the grant it had on the old CMK for retirement.
You can use a CMK of type CUSTOMER_MANAGED_CMK to encrypt up to 500 delivery streams. If a CreateDeliveryStream or StartDeliveryStreamEncryption operation exceeds this limit, Kinesis Data Firehose throws a LimitExceededException.
To encrypt your delivery stream, use symmetric CMKs. Kinesis Data Firehose doesn't support asymmetric CMKs. For information about symmetric and asymmetric CMKs, see About Symmetric and Asymmetric CMKs in the AWS Key Management Service developer guide.
"
+ "DeliveryStreamEncryptionConfiguration$KeyType": "Indicates the type of customer master key (CMK) that is used for encryption. The default setting is Amazon Web Services_OWNED_CMK. For more information about CMKs, see Customer Master Keys (CMKs).
",
+ "DeliveryStreamEncryptionConfigurationInput$KeyType": "Indicates the type of customer master key (CMK) to use for encryption. The default setting is Amazon Web Services_OWNED_CMK. For more information about CMKs, see Customer Master Keys (CMKs). When you invoke CreateDeliveryStream or StartDeliveryStreamEncryption with KeyType set to CUSTOMER_MANAGED_CMK, Kinesis Data Firehose invokes the Amazon KMS operation CreateGrant to create a grant that allows the Kinesis Data Firehose service to use the customer managed CMK to perform encryption and decryption. Kinesis Data Firehose manages that grant.
When you invoke StartDeliveryStreamEncryption to change the CMK for a delivery stream that is encrypted with a customer managed CMK, Kinesis Data Firehose schedules the grant it had on the old CMK for retirement.
You can use a CMK of type CUSTOMER_MANAGED_CMK to encrypt up to 500 delivery streams. If a CreateDeliveryStream or StartDeliveryStreamEncryption operation exceeds this limit, Kinesis Data Firehose throws a LimitExceededException.
To encrypt your delivery stream, use symmetric CMKs. Kinesis Data Firehose doesn't support asymmetric CMKs. For information about symmetric and asymmetric CMKs, see About Symmetric and Asymmetric CMKs in the Amazon Web Services Key Management Service developer guide.
"
}
},
"KinesisStreamARN": {
@@ -902,11 +980,11 @@
"refs": {
"ColumnToJsonKeyMappings$key": null,
"ListOfNonEmptyStringsWithoutWhitespace$member": null,
- "SchemaConfiguration$RoleARN": "The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed.
If the SchemaConfiguration request parameter is used as part of invoking the CreateDeliveryStream API, then the RoleARN property is required and its value must be specified.
",
- "SchemaConfiguration$CatalogId": "The ID of the AWS Glue Data Catalog. If you don't supply this, the AWS account ID is used by default.
",
- "SchemaConfiguration$DatabaseName": "Specifies the name of the AWS Glue database that contains the schema for the output data.
If the SchemaConfiguration request parameter is used as part of invoking the CreateDeliveryStream API, then the DatabaseName property is required and its value must be specified.
",
- "SchemaConfiguration$TableName": "Specifies the AWS Glue table that contains the column information that constitutes your data schema.
If the SchemaConfiguration request parameter is used as part of invoking the CreateDeliveryStream API, then the TableName property is required and its value must be specified.
",
- "SchemaConfiguration$Region": "If you don't specify an AWS Region, the default is the current Region.
",
+ "SchemaConfiguration$RoleARN": "The role that Kinesis Data Firehose can use to access Amazon Web Services Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed.
If the SchemaConfiguration request parameter is used as part of invoking the CreateDeliveryStream API, then the RoleARN property is required and its value must be specified.
",
+ "SchemaConfiguration$CatalogId": "The ID of the Amazon Web Services Glue Data Catalog. If you don't supply this, the Amazon Web Services account ID is used by default.
",
+ "SchemaConfiguration$DatabaseName": "Specifies the name of the Amazon Web Services Glue database that contains the schema for the output data.
If the SchemaConfiguration request parameter is used as part of invoking the CreateDeliveryStream API, then the DatabaseName property is required and its value must be specified.
",
+ "SchemaConfiguration$TableName": "Specifies the Amazon Web Services Glue table that contains the column information that constitutes your data schema.
If the SchemaConfiguration request parameter is used as part of invoking the CreateDeliveryStream API, then the TableName property is required and its value must be specified.
",
+ "SchemaConfiguration$Region": "If you don't specify an Amazon Web Services Region, the default is the current Region.
",
"SchemaConfiguration$VersionId": "Specifies the table version for the output data schema. If you don't specify this version ID, or if you set it to LATEST, Kinesis Data Firehose uses the most recent version. This means that any updates to the table are automatically picked up.
",
"SecurityGroupIdList$member": null,
"SubnetIdList$member": null,
@@ -1007,6 +1085,9 @@
"ProcessingConfiguration": {
"base": "Describes a data processing configuration.
",
"refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$ProcessingConfiguration": null,
+ "AmazonOpenSearchServerlessDestinationDescription$ProcessingConfiguration": null,
+ "AmazonOpenSearchServerlessDestinationUpdate$ProcessingConfiguration": null,
"AmazonopensearchserviceDestinationConfiguration$ProcessingConfiguration": null,
"AmazonopensearchserviceDestinationDescription$ProcessingConfiguration": null,
"AmazonopensearchserviceDestinationUpdate$ProcessingConfiguration": null,
@@ -1040,7 +1121,7 @@
}
},
"ProcessorParameter": {
- "base": "Describes the processor parameter.
",
+ "base": "Describes the processor parameter.
",
"refs": {
"ProcessorParameterList$member": null
}
@@ -1054,7 +1135,7 @@
"ProcessorParameterName": {
"base": null,
"refs": {
- "ProcessorParameter$ParameterName": "The name of the parameter.
"
+ "ProcessorParameter$ParameterName": "The name of the parameter. Currently the following default values are supported: 3 for NumberOfRetries and 60 for the BufferIntervalInSeconds. The BufferSizeInMBs ranges between 0.2 MB and up to 3MB. The default buffering hint is 1MB for all destinations, except Splunk. For Splunk, the default buffering hint is 256 KB.
"
}
},
"ProcessorParameterValue": {
@@ -1194,26 +1275,29 @@
"RoleARN": {
"base": null,
"refs": {
- "AmazonopensearchserviceDestinationConfiguration$RoleARN": null,
- "AmazonopensearchserviceDestinationDescription$RoleARN": null,
- "AmazonopensearchserviceDestinationUpdate$RoleARN": null,
- "ElasticsearchDestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Amazon ES Configuration API and for indexing documents. For more information, see Grant Kinesis Data Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "ElasticsearchDestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "ElasticsearchDestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Amazon ES Configuration API and for indexing documents. For more information, see Grant Kinesis Data Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "ExtendedS3DestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "ExtendedS3DestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "ExtendedS3DestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
+ "AmazonOpenSearchServerlessDestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Serverless offering for Amazon OpenSearch Service Configuration API and for indexing documents.
",
+ "AmazonOpenSearchServerlessDestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials.
",
+ "AmazonOpenSearchServerlessDestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Serverless offering for Amazon OpenSearch Service Configuration API and for indexing documents.
",
+ "AmazonopensearchserviceDestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Amazon OpenSearch Service Configuration API and for indexing documents.
",
+ "AmazonopensearchserviceDestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials.
",
+ "AmazonopensearchserviceDestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Amazon OpenSearch Service Configuration API and for indexing documents.
",
+ "ElasticsearchDestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Amazon ES Configuration API and for indexing documents. For more information, see Grant Kinesis Data Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "ElasticsearchDestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "ElasticsearchDestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Amazon ES Configuration API and for indexing documents. For more information, see Grant Kinesis Data Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "ExtendedS3DestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "ExtendedS3DestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "ExtendedS3DestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
"HttpEndpointDestinationConfiguration$RoleARN": "Kinesis Data Firehose uses this IAM role for all the permissions that the delivery stream needs.
",
"HttpEndpointDestinationDescription$RoleARN": "Kinesis Data Firehose uses this IAM role for all the permissions that the delivery stream needs.
",
"HttpEndpointDestinationUpdate$RoleARN": "Kinesis Data Firehose uses this IAM role for all the permissions that the delivery stream needs.
",
- "KinesisStreamSourceConfiguration$RoleARN": "The ARN of the role that provides access to the source Kinesis data stream. For more information, see AWS Identity and Access Management (IAM) ARN Format.
",
- "KinesisStreamSourceDescription$RoleARN": "The ARN of the role used by the source Kinesis data stream. For more information, see AWS Identity and Access Management (IAM) ARN Format.
",
- "RedshiftDestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "RedshiftDestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "RedshiftDestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "S3DestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "S3DestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
- "S3DestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the AWS credentials. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
",
+ "KinesisStreamSourceConfiguration$RoleARN": "The ARN of the role that provides access to the source Kinesis data stream. For more information, see Amazon Web Services Identity and Access Management (IAM) ARN Format.
",
+ "KinesisStreamSourceDescription$RoleARN": "The ARN of the role used by the source Kinesis data stream. For more information, see Amazon Web Services Identity and Access Management (IAM) ARN Format.
",
+ "RedshiftDestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "RedshiftDestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "RedshiftDestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "S3DestinationConfiguration$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "S3DestinationDescription$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
+ "S3DestinationUpdate$RoleARN": "The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
",
"VpcConfiguration$RoleARN": "The ARN of the IAM role that you want the delivery stream to use to create endpoints in the destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can specify a new role. In either case, make sure that the role trusts the Kinesis Data Firehose service principal and that it grants the following permissions:
-
ec2:DescribeVpcs
-
ec2:DescribeVpcAttribute
-
ec2:DescribeSubnets
-
ec2:DescribeSecurityGroups
-
ec2:DescribeNetworkInterfaces
-
ec2:CreateNetworkInterface
-
ec2:CreateNetworkInterfacePermission
-
ec2:DeleteNetworkInterface
If you revoke these permissions after you create the delivery stream, Kinesis Data Firehose can't scale out by creating more ENIs when necessary. You might therefore see a degradation in performance.
",
"VpcConfigurationDescription$RoleARN": "The ARN of the IAM role that the delivery stream uses to create endpoints in the destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can specify a new role. In either case, make sure that the role trusts the Kinesis Data Firehose service principal and that it grants the following permissions:
-
ec2:DescribeVpcs
-
ec2:DescribeVpcAttribute
-
ec2:DescribeSubnets
-
ec2:DescribeSecurityGroups
-
ec2:DescribeNetworkInterfaces
-
ec2:CreateNetworkInterface
-
ec2:CreateNetworkInterfacePermission
-
ec2:DeleteNetworkInterface
If you revoke these permissions after you create the delivery stream, Kinesis Data Firehose can't scale out by creating more ENIs when necessary. You might therefore see a degradation in performance.
"
}
@@ -1229,6 +1313,7 @@
"S3DestinationConfiguration": {
"base": "Describes the configuration of a destination in Amazon S3.
",
"refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$S3Configuration": null,
"AmazonopensearchserviceDestinationConfiguration$S3Configuration": null,
"CreateDeliveryStreamInput$S3DestinationConfiguration": "[Deprecated] The destination in Amazon S3. You can specify only one destination.
",
"ElasticsearchDestinationConfiguration$S3Configuration": "The configuration for the backup Amazon S3 location.
",
@@ -1242,6 +1327,7 @@
"S3DestinationDescription": {
"base": "Describes a destination in Amazon S3.
",
"refs": {
+ "AmazonOpenSearchServerlessDestinationDescription$S3DestinationDescription": null,
"AmazonopensearchserviceDestinationDescription$S3DestinationDescription": null,
"DestinationDescription$S3DestinationDescription": "[Deprecated] The destination in Amazon S3.
",
"ElasticsearchDestinationDescription$S3DestinationDescription": "The Amazon S3 destination.
",
@@ -1255,6 +1341,7 @@
"S3DestinationUpdate": {
"base": "Describes an update for a destination in Amazon S3.
",
"refs": {
+ "AmazonOpenSearchServerlessDestinationUpdate$S3Update": null,
"AmazonopensearchserviceDestinationUpdate$S3Update": null,
"ElasticsearchDestinationUpdate$S3Update": "The Amazon S3 destination.
",
"ExtendedS3DestinationUpdate$S3BackupUpdate": "The Amazon S3 destination for backup.
",
@@ -1268,7 +1355,7 @@
"SchemaConfiguration": {
"base": "Specifies the schema to which you want Kinesis Data Firehose to configure your data before it writes it to Amazon S3. This parameter is required if Enabled is set to true.
",
"refs": {
- "DataFormatConversionConfiguration$SchemaConfiguration": "Specifies the AWS Glue Data Catalog table that contains the column information. This parameter is required if Enabled is set to true.
"
+ "DataFormatConversionConfiguration$SchemaConfiguration": "Specifies the Amazon Web Services Glue Data Catalog table that contains the column information. This parameter is required if Enabled is set to true.
"
}
},
"SecurityGroupIdList": {
@@ -1383,7 +1470,7 @@
"TagDeliveryStreamInputTagList": {
"base": null,
"refs": {
- "CreateDeliveryStreamInput$Tags": "A set of tags to assign to the delivery stream. A tag is a key-value pair that you can define and assign to AWS resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide.
You can specify up to 50 tags when creating a delivery stream.
",
+ "CreateDeliveryStreamInput$Tags": "A set of tags to assign to the delivery stream. A tag is a key-value pair that you can define and assign to Amazon Web Services resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.
You can specify up to 50 tags when creating a delivery stream.
",
"TagDeliveryStreamInput$Tags": "A set of key-value pairs to use to create the tags.
"
}
},
@@ -1450,6 +1537,7 @@
"VpcConfiguration": {
"base": "The details of the VPC of the Amazon ES destination.
",
"refs": {
+ "AmazonOpenSearchServerlessDestinationConfiguration$VpcConfiguration": null,
"AmazonopensearchserviceDestinationConfiguration$VpcConfiguration": null,
"ElasticsearchDestinationConfiguration$VpcConfiguration": "The details of the VPC of the Amazon ES destination.
"
}
@@ -1457,6 +1545,7 @@
"VpcConfigurationDescription": {
"base": "The details of the VPC of the Amazon ES destination.
",
"refs": {
+ "AmazonOpenSearchServerlessDestinationDescription$VpcConfigurationDescription": null,
"AmazonopensearchserviceDestinationDescription$VpcConfigurationDescription": null,
"ElasticsearchDestinationDescription$VpcConfigurationDescription": "The details of the VPC of the Amazon ES destination.
"
}
diff --git a/models/apis/firehose/2015-08-04/endpoint-rule-set-1.json b/models/apis/firehose/2015-08-04/endpoint-rule-set-1.json
new file mode 100644
index 0000000000..09b6d78fdb
--- /dev/null
+++ b/models/apis/firehose/2015-08-04/endpoint-rule-set-1.json
@@ -0,0 +1,315 @@
+{
+ "version": "1.0",
+ "parameters": {
+ "Region": {
+ "builtIn": "AWS::Region",
+ "required": false,
+ "documentation": "The AWS region used to dispatch the request.",
+ "type": "String"
+ },
+ "UseDualStack": {
+ "builtIn": "AWS::UseDualStack",
+ "required": true,
+ "default": false,
+ "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
+ "type": "Boolean"
+ },
+ "UseFIPS": {
+ "builtIn": "AWS::UseFIPS",
+ "required": true,
+ "default": false,
+ "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
+ "type": "Boolean"
+ },
+ "Endpoint": {
+ "builtIn": "SDK::Endpoint",
+ "required": false,
+ "documentation": "Override the endpoint used to send this request",
+ "type": "String"
+ }
+ },
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ },
+ {
+ "fn": "parseURL",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ],
+ "assign": "url"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://firehose-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://firehose-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://firehose.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://firehose.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/models/apis/firehose/2015-08-04/endpoint-tests-1.json b/models/apis/firehose/2015-08-04/endpoint-tests-1.json
new file mode 100644
index 0000000000..ab71fd49ec
--- /dev/null
+++ b/models/apis/firehose/2015-08-04/endpoint-tests-1.json
@@ -0,0 +1,1643 @@
+{
+ "testCases": [
+ {
+ "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-south-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-south-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-south-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-south-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.me-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.me-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.me-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.me-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ca-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ca-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ca-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ca-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-iso-west-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-iso-west-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.af-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.af-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.af-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.af-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-north-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-north-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-north-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-north-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-west-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-west-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-west-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-west-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.eu-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.eu-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-northeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-northeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-northeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-northeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-northeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-northeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-northeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-northeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-northeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-northeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-northeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-northeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.me-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.me-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.me-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.me-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.sa-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.sa-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.sa-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.sa-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-gov-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-gov-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-gov-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-gov-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-southeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-southeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-southeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-southeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-southeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-southeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-southeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-southeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-southeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.ap-southeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-southeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.ap-southeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-east-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-east-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-east-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-east-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.cn-northwest-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.cn-northwest-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.cn-northwest-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.cn-northwest-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://firehose.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips enabled and dualstack disabled",
+ "expect": {
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack enabled",
+ "expect": {
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ }
+ ],
+ "version": "1.0"
+}
\ No newline at end of file
diff --git a/models/apis/kms/2014-11-01/api-2.json b/models/apis/kms/2014-11-01/api-2.json
index 803cb2a2c0..52b9113f8c 100644
--- a/models/apis/kms/2014-11-01/api-2.json
+++ b/models/apis/kms/2014-11-01/api-2.json
@@ -77,7 +77,17 @@
{"shape":"KMSInternalException"},
{"shape":"CloudHsmClusterNotActiveException"},
{"shape":"IncorrectTrustAnchorException"},
- {"shape":"CloudHsmClusterInvalidConfigurationException"}
+ {"shape":"CloudHsmClusterInvalidConfigurationException"},
+ {"shape":"LimitExceededException"},
+ {"shape":"XksProxyUriInUseException"},
+ {"shape":"XksProxyUriEndpointInUseException"},
+ {"shape":"XksProxyUriUnreachableException"},
+ {"shape":"XksProxyIncorrectAuthenticationCredentialException"},
+ {"shape":"XksProxyVpcEndpointServiceInUseException"},
+ {"shape":"XksProxyVpcEndpointServiceNotFoundException"},
+ {"shape":"XksProxyVpcEndpointServiceInvalidConfigurationException"},
+ {"shape":"XksProxyInvalidResponseException"},
+ {"shape":"XksProxyInvalidConfigurationException"}
]
},
"CreateGrant":{
@@ -117,7 +127,10 @@
{"shape":"TagException"},
{"shape":"CustomKeyStoreNotFoundException"},
{"shape":"CustomKeyStoreInvalidStateException"},
- {"shape":"CloudHsmClusterInvalidConfigurationException"}
+ {"shape":"CloudHsmClusterInvalidConfigurationException"},
+ {"shape":"XksKeyInvalidConfigurationException"},
+ {"shape":"XksKeyAlreadyInUseException"},
+ {"shape":"XksKeyNotFoundException"}
]
},
"Decrypt":{
@@ -420,6 +433,7 @@
"errors":[
{"shape":"DependencyTimeoutException"},
{"shape":"KMSInternalException"},
+ {"shape":"UnsupportedOperationException"},
{"shape":"CustomKeyStoreNotFoundException"},
{"shape":"CustomKeyStoreInvalidStateException"}
]
@@ -801,7 +815,16 @@
{"shape":"CustomKeyStoreInvalidStateException"},
{"shape":"KMSInternalException"},
{"shape":"CloudHsmClusterNotActiveException"},
- {"shape":"CloudHsmClusterInvalidConfigurationException"}
+ {"shape":"CloudHsmClusterInvalidConfigurationException"},
+ {"shape":"XksProxyUriInUseException"},
+ {"shape":"XksProxyUriEndpointInUseException"},
+ {"shape":"XksProxyUriUnreachableException"},
+ {"shape":"XksProxyIncorrectAuthenticationCredentialException"},
+ {"shape":"XksProxyVpcEndpointServiceInUseException"},
+ {"shape":"XksProxyVpcEndpointServiceNotFoundException"},
+ {"shape":"XksProxyVpcEndpointServiceInvalidConfigurationException"},
+ {"shape":"XksProxyInvalidResponseException"},
+ {"shape":"XksProxyInvalidConfigurationException"}
]
},
"UpdateKeyDescription":{
@@ -1000,7 +1023,15 @@
"USER_NOT_FOUND",
"USER_LOGGED_IN",
"SUBNET_NOT_FOUND",
- "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET"
+ "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET",
+ "XKS_PROXY_ACCESS_DENIED",
+ "XKS_PROXY_NOT_REACHABLE",
+ "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND",
+ "XKS_PROXY_INVALID_RESPONSE",
+ "XKS_PROXY_INVALID_CONFIGURATION",
+ "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION",
+ "XKS_PROXY_TIMED_OUT",
+ "XKS_PROXY_INVALID_TLS_CONFIGURATION"
]
},
"ConnectionStateType":{
@@ -1031,7 +1062,13 @@
"CustomKeyStoreName":{"shape":"CustomKeyStoreNameType"},
"CloudHsmClusterId":{"shape":"CloudHsmClusterIdType"},
"TrustAnchorCertificate":{"shape":"TrustAnchorCertificateType"},
- "KeyStorePassword":{"shape":"KeyStorePasswordType"}
+ "KeyStorePassword":{"shape":"KeyStorePasswordType"},
+ "CustomKeyStoreType":{"shape":"CustomKeyStoreType"},
+ "XksProxyUriEndpoint":{"shape":"XksProxyUriEndpointType"},
+ "XksProxyUriPath":{"shape":"XksProxyUriPathType"},
+ "XksProxyVpcEndpointServiceName":{"shape":"XksProxyVpcEndpointServiceNameType"},
+ "XksProxyAuthenticationCredential":{"shape":"XksProxyAuthenticationCredentialType"},
+ "XksProxyConnectivity":{"shape":"XksProxyConnectivityType"}
}
},
"CreateCustomKeyStoreResponse":{
@@ -1080,7 +1117,8 @@
"CustomKeyStoreId":{"shape":"CustomKeyStoreIdType"},
"BypassPolicyLockoutSafetyCheck":{"shape":"BooleanType"},
"Tags":{"shape":"TagList"},
- "MultiRegion":{"shape":"NullableBooleanType"}
+ "MultiRegion":{"shape":"NullableBooleanType"},
+ "XksKeyId":{"shape":"XksKeyIdType"}
}
},
"CreateKeyResponse":{
@@ -1127,6 +1165,13 @@
},
"exception":true
},
+ "CustomKeyStoreType":{
+ "type":"string",
+ "enum":[
+ "AWS_CLOUDHSM",
+ "EXTERNAL_KEY_STORE"
+ ]
+ },
"CustomKeyStoresList":{
"type":"list",
"member":{"shape":"CustomKeyStoresListEntry"}
@@ -1140,7 +1185,9 @@
"TrustAnchorCertificate":{"shape":"TrustAnchorCertificateType"},
"ConnectionState":{"shape":"ConnectionStateType"},
"ConnectionErrorCode":{"shape":"ConnectionErrorCodeType"},
- "CreationDate":{"shape":"DateType"}
+ "CreationDate":{"shape":"DateType"},
+ "CustomKeyStoreType":{"shape":"CustomKeyStoreType"},
+ "XksProxyConfiguration":{"shape":"XksProxyConfigurationType"}
}
},
"CustomerMasterKeySpec":{
@@ -1821,7 +1868,8 @@
"MultiRegion":{"shape":"NullableBooleanType"},
"MultiRegionConfiguration":{"shape":"MultiRegionConfiguration"},
"PendingDeletionWindowInDays":{"shape":"PendingWindowInDaysType"},
- "MacAlgorithms":{"shape":"MacAlgorithmSpecList"}
+ "MacAlgorithms":{"shape":"MacAlgorithmSpecList"},
+ "XksKeyConfiguration":{"shape":"XksKeyConfigurationType"}
}
},
"KeySpec":{
@@ -2059,7 +2107,8 @@
"enum":[
"AWS_KMS",
"EXTERNAL",
- "AWS_CLOUDHSM"
+ "AWS_CLOUDHSM",
+ "EXTERNAL_KEY_STORE"
]
},
"PendingWindowInDaysType":{
@@ -2336,7 +2385,12 @@
"CustomKeyStoreId":{"shape":"CustomKeyStoreIdType"},
"NewCustomKeyStoreName":{"shape":"CustomKeyStoreNameType"},
"KeyStorePassword":{"shape":"KeyStorePasswordType"},
- "CloudHsmClusterId":{"shape":"CloudHsmClusterIdType"}
+ "CloudHsmClusterId":{"shape":"CloudHsmClusterIdType"},
+ "XksProxyUriEndpoint":{"shape":"XksProxyUriEndpointType"},
+ "XksProxyUriPath":{"shape":"XksProxyUriPathType"},
+ "XksProxyVpcEndpointServiceName":{"shape":"XksProxyVpcEndpointServiceNameType"},
+ "XksProxyAuthenticationCredential":{"shape":"XksProxyAuthenticationCredentialType"},
+ "XksProxyConnectivity":{"shape":"XksProxyConnectivityType"}
}
},
"UpdateCustomKeyStoreResponse":{
@@ -2418,6 +2472,162 @@
"WrappingKeySpec":{
"type":"string",
"enum":["RSA_2048"]
+ },
+ "XksKeyAlreadyInUseException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksKeyConfigurationType":{
+ "type":"structure",
+ "members":{
+ "Id":{"shape":"XksKeyIdType"}
+ }
+ },
+ "XksKeyIdType":{
+ "type":"string",
+ "max":128,
+ "min":1,
+ "pattern":"^[a-zA-Z0-9-_.]+$"
+ },
+ "XksKeyInvalidConfigurationException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksKeyNotFoundException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyAuthenticationAccessKeyIdType":{
+ "type":"string",
+ "max":30,
+ "min":20,
+ "pattern":"^[A-Z2-7]+$",
+ "sensitive":true
+ },
+ "XksProxyAuthenticationCredentialType":{
+ "type":"structure",
+ "required":[
+ "AccessKeyId",
+ "RawSecretAccessKey"
+ ],
+ "members":{
+ "AccessKeyId":{"shape":"XksProxyAuthenticationAccessKeyIdType"},
+ "RawSecretAccessKey":{"shape":"XksProxyAuthenticationRawSecretAccessKeyType"}
+ }
+ },
+ "XksProxyAuthenticationRawSecretAccessKeyType":{
+ "type":"string",
+ "max":64,
+ "min":43,
+ "pattern":"^[a-zA-Z0-9\\/+=]+$",
+ "sensitive":true
+ },
+ "XksProxyConfigurationType":{
+ "type":"structure",
+ "members":{
+ "Connectivity":{"shape":"XksProxyConnectivityType"},
+ "AccessKeyId":{"shape":"XksProxyAuthenticationAccessKeyIdType"},
+ "UriEndpoint":{"shape":"XksProxyUriEndpointType"},
+ "UriPath":{"shape":"XksProxyUriPathType"},
+ "VpcEndpointServiceName":{"shape":"XksProxyVpcEndpointServiceNameType"}
+ }
+ },
+ "XksProxyConnectivityType":{
+ "type":"string",
+ "enum":[
+ "PUBLIC_ENDPOINT",
+ "VPC_ENDPOINT_SERVICE"
+ ]
+ },
+ "XksProxyIncorrectAuthenticationCredentialException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyInvalidConfigurationException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyInvalidResponseException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyUriEndpointInUseException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyUriEndpointType":{
+ "type":"string",
+ "max":128,
+ "min":10,
+ "pattern":"^https://[a-zA-Z0-9.-]+$"
+ },
+ "XksProxyUriInUseException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyUriPathType":{
+ "type":"string",
+ "max":128,
+ "min":10,
+ "pattern":"^(/[a-zA-Z0-9\\/_-]+/kms/xks/v\\d{1,2})$|^(/kms/xks/v\\d{1,2})$"
+ },
+ "XksProxyUriUnreachableException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyVpcEndpointServiceInUseException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyVpcEndpointServiceInvalidConfigurationException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
+ },
+ "XksProxyVpcEndpointServiceNameType":{
+ "type":"string",
+ "max":64,
+ "min":20,
+ "pattern":"^com\\.amazonaws\\.vpce\\.([a-z]+-){2,3}\\d+\\.vpce-svc-[0-9a-z]+$"
+ },
+ "XksProxyVpcEndpointServiceNotFoundException":{
+ "type":"structure",
+ "members":{
+ "message":{"shape":"ErrorMessageType"}
+ },
+ "exception":true
}
}
}
diff --git a/models/apis/kms/2014-11-01/docs-2.json b/models/apis/kms/2014-11-01/docs-2.json
index caaea36847..5d36590f3f 100644
--- a/models/apis/kms/2014-11-01/docs-2.json
+++ b/models/apis/kms/2014-11-01/docs-2.json
@@ -1,36 +1,36 @@
{
"version": "2.0",
- "service": "Key Management Service Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide .
KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.
We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.
If you need to use FIPS 140-2 validated cryptographic modules when communicating with Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the available FIPS endpoints, see Service endpoints in the Key Management Service topic of the Amazon Web Services General Reference.
All KMS API calls must be signed and be transmitted using Transport Layer Security (TLS). KMS recommends you always use the latest supported TLS version. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.
Signing Requests
Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account (root) access key ID and secret key for everyday work with KMS. Instead, use the access key ID and secret access key for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary security credentials that you can use to sign requests.
All KMS operations require Signature Version 4.
Logging API Requests
KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.
Additional Resources
For more information about credentials and request signing, see the following:
Commonly Used API Operations
Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.
",
+ "service": "Key Management Service Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide .
KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.
We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.
If you need to use FIPS 140-2 validated cryptographic modules when communicating with Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the available FIPS endpoints, see Service endpoints in the Key Management Service topic of the Amazon Web Services General Reference.
All KMS API calls must be signed and be transmitted using Transport Layer Security (TLS). KMS recommends you always use the latest supported TLS version. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.
Signing Requests
Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account (root) access key ID and secret access key for everyday work with KMS. Instead, use the access key ID and secret access key for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary security credentials that you can use to sign requests.
All KMS operations require Signature Version 4.
Logging API Requests
KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.
Additional Resources
For more information about credentials and request signing, see the following:
Commonly Used API Operations
Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.
",
"operations": {
"CancelKeyDeletion": "Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS key is Disabled. To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:CancelKeyDeletion (key policy)
Related operations: ScheduleKeyDeletion
",
- "ConnectCustomKeyStore": "Connects or reconnects a custom key store to its associated CloudHSM cluster.
The custom key store must be connected before you can create KMS keys in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key store at any time.
To connect a custom key store, its associated CloudHSM cluster must have at least one active HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs to the cluster, use the CreateHsm operation. Also, the kmsuser crypto user (CU) must not be logged into the cluster. This prevents KMS from using this account to log in.
The connection process can take an extended amount of time to complete; up to 20 minutes. This operation starts the connection process, but it does not wait for it to complete. When it succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no properties. However, this response does not indicate that the custom key store is connected. To get the connection state of the custom key store, use the DescribeCustomKeyStores operation.
During the connection process, KMS finds the CloudHSM cluster that is associated with the custom key store, creates the connection infrastructure, connects to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates its password.
The ConnectCustomKeyStore operation might fail for various reasons. To find the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode in the response. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
To fix the failure, use the DisconnectCustomKeyStore operation to disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use ConnectCustomKeyStore again.
If you are having trouble connecting or disconnecting a custom key store, see Troubleshooting a Custom Key Store in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:ConnectCustomKeyStore (IAM policy)
Related operations
",
- "CreateAlias": "Creates a friendly name for a KMS key.
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and GenerateDataKey. You can also change the KMS key that's associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any time. These operations don't affect the underlying KMS key.
You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.
The alias must be unique in the account and Region, but you can have aliases with the same name in different Regions. For detailed information about aliases, see Using aliases in the Key Management Service Developer Guide.
This operation does not return a response. To get the alias that you created, use the ListAliases operation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
Required permissions
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
",
- "CreateCustomKeyStore": "Creates a custom key store that is associated with an CloudHSM cluster that you own and manage.
This operation is part of the custom key store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
Before you create the custom key store, you must assemble the required elements, including an CloudHSM cluster that fulfills the requirements for a custom key store. For details about the required elements, see Assemble the Prerequisites in the Key Management Service Developer Guide.
When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your new custom key store, you need to use the ConnectCustomKeyStore operation to connect the new key store to its CloudHSM cluster. Even if you are not going to use your custom key store immediately, you might want to connect it to verify that all settings are correct and then disconnect it until you are ready to use it.
For help with failures, see Troubleshooting a Custom Key Store in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:CreateCustomKeyStore (IAM policy).
Related operations:
",
+ "ConnectCustomKeyStore": "Connects or reconnects a custom key store to its backing key store. For an CloudHSM key store, ConnectCustomKeyStore connects the key store to its associated CloudHSM cluster. For an external key store, ConnectCustomKeyStore connects the key store to the external key store proxy that communicates with your external key manager.
The custom key store must be connected before you can create KMS keys in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key store at any time.
The connection process for a custom key store can take an extended amount of time to complete. This operation starts the connection process, but it does not wait for it to complete. When it succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no properties. However, this response does not indicate that the custom key store is connected. To get the connection state of the custom key store, use the DescribeCustomKeyStores operation.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
The ConnectCustomKeyStore operation might fail for various reasons. To find the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode in the response. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
To fix the failure, use the DisconnectCustomKeyStore operation to disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use ConnectCustomKeyStore again.
CloudHSM key store
During the connection process for an CloudHSM key store, KMS finds the CloudHSM cluster that is associated with the custom key store, creates the connection infrastructure, connects to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates its password.
To connect an CloudHSM key store, its associated CloudHSM cluster must have at least one active HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs to the cluster, use the CreateHsm operation. Also, the kmsuser crypto user (CU) must not be logged into the cluster. This prevents KMS from using this account to log in.
If you are having trouble connecting or disconnecting a CloudHSM key store, see Troubleshooting an CloudHSM key store in the Key Management Service Developer Guide.
External key store
When you connect an external key store that uses public endpoint connectivity, KMS tests its ability to communicate with your external key manager by sending a request via the external key store proxy.
When you connect to an external key store that uses VPC endpoint service connectivity, KMS establishes the networking elements that it needs to communicate with your external key manager via the external key store proxy. This includes creating an interface endpoint to the VPC endpoint service and a private hosted zone for traffic between KMS and the VPC endpoint service.
To connect an external key store, KMS must be able to connect to the external key store proxy, the external key store proxy must be able to communicate with your external key manager, and the external key manager must be available for cryptographic operations.
If you are having trouble connecting or disconnecting an external key store, see Troubleshooting an external key store in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:ConnectCustomKeyStore (IAM policy)
Related operations
",
+ "CreateAlias": "Creates a friendly name for a KMS key.
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and GenerateDataKey. You can also change the KMS key that's associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any time. These operations don't affect the underlying KMS key.
You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.
The alias must be unique in the account and Region, but you can have aliases with the same name in different Regions. For detailed information about aliases, see Using aliases in the Key Management Service Developer Guide.
This operation does not return a response. To get the alias that you created, use the ListAliases operation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
Required permissions
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
",
+ "CreateCustomKeyStore": "Creates a custom key store backed by a key store that you own and manage. When you use a KMS key in a custom key store for a cryptographic operation, the cryptographic operation is actually performed in your key store using your keys. KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key store proxy and external key manager outside of Amazon Web Services.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
Before you create the custom key store, the required elements must be in place and operational. We recommend that you use the test tools that KMS provides to verify the configuration your external key store proxy. For details about the required elements and verification tests, see Assemble the prerequisites (for CloudHSM key stores) or Assemble the prerequisites (for external key stores) in the Key Management Service Developer Guide.
To create a custom key store, use the following parameters.
-
To create an CloudHSM key store, specify the CustomKeyStoreName, CloudHsmClusterId, KeyStorePassword, and TrustAnchorCertificate. The CustomKeyStoreType parameter is optional for CloudHSM key stores. If you include it, set it to the default value, AWS_CLOUDHSM. For help with failures, see Troubleshooting an CloudHSM key store in the Key Management Service Developer Guide.
-
To create an external key store, specify the CustomKeyStoreName and a CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values for XksProxyConnectivity, XksProxyAuthenticationCredential, XksProxyUriEndpoint, and XksProxyUriPath. If your XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify the XksProxyVpcEndpointServiceName parameter. For help with failures, see Troubleshooting an external key store in the Key Management Service Developer Guide.
For external key stores:
Some external key managers provide a simpler method for creating an external key store. For details, see your external key manager documentation.
When creating an external key store in the KMS console, you can upload a JSON-based proxy configuration file with the desired values. You cannot use a proxy configuration with the CreateCustomKeyStore operation. However, you can use the values in the file to help you determine the correct values for the CreateCustomKeyStore parameters.
When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your new custom key store, you need to use the ConnectCustomKeyStore operation to connect a new CloudHSM key store to its CloudHSM cluster, or to connect a new external key store to the external key store proxy for your external key manager. Even if you are not going to use your custom key store immediately, you might want to connect it to verify that all settings are correct and then disconnect it until you are ready to use it.
For help with failures, see Troubleshooting a custom key store in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:CreateCustomKeyStore (IAM policy).
Related operations:
",
"CreateGrant": "Adds a grant to a KMS key.
A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for temporary permissions because you can create one, use its permissions, and delete it without changing your key policies or IAM policies.
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.
The CreateGrant operation returns a GrantToken and a GrantId.
-
When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee principal can use the permissions in the grant without identifying the grant.
However, to use the permissions in the grant immediately, use the GrantToken that CreateGrant returns. For details, see Using a grant token in the Key Management Service Developer Guide .
-
The CreateGrant operation also returns a GrantId. You can use the GrantId and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant ID, use the ListGrants or ListRetirableGrants operations.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.
Required permissions: kms:CreateGrant (key policy)
Related operations:
",
- "CreateKey": "Creates a unique customer managed KMS key in your Amazon Web Services account and Region.
In addition to the required parameters, you can use the optional parameters to specify a key policy, description, tags, and other useful elements for any key type.
KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
To create different types of KMS keys, use the following guidance:
- Symmetric encryption KMS key
-
To create a symmetric encryption KMS key, you aren't required to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, and the default value for KeyUsage, ENCRYPT_DECRYPT, create a symmetric encryption KMS key. For technical details, see SYMMETRIC_DEFAULT key spec in the Key Management Service Developer Guide.
If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair.
- Asymmetric KMS keys
-
To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created.
Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key pairs can be used to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key pairs can be used only to sign and verify messages. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
- HMAC KMS key
-
To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created.
HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.
HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to create an HMAC KMS key in an Amazon Web Services Region in which HMAC keys are not supported, the CreateKey operation returns an UnsupportedOperationException. For a list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key Management Service Developer Guide.
- Multi-Region primary keys
- Imported key material
-
To create a multi-Region primary key in the local Amazon Web Services Region, use the MultiRegion parameter with a value of True. To create a multi-Region replica key, that is, a KMS key with the same key ID and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion operation.
You can create multi-Region KMS keys for all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't create multi-Region keys in a custom key store.
This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
-
To import your own key material, begin by creating a symmetric encryption KMS key with no key material. To do this, use the Origin parameter of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token, and use the public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For step-by-step instructions, see Importing Key Material in the Key Management Service Developer Guide .
This feature supports only symmetric encryption KMS keys, including multi-Region symmetric encryption KMS keys. You cannot import key material into any other type of KMS key.
To create a multi-Region primary key with imported key material, use the Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion parameter with a value of True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
- Custom key store
-
To create a symmetric encryption KMS key in a custom key store, use the CustomKeyStoreId parameter to specify the custom key store. You must also use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs in different Availability Zones in the Amazon Web Services Region.
Custom key stores support only symmetric encryption KMS keys. You cannot create an HMAC KMS key or an asymmetric KMS key in a custom key store. For information about custom key stores in KMS see Custom key stores in KMS in the Key Management Service Developer Guide .
Cross-account use: No. You cannot use this operation to create a KMS key in a different Amazon Web Services account.
Required permissions: kms:CreateKey (IAM policy). To use the Tags parameter, kms:TagResource (IAM policy). For examples and information about related permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide.
Related operations:
",
- "Decrypt": "Decrypts ciphertext that was encrypted by a KMS key using any of the following operations:
You can use this operation to decrypt ciphertext that was encrypted under a symmetric encryption KMS key or an asymmetric encryption KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption algorithm that was used to encrypt the ciphertext. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.
If the ciphertext was encrypted under a symmetric encryption KMS key, the KeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the KMS key is always recommended as a best practice. When you use the KeyId parameter to specify a KMS key, KMS only uses the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the Decrypt operation fails. This practice ensures that you use the KMS key that you intend.
Whenever possible, use key policies to give users permission to call the Decrypt operation on a particular KMS key, instead of using IAM policies. Otherwise, you might create an IAM user policy that gives the user Decrypt permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy for Decrypt permissions, limit the user to particular KMS keys or particular trusted accounts. For details, see Best practices for IAM policies in the Key Management Service Developer Guide.
Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:Decrypt (key policy)
Related operations:
",
- "DeleteAlias": "Deletes the specified alias.
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.
Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
Required permissions
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
",
- "DeleteCustomKeyStore": "Deletes a custom key store. This operation does not delete the CloudHSM cluster that is associated with the custom key store, or affect any users or keys in the cluster.
The custom key store that you delete cannot contain any KMS keys. Before deleting the key store, verify that you will never need to use any of the KMS keys in the key store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. When the scheduled waiting period expires, the ScheduleKeyDeletion operation deletes the KMS keys. Then it makes a best effort to delete the key material from the associated cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups.
After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to disconnect the key store from KMS. Then, you can delete the custom key store.
Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from KMS. While the key store is disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to delete KMS keys and you can reconnect a disconnected custom key store at any time.
If the operation succeeds, it returns a JSON object with no properties.
This operation is part of the custom key store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DeleteCustomKeyStore (IAM policy)
Related operations:
",
+ "CreateKey": "Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources.
A KMS key is a logical representation of a cryptographic key. In addition to the key material used in cryptographic operations, a KMS key includes metadata, such as the key ID, key policy, creation date, description, and key state. For details, see Managing keys in the Key Management Service Developer Guide
Use the parameters of CreateKey to specify the type of KMS key, the source of its key material, its key policy, description, tags, and other properties.
KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
To create different types of KMS keys, use the following guidance:
- Symmetric encryption KMS key
-
By default, CreateKey creates a symmetric encryption KMS key with key material that KMS generates. This is the basic and most widely used type of KMS key, and provides the best performance.
To create a symmetric encryption KMS key, you don't need to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric encryption KMS key with KMS key material.
If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair.
- Asymmetric KMS keys
-
To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created.
Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key pairs can be used to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key pairs can be used only to sign and verify messages. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
- HMAC KMS key
-
To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created.
HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.
HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to create an HMAC KMS key in an Amazon Web Services Region in which HMAC keys are not supported, the CreateKey operation returns an UnsupportedOperationException. For a list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key Management Service Developer Guide.
- Multi-Region primary keys
- Imported key material
-
To create a multi-Region primary key in the local Amazon Web Services Region, use the MultiRegion parameter with a value of True. To create a multi-Region replica key, that is, a KMS key with the same key ID and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion operation.
You can create multi-Region KMS keys for all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't create multi-Region keys in a custom key store.
This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
-
To import your own key material into a KMS key, begin by creating a symmetric encryption KMS key with no key material. To do this, use the Origin parameter of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token, and use the public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For step-by-step instructions, see Importing Key Material in the Key Management Service Developer Guide .
This feature supports only symmetric encryption KMS keys, including multi-Region symmetric encryption KMS keys. You cannot import key material into any other type of KMS key.
To create a multi-Region primary key with imported key material, use the Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion parameter with a value of True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For instructions, see Importing key material into multi-Region keys. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
- Custom key store
-
A custom key store lets you protect your Amazon Web Services resources using keys in a backing key store that you own and manage. When you request a cryptographic operation with a KMS key in a custom key store, the operation is performed in the backing key store using its cryptographic keys.
KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key manager outside of Amazon Web Services. When you create a KMS key in an CloudHSM key store, KMS generates an encryption key in the CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you specify an existing encryption key in the external key manager.
Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation.
Before you create a KMS key in a custom key store, the ConnectionState of the key store must be CONNECTED. To connect the custom key store, use the ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores operation.
To create a KMS key in a custom key store, use the CustomKeyStoreId. Use the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is supported in a custom key store.
To create a KMS key in an CloudHSM key store, use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs in different Availability Zones in the Amazon Web Services Region.
To create a KMS key in an external key store, use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId parameter that identifies an existing external key.
Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation.
Cross-account use: No. You cannot use this operation to create a KMS key in a different Amazon Web Services account.
Required permissions: kms:CreateKey (IAM policy). To use the Tags parameter, kms:TagResource (IAM policy). For examples and information about related permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide.
Related operations:
",
+ "Decrypt": "Decrypts ciphertext that was encrypted by a KMS key using any of the following operations:
You can use this operation to decrypt ciphertext that was encrypted under a symmetric encryption KMS key or an asymmetric encryption KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption algorithm that was used to encrypt the ciphertext. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the public key in an KMS asymmetric KMS key. However, it cannot decrypt symmetric ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.
If the ciphertext was encrypted under a symmetric encryption KMS key, the KeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the KMS key is always recommended as a best practice. When you use the KeyId parameter to specify a KMS key, KMS only uses the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the Decrypt operation fails. This practice ensures that you use the KMS key that you intend.
Whenever possible, use key policies to give users permission to call the Decrypt operation on a particular KMS key, instead of using IAM policies. Otherwise, you might create an IAM user policy that gives the user Decrypt permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy for Decrypt permissions, limit the user to particular KMS keys or particular trusted accounts. For details, see Best practices for IAM policies in the Key Management Service Developer Guide.
Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:Decrypt (key policy)
Related operations:
",
+ "DeleteAlias": "Deletes the specified alias.
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.
Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
Required permissions
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
",
+ "DeleteCustomKeyStore": "Deletes a custom key store. This operation does not affect any backing elements of the custom key store. It does not delete the CloudHSM cluster that is associated with an CloudHSM key store, or affect any users or keys in the cluster. For an external key store, it does not affect the external key store proxy, external key manager, or any external keys.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
The custom key store that you delete cannot contain any KMS keys. Before deleting the key store, verify that you will never need to use any of the KMS keys in the key store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. After the required waiting period expires and all KMS keys are deleted from the custom key store, use DisconnectCustomKeyStore to disconnect the key store from KMS. Then, you can delete the custom key store.
For keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes a best effort to delete the key material from the associated cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. KMS never creates, manages, or deletes cryptographic keys in the external key manager associated with an external key store. You must manage them using your external key manager tools.
Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore operation to disconnect the custom key store from its backing key store. While the key store is disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to delete KMS keys and you can reconnect a disconnected custom key store at any time.
If the operation succeeds, it returns a JSON object with no properties.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DeleteCustomKeyStore (IAM policy)
Related operations:
",
"DeleteImportedKeyMaterial": "Deletes key material that you previously imported. This operation makes the specified KMS key unusable. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide.
When the specified KMS key is in the PendingDeletion state, this operation does not change the KMS key's state. Otherwise, it changes the KMS key's state to PendingImport.
After you delete key material, you can use ImportKeyMaterial to reimport the same key material into the KMS key.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DeleteImportedKeyMaterial (key policy)
Related operations:
",
- "DescribeCustomKeyStores": "Gets information about custom key stores in the account and Region.
This operation is part of the custom key store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
By default, this operation returns information about all custom key stores in the account and Region. To get only information about a particular custom key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter (but not both).
To determine whether the custom key store is connected to its CloudHSM cluster, use the ConnectionState element in the response. If an attempt to connect the custom key store failed, the ConnectionState value is FAILED and the ConnectionErrorCode element in the response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
Custom key stores have a DISCONNECTED connection state if the key store has never been connected or you use the DisconnectCustomKeyStore operation to disconnect it. If your custom key store state is CONNECTED but you are having trouble using it, make sure that its associated CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if any.
For help repairing your custom key store, see the Troubleshooting Custom Key Stores topic in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DescribeCustomKeyStores (IAM policy)
Related operations:
",
- "DescribeKey": "Provides detailed information about a KMS key. You can run DescribeKey on a customer managed key or an Amazon Web Services managed key.
This detailed information includes the key ARN, creation date (and deletion date, if applicable), the key state, and the origin and expiration date (if any) of the key material. It includes fields, like KeySpec, that help you distinguish different types of KMS keys. It also displays the key usage (encryption, signing, or generating and verifying MACs) and the algorithms that the KMS key supports. For KMS keys in custom key stores, it includes information about the custom key store, such as the key store ID and the CloudHSM cluster ID. For multi-Region keys, it displays the primary key and all related replica keys.
DescribeKey does not return the following information:
-
Aliases associated with the KMS key. To get this information, use ListAliases.
-
Whether automatic key rotation is enabled on the KMS key. To get this information, use GetKeyRotationStatus. Also, some key states prevent a KMS key from being automatically rotated. For details, see How Automatic Key Rotation Works in the Key Management Service Developer Guide.
-
Tags on the KMS key. To get this information, use ListResourceTags.
-
Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.
In general, DescribeKey is a non-mutating operation. It returns data about KMS keys, but doesn't change them. However, Amazon Web Services services use DescribeKey to create Amazon Web Services managed keys from a predefined Amazon Web Services alias with no key ID.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:DescribeKey (key policy)
Related operations:
",
+ "DescribeCustomKeyStores": "Gets information about custom key stores in the account and Region.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
By default, this operation returns information about all custom key stores in the account and Region. To get only information about a particular custom key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter (but not both).
To determine whether the custom key store is connected to its CloudHSM cluster or external key store proxy, use the ConnectionState element in the response. If an attempt to connect the custom key store failed, the ConnectionState value is FAILED and the ConnectionErrorCode element in the response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
Custom key stores have a DISCONNECTED connection state if the key store has never been connected or you used the DisconnectCustomKeyStore operation to disconnect it. Otherwise, the connection state is CONNECTED. If your custom key store connection state is CONNECTED but you are having trouble using it, verify that the backing store is active and available. For an CloudHSM key store, verify that the associated CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if any. For an external key store, verify that the external key store proxy and its associated external key manager are reachable and enabled.
For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM key stores. For help repairing your external key store, see the Troubleshooting external key stores. Both topics are in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DescribeCustomKeyStores (IAM policy)
Related operations:
",
+ "DescribeKey": "Provides detailed information about a KMS key. You can run DescribeKey on a customer managed key or an Amazon Web Services managed key.
This detailed information includes the key ARN, creation date (and deletion date, if applicable), the key state, and the origin and expiration date (if any) of the key material. It includes fields, like KeySpec, that help you distinguish different types of KMS keys. It also displays the key usage (encryption, signing, or generating and verifying MACs) and the algorithms that the KMS key supports. For multi-Region keys, it displays the primary key and all related replica keys. For KMS keys in CloudHSM key stores, it includes information about the custom key store, such as the key store ID and the CloudHSM cluster ID. For KMS key in external key stores, it includes the custom key store ID and the ID and status of the associated external key.
DescribeKey does not return the following information:
-
Aliases associated with the KMS key. To get this information, use ListAliases.
-
Whether automatic key rotation is enabled on the KMS key. To get this information, use GetKeyRotationStatus. Also, some key states prevent a KMS key from being automatically rotated. For details, see How Automatic Key Rotation Works in the Key Management Service Developer Guide.
-
Tags on the KMS key. To get this information, use ListResourceTags.
-
Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.
In general, DescribeKey is a non-mutating operation. It returns data about KMS keys, but doesn't change them. However, Amazon Web Services services use DescribeKey to create Amazon Web Services managed keys from a predefined Amazon Web Services alias with no key ID.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:DescribeKey (key policy)
Related operations:
",
"DisableKey": "Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS key for cryptographic operations.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide .
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DisableKey (key policy)
Related operations: EnableKey
",
- "DisableKeyRotation": "Disables automatic rotation of the key material of the specified symmetric encryption KMS key.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable or disable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. The key rotation status of these KMS keys is always false. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
You can enable (EnableKeyRotation) and disable automatic rotation of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material for every year. Rotation of Amazon Web Services owned KMS keys varies.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DisableKeyRotation (key policy)
Related operations:
",
- "DisconnectCustomKeyStore": "Disconnects the custom key store from its associated CloudHSM cluster. While a custom key store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use KMS keys in the custom key store. You can reconnect the custom key store at any time.
While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will fail. This action can prevent users from storing and accessing sensitive data.
To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the ConnectCustomKeyStore operation.
If the operation succeeds, it returns a JSON object with no properties.
This operation is part of the custom key store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DisconnectCustomKeyStore (IAM policy)
Related operations:
",
+ "DisableKeyRotation": "Disables automatic rotation of the key material of the specified symmetric encryption KMS key.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
You can enable (EnableKeyRotation) and disable automatic rotation of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material for every year. Rotation of Amazon Web Services owned KMS keys varies.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DisableKeyRotation (key policy)
Related operations:
",
+ "DisconnectCustomKeyStore": "Disconnects the custom key store from its backing key store. This operation disconnects an CloudHSM key store from its associated CloudHSM cluster or disconnects an external key store from the external key store proxy that communicates with your external key manager.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
While a custom key store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use its KMS keys. You can reconnect the custom key store at any time.
While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will fail. This action can prevent users from storing and accessing sensitive data.
When you disconnect a custom key store, its ConnectionState changes to Disconnected. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the ConnectCustomKeyStore operation.
If the operation succeeds, it returns a JSON object with no properties.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DisconnectCustomKeyStore (IAM policy)
Related operations:
",
"EnableKey": "Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:EnableKey (key policy)
Related operations: DisableKey
",
- "EnableKeyRotation": "Enables automatic rotation of the key material of the specified symmetric encryption KMS key.
When you enable automatic rotation of acustomer managed KMS key, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch. To disable rotation of the key material in a customer managed KMS key, use the DisableKeyRotation operation.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable or disable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. The key rotation status of these KMS keys is always false. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
You cannot enable or disable automatic rotation Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys varies.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days).
New Amazon Web Services managed keys are automatically rotated one year after they are created, and approximately every year thereafter.
Existing Amazon Web Services managed keys are automatically rotated one year after their most recent rotation, and every year thereafter.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:EnableKeyRotation (key policy)
Related operations:
",
+ "EnableKeyRotation": "Enables automatic rotation of the key material of the specified symmetric encryption KMS key.
When you enable automatic rotation of acustomer managed KMS key, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch. To disable rotation of the key material in a customer managed KMS key, use the DisableKeyRotation operation.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
You cannot enable or disable automatic rotation Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys varies.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days).
New Amazon Web Services managed keys are automatically rotated one year after they are created, and approximately every year thereafter.
Existing Amazon Web Services managed keys are automatically rotated one year after their most recent rotation, and every year thereafter.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:EnableKeyRotation (key policy)
Related operations:
",
"Encrypt": "Encrypts plaintext of up to 4,096 bytes using a KMS key. You can use a symmetric or asymmetric KMS key with a KeyUsage of ENCRYPT_DECRYPT.
You can use this operation to encrypt small amounts of arbitrary data, such as a personal identifier or database password, or other sensitive information. You don't need to use the Encrypt operation to encrypt a data key. The GenerateDataKey and GenerateDataKeyPair operations return a plaintext data key and an encrypted copy of that data key.
If you use a symmetric encryption KMS key, you can use an encryption context to add additional security to your encryption operation. If you specify an EncryptionContext when encrypting data, you must specify the same encryption context (a case-sensitive exact match) when decrypting the data. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.
If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The algorithm must be compatible with the KMS key spec.
When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.
The maximum size of the data that you can encrypt varies with the type of KMS key and the encryption algorithm that you choose.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:Encrypt (key policy)
Related operations:
",
"GenerateDataKey": "Returns a unique symmetric data key for use outside of KMS. This operation returns a plaintext copy of the data key and a copy that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the plaintext key are random; they are not related to the caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS and store the encrypted data key with the encrypted data.
To generate a data key, specify the symmetric encryption KMS key that will be used to encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the type of your KMS key, use the DescribeKey operation.
You must also specify the length of the data key. Use either the KeySpec or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter.
To generate an SM4 data key (China Regions only), specify a KeySpec value of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption key.
To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure random byte string, use GenerateRandom.
You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.
Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
How to use your data key
We recommend that you use the following pattern to encrypt data locally in your application. You can write your own code or use a client-side encryption library, such as the Amazon Web Services Encryption SDK, the Amazon DynamoDB Encryption Client, or Amazon S3 client-side encryption to do these tasks for you.
To encrypt data outside of KMS:
-
Use the GenerateDataKey operation to get a data key.
-
Use the plaintext data key (in the Plaintext field of the response) to encrypt your data outside of KMS. Then erase the plaintext data key from memory.
-
Store the encrypted data key (in the CiphertextBlob field of the response) with the encrypted data.
To decrypt data outside of KMS:
-
Use the Decrypt operation to decrypt the encrypted data key. The operation returns a plaintext copy of the data key.
-
Use the plaintext data key to decrypt data outside of KMS, then erase the plaintext data key from memory.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GenerateDataKey (key policy)
Related operations:
",
"GenerateDataKeyPair": "Returns a unique asymmetric data key pair for use outside of KMS. This operation returns a plaintext public key, a plaintext private key, and a copy of the private key that is encrypted under the symmetric encryption KMS key you specify. You can use the data key pair to perform asymmetric cryptography and implement digital signatures outside of KMS. The bytes in the keys are random; they not related to the caller or to the KMS key that is used to encrypt the private key.
You can use the public key that GenerateDataKeyPair returns to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.
If you are using the data key pair to encrypt data, or for any operation where you don't immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation. GenerateDataKeyPairWithoutPlaintext returns a plaintext public key and an encrypted private key, but omits the plaintext private key that you need only to decrypt ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use the Decrypt operation to decrypt the encrypted private key in the data key pair.
GenerateDataKeyPair returns a unique data key pair for each request. The bytes in the keys are random; they are not related to the caller or the KMS key that is used to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280. The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC 5958.
You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GenerateDataKeyPair (key policy)
Related operations:
",
"GenerateDataKeyPairWithoutPlaintext": "Returns a unique asymmetric data key pair for use outside of KMS. This operation returns a plaintext public key and a copy of the private key that is encrypted under the symmetric encryption KMS key you specify. Unlike GenerateDataKeyPair, this operation does not return a plaintext private key. The bytes in the keys are random; they are not related to the caller or to the KMS key that is used to encrypt the private key.
You can use the public key that GenerateDataKeyPairWithoutPlaintext returns to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.
GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each request. The bytes in the key are not related to the caller or KMS key that is used to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280.
You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key policy)
Related operations:
",
- "GenerateDataKeyWithoutPlaintext": "Returns a unique symmetric data key for use outside of KMS. This operation returns a data key that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the key are random; they are not related to the caller or to the KMS key.
GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation except that it does not return a plaintext copy of the data key.
This operation is useful for systems that need to encrypt data at some point, but not immediately. When you need to encrypt the data, you call the Decrypt operation on the encrypted copy of the key.
It's also useful in distributed systems with different levels of trust. For example, you might store encrypted data in containers. One component of your system creates new containers and stores an encrypted data key with each container. Then, a different component puts the data into the containers. That component first decrypts the data key, uses the plaintext data key to encrypt data, puts the encrypted data into the container, and then destroys the plaintext data key. In this system, the component that creates the containers never sees the plaintext data key.
To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operations.
To generate a data key, you must specify the symmetric encryption KMS key that is used to encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to generate a data key. To get the type of your KMS key, use the DescribeKey operation.
If the operation succeeds, you will find the encrypted copy of the data key in the CiphertextBlob field.
You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GenerateDataKeyWithoutPlaintext (key policy)
Related operations:
",
- "GenerateMac": "Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports. The MAC algorithm computes the HMAC for the message and the key as described in RFC 2104.
You can use the HMAC that this operation generates with the VerifyMac operation to demonstrate that the original message has not changed. Also, because a secret key is used to create the hash, you can verify that the party that generated the hash has the required secret key. This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide .
Best practices recommend that you limit the time during which any signing mechanism, including an HMAC, is effective. This deters an attack where the actor uses a signed message to establish validity repeatedly or long after the message is superseded. HMAC tags do not include a timestamp, but you can include a timestamp in the token or message to help you detect when its time to refresh the HMAC.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GenerateMac (key policy)
Related operations: VerifyMac
",
- "GenerateRandom": "Returns a random byte string that is cryptographically secure.
You must use the NumberOfBytes parameter to specify the length of the random byte string. There is no default value for string length.
By default, the random byte string is generated in KMS. To generate the byte string in the CloudHSM cluster that is associated with a custom key store, specify the custom key store ID.
Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
For more information about entropy and random number generation, see Key Management Service Cryptographic Details.
Cross-account use: Not applicable. GenerateRandom does not use any account-specific resources, such as KMS keys.
Required permissions: kms:GenerateRandom (IAM policy)
",
+ "GenerateDataKeyWithoutPlaintext": "Returns a unique symmetric data key for use outside of KMS. This operation returns a data key that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the key are random; they are not related to the caller or to the KMS key.
GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation except that it does not return a plaintext copy of the data key.
This operation is useful for systems that need to encrypt data at some point, but not immediately. When you need to encrypt the data, you call the Decrypt operation on the encrypted copy of the key.
It's also useful in distributed systems with different levels of trust. For example, you might store encrypted data in containers. One component of your system creates new containers and stores an encrypted data key with each container. Then, a different component puts the data into the containers. That component first decrypts the data key, uses the plaintext data key to encrypt data, puts the encrypted data into the container, and then destroys the plaintext data key. In this system, the component that creates the containers never sees the plaintext data key.
To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operations.
To generate a data key, you must specify the symmetric encryption KMS key that is used to encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to generate a data key. To get the type of your KMS key, use the DescribeKey operation.
You must also specify the length of the data key. Use either the KeySpec or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter.
To generate an SM4 data key (China Regions only), specify a KeySpec value of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption key.
If the operation succeeds, you will find the encrypted copy of the data key in the CiphertextBlob field.
You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GenerateDataKeyWithoutPlaintext (key policy)
Related operations:
",
+ "GenerateMac": "Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports. HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in RFC 2104.
You can use value that GenerateMac returns in the VerifyMac operation to demonstrate that the original message has not changed. Also, because a secret key is used to create the hash, you can verify that the party that generated the hash has the required secret key. You can also use the raw result to implement HMAC-based algorithms such as key derivation functions. This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide .
Best practices recommend that you limit the time during which any signing mechanism, including an HMAC, is effective. This deters an attack where the actor uses a signed message to establish validity repeatedly or long after the message is superseded. HMAC tags do not include a timestamp, but you can include a timestamp in the token or message to help you detect when its time to refresh the HMAC.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GenerateMac (key policy)
Related operations: VerifyMac
",
+ "GenerateRandom": "Returns a random byte string that is cryptographically secure.
You must use the NumberOfBytes parameter to specify the length of the random byte string. There is no default value for string length.
By default, the random byte string is generated in KMS. To generate the byte string in the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId parameter.
Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
For more information about entropy and random number generation, see Key Management Service Cryptographic Details.
Cross-account use: Not applicable. GenerateRandom does not use any account-specific resources, such as KMS keys.
Required permissions: kms:GenerateRandom (IAM policy)
",
"GetKeyPolicy": "Gets a key policy attached to the specified KMS key.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:GetKeyPolicy (key policy)
Related operations: PutKeyPolicy
",
- "GetKeyRotationStatus": "Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified KMS key.
When you enable automatic rotation for customer managed KMS keys, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable or disable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. The key rotation status of these KMS keys is always false. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key..
You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The key rotation status for Amazon Web Services managed KMS keys is always true.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
-
Disabled: The key rotation status does not change when you disable a KMS key. However, while the KMS key is disabled, KMS does not rotate the key material. When you re-enable the KMS key, rotation resumes. If the key material in the re-enabled KMS key hasn't been rotated in one year, KMS rotates it immediately, and every year thereafter. If it's been less than a year since the key material in the re-enabled KMS key was rotated, the KMS key resumes its prior rotation schedule.
-
Pending deletion: While a KMS key is pending deletion, its key rotation status is false and KMS does not rotate the key material. If you cancel the deletion, the original key rotation status returns to true.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.
Required permissions: kms:GetKeyRotationStatus (key policy)
Related operations:
",
- "GetParametersForImport": "Returns the items you need to import key material into a symmetric encryption KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.
This operation returns a public key and an import token. Use the public key to encrypt the symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request.
You must specify the key ID of the symmetric encryption KMS key into which you will import key material. This KMS key's Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key material. You cannot perform this operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different Amazon Web Services account.
To import key material, you must use the public key and import token from the same response. These items are valid for 24 hours. The expiration date and time appear in the GetParametersForImport response. You cannot use an expired token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:GetParametersForImport (key policy)
Related operations:
",
- "GetPublicKey": "Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey permission can download the public key of an asymmetric KMS key. You can share the public key to allow others to encrypt messages and verify signatures outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
You do not need to download the public key. Instead, you can use the public key within KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the public key within KMS, you benefit from the authentication, authorization, and logging that are part of every KMS operation. You also reduce of risk of encrypting data that cannot be decrypted. These features are not effective outside of KMS.
To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.
To help you use the public key safely outside of KMS, GetPublicKey returns important information about the public key in the response, including:
-
KeySpec: The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521.
-
KeyUsage: Whether the key is used for encryption or signing.
-
EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing algorithms for the key.
Although KMS cannot enforce these restrictions on external operations, it is crucial that you use this information to prevent the public key from being used improperly. For example, you can prevent a public signing key from being used encrypt data, or prevent a public key from being used with an encryption algorithm that is not supported by KMS. You can also avoid errors, such as using the wrong signing algorithm in a verification operation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GetPublicKey (key policy)
Related operations: CreateKey
",
- "ImportKeyMaterial": "Imports key material into an existing symmetric encryption KMS key that was created without key material. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material.
You cannot perform this operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material and then importing key material, see Importing Key Material in the Key Management Service Developer Guide.
Before using this operation, call GetParametersForImport. Its response includes a public key and an import token. Use the public key to encrypt the key material. Then, submit the import token from the same GetParametersForImport response.
When calling this operation, you must specify the following values:
-
The key ID or key ARN of a KMS key with no key material. Its Origin must be EXTERNAL.
To create a KMS key with no key material, call CreateKey and set the value of its Origin parameter to EXTERNAL. To get the Origin of a KMS key, call DescribeKey.)
-
The encrypted key material. To get the public key to encrypt the key material, call GetParametersForImport.
-
The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.
-
Whether the key material expires and if so, when. If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, and the KMS key becomes unusable. To use the KMS key again, you must reimport the same key material. The only way to change an expiration date is by reimporting the same key material and specifying a new expiration date.
When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key.
If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ImportKeyMaterial (key policy)
Related operations:
",
+ "GetKeyRotationStatus": "Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified KMS key.
When you enable automatic rotation for customer managed KMS keys, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key..
You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The key rotation status for Amazon Web Services managed KMS keys is always true.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
-
Disabled: The key rotation status does not change when you disable a KMS key. However, while the KMS key is disabled, KMS does not rotate the key material. When you re-enable the KMS key, rotation resumes. If the key material in the re-enabled KMS key hasn't been rotated in one year, KMS rotates it immediately, and every year thereafter. If it's been less than a year since the key material in the re-enabled KMS key was rotated, the KMS key resumes its prior rotation schedule.
-
Pending deletion: While a KMS key is pending deletion, its key rotation status is false and KMS does not rotate the key material. If you cancel the deletion, the original key rotation status returns to true.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.
Required permissions: kms:GetKeyRotationStatus (key policy)
Related operations:
",
+ "GetParametersForImport": "Returns the items you need to import key material into a symmetric encryption KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.
This operation returns a public key and an import token. Use the public key to encrypt the symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request.
You must specify the key ID of the symmetric encryption KMS key into which you will import key material. The KMS key Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key material. You cannot perform this operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different Amazon Web Services account.
To import key material, you must use the public key and import token from the same response. These items are valid for 24 hours. The expiration date and time appear in the GetParametersForImport response. You cannot use an expired token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:GetParametersForImport (key policy)
Related operations:
",
+ "GetPublicKey": "Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey permission can download the public key of an asymmetric KMS key. You can share the public key to allow others to encrypt messages and verify signatures outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
You do not need to download the public key. Instead, you can use the public key within KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the public key within KMS, you benefit from the authentication, authorization, and logging that are part of every KMS operation. You also reduce of risk of encrypting data that cannot be decrypted. These features are not effective outside of KMS.
To help you use the public key safely outside of KMS, GetPublicKey returns important information about the public key in the response, including:
-
KeySpec: The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521.
-
KeyUsage: Whether the key is used for encryption or signing.
-
EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing algorithms for the key.
Although KMS cannot enforce these restrictions on external operations, it is crucial that you use this information to prevent the public key from being used improperly. For example, you can prevent a public signing key from being used encrypt data, or prevent a public key from being used with an encryption algorithm that is not supported by KMS. You can also avoid errors, such as using the wrong signing algorithm in a verification operation.
To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GetPublicKey (key policy)
Related operations: CreateKey
",
+ "ImportKeyMaterial": "Imports key material into an existing symmetric encryption KMS key that was created without key material. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material.
You cannot perform this operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material and then importing key material, see Importing Key Material in the Key Management Service Developer Guide.
Before using this operation, call GetParametersForImport. Its response includes a public key and an import token. Use the public key to encrypt the key material. Then, submit the import token from the same GetParametersForImport response.
When calling this operation, you must specify the following values:
-
The key ID or key ARN of a KMS key with no key material. Its Origin must be EXTERNAL.
To create a KMS key with no key material, call CreateKey and set the value of its Origin parameter to EXTERNAL. To get the Origin of a KMS key, call DescribeKey.)
-
The encrypted key material. To get the public key to encrypt the key material, call GetParametersForImport.
-
The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.
-
Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). If you set an expiration date, on the specified date, KMS deletes the key material from the KMS key, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. The only way to change the expiration model or expiration date is by reimporting the same key material and specifying a new expiration date.
When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key.
If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ImportKeyMaterial (key policy)
Related operations:
",
"ListAliases": "Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about aliases, see CreateAlias.
By default, the ListAliases operation returns all aliases in the account and region. To get only the aliases associated with a particular KMS key, use the KeyId parameter.
The ListAliases response can include aliases that you created and associated with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format aws/<service-name>, such as aws/dynamodb.
The response might also include aliases that have no TargetKeyId field. These are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against your KMS aliases quota.
Cross-account use: No. ListAliases does not return aliases in other Amazon Web Services accounts.
Required permissions: kms:ListAliases (IAM policy)
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
",
"ListGrants": "Gets a list of all grants for the specified KMS key.
You must specify the KMS key in all requests. You can filter the grant list by grant ID or grantee principal.
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.
The GranteePrincipal field in the ListGrants response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an Amazon Web Services service, the GranteePrincipal field contains the service principal, which might represent several different grantee principals.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.
Required permissions: kms:ListGrants (key policy)
Related operations:
",
"ListKeyPolicies": "Gets the names of the key policies that are attached to a KMS key. This operation is designed to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is default.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ListKeyPolicies (key policy)
Related operations:
",
@@ -38,20 +38,20 @@
"ListResourceTags": "Returns all tags on the specified KMS key.
For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference. For information about using tags in KMS, see Tagging keys.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ListResourceTags (key policy)
Related operations:
",
"ListRetirableGrants": "Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.
You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.
Cross-account use: You must specify a principal in your Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need kms:ListRetirableGrants permission (or any other additional permission) in any Amazon Web Services account other than your own.
Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.
Related operations:
",
"PutKeyPolicy": "Attaches a key policy to the specified KMS key.
For more information about key policies, see Key Policies in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide . For examples of adding a key policy in multiple programming languages, see Setting a key policy in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:PutKeyPolicy (key policy)
Related operations: GetKeyPolicy
",
- "ReEncrypt": "Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this operation to change the KMS key under which data is encrypted, such as when you manually rotate a KMS key or change the KMS key that protects a ciphertext. You can also use it to reencrypt ciphertext under the same KMS key, such as to change the encryption context of a ciphertext.
The ReEncrypt operation can decrypt ciphertext that was encrypted by using a KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.
When you use the ReEncrypt operation, you need to provide information for the decrypt operation and the subsequent encrypt operation.
-
If your ciphertext was encrypted under an asymmetric KMS key, you must use the SourceKeyId parameter to identify the KMS key that encrypted the ciphertext. You must also supply the encryption algorithm that was used. This information is required to decrypt the data.
-
If your ciphertext was encrypted under a symmetric encryption KMS key, the SourceKeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the source KMS key is always recommended as a best practice. When you use the SourceKeyId parameter to specify a KMS key, KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the ReEncrypt operation fails. This practice ensures that you use the KMS key that you intend.
-
To reencrypt the data, you must use the DestinationKeyId parameter specify the KMS key that re-encrypts the data after it is decrypted. If the destination KMS key is an asymmetric KMS key, you must also provide the encryption algorithm. The algorithm that you choose must be compatible with the KMS key.
When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than the caller. To specify a KMS key in a different account, you must use its key ARN or alias ARN.
Required permissions:
To permit reencryption from or to a KMS key, include the \"kms:ReEncrypt*\" permission in your key policy. This permission is automatically included in the key policy when you use the console to create a KMS key. But you must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.
Related operations:
",
+ "ReEncrypt": "Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this operation to change the KMS key under which data is encrypted, such as when you manually rotate a KMS key or change the KMS key that protects a ciphertext. You can also use it to reencrypt ciphertext under the same KMS key, such as to change the encryption context of a ciphertext.
The ReEncrypt operation can decrypt ciphertext that was encrypted by using a KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.
When you use the ReEncrypt operation, you need to provide information for the decrypt operation and the subsequent encrypt operation.
-
If your ciphertext was encrypted under an asymmetric KMS key, you must use the SourceKeyId parameter to identify the KMS key that encrypted the ciphertext. You must also supply the encryption algorithm that was used. This information is required to decrypt the data.
-
If your ciphertext was encrypted under a symmetric encryption KMS key, the SourceKeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the source KMS key is always recommended as a best practice. When you use the SourceKeyId parameter to specify a KMS key, KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the ReEncrypt operation fails. This practice ensures that you use the KMS key that you intend.
-
To reencrypt the data, you must use the DestinationKeyId parameter to specify the KMS key that re-encrypts the data after it is decrypted. If the destination KMS key is an asymmetric KMS key, you must also provide the encryption algorithm. The algorithm that you choose must be compatible with the KMS key.
When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than the caller. To specify a KMS key in a different account, you must use its key ARN or alias ARN.
Required permissions:
To permit reencryption from or to a KMS key, include the \"kms:ReEncrypt*\" permission in your key policy. This permission is automatically included in the key policy when you use the console to create a KMS key. But you must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.
Related operations:
",
"ReplicateKey": "Replicates a multi-Region key into the specified Region. This operation creates a multi-Region replica key based on a multi-Region primary key in a different Region of the same Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a different Region. To create a multi-Region primary key, use the CreateKey operation.
This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
A replica key is a fully-functional KMS key that can be used independently of its primary and peer replica keys. A primary key and its replica keys share properties that make them interoperable. They have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. KMS automatically synchronizes these shared properties among related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and Key states of KMS keys. KMS pricing and quotas for KMS keys apply to each primary key and replica key.
When this operation completes, the new replica key has a transient key state of Creating. This key state changes to Enabled (or PendingImport) after a few seconds when the process of creating the new replica key is complete. While the key state is Creating, you can manage key, but you cannot yet use it in cryptographic operations. If you are creating and using the replica key programmatically, retry on KMSInvalidStateException or call DescribeKey to check its KeyState value before using it. For details about the Creating key state, see Key states of KMS keys in the Key Management Service Developer Guide.
You cannot create more than one replica of a primary key in any Region. If the Region already includes a replica of the key you're trying to replicate, ReplicateKey returns an AlreadyExistsException error. If the key state of the existing replica is PendingDeletion, you can cancel the scheduled key deletion (CancelKeyDeletion) or wait for the key to be deleted. The new replica key you create will have the same shared properties as the original replica key.
The CloudTrail log of a ReplicateKey operation records a ReplicateKey operation in the primary key's Region and a CreateKey operation in the replica key's Region.
If you replicate a multi-Region primary key with imported key material, the replica key is created with no key material. You must import the same key material that you imported into the primary key. For details, see Importing key material into multi-Region keys in the Key Management Service Developer Guide.
To convert a replica key to a primary key, use the UpdatePrimaryRegion operation.
ReplicateKey uses different default values for the KeyPolicy and Tags parameters than those used in the KMS console. For details, see the parameter descriptions.
Cross-account use: No. You cannot use this operation to create a replica key in a different Amazon Web Services account.
Required permissions:
-
kms:ReplicateKey on the primary key (in the primary key's Region). Include this permission in the primary key's key policy.
-
kms:CreateKey in an IAM policy in the replica Region.
-
To use the Tags parameter, kms:TagResource in an IAM policy in the replica Region.
Related operations
",
"RetireGrant": "Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To identify the grant to retire, use a grant token, or both the grant ID and a key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation returns both values.
This operation can be called by the retiring principal for a grant, by the grantee principal if the grant allows the RetireGrant operation, and by the Amazon Web Services account in which the grant is created. It can also be called by principals to whom permission for retiring a grant is delegated. For details, see Retiring and revoking grants in the Key Management Service Developer Guide.
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.
Cross-account use: Yes. You can retire a grant on a KMS key in a different Amazon Web Services account.
Required permissions::Permission to retire a grant is determined primarily by the grant. For details, see Retiring and revoking grants in the Key Management Service Developer Guide.
Related operations:
",
"RevokeGrant": "Deletes the specified grant. You revoke a grant to terminate the permissions that the grant allows. For more information, see Retiring and revoking grants in the Key Management Service Developer Guide .
When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in the Key Management Service Developer Guide .
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.
Required permissions: kms:RevokeGrant (key policy).
Related operations:
",
- "ScheduleKeyDeletion": "Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it.
Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use DisableKey.
If you schedule deletion of a KMS key from a custom key store, when the waiting period expires, ScheduleKeyDeletion deletes the KMS key from KMS. Then KMS makes a best effort to delete the key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups.
You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide.
For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ScheduleKeyDeletion (key policy)
Related operations
",
+ "ScheduleKeyDeletion": "Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it.
Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use DisableKey.
You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide.
When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to delete the associated key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the associated external key. However, for both types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with the same key material.
For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ScheduleKeyDeletion (key policy)
Related operations
",
"Sign": "Creates a digital signature for a message or message digest by using the private key in an asymmetric signing KMS key. To verify the signature, use the Verify operation, or use the public key in the same asymmetric KMS key outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
Digital signatures are generated and verified by using asymmetric key pair, such as an RSA or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized user) uses their private key to sign a message. Anyone with the public key can verify that the message was signed with that particular private key and that the message hasn't changed since it was signed.
To use the Sign operation, provide the following information:
-
Use the KeyId parameter to identify an asymmetric KMS key with a KeyUsage value of SIGN_VERIFY. To get the KeyUsage value of a KMS key, use the DescribeKey operation. The caller must have kms:Sign permission on the KMS key.
-
Use the Message parameter to specify the message or message digest to sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a hash digest of the message, and then provide the hash digest in the Message parameter. To indicate whether the message is a full message or a digest, use the MessageType parameter.
-
Choose a signing algorithm that is compatible with the KMS key.
When signing a message, be sure to record the KMS key and the signing algorithm. This information is required to verify the signature.
Best practices recommend that you limit the time during which any signature is effective. This deters an attack where the actor uses a signed message to establish validity repeatedly or long after the message is superseded. Signatures do not include a timestamp, but you can include a timestamp in the signed message to help you detect when its time to refresh the signature.
To verify the signature that this operation generates, use the Verify operation. Or use the GetPublicKey operation to download the public key and then use the public key to verify the signature outside of KMS.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:Sign (key policy)
Related operations: Verify
",
- "TagResource": "Adds or edits tags on a customer managed key.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
Each tag consists of a tag key and a tag value, both of which are case-sensitive strings. The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag key and a new tag value.
You can use this operation to tag a customer managed key, but you cannot tag an Amazon Web Services managed key, an Amazon Web Services owned key, a custom key store, or an alias.
You can also add tags to a KMS key while creating it (CreateKey) or replicating it (ReplicateKey).
For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:TagResource (key policy)
Related operations
",
- "UntagResource": "Deletes tags from a customer managed key. To delete a tag, specify the tag key and the KMS key.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
When it succeeds, the UntagResource operation doesn't return any output. Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return a response. To confirm that the operation worked, use the ListResourceTags operation.
For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:UntagResource (key policy)
Related operations
",
- "UpdateAlias": "Associates an existing KMS alias with a different KMS key. Each alias is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the KMS key must be in the same Amazon Web Services account and Region.
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
The current and new KMS key must be the same type (both symmetric or both asymmetric), and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). This restriction prevents errors in code that uses aliases. If you must assign an alias to a different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.
You cannot use UpdateAlias to change an alias name. To change an alias name, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.
Because an alias is not a property of a KMS key, you can create, update, and delete the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys in the account, use the ListAliases operation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
",
- "UpdateCustomKeyStore": "Changes the properties of a custom key store. Use the CustomKeyStoreId parameter to identify the custom key store you want to edit. Use the remaining parameters to change the properties of the custom key store.
You can only update a custom key store that is disconnected. To disconnect the custom key store, use DisconnectCustomKeyStore. To reconnect the custom key store after the update completes, use ConnectCustomKeyStore. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation.
The CustomKeyStoreId parameter is required in all commands. Use the other parameters of UpdateCustomKeyStore to edit your key store settings.
-
Use the NewCustomKeyStoreName parameter to change the friendly name of the custom key store to the value that you specify.
-
Use the KeyStorePassword parameter tell KMS the current password of the kmsuser crypto user (CU) in the associated CloudHSM cluster. You can use this parameter to fix connection failures that occur when KMS cannot log into the associated cluster because the kmsuser password has changed. This value does not change the password in the CloudHSM cluster.
-
Use the CloudHsmClusterId parameter to associate the custom key store with a different, but related, CloudHSM cluster. You can use this parameter to repair a custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when you need to create or restore a cluster from a backup.
If the operation succeeds, it returns a JSON object with no properties.
This operation is part of the custom key store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:UpdateCustomKeyStore (IAM policy)
Related operations:
",
+ "TagResource": "Adds or edits tags on a customer managed key.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
Each tag consists of a tag key and a tag value, both of which are case-sensitive strings. The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag key and a new tag value.
You can use this operation to tag a customer managed key, but you cannot tag an Amazon Web Services managed key, an Amazon Web Services owned key, a custom key store, or an alias.
You can also add tags to a KMS key while creating it (CreateKey) or replicating it (ReplicateKey).
For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:TagResource (key policy)
Related operations
",
+ "UntagResource": "Deletes tags from a customer managed key. To delete a tag, specify the tag key and the KMS key.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
When it succeeds, the UntagResource operation doesn't return any output. Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return a response. To confirm that the operation worked, use the ListResourceTags operation.
For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:UntagResource (key policy)
Related operations
",
+ "UpdateAlias": "Associates an existing KMS alias with a different KMS key. Each alias is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the KMS key must be in the same Amazon Web Services account and Region.
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
The current and new KMS key must be the same type (both symmetric or both asymmetric or both HMAC), and they must have the same key usage. This restriction prevents errors in code that uses aliases. If you must assign an alias to a different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.
You cannot use UpdateAlias to change an alias name. To change an alias name, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.
Because an alias is not a property of a KMS key, you can create, update, and delete the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys in the account, use the ListAliases operation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
",
+ "UpdateCustomKeyStore": "Changes the properties of a custom key store. You can use this operation to change the properties of an CloudHSM key store or an external key store.
Use the required CustomKeyStoreId parameter to identify the custom key store. Use the remaining optional parameters to change its properties. This operation does not return any property values. To verify the updated property values, use the DescribeCustomKeyStores operation.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
When updating the properties of an external key store, verify that the updated settings connect your key store, via the external key store proxy, to the same external key manager as the previous settings, or to a backup or snapshot of the external key manager with the same cryptographic keys. If the updated connection settings fail, you can fix them and retry, although an extended delay might disrupt Amazon Web Services services. However, if KMS permanently loses its access to cryptographic keys, ciphertext encrypted under those keys is unrecoverable.
For external key stores:
Some external key managers provide a simpler method for updating an external key store. For details, see your external key manager documentation.
When updating an external key store in the KMS console, you can upload a JSON-based proxy configuration file with the desired values. You cannot upload the proxy configuration file to the UpdateCustomKeyStore operation. However, you can use the file to help you determine the correct values for the UpdateCustomKeyStore parameters.
For an CloudHSM key store, you can use this operation to change the custom key store friendly name (NewCustomKeyStoreName), to tell KMS about a change to the kmsuser crypto user password (KeyStorePassword), or to associate the custom key store with a different, but related, CloudHSM cluster (CloudHsmClusterId). To update any property of an CloudHSM key store, the ConnectionState of the CloudHSM key store must be DISCONNECTED.
For an external key store, you can use this operation to change the custom key store friendly name (NewCustomKeyStoreName), or to tell KMS about a change to the external key store proxy authentication credentials (XksProxyAuthenticationCredential), connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint) and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint service name (XksProxyVpcEndpointServiceName). To update most properties of an external key store, the ConnectionState of the external key store must be DISCONNECTED. However, you can update the CustomKeyStoreName, XksProxyAuthenticationCredential, and XksProxyUriPath of an external key store when it is in the CONNECTED or DISCONNECTED state.
If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore, use the DisconnectCustomKeyStore operation to disconnect the custom key store. After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore to reconnect the custom key store. To find the ConnectionState of the custom key store, use the DescribeCustomKeyStores operation.
Before updating the custom key store, verify that the new values allow KMS to connect the custom key store to its backing key store. For example, before you change the XksProxyUriPath value, verify that the external key store proxy is reachable at the new path.
If the operation succeeds, it returns a JSON object with no properties.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:UpdateCustomKeyStore (IAM policy)
Related operations:
",
"UpdateKeyDescription": "Updates the description of a KMS key. To see the description of a KMS key, use DescribeKey.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:UpdateKeyDescription (key policy)
Related operations
",
"UpdatePrimaryRegion": "Changes the primary key of a multi-Region key.
This operation changes the replica key in the specified Region to a primary key and changes the former primary key to a replica key. For example, suppose you have a primary key in us-east-1 and a replica key in eu-west-2. If you run UpdatePrimaryRegion with a PrimaryRegion value of eu-west-2, the primary key is now the key in eu-west-2, and the key in us-east-1 becomes a replica key. For details, see Updating the primary Region in the Key Management Service Developer Guide.
This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
The primary key of a multi-Region key is the source for properties that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material origin, and automatic key rotation. It's the only key that can be replicated. You cannot delete the primary key until all replica keys are deleted.
The key ID and primary Region that you specify uniquely identify the replica key that will become the primary key. The primary Region must already have a replica key. This operation does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica key, use the ReplicateKey operation.
You can run this operation while using the affected multi-Region keys in cryptographic operations. This operation should not delay, interrupt, or cause failures in cryptographic operations.
Even after this operation completes, the process of updating the primary Region might still be in progress for a few more seconds. Operations such as DescribeKey might display both the old and new primary keys as replicas. The old and new primary keys have a transient key state of Updating. The original key state is restored when the update is complete. While the key state is Updating, you can use the keys in cryptographic operations, but you cannot replicate the new primary key or perform certain management operations, such as enabling or disabling these keys. For details about the Updating key state, see Key states of KMS keys in the Key Management Service Developer Guide.
This operation does not return any output. To verify that primary key is changed, use the DescribeKey operation.
Cross-account use: No. You cannot use this operation in a different Amazon Web Services account.
Required permissions:
-
kms:UpdatePrimaryRegion on the current primary key (in the primary key's Region). Include this permission primary key's key policy.
-
kms:UpdatePrimaryRegion on the current replica key (in the replica key's Region). Include this permission in the replica key's key policy.
Related operations
",
- "Verify": "Verifies a digital signature that was generated by the Sign operation.
Verification confirms that an authorized user signed the message with the specified KMS key and signing algorithm, and the message hasn't changed since it was signed. If the signature is verified, the value of the SignatureValid field in the response is True. If the signature verification fails, the Verify operation fails with an KMSInvalidSignatureException exception.
A digital signature is generated by using the private key in an asymmetric KMS key. The signature is verified by using the public key in the same asymmetric KMS key. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
To verify a digital signature, you can use the Verify operation. Specify the same asymmetric KMS key, message, and signing algorithm that were used to produce the signature.
You can also verify the digital signature by using the public key of the KMS key outside of KMS. Use the GetPublicKey operation to download the public key in the asymmetric KMS key and then use the public key to verify the signature outside of KMS. To verify a signature outside of KMS with an SM2 public key, you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs in Key Management Service Developer Guide. The advantage of using the Verify operation is that it is performed within KMS. As a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use the KMS key to verify signatures.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:Verify (key policy)
Related operations: Sign
",
- "VerifyMac": "Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, and compares the computed HMAC to the HMAC that you specify. If the HMACs are identical, the verification succeeds; otherwise, it fails.
Verification indicates that the message hasn't changed since the HMAC was calculated, and the specified key was used to generate and verify the HMAC.
This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:VerifyMac (key policy)
Related operations: GenerateMac
"
+ "Verify": "Verifies a digital signature that was generated by the Sign operation.
Verification confirms that an authorized user signed the message with the specified KMS key and signing algorithm, and the message hasn't changed since it was signed. If the signature is verified, the value of the SignatureValid field in the response is True. If the signature verification fails, the Verify operation fails with an KMSInvalidSignatureException exception.
A digital signature is generated by using the private key in an asymmetric KMS key. The signature is verified by using the public key in the same asymmetric KMS key. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
To verify a digital signature, you can use the Verify operation. Specify the same asymmetric KMS key, message, and signing algorithm that were used to produce the signature.
You can also verify the digital signature by using the public key of the KMS key outside of KMS. Use the GetPublicKey operation to download the public key in the asymmetric KMS key and then use the public key to verify the signature outside of KMS. The advantage of using the Verify operation is that it is performed within KMS. As a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use the KMS key to verify signatures.
To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:Verify (key policy)
Related operations: Sign
",
+ "VerifyMac": "Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, and compares the computed HMAC to the HMAC that you specify. If the HMACs are identical, the verification succeeds; otherwise, it fails. Verification indicates that the message hasn't changed since the HMAC was calculated, and the specified key was used to generate and verify the HMAC.
HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in RFC 2104.
This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:VerifyMac (key policy)
Related operations: GenerateMac
"
},
"shapes": {
"AWSAccountIdType": {
@@ -138,7 +138,7 @@
"GenerateDataKeyPairWithoutPlaintextResponse$PrivateKeyCiphertextBlob": "The encrypted copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
",
"GenerateDataKeyResponse$CiphertextBlob": "The encrypted copy of the data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
",
"GenerateDataKeyWithoutPlaintextResponse$CiphertextBlob": "The encrypted data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
",
- "GenerateMacResponse$Mac": "The hash-based message authentication code (HMAC) for the given message, key, and MAC algorithm.
",
+ "GenerateMacResponse$Mac": "The hash-based message authentication code (HMAC) that was generated for the specified message, HMAC KMS key, and MAC algorithm.
This is the standard, raw HMAC defined in RFC 2104.
",
"GetParametersForImportResponse$ImportToken": "The import token to send in a subsequent ImportKeyMaterial request.
",
"ImportKeyMaterialRequest$ImportToken": "The import token that you received in the response to a previous GetParametersForImport request. It must be from the same response that contained the public key that you used to encrypt the key material.
",
"ImportKeyMaterialRequest$EncryptedKeyMaterial": "The encrypted key material to import. The key material must be encrypted with the public wrapping key that GetParametersForImport returned, using the wrapping algorithm that you specified in the same GetParametersForImport request.
",
@@ -152,24 +152,24 @@
"CloudHsmClusterIdType": {
"base": null,
"refs": {
- "CreateCustomKeyStoreRequest$CloudHsmClusterId": "Identifies the CloudHSM cluster for the custom key store. Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To find the cluster ID, use the DescribeClusters operation.
",
- "CustomKeyStoresListEntry$CloudHsmClusterId": "A unique identifier for the CloudHSM cluster that is associated with the custom key store.
",
- "KeyMetadata$CloudHsmClusterId": "The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in a custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This value is present only when the KMS key is created in a custom key store.
",
- "UpdateCustomKeyStoreRequest$CloudHsmClusterId": "Associates the custom key store with a related CloudHSM cluster.
Enter the cluster ID of the cluster that you used to create the custom key store or a cluster that shares a backup history and has the same cluster certificate as the original cluster. You cannot use this parameter to associate a custom key store with an unrelated cluster. In addition, the replacement cluster must fulfill the requirements for a cluster associated with a custom key store. To view the cluster certificate of a cluster, use the DescribeClusters operation.
"
+ "CreateCustomKeyStoreRequest$CloudHsmClusterId": "Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with CustomKeyStoreType of AWS_CLOUDHSM.
Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To find the cluster ID, use the DescribeClusters operation.
",
+ "CustomKeyStoresListEntry$CloudHsmClusterId": "A unique identifier for the CloudHSM cluster that is associated with an CloudHSM key store. This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM.
",
+ "KeyMetadata$CloudHsmClusterId": "The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.
",
+ "UpdateCustomKeyStoreRequest$CloudHsmClusterId": "Associates the custom key store with a related CloudHSM cluster. This parameter is valid only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
Enter the cluster ID of the cluster that you used to create the custom key store or a cluster that shares a backup history and has the same cluster certificate as the original cluster. You cannot use this parameter to associate a custom key store with an unrelated cluster. In addition, the replacement cluster must fulfill the requirements for a cluster associated with a custom key store. To view the cluster certificate of a cluster, use the DescribeClusters operation.
To change this value, the CloudHSM key store must be disconnected.
"
}
},
"CloudHsmClusterInUseException": {
- "base": "The request was rejected because the specified CloudHSM cluster is already associated with a custom key store or it shares a backup history with a cluster that is associated with a custom key store. Each custom key store must be associated with a different CloudHSM cluster.
Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters operation.
",
+ "base": "The request was rejected because the specified CloudHSM cluster is already associated with an CloudHSM key store in the account, or it shares a backup history with an CloudHSM key store in the account. Each CloudHSM key store in the account must be associated with a different CloudHSM cluster.
CloudHSM clusters that share a backup history have the same cluster certificate. To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters operation.
",
"refs": {
}
},
"CloudHsmClusterInvalidConfigurationException": {
- "base": "The request was rejected because the associated CloudHSM cluster did not meet the configuration requirements for a custom key store.
-
The cluster must be configured with private subnets in at least two different Availability Zones in the Region.
-
The security group for the cluster (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the Destination in the outbound rules must match the security group ID. These rules are set by default when you create the cluster. Do not delete or change them. To get information about a particular security group, use the DescribeSecurityGroups operation.
-
The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the CloudHSM CreateHsm operation.
For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the ConnectCustomKeyStore operation, the CloudHSM must contain at least one active HSM.
For information about the requirements for an CloudHSM cluster that is associated with a custom key store, see Assemble the Prerequisites in the Key Management Service Developer Guide. For information about creating a private subnet for an CloudHSM cluster, see Create a Private Subnet in the CloudHSM User Guide. For information about cluster security groups, see Configure a Default Security Group in the CloudHSM User Guide .
",
+ "base": "The request was rejected because the associated CloudHSM cluster did not meet the configuration requirements for an CloudHSM key store.
-
The CloudHSM cluster must be configured with private subnets in at least two different Availability Zones in the Region.
-
The security group for the cluster (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the Destination in the outbound rules must match the security group ID. These rules are set by default when you create the CloudHSM cluster. Do not delete or change them. To get information about a particular security group, use the DescribeSecurityGroups operation.
-
The CloudHSM cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the CloudHSM CreateHsm operation.
For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the ConnectCustomKeyStore operation, the CloudHSM must contain at least one active HSM.
For information about the requirements for an CloudHSM cluster that is associated with an CloudHSM key store, see Assemble the Prerequisites in the Key Management Service Developer Guide. For information about creating a private subnet for an CloudHSM cluster, see Create a Private Subnet in the CloudHSM User Guide. For information about cluster security groups, see Configure a Default Security Group in the CloudHSM User Guide .
",
"refs": {
}
},
"CloudHsmClusterNotActiveException": {
- "base": "The request was rejected because the CloudHSM cluster that is associated with the custom key store is not active. Initialize and activate the cluster and try the command again. For detailed instructions, see Getting Started in the CloudHSM User Guide.
",
+ "base": "The request was rejected because the CloudHSM cluster associated with the CloudHSM key store is not active. Initialize and activate the cluster and try the command again. For detailed instructions, see Getting Started in the CloudHSM User Guide.
",
"refs": {
}
},
@@ -179,7 +179,7 @@
}
},
"CloudHsmClusterNotRelatedException": {
- "base": "The request was rejected because the specified CloudHSM cluster has a different cluster certificate than the original cluster. You cannot use the operation to specify an unrelated cluster.
Specify a cluster that shares a backup history with the original cluster. This includes clusters that were created from a backup of the current cluster, and clusters that were created from the same backup that produced the current cluster.
Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters operation.
",
+ "base": "The request was rejected because the specified CloudHSM cluster has a different cluster certificate than the original cluster. You cannot use the operation to specify an unrelated cluster for an CloudHSM key store.
Specify an CloudHSM cluster that shares a backup history with the original cluster. This includes clusters that were created from a backup of the current cluster, and clusters that were created from the same backup that produced the current cluster.
CloudHSM clusters that share a backup history have the same cluster certificate. To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters operation.
",
"refs": {
}
},
@@ -196,13 +196,13 @@
"ConnectionErrorCodeType": {
"base": null,
"refs": {
- "CustomKeyStoresListEntry$ConnectionErrorCode": "Describes the connection error. This field appears in the response only when the ConnectionState is FAILED. For help resolving these errors, see How to Fix a Connection Failure in Key Management Service Developer Guide.
Valid values are:
-
CLUSTER_NOT_FOUND - KMS cannot find the CloudHSM cluster with the specified cluster ID.
-
INSUFFICIENT_CLOUDHSM_HSMS - The associated CloudHSM cluster does not contain any active HSMs. To connect a custom key store to its CloudHSM cluster, the cluster must contain at least one active HSM.
-
INTERNAL_ERROR - KMS could not complete the request due to an internal error. Retry the request. For ConnectCustomKeyStore requests, disconnect the custom key store before trying to connect again.
-
INVALID_CREDENTIALS - KMS does not have the correct password for the kmsuser crypto user in the CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must change the kmsuser account password and update the key store password value for the custom key store.
-
NETWORK_ERRORS - Network errors are preventing KMS from connecting to the custom key store.
-
SUBNET_NOT_FOUND - A subnet in the CloudHSM cluster configuration was deleted. If KMS cannot find all of the subnets in the cluster configuration, attempts to connect the custom key store to the CloudHSM cluster fail. To fix this error, create a cluster from a recent backup and associate it with your custom key store. (This process creates a new cluster configuration with a VPC and private subnets.) For details, see How to Fix a Connection Failure in the Key Management Service Developer Guide.
-
USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated CloudHSM cluster due to too many failed password attempts. Before you can connect your custom key store to its CloudHSM cluster, you must change the kmsuser account password and update the key store password value for the custom key store.
-
USER_LOGGED_IN - The kmsuser CU account is logged into the the associated CloudHSM cluster. This prevents KMS from rotating the kmsuser account password and logging into the cluster. Before you can connect your custom key store to its CloudHSM cluster, you must log the kmsuser CU out of the cluster. If you changed the kmsuser password to log into the cluster, you must also and update the key store password value for the custom key store. For help, see How to Log Out and Reconnect in the Key Management Service Developer Guide.
-
USER_NOT_FOUND - KMS cannot find a kmsuser CU account in the associated CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must create a kmsuser CU account in the cluster, and then update the key store password value for the custom key store.
"
+ "CustomKeyStoresListEntry$ConnectionErrorCode": "Describes the connection error. This field appears in the response only when the ConnectionState is FAILED.
Many failures can be resolved by updating the properties of the custom key store. To update a custom key store, disconnect it (DisconnectCustomKeyStore), correct the errors (UpdateCustomKeyStore), and try to connect again (ConnectCustomKeyStore). For additional help resolving these errors, see How to Fix a Connection Failure in Key Management Service Developer Guide.
All custom key stores:
-
INTERNAL_ERROR — KMS could not complete the request due to an internal error. Retry the request. For ConnectCustomKeyStore requests, disconnect the custom key store before trying to connect again.
-
NETWORK_ERRORS — Network errors are preventing KMS from connecting the custom key store to its backing key store.
CloudHSM key stores:
-
CLUSTER_NOT_FOUND — KMS cannot find the CloudHSM cluster with the specified cluster ID.
-
INSUFFICIENT_CLOUDHSM_HSMS — The associated CloudHSM cluster does not contain any active HSMs. To connect a custom key store to its CloudHSM cluster, the cluster must contain at least one active HSM.
-
INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET — At least one private subnet associated with the CloudHSM cluster doesn't have any available IP addresses. A CloudHSM key store connection requires one free IP address in each of the associated private subnets, although two are preferable. For details, see How to Fix a Connection Failure in the Key Management Service Developer Guide.
-
INVALID_CREDENTIALS — The KeyStorePassword for the custom key store doesn't match the current password of the kmsuser crypto user in the CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must change the kmsuser account password and update the KeyStorePassword value for the custom key store.
-
SUBNET_NOT_FOUND — A subnet in the CloudHSM cluster configuration was deleted. If KMS cannot find all of the subnets in the cluster configuration, attempts to connect the custom key store to the CloudHSM cluster fail. To fix this error, create a cluster from a recent backup and associate it with your custom key store. (This process creates a new cluster configuration with a VPC and private subnets.) For details, see How to Fix a Connection Failure in the Key Management Service Developer Guide.
-
USER_LOCKED_OUT — The kmsuser CU account is locked out of the associated CloudHSM cluster due to too many failed password attempts. Before you can connect your custom key store to its CloudHSM cluster, you must change the kmsuser account password and update the key store password value for the custom key store.
-
USER_LOGGED_IN — The kmsuser CU account is logged into the associated CloudHSM cluster. This prevents KMS from rotating the kmsuser account password and logging into the cluster. Before you can connect your custom key store to its CloudHSM cluster, you must log the kmsuser CU out of the cluster. If you changed the kmsuser password to log into the cluster, you must also and update the key store password value for the custom key store. For help, see How to Log Out and Reconnect in the Key Management Service Developer Guide.
-
USER_NOT_FOUND — KMS cannot find a kmsuser CU account in the associated CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must create a kmsuser CU account in the cluster, and then update the key store password value for the custom key store.
External key stores:
-
INVALID_CREDENTIALS — One or both of the XksProxyAuthenticationCredential values is not valid on the specified external key store proxy.
-
XKS_PROXY_ACCESS_DENIED — KMS requests are denied access to the external key store proxy. If the external key store proxy has authorization rules, verify that they permit KMS to communicate with the proxy on your behalf.
-
XKS_PROXY_INVALID_CONFIGURATION — A configuration error is preventing the external key store from connecting to its proxy. Verify the value of the XksProxyUriPath.
-
XKS_PROXY_INVALID_RESPONSE — KMS cannot interpret the response from the external key store proxy. If you see this connection error code repeatedly, notify your external key store proxy vendor.
-
XKS_PROXY_INVALID_TLS_CONFIGURATION — KMS cannot connect to the external key store proxy because the TLS configuration is invalid. Verify that the XKS proxy supports TLS 1.2 or 1.3. Also, verify that the TLS certificate is not expired, and that it matches the hostname in the XksProxyUriEndpoint value, and that it is signed by a certificate authority included in the Trusted Certificate Authorities list.
-
XKS_PROXY_NOT_REACHABLE — KMS can't communicate with your external key store proxy. Verify that the XksProxyUriEndpoint and XksProxyUriPath are correct. Use the tools for your external key store proxy to verify that the proxy is active and available on its network. Also, verify that your external key manager instances are operating properly. Connection attempts fail with this connection error code if the proxy reports that all external key manager instances are unavailable.
-
XKS_PROXY_TIMED_OUT — KMS can connect to the external key store proxy, but the proxy does not respond to KMS in the time allotted. If you see this connection error code repeatedly, notify your external key store proxy vendor.
-
XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION — The Amazon VPC endpoint service configuration doesn't conform to the requirements for an KMS external key store.
-
The VPC endpoint service must be an endpoint service for interface endpoints in the caller's Amazon Web Services account.
-
It must have a network load balancer (NLB) connected to at least two subnets, each in a different Availability Zone.
-
The Allow principals list must include the KMS service principal for the Region, cks.kms.<region>.amazonaws.com, such as cks.kms.us-east-1.amazonaws.com.
-
It must not require acceptance of connection requests.
-
It must have a private DNS name. The private DNS name for an external key store with VPC_ENDPOINT_SERVICE connectivity must be unique in its Amazon Web Services Region.
-
The domain of the private DNS name must have a verification status of verified.
-
The TLS certificate specifies the private DNS hostname at which the endpoint is reachable.
-
XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND — KMS can't find the VPC endpoint service that it uses to communicate with the external key store proxy. Verify that the XksProxyVpcEndpointServiceName is correct and the KMS service principal has service consumer permissions on the Amazon VPC endpoint service.
"
}
},
"ConnectionStateType": {
"base": null,
"refs": {
- "CustomKeyStoresListEntry$ConnectionState": "Indicates whether the custom key store is connected to its CloudHSM cluster.
You can create and use KMS keys in your custom key stores only when its connection state is CONNECTED.
The value is DISCONNECTED if the key store has never been connected or you use the DisconnectCustomKeyStore operation to disconnect it. If the value is CONNECTED but you are having trouble using the custom key store, make sure that its associated CloudHSM cluster is active and contains at least one active HSM.
A value of FAILED indicates that an attempt to connect was unsuccessful. The ConnectionErrorCode field in the response indicates the cause of the failure. For help resolving a connection failure, see Troubleshooting a Custom Key Store in the Key Management Service Developer Guide.
"
+ "CustomKeyStoresListEntry$ConnectionState": "Indicates whether the custom key store is connected to its backing key store. For an CloudHSM key store, the ConnectionState indicates whether it is connected to its CloudHSM cluster. For an external key store, the ConnectionState indicates whether it is connected to the external key store proxy that communicates with your external key manager.
You can create and use KMS keys in your custom key stores only when its ConnectionState is CONNECTED.
The ConnectionState value is DISCONNECTED only if the key store has never been connected or you use the DisconnectCustomKeyStore operation to disconnect it. If the value is CONNECTED but you are having trouble using the custom key store, make sure that the backing key store is reachable and active. For an CloudHSM key store, verify that its associated CloudHSM cluster is active and contains at least one active HSM. For an external key store, verify that the external key store proxy and external key manager are connected and enabled.
A value of FAILED indicates that an attempt to connect was unsuccessful. The ConnectionErrorCode field in the response indicates the cause of the failure. For help resolving a connection failure, see Troubleshooting a custom key store in the Key Management Service Developer Guide.
"
}
},
"CreateAliasRequest": {
@@ -250,18 +250,18 @@
"refs": {
"ConnectCustomKeyStoreRequest$CustomKeyStoreId": "Enter the key store ID of the custom key store that you want to connect. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
",
"CreateCustomKeyStoreResponse$CustomKeyStoreId": "A unique identifier for the new custom key store.
",
- "CreateKeyRequest$CustomKeyStoreId": "Creates the KMS key in the specified custom key store and the key material in its associated CloudHSM cluster. To create a KMS key in a custom key store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in the Region.
This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other type of KMS key in a custom key store.
To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
The response includes the custom key store ID and the ID of the CloudHSM cluster.
This operation is part of the custom key store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
",
+ "CreateKeyRequest$CustomKeyStoreId": "Creates the KMS key in the specified custom key store. The ConnectionState of the custom key store must be CONNECTED. To find the CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation.
This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other type of KMS key in a custom key store.
When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable 256-bit symmetric key in its associated CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you must use the XksKeyId parameter to specify an external key that serves as key material for the KMS key.
",
"CustomKeyStoresListEntry$CustomKeyStoreId": "A unique identifier for the custom key store.
",
"DeleteCustomKeyStoreRequest$CustomKeyStoreId": "Enter the ID of the custom key store you want to delete. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
",
- "DescribeCustomKeyStoresRequest$CustomKeyStoreId": "Gets only information about the specified custom key store. Enter the key store ID.
By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, but not both.
",
+ "DescribeCustomKeyStoresRequest$CustomKeyStoreId": "Gets only information about the specified custom key store. Enter the key store ID.
By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but not both.
",
"DisconnectCustomKeyStoreRequest$CustomKeyStoreId": "Enter the ID of the custom key store you want to disconnect. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
",
- "GenerateRandomRequest$CustomKeyStoreId": "Generates the random byte string in the CloudHSM cluster that is associated with the specified custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
",
- "KeyMetadata$CustomKeyStoreId": "A unique identifier for the custom key store that contains the KMS key. This value is present only when the KMS key is created in a custom key store.
",
+ "GenerateRandomRequest$CustomKeyStoreId": "Generates the random byte string in the CloudHSM cluster that is associated with the specified CloudHSM key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
External key store IDs are not valid for this parameter. If you specify the ID of an external key store, GenerateRandom throws an UnsupportedOperationException.
",
+ "KeyMetadata$CustomKeyStoreId": "A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.
",
"UpdateCustomKeyStoreRequest$CustomKeyStoreId": "Identifies the custom key store that you want to update. Enter the ID of the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
"
}
},
"CustomKeyStoreInvalidStateException": {
- "base": "The request was rejected because of the ConnectionState of the custom key store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores operation.
This exception is thrown under the following conditions:
-
You requested the CreateKey or GenerateRandom operation in a custom key store that is not connected. These operations are valid only when the custom key store ConnectionState is CONNECTED.
-
You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key store that is not disconnected. This operation is valid only when the custom key store ConnectionState is DISCONNECTED.
-
You requested the ConnectCustomKeyStore operation on a custom key store with a ConnectionState of DISCONNECTING or FAILED. This operation is valid for all other ConnectionState values.
",
+ "base": "The request was rejected because of the ConnectionState of the custom key store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores operation.
This exception is thrown under the following conditions:
-
You requested the ConnectCustomKeyStore operation on a custom key store with a ConnectionState of DISCONNECTING or FAILED. This operation is valid for all other ConnectionState values. To reconnect a custom key store in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect it (ConnectCustomKeyStore).
-
You requested the CreateKey operation in a custom key store that is not connected. This operations is valid only when the custom key store ConnectionState is CONNECTED.
-
You requested the DisconnectCustomKeyStore operation on a custom key store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation is valid for all other ConnectionState values.
-
You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key store that is not disconnected. This operation is valid only when the custom key store ConnectionState is DISCONNECTED.
-
You requested the GenerateRandom operation in an CloudHSM key store that is not connected. This operation is valid only when the CloudHSM key store ConnectionState is CONNECTED.
",
"refs": {
}
},
@@ -273,10 +273,10 @@
"CustomKeyStoreNameType": {
"base": null,
"refs": {
- "CreateCustomKeyStoreRequest$CustomKeyStoreName": "Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account.
",
+ "CreateCustomKeyStoreRequest$CustomKeyStoreName": "Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account and Region. This parameter is required for all custom key stores.
",
"CustomKeyStoresListEntry$CustomKeyStoreName": "The user-specified friendly name for the custom key store.
",
- "DescribeCustomKeyStoresRequest$CustomKeyStoreName": "Gets only information about the specified custom key store. Enter the friendly name of the custom key store.
By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, but not both.
",
- "UpdateCustomKeyStoreRequest$NewCustomKeyStoreName": "Changes the friendly name of the custom key store to the value that you specify. The custom key store name must be unique in the Amazon Web Services account.
"
+ "DescribeCustomKeyStoresRequest$CustomKeyStoreName": "Gets only information about the specified custom key store. Enter the friendly name of the custom key store.
By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but not both.
",
+ "UpdateCustomKeyStoreRequest$NewCustomKeyStoreName": "Changes the friendly name of the custom key store to the value that you specify. The custom key store name must be unique in the Amazon Web Services account.
To change this value, an CloudHSM key store must be disconnected. An external key store can be connected or disconnected.
"
}
},
"CustomKeyStoreNotFoundException": {
@@ -284,6 +284,13 @@
"refs": {
}
},
+ "CustomKeyStoreType": {
+ "base": null,
+ "refs": {
+ "CreateCustomKeyStoreRequest$CustomKeyStoreType": "Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon Web Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key store is created.
",
+ "CustomKeyStoresListEntry$CustomKeyStoreType": "Indicates the type of the custom key store. AWS_CLOUDHSM indicates a custom key store backed by an CloudHSM cluster. EXTERNAL_KEY_STORE indicates a custom key store backed by an external key store proxy and external key manager outside of Amazon Web Services.
"
+ }
+ },
"CustomKeyStoresList": {
"base": null,
"refs": {
@@ -299,17 +306,17 @@
"CustomerMasterKeySpec": {
"base": null,
"refs": {
- "CreateKeyRequest$CustomerMasterKeySpec": "Instead, use the KeySpec parameter.
The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking changes, KMS will support both parameters.
",
- "GetPublicKeyResponse$CustomerMasterKeySpec": "Instead, use the KeySpec field in the GetPublicKey response.
The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS will support both fields.
",
- "KeyMetadata$CustomerMasterKeySpec": "Instead, use the KeySpec field.
The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS will support both fields.
"
+ "CreateKeyRequest$CustomerMasterKeySpec": "Instead, use the KeySpec parameter.
The KeySpec and CustomerMasterKeySpec parameters work the same way. Only the names differ. We recommend that you use KeySpec parameter in your code. However, to avoid breaking changes, KMS supports both parameters.
",
+ "GetPublicKeyResponse$CustomerMasterKeySpec": "Instead, use the KeySpec field in the GetPublicKey response.
The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.
",
+ "KeyMetadata$CustomerMasterKeySpec": "Instead, use the KeySpec field.
The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.
"
}
},
"DataKeyPairSpec": {
"base": null,
"refs": {
- "GenerateDataKeyPairRequest$KeyPairSpec": "Determines the type of data key pair that is generated.
The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions. RSA and ECC asymmetric key pairs are also available in China Regions.
",
+ "GenerateDataKeyPairRequest$KeyPairSpec": "Determines the type of data key pair that is generated.
The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.
",
"GenerateDataKeyPairResponse$KeyPairSpec": "The type of data key pair that was generated.
",
- "GenerateDataKeyPairWithoutPlaintextRequest$KeyPairSpec": "Determines the type of data key pair that is generated.
The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions. RSA and ECC asymmetric key pairs are also available in China Regions.
",
+ "GenerateDataKeyPairWithoutPlaintextRequest$KeyPairSpec": "Determines the type of data key pair that is generated.
The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.
",
"GenerateDataKeyPairWithoutPlaintextResponse$KeyPairSpec": "The type of data key pair that was generated.
"
}
},
@@ -328,7 +335,7 @@
"CustomKeyStoresListEntry$CreationDate": "The date and time when the custom key store was created.
",
"GetParametersForImportResponse$ParametersValidTo": "The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an ImportKeyMaterial request and you must send another GetParametersForImport request to get new ones.
",
"GrantListEntry$CreationDate": "The date and time when the grant was created.
",
- "ImportKeyMaterialRequest$ValidTo": "The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. You must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. Otherwise it is required.
",
+ "ImportKeyMaterialRequest$ValidTo": "The date and time when the imported key material expires. This parameter is required when the value of the ExpirationModel parameter is KEY_MATERIAL_EXPIRES. Otherwise it is not valid.
The value of this parameter must be a future date and time. The maximum value is 365 days from the request date.
When the key material expires, KMS deletes the key material from the KMS key. Without its key material, the KMS key is unusable. To use the KMS key in cryptographic operations, you must reimport the same key material.
You cannot change the ExpirationModel or ValidTo values for the current import after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) and reimport the key material.
",
"KeyMetadata$CreationDate": "The date and time when the KMS key was created.
",
"KeyMetadata$DeletionDate": "The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState is PendingDeletion.
When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is PendingReplicaDeletion and the length of its waiting period is displayed in the PendingDeletionWindowInDays field.
",
"KeyMetadata$ValidTo": "The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.
",
@@ -366,7 +373,7 @@
}
},
"DependencyTimeoutException": {
- "base": "The system timed out while trying to fulfill the request. The request can be retried.
",
+ "base": "The system timed out while trying to fulfill the request. You can retry the request.
",
"refs": {
}
},
@@ -449,7 +456,7 @@
"refs": {
"DecryptRequest$EncryptionAlgorithm": "Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify the same algorithm that was used to encrypt the data. If you specify a different algorithm, the Decrypt operation fails.
This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, represents the only supported algorithm that is valid for symmetric encryption KMS keys.
",
"DecryptResponse$EncryptionAlgorithm": "The encryption algorithm that was used to decrypt the ciphertext.
",
- "EncryptRequest$EncryptionAlgorithm": "Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.
This parameter is required only for asymmetric KMS keys. The default value, SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.
",
+ "EncryptRequest$EncryptionAlgorithm": "Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.
This parameter is required only for asymmetric KMS keys. The default value, SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.
The SM2PKE algorithm is only available in China Regions.
",
"EncryptResponse$EncryptionAlgorithm": "The encryption algorithm that was used to encrypt the plaintext.
",
"EncryptionAlgorithmSpecList$member": null,
"ReEncryptRequest$SourceEncryptionAlgorithm": "Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric encryption KMS keys.
Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.
This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.
",
@@ -528,13 +535,25 @@
"MalformedPolicyDocumentException$message": null,
"NotFoundException$message": null,
"TagException$message": null,
- "UnsupportedOperationException$message": null
+ "UnsupportedOperationException$message": null,
+ "XksKeyAlreadyInUseException$message": null,
+ "XksKeyInvalidConfigurationException$message": null,
+ "XksKeyNotFoundException$message": null,
+ "XksProxyIncorrectAuthenticationCredentialException$message": null,
+ "XksProxyInvalidConfigurationException$message": null,
+ "XksProxyInvalidResponseException$message": null,
+ "XksProxyUriEndpointInUseException$message": null,
+ "XksProxyUriInUseException$message": null,
+ "XksProxyUriUnreachableException$message": null,
+ "XksProxyVpcEndpointServiceInUseException$message": null,
+ "XksProxyVpcEndpointServiceInvalidConfigurationException$message": null,
+ "XksProxyVpcEndpointServiceNotFoundException$message": null
}
},
"ExpirationModelType": {
"base": null,
"refs": {
- "ImportKeyMaterialRequest$ExpirationModel": "Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES, in which case you must include the ValidTo parameter. When this parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter.
",
+ "ImportKeyMaterialRequest$ExpirationModel": "Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES.
When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter.
You cannot change the ExpirationModel or ValidTo values for the current import after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) and reimport the key material.
",
"KeyMetadata$ExpirationModel": "Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.
"
}
},
@@ -644,7 +663,7 @@
}
},
"GrantConstraints": {
- "base": "Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.
KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric encryption KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with HMAC KMS keys or asymmetric KMS keys, and management operations, such as DescribeKey or RetireGrant.
In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.
However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.
To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the Key Management Service Developer Guide .
",
+ "base": "Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.
KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric KMS keys and management operations, such as DescribeKey or RetireGrant.
In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.
However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.
To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the Key Management Service Developer Guide .
",
"refs": {
"CreateGrantRequest$Constraints": "Specifies a grant constraint.
KMS supports the EncryptionContextEquals and EncryptionContextSubset grant constraints. Each constraint value can include up to 8 encryption context pairs. The encryption context value in each constraint cannot exceed 384 characters. For information about grant constraints, see Using grant constraints in the Key Management Service Developer Guide. For more information about encryption context, see Encryption context in the Key Management Service Developer Guide .
The encryption context grant constraints allow the permissions in the grant only when the encryption context in the request matches (EncryptionContextEquals) or includes (EncryptionContextSubset) the encryption context specified in this structure.
The encryption context grant constraints are supported only on grant operations that include an EncryptionContext parameter, such as cryptographic operations on symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a grant constraint includes the CreateGrant operation, the constraint requires that any grants created with the CreateGrant permission have an equally strict or stricter encryption context constraint.
You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS keys or HMAC KMS keys. These keys don't support an encryption context.
",
"GrantListEntry$Constraints": "A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.
"
@@ -740,7 +759,7 @@
}
},
"IncorrectTrustAnchorException": {
- "base": "The request was rejected because the trust anchor certificate in the request is not the trust anchor certificate for the specified CloudHSM cluster.
When you initialize the cluster, you create the trust anchor certificate and save it in the customerCA.crt file.
",
+ "base": "The request was rejected because the trust anchor certificate in the request to create an CloudHSM key store is not the trust anchor certificate for the specified CloudHSM cluster.
When you initialize the CloudHSM cluster, you create the trust anchor certificate and save it in the customerCA.crt file.
",
"refs": {
}
},
@@ -800,7 +819,7 @@
}
},
"KMSInvalidStateException": {
- "base": "The request was rejected because the state of the specified resource is not valid for this request.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide .
",
+ "base": "The request was rejected because the state of the specified resource is not valid for this request.
This exceptions means one of the following:
-
The key state of the KMS key is not compatible with the operation.
To find the key state, use the DescribeKey operation. For more information about which key states are compatible with each KMS operation, see Key states of KMS keys in the Key Management Service Developer Guide .
-
For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.
",
"refs": {
}
},
@@ -819,7 +838,7 @@
"DisableKeyRequest$KeyId": "Identifies the KMS key to disable.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
"DisableKeyRotationRequest$KeyId": "Identifies a symmetric encryption KMS key. You cannot enable or disable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
"EnableKeyRequest$KeyId": "Identifies the KMS key to enable.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
- "EnableKeyRotationRequest$KeyId": "Identifies a symmetric encryption KMS key. You cannot enable or disable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. The key rotation status of these KMS keys is always false. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
+ "EnableKeyRotationRequest$KeyId": "Identifies a symmetric encryption KMS key. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
"EncryptRequest$KeyId": "Identifies the KMS key to use in the encryption operation. The KMS key must have a KeyUsage of ENCRYPT_DECRYPT. To find the KeyUsage of a KMS key, use the DescribeKey operation.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
-
Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-
Alias name: alias/ExampleAlias
-
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.
",
"EncryptResponse$KeyId": "The Amazon Resource Name (key ARN) of the KMS key that was used to encrypt the plaintext.
",
"GenerateDataKeyPairRequest$KeyId": "Specifies the symmetric encryption KMS key that encrypts the private key in the data key pair. You cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
-
Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-
Alias name: alias/ExampleAlias
-
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.
",
@@ -860,7 +879,7 @@
"SignResponse$KeyId": "The Amazon Resource Name (key ARN) of the asymmetric KMS key that was used to sign the message.
",
"TagResourceRequest$KeyId": "Identifies a customer managed key in the account and Region.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
"UntagResourceRequest$KeyId": "Identifies the KMS key from which you are removing tags.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
- "UpdateAliasRequest$TargetKeyId": "Identifies the customer managed key to associate with the alias. You don't have permission to associate an alias with an Amazon Web Services managed key.
The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new target KMS key must be the same type as the current target KMS key (both symmetric or both asymmetric) and they must have the same key usage.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
To verify that the alias is mapped to the correct KMS key, use ListAliases.
",
+ "UpdateAliasRequest$TargetKeyId": "Identifies the customer managed key to associate with the alias. You don't have permission to associate an alias with an Amazon Web Services managed key.
The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new target KMS key must be the same type as the current target KMS key (both symmetric or both asymmetric or both HMAC) and they must have the same key usage.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
To verify that the alias is mapped to the correct KMS key, use ListAliases.
",
"UpdateKeyDescriptionRequest$KeyId": "Updates the description of the specified KMS key.
Specify the key ID or key ARN of the KMS key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
"UpdatePrimaryRegionRequest$KeyId": "Identifies the current primary key. When the operation completes, this KMS key will be a replica key.
Specify the key ID or key ARN of a multi-Region primary key.
For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
",
"VerifyMacRequest$KeyId": "The KMS key that will be used in the verification.
Enter a key ID of the KMS key that was used to generate the HMAC. If you identify a different KMS key, the VerifyMac operation fails.
",
@@ -888,7 +907,7 @@
}
},
"KeyMetadata": {
- "base": "Contains metadata about a KMS key.
This data type is used as a response element for the CreateKey and DescribeKey operations.
",
+ "base": "Contains metadata about a KMS key.
This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.
",
"refs": {
"CreateKeyResponse$KeyMetadata": "Metadata associated with the KMS key.
",
"DescribeKeyResponse$KeyMetadata": "Metadata associated with the key.
",
@@ -898,7 +917,7 @@
"KeySpec": {
"base": null,
"refs": {
- "CreateKeyRequest$KeySpec": "Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key type in the Key Management Service Developer Guide .
The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines the cryptographic algorithms that the KMS key supports. You can't change the KeySpec after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
Amazon Web Services services that are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support asymmetric KMS keys or HMAC KMS keys.
KMS supports the following key specs for KMS keys:
-
Symmetric encryption key (default)
-
HMAC keys (symmetric)
-
HMAC_224
-
HMAC_256
-
HMAC_384
-
HMAC_512
-
Asymmetric RSA key pairs
-
RSA_2048
-
RSA_3072
-
RSA_4096
-
Asymmetric NIST-recommended elliptic curve key pairs
-
ECC_NIST_P256 (secp256r1)
-
ECC_NIST_P384 (secp384r1)
-
ECC_NIST_P521 (secp521r1)
-
Other asymmetric elliptic curve key pairs
-
SM2 key pairs (China Regions only)
",
+ "CreateKeyRequest$KeySpec": "Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key type in the Key Management Service Developer Guide .
The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines the algorithms that the KMS key supports. You can't change the KeySpec after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .
Amazon Web Services services that are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support asymmetric KMS keys or HMAC KMS keys.
KMS supports the following key specs for KMS keys:
-
Symmetric encryption key (default)
-
HMAC keys (symmetric)
-
HMAC_224
-
HMAC_256
-
HMAC_384
-
HMAC_512
-
Asymmetric RSA key pairs
-
RSA_2048
-
RSA_3072
-
RSA_4096
-
Asymmetric NIST-recommended elliptic curve key pairs
-
ECC_NIST_P256 (secp256r1)
-
ECC_NIST_P384 (secp384r1)
-
ECC_NIST_P521 (secp521r1)
-
Other asymmetric elliptic curve key pairs
-
SM2 key pairs (China Regions only)
",
"GetPublicKeyResponse$KeySpec": "The type of the of the public key that was downloaded.
",
"KeyMetadata$KeySpec": "Describes the type of key material in the KMS key.
"
}
@@ -913,8 +932,8 @@
"KeyStorePasswordType": {
"base": null,
"refs": {
- "CreateCustomKeyStoreRequest$KeyStorePassword": "Enter the password of the kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.
The password must be a string of 7 to 32 characters. Its value is case sensitive.
This parameter tells KMS the kmsuser account password; it does not change the password in the CloudHSM cluster.
",
- "UpdateCustomKeyStoreRequest$KeyStorePassword": "Enter the current password of the kmsuser crypto user (CU) in the CloudHSM cluster that is associated with the custom key store.
This parameter tells KMS the current password of the kmsuser crypto user (CU). It does not set or change the password of any users in the CloudHSM cluster.
"
+ "CreateCustomKeyStoreRequest$KeyStorePassword": "Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
Enter the password of the kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.
The password must be a string of 7 to 32 characters. Its value is case sensitive.
This parameter tells KMS the kmsuser account password; it does not change the password in the CloudHSM cluster.
",
+ "UpdateCustomKeyStoreRequest$KeyStorePassword": "Enter the current password of the kmsuser crypto user (CU) in the CloudHSM cluster that is associated with the custom key store. This parameter is valid only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
This parameter tells KMS the current password of the kmsuser crypto user (CU). It does not set or change the password of any users in the CloudHSM cluster.
To change this value, the CloudHSM key store must be disconnected.
"
}
},
"KeyUnavailableException": {
@@ -1081,7 +1100,7 @@
"NullableBooleanType": {
"base": null,
"refs": {
- "CreateKeyRequest$MultiRegion": "Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You cannot change this value after you create the KMS key.
For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this parameter or set it to False. The default value is False.
This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
This value creates a primary key, not a replica. To create a replica key, use the ReplicateKey operation.
You can create a multi-Region version of a symmetric encryption KMS key, an HMAC KMS key, an asymmetric KMS key, or a KMS key with imported key material. However, you cannot create a multi-Region key in a custom key store.
",
+ "CreateKeyRequest$MultiRegion": "Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You cannot change this value after you create the KMS key.
For a multi-Region key, set this parameter to True. For a single-Region KMS key, omit this parameter or set it to False. The default value is False.
This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
This value creates a primary key, not a replica. To create a replica key, use the ReplicateKey operation.
You can create a symmetric or asymmetric multi-Region key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store.
",
"KeyMetadata$MultiRegion": "Indicates whether the KMS key is a multi-Region (True) or regional (False) key. This value is True for multi-Region primary and replica keys and False for regional KMS keys.
For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
"
}
},
@@ -1096,7 +1115,7 @@
"OriginType": {
"base": null,
"refs": {
- "CreateKeyRequest$Origin": "The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is AWS_KMS, which means that KMS creates the key material.
To create a KMS key with no key material (for imported key material), set the value to EXTERNAL. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide. This value is valid only for symmetric encryption KMS keys.
To create a KMS key in an KMS custom key store and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to identify the custom key store. This value is valid only for symmetric encryption KMS keys.
",
+ "CreateKeyRequest$Origin": "The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is AWS_KMS, which means that KMS creates the key material.
To create a KMS key with no key material (for imported key material), set this value to EXTERNAL. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide. The EXTERNAL origin value is valid only for symmetric KMS keys.
To create a KMS key in an CloudHSM key store and create its key material in the associated CloudHSM cluster, set this value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to identify the CloudHSM key store. The KeySpec value must be SYMMETRIC_DEFAULT.
To create a KMS key in an external key store, set this value to EXTERNAL_KEY_STORE. You must also use the CustomKeyStoreId parameter to identify the external key store and the XksKeyId parameter to identify the associated external key. The KeySpec value must be SYMMETRIC_DEFAULT.
",
"KeyMetadata$Origin": "The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.
"
}
},
@@ -1140,9 +1159,9 @@
"PolicyType": {
"base": null,
"refs": {
- "CreateKeyRequest$Policy": "The key policy to attach to the KMS key. If you do not specify a key policy, KMS attaches a default key policy to the KMS key. For more information, see Default key policy in the Key Management Service Developer Guide.
If you provide a key policy, it must meet the following criteria:
-
If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy must allow the principal that is making the CreateKey request to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
-
Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.
A key policy document can include only the following characters:
-
Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.
-
Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).
-
The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters
For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .
",
+ "CreateKeyRequest$Policy": "The key policy to attach to the KMS key.
If you provide a key policy, it must meet the following criteria:
-
If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal that is making the CreateKey request to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
-
Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.
If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see Default Key Policy in the Key Management Service Developer Guide.
The key policy size quota is 32 kilobytes (32768 bytes).
For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .
",
"GetKeyPolicyResponse$Policy": "A key policy document in JSON format.
",
- "PutKeyPolicyRequest$Policy": "The key policy to attach to the KMS key.
The key policy must meet the following criteria:
-
If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal that is making the PutKeyPolicy request to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide.
-
Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.
A key policy document can include only the following characters:
-
Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.
-
Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).
-
The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters
For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .
",
+ "PutKeyPolicyRequest$Policy": "The key policy to attach to the KMS key.
The key policy must meet the following criteria:
-
If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal that is making the PutKeyPolicy request to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide.
-
Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.
A key policy document can include only the following characters:
-
Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.
-
Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).
-
The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters
For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .
",
"ReplicateKeyRequest$Policy": "The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS attaches the default key policy to the KMS key.
The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different key policy for each key in a set of related multi-Region keys. KMS does not synchronize this property.
If you provide a key policy, it must meet the following criteria:
-
If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must give the caller kms:PutKeyPolicy permission on the replica key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
-
Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management User Guide .
A key policy document can include only the following characters:
-
Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.
-
Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).
-
The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters
For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .
",
"ReplicateKeyResponse$ReplicaPolicy": "The key policy of the new replica key. The value is a key policy document in JSON format.
"
}
@@ -1274,9 +1293,9 @@
"TagList": {
"base": null,
"refs": {
- "CreateKeyRequest$Tags": "Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
To use this parameter, you must have kms:TagResource permission in an IAM policy.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.
When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
",
- "ListResourceTagsResponse$Tags": "A list of tags. Each tag consists of a tag key and a tag value.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
",
- "ReplicateKeyRequest$Tags": "Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management Service Developer Guide.
To use this parameter, you must have kms:TagResource permission in an IAM policy.
Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key in a set of related multi-Region keys. KMS does not synchronize this property.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.
When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
",
+ "CreateKeyRequest$Tags": "Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
To use this parameter, you must have kms:TagResource permission in an IAM policy.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.
When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
",
+ "ListResourceTagsResponse$Tags": "A list of tags. Each tag consists of a tag key and a tag value.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
",
+ "ReplicateKeyRequest$Tags": "Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
To use this parameter, you must have kms:TagResource permission in an IAM policy.
Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key in a set of related multi-Region keys. KMS does not synchronize this property.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.
When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
",
"ReplicateKeyResponse$ReplicaTags": "The tags on the new replica key. The value is a list of tag key and tag value pairs.
",
"TagResourceRequest$Tags": "One or more tags.
Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string.
You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.
"
}
@@ -1295,8 +1314,8 @@
"TrustAnchorCertificateType": {
"base": null,
"refs": {
- "CreateCustomKeyStoreRequest$TrustAnchorCertificate": "Enter the content of the trust anchor certificate for the cluster. This is the content of the customerCA.crt file that you created when you initialized the cluster.
",
- "CustomKeyStoresListEntry$TrustAnchorCertificate": "The trust anchor certificate of the associated CloudHSM cluster. When you initialize the cluster, you create this certificate and save it in the customerCA.crt file.
"
+ "CreateCustomKeyStoreRequest$TrustAnchorCertificate": "* CreateCustom
Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the customerCA.crt file that you created when you initialized the cluster.
",
+ "CustomKeyStoresListEntry$TrustAnchorCertificate": "The trust anchor certificate of the CloudHSM cluster associated with an CloudHSM key store. When you initialize the cluster, you create this certificate and save it in the customerCA.crt file.
This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM.
"
}
},
"UnsupportedOperationException": {
@@ -1359,6 +1378,137 @@
"refs": {
"GetParametersForImportRequest$WrappingKeySpec": "The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.
"
}
+ },
+ "XksKeyAlreadyInUseException": {
+ "base": "The request was rejected because the (XksKeyId) is already associated with a KMS key in this external key store. Each KMS key in an external key store must be associated with a different external key.
",
+ "refs": {
+ }
+ },
+ "XksKeyConfigurationType": {
+ "base": "Information about the external key that is associated with a KMS key in an external key store.
These fields appear in a CreateKey or DescribeKey response only for a KMS key in an external key store.
The external key is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web Services. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is performed in the external key manager using the specified external key. For more information, see External key in the Key Management Service Developer Guide.
",
+ "refs": {
+ "KeyMetadata$XksKeyConfiguration": "Information about the external key that is associated with a KMS key in an external key store.
For more information, see External key in the Key Management Service Developer Guide.
"
+ }
+ },
+ "XksKeyIdType": {
+ "base": null,
+ "refs": {
+ "CreateKeyRequest$XksKeyId": "Identifies the external key that serves as key material for the KMS key in an external key store. Specify the ID that the external key store proxy uses to refer to the external key. For help, see the documentation for your external key store proxy.
This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE. It is not valid for KMS keys with any other Origin value.
The external key must be an existing 256-bit AES symmetric encryption key hosted outside of Amazon Web Services in an external key manager associated with the external key store specified by the CustomKeyStoreId parameter. This key must be enabled and configured to perform encryption and decryption. Each KMS key in an external key store must use a different external key. For details, see Requirements for a KMS key in an external key store in the Key Management Service Developer Guide.
Each KMS key in an external key store is associated two backing keys. One is key material that KMS generates. The other is the external key specified by this parameter. When you use the KMS key in an external key store to encrypt data, the encryption operation is performed first by KMS using the KMS key material, and then by the external key manager using the specified external key, a process known as double encryption. For details, see Double encryption in the Key Management Service Developer Guide.
",
+ "XksKeyConfigurationType$Id": "The ID of the external key in its external key manager. This is the ID that the external key store proxy uses to identify the external key.
"
+ }
+ },
+ "XksKeyInvalidConfigurationException": {
+ "base": "The request was rejected because the external key specified by the XksKeyId parameter did not meet the configuration requirements for an external key store.
The external key must be an AES-256 symmetric key that is enabled and performs encryption and decryption.
",
+ "refs": {
+ }
+ },
+ "XksKeyNotFoundException": {
+ "base": "The request was rejected because the external key store proxy could not find the external key. This exception is thrown when the value of the XksKeyId parameter doesn't identify a key in the external key manager associated with the external key proxy.
Verify that the XksKeyId represents an existing key in the external key manager. Use the key identifier that the external key store proxy uses to identify the key. For details, see the documentation provided with your external key store proxy or key manager.
",
+ "refs": {
+ }
+ },
+ "XksProxyAuthenticationAccessKeyIdType": {
+ "base": null,
+ "refs": {
+ "XksProxyAuthenticationCredentialType$AccessKeyId": "A unique identifier for the raw secret access key.
",
+ "XksProxyConfigurationType$AccessKeyId": "The part of the external key store proxy authentication credential that uniquely identifies the secret access key.
"
+ }
+ },
+ "XksProxyAuthenticationCredentialType": {
+ "base": "KMS uses the authentication credential to sign requests that it sends to the external key store proxy (XKS proxy) on your behalf. You establish these credentials on your external key store proxy and report them to KMS.
The XksProxyAuthenticationCredential includes two required elements.
",
+ "refs": {
+ "CreateCustomKeyStoreRequest$XksProxyAuthenticationCredential": "Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType.
KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the credential that you established on your external key store proxy. If you rotate your proxy authentication credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS.
",
+ "UpdateCustomKeyStoreRequest$XksProxyAuthenticationCredential": "Changes the credentials that KMS uses to sign requests to the external key store proxy (XKS proxy). This parameter is valid only for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
You must specify both the AccessKeyId and SecretAccessKey value in the authentication credential, even if you are only updating one value.
This parameter doesn't establish or change your authentication credentials on the proxy. It just tells KMS the credential that you established with your external key store proxy. For example, if you rotate the credential on your external key store proxy, you can use this parameter to update the credential in KMS.
You can change this value when the external key store is connected or disconnected.
"
+ }
+ },
+ "XksProxyAuthenticationRawSecretAccessKeyType": {
+ "base": null,
+ "refs": {
+ "XksProxyAuthenticationCredentialType$RawSecretAccessKey": "A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9, /, +, and =.
"
+ }
+ },
+ "XksProxyConfigurationType": {
+ "base": "Detailed information about the external key store proxy (XKS proxy). Your external key store proxy translates KMS requests into a format that your external key manager can understand. These fields appear in a DescribeCustomKeyStores response only when the CustomKeyStoreType is EXTERNAL_KEY_STORE.
",
+ "refs": {
+ "CustomKeyStoresListEntry$XksProxyConfiguration": "Configuration settings for the external key store proxy (XKS proxy). The external key store proxy translates KMS requests into a format that your external key manager can understand. The proxy configuration includes connection information that KMS requires.
This field appears only when the CustomKeyStoreType is EXTERNAL_KEY_STORE.
"
+ }
+ },
+ "XksProxyConnectivityType": {
+ "base": null,
+ "refs": {
+ "CreateCustomKeyStoreRequest$XksProxyConnectivity": "Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data center.
",
+ "UpdateCustomKeyStoreRequest$XksProxyConnectivity": "Changes the connectivity setting for the external key store. To indicate that the external key store proxy uses a Amazon VPC endpoint service to communicate with KMS, specify VPC_ENDPOINT_SERVICE. Otherwise, specify PUBLIC_ENDPOINT.
If you change the XksProxyConnectivity to VPC_ENDPOINT_SERVICE, you must also change the XksProxyUriEndpoint and add an XksProxyVpcEndpointServiceName value.
If you change the XksProxyConnectivity to PUBLIC_ENDPOINT, you must also change the XksProxyUriEndpoint and specify a null or empty string for the XksProxyVpcEndpointServiceName value.
To change this value, the external key store must be disconnected.
",
+ "XksProxyConfigurationType$Connectivity": "Indicates whether the external key store proxy uses a public endpoint or an Amazon VPC endpoint service to communicate with KMS.
"
+ }
+ },
+ "XksProxyIncorrectAuthenticationCredentialException": {
+ "base": "The request was rejected because the proxy credentials failed to authenticate to the specified external key store proxy. The specified external key store proxy rejected a status request from KMS due to invalid credentials. This can indicate an error in the credentials or in the identification of the external key store proxy.
",
+ "refs": {
+ }
+ },
+ "XksProxyInvalidConfigurationException": {
+ "base": "The request was rejected because the Amazon VPC endpoint service configuration does not fulfill the requirements for an external key store proxy. For details, see the exception message.
",
+ "refs": {
+ }
+ },
+ "XksProxyInvalidResponseException": {
+ "base": " KMS cannot interpret the response it received from the external key store proxy. The problem might be a poorly constructed response, but it could also be a transient network issue. If you see this error repeatedly, report it to the proxy vendor.
",
+ "refs": {
+ }
+ },
+ "XksProxyUriEndpointInUseException": {
+ "base": "The request was rejected because the concatenation of the XksProxyUriEndpoint is already associated with an external key store in the Amazon Web Services account and Region. Each external key store in an account and Region must use a unique external key store proxy address.
",
+ "refs": {
+ }
+ },
+ "XksProxyUriEndpointType": {
+ "base": null,
+ "refs": {
+ "CreateCustomKeyStoreRequest$XksProxyUriEndpoint": "Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the XksProxyUriEndpoint value.
For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, specify https:// followed by the private DNS name of the VPC endpoint service.
For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable before you create the custom key store. KMS connects to the external key store proxy while creating the custom key store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call the ConnectCustomKeyStore operation.
The value of this parameter must begin with https://. The remainder can contain upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). Additional slashes (/ and \\) are not permitted.
Uniqueness requirements:
-
The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the Amazon Web Services account and Region.
-
An external key store with PUBLIC_ENDPOINT connectivity cannot use the same XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web Services Region.
-
Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS name. The XksProxyUriEndpoint value for external key stores with VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
",
+ "UpdateCustomKeyStoreRequest$XksProxyUriEndpoint": "Changes the URI endpoint that KMS uses to connect to your external key store proxy (XKS proxy). This parameter is valid only for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
For external key stores with an XksProxyConnectivity value of PUBLIC_ENDPOINT, the protocol must be HTTPS.
For external key stores with an XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, specify https:// followed by the private DNS name associated with the VPC endpoint service. Each external key store must use a different private DNS name.
The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the Amazon Web Services account and Region.
To change this value, the external key store must be disconnected.
",
+ "XksProxyConfigurationType$UriEndpoint": "The URI endpoint for the external key store proxy.
If the external key store proxy has a public endpoint, it is displayed here.
If the external key store proxy uses an Amazon VPC endpoint service name, this field displays the private DNS name associated with the VPC endpoint service.
"
+ }
+ },
+ "XksProxyUriInUseException": {
+ "base": "The request was rejected because the concatenation of the XksProxyUriEndpoint and XksProxyUriPath is already associated with an external key store in the Amazon Web Services account and Region. Each external key store in an account and Region must use a unique external key store proxy API address.
",
+ "refs": {
+ }
+ },
+ "XksProxyUriPathType": {
+ "base": null,
+ "refs": {
+ "CreateCustomKeyStoreRequest$XksProxyUriPath": "Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation for your external key store proxy. This parameter is required for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
The value must start with / and must end with /kms/xks/v1 where v1 represents the version of the KMS external key store proxy API. This path can include an optional prefix between the required elements such as /prefix/kms/xks/v1.
Uniqueness requirements:
",
+ "UpdateCustomKeyStoreRequest$XksProxyUriPath": "Changes the base path to the proxy APIs for this external key store. To find this value, see the documentation for your external key manager and external key store proxy (XKS proxy). This parameter is valid only for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
The value must start with / and must end with /kms/xks/v1, where v1 represents the version of the KMS external key store proxy API. You can include an optional prefix between the required elements such as /example/kms/xks/v1.
The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the Amazon Web Services account and Region.
You can change this value when the external key store is connected or disconnected.
",
+ "XksProxyConfigurationType$UriPath": "The path to the external key store proxy APIs.
"
+ }
+ },
+ "XksProxyUriUnreachableException": {
+ "base": "KMS was unable to reach the specified XksProxyUriPath. The path must be reachable before you create the external key store or update its settings.
This exception is also thrown when the external key store proxy response to a GetHealthStatus request indicates that all external key manager instances are unavailable.
",
+ "refs": {
+ }
+ },
+ "XksProxyVpcEndpointServiceInUseException": {
+ "base": "The request was rejected because the specified Amazon VPC endpoint service is already associated with an external key store in the Amazon Web Services account and Region. Each external key store in an Amazon Web Services account and Region must use a different Amazon VPC endpoint service.
",
+ "refs": {
+ }
+ },
+ "XksProxyVpcEndpointServiceInvalidConfigurationException": {
+ "base": "The request was rejected because the Amazon VPC endpoint service configuration does not fulfill the requirements for an external key store proxy. For details, see the exception message and review the requirements for Amazon VPC endpoint service connectivity for an external key store.
",
+ "refs": {
+ }
+ },
+ "XksProxyVpcEndpointServiceNameType": {
+ "base": null,
+ "refs": {
+ "CreateCustomKeyStoreRequest$XksProxyVpcEndpointServiceName": "Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with your external key store proxy (XKS proxy). This parameter is required when the value of CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.
Uniqueness requirements:
",
+ "UpdateCustomKeyStoreRequest$XksProxyVpcEndpointServiceName": "Changes the name that KMS uses to identify the Amazon VPC endpoint service for your external key store proxy (XKS proxy). This parameter is valid when the CustomKeyStoreType is EXTERNAL_KEY_STORE and the XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
To change this value, the external key store must be disconnected.
",
+ "XksProxyConfigurationType$VpcEndpointServiceName": "The Amazon VPC endpoint service used to communicate with the external key store proxy. This field appears only when the external key store proxy uses an Amazon VPC endpoint service to communicate with KMS.
"
+ }
+ },
+ "XksProxyVpcEndpointServiceNotFoundException": {
+ "base": "The request was rejected because KMS could not find the specified VPC endpoint service. Use DescribeCustomKeyStores to verify the VPC endpoint service name for the external key store. Also, confirm that the Allow principals list for the VPC endpoint service includes the KMS service principal for the Region, such as cks.kms.us-east-1.amazonaws.com.
",
+ "refs": {
+ }
}
}
}
diff --git a/models/apis/kms/2014-11-01/endpoint-rule-set-1.json b/models/apis/kms/2014-11-01/endpoint-rule-set-1.json
new file mode 100644
index 0000000000..4586854bd9
--- /dev/null
+++ b/models/apis/kms/2014-11-01/endpoint-rule-set-1.json
@@ -0,0 +1,315 @@
+{
+ "version": "1.0",
+ "parameters": {
+ "Region": {
+ "builtIn": "AWS::Region",
+ "required": true,
+ "documentation": "The AWS region used to dispatch the request.",
+ "type": "String"
+ },
+ "UseDualStack": {
+ "builtIn": "AWS::UseDualStack",
+ "required": true,
+ "default": false,
+ "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
+ "type": "Boolean"
+ },
+ "UseFIPS": {
+ "builtIn": "AWS::UseFIPS",
+ "required": true,
+ "default": false,
+ "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
+ "type": "Boolean"
+ },
+ "Endpoint": {
+ "builtIn": "SDK::Endpoint",
+ "required": false,
+ "documentation": "Override the endpoint used to send this request",
+ "type": "String"
+ }
+ },
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ },
+ {
+ "fn": "parseURL",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ],
+ "assign": "url"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://kms-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://kms-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://kms.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://kms.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/models/apis/kms/2014-11-01/endpoint-tests-1.json b/models/apis/kms/2014-11-01/endpoint-tests-1.json
new file mode 100644
index 0000000000..26c6afdc81
--- /dev/null
+++ b/models/apis/kms/2014-11-01/endpoint-tests-1.json
@@ -0,0 +1,1799 @@
+{
+ "testCases": [
+ {
+ "documentation": "For region ap-south-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-south-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-south-2"
+ }
+ },
+ {
+ "documentation": "For region ap-south-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-south-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-south-2"
+ }
+ },
+ {
+ "documentation": "For region ap-south-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-south-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-south-2"
+ }
+ },
+ {
+ "documentation": "For region ap-south-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-south-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-south-2"
+ }
+ },
+ {
+ "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-south-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-south-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-south-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region eu-south-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-south-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-south-2"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.me-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.me-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.me-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region me-central-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.me-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "me-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ca-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ca-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ca-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ca-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ca-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-central-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-central-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-central-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-iso-west-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-iso-west-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-west-1"
+ }
+ },
+ {
+ "documentation": "For region eu-central-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-central-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-central-2"
+ }
+ },
+ {
+ "documentation": "For region eu-central-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-central-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-central-2"
+ }
+ },
+ {
+ "documentation": "For region eu-central-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-central-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-central-2"
+ }
+ },
+ {
+ "documentation": "For region eu-central-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-central-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-central-2"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-west-2"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.af-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.af-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.af-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.af-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "af-south-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-north-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-north-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-north-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-north-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-north-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-west-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-west-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-west-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-west-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-west-3"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-west-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-west-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-west-2"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.eu-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.eu-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "eu-west-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-northeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-northeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-northeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-northeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-northeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-northeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-northeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-northeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-northeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-northeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-northeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-northeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-northeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-northeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-northeast-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.me-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.me-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.me-south-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.me-south-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "me-south-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.sa-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.sa-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.sa-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.sa-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "sa-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-east-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-gov-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-gov-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-gov-west-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-gov-west-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-west-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-southeast-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-southeast-2"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-3.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-3.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-southeast-3"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-4.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "ap-southeast-4"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.ap-southeast-4.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "ap-southeast-4"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-4.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "ap-southeast-4"
+ }
+ },
+ {
+ "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.ap-southeast-4.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "ap-southeast-4"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-east-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-east-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-east-2.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-east-2.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-2"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.cn-northwest-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.cn-northwest-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.cn-northwest-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.cn-northwest-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-northwest-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://kms.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips enabled and dualstack disabled",
+ "expect": {
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack enabled",
+ "expect": {
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ }
+ ],
+ "version": "1.0"
+}
\ No newline at end of file
diff --git a/models/apis/kms/2014-11-01/examples-1.json b/models/apis/kms/2014-11-01/examples-1.json
index c770d0edb1..3b25498945 100644
--- a/models/apis/kms/2014-11-01/examples-1.json
+++ b/models/apis/kms/2014-11-01/examples-1.json
@@ -36,9 +36,9 @@
"output": {
}
},
- "description": "This example connects an AWS KMS custom key store to its AWS CloudHSM cluster. This operation does not return any data. To verify that the custom key store is connected, use the DescribeCustomKeyStores operation.",
- "id": "to-connect-a-custom-key-store-to-its-cloudhsm-cluster-1628626947750",
- "title": "To connect a custom key store to its CloudHSM cluster"
+ "description": "This example connects an AWS KMS custom key store to its backing key store. For an AWS CloudHSM key store, it connects the key store to its AWS CloudHSM cluster. For an external key store, it connects the key store to the external key store proxy that communicates with your external key manager. This operation does not return any data. To verify that the custom key store is connected, use the DescribeCustomKeyStores operation.",
+ "id": "to-connect-a-custom-key-store-1628626947750",
+ "title": "To connect a custom key store"
}
],
"CreateAlias": [
@@ -81,8 +81,68 @@
}
},
"description": "This example creates a custom key store that is associated with an AWS CloudHSM cluster.",
- "id": "to-create-an-aws-cloudhsm-custom-key-store-1628627769469",
- "title": "To create an AWS CloudHSM custom key store"
+ "id": "to-create-an-aws-cloudhsm-custom-key-store-1",
+ "title": "To create an AWS CloudHSM key store"
+ },
+ {
+ "input": {
+ "CustomKeyStoreName": "ExampleVPCEndpointKeyStore",
+ "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ "XksProxyAuthenticationCredential": "AccessKeyId=ABCDE12345670EXAMPLE,RawSecretAccessKey=file://SecretAccessKey",
+ "XksProxyConnectivity": "VPC_ENDPOINT_SERVICE",
+ "XksProxyUriEndpoint": "https://myproxy-private.xks.example.com",
+ "XksProxyUriPath": "/example-prefix/kms/xks/v1",
+ "XksProxyVpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1"
+ },
+ "output": {
+ "CustomKeyStoreId": "cks-1234567890abcdef0"
+ },
+ "comments": {
+ "input": {
+ "CustomKeyStoreName": "A friendly name for the custom key store",
+ "CustomKeyStoreType": "For external key stores, the value must be EXTERNAL_KEY_STORE",
+ "XksProxyAuthenticationCredential": "The access key ID and secret access key that KMS uses to authenticate to your external key store proxy",
+ "XksProxyConnectivity": "Indicates how AWS KMS communicates with the external key store proxy",
+ "XksProxyUriEndpoint": "The URI that AWS KMS uses to connect to the external key store proxy",
+ "XksProxyUriPath": "The URI path to the external key store proxy APIs",
+ "XksProxyVpcEndpointServiceName": "The VPC endpoint service that KMS uses to communicate with the external key store proxy"
+ },
+ "output": {
+ "CustomKeyStoreId": "The ID of the new custom key store."
+ }
+ },
+ "description": "This example creates an external key store that uses an Amazon VPC endpoint service to communicate with AWS KMS.",
+ "id": "to-create-an-external-custom-key-store-with-vpc-connectivity-2",
+ "title": "To create an external key store with VPC endpoint service connectivity"
+ },
+ {
+ "input": {
+ "CustomKeyStoreName": "ExamplePublicEndpointKeyStore",
+ "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ "XksProxyAuthenticationCredential": "AccessKeyId=ABCDE12345670EXAMPLE,RawSecretAccessKey=file://SecretAccessKey",
+ "XksProxyConnectivity": "PUBLIC_ENDPOINT",
+ "XksProxyUriEndpoint": "https://myproxy.xks.example.com",
+ "XksProxyUriPath": "/kms/xks/v1"
+ },
+ "output": {
+ "CustomKeyStoreId": "cks-987654321abcdef0"
+ },
+ "comments": {
+ "input": {
+ "CustomKeyStoreName": "A friendly name for the custom key store",
+ "CustomKeyStoreType": "For external key stores, the value must be EXTERNAL_KEY_STORE",
+ "XksProxyAuthenticationCredential": "The access key ID and secret access key that KMS uses to authenticate to your external key store proxy",
+ "XksProxyConnectivity": "Indicates how AWS KMS communicates with the external key store proxy",
+ "XksProxyUriEndpoint": "The URI that AWS KMS uses to connect to the external key store proxy",
+ "XksProxyUriPath": "The URI path to your external key store proxy API"
+ },
+ "output": {
+ "CustomKeyStoreId": "The ID of the new custom key store."
+ }
+ },
+ "description": "This example creates an external key store with public endpoint connectivity.",
+ "id": "to-create-an-external-custom-key-store-with-a-public-endpoint-3",
+ "title": "To create an external key store with public endpoint connectivity"
}
],
"CreateGrant": [
@@ -148,7 +208,7 @@
}
},
"description": "The following example creates a symmetric KMS key for encryption and decryption. No parameters are required for this operation.",
- "id": "to-create-a-cmk-1478028992966",
+ "id": "to-create-a-cmk-1",
"title": "To create a KMS key"
},
{
@@ -187,7 +247,7 @@
}
},
"description": "This example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and key usage can't be changed after the key is created.",
- "id": "to-create-an-asymmetric-rsa-kms-key-for-encryption-and-decryption-1630533897833",
+ "id": "to-create-an-asymmetric-rsa-kms-key-for-encryption-and-decryption-2",
"title": "To create an asymmetric RSA KMS key for encryption and decryption"
},
{
@@ -225,9 +285,47 @@
}
},
"description": "This example creates a KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The key usage is required even though \"SIGN_VERIFY\" is the only valid value for ECC KMS keys. The key spec and key usage can't be changed after the key is created.",
- "id": "to-create-an-asymmetric-elliptic-curve-kms-key-for-signing-and-verification-1630541089401",
+ "id": "to-create-an-asymmetric-elliptic-curve-kms-key-for-signing-and-verification-3",
"title": "To create an asymmetric elliptic curve KMS key for signing and verification"
},
+ {
+ "input": {
+ "KeySpec": "HMAC_384",
+ "KeyUsage": "GENERATE_VERIFY_MAC"
+ },
+ "output": {
+ "KeyMetadata": {
+ "AWSAccountId": "111122223333",
+ "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ "CreationDate": "2022-04-05T14:04:55-07:00",
+ "CustomerMasterKeySpec": "HMAC_384",
+ "Description": "",
+ "Enabled": true,
+ "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ "KeyManager": "CUSTOMER",
+ "KeySpec": "HMAC_384",
+ "KeyState": "Enabled",
+ "KeyUsage": "GENERATE_VERIFY_MAC",
+ "MacAlgorithms": [
+ "HMAC_SHA_384"
+ ],
+ "MultiRegion": false,
+ "Origin": "AWS_KMS"
+ }
+ },
+ "comments": {
+ "input": {
+ "KeySpec": "Describes the type of key material in the KMS key.",
+ "KeyUsage": "The cryptographic operations for which you can use the KMS key."
+ },
+ "output": {
+ "KeyMetadata": "Detailed information about the KMS key that this operation creates."
+ }
+ },
+ "description": "This example creates a 384-bit symmetric HMAC KMS key. The GENERATE_VERIFY_MAC key usage value is required even though it's the only valid value for HMAC KMS keys. The key spec and key usage can't be changed after the key is created.",
+ "id": "to-create-an-hmac-kms-key-1630628752841",
+ "title": "To create an HMAC KMS key"
+ },
{
"input": {
"MultiRegion": true
@@ -271,7 +369,7 @@
}
},
"description": "This example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters create a symmetric encryption key, only the MultiRegion parameter is required for this KMS key.",
- "id": "to-create-a-multi-region-primary-kms-key-1630599158567",
+ "id": "to-create-a-multi-region-primary-kms-key-4",
"title": "To create a multi-Region primary KMS key"
},
{
@@ -306,8 +404,8 @@
"KeyMetadata": "Detailed information about the KMS key that this operation creates."
}
},
- "description": "This example creates a KMS key with no key material. When the operation is complete, you can import your own key material into the KMS key. To create this KMS key, set the Origin parameter to EXTERNAL. ",
- "id": "to-create-a-kms-key-for-imported-key-material-1630603607560",
+ "description": "This example creates a KMS key with no key material. When the operation is complete, you can import your own key material into the KMS key. To create this KMS key, set the Origin parameter to EXTERNAL.",
+ "id": "to-create-a-kms-key-for-imported-key-material-5",
"title": "To create a KMS key for imported key material"
},
{
@@ -346,47 +444,53 @@
"KeyMetadata": "Detailed information about the KMS key that this operation creates."
}
},
- "description": "This example creates a KMS key in the specified custom key store. The operation creates the KMS key and its metadata in AWS KMS and the key material in the AWS CloudHSM cluster associated with the custom key store. This example requires the Origin and CustomKeyStoreId parameters.",
- "id": "to-create-a-kms-key-in-a-custom-key-store-1630604382908",
- "title": "To create a KMS key in a custom key store"
+ "description": "This example creates a KMS key in the specified AWS CloudHSM key store. The operation creates the KMS key and its metadata in AWS KMS and creates the key material in the AWS CloudHSM cluster associated with the custom key store. This example requires the CustomKeyStoreId and Origin parameters.",
+ "id": "to-create-a-kms-key-in-an-aws-cloudhsm-custom-key-store-6",
+ "title": "To create a KMS key in an AWS CloudHSM key store"
},
{
"input": {
- "KeySpec": "HMAC_384",
- "KeyUsage": "GENERATE_VERIFY_MAC"
+ "CustomKeyStoreId": "cks-9876543210fedcba9",
+ "Origin": "EXTERNAL_KEY_STORE",
+ "XksKeyId": "bb8562717f809024"
},
"output": {
"KeyMetadata": {
"AWSAccountId": "111122223333",
- "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
- "CreationDate": "2022-04-05T14:04:55-07:00",
- "CustomerMasterKeySpec": "HMAC_384",
+ "Arn": "arn:aws:kms:us-east-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
+ "CreationDate": "2022-02-02T07:48:55-07:00",
+ "CustomKeyStoreId": "cks-9876543210fedcba9",
+ "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
"Description": "",
"Enabled": true,
- "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ "EncryptionAlgorithms": [
+ "SYMMETRIC_DEFAULT"
+ ],
+ "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321",
"KeyManager": "CUSTOMER",
- "KeySpec": "HMAC_384",
+ "KeySpec": "SYMMETRIC_DEFAULT",
"KeyState": "Enabled",
- "KeyUsage": "GENERATE_VERIFY_MAC",
- "MacAlgorithms": [
- "HMAC_SHA_384"
- ],
+ "KeyUsage": "ENCRYPT_DECRYPT",
"MultiRegion": false,
- "Origin": "AWS_KMS"
+ "Origin": "EXTERNAL_KEY_STORE",
+ "XksKeyConfiguration": {
+ "Id": "bb8562717f809024"
+ }
}
},
"comments": {
"input": {
- "KeySpec": "Describes the type of key material in the KMS key.",
- "KeyUsage": "The cryptographic operations for which you can use the KMS key."
+ "CustomKeyStoreId": "Identifies the custom key store that hosts the KMS key.",
+ "Origin": "Indicates the source of the key material for the KMS key.",
+ "XksKeyId": "Identifies the encryption key in your external key manager that is associated with the KMS key"
},
"output": {
"KeyMetadata": "Detailed information about the KMS key that this operation creates."
}
},
- "description": "This example creates a 384-bit symmetric HMAC KMS key. The GENERATE_VERIFY_MAC key usage value is required even though it's the only valid value for HMAC KMS keys. The key spec and key usage can't be changed after the key is created. ",
- "id": "to-create-an-hmac-kms-key-1630628752841",
- "title": "To create an HMAC KMS key"
+ "description": "This example creates a KMS key in the specified external key store. It uses the XksKeyId parameter to associate the KMS key with an existing symmetric encryption key in your external key manager. This CustomKeyStoreId, Origin, and XksKeyId parameters are required in this operation.",
+ "id": "to-create-a-kms-key-in-an-external-custom-key-store-7",
+ "title": "To create a KMS key in an external key store"
}
],
"Decrypt": [
@@ -443,7 +547,7 @@
"output": {
}
},
- "description": "This example deletes a custom key store from AWS KMS. This operation does not delete the AWS CloudHSM cluster that was associated with the CloudHSM cluster. This operation doesn't return any data. To verify that the operation was successful, use the DescribeCustomKeyStores operation. ",
+ "description": "This example deletes a custom key store from AWS KMS. This operation does not affect the backing key store, such as a CloudHSM cluster, external key store proxy, or your external key manager. This operation doesn't return any data. To verify that the operation was successful, use the DescribeCustomKeyStores operation.",
"id": "to-delete-a-custom-key-store-from-aws-kms-1628630837145",
"title": "To delete a custom key store from AWS KMS"
}
@@ -480,7 +584,7 @@
}
},
"description": "This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key stores, do not enter a custom key store name or ID.",
- "id": "to-get-detailed-information-about-custom-key-stores-in-the-account-and-region-1628628556811",
+ "id": "to-get-detailed-information-about-custom-key-stores-in-the-account-and-region-1",
"title": "To get detailed information about custom key stores in the account and Region"
},
{
@@ -495,6 +599,7 @@
"CreationDate": "1.499288695918E9",
"CustomKeyStoreId": "cks-1234567890abcdef0",
"CustomKeyStoreName": "ExampleKeyStore",
+ "CustomKeyStoreType": "AWS_CLOUDHSM",
"TrustAnchorCertificate": ""
}
]
@@ -507,9 +612,76 @@
"CustomKeyStores": "Detailed information about the specified custom key store."
}
},
- "description": "This example gets detailed information about a particular AWS KMS custom key store that is associate with an AWS CloudHSM cluster. To limit the output to a particular custom key store, provide the custom key store name or ID. ",
- "id": "to-get-detailed-information-about-a-custom-key-store-associated-with-a-cloudhsm-cluster-1628628885843",
- "title": "To get detailed information about a custom key store associated with a CloudHSM cluster."
+ "description": "This example gets detailed information about a particular AWS CloudHSM key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID.",
+ "id": "to-get-detailed-information-about-a-cloudhsm-custom-key-store-by-name-2",
+ "title": "To get detailed information about an AWS CloudHSM key store by specifying its friendly name"
+ },
+ {
+ "input": {
+ "CustomKeyStoreId": "cks-9876543210fedcba9"
+ },
+ "output": {
+ "CustomKeyStores": [
+ {
+ "ConnectionState": "CONNECTED",
+ "CreationDate": "1.599288695918E9",
+ "CustomKeyStoreId": "cks-9876543210fedcba9",
+ "CustomKeyStoreName": "ExampleExternalKeyStore",
+ "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ "XksProxyConfiguration": {
+ "AccessKeyId": "ABCDE12345670EXAMPLE",
+ "Connectivity": "PUBLIC_ENDPOINT",
+ "UriEndpoint": "https://myproxy.xks.example.com",
+ "UriPath": "/kms/xks/v1"
+ }
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ "CustomKeyStoreId": "The ID of the custom key store."
+ },
+ "output": {
+ "CustomKeyStores": "Detailed information about the specified custom key store."
+ }
+ },
+ "description": "This example gets detailed information about an external key store by specifying its ID. The example external key store proxy uses public endpoint connectivity.",
+ "id": "to-get-detailed-information-about-an-external-key-store--3",
+ "title": "To get detailed information about an external key store by specifying its ID"
+ },
+ {
+ "input": {
+ "CustomKeyStoreName": "VPCExternalKeystore"
+ },
+ "output": {
+ "CustomKeyStores": [
+ {
+ "ConnectionState": "CONNECTED",
+ "CreationDate": "1.643057863.842",
+ "CustomKeyStoreId": "cks-876543210fedcba98",
+ "CustomKeyStoreName": "ExampleVPCExternalKeyStore",
+ "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ "XksProxyConfiguration": {
+ "AccessKeyId": "ABCDE12345670EXAMPLE",
+ "Connectivity": "VPC_ENDPOINT_SERVICE",
+ "UriEndpoint": "https://myproxy-private.xks.example.com",
+ "UriPath": "/example-prefix/kms/xks/v1",
+ "VpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1"
+ }
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ "CustomKeyStoreId": "The ID of the custom key store."
+ },
+ "output": {
+ "CustomKeyStores": "Detailed information about the specified custom key store."
+ }
+ },
+ "description": "This example gets detailed information about a particular external key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID. The proxy URI path for this external key store includes an optional prefix. Also, because this example external key store uses VPC endpoint connectivity, the response includes the associated VPC endpoint service name.",
+ "id": "to-get-detailed-information-about-an-external-custom-key-store-by-name-4",
+ "title": "To get detailed information about an external key store VPC endpoint connectivity by specifying its friendly name"
}
],
"DescribeKey": [
@@ -546,7 +718,7 @@
}
},
"description": "The following example gets metadata for a symmetric encryption KMS key.",
- "id": "get-key-details-1478565820907",
+ "id": "get-key-details-1",
"title": "To get details about a KMS key"
},
{
@@ -587,7 +759,7 @@
}
},
"description": "The following example gets metadata for an asymmetric RSA KMS key used for signing and verification.",
- "id": "to-get-details-about-an-rsa-asymmetric-kms-key-1637971611761",
+ "id": "to-get-details-about-an-rsa-asymmetric-kms-key-2",
"title": "To get details about an RSA asymmetric KMS key"
},
{
@@ -643,7 +815,7 @@
}
},
"description": "The following example gets metadata for a multi-Region replica key. This multi-Region key is a symmetric encryption key. DescribeKey returns information about the primary key and all of its replicas.",
- "id": "to-get-details-about-a-multi-region-key-1637969624239",
+ "id": "to-get-details-about-a-multi-region-key-3",
"title": "To get details about a multi-Region key"
},
{
@@ -677,9 +849,87 @@
"KeyMetadata": "An object that contains information about the specified KMS key."
}
},
- "description": "The following example gets the metadata of an HMAC KMS key. ",
- "id": "to-get-details-about-an-hmac-kms-key-1637970472619",
+ "description": "The following example gets the metadata of an HMAC KMS key.",
+ "id": "to-get-details-about-an-hmac-kms-key-4",
"title": "To get details about an HMAC KMS key"
+ },
+ {
+ "input": {
+ "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ },
+ "output": {
+ "KeyMetadata": {
+ "AWSAccountId": "123456789012",
+ "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ "CloudHsmClusterId": "cluster-1a23b4cdefg",
+ "CreationDate": 1646160362.664,
+ "CustomKeyStoreId": "cks-1234567890abcdef0",
+ "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ "Description": "CloudHSM key store test key",
+ "Enabled": true,
+ "EncryptionAlgorithms": [
+ "SYMMETRIC_DEFAULT"
+ ],
+ "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ "KeyManager": "CUSTOMER",
+ "KeySpec": "SYMMETRIC_DEFAULT",
+ "KeyState": "Enabled",
+ "KeyUsage": "ENCRYPT_DECRYPT",
+ "MultiRegion": false,
+ "Origin": "AWS_CLOUDHSM"
+ }
+ },
+ "comments": {
+ "input": {
+ "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key."
+ },
+ "output": {
+ "KeyMetadata": "An object that contains information about the specified KMS key."
+ }
+ },
+ "description": "The following example gets the metadata of a KMS key in an AWS CloudHSM key store.",
+ "id": "to-get-details-about-a-kms-key-in-an-AWS-CloudHSM-key-store-5",
+ "title": "To get details about a KMS key in an AWS CloudHSM key store"
+ },
+ {
+ "input": {
+ "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ },
+ "output": {
+ "KeyMetadata": {
+ "AWSAccountId": "123456789012",
+ "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ "CreationDate": 1646160362.664,
+ "CustomKeyStoreId": "cks-1234567890abcdef0",
+ "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ "Description": "External key store test key",
+ "Enabled": true,
+ "EncryptionAlgorithms": [
+ "SYMMETRIC_DEFAULT"
+ ],
+ "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ "KeyManager": "CUSTOMER",
+ "KeySpec": "SYMMETRIC_DEFAULT",
+ "KeyState": "Enabled",
+ "KeyUsage": "ENCRYPT_DECRYPT",
+ "MultiRegion": false,
+ "Origin": "EXTERNAL_KEY_STORE",
+ "XksKeyConfiguration": {
+ "Id": "bb8562717f809024"
+ }
+ }
+ },
+ "comments": {
+ "input": {
+ "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key."
+ },
+ "output": {
+ "KeyMetadata": "An object that contains information about the specified KMS key."
+ }
+ },
+ "description": "The following example gets the metadata of a KMS key in an external key store.",
+ "id": "to-get-details-about-a-kms-key-in-an-external-key-store-6",
+ "title": "To get details about a KMS key in an external key store"
}
],
"DisableKey": [
@@ -726,7 +976,7 @@
"output": {
}
},
- "description": "This example disconnects an AWS KMS custom key store from its AWS CloudHSM cluster. This operation doesn't return any data. To verify that the custom key store is disconnected, use the DescribeCustomKeyStores operation.",
+ "description": "This example disconnects an AWS KMS custom key store from its backing key store. For an AWS CloudHSM key store, it disconnects the key store from its AWS CloudHSM cluster. For an external key store, it disconnects the key store from the external key store proxy that communicates with your external key manager. This operation doesn't return any data. To verify that the custom key store is disconnected, use the DescribeCustomKeyStores operation.",
"id": "to-disconnect-a-custom-key-store-from-its-cloudhsm-cluster-1628627955156",
"title": "To disconnect a custom key store from its CloudHSM cluster"
}
@@ -1452,7 +1702,7 @@
"ReplicaTags": "The tags on the replica key, if any."
}
},
- "description": "This example creates a multi-Region replica key in us-west-2 of a multi-Region primary key in us-east-1. ",
+ "description": "This example creates a multi-Region replica key in us-west-2 of a multi-Region primary key in us-east-1.",
"id": "to-replicate-a-multi-region-key-in-a-different-aws-region-1628622402887",
"title": "To replicate a multi-Region key in a different AWS Region"
}
@@ -1622,9 +1872,9 @@
"output": {
}
},
- "description": "This example tells KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with the AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return any data.",
- "id": "to-edit-the-properties-of-a-custom-key-store-1628629851834",
- "title": "To edit the password of a custom key store"
+ "description": "This example tells AWS KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with the AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return any data.",
+ "id": "to-edit-the-properties-of-a-custom-key-store-1",
+ "title": "To edit the password of an AWS CloudHSM key store"
},
{
"input": {
@@ -1642,7 +1892,7 @@
}
},
"description": "This example changes the friendly name of the AWS KMS custom key store to the name that you specify. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.",
- "id": "to-edit-the-friendly-name-of-a-custom-key-store-1630451340904",
+ "id": "to-edit-the-friendly-name-of-a-custom-key-store-2",
"title": "To edit the friendly name of a custom key store"
},
{
@@ -1660,9 +1910,51 @@
"output": {
}
},
- "description": "This example changes the cluster that is associated with a custom key store to a related cluster, such as a different backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.",
- "id": "to-associate-the-custom-key-store-with-a-different-but-related-aws-cloudhsm-cluster-1630451842438",
+ "description": "This example changes the AWS CloudHSM cluster that is associated with an AWS CloudHSM key store to a related cluster, such as a different backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.",
+ "id": "to-associate-the-custom-key-store-with-a-different-but-related-aws-cloudhsm-cluster-3",
"title": "To associate the custom key store with a different, but related, AWS CloudHSM cluster."
+ },
+ {
+ "input": {
+ "CustomKeyStoreId": "cks-1234567890abcdef0",
+ "XksProxyUriPath": "/new-path/kms/xks/v1"
+ },
+ "output": {
+ },
+ "comments": {
+ "input": {
+ "CustomKeyStoreId": "The ID of the custom key store that you are updating",
+ "XksProxyUriPath": "The URI path to the external key store proxy APIs"
+ },
+ "output": {
+ }
+ },
+ "description": "This example updates the proxy URI path for an external key store",
+ "id": "to-update-the-xks-proxy-api-path-of-an-external-custom-key-store-4",
+ "title": "To edit the proxy URI path of an external key store."
+ },
+ {
+ "input": {
+ "CustomKeyStoreId": "cks-1234567890abcdef0",
+ "XksProxyConnectivity": "VPC_ENDPOINT_SERVICE",
+ "XksProxyUriEndpoint": "https://myproxy-private.xks.example.com",
+ "XksProxyVpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example"
+ },
+ "output": {
+ },
+ "comments": {
+ "input": {
+ "CustomKeyStoreId": "Identifies the custom key store",
+ "XksProxyConnectivity": "Specifies the connectivity option",
+ "XksProxyUriEndpoint": "Specifies the URI endpoint that AWS KMS uses when communicating with the external key store proxy",
+ "XksProxyVpcEndpointServiceName": "Specifies the name of the VPC endpoint service that the proxy uses for communication"
+ },
+ "output": {
+ }
+ },
+ "description": "To change the external key store proxy connectivity option from public endpoint connectivity to VPC endpoint service connectivity, in addition to changing the XksProxyConnectivity value, you must change the XksProxyUriEndpoint value to reflect the private DNS name associated with the VPC endpoint service. You must also add an XksProxyVpcEndpointServiceName value.",
+ "id": "to-update-the-proxy-connectivity-of-an-external-key-store-to-vpc_endpoint_service-5",
+ "title": "To update the proxy connectivity of an external key store to VPC_ENDPOINT_SERVICE"
}
],
"UpdateKeyDescription": [
@@ -1682,6 +1974,23 @@
"title": "To update the description of a KMS key"
}
],
+ "UpdatePrimaryRegion": [
+ {
+ "input": {
+ "KeyId": "arn:aws:kms:us-west-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
+ "PrimaryRegion": "eu-central-1"
+ },
+ "comments": {
+ "input": {
+ "KeyId": "The current primary key.",
+ "PrimaryRegion": "The Region of the replica key that will become the primary key."
+ }
+ },
+ "description": "The following UpdatePrimaryRegion example changes the multi-Region replica key in the eu-central-1 Region to the primary key. The current primary key in the us-west-1 Region becomes a replica key. \n\nThe KeyId parameter identifies the current primary key in the us-west-1 Region. The PrimaryRegion parameter indicates the Region of the replica key that will become the new primary key.\n\nThis operation does not return any output. To verify that primary key is changed, use the DescribeKey operation.",
+ "id": "to-update-the-primary-region-of-a-multi-region-kms-key-1660249555577",
+ "title": "To update the primary Region of a multi-Region KMS key"
+ }
+ ],
"Verify": [
{
"input": {
@@ -1710,7 +2019,7 @@
"SigningAlgorithm": "The signing algorithm that was used to verify the signature."
}
},
- "description": "This operation uses the public key in an elliptic curve (ECC) asymmetric key to verify a digital signature within AWS KMS. ",
+ "description": "This operation uses the public key in an elliptic curve (ECC) asymmetric key to verify a digital signature within AWS KMS.",
"id": "to-use-an-asymmetric-kms-key-to-verify-a-digital-signature-1628633365663",
"title": "To use an asymmetric KMS key to verify a digital signature"
}
diff --git a/models/apis/kms/2014-11-01/paginators-1.json b/models/apis/kms/2014-11-01/paginators-1.json
index b9e564e4b4..9274cdbb0c 100644
--- a/models/apis/kms/2014-11-01/paginators-1.json
+++ b/models/apis/kms/2014-11-01/paginators-1.json
@@ -3,49 +3,42 @@
"DescribeCustomKeyStores": {
"input_token": "Marker",
"limit_key": "Limit",
- "more_results": "Truncated",
"output_token": "NextMarker",
"result_key": "CustomKeyStores"
},
"ListAliases": {
"input_token": "Marker",
"limit_key": "Limit",
- "more_results": "Truncated",
"output_token": "NextMarker",
"result_key": "Aliases"
},
"ListGrants": {
"input_token": "Marker",
"limit_key": "Limit",
- "more_results": "Truncated",
"output_token": "NextMarker",
"result_key": "Grants"
},
"ListKeyPolicies": {
"input_token": "Marker",
"limit_key": "Limit",
- "more_results": "Truncated",
"output_token": "NextMarker",
"result_key": "PolicyNames"
},
"ListKeys": {
"input_token": "Marker",
"limit_key": "Limit",
- "more_results": "Truncated",
"output_token": "NextMarker",
"result_key": "Keys"
},
"ListResourceTags": {
"input_token": "Marker",
"limit_key": "Limit",
- "more_results": "Truncated",
"output_token": "NextMarker",
"result_key": "Tags"
},
"ListRetirableGrants": {
"input_token": "Marker",
"limit_key": "Limit",
- "more_results": "Truncated",
"output_token": "NextMarker",
"result_key": "Grants"
}
diff --git a/models/apis/omics/2022-11-28/api-2.json b/models/apis/omics/2022-11-28/api-2.json
new file mode 100644
index 0000000000..264f686220
--- /dev/null
+++ b/models/apis/omics/2022-11-28/api-2.json
@@ -0,0 +1,7992 @@
+{
+ "metadata": {
+ "apiVersion": "2022-11-28",
+ "endpointPrefix": "omics",
+ "jsonVersion": "1.1",
+ "protocol": "rest-json",
+ "serviceFullName": "Amazon Omics",
+ "serviceId": "Omics",
+ "signatureVersion": "v4",
+ "signingName": "omics",
+ "uid": "omics-2022-11-28"
+ },
+ "operations": {
+ "BatchDeleteReadSet": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/readset/batch/delete",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "BatchDeleteReadSetRequest"
+ },
+ "name": "BatchDeleteReadSet",
+ "output": {
+ "shape": "BatchDeleteReadSetResponse"
+ }
+ },
+ "CancelAnnotationImportJob": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/import/annotation/{jobId}",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "CancelAnnotationImportRequest"
+ },
+ "name": "CancelAnnotationImportJob",
+ "output": {
+ "shape": "CancelAnnotationImportResponse"
+ }
+ },
+ "CancelRun": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/run/{id}/cancel",
+ "responseCode": 202
+ },
+ "input": {
+ "shape": "CancelRunRequest"
+ },
+ "name": "CancelRun"
+ },
+ "CancelVariantImportJob": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/import/variant/{jobId}",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "CancelVariantImportRequest"
+ },
+ "name": "CancelVariantImportJob",
+ "output": {
+ "shape": "CancelVariantImportResponse"
+ }
+ },
+ "CreateAnnotationStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/annotationStore",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "CreateAnnotationStoreRequest"
+ },
+ "name": "CreateAnnotationStore",
+ "output": {
+ "shape": "CreateAnnotationStoreResponse"
+ }
+ },
+ "CreateReferenceStore": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/referencestore",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "CreateReferenceStoreRequest"
+ },
+ "name": "CreateReferenceStore",
+ "output": {
+ "shape": "CreateReferenceStoreResponse"
+ }
+ },
+ "CreateRunGroup": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/runGroup",
+ "responseCode": 201
+ },
+ "input": {
+ "shape": "CreateRunGroupRequest"
+ },
+ "name": "CreateRunGroup",
+ "output": {
+ "shape": "CreateRunGroupResponse"
+ }
+ },
+ "CreateSequenceStore": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "CreateSequenceStoreRequest"
+ },
+ "name": "CreateSequenceStore",
+ "output": {
+ "shape": "CreateSequenceStoreResponse"
+ }
+ },
+ "CreateVariantStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/variantStore",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "CreateVariantStoreRequest"
+ },
+ "name": "CreateVariantStore",
+ "output": {
+ "shape": "CreateVariantStoreResponse"
+ }
+ },
+ "CreateWorkflow": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/workflow",
+ "responseCode": 201
+ },
+ "input": {
+ "shape": "CreateWorkflowRequest"
+ },
+ "name": "CreateWorkflow",
+ "output": {
+ "shape": "CreateWorkflowResponse"
+ }
+ },
+ "DeleteAnnotationStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/annotationStore/{name}",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteAnnotationStoreRequest"
+ },
+ "name": "DeleteAnnotationStore",
+ "output": {
+ "shape": "DeleteAnnotationStoreResponse"
+ }
+ },
+ "DeleteReference": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/referencestore/{referenceStoreId}/reference/{id}",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteReferenceRequest"
+ },
+ "name": "DeleteReference",
+ "output": {
+ "shape": "DeleteReferenceResponse"
+ }
+ },
+ "DeleteReferenceStore": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/referencestore/{id}",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteReferenceStoreRequest"
+ },
+ "name": "DeleteReferenceStore",
+ "output": {
+ "shape": "DeleteReferenceStoreResponse"
+ }
+ },
+ "DeleteRun": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/run/{id}",
+ "responseCode": 202
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteRunRequest"
+ },
+ "name": "DeleteRun"
+ },
+ "DeleteRunGroup": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/runGroup/{id}",
+ "responseCode": 202
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteRunGroupRequest"
+ },
+ "name": "DeleteRunGroup"
+ },
+ "DeleteSequenceStore": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/sequencestore/{id}",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteSequenceStoreRequest"
+ },
+ "name": "DeleteSequenceStore",
+ "output": {
+ "shape": "DeleteSequenceStoreResponse"
+ }
+ },
+ "DeleteVariantStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/variantStore/{name}",
+ "responseCode": 200
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteVariantStoreRequest"
+ },
+ "name": "DeleteVariantStore",
+ "output": {
+ "shape": "DeleteVariantStoreResponse"
+ }
+ },
+ "DeleteWorkflow": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/workflow/{id}",
+ "responseCode": 202
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteWorkflowRequest"
+ },
+ "name": "DeleteWorkflow"
+ },
+ "GetAnnotationImportJob": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/import/annotation/{jobId}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetAnnotationImportRequest"
+ },
+ "name": "GetAnnotationImportJob",
+ "output": {
+ "shape": "GetAnnotationImportResponse"
+ }
+ },
+ "GetAnnotationStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/annotationStore/{name}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetAnnotationStoreRequest"
+ },
+ "name": "GetAnnotationStore",
+ "output": {
+ "shape": "GetAnnotationStoreResponse"
+ }
+ },
+ "GetReadSet": {
+ "endpoint": {
+ "hostPrefix": "storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "RangeNotSatisfiableException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/sequencestore/{sequenceStoreId}/readset/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReadSetRequest"
+ },
+ "name": "GetReadSet",
+ "output": {
+ "shape": "GetReadSetResponse"
+ }
+ },
+ "GetReadSetActivationJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/sequencestore/{sequenceStoreId}/activationjob/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReadSetActivationJobRequest"
+ },
+ "name": "GetReadSetActivationJob",
+ "output": {
+ "shape": "GetReadSetActivationJobResponse"
+ }
+ },
+ "GetReadSetExportJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/sequencestore/{sequenceStoreId}/exportjob/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReadSetExportJobRequest"
+ },
+ "name": "GetReadSetExportJob",
+ "output": {
+ "shape": "GetReadSetExportJobResponse"
+ }
+ },
+ "GetReadSetImportJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/sequencestore/{sequenceStoreId}/importjob/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReadSetImportJobRequest"
+ },
+ "name": "GetReadSetImportJob",
+ "output": {
+ "shape": "GetReadSetImportJobResponse"
+ }
+ },
+ "GetReadSetMetadata": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/sequencestore/{sequenceStoreId}/readset/{id}/metadata",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReadSetMetadataRequest"
+ },
+ "name": "GetReadSetMetadata",
+ "output": {
+ "shape": "GetReadSetMetadataResponse"
+ }
+ },
+ "GetReference": {
+ "endpoint": {
+ "hostPrefix": "storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "RangeNotSatisfiableException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/referencestore/{referenceStoreId}/reference/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReferenceRequest"
+ },
+ "name": "GetReference",
+ "output": {
+ "shape": "GetReferenceResponse"
+ }
+ },
+ "GetReferenceImportJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/referencestore/{referenceStoreId}/importjob/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReferenceImportJobRequest"
+ },
+ "name": "GetReferenceImportJob",
+ "output": {
+ "shape": "GetReferenceImportJobResponse"
+ }
+ },
+ "GetReferenceMetadata": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/referencestore/{referenceStoreId}/reference/{id}/metadata",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReferenceMetadataRequest"
+ },
+ "name": "GetReferenceMetadata",
+ "output": {
+ "shape": "GetReferenceMetadataResponse"
+ }
+ },
+ "GetReferenceStore": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/referencestore/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetReferenceStoreRequest"
+ },
+ "name": "GetReferenceStore",
+ "output": {
+ "shape": "GetReferenceStoreResponse"
+ }
+ },
+ "GetRun": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/run/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetRunRequest"
+ },
+ "name": "GetRun",
+ "output": {
+ "shape": "GetRunResponse"
+ }
+ },
+ "GetRunGroup": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/runGroup/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetRunGroupRequest"
+ },
+ "name": "GetRunGroup",
+ "output": {
+ "shape": "GetRunGroupResponse"
+ }
+ },
+ "GetRunTask": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/run/{id}/task/{taskId}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetRunTaskRequest"
+ },
+ "name": "GetRunTask",
+ "output": {
+ "shape": "GetRunTaskResponse"
+ }
+ },
+ "GetSequenceStore": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/sequencestore/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetSequenceStoreRequest"
+ },
+ "name": "GetSequenceStore",
+ "output": {
+ "shape": "GetSequenceStoreResponse"
+ }
+ },
+ "GetVariantImportJob": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/import/variant/{jobId}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetVariantImportRequest"
+ },
+ "name": "GetVariantImportJob",
+ "output": {
+ "shape": "GetVariantImportResponse"
+ }
+ },
+ "GetVariantStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/variantStore/{name}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetVariantStoreRequest"
+ },
+ "name": "GetVariantStore",
+ "output": {
+ "shape": "GetVariantStoreResponse"
+ }
+ },
+ "GetWorkflow": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/workflow/{id}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "GetWorkflowRequest"
+ },
+ "name": "GetWorkflow",
+ "output": {
+ "shape": "GetWorkflowResponse"
+ }
+ },
+ "ListAnnotationImportJobs": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/import/annotations",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListAnnotationImportJobsRequest"
+ },
+ "name": "ListAnnotationImportJobs",
+ "output": {
+ "shape": "ListAnnotationImportJobsResponse"
+ }
+ },
+ "ListAnnotationStores": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/annotationStores",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListAnnotationStoresRequest"
+ },
+ "name": "ListAnnotationStores",
+ "output": {
+ "shape": "ListAnnotationStoresResponse"
+ }
+ },
+ "ListReadSetActivationJobs": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/activationjobs",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListReadSetActivationJobsRequest"
+ },
+ "name": "ListReadSetActivationJobs",
+ "output": {
+ "shape": "ListReadSetActivationJobsResponse"
+ }
+ },
+ "ListReadSetExportJobs": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/exportjobs",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListReadSetExportJobsRequest"
+ },
+ "name": "ListReadSetExportJobs",
+ "output": {
+ "shape": "ListReadSetExportJobsResponse"
+ }
+ },
+ "ListReadSetImportJobs": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/importjobs",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListReadSetImportJobsRequest"
+ },
+ "name": "ListReadSetImportJobs",
+ "output": {
+ "shape": "ListReadSetImportJobsResponse"
+ }
+ },
+ "ListReadSets": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/readsets",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListReadSetsRequest"
+ },
+ "name": "ListReadSets",
+ "output": {
+ "shape": "ListReadSetsResponse"
+ }
+ },
+ "ListReferenceImportJobs": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/referencestore/{referenceStoreId}/importjobs",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListReferenceImportJobsRequest"
+ },
+ "name": "ListReferenceImportJobs",
+ "output": {
+ "shape": "ListReferenceImportJobsResponse"
+ }
+ },
+ "ListReferenceStores": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/referencestores",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListReferenceStoresRequest"
+ },
+ "name": "ListReferenceStores",
+ "output": {
+ "shape": "ListReferenceStoresResponse"
+ }
+ },
+ "ListReferences": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/referencestore/{referenceStoreId}/references",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListReferencesRequest"
+ },
+ "name": "ListReferences",
+ "output": {
+ "shape": "ListReferencesResponse"
+ }
+ },
+ "ListRunGroups": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/runGroup",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListRunGroupsRequest"
+ },
+ "name": "ListRunGroups",
+ "output": {
+ "shape": "ListRunGroupsResponse"
+ }
+ },
+ "ListRunTasks": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/run/{id}/task",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListRunTasksRequest"
+ },
+ "name": "ListRunTasks",
+ "output": {
+ "shape": "ListRunTasksResponse"
+ }
+ },
+ "ListRuns": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/run",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListRunsRequest"
+ },
+ "name": "ListRuns",
+ "output": {
+ "shape": "ListRunsResponse"
+ }
+ },
+ "ListSequenceStores": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestores",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListSequenceStoresRequest"
+ },
+ "name": "ListSequenceStores",
+ "output": {
+ "shape": "ListSequenceStoresResponse"
+ }
+ },
+ "ListTagsForResource": {
+ "endpoint": {
+ "hostPrefix": "tags-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/tags/{resourceArn}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListTagsForResourceRequest"
+ },
+ "name": "ListTagsForResource",
+ "output": {
+ "shape": "ListTagsForResourceResponse"
+ }
+ },
+ "ListVariantImportJobs": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/import/variants",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListVariantImportJobsRequest"
+ },
+ "name": "ListVariantImportJobs",
+ "output": {
+ "shape": "ListVariantImportJobsResponse"
+ }
+ },
+ "ListVariantStores": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/variantStores",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListVariantStoresRequest"
+ },
+ "name": "ListVariantStores",
+ "output": {
+ "shape": "ListVariantStoresResponse"
+ }
+ },
+ "ListWorkflows": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "GET",
+ "requestUri": "/workflow",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "ListWorkflowsRequest"
+ },
+ "name": "ListWorkflows",
+ "output": {
+ "shape": "ListWorkflowsResponse"
+ }
+ },
+ "StartAnnotationImportJob": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/import/annotation",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "StartAnnotationImportRequest"
+ },
+ "name": "StartAnnotationImportJob",
+ "output": {
+ "shape": "StartAnnotationImportResponse"
+ }
+ },
+ "StartReadSetActivationJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/activationjob",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "StartReadSetActivationJobRequest"
+ },
+ "name": "StartReadSetActivationJob",
+ "output": {
+ "shape": "StartReadSetActivationJobResponse"
+ }
+ },
+ "StartReadSetExportJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/exportjob",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "StartReadSetExportJobRequest"
+ },
+ "name": "StartReadSetExportJob",
+ "output": {
+ "shape": "StartReadSetExportJobResponse"
+ }
+ },
+ "StartReadSetImportJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/sequencestore/{sequenceStoreId}/importjob",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "StartReadSetImportJobRequest"
+ },
+ "name": "StartReadSetImportJob",
+ "output": {
+ "shape": "StartReadSetImportJobResponse"
+ }
+ },
+ "StartReferenceImportJob": {
+ "endpoint": {
+ "hostPrefix": "control-storage-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/referencestore/{referenceStoreId}/importjob",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "StartReferenceImportJobRequest"
+ },
+ "name": "StartReferenceImportJob",
+ "output": {
+ "shape": "StartReferenceImportJobResponse"
+ }
+ },
+ "StartRun": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/run",
+ "responseCode": 201
+ },
+ "input": {
+ "shape": "StartRunRequest"
+ },
+ "name": "StartRun",
+ "output": {
+ "shape": "StartRunResponse"
+ }
+ },
+ "StartVariantImportJob": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/import/variant",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "StartVariantImportRequest"
+ },
+ "name": "StartVariantImportJob",
+ "output": {
+ "shape": "StartVariantImportResponse"
+ }
+ },
+ "TagResource": {
+ "endpoint": {
+ "hostPrefix": "tags-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/tags/{resourceArn}",
+ "responseCode": 204
+ },
+ "input": {
+ "shape": "TagResourceRequest"
+ },
+ "name": "TagResource",
+ "output": {
+ "shape": "TagResourceResponse"
+ }
+ },
+ "UntagResource": {
+ "endpoint": {
+ "hostPrefix": "tags-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "DELETE",
+ "requestUri": "/tags/{resourceArn}",
+ "responseCode": 204
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "UntagResourceRequest"
+ },
+ "name": "UntagResource",
+ "output": {
+ "shape": "UntagResourceResponse"
+ }
+ },
+ "UpdateAnnotationStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/annotationStore/{name}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "UpdateAnnotationStoreRequest"
+ },
+ "name": "UpdateAnnotationStore",
+ "output": {
+ "shape": "UpdateAnnotationStoreResponse"
+ }
+ },
+ "UpdateRunGroup": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/runGroup/{id}",
+ "responseCode": 202
+ },
+ "input": {
+ "shape": "UpdateRunGroupRequest"
+ },
+ "name": "UpdateRunGroup"
+ },
+ "UpdateVariantStore": {
+ "endpoint": {
+ "hostPrefix": "analytics-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/variantStore/{name}",
+ "responseCode": 200
+ },
+ "input": {
+ "shape": "UpdateVariantStoreRequest"
+ },
+ "name": "UpdateVariantStore",
+ "output": {
+ "shape": "UpdateVariantStoreResponse"
+ }
+ },
+ "UpdateWorkflow": {
+ "endpoint": {
+ "hostPrefix": "workflows-"
+ },
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ServiceQuotaExceededException"
+ },
+ {
+ "shape": "ThrottlingException"
+ },
+ {
+ "shape": "ValidationException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "AccessDeniedException"
+ },
+ {
+ "shape": "RequestTimeoutException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/workflow/{id}",
+ "responseCode": 202
+ },
+ "input": {
+ "shape": "UpdateWorkflowRequest"
+ },
+ "name": "UpdateWorkflow"
+ }
+ },
+ "shapes": {
+ "AccessDeniedException": {
+ "error": {
+ "httpStatusCode": 403,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "structure"
+ },
+ "ActivateReadSetFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "status": {
+ "shape": "ReadSetActivationJobStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "ActivateReadSetJobItem": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ActivationJobId"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetActivationJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ActivateReadSetJobList": {
+ "member": {
+ "shape": "ActivateReadSetJobItem"
+ },
+ "type": "list"
+ },
+ "ActivateReadSetSourceItem": {
+ "members": {
+ "readSetId": {
+ "shape": "ReadSetId"
+ },
+ "status": {
+ "shape": "ReadSetActivationJobItemStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ }
+ },
+ "required": [
+ "readSetId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ActivateReadSetSourceList": {
+ "member": {
+ "shape": "ActivateReadSetSourceItem"
+ },
+ "type": "list"
+ },
+ "ActivationJobId": {
+ "max": 36,
+ "min": 10,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "AnnotationImportItemDetail": {
+ "members": {
+ "jobStatus": {
+ "shape": "JobStatus"
+ },
+ "source": {
+ "shape": "S3Uri"
+ }
+ },
+ "required": [
+ "jobStatus",
+ "source"
+ ],
+ "type": "structure"
+ },
+ "AnnotationImportItemDetails": {
+ "max": 1,
+ "member": {
+ "shape": "AnnotationImportItemDetail"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "AnnotationImportItemSource": {
+ "members": {
+ "source": {
+ "shape": "S3Uri"
+ }
+ },
+ "required": [
+ "source"
+ ],
+ "type": "structure"
+ },
+ "AnnotationImportItemSources": {
+ "max": 1,
+ "member": {
+ "shape": "AnnotationImportItemSource"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "AnnotationImportJobItem": {
+ "members": {
+ "completionTime": {
+ "shape": "CompletionTime"
+ },
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "destinationName": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "String"
+ },
+ "roleArn": {
+ "shape": "Arn"
+ },
+ "runLeftNormalization": {
+ "shape": "RunLeftNormalization"
+ },
+ "status": {
+ "shape": "JobStatus"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "destinationName",
+ "id",
+ "roleArn",
+ "status",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "AnnotationImportJobItems": {
+ "member": {
+ "shape": "AnnotationImportJobItem"
+ },
+ "type": "list"
+ },
+ "AnnotationStoreItem": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ },
+ "statusMessage": {
+ "shape": "StatusMessage"
+ },
+ "storeArn": {
+ "shape": "Arn"
+ },
+ "storeFormat": {
+ "shape": "StoreFormat"
+ },
+ "storeSizeBytes": {
+ "shape": "Long"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "description",
+ "id",
+ "name",
+ "reference",
+ "sseConfig",
+ "status",
+ "statusMessage",
+ "storeArn",
+ "storeFormat",
+ "storeSizeBytes",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "AnnotationStoreItems": {
+ "member": {
+ "shape": "AnnotationStoreItem"
+ },
+ "type": "list"
+ },
+ "AnnotationType": {
+ "enum": [
+ "GENERIC",
+ "CHR_POS",
+ "CHR_POS_REF_ALT",
+ "CHR_START_END_ONE_BASE",
+ "CHR_START_END_REF_ALT_ONE_BASE",
+ "CHR_START_END_ZERO_BASE",
+ "CHR_START_END_REF_ALT_ZERO_BASE"
+ ],
+ "type": "string"
+ },
+ "Arn": {
+ "max": 2048,
+ "min": 20,
+ "pattern": "^arn:([^: ]*):([^: ]*):([^: ]*):([0-9]{12}):([^: ]*)$",
+ "type": "string"
+ },
+ "BatchDeleteReadSetRequest": {
+ "members": {
+ "ids": {
+ "shape": "ReadSetIdList"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "ids",
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "BatchDeleteReadSetResponse": {
+ "members": {
+ "errors": {
+ "shape": "ReadSetBatchErrorList"
+ }
+ },
+ "type": "structure"
+ },
+ "Blob": {
+ "type": "blob"
+ },
+ "Boolean": {
+ "box": true,
+ "type": "boolean"
+ },
+ "CancelAnnotationImportRequest": {
+ "members": {
+ "jobId": {
+ "location": "uri",
+ "locationName": "jobId",
+ "shape": "ResourceId"
+ }
+ },
+ "required": [
+ "jobId"
+ ],
+ "type": "structure"
+ },
+ "CancelAnnotationImportResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "CancelRunRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "CancelVariantImportRequest": {
+ "members": {
+ "jobId": {
+ "location": "uri",
+ "locationName": "jobId",
+ "shape": "ResourceId"
+ }
+ },
+ "required": [
+ "jobId"
+ ],
+ "type": "structure"
+ },
+ "CancelVariantImportResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "ClientToken": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "CommentChar": {
+ "max": 1,
+ "min": 1,
+ "type": "string"
+ },
+ "CompletionTime": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "ConflictException": {
+ "error": {
+ "httpStatusCode": 409,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "structure"
+ },
+ "CreateAnnotationStoreRequest": {
+ "members": {
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "name": {
+ "shape": "CreateAnnotationStoreRequestNameString"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "storeFormat": {
+ "shape": "StoreFormat"
+ },
+ "storeOptions": {
+ "shape": "StoreOptions"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "storeFormat"
+ ],
+ "type": "structure"
+ },
+ "CreateAnnotationStoreRequestNameString": {
+ "pattern": "^([a-z]){1}([a-z0-9_]){2,254}$",
+ "type": "string"
+ },
+ "CreateAnnotationStoreResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ },
+ "storeFormat": {
+ "shape": "StoreFormat"
+ },
+ "storeOptions": {
+ "shape": "StoreOptions"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "name",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "CreateReferenceStoreRequest": {
+ "members": {
+ "clientToken": {
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "ReferenceStoreDescription"
+ },
+ "name": {
+ "shape": "ReferenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "CreateReferenceStoreResponse": {
+ "members": {
+ "arn": {
+ "shape": "ReferenceStoreArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "ReferenceStoreDescription"
+ },
+ "id": {
+ "shape": "ReferenceStoreId"
+ },
+ "name": {
+ "shape": "ReferenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id"
+ ],
+ "type": "structure"
+ },
+ "CreateRunGroupRequest": {
+ "members": {
+ "maxCpus": {
+ "shape": "CreateRunGroupRequestMaxCpusInteger"
+ },
+ "maxDuration": {
+ "shape": "CreateRunGroupRequestMaxDurationInteger"
+ },
+ "maxRuns": {
+ "shape": "CreateRunGroupRequestMaxRunsInteger"
+ },
+ "name": {
+ "shape": "RunGroupName"
+ },
+ "requestId": {
+ "idempotencyToken": true,
+ "shape": "RunGroupRequestId"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "requestId"
+ ],
+ "type": "structure"
+ },
+ "CreateRunGroupRequestMaxCpusInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "CreateRunGroupRequestMaxDurationInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "CreateRunGroupRequestMaxRunsInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "CreateRunGroupResponse": {
+ "members": {
+ "arn": {
+ "shape": "RunGroupArn"
+ },
+ "id": {
+ "shape": "RunGroupId"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateSequenceStoreRequest": {
+ "members": {
+ "clientToken": {
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "SequenceStoreDescription"
+ },
+ "name": {
+ "shape": "SequenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "CreateSequenceStoreResponse": {
+ "members": {
+ "arn": {
+ "shape": "SequenceStoreArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "SequenceStoreDescription"
+ },
+ "id": {
+ "shape": "SequenceStoreId"
+ },
+ "name": {
+ "shape": "SequenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id"
+ ],
+ "type": "structure"
+ },
+ "CreateVariantStoreRequest": {
+ "members": {
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "name": {
+ "shape": "CreateVariantStoreRequestNameString"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "reference"
+ ],
+ "type": "structure"
+ },
+ "CreateVariantStoreRequestNameString": {
+ "pattern": "^([a-z]){1}([a-z0-9_]){2,254}$",
+ "type": "string"
+ },
+ "CreateVariantStoreResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "name",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "CreateWorkflowRequest": {
+ "members": {
+ "definitionUri": {
+ "shape": "WorkflowDefinition"
+ },
+ "definitionZip": {
+ "shape": "Blob"
+ },
+ "description": {
+ "shape": "WorkflowDescription"
+ },
+ "engine": {
+ "shape": "WorkflowEngine"
+ },
+ "main": {
+ "shape": "WorkflowMain"
+ },
+ "name": {
+ "shape": "WorkflowName"
+ },
+ "parameterTemplate": {
+ "shape": "WorkflowParameterTemplate"
+ },
+ "requestId": {
+ "idempotencyToken": true,
+ "shape": "WorkflowRequestId"
+ },
+ "storageCapacity": {
+ "shape": "CreateWorkflowRequestStorageCapacityInteger"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "requestId"
+ ],
+ "type": "structure"
+ },
+ "CreateWorkflowRequestStorageCapacityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "CreateWorkflowResponse": {
+ "members": {
+ "arn": {
+ "shape": "WorkflowArn"
+ },
+ "id": {
+ "shape": "WorkflowId"
+ },
+ "status": {
+ "shape": "WorkflowStatus"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "type": "structure"
+ },
+ "CreationTime": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "DeleteAnnotationStoreRequest": {
+ "members": {
+ "force": {
+ "location": "querystring",
+ "locationName": "force",
+ "shape": "PrimitiveBoolean"
+ },
+ "name": {
+ "location": "uri",
+ "locationName": "name",
+ "shape": "String"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "DeleteAnnotationStoreResponse": {
+ "members": {
+ "status": {
+ "shape": "StoreStatus"
+ }
+ },
+ "required": [
+ "status"
+ ],
+ "type": "structure"
+ },
+ "DeleteReferenceRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ReferenceId"
+ },
+ "referenceStoreId": {
+ "location": "uri",
+ "locationName": "referenceStoreId",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "referenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "DeleteReferenceResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "DeleteReferenceStoreRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "DeleteReferenceStoreResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "DeleteRunGroupRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunGroupId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "DeleteRunRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "DeleteSequenceStoreRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "DeleteSequenceStoreResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "DeleteVariantStoreRequest": {
+ "members": {
+ "force": {
+ "location": "querystring",
+ "locationName": "force",
+ "shape": "PrimitiveBoolean"
+ },
+ "name": {
+ "location": "uri",
+ "locationName": "name",
+ "shape": "String"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "DeleteVariantStoreResponse": {
+ "members": {
+ "status": {
+ "shape": "StoreStatus"
+ }
+ },
+ "required": [
+ "status"
+ ],
+ "type": "structure"
+ },
+ "DeleteWorkflowRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "WorkflowId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "Encoding": {
+ "max": 20,
+ "min": 1,
+ "type": "string"
+ },
+ "EncryptionType": {
+ "enum": [
+ "KMS"
+ ],
+ "type": "string"
+ },
+ "EscapeChar": {
+ "max": 1,
+ "min": 1,
+ "type": "string"
+ },
+ "EscapeQuotes": {
+ "type": "boolean"
+ },
+ "ExportJobId": {
+ "max": 36,
+ "min": 10,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "ExportReadSet": {
+ "members": {
+ "readSetId": {
+ "shape": "ReadSetId"
+ }
+ },
+ "required": [
+ "readSetId"
+ ],
+ "type": "structure"
+ },
+ "ExportReadSetDetail": {
+ "members": {
+ "id": {
+ "shape": "ReadSetId"
+ },
+ "status": {
+ "shape": "ReadSetExportJobItemStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ }
+ },
+ "required": [
+ "id",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ExportReadSetDetailList": {
+ "member": {
+ "shape": "ExportReadSetDetail"
+ },
+ "type": "list"
+ },
+ "ExportReadSetFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "status": {
+ "shape": "ReadSetExportJobStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "ExportReadSetJobDetail": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "destination": {
+ "shape": "S3Destination"
+ },
+ "id": {
+ "shape": "ExportJobId"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetExportJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "destination",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ExportReadSetJobDetailList": {
+ "member": {
+ "shape": "ExportReadSetJobDetail"
+ },
+ "type": "list"
+ },
+ "FileInformation": {
+ "members": {
+ "contentLength": {
+ "shape": "FileInformationContentLengthLong"
+ },
+ "partSize": {
+ "shape": "FileInformationPartSizeLong"
+ },
+ "totalParts": {
+ "shape": "FileInformationTotalPartsInteger"
+ }
+ },
+ "type": "structure"
+ },
+ "FileInformationContentLengthLong": {
+ "box": true,
+ "max": 5497558138880,
+ "min": 1,
+ "type": "long"
+ },
+ "FileInformationPartSizeLong": {
+ "box": true,
+ "max": 5368709120,
+ "min": 1,
+ "type": "long"
+ },
+ "FileInformationTotalPartsInteger": {
+ "box": true,
+ "max": 10000,
+ "min": 1,
+ "type": "integer"
+ },
+ "FileType": {
+ "enum": [
+ "FASTQ",
+ "BAM",
+ "CRAM"
+ ],
+ "type": "string"
+ },
+ "FormatOptions": {
+ "members": {
+ "tsvOptions": {
+ "shape": "TsvOptions"
+ },
+ "vcfOptions": {
+ "shape": "VcfOptions"
+ }
+ },
+ "type": "structure",
+ "union": true
+ },
+ "FormatToHeader": {
+ "key": {
+ "shape": "FormatToHeaderKey"
+ },
+ "type": "map",
+ "value": {
+ "shape": "FormatToHeaderValueString"
+ }
+ },
+ "FormatToHeaderKey": {
+ "enum": [
+ "CHR",
+ "START",
+ "END",
+ "REF",
+ "ALT",
+ "POS"
+ ],
+ "type": "string"
+ },
+ "FormatToHeaderValueString": {
+ "max": 1000,
+ "min": 0,
+ "type": "string"
+ },
+ "GeneratedFrom": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "GetAnnotationImportRequest": {
+ "members": {
+ "jobId": {
+ "location": "uri",
+ "locationName": "jobId",
+ "shape": "ResourceId"
+ }
+ },
+ "required": [
+ "jobId"
+ ],
+ "type": "structure"
+ },
+ "GetAnnotationImportResponse": {
+ "members": {
+ "completionTime": {
+ "shape": "CompletionTime"
+ },
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "destinationName": {
+ "shape": "StoreName"
+ },
+ "formatOptions": {
+ "shape": "FormatOptions"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "items": {
+ "shape": "AnnotationImportItemDetails"
+ },
+ "roleArn": {
+ "shape": "Arn"
+ },
+ "runLeftNormalization": {
+ "shape": "RunLeftNormalization"
+ },
+ "status": {
+ "shape": "JobStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMsg"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "completionTime",
+ "creationTime",
+ "destinationName",
+ "formatOptions",
+ "id",
+ "items",
+ "roleArn",
+ "runLeftNormalization",
+ "status",
+ "statusMessage",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "GetAnnotationStoreRequest": {
+ "members": {
+ "name": {
+ "location": "uri",
+ "locationName": "name",
+ "shape": "String"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "GetAnnotationStoreResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ },
+ "statusMessage": {
+ "shape": "StatusMessage"
+ },
+ "storeArn": {
+ "shape": "Arn"
+ },
+ "storeFormat": {
+ "shape": "StoreFormat"
+ },
+ "storeOptions": {
+ "shape": "StoreOptions"
+ },
+ "storeSizeBytes": {
+ "shape": "Long"
+ },
+ "tags": {
+ "shape": "TagMap"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "description",
+ "id",
+ "name",
+ "reference",
+ "sseConfig",
+ "status",
+ "statusMessage",
+ "storeArn",
+ "storeSizeBytes",
+ "tags",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetActivationJobRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ActivationJobId"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetActivationJobResponse": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ActivationJobId"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "sources": {
+ "shape": "ActivateReadSetSourceList"
+ },
+ "status": {
+ "shape": "ReadSetActivationJobStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetExportJobRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ExportJobId"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetExportJobResponse": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "destination": {
+ "shape": "S3Destination"
+ },
+ "id": {
+ "shape": "ExportJobId"
+ },
+ "readSets": {
+ "shape": "ExportReadSetDetailList"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetExportJobStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ }
+ },
+ "required": [
+ "creationTime",
+ "destination",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetImportJobRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ImportJobId"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetImportJobResponse": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ImportJobId"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "sources": {
+ "shape": "ImportReadSetSourceList"
+ },
+ "status": {
+ "shape": "ReadSetImportJobStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "roleArn",
+ "sequenceStoreId",
+ "sources",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetMetadataRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ReadSetId"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetMetadataResponse": {
+ "members": {
+ "arn": {
+ "shape": "ReadSetArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "ReadSetDescription"
+ },
+ "fileType": {
+ "shape": "FileType"
+ },
+ "files": {
+ "shape": "ReadSetFiles"
+ },
+ "id": {
+ "shape": "ReadSetId"
+ },
+ "name": {
+ "shape": "ReadSetName"
+ },
+ "referenceArn": {
+ "shape": "ReferenceArn"
+ },
+ "sampleId": {
+ "shape": "SampleId"
+ },
+ "sequenceInformation": {
+ "shape": "SequenceInformation"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetStatus"
+ },
+ "subjectId": {
+ "shape": "SubjectId"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "fileType",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetRequest": {
+ "members": {
+ "file": {
+ "location": "querystring",
+ "locationName": "file",
+ "shape": "ReadSetFile"
+ },
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ReadSetId"
+ },
+ "partNumber": {
+ "location": "querystring",
+ "locationName": "partNumber",
+ "shape": "GetReadSetRequestPartNumberInteger"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "partNumber",
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReadSetRequestPartNumberInteger": {
+ "box": true,
+ "max": 10000,
+ "min": 1,
+ "type": "integer"
+ },
+ "GetReadSetResponse": {
+ "members": {
+ "payload": {
+ "shape": "ReadSetStreamingBlob"
+ }
+ },
+ "payload": "payload",
+ "type": "structure"
+ },
+ "GetReferenceImportJobRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ImportJobId"
+ },
+ "referenceStoreId": {
+ "location": "uri",
+ "locationName": "referenceStoreId",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "referenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReferenceImportJobResponse": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ImportJobId"
+ },
+ "referenceStoreId": {
+ "shape": "ReferenceStoreId"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "sources": {
+ "shape": "ImportReferenceSourceList"
+ },
+ "status": {
+ "shape": "ReferenceImportJobStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "referenceStoreId",
+ "roleArn",
+ "sources",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "GetReferenceMetadataRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ReferenceId"
+ },
+ "referenceStoreId": {
+ "location": "uri",
+ "locationName": "referenceStoreId",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "referenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReferenceMetadataResponse": {
+ "members": {
+ "arn": {
+ "shape": "ReferenceArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "ReferenceDescription"
+ },
+ "files": {
+ "shape": "ReferenceFiles"
+ },
+ "id": {
+ "shape": "ReferenceId"
+ },
+ "md5": {
+ "shape": "Md5"
+ },
+ "name": {
+ "shape": "ReferenceName"
+ },
+ "referenceStoreId": {
+ "shape": "ReferenceStoreId"
+ },
+ "status": {
+ "shape": "ReferenceStatus"
+ },
+ "updateTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id",
+ "md5",
+ "referenceStoreId",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "GetReferenceRequest": {
+ "members": {
+ "file": {
+ "location": "querystring",
+ "locationName": "file",
+ "shape": "ReferenceFile"
+ },
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ReferenceId"
+ },
+ "partNumber": {
+ "location": "querystring",
+ "locationName": "partNumber",
+ "shape": "GetReferenceRequestPartNumberInteger"
+ },
+ "range": {
+ "location": "header",
+ "locationName": "Range",
+ "shape": "Range"
+ },
+ "referenceStoreId": {
+ "location": "uri",
+ "locationName": "referenceStoreId",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "id",
+ "partNumber",
+ "referenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "GetReferenceRequestPartNumberInteger": {
+ "box": true,
+ "max": 10000,
+ "min": 1,
+ "type": "integer"
+ },
+ "GetReferenceResponse": {
+ "members": {
+ "payload": {
+ "shape": "ReferenceStreamingBlob"
+ }
+ },
+ "payload": "payload",
+ "type": "structure"
+ },
+ "GetReferenceStoreRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetReferenceStoreResponse": {
+ "members": {
+ "arn": {
+ "shape": "ReferenceStoreArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "ReferenceStoreDescription"
+ },
+ "id": {
+ "shape": "ReferenceStoreId"
+ },
+ "name": {
+ "shape": "ReferenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetRunGroupRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunGroupId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetRunGroupResponse": {
+ "members": {
+ "arn": {
+ "shape": "RunGroupArn"
+ },
+ "creationTime": {
+ "shape": "RunGroupTimestamp"
+ },
+ "id": {
+ "shape": "RunGroupId"
+ },
+ "maxCpus": {
+ "shape": "GetRunGroupResponseMaxCpusInteger"
+ },
+ "maxDuration": {
+ "shape": "GetRunGroupResponseMaxDurationInteger"
+ },
+ "maxRuns": {
+ "shape": "GetRunGroupResponseMaxRunsInteger"
+ },
+ "name": {
+ "shape": "RunGroupName"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "type": "structure"
+ },
+ "GetRunGroupResponseMaxCpusInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "GetRunGroupResponseMaxDurationInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "GetRunGroupResponseMaxRunsInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "GetRunRequest": {
+ "members": {
+ "export": {
+ "location": "querystring",
+ "locationName": "export",
+ "shape": "RunExportList"
+ },
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetRunResponse": {
+ "members": {
+ "arn": {
+ "shape": "RunArn"
+ },
+ "creationTime": {
+ "shape": "RunTimestamp"
+ },
+ "definition": {
+ "shape": "WorkflowDefinition"
+ },
+ "digest": {
+ "shape": "WorkflowDigest"
+ },
+ "id": {
+ "shape": "RunId"
+ },
+ "logLevel": {
+ "shape": "RunLogLevel"
+ },
+ "name": {
+ "shape": "RunName"
+ },
+ "outputUri": {
+ "shape": "RunOutputUri"
+ },
+ "priority": {
+ "shape": "GetRunResponsePriorityInteger"
+ },
+ "resourceDigests": {
+ "shape": "RunResourceDigests"
+ },
+ "roleArn": {
+ "shape": "RunRoleArn"
+ },
+ "runGroupId": {
+ "shape": "RunGroupId"
+ },
+ "runId": {
+ "shape": "RunId"
+ },
+ "startTime": {
+ "shape": "RunTimestamp"
+ },
+ "startedBy": {
+ "shape": "RunStartedBy"
+ },
+ "status": {
+ "shape": "RunStatus"
+ },
+ "statusMessage": {
+ "shape": "RunStatusMessage"
+ },
+ "stopTime": {
+ "shape": "RunTimestamp"
+ },
+ "storageCapacity": {
+ "shape": "GetRunResponseStorageCapacityInteger"
+ },
+ "tags": {
+ "shape": "TagMap"
+ },
+ "workflowId": {
+ "shape": "WorkflowId"
+ },
+ "workflowType": {
+ "shape": "WorkflowType"
+ }
+ },
+ "type": "structure"
+ },
+ "GetRunResponsePriorityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "GetRunResponseStorageCapacityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "GetRunTaskRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunId"
+ },
+ "taskId": {
+ "location": "uri",
+ "locationName": "taskId",
+ "shape": "TaskId"
+ }
+ },
+ "required": [
+ "id",
+ "taskId"
+ ],
+ "type": "structure"
+ },
+ "GetRunTaskResponse": {
+ "members": {
+ "cpus": {
+ "shape": "GetRunTaskResponseCpusInteger"
+ },
+ "creationTime": {
+ "shape": "TaskTimestamp"
+ },
+ "logStream": {
+ "shape": "TaskLogStream"
+ },
+ "memory": {
+ "shape": "GetRunTaskResponseMemoryInteger"
+ },
+ "name": {
+ "shape": "TaskName"
+ },
+ "startTime": {
+ "shape": "TaskTimestamp"
+ },
+ "status": {
+ "shape": "TaskStatus"
+ },
+ "statusMessage": {
+ "shape": "TaskStatusMessage"
+ },
+ "stopTime": {
+ "shape": "TaskTimestamp"
+ },
+ "taskId": {
+ "shape": "TaskId"
+ }
+ },
+ "type": "structure"
+ },
+ "GetRunTaskResponseCpusInteger": {
+ "box": true,
+ "min": 1,
+ "type": "integer"
+ },
+ "GetRunTaskResponseMemoryInteger": {
+ "box": true,
+ "min": 1,
+ "type": "integer"
+ },
+ "GetSequenceStoreRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetSequenceStoreResponse": {
+ "members": {
+ "arn": {
+ "shape": "SequenceStoreArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "SequenceStoreDescription"
+ },
+ "id": {
+ "shape": "SequenceStoreId"
+ },
+ "name": {
+ "shape": "SequenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetVariantImportRequest": {
+ "members": {
+ "jobId": {
+ "location": "uri",
+ "locationName": "jobId",
+ "shape": "ResourceId"
+ }
+ },
+ "required": [
+ "jobId"
+ ],
+ "type": "structure"
+ },
+ "GetVariantImportResponse": {
+ "members": {
+ "completionTime": {
+ "shape": "CompletionTime"
+ },
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "destinationName": {
+ "shape": "StoreName"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "items": {
+ "shape": "VariantImportItemDetails"
+ },
+ "roleArn": {
+ "shape": "Arn"
+ },
+ "runLeftNormalization": {
+ "shape": "RunLeftNormalization"
+ },
+ "status": {
+ "shape": "JobStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMsg"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "destinationName",
+ "id",
+ "items",
+ "roleArn",
+ "runLeftNormalization",
+ "status",
+ "statusMessage",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "GetVariantStoreRequest": {
+ "members": {
+ "name": {
+ "location": "uri",
+ "locationName": "name",
+ "shape": "String"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "GetVariantStoreResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ },
+ "statusMessage": {
+ "shape": "StatusMessage"
+ },
+ "storeArn": {
+ "shape": "Arn"
+ },
+ "storeSizeBytes": {
+ "shape": "Long"
+ },
+ "tags": {
+ "shape": "TagMap"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "description",
+ "id",
+ "name",
+ "reference",
+ "sseConfig",
+ "status",
+ "statusMessage",
+ "storeArn",
+ "storeSizeBytes",
+ "tags",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "GetWorkflowRequest": {
+ "members": {
+ "export": {
+ "location": "querystring",
+ "locationName": "export",
+ "shape": "WorkflowExportList"
+ },
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "WorkflowId"
+ },
+ "type": {
+ "location": "querystring",
+ "locationName": "type",
+ "shape": "WorkflowType"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetWorkflowResponse": {
+ "members": {
+ "arn": {
+ "shape": "WorkflowArn"
+ },
+ "creationTime": {
+ "shape": "WorkflowTimestamp"
+ },
+ "definition": {
+ "shape": "WorkflowDefinition"
+ },
+ "description": {
+ "shape": "WorkflowDescription"
+ },
+ "digest": {
+ "shape": "WorkflowDigest"
+ },
+ "engine": {
+ "shape": "WorkflowEngine"
+ },
+ "id": {
+ "shape": "WorkflowId"
+ },
+ "main": {
+ "shape": "WorkflowMain"
+ },
+ "name": {
+ "shape": "WorkflowName"
+ },
+ "parameterTemplate": {
+ "shape": "WorkflowParameterTemplate"
+ },
+ "status": {
+ "shape": "WorkflowStatus"
+ },
+ "statusMessage": {
+ "shape": "WorkflowStatusMessage"
+ },
+ "storageCapacity": {
+ "shape": "GetWorkflowResponseStorageCapacityInteger"
+ },
+ "tags": {
+ "shape": "TagMap"
+ },
+ "type": {
+ "shape": "WorkflowType"
+ }
+ },
+ "type": "structure"
+ },
+ "GetWorkflowResponseStorageCapacityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "Header": {
+ "type": "boolean"
+ },
+ "ImportJobId": {
+ "max": 36,
+ "min": 10,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "ImportReadSetFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "status": {
+ "shape": "ReadSetImportJobStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "ImportReadSetJobItem": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ImportJobId"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetImportJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "roleArn",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ImportReadSetJobList": {
+ "member": {
+ "shape": "ImportReadSetJobItem"
+ },
+ "type": "list"
+ },
+ "ImportReadSetSourceItem": {
+ "members": {
+ "description": {
+ "shape": "ReadSetDescription"
+ },
+ "generatedFrom": {
+ "shape": "GeneratedFrom"
+ },
+ "name": {
+ "shape": "ReadSetName"
+ },
+ "referenceArn": {
+ "shape": "ReferenceArn"
+ },
+ "sampleId": {
+ "shape": "SampleId"
+ },
+ "sourceFileType": {
+ "shape": "FileType"
+ },
+ "sourceFiles": {
+ "shape": "SourceFiles"
+ },
+ "status": {
+ "shape": "ReadSetImportJobItemStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ },
+ "subjectId": {
+ "shape": "SubjectId"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "sampleId",
+ "sourceFileType",
+ "sourceFiles",
+ "status",
+ "subjectId"
+ ],
+ "type": "structure"
+ },
+ "ImportReadSetSourceList": {
+ "member": {
+ "shape": "ImportReadSetSourceItem"
+ },
+ "type": "list"
+ },
+ "ImportReferenceFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "status": {
+ "shape": "ReferenceImportJobStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "ImportReferenceJobItem": {
+ "members": {
+ "completionTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ImportJobId"
+ },
+ "referenceStoreId": {
+ "shape": "ReferenceStoreId"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "status": {
+ "shape": "ReferenceImportJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "referenceStoreId",
+ "roleArn",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ImportReferenceJobList": {
+ "member": {
+ "shape": "ImportReferenceJobItem"
+ },
+ "type": "list"
+ },
+ "ImportReferenceSourceItem": {
+ "members": {
+ "description": {
+ "shape": "ReferenceDescription"
+ },
+ "name": {
+ "shape": "ReferenceName"
+ },
+ "sourceFile": {
+ "shape": "S3Uri"
+ },
+ "status": {
+ "shape": "ReferenceImportJobItemStatus"
+ },
+ "statusMessage": {
+ "shape": "JobStatusMessage"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ImportReferenceSourceList": {
+ "member": {
+ "shape": "ImportReferenceSourceItem"
+ },
+ "type": "list"
+ },
+ "InternalServerException": {
+ "error": {
+ "httpStatusCode": 500
+ },
+ "exception": true,
+ "fault": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "retryable": {
+ "throttling": false
+ },
+ "type": "structure"
+ },
+ "JobStatus": {
+ "enum": [
+ "SUBMITTED",
+ "IN_PROGRESS",
+ "CANCELLED",
+ "COMPLETED",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "JobStatusMessage": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "JobStatusMsg": {
+ "type": "string"
+ },
+ "LineSep": {
+ "max": 20,
+ "min": 1,
+ "type": "string"
+ },
+ "ListAnnotationImportJobsFilter": {
+ "members": {
+ "status": {
+ "shape": "JobStatus"
+ },
+ "storeName": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListAnnotationImportJobsRequest": {
+ "members": {
+ "filter": {
+ "shape": "ListAnnotationImportJobsFilter"
+ },
+ "ids": {
+ "shape": "ListAnnotationImportJobsRequestIdsList"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListAnnotationImportJobsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "ListAnnotationImportJobsRequestNextTokenString"
+ }
+ },
+ "type": "structure"
+ },
+ "ListAnnotationImportJobsRequestIdsList": {
+ "max": 20,
+ "member": {
+ "shape": "ResourceIdentifier"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "ListAnnotationImportJobsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListAnnotationImportJobsRequestNextTokenString": {
+ "max": 10000,
+ "min": 1,
+ "type": "string"
+ },
+ "ListAnnotationImportJobsResponse": {
+ "members": {
+ "annotationImportJobs": {
+ "shape": "AnnotationImportJobItems"
+ },
+ "nextToken": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListAnnotationStoresFilter": {
+ "members": {
+ "status": {
+ "shape": "StoreStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "ListAnnotationStoresRequest": {
+ "members": {
+ "filter": {
+ "shape": "ListAnnotationStoresFilter"
+ },
+ "ids": {
+ "shape": "ListAnnotationStoresRequestIdsList"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListAnnotationStoresRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "ListAnnotationStoresRequestNextTokenString"
+ }
+ },
+ "type": "structure"
+ },
+ "ListAnnotationStoresRequestIdsList": {
+ "max": 20,
+ "member": {
+ "shape": "ResourceIdentifier"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "ListAnnotationStoresRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListAnnotationStoresRequestNextTokenString": {
+ "max": 10000,
+ "min": 1,
+ "type": "string"
+ },
+ "ListAnnotationStoresResponse": {
+ "members": {
+ "annotationStores": {
+ "shape": "AnnotationStoreItems"
+ },
+ "nextToken": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListReadSetActivationJobsRequest": {
+ "members": {
+ "filter": {
+ "shape": "ActivateReadSetFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListReadSetActivationJobsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "ListReadSetActivationJobsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListReadSetActivationJobsResponse": {
+ "members": {
+ "activationJobs": {
+ "shape": "ActivateReadSetJobList"
+ },
+ "nextToken": {
+ "shape": "NextToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListReadSetExportJobsRequest": {
+ "members": {
+ "filter": {
+ "shape": "ExportReadSetFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListReadSetExportJobsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "ListReadSetExportJobsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListReadSetExportJobsResponse": {
+ "members": {
+ "exportJobs": {
+ "shape": "ExportReadSetJobDetailList"
+ },
+ "nextToken": {
+ "shape": "NextToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListReadSetImportJobsRequest": {
+ "members": {
+ "filter": {
+ "shape": "ImportReadSetFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListReadSetImportJobsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "ListReadSetImportJobsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListReadSetImportJobsResponse": {
+ "members": {
+ "importJobs": {
+ "shape": "ImportReadSetJobList"
+ },
+ "nextToken": {
+ "shape": "NextToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListReadSetsRequest": {
+ "members": {
+ "filter": {
+ "shape": "ReadSetFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListReadSetsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ }
+ },
+ "required": [
+ "sequenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "ListReadSetsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListReadSetsResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "NextToken"
+ },
+ "readSets": {
+ "shape": "ReadSetList"
+ }
+ },
+ "required": [
+ "readSets"
+ ],
+ "type": "structure"
+ },
+ "ListReferenceImportJobsRequest": {
+ "members": {
+ "filter": {
+ "shape": "ImportReferenceFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListReferenceImportJobsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ },
+ "referenceStoreId": {
+ "location": "uri",
+ "locationName": "referenceStoreId",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "referenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "ListReferenceImportJobsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListReferenceImportJobsResponse": {
+ "members": {
+ "importJobs": {
+ "shape": "ImportReferenceJobList"
+ },
+ "nextToken": {
+ "shape": "NextToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListReferenceStoresRequest": {
+ "members": {
+ "filter": {
+ "shape": "ReferenceStoreFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListReferenceStoresRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListReferenceStoresRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListReferenceStoresResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "NextToken"
+ },
+ "referenceStores": {
+ "shape": "ReferenceStoreDetailList"
+ }
+ },
+ "required": [
+ "referenceStores"
+ ],
+ "type": "structure"
+ },
+ "ListReferencesRequest": {
+ "members": {
+ "filter": {
+ "shape": "ReferenceFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListReferencesRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ },
+ "referenceStoreId": {
+ "location": "uri",
+ "locationName": "referenceStoreId",
+ "shape": "ReferenceStoreId"
+ }
+ },
+ "required": [
+ "referenceStoreId"
+ ],
+ "type": "structure"
+ },
+ "ListReferencesRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListReferencesResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "NextToken"
+ },
+ "references": {
+ "shape": "ReferenceList"
+ }
+ },
+ "required": [
+ "references"
+ ],
+ "type": "structure"
+ },
+ "ListRunGroupsRequest": {
+ "members": {
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListRunGroupsRequestMaxResultsInteger"
+ },
+ "name": {
+ "location": "querystring",
+ "locationName": "name",
+ "shape": "RunGroupName"
+ },
+ "startingToken": {
+ "location": "querystring",
+ "locationName": "startingToken",
+ "shape": "RunGroupListToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListRunGroupsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListRunGroupsResponse": {
+ "members": {
+ "items": {
+ "shape": "RunGroupList"
+ },
+ "nextToken": {
+ "shape": "RunGroupListToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListRunTasksRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunId"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListRunTasksRequestMaxResultsInteger"
+ },
+ "startingToken": {
+ "location": "querystring",
+ "locationName": "startingToken",
+ "shape": "TaskListToken"
+ },
+ "status": {
+ "location": "querystring",
+ "locationName": "status",
+ "shape": "TaskStatus"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "ListRunTasksRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListRunTasksResponse": {
+ "members": {
+ "items": {
+ "shape": "TaskList"
+ },
+ "nextToken": {
+ "shape": "TaskListToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListRunsRequest": {
+ "members": {
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListRunsRequestMaxResultsInteger"
+ },
+ "name": {
+ "location": "querystring",
+ "locationName": "name",
+ "shape": "RunName"
+ },
+ "runGroupId": {
+ "location": "querystring",
+ "locationName": "runGroupId",
+ "shape": "RunGroupId"
+ },
+ "startingToken": {
+ "location": "querystring",
+ "locationName": "startingToken",
+ "shape": "RunListToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListRunsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListRunsResponse": {
+ "members": {
+ "items": {
+ "shape": "RunList"
+ },
+ "nextToken": {
+ "shape": "RunListToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListSequenceStoresRequest": {
+ "members": {
+ "filter": {
+ "shape": "SequenceStoreFilter"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListSequenceStoresRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "NextToken"
+ }
+ },
+ "type": "structure"
+ },
+ "ListSequenceStoresRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListSequenceStoresResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "NextToken"
+ },
+ "sequenceStores": {
+ "shape": "SequenceStoreDetailList"
+ }
+ },
+ "required": [
+ "sequenceStores"
+ ],
+ "type": "structure"
+ },
+ "ListTagsForResourceRequest": {
+ "members": {
+ "resourceArn": {
+ "location": "uri",
+ "locationName": "resourceArn",
+ "shape": "TagArn"
+ }
+ },
+ "required": [
+ "resourceArn"
+ ],
+ "type": "structure"
+ },
+ "ListTagsForResourceResponse": {
+ "members": {
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "tags"
+ ],
+ "type": "structure"
+ },
+ "ListVariantImportJobsFilter": {
+ "members": {
+ "status": {
+ "shape": "JobStatus"
+ },
+ "storeName": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListVariantImportJobsRequest": {
+ "members": {
+ "filter": {
+ "shape": "ListVariantImportJobsFilter"
+ },
+ "ids": {
+ "shape": "ListVariantImportJobsRequestIdsList"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListVariantImportJobsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "ListVariantImportJobsRequestNextTokenString"
+ }
+ },
+ "type": "structure"
+ },
+ "ListVariantImportJobsRequestIdsList": {
+ "max": 20,
+ "member": {
+ "shape": "ResourceIdentifier"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "ListVariantImportJobsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListVariantImportJobsRequestNextTokenString": {
+ "max": 10000,
+ "min": 1,
+ "type": "string"
+ },
+ "ListVariantImportJobsResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "String"
+ },
+ "variantImportJobs": {
+ "shape": "VariantImportJobItems"
+ }
+ },
+ "type": "structure"
+ },
+ "ListVariantStoresFilter": {
+ "members": {
+ "status": {
+ "shape": "StoreStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "ListVariantStoresRequest": {
+ "members": {
+ "filter": {
+ "shape": "ListVariantStoresFilter"
+ },
+ "ids": {
+ "shape": "ListVariantStoresRequestIdsList"
+ },
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListVariantStoresRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "location": "querystring",
+ "locationName": "nextToken",
+ "shape": "ListVariantStoresRequestNextTokenString"
+ }
+ },
+ "type": "structure"
+ },
+ "ListVariantStoresRequestIdsList": {
+ "max": 20,
+ "member": {
+ "shape": "ResourceIdentifier"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "ListVariantStoresRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListVariantStoresRequestNextTokenString": {
+ "max": 10000,
+ "min": 1,
+ "type": "string"
+ },
+ "ListVariantStoresResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "String"
+ },
+ "variantStores": {
+ "shape": "VariantStoreItems"
+ }
+ },
+ "type": "structure"
+ },
+ "ListWorkflowsRequest": {
+ "members": {
+ "maxResults": {
+ "location": "querystring",
+ "locationName": "maxResults",
+ "shape": "ListWorkflowsRequestMaxResultsInteger"
+ },
+ "name": {
+ "location": "querystring",
+ "locationName": "name",
+ "shape": "WorkflowName"
+ },
+ "startingToken": {
+ "location": "querystring",
+ "locationName": "startingToken",
+ "shape": "WorkflowListToken"
+ },
+ "type": {
+ "location": "querystring",
+ "locationName": "type",
+ "shape": "WorkflowType"
+ }
+ },
+ "type": "structure"
+ },
+ "ListWorkflowsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListWorkflowsResponse": {
+ "members": {
+ "items": {
+ "shape": "WorkflowList"
+ },
+ "nextToken": {
+ "shape": "WorkflowListToken"
+ }
+ },
+ "type": "structure"
+ },
+ "Long": {
+ "box": true,
+ "type": "long"
+ },
+ "Md5": {
+ "max": 255,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{N}]+$",
+ "type": "string"
+ },
+ "NextToken": {
+ "max": 6144,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "PrimitiveBoolean": {
+ "type": "boolean"
+ },
+ "Quote": {
+ "max": 1,
+ "min": 1,
+ "type": "string"
+ },
+ "QuoteAll": {
+ "type": "boolean"
+ },
+ "Range": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RangeNotSatisfiableException": {
+ "error": {
+ "httpStatusCode": 416,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "retryable": {
+ "throttling": false
+ },
+ "type": "structure"
+ },
+ "ReadOptions": {
+ "members": {
+ "comment": {
+ "shape": "CommentChar"
+ },
+ "encoding": {
+ "shape": "Encoding"
+ },
+ "escape": {
+ "shape": "EscapeChar"
+ },
+ "escapeQuotes": {
+ "shape": "EscapeQuotes"
+ },
+ "header": {
+ "shape": "Header"
+ },
+ "lineSep": {
+ "shape": "LineSep"
+ },
+ "quote": {
+ "shape": "Quote"
+ },
+ "quoteAll": {
+ "shape": "QuoteAll"
+ },
+ "sep": {
+ "shape": "Separator"
+ }
+ },
+ "type": "structure"
+ },
+ "ReadSetActivationJobItemStatus": {
+ "enum": [
+ "NOT_STARTED",
+ "IN_PROGRESS",
+ "FINISHED",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "ReadSetActivationJobStatus": {
+ "enum": [
+ "SUBMITTED",
+ "IN_PROGRESS",
+ "CANCELLING",
+ "CANCELLED",
+ "FAILED",
+ "COMPLETED",
+ "COMPLETED_WITH_FAILURES"
+ ],
+ "type": "string"
+ },
+ "ReadSetArn": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "ReadSetBatchError": {
+ "members": {
+ "code": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "ReadSetId"
+ },
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "code",
+ "id",
+ "message"
+ ],
+ "type": "structure"
+ },
+ "ReadSetBatchErrorList": {
+ "member": {
+ "shape": "ReadSetBatchError"
+ },
+ "type": "list"
+ },
+ "ReadSetDescription": {
+ "max": 255,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "ReadSetExportJobItemStatus": {
+ "enum": [
+ "NOT_STARTED",
+ "IN_PROGRESS",
+ "FINISHED",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "ReadSetExportJobStatus": {
+ "enum": [
+ "SUBMITTED",
+ "IN_PROGRESS",
+ "CANCELLING",
+ "CANCELLED",
+ "FAILED",
+ "COMPLETED",
+ "COMPLETED_WITH_FAILURES"
+ ],
+ "type": "string"
+ },
+ "ReadSetFile": {
+ "enum": [
+ "SOURCE1",
+ "SOURCE2",
+ "INDEX"
+ ],
+ "type": "string"
+ },
+ "ReadSetFiles": {
+ "members": {
+ "index": {
+ "shape": "FileInformation"
+ },
+ "source1": {
+ "shape": "FileInformation"
+ },
+ "source2": {
+ "shape": "FileInformation"
+ }
+ },
+ "type": "structure"
+ },
+ "ReadSetFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "name": {
+ "shape": "ReadSetName"
+ },
+ "referenceArn": {
+ "shape": "ReferenceArn"
+ },
+ "status": {
+ "shape": "ReadSetStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "ReadSetId": {
+ "max": 36,
+ "min": 10,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "ReadSetIdList": {
+ "max": 100,
+ "member": {
+ "shape": "ReadSetId"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "ReadSetImportJobItemStatus": {
+ "enum": [
+ "NOT_STARTED",
+ "IN_PROGRESS",
+ "FINISHED",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "ReadSetImportJobStatus": {
+ "enum": [
+ "SUBMITTED",
+ "IN_PROGRESS",
+ "CANCELLING",
+ "CANCELLED",
+ "FAILED",
+ "COMPLETED",
+ "COMPLETED_WITH_FAILURES"
+ ],
+ "type": "string"
+ },
+ "ReadSetList": {
+ "member": {
+ "shape": "ReadSetListItem"
+ },
+ "type": "list"
+ },
+ "ReadSetListItem": {
+ "members": {
+ "arn": {
+ "shape": "ReadSetArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "ReadSetDescription"
+ },
+ "fileType": {
+ "shape": "FileType"
+ },
+ "id": {
+ "shape": "ReadSetId"
+ },
+ "name": {
+ "shape": "ReadSetName"
+ },
+ "referenceArn": {
+ "shape": "ReferenceArn"
+ },
+ "sampleId": {
+ "shape": "SampleId"
+ },
+ "sequenceInformation": {
+ "shape": "SequenceInformation"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetStatus"
+ },
+ "subjectId": {
+ "shape": "SubjectId"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "fileType",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "ReadSetName": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "ReadSetStatus": {
+ "enum": [
+ "ARCHIVED",
+ "ACTIVATING",
+ "ACTIVE",
+ "DELETING",
+ "DELETED"
+ ],
+ "type": "string"
+ },
+ "ReadSetStreamingBlob": {
+ "streaming": true,
+ "type": "blob"
+ },
+ "ReferenceArn": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "ReferenceDescription": {
+ "max": 255,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "ReferenceFile": {
+ "enum": [
+ "SOURCE",
+ "INDEX"
+ ],
+ "type": "string"
+ },
+ "ReferenceFiles": {
+ "members": {
+ "index": {
+ "shape": "FileInformation"
+ },
+ "source": {
+ "shape": "FileInformation"
+ }
+ },
+ "type": "structure"
+ },
+ "ReferenceFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "md5": {
+ "shape": "Md5"
+ },
+ "name": {
+ "shape": "ReferenceName"
+ }
+ },
+ "type": "structure"
+ },
+ "ReferenceId": {
+ "max": 36,
+ "min": 10,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "ReferenceImportJobItemStatus": {
+ "enum": [
+ "NOT_STARTED",
+ "IN_PROGRESS",
+ "FINISHED",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "ReferenceImportJobStatus": {
+ "enum": [
+ "SUBMITTED",
+ "IN_PROGRESS",
+ "CANCELLING",
+ "CANCELLED",
+ "FAILED",
+ "COMPLETED",
+ "COMPLETED_WITH_FAILURES"
+ ],
+ "type": "string"
+ },
+ "ReferenceItem": {
+ "members": {
+ "referenceArn": {
+ "shape": "ReferenceArn"
+ }
+ },
+ "type": "structure",
+ "union": true
+ },
+ "ReferenceList": {
+ "member": {
+ "shape": "ReferenceListItem"
+ },
+ "type": "list"
+ },
+ "ReferenceListItem": {
+ "members": {
+ "arn": {
+ "shape": "ReferenceArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "ReferenceDescription"
+ },
+ "id": {
+ "shape": "ReferenceId"
+ },
+ "md5": {
+ "shape": "Md5"
+ },
+ "name": {
+ "shape": "ReferenceName"
+ },
+ "referenceStoreId": {
+ "shape": "ReferenceStoreId"
+ },
+ "status": {
+ "shape": "ReferenceStatus"
+ },
+ "updateTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id",
+ "md5",
+ "referenceStoreId",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "ReferenceName": {
+ "max": 255,
+ "min": 3,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "ReferenceStatus": {
+ "enum": [
+ "ACTIVE",
+ "DELETING",
+ "DELETED"
+ ],
+ "type": "string"
+ },
+ "ReferenceStoreArn": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "ReferenceStoreDescription": {
+ "max": 255,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "ReferenceStoreDetail": {
+ "members": {
+ "arn": {
+ "shape": "ReferenceStoreArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "ReferenceStoreDescription"
+ },
+ "id": {
+ "shape": "ReferenceStoreId"
+ },
+ "name": {
+ "shape": "ReferenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id"
+ ],
+ "type": "structure"
+ },
+ "ReferenceStoreDetailList": {
+ "member": {
+ "shape": "ReferenceStoreDetail"
+ },
+ "type": "list"
+ },
+ "ReferenceStoreFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "name": {
+ "shape": "ReferenceStoreName"
+ }
+ },
+ "type": "structure"
+ },
+ "ReferenceStoreId": {
+ "max": 36,
+ "min": 10,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "ReferenceStoreName": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "ReferenceStreamingBlob": {
+ "streaming": true,
+ "type": "blob"
+ },
+ "RequestTimeoutException": {
+ "error": {
+ "httpStatusCode": 408,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "structure"
+ },
+ "ResourceId": {
+ "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$",
+ "type": "string"
+ },
+ "ResourceIdentifier": {
+ "max": 50,
+ "min": 1,
+ "type": "string"
+ },
+ "ResourceNotFoundException": {
+ "error": {
+ "httpStatusCode": 404,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "structure"
+ },
+ "RoleArn": {
+ "max": 2048,
+ "min": 20,
+ "pattern": "^arn:.*",
+ "type": "string"
+ },
+ "RunArn": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "RunExport": {
+ "enum": [
+ "DEFINITION"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "RunExportList": {
+ "max": 32,
+ "member": {
+ "shape": "RunExport"
+ },
+ "min": 0,
+ "type": "list"
+ },
+ "RunGroupArn": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "RunGroupId": {
+ "max": 18,
+ "min": 1,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "RunGroupList": {
+ "member": {
+ "shape": "RunGroupListItem"
+ },
+ "type": "list"
+ },
+ "RunGroupListItem": {
+ "members": {
+ "arn": {
+ "shape": "RunGroupArn"
+ },
+ "creationTime": {
+ "shape": "RunGroupTimestamp"
+ },
+ "id": {
+ "shape": "RunGroupId"
+ },
+ "maxCpus": {
+ "shape": "RunGroupListItemMaxCpusInteger"
+ },
+ "maxDuration": {
+ "shape": "RunGroupListItemMaxDurationInteger"
+ },
+ "maxRuns": {
+ "shape": "RunGroupListItemMaxRunsInteger"
+ },
+ "name": {
+ "shape": "RunGroupName"
+ }
+ },
+ "type": "structure"
+ },
+ "RunGroupListItemMaxCpusInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "RunGroupListItemMaxDurationInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "RunGroupListItemMaxRunsInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "RunGroupListToken": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunGroupName": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunGroupRequestId": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunGroupTimestamp": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "RunId": {
+ "max": 18,
+ "min": 1,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "RunLeftNormalization": {
+ "type": "boolean"
+ },
+ "RunList": {
+ "member": {
+ "shape": "RunListItem"
+ },
+ "type": "list"
+ },
+ "RunListItem": {
+ "members": {
+ "arn": {
+ "shape": "RunArn"
+ },
+ "creationTime": {
+ "shape": "RunTimestamp"
+ },
+ "id": {
+ "shape": "RunId"
+ },
+ "name": {
+ "shape": "RunName"
+ },
+ "priority": {
+ "shape": "RunListItemPriorityInteger"
+ },
+ "startTime": {
+ "shape": "RunTimestamp"
+ },
+ "status": {
+ "shape": "RunStatus"
+ },
+ "stopTime": {
+ "shape": "RunTimestamp"
+ },
+ "storageCapacity": {
+ "shape": "RunListItemStorageCapacityInteger"
+ },
+ "workflowId": {
+ "shape": "WorkflowId"
+ }
+ },
+ "type": "structure"
+ },
+ "RunListItemPriorityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "RunListItemStorageCapacityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "RunListToken": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunLogLevel": {
+ "enum": [
+ "OFF",
+ "FATAL",
+ "ERROR",
+ "ALL"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "RunName": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunOutputUri": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunRequestId": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunResourceDigest": {
+ "max": 64,
+ "min": 0,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunResourceDigestKey": {
+ "max": 256,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunResourceDigests": {
+ "key": {
+ "shape": "RunResourceDigestKey"
+ },
+ "type": "map",
+ "value": {
+ "shape": "RunResourceDigest"
+ }
+ },
+ "RunRoleArn": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "RunStartedBy": {
+ "max": 128,
+ "min": 1,
+ "type": "string"
+ },
+ "RunStatus": {
+ "enum": [
+ "PENDING",
+ "STARTING",
+ "RUNNING",
+ "STOPPING",
+ "COMPLETED",
+ "DELETED",
+ "CANCELLED",
+ "FAILED"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "RunStatusMessage": {
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "RunTimestamp": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "S3Destination": {
+ "pattern": "^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/?((.{1,1024})/)?$",
+ "type": "string"
+ },
+ "S3Uri": {
+ "pattern": "^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/(.{1,1024})$",
+ "type": "string"
+ },
+ "SampleId": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "SchemaItem": {
+ "key": {
+ "shape": "String"
+ },
+ "max": 1,
+ "min": 1,
+ "type": "map",
+ "value": {
+ "shape": "SchemaValueType"
+ }
+ },
+ "SchemaValueType": {
+ "enum": [
+ "LONG",
+ "INT",
+ "STRING",
+ "FLOAT",
+ "DOUBLE",
+ "BOOLEAN"
+ ],
+ "type": "string"
+ },
+ "Separator": {
+ "max": 20,
+ "min": 1,
+ "type": "string"
+ },
+ "SequenceInformation": {
+ "members": {
+ "alignment": {
+ "shape": "String"
+ },
+ "generatedFrom": {
+ "shape": "GeneratedFrom"
+ },
+ "totalBaseCount": {
+ "shape": "Long"
+ },
+ "totalReadCount": {
+ "shape": "Long"
+ }
+ },
+ "type": "structure"
+ },
+ "SequenceStoreArn": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "SequenceStoreDescription": {
+ "max": 255,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "SequenceStoreDetail": {
+ "members": {
+ "arn": {
+ "shape": "SequenceStoreArn"
+ },
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "description": {
+ "shape": "SequenceStoreDescription"
+ },
+ "id": {
+ "shape": "SequenceStoreId"
+ },
+ "name": {
+ "shape": "SequenceStoreName"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ }
+ },
+ "required": [
+ "arn",
+ "creationTime",
+ "id"
+ ],
+ "type": "structure"
+ },
+ "SequenceStoreDetailList": {
+ "member": {
+ "shape": "SequenceStoreDetail"
+ },
+ "type": "list"
+ },
+ "SequenceStoreFilter": {
+ "members": {
+ "createdAfter": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "createdBefore": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "name": {
+ "shape": "SequenceStoreName"
+ }
+ },
+ "type": "structure"
+ },
+ "SequenceStoreId": {
+ "max": 36,
+ "min": 10,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "SequenceStoreName": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "ServiceQuotaExceededException": {
+ "error": {
+ "httpStatusCode": 402,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "structure"
+ },
+ "SourceFiles": {
+ "members": {
+ "source1": {
+ "shape": "S3Uri"
+ },
+ "source2": {
+ "shape": "S3Uri"
+ }
+ },
+ "required": [
+ "source1"
+ ],
+ "type": "structure"
+ },
+ "SseConfig": {
+ "members": {
+ "keyArn": {
+ "shape": "SseConfigKeyArnString"
+ },
+ "type": {
+ "shape": "EncryptionType"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "structure"
+ },
+ "SseConfigKeyArnString": {
+ "max": 2048,
+ "min": 20,
+ "pattern": "arn:([^: ]*):([^: ]*):([^: ]*):([0-9]{12}):([^: ]*)",
+ "type": "string"
+ },
+ "StartAnnotationImportRequest": {
+ "members": {
+ "destinationName": {
+ "shape": "StoreName"
+ },
+ "formatOptions": {
+ "shape": "FormatOptions"
+ },
+ "items": {
+ "shape": "AnnotationImportItemSources"
+ },
+ "roleArn": {
+ "shape": "Arn"
+ },
+ "runLeftNormalization": {
+ "shape": "RunLeftNormalization"
+ }
+ },
+ "required": [
+ "destinationName",
+ "items",
+ "roleArn"
+ ],
+ "type": "structure"
+ },
+ "StartAnnotationImportResponse": {
+ "members": {
+ "jobId": {
+ "shape": "ResourceId"
+ }
+ },
+ "required": [
+ "jobId"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetActivationJobRequest": {
+ "members": {
+ "clientToken": {
+ "shape": "ClientToken"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ },
+ "sources": {
+ "shape": "StartReadSetActivationJobRequestSourcesList"
+ }
+ },
+ "required": [
+ "sequenceStoreId",
+ "sources"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetActivationJobRequestSourcesList": {
+ "max": 20,
+ "member": {
+ "shape": "StartReadSetActivationJobSourceItem"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "StartReadSetActivationJobResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ActivationJobId"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetActivationJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetActivationJobSourceItem": {
+ "members": {
+ "readSetId": {
+ "shape": "ReadSetId"
+ }
+ },
+ "required": [
+ "readSetId"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetExportJobRequest": {
+ "members": {
+ "clientToken": {
+ "shape": "ClientToken"
+ },
+ "destination": {
+ "shape": "S3Destination"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ },
+ "sources": {
+ "shape": "StartReadSetExportJobRequestSourcesList"
+ }
+ },
+ "required": [
+ "destination",
+ "roleArn",
+ "sequenceStoreId",
+ "sources"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetExportJobRequestSourcesList": {
+ "max": 100,
+ "member": {
+ "shape": "ExportReadSet"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "StartReadSetExportJobResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "destination": {
+ "shape": "S3Destination"
+ },
+ "id": {
+ "shape": "ExportJobId"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetExportJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "destination",
+ "id",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetImportJobRequest": {
+ "members": {
+ "clientToken": {
+ "shape": "ClientToken"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "sequenceStoreId": {
+ "location": "uri",
+ "locationName": "sequenceStoreId",
+ "shape": "SequenceStoreId"
+ },
+ "sources": {
+ "shape": "StartReadSetImportJobRequestSourcesList"
+ }
+ },
+ "required": [
+ "roleArn",
+ "sequenceStoreId",
+ "sources"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetImportJobRequestSourcesList": {
+ "max": 100,
+ "member": {
+ "shape": "StartReadSetImportJobSourceItem"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "StartReadSetImportJobResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ImportJobId"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "sequenceStoreId": {
+ "shape": "SequenceStoreId"
+ },
+ "status": {
+ "shape": "ReadSetImportJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "roleArn",
+ "sequenceStoreId",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "StartReadSetImportJobSourceItem": {
+ "members": {
+ "description": {
+ "shape": "ReadSetDescription"
+ },
+ "generatedFrom": {
+ "shape": "GeneratedFrom"
+ },
+ "name": {
+ "shape": "ReadSetName"
+ },
+ "referenceArn": {
+ "shape": "ReferenceArn"
+ },
+ "sampleId": {
+ "shape": "SampleId"
+ },
+ "sourceFileType": {
+ "shape": "FileType"
+ },
+ "sourceFiles": {
+ "shape": "SourceFiles"
+ },
+ "subjectId": {
+ "shape": "SubjectId"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "referenceArn",
+ "sampleId",
+ "sourceFileType",
+ "sourceFiles",
+ "subjectId"
+ ],
+ "type": "structure"
+ },
+ "StartReferenceImportJobRequest": {
+ "members": {
+ "clientToken": {
+ "shape": "ClientToken"
+ },
+ "referenceStoreId": {
+ "location": "uri",
+ "locationName": "referenceStoreId",
+ "shape": "ReferenceStoreId"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "sources": {
+ "shape": "StartReferenceImportJobRequestSourcesList"
+ }
+ },
+ "required": [
+ "referenceStoreId",
+ "roleArn",
+ "sources"
+ ],
+ "type": "structure"
+ },
+ "StartReferenceImportJobRequestSourcesList": {
+ "max": 100,
+ "member": {
+ "shape": "StartReferenceImportJobSourceItem"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "StartReferenceImportJobResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "SyntheticTimestamp_date_time"
+ },
+ "id": {
+ "shape": "ImportJobId"
+ },
+ "referenceStoreId": {
+ "shape": "ReferenceStoreId"
+ },
+ "roleArn": {
+ "shape": "RoleArn"
+ },
+ "status": {
+ "shape": "ReferenceImportJobStatus"
+ }
+ },
+ "required": [
+ "creationTime",
+ "id",
+ "referenceStoreId",
+ "roleArn",
+ "status"
+ ],
+ "type": "structure"
+ },
+ "StartReferenceImportJobSourceItem": {
+ "members": {
+ "description": {
+ "shape": "ReferenceDescription"
+ },
+ "name": {
+ "shape": "ReferenceName"
+ },
+ "sourceFile": {
+ "shape": "S3Uri"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "required": [
+ "name",
+ "sourceFile"
+ ],
+ "type": "structure"
+ },
+ "StartRunRequest": {
+ "members": {
+ "logLevel": {
+ "shape": "RunLogLevel"
+ },
+ "name": {
+ "shape": "RunName"
+ },
+ "outputUri": {
+ "shape": "RunOutputUri"
+ },
+ "priority": {
+ "shape": "StartRunRequestPriorityInteger"
+ },
+ "requestId": {
+ "idempotencyToken": true,
+ "shape": "RunRequestId"
+ },
+ "roleArn": {
+ "shape": "RunRoleArn"
+ },
+ "runGroupId": {
+ "shape": "RunGroupId"
+ },
+ "runId": {
+ "shape": "RunId"
+ },
+ "storageCapacity": {
+ "shape": "StartRunRequestStorageCapacityInteger"
+ },
+ "tags": {
+ "shape": "TagMap"
+ },
+ "workflowId": {
+ "shape": "WorkflowId"
+ },
+ "workflowType": {
+ "shape": "WorkflowType"
+ }
+ },
+ "required": [
+ "requestId",
+ "roleArn"
+ ],
+ "type": "structure"
+ },
+ "StartRunRequestPriorityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "StartRunRequestStorageCapacityInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 0,
+ "type": "integer"
+ },
+ "StartRunResponse": {
+ "members": {
+ "arn": {
+ "shape": "RunArn"
+ },
+ "id": {
+ "shape": "RunId"
+ },
+ "status": {
+ "shape": "RunStatus"
+ },
+ "tags": {
+ "shape": "TagMap"
+ }
+ },
+ "type": "structure"
+ },
+ "StartVariantImportRequest": {
+ "members": {
+ "destinationName": {
+ "shape": "StoreName"
+ },
+ "items": {
+ "shape": "VariantImportItemSources"
+ },
+ "roleArn": {
+ "shape": "Arn"
+ },
+ "runLeftNormalization": {
+ "shape": "RunLeftNormalization"
+ }
+ },
+ "required": [
+ "destinationName",
+ "items",
+ "roleArn"
+ ],
+ "type": "structure"
+ },
+ "StartVariantImportResponse": {
+ "members": {
+ "jobId": {
+ "shape": "ResourceId"
+ }
+ },
+ "required": [
+ "jobId"
+ ],
+ "type": "structure"
+ },
+ "StatusMessage": {
+ "max": 1000,
+ "min": 0,
+ "type": "string"
+ },
+ "StoreDescription": {
+ "max": 500,
+ "min": 0,
+ "type": "string"
+ },
+ "StoreFormat": {
+ "enum": [
+ "GFF",
+ "TSV",
+ "VCF"
+ ],
+ "type": "string"
+ },
+ "StoreName": {
+ "max": 255,
+ "min": 3,
+ "pattern": "^([a-z]){1}([a-z0-9_]){2,254}$",
+ "type": "string"
+ },
+ "StoreOptions": {
+ "members": {
+ "tsvStoreOptions": {
+ "shape": "TsvStoreOptions"
+ }
+ },
+ "type": "structure",
+ "union": true
+ },
+ "StoreStatus": {
+ "enum": [
+ "CREATING",
+ "UPDATING",
+ "DELETING",
+ "ACTIVE",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "String": {
+ "type": "string"
+ },
+ "SubjectId": {
+ "max": 127,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "SyntheticTimestamp_date_time": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "TagArn": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "TagKey": {
+ "max": 128,
+ "min": 1,
+ "type": "string"
+ },
+ "TagKeyList": {
+ "max": 50,
+ "member": {
+ "shape": "TagKey"
+ },
+ "min": 0,
+ "type": "list"
+ },
+ "TagMap": {
+ "key": {
+ "shape": "TagKey"
+ },
+ "type": "map",
+ "value": {
+ "shape": "TagValue"
+ }
+ },
+ "TagResourceRequest": {
+ "members": {
+ "resourceArn": {
+ "location": "uri",
+ "locationName": "resourceArn",
+ "shape": "TagArn"
+ },
+ "tags": {
+ "shape": "TagResourceRequestTagsMap"
+ }
+ },
+ "required": [
+ "resourceArn",
+ "tags"
+ ],
+ "type": "structure"
+ },
+ "TagResourceRequestTagsMap": {
+ "key": {
+ "shape": "TagKey"
+ },
+ "max": 50,
+ "min": 0,
+ "type": "map",
+ "value": {
+ "shape": "TagValue"
+ }
+ },
+ "TagResourceResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "TagValue": {
+ "max": 256,
+ "min": 0,
+ "type": "string"
+ },
+ "TaskId": {
+ "max": 18,
+ "min": 1,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "TaskList": {
+ "member": {
+ "shape": "TaskListItem"
+ },
+ "type": "list"
+ },
+ "TaskListItem": {
+ "members": {
+ "cpus": {
+ "shape": "TaskListItemCpusInteger"
+ },
+ "creationTime": {
+ "shape": "TaskTimestamp"
+ },
+ "memory": {
+ "shape": "TaskListItemMemoryInteger"
+ },
+ "name": {
+ "shape": "TaskName"
+ },
+ "startTime": {
+ "shape": "TaskTimestamp"
+ },
+ "status": {
+ "shape": "TaskStatus"
+ },
+ "stopTime": {
+ "shape": "TaskTimestamp"
+ },
+ "taskId": {
+ "shape": "TaskId"
+ }
+ },
+ "type": "structure"
+ },
+ "TaskListItemCpusInteger": {
+ "box": true,
+ "min": 1,
+ "type": "integer"
+ },
+ "TaskListItemMemoryInteger": {
+ "box": true,
+ "min": 1,
+ "type": "integer"
+ },
+ "TaskListToken": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "TaskLogStream": {
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "TaskName": {
+ "max": 128,
+ "min": 1,
+ "type": "string"
+ },
+ "TaskStatus": {
+ "enum": [
+ "PENDING",
+ "STARTING",
+ "RUNNING",
+ "STOPPING",
+ "COMPLETED",
+ "CANCELLED",
+ "FAILED"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "TaskStatusMessage": {
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "TaskTimestamp": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "ThrottlingException": {
+ "error": {
+ "httpStatusCode": 429,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "retryable": {
+ "throttling": true
+ },
+ "type": "structure"
+ },
+ "TsvOptions": {
+ "members": {
+ "readOptions": {
+ "shape": "ReadOptions"
+ }
+ },
+ "type": "structure"
+ },
+ "TsvStoreOptions": {
+ "members": {
+ "annotationType": {
+ "shape": "AnnotationType"
+ },
+ "formatToHeader": {
+ "shape": "FormatToHeader"
+ },
+ "schema": {
+ "shape": "TsvStoreOptionsSchemaList"
+ }
+ },
+ "type": "structure"
+ },
+ "TsvStoreOptionsSchemaList": {
+ "max": 5000,
+ "member": {
+ "shape": "SchemaItem"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "UntagResourceRequest": {
+ "members": {
+ "resourceArn": {
+ "location": "uri",
+ "locationName": "resourceArn",
+ "shape": "TagArn"
+ },
+ "tagKeys": {
+ "location": "querystring",
+ "locationName": "tagKeys",
+ "shape": "TagKeyList"
+ }
+ },
+ "required": [
+ "resourceArn",
+ "tagKeys"
+ ],
+ "type": "structure"
+ },
+ "UntagResourceResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "UpdateAnnotationStoreRequest": {
+ "members": {
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "name": {
+ "location": "uri",
+ "locationName": "name",
+ "shape": "String"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "UpdateAnnotationStoreResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ },
+ "storeFormat": {
+ "shape": "StoreFormat"
+ },
+ "storeOptions": {
+ "shape": "StoreOptions"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "description",
+ "id",
+ "name",
+ "reference",
+ "status",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "UpdateRunGroupRequest": {
+ "members": {
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "RunGroupId"
+ },
+ "maxCpus": {
+ "shape": "UpdateRunGroupRequestMaxCpusInteger"
+ },
+ "maxDuration": {
+ "shape": "UpdateRunGroupRequestMaxDurationInteger"
+ },
+ "maxRuns": {
+ "shape": "UpdateRunGroupRequestMaxRunsInteger"
+ },
+ "name": {
+ "shape": "RunGroupName"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "UpdateRunGroupRequestMaxCpusInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "UpdateRunGroupRequestMaxDurationInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "UpdateRunGroupRequestMaxRunsInteger": {
+ "box": true,
+ "max": 100000,
+ "min": 1,
+ "type": "integer"
+ },
+ "UpdateTime": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "UpdateVariantStoreRequest": {
+ "members": {
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "name": {
+ "location": "uri",
+ "locationName": "name",
+ "shape": "String"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "UpdateVariantStoreResponse": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "description",
+ "id",
+ "name",
+ "reference",
+ "status",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "UpdateWorkflowRequest": {
+ "members": {
+ "description": {
+ "shape": "WorkflowDescription"
+ },
+ "id": {
+ "location": "uri",
+ "locationName": "id",
+ "shape": "WorkflowId"
+ },
+ "name": {
+ "shape": "WorkflowName"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "ValidationException": {
+ "error": {
+ "httpStatusCode": 400,
+ "senderFault": true
+ },
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "structure"
+ },
+ "VariantImportItemDetail": {
+ "members": {
+ "jobStatus": {
+ "shape": "JobStatus"
+ },
+ "source": {
+ "shape": "S3Uri"
+ }
+ },
+ "required": [
+ "jobStatus",
+ "source"
+ ],
+ "type": "structure"
+ },
+ "VariantImportItemDetails": {
+ "max": 1,
+ "member": {
+ "shape": "VariantImportItemDetail"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "VariantImportItemSource": {
+ "members": {
+ "source": {
+ "shape": "S3Uri"
+ }
+ },
+ "required": [
+ "source"
+ ],
+ "type": "structure"
+ },
+ "VariantImportItemSources": {
+ "max": 1,
+ "member": {
+ "shape": "VariantImportItemSource"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "VariantImportJobItem": {
+ "members": {
+ "completionTime": {
+ "shape": "CompletionTime"
+ },
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "destinationName": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "String"
+ },
+ "roleArn": {
+ "shape": "Arn"
+ },
+ "runLeftNormalization": {
+ "shape": "RunLeftNormalization"
+ },
+ "status": {
+ "shape": "JobStatus"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "destinationName",
+ "id",
+ "roleArn",
+ "status",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "VariantImportJobItems": {
+ "member": {
+ "shape": "VariantImportJobItem"
+ },
+ "type": "list"
+ },
+ "VariantStoreItem": {
+ "members": {
+ "creationTime": {
+ "shape": "CreationTime"
+ },
+ "description": {
+ "shape": "StoreDescription"
+ },
+ "id": {
+ "shape": "ResourceId"
+ },
+ "name": {
+ "shape": "String"
+ },
+ "reference": {
+ "shape": "ReferenceItem"
+ },
+ "sseConfig": {
+ "shape": "SseConfig"
+ },
+ "status": {
+ "shape": "StoreStatus"
+ },
+ "statusMessage": {
+ "shape": "StatusMessage"
+ },
+ "storeArn": {
+ "shape": "Arn"
+ },
+ "storeSizeBytes": {
+ "shape": "Long"
+ },
+ "updateTime": {
+ "shape": "UpdateTime"
+ }
+ },
+ "required": [
+ "creationTime",
+ "description",
+ "id",
+ "name",
+ "reference",
+ "sseConfig",
+ "status",
+ "statusMessage",
+ "storeArn",
+ "storeSizeBytes",
+ "updateTime"
+ ],
+ "type": "structure"
+ },
+ "VariantStoreItems": {
+ "member": {
+ "shape": "VariantStoreItem"
+ },
+ "type": "list"
+ },
+ "VcfOptions": {
+ "members": {
+ "ignoreFilterField": {
+ "shape": "Boolean"
+ },
+ "ignoreQualField": {
+ "shape": "Boolean"
+ }
+ },
+ "type": "structure"
+ },
+ "WorkflowArn": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^arn:.+$",
+ "type": "string"
+ },
+ "WorkflowDefinition": {
+ "max": 256,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowDescription": {
+ "max": 256,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowDigest": {
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "WorkflowEngine": {
+ "enum": [
+ "WDL",
+ "NEXTFLOW"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "WorkflowExport": {
+ "enum": [
+ "DEFINITION"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "WorkflowExportList": {
+ "max": 32,
+ "member": {
+ "shape": "WorkflowExport"
+ },
+ "min": 0,
+ "type": "list"
+ },
+ "WorkflowId": {
+ "max": 18,
+ "min": 1,
+ "pattern": "^[0-9]+$",
+ "type": "string"
+ },
+ "WorkflowList": {
+ "member": {
+ "shape": "WorkflowListItem"
+ },
+ "type": "list"
+ },
+ "WorkflowListItem": {
+ "members": {
+ "arn": {
+ "shape": "WorkflowArn"
+ },
+ "creationTime": {
+ "shape": "WorkflowTimestamp"
+ },
+ "digest": {
+ "shape": "WorkflowDigest"
+ },
+ "id": {
+ "shape": "WorkflowId"
+ },
+ "name": {
+ "shape": "WorkflowName"
+ },
+ "status": {
+ "shape": "WorkflowStatus"
+ },
+ "type": {
+ "shape": "WorkflowType"
+ }
+ },
+ "type": "structure"
+ },
+ "WorkflowListToken": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowMain": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowName": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowParameter": {
+ "members": {
+ "description": {
+ "shape": "WorkflowParameterDescription"
+ },
+ "optional": {
+ "shape": "Boolean"
+ }
+ },
+ "type": "structure"
+ },
+ "WorkflowParameterDescription": {
+ "max": 256,
+ "min": 0,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowParameterName": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowParameterTemplate": {
+ "key": {
+ "shape": "WorkflowParameterName"
+ },
+ "max": 1000,
+ "min": 1,
+ "type": "map",
+ "value": {
+ "shape": "WorkflowParameter"
+ }
+ },
+ "WorkflowRequestId": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowStatus": {
+ "enum": [
+ "CREATING",
+ "ACTIVE",
+ "UPDATING",
+ "DELETED",
+ "FAILED"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ },
+ "WorkflowStatusMessage": {
+ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$",
+ "type": "string"
+ },
+ "WorkflowTimestamp": {
+ "timestampFormat": "iso8601",
+ "type": "timestamp"
+ },
+ "WorkflowType": {
+ "enum": [
+ "PRIVATE"
+ ],
+ "max": 64,
+ "min": 1,
+ "type": "string"
+ }
+ },
+ "version": "2.0"
+}
\ No newline at end of file
diff --git a/models/apis/omics/2022-11-28/docs-2.json b/models/apis/omics/2022-11-28/docs-2.json
new file mode 100644
index 0000000000..881a140310
--- /dev/null
+++ b/models/apis/omics/2022-11-28/docs-2.json
@@ -0,0 +1,2931 @@
+{
+ "version": "2.0",
+ "service": "This is the Amazon Omics API Reference. For an introduction to the service, see What is Amazon Omics? in the Amazon Omics Developer Guide.
",
+ "operations": {
+ "BatchDeleteReadSet": "Deletes one or more read sets.
",
+ "CancelAnnotationImportJob": "Cancels an annotation import job.
",
+ "CancelRun": "Cancels a run.
",
+ "CancelVariantImportJob": "Cancels a variant import job.
",
+ "CreateAnnotationStore": "Creates an annotation store.
",
+ "CreateReferenceStore": "Creates a reference store.
",
+ "CreateRunGroup": "Creates a run group.
",
+ "CreateSequenceStore": "Creates a sequence store.
",
+ "CreateVariantStore": "Creates a variant store.
",
+ "CreateWorkflow": "Creates a workflow.
",
+ "DeleteAnnotationStore": "Deletes an annotation store.
",
+ "DeleteReference": "Deletes a genome reference.
",
+ "DeleteReferenceStore": "Deletes a genome reference store.
",
+ "DeleteRun": "Deletes a workflow run.
",
+ "DeleteRunGroup": "Deletes a workflow run group.
",
+ "DeleteSequenceStore": "Deletes a sequence store.
",
+ "DeleteVariantStore": "Deletes a variant store.
",
+ "DeleteWorkflow": "Deletes a workflow.
",
+ "GetAnnotationImportJob": "Gets information about an annotation import job.
",
+ "GetAnnotationStore": "Gets information about an annotation store.
",
+ "GetReadSet": "Gets a file from a read set.
",
+ "GetReadSetActivationJob": "Gets information about a read set activation job.
",
+ "GetReadSetExportJob": "Gets information about a read set export job.
",
+ "GetReadSetImportJob": "Gets information about a read set import job.
",
+ "GetReadSetMetadata": "Gets details about a read set.
",
+ "GetReference": "Gets a reference file.
",
+ "GetReferenceImportJob": "Gets information about a reference import job.
",
+ "GetReferenceMetadata": "Gets information about a genome reference's metadata.
",
+ "GetReferenceStore": "Gets information about a reference store.
",
+ "GetRun": "Gets information about a workflow run.
",
+ "GetRunGroup": "Gets information about a workflow run group.
",
+ "GetRunTask": "Gets information about a workflow run task.
",
+ "GetSequenceStore": "Gets information about a sequence store.
",
+ "GetVariantImportJob": "Gets information about a variant import job.
",
+ "GetVariantStore": "Gets information about a variant store.
",
+ "GetWorkflow": "Gets information about a workflow.
",
+ "ListAnnotationImportJobs": "Retrieves a list of annotation import jobs.
",
+ "ListAnnotationStores": "Retrieves a list of annotation stores.
",
+ "ListReadSetActivationJobs": "Retrieves a list of read set activation jobs.
",
+ "ListReadSetExportJobs": "Retrieves a list of read set export jobs.
",
+ "ListReadSetImportJobs": "Retrieves a list of read set import jobs.
",
+ "ListReadSets": "Retrieves a list of read sets.
",
+ "ListReferenceImportJobs": "Retrieves a list of reference import jobs.
",
+ "ListReferenceStores": "Retrieves a list of reference stores.
",
+ "ListReferences": "Retrieves a list of references.
",
+ "ListRunGroups": "Retrieves a list of run groups.
",
+ "ListRunTasks": "Retrieves a list of tasks for a run.
",
+ "ListRuns": "Retrieves a list of runs.
",
+ "ListSequenceStores": "Retrieves a list of sequence stores.
",
+ "ListTagsForResource": "Retrieves a list of tags for a resource.
",
+ "ListVariantImportJobs": "Retrieves a list of variant import jobs.
",
+ "ListVariantStores": "Retrieves a list of variant stores.
",
+ "ListWorkflows": "Retrieves a list of workflows.
",
+ "StartAnnotationImportJob": "Starts an annotation import job.
",
+ "StartReadSetActivationJob": "Starts a read set activation job.
",
+ "StartReadSetExportJob": "Starts a read set export job.
",
+ "StartReadSetImportJob": "Starts a read set import job.
",
+ "StartReferenceImportJob": "Starts a reference import job.
",
+ "StartRun": "Starts a run.
",
+ "StartVariantImportJob": "Starts a variant import job.
",
+ "TagResource": "Tags a resource.
",
+ "UntagResource": "Removes tags from a resource.
",
+ "UpdateAnnotationStore": "Updates an annotation store.
",
+ "UpdateRunGroup": "Updates a run group.
",
+ "UpdateVariantStore": "Updates a variant store.
",
+ "UpdateWorkflow": "Updates a workflow.
"
+ },
+ "shapes": {
+ "AccessDeniedException": {
+ "base": "You do not have sufficient access to perform this action.
",
+ "refs": {
+ }
+ },
+ "ActivateReadSetFilter": {
+ "base": "A read set activation job filter.
",
+ "refs": {
+ "ListReadSetActivationJobsRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ActivateReadSetJobItem": {
+ "base": "A read set activation job.
",
+ "refs": {
+ "ActivateReadSetJobList$member": null
+ }
+ },
+ "ActivateReadSetJobList": {
+ "base": null,
+ "refs": {
+ "ListReadSetActivationJobsResponse$activationJobs": "A list of jobs.
"
+ }
+ },
+ "ActivateReadSetSourceItem": {
+ "base": "A source for a read set activation job.
",
+ "refs": {
+ "ActivateReadSetSourceList$member": null
+ }
+ },
+ "ActivateReadSetSourceList": {
+ "base": null,
+ "refs": {
+ "GetReadSetActivationJobResponse$sources": "The job's sources.
"
+ }
+ },
+ "ActivationJobId": {
+ "base": null,
+ "refs": {
+ "ActivateReadSetJobItem$id": "The job's ID.
",
+ "GetReadSetActivationJobRequest$id": "The job's ID.
",
+ "GetReadSetActivationJobResponse$id": "The job's ID.
",
+ "StartReadSetActivationJobResponse$id": "The job's ID.
"
+ }
+ },
+ "AnnotationImportItemDetail": {
+ "base": "Details about an imported annotation item.
",
+ "refs": {
+ "AnnotationImportItemDetails$member": null
+ }
+ },
+ "AnnotationImportItemDetails": {
+ "base": null,
+ "refs": {
+ "GetAnnotationImportResponse$items": "The job's imported items.
"
+ }
+ },
+ "AnnotationImportItemSource": {
+ "base": "A source for an annotation import job.
",
+ "refs": {
+ "AnnotationImportItemSources$member": null
+ }
+ },
+ "AnnotationImportItemSources": {
+ "base": null,
+ "refs": {
+ "StartAnnotationImportRequest$items": "Items to import.
"
+ }
+ },
+ "AnnotationImportJobItem": {
+ "base": "An annotation import job.
",
+ "refs": {
+ "AnnotationImportJobItems$member": null
+ }
+ },
+ "AnnotationImportJobItems": {
+ "base": null,
+ "refs": {
+ "ListAnnotationImportJobsResponse$annotationImportJobs": "A list of jobs.
"
+ }
+ },
+ "AnnotationStoreItem": {
+ "base": "An annotation store.
",
+ "refs": {
+ "AnnotationStoreItems$member": null
+ }
+ },
+ "AnnotationStoreItems": {
+ "base": null,
+ "refs": {
+ "ListAnnotationStoresResponse$annotationStores": "A list of stores.
"
+ }
+ },
+ "AnnotationType": {
+ "base": null,
+ "refs": {
+ "TsvStoreOptions$annotationType": "The store's annotation type.
"
+ }
+ },
+ "Arn": {
+ "base": null,
+ "refs": {
+ "AnnotationImportJobItem$roleArn": "The job's service role ARN.
",
+ "AnnotationStoreItem$storeArn": "The store's ARN.
",
+ "GetAnnotationImportResponse$roleArn": "The job's service role ARN.
",
+ "GetAnnotationStoreResponse$storeArn": "The store's ARN.
",
+ "GetVariantImportResponse$roleArn": "The job's service role ARN.
",
+ "GetVariantStoreResponse$storeArn": "The store's ARN.
",
+ "StartAnnotationImportRequest$roleArn": "A service role for the job.
",
+ "StartVariantImportRequest$roleArn": "A service role for the job.
",
+ "VariantImportJobItem$roleArn": "The job's service role ARN.
",
+ "VariantStoreItem$storeArn": "The store's ARN.
"
+ }
+ },
+ "BatchDeleteReadSetRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "BatchDeleteReadSetResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Blob": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$definitionZip": "A ZIP archive for the workflow.
"
+ }
+ },
+ "Boolean": {
+ "base": null,
+ "refs": {
+ "VcfOptions$ignoreFilterField": "The file's ignore filter field setting.
",
+ "VcfOptions$ignoreQualField": "The file's ignore qual field setting.
",
+ "WorkflowParameter$optional": "Whether the parameter is optional.
"
+ }
+ },
+ "CancelAnnotationImportRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CancelAnnotationImportResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CancelRunRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CancelVariantImportRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CancelVariantImportResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ClientToken": {
+ "base": null,
+ "refs": {
+ "CreateReferenceStoreRequest$clientToken": "To ensure that requests don't run multiple times, specify a unique token for each request.
",
+ "CreateSequenceStoreRequest$clientToken": "To ensure that requests don't run multiple times, specify a unique token for each request.
",
+ "StartReadSetActivationJobRequest$clientToken": "To ensure that jobs don't run multiple times, specify a unique token for each job.
",
+ "StartReadSetExportJobRequest$clientToken": "To ensure that jobs don't run multiple times, specify a unique token for each job.
",
+ "StartReadSetImportJobRequest$clientToken": "To ensure that jobs don't run multiple times, specify a unique token for each job.
",
+ "StartReferenceImportJobRequest$clientToken": "To ensure that jobs don't run multiple times, specify a unique token for each job.
"
+ }
+ },
+ "CommentChar": {
+ "base": null,
+ "refs": {
+ "ReadOptions$comment": "The file's comment character.
"
+ }
+ },
+ "CompletionTime": {
+ "base": null,
+ "refs": {
+ "AnnotationImportJobItem$completionTime": "When the job completed.
",
+ "GetAnnotationImportResponse$completionTime": "When the job completed.
",
+ "GetVariantImportResponse$completionTime": "When the job completed.
",
+ "VariantImportJobItem$completionTime": "When the job completed.
"
+ }
+ },
+ "ConflictException": {
+ "base": "The request cannot be applied to the target resource in its current state.
",
+ "refs": {
+ }
+ },
+ "CreateAnnotationStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateAnnotationStoreRequestNameString": {
+ "base": null,
+ "refs": {
+ "CreateAnnotationStoreRequest$name": "A name for the store.
"
+ }
+ },
+ "CreateAnnotationStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateReferenceStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateReferenceStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateRunGroupRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateRunGroupRequestMaxCpusInteger": {
+ "base": null,
+ "refs": {
+ "CreateRunGroupRequest$maxCpus": "The maximum number of CPUs to use in the group.
"
+ }
+ },
+ "CreateRunGroupRequestMaxDurationInteger": {
+ "base": null,
+ "refs": {
+ "CreateRunGroupRequest$maxDuration": "A max duration for the group.
"
+ }
+ },
+ "CreateRunGroupRequestMaxRunsInteger": {
+ "base": null,
+ "refs": {
+ "CreateRunGroupRequest$maxRuns": "The maximum number of concurrent runs for the group.
"
+ }
+ },
+ "CreateRunGroupResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSequenceStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSequenceStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVariantStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVariantStoreRequestNameString": {
+ "base": null,
+ "refs": {
+ "CreateVariantStoreRequest$name": "A name for the store.
"
+ }
+ },
+ "CreateVariantStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateWorkflowRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateWorkflowRequestStorageCapacityInteger": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$storageCapacity": "A storage capacity for the workflow.
"
+ }
+ },
+ "CreateWorkflowResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreationTime": {
+ "base": null,
+ "refs": {
+ "AnnotationImportJobItem$creationTime": "When the job was created.
",
+ "AnnotationStoreItem$creationTime": "The store's creation time.
",
+ "CreateAnnotationStoreResponse$creationTime": "When the store was created.
",
+ "CreateVariantStoreResponse$creationTime": "When the store was created.
",
+ "GetAnnotationImportResponse$creationTime": "When the job was created.
",
+ "GetAnnotationStoreResponse$creationTime": "When the store was created.
",
+ "GetVariantImportResponse$creationTime": "When the job was created.
",
+ "GetVariantStoreResponse$creationTime": "When the store was created.
",
+ "UpdateAnnotationStoreResponse$creationTime": "When the store was created.
",
+ "UpdateVariantStoreResponse$creationTime": "When the store was created.
",
+ "VariantImportJobItem$creationTime": "When the job was created.
",
+ "VariantStoreItem$creationTime": "When the store was created.
"
+ }
+ },
+ "DeleteAnnotationStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteAnnotationStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteReferenceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteReferenceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteReferenceStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteReferenceStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteRunGroupRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteRunRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSequenceStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSequenceStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVariantStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVariantStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteWorkflowRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Encoding": {
+ "base": null,
+ "refs": {
+ "ReadOptions$encoding": "The file's encoding.
"
+ }
+ },
+ "EncryptionType": {
+ "base": null,
+ "refs": {
+ "SseConfig$type": "The encryption type.
"
+ }
+ },
+ "EscapeChar": {
+ "base": null,
+ "refs": {
+ "ReadOptions$escape": "A character for escaping quotes in the file.
"
+ }
+ },
+ "EscapeQuotes": {
+ "base": null,
+ "refs": {
+ "ReadOptions$escapeQuotes": "Whether quotes need to be escaped in the file.
"
+ }
+ },
+ "ExportJobId": {
+ "base": null,
+ "refs": {
+ "ExportReadSetJobDetail$id": "The job's ID.
",
+ "GetReadSetExportJobRequest$id": "The job's ID.
",
+ "GetReadSetExportJobResponse$id": "The job's ID.
",
+ "StartReadSetExportJobResponse$id": "The job's ID.
"
+ }
+ },
+ "ExportReadSet": {
+ "base": "A read set.
",
+ "refs": {
+ "StartReadSetExportJobRequestSourcesList$member": null
+ }
+ },
+ "ExportReadSetDetail": {
+ "base": "Details about a read set.
",
+ "refs": {
+ "ExportReadSetDetailList$member": null
+ }
+ },
+ "ExportReadSetDetailList": {
+ "base": null,
+ "refs": {
+ "GetReadSetExportJobResponse$readSets": "The job's read sets.
"
+ }
+ },
+ "ExportReadSetFilter": {
+ "base": "An read set export job filter.
",
+ "refs": {
+ "ListReadSetExportJobsRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ExportReadSetJobDetail": {
+ "base": "Details about a read set export job.
",
+ "refs": {
+ "ExportReadSetJobDetailList$member": null
+ }
+ },
+ "ExportReadSetJobDetailList": {
+ "base": null,
+ "refs": {
+ "ListReadSetExportJobsResponse$exportJobs": "A list of jobs.
"
+ }
+ },
+ "FileInformation": {
+ "base": "Details about a file.
",
+ "refs": {
+ "ReadSetFiles$index": "The files' index.
",
+ "ReadSetFiles$source1": "The location of the first file in Amazon S3.
",
+ "ReadSetFiles$source2": "The location of the second file in Amazon S3.
",
+ "ReferenceFiles$index": "The files' index.
",
+ "ReferenceFiles$source": "The source file's location in Amazon S3.
"
+ }
+ },
+ "FileInformationContentLengthLong": {
+ "base": null,
+ "refs": {
+ "FileInformation$contentLength": "The file's content length.
"
+ }
+ },
+ "FileInformationPartSizeLong": {
+ "base": null,
+ "refs": {
+ "FileInformation$partSize": "The file's part size.
"
+ }
+ },
+ "FileInformationTotalPartsInteger": {
+ "base": null,
+ "refs": {
+ "FileInformation$totalParts": "The file's total parts.
"
+ }
+ },
+ "FileType": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$fileType": "The read set's file type.
",
+ "ImportReadSetSourceItem$sourceFileType": "The source's file type.
",
+ "ReadSetListItem$fileType": "The read set's file type.
",
+ "StartReadSetImportJobSourceItem$sourceFileType": "The source's file type.
"
+ }
+ },
+ "FormatOptions": {
+ "base": "Formatting options for a file.
",
+ "refs": {
+ "GetAnnotationImportResponse$formatOptions": null,
+ "StartAnnotationImportRequest$formatOptions": "Formatting options for the annotation file.
"
+ }
+ },
+ "FormatToHeader": {
+ "base": null,
+ "refs": {
+ "TsvStoreOptions$formatToHeader": "The store's header key to column name mapping.
"
+ }
+ },
+ "FormatToHeaderKey": {
+ "base": null,
+ "refs": {
+ "FormatToHeader$key": null
+ }
+ },
+ "FormatToHeaderValueString": {
+ "base": null,
+ "refs": {
+ "FormatToHeader$value": null
+ }
+ },
+ "GeneratedFrom": {
+ "base": null,
+ "refs": {
+ "ImportReadSetSourceItem$generatedFrom": "Where the source originated.
",
+ "SequenceInformation$generatedFrom": "Where the sequence originated.
",
+ "StartReadSetImportJobSourceItem$generatedFrom": "Where the source originated.
"
+ }
+ },
+ "GetAnnotationImportRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetAnnotationImportResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetAnnotationStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetAnnotationStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetActivationJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetActivationJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetExportJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetExportJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetImportJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetImportJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetMetadataRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetMetadataResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReadSetRequestPartNumberInteger": {
+ "base": null,
+ "refs": {
+ "GetReadSetRequest$partNumber": "The part number to retrieve.
"
+ }
+ },
+ "GetReadSetResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceImportJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceImportJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceMetadataRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceMetadataResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceRequestPartNumberInteger": {
+ "base": null,
+ "refs": {
+ "GetReferenceRequest$partNumber": "The part number to retrieve.
"
+ }
+ },
+ "GetReferenceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetReferenceStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetRunGroupRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetRunGroupResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetRunGroupResponseMaxCpusInteger": {
+ "base": null,
+ "refs": {
+ "GetRunGroupResponse$maxCpus": "The group's maximum number of CPUs to use.
"
+ }
+ },
+ "GetRunGroupResponseMaxDurationInteger": {
+ "base": null,
+ "refs": {
+ "GetRunGroupResponse$maxDuration": "The group's maximum run duration.
"
+ }
+ },
+ "GetRunGroupResponseMaxRunsInteger": {
+ "base": null,
+ "refs": {
+ "GetRunGroupResponse$maxRuns": "The maximum number of concurrent runs for the group.
"
+ }
+ },
+ "GetRunRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetRunResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetRunResponsePriorityInteger": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$priority": "The run's priority.
"
+ }
+ },
+ "GetRunResponseStorageCapacityInteger": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$storageCapacity": "The run's storage capacity.
"
+ }
+ },
+ "GetRunTaskRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetRunTaskResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetRunTaskResponseCpusInteger": {
+ "base": null,
+ "refs": {
+ "GetRunTaskResponse$cpus": "The task's CPU usage.
"
+ }
+ },
+ "GetRunTaskResponseMemoryInteger": {
+ "base": null,
+ "refs": {
+ "GetRunTaskResponse$memory": "The task's memory setting.
"
+ }
+ },
+ "GetSequenceStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetSequenceStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetVariantImportRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetVariantImportResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetVariantStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetVariantStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetWorkflowRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetWorkflowResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetWorkflowResponseStorageCapacityInteger": {
+ "base": null,
+ "refs": {
+ "GetWorkflowResponse$storageCapacity": "The workflow's storage capacity.
"
+ }
+ },
+ "Header": {
+ "base": null,
+ "refs": {
+ "ReadOptions$header": "Whether the file has a header row.
"
+ }
+ },
+ "ImportJobId": {
+ "base": null,
+ "refs": {
+ "GetReadSetImportJobRequest$id": "The job's ID.
",
+ "GetReadSetImportJobResponse$id": "The job's ID.
",
+ "GetReferenceImportJobRequest$id": "The job's ID.
",
+ "GetReferenceImportJobResponse$id": "The job's ID.
",
+ "ImportReadSetJobItem$id": "The job's ID.
",
+ "ImportReferenceJobItem$id": "The job's ID.
",
+ "StartReadSetImportJobResponse$id": "The job's ID.
",
+ "StartReferenceImportJobResponse$id": "The job's ID.
"
+ }
+ },
+ "ImportReadSetFilter": {
+ "base": "A filter for import read set jobs.
",
+ "refs": {
+ "ListReadSetImportJobsRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ImportReadSetJobItem": {
+ "base": "An import read set job.
",
+ "refs": {
+ "ImportReadSetJobList$member": null
+ }
+ },
+ "ImportReadSetJobList": {
+ "base": null,
+ "refs": {
+ "ListReadSetImportJobsResponse$importJobs": "A list of jobs.
"
+ }
+ },
+ "ImportReadSetSourceItem": {
+ "base": "A source for an import read set job.
",
+ "refs": {
+ "ImportReadSetSourceList$member": null
+ }
+ },
+ "ImportReadSetSourceList": {
+ "base": null,
+ "refs": {
+ "GetReadSetImportJobResponse$sources": "The job's sources.
"
+ }
+ },
+ "ImportReferenceFilter": {
+ "base": "A filter for import references.
",
+ "refs": {
+ "ListReferenceImportJobsRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ImportReferenceJobItem": {
+ "base": "An import reference job.
",
+ "refs": {
+ "ImportReferenceJobList$member": null
+ }
+ },
+ "ImportReferenceJobList": {
+ "base": null,
+ "refs": {
+ "ListReferenceImportJobsResponse$importJobs": "A lis of jobs.
"
+ }
+ },
+ "ImportReferenceSourceItem": {
+ "base": "An genome reference source.
",
+ "refs": {
+ "ImportReferenceSourceList$member": null
+ }
+ },
+ "ImportReferenceSourceList": {
+ "base": null,
+ "refs": {
+ "GetReferenceImportJobResponse$sources": "The job's sources.
"
+ }
+ },
+ "InternalServerException": {
+ "base": "An unexpected error occurred. Try the request again.
",
+ "refs": {
+ }
+ },
+ "JobStatus": {
+ "base": null,
+ "refs": {
+ "AnnotationImportItemDetail$jobStatus": "The item's job status.
",
+ "AnnotationImportJobItem$status": "The job's status.
",
+ "GetAnnotationImportResponse$status": "The job's status.
",
+ "GetVariantImportResponse$status": "The job's status.
",
+ "ListAnnotationImportJobsFilter$status": "A status to filter on.
",
+ "ListVariantImportJobsFilter$status": "A status to filter on.
",
+ "VariantImportItemDetail$jobStatus": "The item's job status.
",
+ "VariantImportJobItem$status": "The job's status.
"
+ }
+ },
+ "JobStatusMessage": {
+ "base": null,
+ "refs": {
+ "ActivateReadSetSourceItem$statusMessage": "The source's status message.
",
+ "ExportReadSetDetail$statusMessage": "The set's status message.
",
+ "GetReadSetActivationJobResponse$statusMessage": "The job's status message.
",
+ "GetReadSetExportJobResponse$statusMessage": "The job's status message.
",
+ "GetReadSetImportJobResponse$statusMessage": "The job's status message.
",
+ "GetReferenceImportJobResponse$statusMessage": "The job's status message.
",
+ "ImportReadSetSourceItem$statusMessage": "The source's status message.
",
+ "ImportReferenceSourceItem$statusMessage": "The source's status message.
"
+ }
+ },
+ "JobStatusMsg": {
+ "base": null,
+ "refs": {
+ "GetAnnotationImportResponse$statusMessage": "The job's status message.
",
+ "GetVariantImportResponse$statusMessage": "The job's status message.
"
+ }
+ },
+ "LineSep": {
+ "base": null,
+ "refs": {
+ "ReadOptions$lineSep": "A line separator for the file.
"
+ }
+ },
+ "ListAnnotationImportJobsFilter": {
+ "base": "A filter for annotation import jobs.
",
+ "refs": {
+ "ListAnnotationImportJobsRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ListAnnotationImportJobsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAnnotationImportJobsRequestIdsList": {
+ "base": null,
+ "refs": {
+ "ListAnnotationImportJobsRequest$ids": "IDs of annotation import jobs to retrieve.
"
+ }
+ },
+ "ListAnnotationImportJobsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListAnnotationImportJobsRequest$maxResults": "The maximum number of jobs to return in one page of results.
"
+ }
+ },
+ "ListAnnotationImportJobsRequestNextTokenString": {
+ "base": null,
+ "refs": {
+ "ListAnnotationImportJobsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
"
+ }
+ },
+ "ListAnnotationImportJobsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAnnotationStoresFilter": {
+ "base": "A filter for annotation stores.
",
+ "refs": {
+ "ListAnnotationStoresRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ListAnnotationStoresRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAnnotationStoresRequestIdsList": {
+ "base": null,
+ "refs": {
+ "ListAnnotationStoresRequest$ids": "IDs of stores to list.
"
+ }
+ },
+ "ListAnnotationStoresRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListAnnotationStoresRequest$maxResults": "The maximum number of stores to return in one page of results.
"
+ }
+ },
+ "ListAnnotationStoresRequestNextTokenString": {
+ "base": null,
+ "refs": {
+ "ListAnnotationStoresRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
"
+ }
+ },
+ "ListAnnotationStoresResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetActivationJobsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetActivationJobsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListReadSetActivationJobsRequest$maxResults": "The maximum number of read set activation jobs to return in one page of results.
"
+ }
+ },
+ "ListReadSetActivationJobsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetExportJobsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetExportJobsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListReadSetExportJobsRequest$maxResults": "The maximum number of jobs to return in one page of results.
"
+ }
+ },
+ "ListReadSetExportJobsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetImportJobsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetImportJobsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListReadSetImportJobsRequest$maxResults": "The maximum number of jobs to return in one page of results.
"
+ }
+ },
+ "ListReadSetImportJobsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReadSetsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListReadSetsRequest$maxResults": "The maximum number of read sets to return in one page of results.
"
+ }
+ },
+ "ListReadSetsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReferenceImportJobsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReferenceImportJobsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListReferenceImportJobsRequest$maxResults": "The maximum number of jobs to return in one page of results.
"
+ }
+ },
+ "ListReferenceImportJobsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReferenceStoresRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReferenceStoresRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListReferenceStoresRequest$maxResults": "The maximum number of stores to return in one page of results.
"
+ }
+ },
+ "ListReferenceStoresResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReferencesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReferencesRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListReferencesRequest$maxResults": "The maximum number of references to return in one page of results.
"
+ }
+ },
+ "ListReferencesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListRunGroupsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListRunGroupsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListRunGroupsRequest$maxResults": "The maximum number of run groups to return in one page of results.
"
+ }
+ },
+ "ListRunGroupsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListRunTasksRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListRunTasksRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListRunTasksRequest$maxResults": "The maximum number of run tasks to return in one page of results.
"
+ }
+ },
+ "ListRunTasksResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListRunsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListRunsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListRunsRequest$maxResults": "The maximum number of runs to return in one page of results.
"
+ }
+ },
+ "ListRunsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSequenceStoresRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSequenceStoresRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListSequenceStoresRequest$maxResults": "The maximum number of stores to return in one page of results.
"
+ }
+ },
+ "ListSequenceStoresResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListVariantImportJobsFilter": {
+ "base": "A filter for variant import jobs.
",
+ "refs": {
+ "ListVariantImportJobsRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ListVariantImportJobsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListVariantImportJobsRequestIdsList": {
+ "base": null,
+ "refs": {
+ "ListVariantImportJobsRequest$ids": "A list of job IDs.
"
+ }
+ },
+ "ListVariantImportJobsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListVariantImportJobsRequest$maxResults": "The maximum number of import jobs to return in one page of results.
"
+ }
+ },
+ "ListVariantImportJobsRequestNextTokenString": {
+ "base": null,
+ "refs": {
+ "ListVariantImportJobsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
"
+ }
+ },
+ "ListVariantImportJobsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListVariantStoresFilter": {
+ "base": "A filter for variant stores.
",
+ "refs": {
+ "ListVariantStoresRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ListVariantStoresRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListVariantStoresRequestIdsList": {
+ "base": null,
+ "refs": {
+ "ListVariantStoresRequest$ids": "A list of store IDs.
"
+ }
+ },
+ "ListVariantStoresRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListVariantStoresRequest$maxResults": "The maximum number of stores to return in one page of results.
"
+ }
+ },
+ "ListVariantStoresRequestNextTokenString": {
+ "base": null,
+ "refs": {
+ "ListVariantStoresRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
"
+ }
+ },
+ "ListVariantStoresResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListWorkflowsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListWorkflowsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListWorkflowsRequest$maxResults": "The maximum number of workflows to return in one page of results.
"
+ }
+ },
+ "ListWorkflowsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Long": {
+ "base": null,
+ "refs": {
+ "AnnotationStoreItem$storeSizeBytes": "The store's size in bytes.
",
+ "GetAnnotationStoreResponse$storeSizeBytes": "The store's size in bytes.
",
+ "GetVariantStoreResponse$storeSizeBytes": "The store's size in bytes.
",
+ "SequenceInformation$totalBaseCount": "The sequence's total base count.
",
+ "SequenceInformation$totalReadCount": "The sequence's total read count.
",
+ "VariantStoreItem$storeSizeBytes": "The store's size in bytes.
"
+ }
+ },
+ "Md5": {
+ "base": null,
+ "refs": {
+ "GetReferenceMetadataResponse$md5": "The reference's MD5 checksum.
",
+ "ReferenceFilter$md5": "An MD5 checksum to filter on.
",
+ "ReferenceListItem$md5": "The reference's MD5 checksum.
"
+ }
+ },
+ "NextToken": {
+ "base": null,
+ "refs": {
+ "ListReadSetActivationJobsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListReadSetActivationJobsResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListReadSetExportJobsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListReadSetExportJobsResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListReadSetImportJobsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListReadSetImportJobsResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListReadSetsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListReadSetsResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListReferenceImportJobsRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListReferenceImportJobsResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListReferenceStoresRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListReferenceStoresResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListReferencesRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListReferencesResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListSequenceStoresRequest$nextToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListSequenceStoresResponse$nextToken": "A pagination token that's included if more results are available.
"
+ }
+ },
+ "PrimitiveBoolean": {
+ "base": null,
+ "refs": {
+ "DeleteAnnotationStoreRequest$force": "Whether to force deletion.
",
+ "DeleteVariantStoreRequest$force": "Whether to force deletion.
"
+ }
+ },
+ "Quote": {
+ "base": null,
+ "refs": {
+ "ReadOptions$quote": "The file's quote character.
"
+ }
+ },
+ "QuoteAll": {
+ "base": null,
+ "refs": {
+ "ReadOptions$quoteAll": "Whether all values need to be quoted, or just those that contain quotes.
"
+ }
+ },
+ "Range": {
+ "base": null,
+ "refs": {
+ "GetReferenceRequest$range": "The range to retrieve.
"
+ }
+ },
+ "RangeNotSatisfiableException": {
+ "base": "The ranges specified in the request are not valid.
",
+ "refs": {
+ }
+ },
+ "ReadOptions": {
+ "base": "Read options for an annotation import job.
",
+ "refs": {
+ "TsvOptions$readOptions": "The file's read options.
"
+ }
+ },
+ "ReadSetActivationJobItemStatus": {
+ "base": null,
+ "refs": {
+ "ActivateReadSetSourceItem$status": "The source's status.
"
+ }
+ },
+ "ReadSetActivationJobStatus": {
+ "base": null,
+ "refs": {
+ "ActivateReadSetFilter$status": "The filter's status.
",
+ "ActivateReadSetJobItem$status": "The job's status.
",
+ "GetReadSetActivationJobResponse$status": "The job's status.
",
+ "StartReadSetActivationJobResponse$status": "The job's status.
"
+ }
+ },
+ "ReadSetArn": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$arn": "The read set's ARN.
",
+ "ReadSetListItem$arn": "The read set's ARN.
"
+ }
+ },
+ "ReadSetBatchError": {
+ "base": "An error from a batch read set operation.
",
+ "refs": {
+ "ReadSetBatchErrorList$member": null
+ }
+ },
+ "ReadSetBatchErrorList": {
+ "base": null,
+ "refs": {
+ "BatchDeleteReadSetResponse$errors": "Errors returned by individual delete operations.
"
+ }
+ },
+ "ReadSetDescription": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$description": "The read set's description.
",
+ "ImportReadSetSourceItem$description": "The source's description.
",
+ "ReadSetListItem$description": "The read set's description.
",
+ "StartReadSetImportJobSourceItem$description": "The source's description.
"
+ }
+ },
+ "ReadSetExportJobItemStatus": {
+ "base": null,
+ "refs": {
+ "ExportReadSetDetail$status": "The set's status.
"
+ }
+ },
+ "ReadSetExportJobStatus": {
+ "base": null,
+ "refs": {
+ "ExportReadSetFilter$status": "A status to filter on.
",
+ "ExportReadSetJobDetail$status": "The job's status.
",
+ "GetReadSetExportJobResponse$status": "The job's status.
",
+ "StartReadSetExportJobResponse$status": "The job's status.
"
+ }
+ },
+ "ReadSetFile": {
+ "base": null,
+ "refs": {
+ "GetReadSetRequest$file": "The file to retrieve.
"
+ }
+ },
+ "ReadSetFiles": {
+ "base": "Files in a read set.
",
+ "refs": {
+ "GetReadSetMetadataResponse$files": "The read set's files.
"
+ }
+ },
+ "ReadSetFilter": {
+ "base": "A filter for read sets.
",
+ "refs": {
+ "ListReadSetsRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ReadSetId": {
+ "base": null,
+ "refs": {
+ "ActivateReadSetSourceItem$readSetId": "The source's read set ID.
",
+ "ExportReadSet$readSetId": "The set's ID.
",
+ "ExportReadSetDetail$id": "The set's ID.
",
+ "GetReadSetMetadataRequest$id": "The read set's ID.
",
+ "GetReadSetMetadataResponse$id": "The read set's ID.
",
+ "GetReadSetRequest$id": "The read set's ID.
",
+ "ReadSetBatchError$id": "The error's ID.
",
+ "ReadSetIdList$member": null,
+ "ReadSetListItem$id": "The read set's ID.
",
+ "StartReadSetActivationJobSourceItem$readSetId": "The source's read set ID.
"
+ }
+ },
+ "ReadSetIdList": {
+ "base": null,
+ "refs": {
+ "BatchDeleteReadSetRequest$ids": "The read sets' IDs.
"
+ }
+ },
+ "ReadSetImportJobItemStatus": {
+ "base": null,
+ "refs": {
+ "ImportReadSetSourceItem$status": "The source's status.
"
+ }
+ },
+ "ReadSetImportJobStatus": {
+ "base": null,
+ "refs": {
+ "GetReadSetImportJobResponse$status": "The job's status.
",
+ "ImportReadSetFilter$status": "A status to filter on.
",
+ "ImportReadSetJobItem$status": "The job's status.
",
+ "StartReadSetImportJobResponse$status": "The job's status.
"
+ }
+ },
+ "ReadSetList": {
+ "base": null,
+ "refs": {
+ "ListReadSetsResponse$readSets": "A list of read sets.
"
+ }
+ },
+ "ReadSetListItem": {
+ "base": "A read set.
",
+ "refs": {
+ "ReadSetList$member": null
+ }
+ },
+ "ReadSetName": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$name": "The read set's name.
",
+ "ImportReadSetSourceItem$name": "The source's name.
",
+ "ReadSetFilter$name": "A name to filter on.
",
+ "ReadSetListItem$name": "The read set's name.
",
+ "StartReadSetImportJobSourceItem$name": "The source's name.
"
+ }
+ },
+ "ReadSetStatus": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$status": "The read set's status.
",
+ "ReadSetFilter$status": "A status to filter on.
",
+ "ReadSetListItem$status": "The read set's status.
"
+ }
+ },
+ "ReadSetStreamingBlob": {
+ "base": null,
+ "refs": {
+ "GetReadSetResponse$payload": "The read set file payload.
"
+ }
+ },
+ "ReferenceArn": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$referenceArn": "The read set's genome reference ARN.
",
+ "GetReferenceMetadataResponse$arn": "The reference's ARN.
",
+ "ImportReadSetSourceItem$referenceArn": "The source's genome reference ARN.
",
+ "ReadSetFilter$referenceArn": "A genome reference ARN to filter on.
",
+ "ReadSetListItem$referenceArn": "The read set's genome reference ARN.
",
+ "ReferenceItem$referenceArn": "The reference's ARN.
",
+ "ReferenceListItem$arn": "The reference's ARN.
",
+ "StartReadSetImportJobSourceItem$referenceArn": "The source's reference ARN.
"
+ }
+ },
+ "ReferenceDescription": {
+ "base": null,
+ "refs": {
+ "GetReferenceMetadataResponse$description": "The reference's description.
",
+ "ImportReferenceSourceItem$description": "The source's description.
",
+ "ReferenceListItem$description": "The reference's description.
",
+ "StartReferenceImportJobSourceItem$description": "The source's description.
"
+ }
+ },
+ "ReferenceFile": {
+ "base": null,
+ "refs": {
+ "GetReferenceRequest$file": "The file to retrieve.
"
+ }
+ },
+ "ReferenceFiles": {
+ "base": "A set of genome reference files.
",
+ "refs": {
+ "GetReferenceMetadataResponse$files": "The reference's files.
"
+ }
+ },
+ "ReferenceFilter": {
+ "base": "A filter for references.
",
+ "refs": {
+ "ListReferencesRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ReferenceId": {
+ "base": null,
+ "refs": {
+ "DeleteReferenceRequest$id": "The reference's ID.
",
+ "GetReferenceMetadataRequest$id": "The reference's ID.
",
+ "GetReferenceMetadataResponse$id": "The reference's ID.
",
+ "GetReferenceRequest$id": "The reference's ID.
",
+ "ReferenceListItem$id": "The reference's ID.
"
+ }
+ },
+ "ReferenceImportJobItemStatus": {
+ "base": null,
+ "refs": {
+ "ImportReferenceSourceItem$status": "The source's status.
"
+ }
+ },
+ "ReferenceImportJobStatus": {
+ "base": null,
+ "refs": {
+ "GetReferenceImportJobResponse$status": "The job's status.
",
+ "ImportReferenceFilter$status": "A status to filter on.
",
+ "ImportReferenceJobItem$status": "The job's status.
",
+ "StartReferenceImportJobResponse$status": "The job's status.
"
+ }
+ },
+ "ReferenceItem": {
+ "base": "A genome reference.
",
+ "refs": {
+ "AnnotationStoreItem$reference": "The store's genome reference.
",
+ "CreateAnnotationStoreRequest$reference": "The genome reference for the store's annotations.
",
+ "CreateAnnotationStoreResponse$reference": "The store's genome reference.
",
+ "CreateVariantStoreRequest$reference": "The genome reference for the store's variants.
",
+ "CreateVariantStoreResponse$reference": "The store's genome reference.
",
+ "GetAnnotationStoreResponse$reference": "The store's genome reference.
",
+ "GetVariantStoreResponse$reference": "The store's genome reference.
",
+ "UpdateAnnotationStoreResponse$reference": "The store's genome reference.
",
+ "UpdateVariantStoreResponse$reference": "The store's genome reference.
",
+ "VariantStoreItem$reference": "The store's genome reference.
"
+ }
+ },
+ "ReferenceList": {
+ "base": null,
+ "refs": {
+ "ListReferencesResponse$references": "A list of references.
"
+ }
+ },
+ "ReferenceListItem": {
+ "base": "A genome reference.
",
+ "refs": {
+ "ReferenceList$member": null
+ }
+ },
+ "ReferenceName": {
+ "base": null,
+ "refs": {
+ "GetReferenceMetadataResponse$name": "The reference's name.
",
+ "ImportReferenceSourceItem$name": "The source's name.
",
+ "ReferenceFilter$name": "A name to filter on.
",
+ "ReferenceListItem$name": "The reference's name.
",
+ "StartReferenceImportJobSourceItem$name": "The source's name.
"
+ }
+ },
+ "ReferenceStatus": {
+ "base": null,
+ "refs": {
+ "GetReferenceMetadataResponse$status": "The reference's status.
",
+ "ReferenceListItem$status": "The reference's status.
"
+ }
+ },
+ "ReferenceStoreArn": {
+ "base": null,
+ "refs": {
+ "CreateReferenceStoreResponse$arn": "The store's ARN.
",
+ "GetReferenceStoreResponse$arn": "The store's ARN.
",
+ "ReferenceStoreDetail$arn": "The store's ARN.
"
+ }
+ },
+ "ReferenceStoreDescription": {
+ "base": null,
+ "refs": {
+ "CreateReferenceStoreRequest$description": "A description for the store.
",
+ "CreateReferenceStoreResponse$description": "The store's description.
",
+ "GetReferenceStoreResponse$description": "The store's description.
",
+ "ReferenceStoreDetail$description": "The store's description.
"
+ }
+ },
+ "ReferenceStoreDetail": {
+ "base": "Details about a reference store.
",
+ "refs": {
+ "ReferenceStoreDetailList$member": null
+ }
+ },
+ "ReferenceStoreDetailList": {
+ "base": null,
+ "refs": {
+ "ListReferenceStoresResponse$referenceStores": "A list of reference stores.
"
+ }
+ },
+ "ReferenceStoreFilter": {
+ "base": "A filter for reference stores.
",
+ "refs": {
+ "ListReferenceStoresRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "ReferenceStoreId": {
+ "base": null,
+ "refs": {
+ "CreateReferenceStoreResponse$id": "The store's ID.
",
+ "DeleteReferenceRequest$referenceStoreId": "The reference's store ID.
",
+ "DeleteReferenceStoreRequest$id": "The store's ID.
",
+ "GetReferenceImportJobRequest$referenceStoreId": "The job's reference store ID.
",
+ "GetReferenceImportJobResponse$referenceStoreId": "The job's reference store ID.
",
+ "GetReferenceMetadataRequest$referenceStoreId": "The reference's reference store ID.
",
+ "GetReferenceMetadataResponse$referenceStoreId": "The reference's reference store ID.
",
+ "GetReferenceRequest$referenceStoreId": "The reference's store ID.
",
+ "GetReferenceStoreRequest$id": "The store's ID.
",
+ "GetReferenceStoreResponse$id": "The store's ID.
",
+ "ImportReferenceJobItem$referenceStoreId": "The job's reference store ID.
",
+ "ListReferenceImportJobsRequest$referenceStoreId": "The job's reference store ID.
",
+ "ListReferencesRequest$referenceStoreId": "The references' reference store ID.
",
+ "ReferenceListItem$referenceStoreId": "The reference's store ID.
",
+ "ReferenceStoreDetail$id": "The store's ID.
",
+ "StartReferenceImportJobRequest$referenceStoreId": "The job's reference store ID.
",
+ "StartReferenceImportJobResponse$referenceStoreId": "The job's reference store ID.
"
+ }
+ },
+ "ReferenceStoreName": {
+ "base": null,
+ "refs": {
+ "CreateReferenceStoreRequest$name": "A name for the store.
",
+ "CreateReferenceStoreResponse$name": "The store's name.
",
+ "GetReferenceStoreResponse$name": "The store's name.
",
+ "ReferenceStoreDetail$name": "The store's name.
",
+ "ReferenceStoreFilter$name": "The name to filter on.
"
+ }
+ },
+ "ReferenceStreamingBlob": {
+ "base": null,
+ "refs": {
+ "GetReferenceResponse$payload": "The reference file payload.
"
+ }
+ },
+ "RequestTimeoutException": {
+ "base": "The request timed out.
",
+ "refs": {
+ }
+ },
+ "ResourceId": {
+ "base": null,
+ "refs": {
+ "AnnotationStoreItem$id": "The store's ID.
",
+ "CancelAnnotationImportRequest$jobId": "The job's ID.
",
+ "CancelVariantImportRequest$jobId": "The job's ID.
",
+ "CreateAnnotationStoreResponse$id": "The store's ID.
",
+ "CreateVariantStoreResponse$id": "The store's ID.
",
+ "GetAnnotationImportRequest$jobId": "The job's ID.
",
+ "GetAnnotationImportResponse$id": "The job's ID.
",
+ "GetAnnotationStoreResponse$id": "The store's ID.
",
+ "GetVariantImportRequest$jobId": "The job's ID.
",
+ "GetVariantImportResponse$id": "The job's ID.
",
+ "GetVariantStoreResponse$id": "The store's ID.
",
+ "StartAnnotationImportResponse$jobId": "The job's ID.
",
+ "StartVariantImportResponse$jobId": "The job's ID.
",
+ "UpdateAnnotationStoreResponse$id": "The store's ID.
",
+ "UpdateVariantStoreResponse$id": "The store's ID.
",
+ "VariantStoreItem$id": "The store's ID.
"
+ }
+ },
+ "ResourceIdentifier": {
+ "base": null,
+ "refs": {
+ "ListAnnotationImportJobsRequestIdsList$member": null,
+ "ListAnnotationStoresRequestIdsList$member": null,
+ "ListVariantImportJobsRequestIdsList$member": null,
+ "ListVariantStoresRequestIdsList$member": null
+ }
+ },
+ "ResourceNotFoundException": {
+ "base": "The target resource was not found in the current Region.
",
+ "refs": {
+ }
+ },
+ "RoleArn": {
+ "base": null,
+ "refs": {
+ "GetReadSetImportJobResponse$roleArn": "The job's service role ARN.
",
+ "GetReferenceImportJobResponse$roleArn": "The job's service role ARN.
",
+ "ImportReadSetJobItem$roleArn": "The job's service role ARN.
",
+ "ImportReferenceJobItem$roleArn": "The job's service role ARN.
",
+ "StartReadSetExportJobRequest$roleArn": "A service role for the job.
",
+ "StartReadSetImportJobRequest$roleArn": "A service role for the job.
",
+ "StartReadSetImportJobResponse$roleArn": "The job's service role ARN.
",
+ "StartReferenceImportJobRequest$roleArn": "A service role for the job.
",
+ "StartReferenceImportJobResponse$roleArn": "The job's service role ARN.
"
+ }
+ },
+ "RunArn": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$arn": "The run's ARN.
",
+ "RunListItem$arn": "The run's ARN.
",
+ "StartRunResponse$arn": "The run's ARN.
"
+ }
+ },
+ "RunExport": {
+ "base": null,
+ "refs": {
+ "RunExportList$member": null
+ }
+ },
+ "RunExportList": {
+ "base": null,
+ "refs": {
+ "GetRunRequest$export": "The run's export format.
"
+ }
+ },
+ "RunGroupArn": {
+ "base": null,
+ "refs": {
+ "CreateRunGroupResponse$arn": "The group's ARN.
",
+ "GetRunGroupResponse$arn": "The group's ARN.
",
+ "RunGroupListItem$arn": "The group's ARN.
"
+ }
+ },
+ "RunGroupId": {
+ "base": null,
+ "refs": {
+ "CreateRunGroupResponse$id": "The group's ID.
",
+ "DeleteRunGroupRequest$id": "The run group's ID.
",
+ "GetRunGroupRequest$id": "The group's ID.
",
+ "GetRunGroupResponse$id": "The group's ID.
",
+ "GetRunResponse$runGroupId": "The run's group ID.
",
+ "ListRunsRequest$runGroupId": "Filter the list by run group ID.
",
+ "RunGroupListItem$id": "The group's ID.
",
+ "StartRunRequest$runGroupId": "The run's group ID.
",
+ "UpdateRunGroupRequest$id": "The group's ID.
"
+ }
+ },
+ "RunGroupList": {
+ "base": null,
+ "refs": {
+ "ListRunGroupsResponse$items": "A list of groups.
"
+ }
+ },
+ "RunGroupListItem": {
+ "base": "A run group.
",
+ "refs": {
+ "RunGroupList$member": null
+ }
+ },
+ "RunGroupListItemMaxCpusInteger": {
+ "base": null,
+ "refs": {
+ "RunGroupListItem$maxCpus": "The group's maximum CPU count setting.
"
+ }
+ },
+ "RunGroupListItemMaxDurationInteger": {
+ "base": null,
+ "refs": {
+ "RunGroupListItem$maxDuration": "The group's maximum duration setting.
"
+ }
+ },
+ "RunGroupListItemMaxRunsInteger": {
+ "base": null,
+ "refs": {
+ "RunGroupListItem$maxRuns": "The group's maximum concurrent run setting.
"
+ }
+ },
+ "RunGroupListToken": {
+ "base": null,
+ "refs": {
+ "ListRunGroupsRequest$startingToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListRunGroupsResponse$nextToken": "A pagination token that's included if more results are available.
"
+ }
+ },
+ "RunGroupName": {
+ "base": null,
+ "refs": {
+ "CreateRunGroupRequest$name": "A name for the group.
",
+ "GetRunGroupResponse$name": "The group's name.
",
+ "ListRunGroupsRequest$name": "The run groups' name.
",
+ "RunGroupListItem$name": "The group's name.
",
+ "UpdateRunGroupRequest$name": "A name for the group.
"
+ }
+ },
+ "RunGroupRequestId": {
+ "base": null,
+ "refs": {
+ "CreateRunGroupRequest$requestId": "A request ID for the group.
"
+ }
+ },
+ "RunGroupTimestamp": {
+ "base": null,
+ "refs": {
+ "GetRunGroupResponse$creationTime": "When the group was created.
",
+ "RunGroupListItem$creationTime": "When the group was created.
"
+ }
+ },
+ "RunId": {
+ "base": null,
+ "refs": {
+ "CancelRunRequest$id": "The run's ID.
",
+ "DeleteRunRequest$id": "The run's ID.
",
+ "GetRunRequest$id": "The run's ID.
",
+ "GetRunResponse$id": "The run's ID.
",
+ "GetRunResponse$runId": "The run's ID.
",
+ "GetRunTaskRequest$id": "The task's ID.
",
+ "ListRunTasksRequest$id": "The run's ID.
",
+ "RunListItem$id": "The run's ID.
",
+ "StartRunRequest$runId": "The run's ID.
",
+ "StartRunResponse$id": "The run's ID.
"
+ }
+ },
+ "RunLeftNormalization": {
+ "base": null,
+ "refs": {
+ "AnnotationImportJobItem$runLeftNormalization": "The job's left normalization setting.
",
+ "GetAnnotationImportResponse$runLeftNormalization": "The job's left normalization setting.
",
+ "GetVariantImportResponse$runLeftNormalization": "The job's left normalization setting.
",
+ "StartAnnotationImportRequest$runLeftNormalization": "The job's left normalization setting.
",
+ "StartVariantImportRequest$runLeftNormalization": "The job's left normalization setting.
",
+ "VariantImportJobItem$runLeftNormalization": "The job's left normalization setting.
"
+ }
+ },
+ "RunList": {
+ "base": null,
+ "refs": {
+ "ListRunsResponse$items": "A list of runs.
"
+ }
+ },
+ "RunListItem": {
+ "base": "A workflow run.
",
+ "refs": {
+ "RunList$member": null
+ }
+ },
+ "RunListItemPriorityInteger": {
+ "base": null,
+ "refs": {
+ "RunListItem$priority": "The run's priority.
"
+ }
+ },
+ "RunListItemStorageCapacityInteger": {
+ "base": null,
+ "refs": {
+ "RunListItem$storageCapacity": "The run's storage capacity.
"
+ }
+ },
+ "RunListToken": {
+ "base": null,
+ "refs": {
+ "ListRunsRequest$startingToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListRunsResponse$nextToken": "A pagination token that's included if more results are available.
"
+ }
+ },
+ "RunLogLevel": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$logLevel": "The run's log level.
",
+ "StartRunRequest$logLevel": "A log level for the run.
"
+ }
+ },
+ "RunName": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$name": "The run's name.
",
+ "ListRunsRequest$name": "Filter the list by run name.
",
+ "RunListItem$name": "The run's name.
",
+ "StartRunRequest$name": "A name for the run.
"
+ }
+ },
+ "RunOutputUri": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$outputUri": "The run's output URI.
",
+ "StartRunRequest$outputUri": "An output URI for the run.
"
+ }
+ },
+ "RunParameters": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$parameters": "The run's parameters.
",
+ "StartRunRequest$parameters": "Parameters for the run.
"
+ }
+ },
+ "RunRequestId": {
+ "base": null,
+ "refs": {
+ "StartRunRequest$requestId": "A request ID for the run.
"
+ }
+ },
+ "RunResourceDigest": {
+ "base": null,
+ "refs": {
+ "RunResourceDigests$value": null
+ }
+ },
+ "RunResourceDigestKey": {
+ "base": null,
+ "refs": {
+ "RunResourceDigests$key": null
+ }
+ },
+ "RunResourceDigests": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$resourceDigests": "The run's resource digests.
"
+ }
+ },
+ "RunRoleArn": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$roleArn": "The run's service role ARN.
",
+ "StartRunRequest$roleArn": "A service role for the run.
"
+ }
+ },
+ "RunStartedBy": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$startedBy": "Who started the run.
"
+ }
+ },
+ "RunStatus": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$status": "The run's status.
",
+ "RunListItem$status": "The run's status.
",
+ "StartRunResponse$status": "The run's status.
"
+ }
+ },
+ "RunStatusMessage": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$statusMessage": "The run's status message.
"
+ }
+ },
+ "RunTimestamp": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$creationTime": "When the run was created.
",
+ "GetRunResponse$startTime": "When the run started.
",
+ "GetRunResponse$stopTime": "The run's stop time.
",
+ "RunListItem$creationTime": "When the run was created.
",
+ "RunListItem$startTime": "When the run started.
",
+ "RunListItem$stopTime": "When the run stopped.
"
+ }
+ },
+ "S3Destination": {
+ "base": null,
+ "refs": {
+ "ExportReadSetJobDetail$destination": "The job's destination in Amazon S3.
",
+ "GetReadSetExportJobResponse$destination": "The job's destination in Amazon S3.
",
+ "StartReadSetExportJobRequest$destination": "A location for exported files in Amazon S3.
",
+ "StartReadSetExportJobResponse$destination": "The job's output location.
"
+ }
+ },
+ "S3Uri": {
+ "base": null,
+ "refs": {
+ "AnnotationImportItemDetail$source": "The source file's location in Amazon S3.
",
+ "AnnotationImportItemSource$source": "The source file's location in Amazon S3.
",
+ "ImportReferenceSourceItem$sourceFile": "The source file's location in Amazon S3.
",
+ "SourceFiles$source1": "The location of the first file in Amazon S3.
",
+ "SourceFiles$source2": "The location of the second file in Amazon S3.
",
+ "StartReferenceImportJobSourceItem$sourceFile": "The source file's location in Amazon S3.
",
+ "VariantImportItemDetail$source": "The source file's location in Amazon S3.
",
+ "VariantImportItemSource$source": "The source file's location in Amazon S3.
"
+ }
+ },
+ "SampleId": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$sampleId": "The read set's sample ID.
",
+ "ImportReadSetSourceItem$sampleId": "The source's sample ID.
",
+ "ReadSetListItem$sampleId": "The read set's sample ID.
",
+ "StartReadSetImportJobSourceItem$sampleId": "The source's sample ID.
"
+ }
+ },
+ "SchemaItem": {
+ "base": null,
+ "refs": {
+ "TsvStoreOptionsSchemaList$member": null
+ }
+ },
+ "SchemaValueType": {
+ "base": null,
+ "refs": {
+ "SchemaItem$value": null
+ }
+ },
+ "Separator": {
+ "base": null,
+ "refs": {
+ "ReadOptions$sep": "The file's field separator.
"
+ }
+ },
+ "SequenceInformation": {
+ "base": "Details about a sequence.
",
+ "refs": {
+ "GetReadSetMetadataResponse$sequenceInformation": "The read set's sequence information.
",
+ "ReadSetListItem$sequenceInformation": null
+ }
+ },
+ "SequenceStoreArn": {
+ "base": null,
+ "refs": {
+ "CreateSequenceStoreResponse$arn": "The store's ARN.
",
+ "GetSequenceStoreResponse$arn": "The store's ARN.
",
+ "SequenceStoreDetail$arn": "The store's ARN.
"
+ }
+ },
+ "SequenceStoreDescription": {
+ "base": null,
+ "refs": {
+ "CreateSequenceStoreRequest$description": "A description for the store.
",
+ "CreateSequenceStoreResponse$description": "The store's description.
",
+ "GetSequenceStoreResponse$description": "The store's description.
",
+ "SequenceStoreDetail$description": "The store's description.
"
+ }
+ },
+ "SequenceStoreDetail": {
+ "base": "Details about a sequence store.
",
+ "refs": {
+ "SequenceStoreDetailList$member": null
+ }
+ },
+ "SequenceStoreDetailList": {
+ "base": null,
+ "refs": {
+ "ListSequenceStoresResponse$sequenceStores": "A list of sequence stores.
"
+ }
+ },
+ "SequenceStoreFilter": {
+ "base": "A filter for a sequence store.
",
+ "refs": {
+ "ListSequenceStoresRequest$filter": "A filter to apply to the list.
"
+ }
+ },
+ "SequenceStoreId": {
+ "base": null,
+ "refs": {
+ "ActivateReadSetJobItem$sequenceStoreId": "The job's sequence store ID.
",
+ "BatchDeleteReadSetRequest$sequenceStoreId": "The read sets' sequence store ID.
",
+ "CreateSequenceStoreResponse$id": "The store's ID.
",
+ "DeleteSequenceStoreRequest$id": "The sequence store's ID.
",
+ "ExportReadSetJobDetail$sequenceStoreId": "The job's sequence store ID.
",
+ "GetReadSetActivationJobRequest$sequenceStoreId": "The job's sequence store ID.
",
+ "GetReadSetActivationJobResponse$sequenceStoreId": "The job's sequence store ID.
",
+ "GetReadSetExportJobRequest$sequenceStoreId": "The job's sequence store ID.
",
+ "GetReadSetExportJobResponse$sequenceStoreId": "The job's sequence store ID.
",
+ "GetReadSetImportJobRequest$sequenceStoreId": "The job's sequence store ID.
",
+ "GetReadSetImportJobResponse$sequenceStoreId": "The job's sequence store ID.
",
+ "GetReadSetMetadataRequest$sequenceStoreId": "The read set's sequence store ID.
",
+ "GetReadSetMetadataResponse$sequenceStoreId": "The read set's sequence store ID.
",
+ "GetReadSetRequest$sequenceStoreId": "The read set's sequence store ID.
",
+ "GetSequenceStoreRequest$id": "The store's ID.
",
+ "GetSequenceStoreResponse$id": "The store's ID.
",
+ "ImportReadSetJobItem$sequenceStoreId": "The job's sequence store ID.
",
+ "ListReadSetActivationJobsRequest$sequenceStoreId": "The read set's sequence store ID.
",
+ "ListReadSetExportJobsRequest$sequenceStoreId": "The jobs' sequence store ID.
",
+ "ListReadSetImportJobsRequest$sequenceStoreId": "The jobs' sequence store ID.
",
+ "ListReadSetsRequest$sequenceStoreId": "The jobs' sequence store ID.
",
+ "ReadSetListItem$sequenceStoreId": "The read set's sequence store ID.
",
+ "SequenceStoreDetail$id": "The store's ID.
",
+ "StartReadSetActivationJobRequest$sequenceStoreId": "The read set's sequence store ID.
",
+ "StartReadSetActivationJobResponse$sequenceStoreId": "The read set's sequence store ID.
",
+ "StartReadSetExportJobRequest$sequenceStoreId": "The read set's sequence store ID.
",
+ "StartReadSetExportJobResponse$sequenceStoreId": "The read set's sequence store ID.
",
+ "StartReadSetImportJobRequest$sequenceStoreId": "The read set's sequence store ID.
",
+ "StartReadSetImportJobResponse$sequenceStoreId": "The read set's sequence store ID.
"
+ }
+ },
+ "SequenceStoreName": {
+ "base": null,
+ "refs": {
+ "CreateSequenceStoreRequest$name": "A name for the store.
",
+ "CreateSequenceStoreResponse$name": "The store's name.
",
+ "GetSequenceStoreResponse$name": "The store's name.
",
+ "SequenceStoreDetail$name": "The store's name.
",
+ "SequenceStoreFilter$name": "A name to filter on.
"
+ }
+ },
+ "ServiceQuotaExceededException": {
+ "base": "The request exceeds a service quota.
",
+ "refs": {
+ }
+ },
+ "SourceFiles": {
+ "base": "Source files for a sequence.
",
+ "refs": {
+ "ImportReadSetSourceItem$sourceFiles": "The source files' location in Amazon S3.
",
+ "StartReadSetImportJobSourceItem$sourceFiles": "The source files' location in Amazon S3.
"
+ }
+ },
+ "SseConfig": {
+ "base": "Server-side encryption (SSE) settings for a store.
",
+ "refs": {
+ "AnnotationStoreItem$sseConfig": "The store's server-side encryption (SSE) settings.
",
+ "CreateAnnotationStoreRequest$sseConfig": "Server-side encryption (SSE) settings for the store.
",
+ "CreateReferenceStoreRequest$sseConfig": "Server-side encryption (SSE) settings for the store.
",
+ "CreateReferenceStoreResponse$sseConfig": "The store's SSE settings.
",
+ "CreateSequenceStoreRequest$sseConfig": "Server-side encryption (SSE) settings for the store.
",
+ "CreateSequenceStoreResponse$sseConfig": "The store's SSE settings.
",
+ "CreateVariantStoreRequest$sseConfig": "Server-side encryption (SSE) settings for the store.
",
+ "GetAnnotationStoreResponse$sseConfig": "The store's server-side encryption (SSE) settings.
",
+ "GetReferenceStoreResponse$sseConfig": "The store's server-side encryption (SSE) settings.
",
+ "GetSequenceStoreResponse$sseConfig": "The store's server-side encryption (SSE) settings.
",
+ "GetVariantStoreResponse$sseConfig": "The store's server-side encryption (SSE) settings.
",
+ "ReferenceStoreDetail$sseConfig": "The store's server-side encryption (SSE) settings.
",
+ "SequenceStoreDetail$sseConfig": "The store's server-side encryption (SSE) settings.
",
+ "VariantStoreItem$sseConfig": "The store's server-side encryption (SSE) settings.
"
+ }
+ },
+ "SseConfigKeyArnString": {
+ "base": null,
+ "refs": {
+ "SseConfig$keyArn": "An encryption key ARN.
"
+ }
+ },
+ "StartAnnotationImportRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartAnnotationImportResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReadSetActivationJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReadSetActivationJobRequestSourcesList": {
+ "base": null,
+ "refs": {
+ "StartReadSetActivationJobRequest$sources": "The job's sources.
"
+ }
+ },
+ "StartReadSetActivationJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReadSetActivationJobSourceItem": {
+ "base": "A source for a read set activation job.
",
+ "refs": {
+ "StartReadSetActivationJobRequestSourcesList$member": null
+ }
+ },
+ "StartReadSetExportJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReadSetExportJobRequestSourcesList": {
+ "base": null,
+ "refs": {
+ "StartReadSetExportJobRequest$sources": "Sources for the job.
"
+ }
+ },
+ "StartReadSetExportJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReadSetImportJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReadSetImportJobRequestSourcesList": {
+ "base": null,
+ "refs": {
+ "StartReadSetImportJobRequest$sources": "Source files to import.
"
+ }
+ },
+ "StartReadSetImportJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReadSetImportJobSourceItem": {
+ "base": "A source for a read set import job.
",
+ "refs": {
+ "StartReadSetImportJobRequestSourcesList$member": null
+ }
+ },
+ "StartReferenceImportJobRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReferenceImportJobRequestSourcesList": {
+ "base": null,
+ "refs": {
+ "StartReferenceImportJobRequest$sources": "Sources for the job.
"
+ }
+ },
+ "StartReferenceImportJobResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartReferenceImportJobSourceItem": {
+ "base": "A source for a reference import job.
",
+ "refs": {
+ "StartReferenceImportJobRequestSourcesList$member": null
+ }
+ },
+ "StartRunRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartRunRequestPriorityInteger": {
+ "base": null,
+ "refs": {
+ "StartRunRequest$priority": "A priority for the run.
"
+ }
+ },
+ "StartRunRequestStorageCapacityInteger": {
+ "base": null,
+ "refs": {
+ "StartRunRequest$storageCapacity": "A storage capacity for the run.
"
+ }
+ },
+ "StartRunResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartVariantImportRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartVariantImportResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StatusMessage": {
+ "base": null,
+ "refs": {
+ "AnnotationStoreItem$statusMessage": "The store's status message.
",
+ "GetAnnotationStoreResponse$statusMessage": "A status message.
",
+ "GetVariantStoreResponse$statusMessage": "The store's status message.
",
+ "VariantStoreItem$statusMessage": "The store's status message.
"
+ }
+ },
+ "StoreDescription": {
+ "base": null,
+ "refs": {
+ "AnnotationStoreItem$description": "The store's description.
",
+ "CreateAnnotationStoreRequest$description": "A description for the store.
",
+ "CreateVariantStoreRequest$description": "A description for the store.
",
+ "GetAnnotationStoreResponse$description": "The store's description.
",
+ "GetVariantStoreResponse$description": "The store's description.
",
+ "UpdateAnnotationStoreRequest$description": "A description for the store.
",
+ "UpdateAnnotationStoreResponse$description": "The store's description.
",
+ "UpdateVariantStoreRequest$description": "A description for the store.
",
+ "UpdateVariantStoreResponse$description": "The store's description.
",
+ "VariantStoreItem$description": "The store's description.
"
+ }
+ },
+ "StoreFormat": {
+ "base": null,
+ "refs": {
+ "AnnotationStoreItem$storeFormat": "The store's file format.
",
+ "CreateAnnotationStoreRequest$storeFormat": "The annotation file format of the store.
",
+ "CreateAnnotationStoreResponse$storeFormat": "The annotation file format of the store.
",
+ "GetAnnotationStoreResponse$storeFormat": "The store's annotation file format.
",
+ "UpdateAnnotationStoreResponse$storeFormat": "The annotation file format of the store.
"
+ }
+ },
+ "StoreName": {
+ "base": null,
+ "refs": {
+ "GetAnnotationImportResponse$destinationName": "The job's destination annotation store.
",
+ "GetVariantImportResponse$destinationName": "The job's destination variant store.
",
+ "StartAnnotationImportRequest$destinationName": "A destination annotation store for the job.
",
+ "StartVariantImportRequest$destinationName": "The destination variant store for the job.
"
+ }
+ },
+ "StoreOptions": {
+ "base": "Settings for a store.
",
+ "refs": {
+ "CreateAnnotationStoreRequest$storeOptions": "File parsing options for the annotation store.
",
+ "CreateAnnotationStoreResponse$storeOptions": "The store's file parsing options.
",
+ "GetAnnotationStoreResponse$storeOptions": "The store's parsing options.
",
+ "UpdateAnnotationStoreResponse$storeOptions": "Parsing options for the store.
"
+ }
+ },
+ "StoreStatus": {
+ "base": null,
+ "refs": {
+ "AnnotationStoreItem$status": "The store's status.
",
+ "CreateAnnotationStoreResponse$status": "The store's status.
",
+ "CreateVariantStoreResponse$status": "The store's status.
",
+ "DeleteAnnotationStoreResponse$status": "The store's status.
",
+ "DeleteVariantStoreResponse$status": "The store's status.
",
+ "GetAnnotationStoreResponse$status": "The store's status.
",
+ "GetVariantStoreResponse$status": "The store's status.
",
+ "ListAnnotationStoresFilter$status": "A status to filter on.
",
+ "ListVariantStoresFilter$status": "A status to filter on.
",
+ "UpdateAnnotationStoreResponse$status": "The store's status.
",
+ "UpdateVariantStoreResponse$status": "The store's status.
",
+ "VariantStoreItem$status": "The store's status.
"
+ }
+ },
+ "String": {
+ "base": null,
+ "refs": {
+ "AccessDeniedException$message": null,
+ "AnnotationImportJobItem$destinationName": "The job's destination annotation store.
",
+ "AnnotationImportJobItem$id": "The job's ID.
",
+ "AnnotationStoreItem$name": "The store's name.
",
+ "ConflictException$message": null,
+ "CreateAnnotationStoreResponse$name": "The store's name.
",
+ "CreateVariantStoreResponse$name": "The store's name.
",
+ "DeleteAnnotationStoreRequest$name": "The store's name.
",
+ "DeleteVariantStoreRequest$name": "The store's name.
",
+ "GetAnnotationStoreRequest$name": "The store's name.
",
+ "GetAnnotationStoreResponse$name": "The store's name.
",
+ "GetVariantStoreRequest$name": "The store's name.
",
+ "GetVariantStoreResponse$name": "The store's name.
",
+ "InternalServerException$message": null,
+ "ListAnnotationImportJobsFilter$storeName": "A store name to filter on.
",
+ "ListAnnotationImportJobsResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListAnnotationStoresResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListVariantImportJobsFilter$storeName": "A store name to filter on.
",
+ "ListVariantImportJobsResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "ListVariantStoresResponse$nextToken": "A pagination token that's included if more results are available.
",
+ "RangeNotSatisfiableException$message": null,
+ "ReadSetBatchError$code": "The error's code.
",
+ "ReadSetBatchError$message": "The error's message.
",
+ "RequestTimeoutException$message": null,
+ "ResourceNotFoundException$message": null,
+ "SchemaItem$key": null,
+ "SequenceInformation$alignment": "The sequence's alignment setting.
",
+ "ServiceQuotaExceededException$message": null,
+ "ThrottlingException$message": null,
+ "UpdateAnnotationStoreRequest$name": "A name for the store.
",
+ "UpdateAnnotationStoreResponse$name": "The store's name.
",
+ "UpdateVariantStoreRequest$name": "A name for the store.
",
+ "UpdateVariantStoreResponse$name": "The store's name.
",
+ "ValidationException$message": null,
+ "VariantImportJobItem$destinationName": "The job's destination variant store.
",
+ "VariantImportJobItem$id": "The job's ID.
",
+ "VariantStoreItem$name": "The store's name.
"
+ }
+ },
+ "SubjectId": {
+ "base": null,
+ "refs": {
+ "GetReadSetMetadataResponse$subjectId": "The read set's subject ID.
",
+ "ImportReadSetSourceItem$subjectId": "The source's subject ID.
",
+ "ReadSetListItem$subjectId": "The read set's subject ID.
",
+ "StartReadSetImportJobSourceItem$subjectId": "The source's subject ID.
"
+ }
+ },
+ "SyntheticTimestamp_date_time": {
+ "base": null,
+ "refs": {
+ "ActivateReadSetFilter$createdAfter": "The filter's start date.
",
+ "ActivateReadSetFilter$createdBefore": "The filter's end date.
",
+ "ActivateReadSetJobItem$completionTime": "When the job completed.
",
+ "ActivateReadSetJobItem$creationTime": "When the job was created.
",
+ "CreateReferenceStoreResponse$creationTime": "When the store was created.
",
+ "CreateSequenceStoreResponse$creationTime": "When the store was created.
",
+ "ExportReadSetFilter$createdAfter": "The filter's start date.
",
+ "ExportReadSetFilter$createdBefore": "The filter's end date.
",
+ "ExportReadSetJobDetail$completionTime": "When the job completed.
",
+ "ExportReadSetJobDetail$creationTime": "When the job was created.
",
+ "GetReadSetActivationJobResponse$completionTime": "When the job completed.
",
+ "GetReadSetActivationJobResponse$creationTime": "When the job was created.
",
+ "GetReadSetExportJobResponse$completionTime": "When the job completed.
",
+ "GetReadSetExportJobResponse$creationTime": "When the job was created.
",
+ "GetReadSetImportJobResponse$completionTime": "When the job completed.
",
+ "GetReadSetImportJobResponse$creationTime": "When the job was created.
",
+ "GetReadSetMetadataResponse$creationTime": "When the read set was created.
",
+ "GetReferenceImportJobResponse$completionTime": "When the job completed.
",
+ "GetReferenceImportJobResponse$creationTime": "When the job was created.
",
+ "GetReferenceMetadataResponse$creationTime": "When the reference was created.
",
+ "GetReferenceMetadataResponse$updateTime": "When the reference was updated.
",
+ "GetReferenceStoreResponse$creationTime": "When the store was created.
",
+ "GetSequenceStoreResponse$creationTime": "When the store was created.
",
+ "ImportReadSetFilter$createdAfter": "The filter's start date.
",
+ "ImportReadSetFilter$createdBefore": "The filter's end date.
",
+ "ImportReadSetJobItem$completionTime": "When the job completed.
",
+ "ImportReadSetJobItem$creationTime": "When the job was created.
",
+ "ImportReferenceFilter$createdAfter": "The filter's start date.
",
+ "ImportReferenceFilter$createdBefore": "The filter's end date.
",
+ "ImportReferenceJobItem$completionTime": "When the job completed.
",
+ "ImportReferenceJobItem$creationTime": "When the job was created.
",
+ "ReadSetFilter$createdAfter": "The filter's start date.
",
+ "ReadSetFilter$createdBefore": "The filter's end date.
",
+ "ReadSetListItem$creationTime": "When the read set was created.
",
+ "ReferenceFilter$createdAfter": "The filter's start date.
",
+ "ReferenceFilter$createdBefore": "The filter's end date.
",
+ "ReferenceListItem$creationTime": "When the reference was created.
",
+ "ReferenceListItem$updateTime": "When the reference was updated.
",
+ "ReferenceStoreDetail$creationTime": "When the store was created.
",
+ "ReferenceStoreFilter$createdAfter": "The filter's start date.
",
+ "ReferenceStoreFilter$createdBefore": "The filter's end date.
",
+ "SequenceStoreDetail$creationTime": "When the store was created.
",
+ "SequenceStoreFilter$createdAfter": "The filter's start date.
",
+ "SequenceStoreFilter$createdBefore": "The filter's end date.
",
+ "StartReadSetActivationJobResponse$creationTime": "When the job was created.
",
+ "StartReadSetExportJobResponse$creationTime": "When the job was created.
",
+ "StartReadSetImportJobResponse$creationTime": "When the job was created.
",
+ "StartReferenceImportJobResponse$creationTime": "When the job was created.
"
+ }
+ },
+ "TagArn": {
+ "base": null,
+ "refs": {
+ "ListTagsForResourceRequest$resourceArn": "The resource's ARN.
",
+ "TagResourceRequest$resourceArn": "The resource's ARN.
",
+ "UntagResourceRequest$resourceArn": "The resource's ARN.
"
+ }
+ },
+ "TagKey": {
+ "base": null,
+ "refs": {
+ "TagKeyList$member": null,
+ "TagMap$key": null,
+ "TagResourceRequestTagsMap$key": null
+ }
+ },
+ "TagKeyList": {
+ "base": null,
+ "refs": {
+ "UntagResourceRequest$tagKeys": "Keys of tags to remove.
"
+ }
+ },
+ "TagMap": {
+ "base": null,
+ "refs": {
+ "CreateAnnotationStoreRequest$tags": "Tags for the store.
",
+ "CreateReferenceStoreRequest$tags": "Tags for the store.
",
+ "CreateRunGroupRequest$tags": "Tags for the group.
",
+ "CreateRunGroupResponse$tags": "Tags for the run group.
",
+ "CreateSequenceStoreRequest$tags": "Tags for the store.
",
+ "CreateVariantStoreRequest$tags": "Tags for the store.
",
+ "CreateWorkflowRequest$tags": "Tags for the workflow.
",
+ "CreateWorkflowResponse$tags": "The workflow's tags.
",
+ "GetAnnotationStoreResponse$tags": "The store's tags.
",
+ "GetRunGroupResponse$tags": "The group's tags.
",
+ "GetRunResponse$tags": "The run's tags.
",
+ "GetVariantStoreResponse$tags": "The store's tags.
",
+ "GetWorkflowResponse$tags": "The workflow's tags.
",
+ "ImportReadSetSourceItem$tags": "The source's tags.
",
+ "ImportReferenceSourceItem$tags": "The source's tags.
",
+ "ListTagsForResourceResponse$tags": "A list of tags.
",
+ "StartReadSetImportJobSourceItem$tags": "The source's tags.
",
+ "StartReferenceImportJobSourceItem$tags": "The source's tags.
",
+ "StartRunRequest$tags": "Tags for the run.
",
+ "StartRunResponse$tags": "The run's tags.
"
+ }
+ },
+ "TagResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "TagResourceRequestTagsMap": {
+ "base": null,
+ "refs": {
+ "TagResourceRequest$tags": "Tags for the resource.
"
+ }
+ },
+ "TagResourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "TagValue": {
+ "base": null,
+ "refs": {
+ "TagMap$value": null,
+ "TagResourceRequestTagsMap$value": null
+ }
+ },
+ "TaskId": {
+ "base": null,
+ "refs": {
+ "GetRunTaskRequest$taskId": "The task's ID.
",
+ "GetRunTaskResponse$taskId": "The task's ID.
",
+ "TaskListItem$taskId": "The task's ID.
"
+ }
+ },
+ "TaskList": {
+ "base": null,
+ "refs": {
+ "ListRunTasksResponse$items": "A list of tasks.
"
+ }
+ },
+ "TaskListItem": {
+ "base": "A workflow run task.
",
+ "refs": {
+ "TaskList$member": null
+ }
+ },
+ "TaskListItemCpusInteger": {
+ "base": null,
+ "refs": {
+ "TaskListItem$cpus": "The task's CPU count.
"
+ }
+ },
+ "TaskListItemMemoryInteger": {
+ "base": null,
+ "refs": {
+ "TaskListItem$memory": "The task's memory.
"
+ }
+ },
+ "TaskListToken": {
+ "base": null,
+ "refs": {
+ "ListRunTasksRequest$startingToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListRunTasksResponse$nextToken": "A pagination token that's included if more results are available.
"
+ }
+ },
+ "TaskLogStream": {
+ "base": null,
+ "refs": {
+ "GetRunTaskResponse$logStream": "The task's log stream.
"
+ }
+ },
+ "TaskName": {
+ "base": null,
+ "refs": {
+ "GetRunTaskResponse$name": "The task's name.
",
+ "TaskListItem$name": "The task's name.
"
+ }
+ },
+ "TaskStatus": {
+ "base": null,
+ "refs": {
+ "GetRunTaskResponse$status": "The task's status.
",
+ "ListRunTasksRequest$status": "Filter the list by status.
",
+ "TaskListItem$status": "The task's status.
"
+ }
+ },
+ "TaskStatusMessage": {
+ "base": null,
+ "refs": {
+ "GetRunTaskResponse$statusMessage": "The task's status message.
"
+ }
+ },
+ "TaskTimestamp": {
+ "base": null,
+ "refs": {
+ "GetRunTaskResponse$creationTime": "When the task was created.
",
+ "GetRunTaskResponse$startTime": "The task's start time.
",
+ "GetRunTaskResponse$stopTime": "The task's stop time.
",
+ "TaskListItem$creationTime": "When the task was created.
",
+ "TaskListItem$startTime": "When the task started.
",
+ "TaskListItem$stopTime": "When the task stopped.
"
+ }
+ },
+ "ThrottlingException": {
+ "base": "The request was denied due to request throttling.
",
+ "refs": {
+ }
+ },
+ "TsvOptions": {
+ "base": "Formatting options for a TSV file.
",
+ "refs": {
+ "FormatOptions$tsvOptions": "Options for a TSV file.
"
+ }
+ },
+ "TsvStoreOptions": {
+ "base": "File settings for a TSV store.
",
+ "refs": {
+ "StoreOptions$tsvStoreOptions": "File settings for a TSV store.
"
+ }
+ },
+ "TsvStoreOptionsSchemaList": {
+ "base": null,
+ "refs": {
+ "TsvStoreOptions$schema": "The store's schema.
"
+ }
+ },
+ "UntagResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UntagResourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateAnnotationStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateAnnotationStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateRunGroupRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateRunGroupRequestMaxCpusInteger": {
+ "base": null,
+ "refs": {
+ "UpdateRunGroupRequest$maxCpus": "The maximum number of CPUs to use.
"
+ }
+ },
+ "UpdateRunGroupRequestMaxDurationInteger": {
+ "base": null,
+ "refs": {
+ "UpdateRunGroupRequest$maxDuration": "The maximum amount of time to run.
"
+ }
+ },
+ "UpdateRunGroupRequestMaxRunsInteger": {
+ "base": null,
+ "refs": {
+ "UpdateRunGroupRequest$maxRuns": "The maximum number of concurrent runs for the group.
"
+ }
+ },
+ "UpdateTime": {
+ "base": null,
+ "refs": {
+ "AnnotationImportJobItem$updateTime": "When the job was updated.
",
+ "AnnotationStoreItem$updateTime": "When the store was updated.
",
+ "GetAnnotationImportResponse$updateTime": "When the job was updated.
",
+ "GetAnnotationStoreResponse$updateTime": "When the store was updated.
",
+ "GetVariantImportResponse$updateTime": "When the job was updated.
",
+ "GetVariantStoreResponse$updateTime": "When the store was updated.
",
+ "UpdateAnnotationStoreResponse$updateTime": "When the store was updated.
",
+ "UpdateVariantStoreResponse$updateTime": "When the store was updated.
",
+ "VariantImportJobItem$updateTime": "When the job was updated.
",
+ "VariantStoreItem$updateTime": "When the store was updated.
"
+ }
+ },
+ "UpdateVariantStoreRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateVariantStoreResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateWorkflowRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ValidationException": {
+ "base": "The input fails to satisfy the constraints specified by an AWS service.
",
+ "refs": {
+ }
+ },
+ "VariantImportItemDetail": {
+ "base": "Details about an imported variant item.
",
+ "refs": {
+ "VariantImportItemDetails$member": null
+ }
+ },
+ "VariantImportItemDetails": {
+ "base": null,
+ "refs": {
+ "GetVariantImportResponse$items": "The job's items.
"
+ }
+ },
+ "VariantImportItemSource": {
+ "base": "A imported variant item's source.
",
+ "refs": {
+ "VariantImportItemSources$member": null
+ }
+ },
+ "VariantImportItemSources": {
+ "base": null,
+ "refs": {
+ "StartVariantImportRequest$items": "Items to import.
"
+ }
+ },
+ "VariantImportJobItem": {
+ "base": "A variant import job.
",
+ "refs": {
+ "VariantImportJobItems$member": null
+ }
+ },
+ "VariantImportJobItems": {
+ "base": null,
+ "refs": {
+ "ListVariantImportJobsResponse$variantImportJobs": "A list of jobs.
"
+ }
+ },
+ "VariantStoreItem": {
+ "base": "A variant store.
",
+ "refs": {
+ "VariantStoreItems$member": null
+ }
+ },
+ "VariantStoreItems": {
+ "base": null,
+ "refs": {
+ "ListVariantStoresResponse$variantStores": "A list of variant stores.
"
+ }
+ },
+ "VcfOptions": {
+ "base": "Formatting options for a VCF file.
",
+ "refs": {
+ "FormatOptions$vcfOptions": "Options for a VCF file.
"
+ }
+ },
+ "WorkflowArn": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowResponse$arn": "The workflow's ARN.
",
+ "GetWorkflowResponse$arn": "The workflow's ARN.
",
+ "WorkflowListItem$arn": "The workflow's ARN.
"
+ }
+ },
+ "WorkflowDefinition": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$definitionUri": "The URI of a definition for the workflow.
",
+ "GetRunResponse$definition": "The run's definition.
",
+ "GetWorkflowResponse$definition": "The workflow's definition.
"
+ }
+ },
+ "WorkflowDescription": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$description": "A description for the workflow.
",
+ "GetWorkflowResponse$description": "The workflow's description.
",
+ "UpdateWorkflowRequest$description": "A description for the workflow.
"
+ }
+ },
+ "WorkflowDigest": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$digest": "The run's digest.
",
+ "GetWorkflowResponse$digest": "The workflow's digest.
",
+ "WorkflowListItem$digest": "The workflow's digest.
"
+ }
+ },
+ "WorkflowEngine": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$engine": "An engine for the workflow.
",
+ "GetWorkflowResponse$engine": "The workflow's engine.
"
+ }
+ },
+ "WorkflowExport": {
+ "base": null,
+ "refs": {
+ "WorkflowExportList$member": null
+ }
+ },
+ "WorkflowExportList": {
+ "base": null,
+ "refs": {
+ "GetWorkflowRequest$export": "The export format for the workflow.
"
+ }
+ },
+ "WorkflowId": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowResponse$id": "The workflow's ID.
",
+ "DeleteWorkflowRequest$id": "The workflow's ID.
",
+ "GetRunResponse$workflowId": "The run's workflow ID.
",
+ "GetWorkflowRequest$id": "The workflow's ID.
",
+ "GetWorkflowResponse$id": "The workflow's ID.
",
+ "RunListItem$workflowId": "The run's workflow ID.
",
+ "StartRunRequest$workflowId": "The run's workflow ID.
",
+ "UpdateWorkflowRequest$id": "The workflow's ID.
",
+ "WorkflowListItem$id": "The workflow's ID.
"
+ }
+ },
+ "WorkflowList": {
+ "base": null,
+ "refs": {
+ "ListWorkflowsResponse$items": "The workflows' items.
"
+ }
+ },
+ "WorkflowListItem": {
+ "base": "A workflow.
",
+ "refs": {
+ "WorkflowList$member": null
+ }
+ },
+ "WorkflowListToken": {
+ "base": null,
+ "refs": {
+ "ListWorkflowsRequest$startingToken": "Specify the pagination token from a previous request to retrieve the next page of results.
",
+ "ListWorkflowsResponse$nextToken": "A pagination token that's included if more results are available.
"
+ }
+ },
+ "WorkflowMain": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$main": "The path of the main definition file for the workflow.
",
+ "GetWorkflowResponse$main": "The path of the main definition file for the workflow.
"
+ }
+ },
+ "WorkflowName": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$name": "A name for the workflow.
",
+ "GetWorkflowResponse$name": "The workflow's name.
",
+ "ListWorkflowsRequest$name": "The workflows' name.
",
+ "UpdateWorkflowRequest$name": "A name for the workflow.
",
+ "WorkflowListItem$name": "The workflow's name.
"
+ }
+ },
+ "WorkflowParameter": {
+ "base": "A workflow parameter.
",
+ "refs": {
+ "WorkflowParameterTemplate$value": null
+ }
+ },
+ "WorkflowParameterDescription": {
+ "base": null,
+ "refs": {
+ "WorkflowParameter$description": "The parameter's description.
"
+ }
+ },
+ "WorkflowParameterName": {
+ "base": null,
+ "refs": {
+ "WorkflowParameterTemplate$key": null
+ }
+ },
+ "WorkflowParameterTemplate": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$parameterTemplate": "A parameter template for the workflow.
",
+ "GetWorkflowResponse$parameterTemplate": "The workflow's parameter template.
"
+ }
+ },
+ "WorkflowRequestId": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowRequest$requestId": "A request ID for the workflow.
"
+ }
+ },
+ "WorkflowStatus": {
+ "base": null,
+ "refs": {
+ "CreateWorkflowResponse$status": "The workflow's status.
",
+ "GetWorkflowResponse$status": "The workflow's status.
",
+ "WorkflowListItem$status": "The workflow's status.
"
+ }
+ },
+ "WorkflowStatusMessage": {
+ "base": null,
+ "refs": {
+ "GetWorkflowResponse$statusMessage": "The workflow's status message.
"
+ }
+ },
+ "WorkflowTimestamp": {
+ "base": null,
+ "refs": {
+ "GetWorkflowResponse$creationTime": "When the workflow was created.
",
+ "WorkflowListItem$creationTime": "When the workflow was created.
"
+ }
+ },
+ "WorkflowType": {
+ "base": null,
+ "refs": {
+ "GetRunResponse$workflowType": "The run's workflow type.
",
+ "GetWorkflowRequest$type": "The workflow's type.
",
+ "GetWorkflowResponse$type": "The workflow's type.
",
+ "ListWorkflowsRequest$type": "The workflows' type.
",
+ "StartRunRequest$workflowType": "The run's workflows type.
",
+ "WorkflowListItem$type": "The workflow's type.
"
+ }
+ }
+ }
+}
diff --git a/models/apis/omics/2022-11-28/endpoint-rule-set-1.json b/models/apis/omics/2022-11-28/endpoint-rule-set-1.json
new file mode 100644
index 0000000000..8c1b3668fb
--- /dev/null
+++ b/models/apis/omics/2022-11-28/endpoint-rule-set-1.json
@@ -0,0 +1,309 @@
+{
+ "version": "1.0",
+ "parameters": {
+ "Region": {
+ "builtIn": "AWS::Region",
+ "required": true,
+ "documentation": "The AWS region used to dispatch the request.",
+ "type": "String"
+ },
+ "UseDualStack": {
+ "builtIn": "AWS::UseDualStack",
+ "required": true,
+ "default": false,
+ "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
+ "type": "Boolean"
+ },
+ "UseFIPS": {
+ "builtIn": "AWS::UseFIPS",
+ "required": true,
+ "default": false,
+ "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
+ "type": "Boolean"
+ },
+ "Endpoint": {
+ "builtIn": "SDK::Endpoint",
+ "required": false,
+ "documentation": "Override the endpoint used to send this request",
+ "type": "String"
+ }
+ },
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ },
+ {
+ "fn": "parseURL",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ],
+ "assign": "url"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://omics-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://omics-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://omics.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://omics.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/models/apis/omics/2022-11-28/endpoint-tests-1.json b/models/apis/omics/2022-11-28/endpoint-tests-1.json
new file mode 100644
index 0000000000..485293e391
--- /dev/null
+++ b/models/apis/omics/2022-11-28/endpoint-tests-1.json
@@ -0,0 +1,295 @@
+{
+ "testCases": [
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://omics.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips enabled and dualstack disabled",
+ "expect": {
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack enabled",
+ "expect": {
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ }
+ ],
+ "version": "1.0"
+}
\ No newline at end of file
diff --git a/models/apis/omics/2022-11-28/examples-1.json b/models/apis/omics/2022-11-28/examples-1.json
new file mode 100644
index 0000000000..0ea7e3b0bb
--- /dev/null
+++ b/models/apis/omics/2022-11-28/examples-1.json
@@ -0,0 +1,5 @@
+{
+ "version": "1.0",
+ "examples": {
+ }
+}
diff --git a/models/apis/omics/2022-11-28/paginators-1.json b/models/apis/omics/2022-11-28/paginators-1.json
new file mode 100644
index 0000000000..ea92fb1c53
--- /dev/null
+++ b/models/apis/omics/2022-11-28/paginators-1.json
@@ -0,0 +1,100 @@
+{
+ "pagination": {
+ "ListAnnotationImportJobs": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "annotationImportJobs"
+ },
+ "ListAnnotationStores": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "annotationStores"
+ },
+ "ListReadSetActivationJobs": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "activationJobs"
+ },
+ "ListReadSetExportJobs": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "exportJobs"
+ },
+ "ListReadSetImportJobs": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "importJobs"
+ },
+ "ListReadSets": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "readSets"
+ },
+ "ListReferenceImportJobs": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "importJobs"
+ },
+ "ListReferenceStores": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "referenceStores"
+ },
+ "ListReferences": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "references"
+ },
+ "ListRunGroups": {
+ "input_token": "startingToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "items"
+ },
+ "ListRunTasks": {
+ "input_token": "startingToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "items"
+ },
+ "ListRuns": {
+ "input_token": "startingToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "items"
+ },
+ "ListSequenceStores": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "sequenceStores"
+ },
+ "ListVariantImportJobs": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "variantImportJobs"
+ },
+ "ListVariantStores": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "variantStores"
+ },
+ "ListWorkflows": {
+ "input_token": "startingToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "items"
+ }
+ }
+}
diff --git a/models/apis/omics/2022-11-28/waiters-2.json b/models/apis/omics/2022-11-28/waiters-2.json
new file mode 100644
index 0000000000..db1de32eed
--- /dev/null
+++ b/models/apis/omics/2022-11-28/waiters-2.json
@@ -0,0 +1,498 @@
+{
+ "version" : 2,
+ "waiters" : {
+ "AnnotationImportJobCreated" : {
+ "description" : "Wait until an annotation import is completed",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetAnnotationImportJob",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "SUBMITTED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "IN_PROGRESS"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "CANCELLED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ } ]
+ },
+ "AnnotationStoreCreated" : {
+ "description" : "Wait until an annotation store is created",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetAnnotationStore",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "ACTIVE"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "CREATING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "UPDATING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ } ]
+ },
+ "AnnotationStoreDeleted" : {
+ "description" : "Wait until an annotation store is deleted.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetAnnotationStore",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "DELETED"
+ }, {
+ "matcher" : "error",
+ "state" : "success",
+ "expected" : "ResourceNotFoundException"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "DELETING"
+ } ]
+ },
+ "ReadSetActivationJobCompleted" : {
+ "description" : "Wait until a job is completed.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetReadSetActivationJob",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "SUBMITTED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "IN_PROGRESS"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "CANCELLING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "CANCELLED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "COMPLETED_WITH_FAILURES"
+ } ]
+ },
+ "ReadSetExportJobCompleted" : {
+ "description" : "Wait until a job is completed.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetReadSetExportJob",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "SUBMITTED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "IN_PROGRESS"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "CANCELLING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "CANCELLED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "COMPLETED_WITH_FAILURES"
+ } ]
+ },
+ "ReadSetImportJobCompleted" : {
+ "description" : "Wait until a job is completed.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetReadSetImportJob",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "SUBMITTED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "IN_PROGRESS"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "CANCELLING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "CANCELLED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "COMPLETED_WITH_FAILURES"
+ } ]
+ },
+ "ReferenceImportJobCompleted" : {
+ "description" : "Wait until a job is completed.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetReferenceImportJob",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "SUBMITTED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "IN_PROGRESS"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "CANCELLING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "CANCELLED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "COMPLETED_WITH_FAILURES"
+ } ]
+ },
+ "RunCompleted" : {
+ "description" : "Wait until a run is completed.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetRun",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "PENDING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "STARTING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "RUNNING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "STOPPING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ } ]
+ },
+ "RunRunning" : {
+ "description" : "Wait until a run is running.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetRun",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "RUNNING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "PENDING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "STARTING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "CANCELLED"
+ } ]
+ },
+ "TaskCompleted" : {
+ "description" : "Wait until a task is completed.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetRunTask",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "PENDING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "STARTING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "RUNNING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "STOPPING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ } ]
+ },
+ "TaskRunning" : {
+ "description" : "Wait until a task is running.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetRunTask",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "RUNNING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "PENDING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "STARTING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "CANCELLED"
+ } ]
+ },
+ "VariantImportJobCreated" : {
+ "description" : "Wait until variant import is completed",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetVariantImportJob",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "SUBMITTED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "IN_PROGRESS"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "CANCELLED"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "COMPLETED"
+ } ]
+ },
+ "VariantStoreCreated" : {
+ "description" : "Wait until a variant store is created",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetVariantStore",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "ACTIVE"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "CREATING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "UPDATING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ } ]
+ },
+ "VariantStoreDeleted" : {
+ "description" : "Wait until a variant store is deleted.",
+ "delay" : 30,
+ "maxAttempts" : 20,
+ "operation" : "GetVariantStore",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "DELETED"
+ }, {
+ "matcher" : "error",
+ "state" : "success",
+ "expected" : "ResourceNotFoundException"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "DELETING"
+ } ]
+ },
+ "WorkflowActive" : {
+ "description" : "Wait until a workflow is active.",
+ "delay" : 3,
+ "maxAttempts" : 10,
+ "operation" : "GetWorkflow",
+ "acceptors" : [ {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "success",
+ "expected" : "ACTIVE"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "CREATING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "retry",
+ "expected" : "UPDATING"
+ }, {
+ "matcher" : "path",
+ "argument" : "status",
+ "state" : "failure",
+ "expected" : "FAILED"
+ } ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/models/apis/opensearchserverless/2021-11-01/api-2.json b/models/apis/opensearchserverless/2021-11-01/api-2.json
new file mode 100644
index 0000000000..8c0289a5aa
--- /dev/null
+++ b/models/apis/opensearchserverless/2021-11-01/api-2.json
@@ -0,0 +1,2460 @@
+{
+ "metadata": {
+ "apiVersion": "2021-11-01",
+ "endpointPrefix": "aoss",
+ "jsonVersion": "1.0",
+ "protocol": "json",
+ "serviceFullName": "OpenSearch Service Serverless",
+ "serviceId": "OpenSearchServerless",
+ "signatureVersion": "v4",
+ "signingName": "aoss",
+ "targetPrefix": "OpenSearchServerless",
+ "uid": "opensearchserverless-2021-11-01"
+ },
+ "operations": {
+ "BatchGetCollection": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "BatchGetCollectionRequest"
+ },
+ "name": "BatchGetCollection",
+ "output": {
+ "shape": "BatchGetCollectionResponse"
+ }
+ },
+ "BatchGetVpcEndpoint": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "BatchGetVpcEndpointRequest"
+ },
+ "name": "BatchGetVpcEndpoint",
+ "output": {
+ "shape": "BatchGetVpcEndpointResponse"
+ }
+ },
+ "CreateAccessPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "CreateAccessPolicyRequest"
+ },
+ "name": "CreateAccessPolicy",
+ "output": {
+ "shape": "CreateAccessPolicyResponse"
+ }
+ },
+ "CreateCollection": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "CreateCollectionRequest"
+ },
+ "name": "CreateCollection",
+ "output": {
+ "shape": "CreateCollectionResponse"
+ }
+ },
+ "CreateSecurityConfig": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "CreateSecurityConfigRequest"
+ },
+ "name": "CreateSecurityConfig",
+ "output": {
+ "shape": "CreateSecurityConfigResponse"
+ }
+ },
+ "CreateSecurityPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "CreateSecurityPolicyRequest"
+ },
+ "name": "CreateSecurityPolicy",
+ "output": {
+ "shape": "CreateSecurityPolicyResponse"
+ }
+ },
+ "CreateVpcEndpoint": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "CreateVpcEndpointRequest"
+ },
+ "name": "CreateVpcEndpoint",
+ "output": {
+ "shape": "CreateVpcEndpointResponse"
+ }
+ },
+ "DeleteAccessPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteAccessPolicyRequest"
+ },
+ "name": "DeleteAccessPolicy",
+ "output": {
+ "shape": "DeleteAccessPolicyResponse"
+ }
+ },
+ "DeleteCollection": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteCollectionRequest"
+ },
+ "name": "DeleteCollection",
+ "output": {
+ "shape": "DeleteCollectionResponse"
+ }
+ },
+ "DeleteSecurityConfig": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteSecurityConfigRequest"
+ },
+ "name": "DeleteSecurityConfig",
+ "output": {
+ "shape": "DeleteSecurityConfigResponse"
+ }
+ },
+ "DeleteSecurityPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteSecurityPolicyRequest"
+ },
+ "name": "DeleteSecurityPolicy",
+ "output": {
+ "shape": "DeleteSecurityPolicyResponse"
+ }
+ },
+ "DeleteVpcEndpoint": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "DeleteVpcEndpointRequest"
+ },
+ "name": "DeleteVpcEndpoint",
+ "output": {
+ "shape": "DeleteVpcEndpointResponse"
+ }
+ },
+ "GetAccessPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "GetAccessPolicyRequest"
+ },
+ "name": "GetAccessPolicy",
+ "output": {
+ "shape": "GetAccessPolicyResponse"
+ }
+ },
+ "GetAccountSettings": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "GetAccountSettingsRequest"
+ },
+ "name": "GetAccountSettings",
+ "output": {
+ "shape": "GetAccountSettingsResponse"
+ }
+ },
+ "GetPoliciesStats": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "GetPoliciesStatsRequest"
+ },
+ "name": "GetPoliciesStats",
+ "output": {
+ "shape": "GetPoliciesStatsResponse"
+ }
+ },
+ "GetSecurityConfig": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "GetSecurityConfigRequest"
+ },
+ "name": "GetSecurityConfig",
+ "output": {
+ "shape": "GetSecurityConfigResponse"
+ }
+ },
+ "GetSecurityPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "GetSecurityPolicyRequest"
+ },
+ "name": "GetSecurityPolicy",
+ "output": {
+ "shape": "GetSecurityPolicyResponse"
+ }
+ },
+ "ListAccessPolicies": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "ListAccessPoliciesRequest"
+ },
+ "name": "ListAccessPolicies",
+ "output": {
+ "shape": "ListAccessPoliciesResponse"
+ }
+ },
+ "ListCollections": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "ListCollectionsRequest"
+ },
+ "name": "ListCollections",
+ "output": {
+ "shape": "ListCollectionsResponse"
+ }
+ },
+ "ListSecurityConfigs": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "ListSecurityConfigsRequest"
+ },
+ "name": "ListSecurityConfigs",
+ "output": {
+ "shape": "ListSecurityConfigsResponse"
+ }
+ },
+ "ListSecurityPolicies": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "ListSecurityPoliciesRequest"
+ },
+ "name": "ListSecurityPolicies",
+ "output": {
+ "shape": "ListSecurityPoliciesResponse"
+ }
+ },
+ "ListTagsForResource": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "ListTagsForResourceRequest"
+ },
+ "name": "ListTagsForResource",
+ "output": {
+ "shape": "ListTagsForResourceResponse"
+ }
+ },
+ "ListVpcEndpoints": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "ListVpcEndpointsRequest"
+ },
+ "name": "ListVpcEndpoints",
+ "output": {
+ "shape": "ListVpcEndpointsResponse"
+ }
+ },
+ "TagResource": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "TagResourceRequest"
+ },
+ "name": "TagResource",
+ "output": {
+ "shape": "TagResourceResponse"
+ }
+ },
+ "UntagResource": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "UntagResourceRequest"
+ },
+ "name": "UntagResource",
+ "output": {
+ "shape": "UntagResourceResponse"
+ }
+ },
+ "UpdateAccessPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "UpdateAccessPolicyRequest"
+ },
+ "name": "UpdateAccessPolicy",
+ "output": {
+ "shape": "UpdateAccessPolicyResponse"
+ }
+ },
+ "UpdateAccountSettings": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "input": {
+ "shape": "UpdateAccountSettingsRequest"
+ },
+ "name": "UpdateAccountSettings",
+ "output": {
+ "shape": "UpdateAccountSettingsResponse"
+ }
+ },
+ "UpdateCollection": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "UpdateCollectionRequest"
+ },
+ "name": "UpdateCollection",
+ "output": {
+ "shape": "UpdateCollectionResponse"
+ }
+ },
+ "UpdateSecurityConfig": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "UpdateSecurityConfigRequest"
+ },
+ "name": "UpdateSecurityConfig",
+ "output": {
+ "shape": "UpdateSecurityConfigResponse"
+ }
+ },
+ "UpdateSecurityPolicy": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ResourceNotFoundException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "UpdateSecurityPolicyRequest"
+ },
+ "name": "UpdateSecurityPolicy",
+ "output": {
+ "shape": "UpdateSecurityPolicyResponse"
+ }
+ },
+ "UpdateVpcEndpoint": {
+ "errors": [
+ {
+ "shape": "InternalServerException"
+ },
+ {
+ "shape": "ConflictException"
+ },
+ {
+ "shape": "ValidationException"
+ }
+ ],
+ "http": {
+ "method": "POST",
+ "requestUri": "/"
+ },
+ "idempotent": true,
+ "input": {
+ "shape": "UpdateVpcEndpointRequest"
+ },
+ "name": "UpdateVpcEndpoint",
+ "output": {
+ "shape": "UpdateVpcEndpointResponse"
+ }
+ }
+ },
+ "shapes": {
+ "AccessPolicyDetail": {
+ "members": {
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policyVersion": {
+ "shape": "PolicyVersion"
+ },
+ "type": {
+ "shape": "AccessPolicyType"
+ }
+ },
+ "type": "structure"
+ },
+ "AccessPolicyStats": {
+ "members": {
+ "DataPolicyCount": {
+ "shape": "Long"
+ }
+ },
+ "type": "structure"
+ },
+ "AccessPolicySummaries": {
+ "member": {
+ "shape": "AccessPolicySummary"
+ },
+ "type": "list"
+ },
+ "AccessPolicySummary": {
+ "members": {
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policyVersion": {
+ "shape": "PolicyVersion"
+ },
+ "type": {
+ "shape": "AccessPolicyType"
+ }
+ },
+ "type": "structure"
+ },
+ "AccessPolicyType": {
+ "enum": [
+ "data"
+ ],
+ "type": "string"
+ },
+ "AccountSettingsDetail": {
+ "members": {
+ "capacityLimits": {
+ "shape": "CapacityLimits"
+ }
+ },
+ "type": "structure"
+ },
+ "Arn": {
+ "max": 1011,
+ "min": 1,
+ "type": "string"
+ },
+ "BatchGetCollectionRequest": {
+ "members": {
+ "ids": {
+ "shape": "CollectionIds"
+ },
+ "names": {
+ "shape": "CollectionNames"
+ }
+ },
+ "type": "structure"
+ },
+ "BatchGetCollectionResponse": {
+ "members": {
+ "collectionDetails": {
+ "shape": "CollectionDetails"
+ },
+ "collectionErrorDetails": {
+ "shape": "CollectionErrorDetails"
+ }
+ },
+ "type": "structure"
+ },
+ "BatchGetVpcEndpointRequest": {
+ "members": {
+ "ids": {
+ "shape": "VpcEndpointIds"
+ }
+ },
+ "required": [
+ "ids"
+ ],
+ "type": "structure"
+ },
+ "BatchGetVpcEndpointResponse": {
+ "members": {
+ "vpcEndpointDetails": {
+ "shape": "VpcEndpointDetails"
+ },
+ "vpcEndpointErrorDetails": {
+ "shape": "VpcEndpointErrorDetails"
+ }
+ },
+ "type": "structure"
+ },
+ "CapacityLimits": {
+ "members": {
+ "maxIndexingCapacityInOCU": {
+ "shape": "IndexingCapacityValue"
+ },
+ "maxSearchCapacityInOCU": {
+ "shape": "SearchCapacityValue"
+ }
+ },
+ "type": "structure"
+ },
+ "ClientToken": {
+ "max": 512,
+ "min": 1,
+ "type": "string"
+ },
+ "CollectionDetail": {
+ "members": {
+ "arn": {
+ "shape": "String"
+ },
+ "collectionEndpoint": {
+ "shape": "String"
+ },
+ "createdDate": {
+ "shape": "Long"
+ },
+ "dashboardEndpoint": {
+ "shape": "String"
+ },
+ "description": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "CollectionId"
+ },
+ "kmsKeyArn": {
+ "shape": "String"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "CollectionName"
+ },
+ "status": {
+ "shape": "CollectionStatus"
+ },
+ "type": {
+ "shape": "CollectionType"
+ }
+ },
+ "type": "structure"
+ },
+ "CollectionDetails": {
+ "member": {
+ "shape": "CollectionDetail"
+ },
+ "type": "list"
+ },
+ "CollectionErrorDetail": {
+ "members": {
+ "errorCode": {
+ "shape": "String"
+ },
+ "errorMessage": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "CollectionId"
+ },
+ "name": {
+ "shape": "CollectionName"
+ }
+ },
+ "type": "structure"
+ },
+ "CollectionErrorDetails": {
+ "member": {
+ "shape": "CollectionErrorDetail"
+ },
+ "type": "list"
+ },
+ "CollectionFilters": {
+ "members": {
+ "name": {
+ "shape": "CollectionName"
+ },
+ "status": {
+ "shape": "CollectionStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "CollectionId": {
+ "max": 40,
+ "min": 3,
+ "pattern": "^[a-z0-9]{3,40}$",
+ "type": "string"
+ },
+ "CollectionIds": {
+ "max": 100,
+ "member": {
+ "shape": "CollectionId"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "CollectionName": {
+ "max": 32,
+ "min": 3,
+ "pattern": "^[a-z][a-z0-9-]+$",
+ "type": "string"
+ },
+ "CollectionNames": {
+ "max": 100,
+ "member": {
+ "shape": "CollectionName"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "CollectionStatus": {
+ "enum": [
+ "CREATING",
+ "DELETING",
+ "ACTIVE",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "CollectionSummaries": {
+ "member": {
+ "shape": "CollectionSummary"
+ },
+ "type": "list"
+ },
+ "CollectionSummary": {
+ "members": {
+ "arn": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "CollectionId"
+ },
+ "name": {
+ "shape": "CollectionName"
+ },
+ "status": {
+ "shape": "CollectionStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "CollectionType": {
+ "enum": [
+ "SEARCH",
+ "TIMESERIES"
+ ],
+ "type": "string"
+ },
+ "ConfigDescription": {
+ "max": 1000,
+ "min": 1,
+ "type": "string"
+ },
+ "ConfigName": {
+ "max": 32,
+ "min": 3,
+ "pattern": "^[a-z][a-z0-9-]+$",
+ "type": "string"
+ },
+ "ConflictException": {
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateAccessPolicyRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policy": {
+ "shape": "PolicyDocument"
+ },
+ "type": {
+ "shape": "AccessPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "policy",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "CreateAccessPolicyResponse": {
+ "members": {
+ "accessPolicyDetail": {
+ "shape": "AccessPolicyDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateCollectionDetail": {
+ "members": {
+ "arn": {
+ "shape": "String"
+ },
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "CollectionId"
+ },
+ "kmsKeyArn": {
+ "shape": "String"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "CollectionName"
+ },
+ "status": {
+ "shape": "CollectionStatus"
+ },
+ "type": {
+ "shape": "CollectionType"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateCollectionRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "CreateCollectionRequestDescriptionString"
+ },
+ "name": {
+ "shape": "CollectionName"
+ },
+ "tags": {
+ "shape": "Tags"
+ },
+ "type": {
+ "shape": "CollectionType"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "structure"
+ },
+ "CreateCollectionRequestDescriptionString": {
+ "max": 1000,
+ "min": 0,
+ "type": "string"
+ },
+ "CreateCollectionResponse": {
+ "members": {
+ "createCollectionDetail": {
+ "shape": "CreateCollectionDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateSecurityConfigRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "ConfigDescription"
+ },
+ "name": {
+ "shape": "ConfigName"
+ },
+ "samlOptions": {
+ "shape": "SamlConfigOptions"
+ },
+ "type": {
+ "shape": "SecurityConfigType"
+ }
+ },
+ "required": [
+ "name",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "CreateSecurityConfigResponse": {
+ "members": {
+ "securityConfigDetail": {
+ "shape": "SecurityConfigDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateSecurityPolicyRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policy": {
+ "shape": "PolicyDocument"
+ },
+ "type": {
+ "shape": "SecurityPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "policy",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "CreateSecurityPolicyResponse": {
+ "members": {
+ "securityPolicyDetail": {
+ "shape": "SecurityPolicyDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateVpcEndpointDetail": {
+ "members": {
+ "id": {
+ "shape": "VpcEndpointId"
+ },
+ "name": {
+ "shape": "VpcEndpointName"
+ },
+ "status": {
+ "shape": "VpcEndpointStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "CreateVpcEndpointRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "name": {
+ "shape": "VpcEndpointName"
+ },
+ "securityGroupIds": {
+ "shape": "SecurityGroupIds"
+ },
+ "subnetIds": {
+ "shape": "SubnetIds"
+ },
+ "vpcId": {
+ "shape": "VpcId"
+ }
+ },
+ "required": [
+ "name",
+ "subnetIds",
+ "vpcId"
+ ],
+ "type": "structure"
+ },
+ "CreateVpcEndpointResponse": {
+ "members": {
+ "createVpcEndpointDetail": {
+ "shape": "CreateVpcEndpointDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "DeleteAccessPolicyRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "type": {
+ "shape": "AccessPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "DeleteAccessPolicyResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "DeleteCollectionDetail": {
+ "members": {
+ "id": {
+ "shape": "CollectionId"
+ },
+ "name": {
+ "shape": "CollectionName"
+ },
+ "status": {
+ "shape": "CollectionStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "DeleteCollectionRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "id": {
+ "shape": "CollectionId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "DeleteCollectionResponse": {
+ "members": {
+ "deleteCollectionDetail": {
+ "shape": "DeleteCollectionDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "DeleteSecurityConfigRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "id": {
+ "shape": "SecurityConfigId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "DeleteSecurityConfigResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "DeleteSecurityPolicyRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "type": {
+ "shape": "SecurityPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "DeleteSecurityPolicyResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "DeleteVpcEndpointDetail": {
+ "members": {
+ "id": {
+ "shape": "VpcEndpointId"
+ },
+ "name": {
+ "shape": "VpcEndpointName"
+ },
+ "status": {
+ "shape": "VpcEndpointStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "DeleteVpcEndpointRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "id": {
+ "shape": "VpcEndpointId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "DeleteVpcEndpointResponse": {
+ "members": {
+ "deleteVpcEndpointDetail": {
+ "shape": "DeleteVpcEndpointDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "GetAccessPolicyRequest": {
+ "members": {
+ "name": {
+ "shape": "PolicyName"
+ },
+ "type": {
+ "shape": "AccessPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "GetAccessPolicyResponse": {
+ "members": {
+ "accessPolicyDetail": {
+ "shape": "AccessPolicyDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "GetAccountSettingsRequest": {
+ "members": {},
+ "type": "structure"
+ },
+ "GetAccountSettingsResponse": {
+ "members": {
+ "accountSettingsDetail": {
+ "shape": "AccountSettingsDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "GetPoliciesStatsRequest": {
+ "members": {},
+ "type": "structure"
+ },
+ "GetPoliciesStatsResponse": {
+ "members": {
+ "AccessPolicyStats": {
+ "shape": "AccessPolicyStats"
+ },
+ "SecurityConfigStats": {
+ "shape": "SecurityConfigStats"
+ },
+ "SecurityPolicyStats": {
+ "shape": "SecurityPolicyStats"
+ },
+ "TotalPolicyCount": {
+ "shape": "Long"
+ }
+ },
+ "type": "structure"
+ },
+ "GetSecurityConfigRequest": {
+ "members": {
+ "id": {
+ "shape": "SecurityConfigId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "GetSecurityConfigResponse": {
+ "members": {
+ "securityConfigDetail": {
+ "shape": "SecurityConfigDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "GetSecurityPolicyRequest": {
+ "members": {
+ "name": {
+ "shape": "PolicyName"
+ },
+ "type": {
+ "shape": "SecurityPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "GetSecurityPolicyResponse": {
+ "members": {
+ "securityPolicyDetail": {
+ "shape": "SecurityPolicyDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "IndexingCapacityValue": {
+ "box": true,
+ "min": 2,
+ "type": "integer"
+ },
+ "InternalServerException": {
+ "exception": true,
+ "fault": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListAccessPoliciesRequest": {
+ "members": {
+ "maxResults": {
+ "shape": "ListAccessPoliciesRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "shape": "String"
+ },
+ "resource": {
+ "shape": "ListAccessPoliciesRequestResourceList"
+ },
+ "type": {
+ "shape": "AccessPolicyType"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "structure"
+ },
+ "ListAccessPoliciesRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListAccessPoliciesRequestResourceList": {
+ "max": 1000,
+ "member": {
+ "shape": "Resource"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "ListAccessPoliciesResponse": {
+ "members": {
+ "accessPolicySummaries": {
+ "shape": "AccessPolicySummaries"
+ },
+ "nextToken": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListCollectionsRequest": {
+ "members": {
+ "collectionFilters": {
+ "shape": "CollectionFilters"
+ },
+ "maxResults": {
+ "shape": "ListCollectionsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListCollectionsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListCollectionsResponse": {
+ "members": {
+ "collectionSummaries": {
+ "shape": "CollectionSummaries"
+ },
+ "nextToken": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "ListSecurityConfigsRequest": {
+ "members": {
+ "maxResults": {
+ "shape": "ListSecurityConfigsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "shape": "String"
+ },
+ "type": {
+ "shape": "SecurityConfigType"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "structure"
+ },
+ "ListSecurityConfigsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListSecurityConfigsResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "String"
+ },
+ "securityConfigSummaries": {
+ "shape": "SecurityConfigSummaries"
+ }
+ },
+ "type": "structure"
+ },
+ "ListSecurityPoliciesRequest": {
+ "members": {
+ "maxResults": {
+ "shape": "ListSecurityPoliciesRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "shape": "String"
+ },
+ "resource": {
+ "shape": "ListSecurityPoliciesRequestResourceList"
+ },
+ "type": {
+ "shape": "SecurityPolicyType"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "structure"
+ },
+ "ListSecurityPoliciesRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListSecurityPoliciesRequestResourceList": {
+ "max": 1000,
+ "member": {
+ "shape": "Resource"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "ListSecurityPoliciesResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "String"
+ },
+ "securityPolicySummaries": {
+ "shape": "SecurityPolicySummaries"
+ }
+ },
+ "type": "structure"
+ },
+ "ListTagsForResourceRequest": {
+ "members": {
+ "resourceArn": {
+ "shape": "Arn"
+ }
+ },
+ "required": [
+ "resourceArn"
+ ],
+ "type": "structure"
+ },
+ "ListTagsForResourceResponse": {
+ "members": {
+ "tags": {
+ "shape": "Tags"
+ }
+ },
+ "type": "structure"
+ },
+ "ListVpcEndpointsRequest": {
+ "members": {
+ "maxResults": {
+ "shape": "ListVpcEndpointsRequestMaxResultsInteger"
+ },
+ "nextToken": {
+ "shape": "String"
+ },
+ "vpcEndpointFilters": {
+ "shape": "VpcEndpointFilters"
+ }
+ },
+ "type": "structure"
+ },
+ "ListVpcEndpointsRequestMaxResultsInteger": {
+ "box": true,
+ "max": 100,
+ "min": 1,
+ "type": "integer"
+ },
+ "ListVpcEndpointsResponse": {
+ "members": {
+ "nextToken": {
+ "shape": "String"
+ },
+ "vpcEndpointSummaries": {
+ "shape": "VpcEndpointSummaries"
+ }
+ },
+ "type": "structure"
+ },
+ "Long": {
+ "box": true,
+ "type": "long"
+ },
+ "PolicyDescription": {
+ "max": 1000,
+ "min": 1,
+ "type": "string"
+ },
+ "PolicyDocument": {
+ "max": 20480,
+ "min": 1,
+ "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+",
+ "type": "string"
+ },
+ "PolicyName": {
+ "max": 32,
+ "min": 3,
+ "pattern": "^[a-z][a-z0-9-]+$",
+ "type": "string"
+ },
+ "PolicyVersion": {
+ "max": 36,
+ "min": 20,
+ "pattern": "^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$",
+ "type": "string"
+ },
+ "Resource": {
+ "type": "string"
+ },
+ "ResourceNotFoundException": {
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "SamlConfigOptions": {
+ "members": {
+ "groupAttribute": {
+ "shape": "samlGroupAttribute"
+ },
+ "metadata": {
+ "shape": "samlMetadata"
+ },
+ "sessionTimeout": {
+ "shape": "SamlConfigOptionsSessionTimeoutInteger"
+ },
+ "userAttribute": {
+ "shape": "samlUserAttribute"
+ }
+ },
+ "required": [
+ "metadata"
+ ],
+ "type": "structure"
+ },
+ "SamlConfigOptionsSessionTimeoutInteger": {
+ "box": true,
+ "max": 720,
+ "min": 5,
+ "type": "integer"
+ },
+ "SearchCapacityValue": {
+ "box": true,
+ "min": 2,
+ "type": "integer"
+ },
+ "SecurityConfigDetail": {
+ "members": {
+ "configVersion": {
+ "shape": "PolicyVersion"
+ },
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "ConfigDescription"
+ },
+ "id": {
+ "shape": "SecurityConfigId"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "samlOptions": {
+ "shape": "SamlConfigOptions"
+ },
+ "type": {
+ "shape": "SecurityConfigType"
+ }
+ },
+ "type": "structure"
+ },
+ "SecurityConfigId": {
+ "max": 100,
+ "min": 1,
+ "type": "string"
+ },
+ "SecurityConfigStats": {
+ "members": {
+ "SamlConfigCount": {
+ "shape": "Long"
+ }
+ },
+ "type": "structure"
+ },
+ "SecurityConfigSummaries": {
+ "member": {
+ "shape": "SecurityConfigSummary"
+ },
+ "type": "list"
+ },
+ "SecurityConfigSummary": {
+ "members": {
+ "configVersion": {
+ "shape": "PolicyVersion"
+ },
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "ConfigDescription"
+ },
+ "id": {
+ "shape": "SecurityConfigId"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "type": {
+ "shape": "SecurityConfigType"
+ }
+ },
+ "type": "structure"
+ },
+ "SecurityConfigType": {
+ "enum": [
+ "saml"
+ ],
+ "type": "string"
+ },
+ "SecurityGroupId": {
+ "max": 128,
+ "min": 1,
+ "pattern": "^[\\w+\\-]+$",
+ "type": "string"
+ },
+ "SecurityGroupIds": {
+ "max": 5,
+ "member": {
+ "shape": "SecurityGroupId"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "SecurityPolicyDetail": {
+ "members": {
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policyVersion": {
+ "shape": "PolicyVersion"
+ },
+ "type": {
+ "shape": "SecurityPolicyType"
+ }
+ },
+ "type": "structure"
+ },
+ "SecurityPolicyStats": {
+ "members": {
+ "EncryptionPolicyCount": {
+ "shape": "Long"
+ },
+ "NetworkPolicyCount": {
+ "shape": "Long"
+ }
+ },
+ "type": "structure"
+ },
+ "SecurityPolicySummaries": {
+ "member": {
+ "shape": "SecurityPolicySummary"
+ },
+ "type": "list"
+ },
+ "SecurityPolicySummary": {
+ "members": {
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policyVersion": {
+ "shape": "PolicyVersion"
+ },
+ "type": {
+ "shape": "SecurityPolicyType"
+ }
+ },
+ "type": "structure"
+ },
+ "SecurityPolicyType": {
+ "enum": [
+ "encryption",
+ "network"
+ ],
+ "type": "string"
+ },
+ "String": {
+ "type": "string"
+ },
+ "SubnetId": {
+ "max": 32,
+ "min": 1,
+ "pattern": "^subnet-([0-9a-f]{8}|[0-9a-f]{17})$",
+ "type": "string"
+ },
+ "SubnetIds": {
+ "max": 6,
+ "member": {
+ "shape": "SubnetId"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "Tag": {
+ "members": {
+ "key": {
+ "shape": "TagKey"
+ },
+ "value": {
+ "shape": "TagValue"
+ }
+ },
+ "required": [
+ "key",
+ "value"
+ ],
+ "type": "structure"
+ },
+ "TagKey": {
+ "max": 128,
+ "min": 1,
+ "type": "string"
+ },
+ "TagKeys": {
+ "max": 50,
+ "member": {
+ "shape": "TagKey"
+ },
+ "min": 0,
+ "type": "list"
+ },
+ "TagResourceRequest": {
+ "members": {
+ "resourceArn": {
+ "shape": "Arn"
+ },
+ "tags": {
+ "shape": "Tags"
+ }
+ },
+ "required": [
+ "resourceArn",
+ "tags"
+ ],
+ "type": "structure"
+ },
+ "TagResourceResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "TagValue": {
+ "max": 256,
+ "min": 0,
+ "type": "string"
+ },
+ "Tags": {
+ "max": 50,
+ "member": {
+ "shape": "Tag"
+ },
+ "min": 0,
+ "type": "list"
+ },
+ "UntagResourceRequest": {
+ "members": {
+ "resourceArn": {
+ "shape": "Arn"
+ },
+ "tagKeys": {
+ "shape": "TagKeys"
+ }
+ },
+ "required": [
+ "resourceArn",
+ "tagKeys"
+ ],
+ "type": "structure"
+ },
+ "UntagResourceResponse": {
+ "members": {},
+ "type": "structure"
+ },
+ "UpdateAccessPolicyRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policy": {
+ "shape": "PolicyDocument"
+ },
+ "policyVersion": {
+ "shape": "PolicyVersion"
+ },
+ "type": {
+ "shape": "AccessPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "policyVersion",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "UpdateAccessPolicyResponse": {
+ "members": {
+ "accessPolicyDetail": {
+ "shape": "AccessPolicyDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateAccountSettingsRequest": {
+ "members": {
+ "capacityLimits": {
+ "shape": "CapacityLimits"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateAccountSettingsResponse": {
+ "members": {
+ "accountSettingsDetail": {
+ "shape": "AccountSettingsDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateCollectionDetail": {
+ "members": {
+ "arn": {
+ "shape": "String"
+ },
+ "createdDate": {
+ "shape": "Long"
+ },
+ "description": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "CollectionId"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "CollectionName"
+ },
+ "status": {
+ "shape": "CollectionStatus"
+ },
+ "type": {
+ "shape": "CollectionType"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateCollectionRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "UpdateCollectionRequestDescriptionString"
+ },
+ "id": {
+ "shape": "CollectionId"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "UpdateCollectionRequestDescriptionString": {
+ "max": 1000,
+ "min": 0,
+ "type": "string"
+ },
+ "UpdateCollectionResponse": {
+ "members": {
+ "updateCollectionDetail": {
+ "shape": "UpdateCollectionDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateSecurityConfigRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "configVersion": {
+ "shape": "PolicyVersion"
+ },
+ "description": {
+ "shape": "ConfigDescription"
+ },
+ "id": {
+ "shape": "SecurityConfigId"
+ },
+ "samlOptions": {
+ "shape": "SamlConfigOptions"
+ }
+ },
+ "required": [
+ "configVersion",
+ "id"
+ ],
+ "type": "structure"
+ },
+ "UpdateSecurityConfigResponse": {
+ "members": {
+ "securityConfigDetail": {
+ "shape": "SecurityConfigDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateSecurityPolicyRequest": {
+ "members": {
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "description": {
+ "shape": "PolicyDescription"
+ },
+ "name": {
+ "shape": "PolicyName"
+ },
+ "policy": {
+ "shape": "PolicyDocument"
+ },
+ "policyVersion": {
+ "shape": "PolicyVersion"
+ },
+ "type": {
+ "shape": "SecurityPolicyType"
+ }
+ },
+ "required": [
+ "name",
+ "policyVersion",
+ "type"
+ ],
+ "type": "structure"
+ },
+ "UpdateSecurityPolicyResponse": {
+ "members": {
+ "securityPolicyDetail": {
+ "shape": "SecurityPolicyDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateVpcEndpointDetail": {
+ "members": {
+ "id": {
+ "shape": "VpcEndpointId"
+ },
+ "lastModifiedDate": {
+ "shape": "Long"
+ },
+ "name": {
+ "shape": "VpcEndpointName"
+ },
+ "securityGroupIds": {
+ "shape": "SecurityGroupIds"
+ },
+ "status": {
+ "shape": "VpcEndpointStatus"
+ },
+ "subnetIds": {
+ "shape": "SubnetIds"
+ }
+ },
+ "type": "structure"
+ },
+ "UpdateVpcEndpointRequest": {
+ "members": {
+ "addSecurityGroupIds": {
+ "shape": "SecurityGroupIds"
+ },
+ "addSubnetIds": {
+ "shape": "SubnetIds"
+ },
+ "clientToken": {
+ "idempotencyToken": true,
+ "shape": "ClientToken"
+ },
+ "id": {
+ "shape": "VpcEndpointId"
+ },
+ "removeSecurityGroupIds": {
+ "shape": "SecurityGroupIds"
+ },
+ "removeSubnetIds": {
+ "shape": "SubnetIds"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "structure"
+ },
+ "UpdateVpcEndpointResponse": {
+ "members": {
+ "UpdateVpcEndpointDetail": {
+ "shape": "UpdateVpcEndpointDetail"
+ }
+ },
+ "type": "structure"
+ },
+ "ValidationException": {
+ "exception": true,
+ "members": {
+ "message": {
+ "shape": "String"
+ }
+ },
+ "type": "structure"
+ },
+ "VpcEndpointDetail": {
+ "members": {
+ "createdDate": {
+ "shape": "Long"
+ },
+ "id": {
+ "shape": "VpcEndpointId"
+ },
+ "name": {
+ "shape": "VpcEndpointName"
+ },
+ "securityGroupIds": {
+ "shape": "SecurityGroupIds"
+ },
+ "status": {
+ "shape": "VpcEndpointStatus"
+ },
+ "subnetIds": {
+ "shape": "SubnetIds"
+ },
+ "vpcId": {
+ "shape": "VpcId"
+ }
+ },
+ "type": "structure"
+ },
+ "VpcEndpointDetails": {
+ "member": {
+ "shape": "VpcEndpointDetail"
+ },
+ "type": "list"
+ },
+ "VpcEndpointErrorDetail": {
+ "members": {
+ "errorCode": {
+ "shape": "String"
+ },
+ "errorMessage": {
+ "shape": "String"
+ },
+ "id": {
+ "shape": "VpcEndpointId"
+ }
+ },
+ "type": "structure"
+ },
+ "VpcEndpointErrorDetails": {
+ "member": {
+ "shape": "VpcEndpointErrorDetail"
+ },
+ "type": "list"
+ },
+ "VpcEndpointFilters": {
+ "members": {
+ "status": {
+ "shape": "VpcEndpointStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "VpcEndpointId": {
+ "max": 255,
+ "min": 1,
+ "pattern": "^vpce-[0-9a-z]*$",
+ "type": "string"
+ },
+ "VpcEndpointIds": {
+ "member": {
+ "shape": "VpcEndpointId"
+ },
+ "min": 1,
+ "type": "list"
+ },
+ "VpcEndpointName": {
+ "max": 32,
+ "min": 3,
+ "pattern": "^[a-z][a-z0-9-]+$",
+ "type": "string"
+ },
+ "VpcEndpointStatus": {
+ "enum": [
+ "PENDING",
+ "DELETING",
+ "ACTIVE",
+ "FAILED"
+ ],
+ "type": "string"
+ },
+ "VpcEndpointSummaries": {
+ "member": {
+ "shape": "VpcEndpointSummary"
+ },
+ "type": "list"
+ },
+ "VpcEndpointSummary": {
+ "members": {
+ "id": {
+ "shape": "VpcEndpointId"
+ },
+ "name": {
+ "shape": "VpcEndpointName"
+ },
+ "status": {
+ "shape": "VpcEndpointStatus"
+ }
+ },
+ "type": "structure"
+ },
+ "VpcId": {
+ "max": 255,
+ "min": 1,
+ "pattern": "^vpc-[0-9a-z]*$",
+ "type": "string"
+ },
+ "samlGroupAttribute": {
+ "max": 2048,
+ "min": 1,
+ "pattern": "[\\w+=,.@-]+",
+ "type": "string"
+ },
+ "samlMetadata": {
+ "max": 20480,
+ "min": 1,
+ "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+",
+ "type": "string"
+ },
+ "samlUserAttribute": {
+ "max": 2048,
+ "min": 1,
+ "pattern": "[\\w+=,.@-]+",
+ "type": "string"
+ }
+ },
+ "version": "2.0"
+}
\ No newline at end of file
diff --git a/models/apis/opensearchserverless/2021-11-01/docs-2.json b/models/apis/opensearchserverless/2021-11-01/docs-2.json
new file mode 100644
index 0000000000..a97d2487a0
--- /dev/null
+++ b/models/apis/opensearchserverless/2021-11-01/docs-2.json
@@ -0,0 +1,1070 @@
+{
+ "version": "2.0",
+ "service": "Use the Amazon OpenSearch Serverless API to create, configure, and manage OpenSearch Serverless collections and security policies.
OpenSearch Serverless is an on-demand, pre-provisioned serverless configuration for Amazon OpenSearch Service. OpenSearch Serverless removes the operational complexities of provisioning, configuring, and tuning your OpenSearch clusters. It enables you to easily search and analyze petabytes of data without having to worry about the underlying infrastructure and data management.
To learn more about OpenSearch Serverless, see What is Amazon OpenSearch Serverless?
",
+ "operations": {
+ "BatchGetCollection": "Returns attributes for one or more collections, including the collection endpoint and the OpenSearch Dashboards endpoint. For more information, see Creating and managing Amazon OpenSearch Serverless collections.
",
+ "BatchGetVpcEndpoint": "Returns attributes for one or more VPC endpoints associated with the current account. For more information, see Access Amazon OpenSearch Serverless using an interface endpoint.
",
+ "CreateAccessPolicy": "Creates a data access policy for OpenSearch Serverless. Access policies limit access to collections and the resources within them, and allow a user to access that data irrespective of the access mechanism or network source. For more information, see Data access control for Amazon OpenSearch Serverless.
",
+ "CreateCollection": "Creates a new OpenSearch Serverless collection. For more information, see Creating and managing Amazon OpenSearch Serverless collections.
",
+ "CreateSecurityConfig": "Specifies a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.
",
+ "CreateSecurityPolicy": "Creates a security policy to be used by one or more OpenSearch Serverless collections. Security policies provide access to a collection and its OpenSearch Dashboards endpoint from public networks or specific VPC endpoints. They also allow you to secure a collection with a KMS encryption key. For more information, see Network access for Amazon OpenSearch Serverless and Encryption at rest for Amazon OpenSearch Serverless.
",
+ "CreateVpcEndpoint": "Creates an OpenSearch Serverless-managed interface VPC endpoint. For more information, see Access Amazon OpenSearch Serverless using an interface endpoint.
",
+ "DeleteAccessPolicy": "Deletes an OpenSearch Serverless access policy. For more information, see Data access control for Amazon OpenSearch Serverless.
",
+ "DeleteCollection": "Deletes an OpenSearch Serverless collection. For more information, see Creating and managing Amazon OpenSearch Serverless collections.
",
+ "DeleteSecurityConfig": "Deletes a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.
",
+ "DeleteSecurityPolicy": "Deletes an OpenSearch Serverless security policy.
",
+ "DeleteVpcEndpoint": "Deletes an OpenSearch Serverless-managed interface endpoint. For more information, see Access Amazon OpenSearch Serverless using an interface endpoint.
",
+ "GetAccessPolicy": "Returns an OpenSearch Serverless access policy. For more information, see Data access control for Amazon OpenSearch Serverless.
",
+ "GetAccountSettings": "Returns account-level settings related to OpenSearch Serverless.
",
+ "GetPoliciesStats": "Returns statistical information about your OpenSearch Serverless access policies, security configurations, and security policies.
",
+ "GetSecurityConfig": "Returns information about an OpenSearch Serverless security configuration. For more information, see SAML authentication for Amazon OpenSearch Serverless.
",
+ "GetSecurityPolicy": "Returns information about a configured OpenSearch Serverless security policy. For more information, see Network access for Amazon OpenSearch Serverless and Encryption at rest for Amazon OpenSearch Serverless.
",
+ "ListAccessPolicies": "Returns information about a list of OpenSearch Serverless access policies.
",
+ "ListCollections": "Lists all OpenSearch Serverless collections. For more information, see Creating and managing Amazon OpenSearch Serverless collections.
Make sure to include an empty request body {} if you don't include any collection filters in the request.
",
+ "ListSecurityConfigs": "Returns information about configured OpenSearch Serverless security configurations. For more information, see SAML authentication for Amazon OpenSearch Serverless.
",
+ "ListSecurityPolicies": "Returns information about configured OpenSearch Serverless security policies.
",
+ "ListTagsForResource": "Returns the tags for an OpenSearch Serverless resource. For more information, see Tagging Amazon OpenSearch Serverless collections.
",
+ "ListVpcEndpoints": "Returns the OpenSearch Serverless-managed interface VPC endpoints associated with the current account. For more information, see Access Amazon OpenSearch Serverless using an interface endpoint.
",
+ "TagResource": "Associates tags with an OpenSearch Serverless resource. For more information, see Tagging Amazon OpenSearch Serverless collections.
",
+ "UntagResource": "Removes a tag or set of tags from an OpenSearch Serverless resource. For more information, see Tagging Amazon OpenSearch Serverless collections.
",
+ "UpdateAccessPolicy": "Updates an OpenSearch Serverless access policy. For more information, see Data access control for Amazon OpenSearch Serverless.
",
+ "UpdateAccountSettings": "Update the OpenSearch Serverless settings for the current Amazon Web Services account. For more information, see Autoscaling.
",
+ "UpdateCollection": "Updates an OpenSearch Serverless collection.
",
+ "UpdateSecurityConfig": "Updates a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.
",
+ "UpdateSecurityPolicy": "Updates an OpenSearch Serverless security policy. For more information, see Network access for Amazon OpenSearch Serverless and Encryption at rest for Amazon OpenSearch Serverless.
",
+ "UpdateVpcEndpoint": "Updates an OpenSearch Serverless-managed interface endpoint. For more information, see Access Amazon OpenSearch Serverless using an interface endpoint.
"
+ },
+ "shapes": {
+ "AccessPolicyDetail": {
+ "base": "Details about an OpenSearch Serverless access policy.
",
+ "refs": {
+ "CreateAccessPolicyResponse$accessPolicyDetail": "Details about the created access policy.
",
+ "GetAccessPolicyResponse$accessPolicyDetail": "Details about the requested access policy.
",
+ "UpdateAccessPolicyResponse$accessPolicyDetail": "Details about the updated access policy.
"
+ }
+ },
+ "AccessPolicyStats": {
+ "base": "Statistics for an OpenSearch Serverless access policy.
",
+ "refs": {
+ "GetPoliciesStatsResponse$AccessPolicyStats": "Information about the data access policies in your account.
"
+ }
+ },
+ "AccessPolicySummaries": {
+ "base": null,
+ "refs": {
+ "ListAccessPoliciesResponse$accessPolicySummaries": "Details about the requested access policies.
"
+ }
+ },
+ "AccessPolicySummary": {
+ "base": "A summary of the data access policy.
",
+ "refs": {
+ "AccessPolicySummaries$member": null
+ }
+ },
+ "AccessPolicyType": {
+ "base": null,
+ "refs": {
+ "AccessPolicyDetail$type": "The type of access policy.
",
+ "AccessPolicySummary$type": "The type of access policy. Currently the only available type is data.
",
+ "CreateAccessPolicyRequest$type": "The type of policy.
",
+ "DeleteAccessPolicyRequest$type": "The type of policy.
",
+ "GetAccessPolicyRequest$type": "Tye type of policy. Currently the only supported value is data.
",
+ "ListAccessPoliciesRequest$type": "The type of access policy.
",
+ "UpdateAccessPolicyRequest$type": "The type of policy.
"
+ }
+ },
+ "AccountSettingsDetail": {
+ "base": "OpenSearch Serverless-related information for the current account.
",
+ "refs": {
+ "GetAccountSettingsResponse$accountSettingsDetail": "OpenSearch Serverless-related details for the current account.
",
+ "UpdateAccountSettingsResponse$accountSettingsDetail": "OpenSearch Serverless-related settings for the current Amazon Web Services account.
"
+ }
+ },
+ "Arn": {
+ "base": null,
+ "refs": {
+ "ListTagsForResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource. The resource must be active (not in the DELETING state), and must be owned by the account ID included in the request.
",
+ "TagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource. The resource must be active (not in the DELETING state), and must be owned by the account ID included in the request.
",
+ "UntagResourceRequest$resourceArn": "The Amazon Resource Name (ARN) of the resource to remove tags from. The resource must be active (not in the DELETING state), and must be owned by the account ID included in the request.
"
+ }
+ },
+ "BatchGetCollectionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "BatchGetCollectionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "BatchGetVpcEndpointRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "BatchGetVpcEndpointResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CapacityLimits": {
+ "base": "The maximum capacity limits for all OpenSearch Serverless collections, in OpenSearch Compute Units (OCUs). These limits are used to scale your collections based on the current workload. For more information, see Autoscaling.
",
+ "refs": {
+ "AccountSettingsDetail$capacityLimits": null,
+ "UpdateAccountSettingsRequest$capacityLimits": null
+ }
+ },
+ "ClientToken": {
+ "base": null,
+ "refs": {
+ "CreateAccessPolicyRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "CreateCollectionRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "CreateSecurityConfigRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "CreateSecurityPolicyRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "CreateVpcEndpointRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "DeleteAccessPolicyRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "DeleteCollectionRequest$clientToken": "A unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "DeleteSecurityConfigRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "DeleteSecurityPolicyRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "DeleteVpcEndpointRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "UpdateAccessPolicyRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "UpdateCollectionRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "UpdateSecurityConfigRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "UpdateSecurityPolicyRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
",
+ "UpdateVpcEndpointRequest$clientToken": "Unique, case-sensitive identifier to ensure idempotency of the request.
"
+ }
+ },
+ "CollectionDetail": {
+ "base": "Details about each OpenSearch Serverless collection, including the collection endpoint and the OpenSearch Dashboards endpoint.
",
+ "refs": {
+ "CollectionDetails$member": null
+ }
+ },
+ "CollectionDetails": {
+ "base": null,
+ "refs": {
+ "BatchGetCollectionResponse$collectionDetails": "Details about each collection.
"
+ }
+ },
+ "CollectionErrorDetail": {
+ "base": "Error information for an OpenSearch Serverless request.
",
+ "refs": {
+ "CollectionErrorDetails$member": null
+ }
+ },
+ "CollectionErrorDetails": {
+ "base": null,
+ "refs": {
+ "BatchGetCollectionResponse$collectionErrorDetails": "Error information for the request.
"
+ }
+ },
+ "CollectionFilters": {
+ "base": "List of filter keys that you can use for LIST, UPDATE, and DELETE requests to OpenSearch Serverless collections.
",
+ "refs": {
+ "ListCollectionsRequest$collectionFilters": "List of filter names and values that you can use for requests.
"
+ }
+ },
+ "CollectionId": {
+ "base": null,
+ "refs": {
+ "CollectionDetail$id": "A unique identifier for the collection.
",
+ "CollectionErrorDetail$id": "If the request contains collection IDs, the response includes the IDs provided in the request.
",
+ "CollectionIds$member": null,
+ "CollectionSummary$id": "The unique identifier of the collection.
",
+ "CreateCollectionDetail$id": "The unique identifier of the collection.
",
+ "DeleteCollectionDetail$id": "The unique identifier of the collection.
",
+ "DeleteCollectionRequest$id": "The unique identifier of the collection. For example, 1iu5usc406kd. The ID is part of the collection endpoint. You can also retrieve it using the ListCollections API.
",
+ "UpdateCollectionDetail$id": "The unique identifier of the collection.
",
+ "UpdateCollectionRequest$id": "The unique identifier of the collection.
"
+ }
+ },
+ "CollectionIds": {
+ "base": null,
+ "refs": {
+ "BatchGetCollectionRequest$ids": "A list of collection IDs. You can't provide names and IDs in the same request. The ID is part of the collection endpoint. You can also retrieve it using the ListCollections API.
"
+ }
+ },
+ "CollectionName": {
+ "base": null,
+ "refs": {
+ "CollectionDetail$name": "The name of the collection.
",
+ "CollectionErrorDetail$name": "If the request contains collection names, the response includes the names provided in the request.
",
+ "CollectionFilters$name": "The name of the collection.
",
+ "CollectionNames$member": null,
+ "CollectionSummary$name": "The name of the collection.
",
+ "CreateCollectionDetail$name": "The name of the collection.
",
+ "CreateCollectionRequest$name": "Name of the collection.
",
+ "DeleteCollectionDetail$name": "The name of the collection.
",
+ "UpdateCollectionDetail$name": "The name of the collection.
"
+ }
+ },
+ "CollectionNames": {
+ "base": null,
+ "refs": {
+ "BatchGetCollectionRequest$names": "A list of collection names. You can't provide names and IDs in the same request.
"
+ }
+ },
+ "CollectionStatus": {
+ "base": null,
+ "refs": {
+ "CollectionDetail$status": "The current status of the collection.
",
+ "CollectionFilters$status": "The current status of the collection.
",
+ "CollectionSummary$status": "The current status of the collection.
",
+ "CreateCollectionDetail$status": "The current status of the collection.
",
+ "DeleteCollectionDetail$status": "The current status of the collection.
",
+ "UpdateCollectionDetail$status": "The current status of the collection.
"
+ }
+ },
+ "CollectionSummaries": {
+ "base": null,
+ "refs": {
+ "ListCollectionsResponse$collectionSummaries": "Details about each collection.
"
+ }
+ },
+ "CollectionSummary": {
+ "base": "Details about each OpenSearch Serverless collection.
",
+ "refs": {
+ "CollectionSummaries$member": null
+ }
+ },
+ "CollectionType": {
+ "base": null,
+ "refs": {
+ "CollectionDetail$type": "The type of collection.
",
+ "CreateCollectionDetail$type": "The type of collection.
",
+ "CreateCollectionRequest$type": "The type of collection.
",
+ "UpdateCollectionDetail$type": "The collection type.
"
+ }
+ },
+ "ConfigDescription": {
+ "base": null,
+ "refs": {
+ "CreateSecurityConfigRequest$description": "A description of the security configuration.
",
+ "SecurityConfigDetail$description": "The description of the security configuration.
",
+ "SecurityConfigSummary$description": "The description of the security configuration.
",
+ "UpdateSecurityConfigRequest$description": "A description of the security configuration.
"
+ }
+ },
+ "ConfigName": {
+ "base": null,
+ "refs": {
+ "CreateSecurityConfigRequest$name": "The name of the security configuration.
"
+ }
+ },
+ "ConflictException": {
+ "base": "When creating a collection, thrown when a collection with the same name already exists or is being created. When deleting a collection, thrown when the collection is not in the ACTIVE or FAILED state.
",
+ "refs": {
+ }
+ },
+ "CreateAccessPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateAccessPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateCollectionDetail": {
+ "base": "Details about the created OpenSearch Serverless collection.
",
+ "refs": {
+ "CreateCollectionResponse$createCollectionDetail": "Details about the collection.
"
+ }
+ },
+ "CreateCollectionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateCollectionRequestDescriptionString": {
+ "base": null,
+ "refs": {
+ "CreateCollectionRequest$description": "Description of the collection.
"
+ }
+ },
+ "CreateCollectionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSecurityConfigRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSecurityConfigResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSecurityPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSecurityPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVpcEndpointDetail": {
+ "base": "Creation details for an OpenSearch Serverless-managed interface endpoint. For more information, see Access Amazon OpenSearch Serverless using an interface endpoint.
",
+ "refs": {
+ "CreateVpcEndpointResponse$createVpcEndpointDetail": "Details about the created interface VPC endpoint.
"
+ }
+ },
+ "CreateVpcEndpointRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateVpcEndpointResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteAccessPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteAccessPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteCollectionDetail": {
+ "base": "Details about a deleted OpenSearch Serverless collection.
",
+ "refs": {
+ "DeleteCollectionResponse$deleteCollectionDetail": "Details of the deleted collection.
"
+ }
+ },
+ "DeleteCollectionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteCollectionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSecurityConfigRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSecurityConfigResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSecurityPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSecurityPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVpcEndpointDetail": {
+ "base": "Deletion details for an OpenSearch Serverless-managed interface endpoint.
",
+ "refs": {
+ "DeleteVpcEndpointResponse$deleteVpcEndpointDetail": "Details about the deleted endpoint.
"
+ }
+ },
+ "DeleteVpcEndpointRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteVpcEndpointResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Document": {
+ "base": null,
+ "refs": {
+ "AccessPolicyDetail$policy": "The JSON policy document without any whitespaces.
",
+ "SecurityPolicyDetail$policy": "The JSON policy document without any whitespaces.
"
+ }
+ },
+ "GetAccessPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetAccessPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetAccountSettingsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetAccountSettingsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetPoliciesStatsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetPoliciesStatsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetSecurityConfigRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetSecurityConfigResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetSecurityPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetSecurityPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "IndexingCapacityValue": {
+ "base": null,
+ "refs": {
+ "CapacityLimits$maxIndexingCapacityInOCU": "The maximum indexing capacity for collections.
"
+ }
+ },
+ "InternalServerException": {
+ "base": "Thrown when an error internal to the service occurs while processing a request.
",
+ "refs": {
+ }
+ },
+ "ListAccessPoliciesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAccessPoliciesRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListAccessPoliciesRequest$maxResults": "An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.
"
+ }
+ },
+ "ListAccessPoliciesRequestResourceList": {
+ "base": null,
+ "refs": {
+ "ListAccessPoliciesRequest$resource": "Resource filters (can be collection or indexes) that policies can apply to.
"
+ }
+ },
+ "ListAccessPoliciesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListCollectionsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListCollectionsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListCollectionsRequest$maxResults": "The maximum number of results to return. Default is 20. You can use nextToken to get the next page of results.
"
+ }
+ },
+ "ListCollectionsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSecurityConfigsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSecurityConfigsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListSecurityConfigsRequest$maxResults": "An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.
"
+ }
+ },
+ "ListSecurityConfigsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSecurityPoliciesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSecurityPoliciesRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListSecurityPoliciesRequest$maxResults": "An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.
"
+ }
+ },
+ "ListSecurityPoliciesRequestResourceList": {
+ "base": null,
+ "refs": {
+ "ListSecurityPoliciesRequest$resource": "Resource filters (can be collection or indexes) that policies can apply to.
"
+ }
+ },
+ "ListSecurityPoliciesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListVpcEndpointsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListVpcEndpointsRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "ListVpcEndpointsRequest$maxResults": "An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.
"
+ }
+ },
+ "ListVpcEndpointsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Long": {
+ "base": null,
+ "refs": {
+ "AccessPolicyDetail$createdDate": "The date the policy was created.
",
+ "AccessPolicyDetail$lastModifiedDate": "The timestamp of when the policy was last modified.
",
+ "AccessPolicyStats$DataPolicyCount": "The number of data access policies in the current account.
",
+ "AccessPolicySummary$createdDate": "The Epoch time when the access policy was created.
",
+ "AccessPolicySummary$lastModifiedDate": "The date and time when the collection was last modified.
",
+ "CollectionDetail$createdDate": "The Epoch time when the collection was created.
",
+ "CollectionDetail$lastModifiedDate": "The date and time when the collection was last modified.
",
+ "CreateCollectionDetail$createdDate": "The Epoch time when the collection was created.
",
+ "CreateCollectionDetail$lastModifiedDate": "The date and time when the collection was last modified.
",
+ "GetPoliciesStatsResponse$TotalPolicyCount": "The total number of OpenSearch Serverless security policies and configurations in your account.
",
+ "SecurityConfigDetail$createdDate": "The date the configuration was created.
",
+ "SecurityConfigDetail$lastModifiedDate": "The timestamp of when the configuration was last modified.
",
+ "SecurityConfigStats$SamlConfigCount": "The number of security configurations in the current account.
",
+ "SecurityConfigSummary$createdDate": "The Epoch time when the security configuration was created.
",
+ "SecurityConfigSummary$lastModifiedDate": "The timestamp of when the configuration was last modified.
",
+ "SecurityPolicyDetail$createdDate": "The date the policy was created.
",
+ "SecurityPolicyDetail$lastModifiedDate": "The timestamp of when the policy was last modified.
",
+ "SecurityPolicyStats$EncryptionPolicyCount": "The number of encryption policies in the current account.
",
+ "SecurityPolicyStats$NetworkPolicyCount": "The number of network policies in the current account.
",
+ "SecurityPolicySummary$createdDate": "The date the policy was created.
",
+ "SecurityPolicySummary$lastModifiedDate": "The timestamp of when the policy was last modified.
",
+ "UpdateCollectionDetail$createdDate": "The date and time when the collection was created.
",
+ "UpdateCollectionDetail$lastModifiedDate": "The date and time when the collection was last modified.
",
+ "UpdateVpcEndpointDetail$lastModifiedDate": "The timestamp of when the endpoint was last modified.
",
+ "VpcEndpointDetail$createdDate": "The date the endpoint was created.
"
+ }
+ },
+ "PolicyDescription": {
+ "base": null,
+ "refs": {
+ "AccessPolicyDetail$description": "The description of the policy.
",
+ "AccessPolicySummary$description": "The description of the access policy.
",
+ "CreateAccessPolicyRequest$description": "A description of the policy. Typically used to store information about the permissions defined in the policy.
",
+ "CreateSecurityPolicyRequest$description": "A description of the policy. Typically used to store information about the permissions defined in the policy.
",
+ "SecurityPolicyDetail$description": "The description of the security policy.
",
+ "SecurityPolicySummary$description": "The description of the security policy.
",
+ "UpdateAccessPolicyRequest$description": "A description of the policy. Typically used to store information about the permissions defined in the policy.
",
+ "UpdateSecurityPolicyRequest$description": "A description of the policy. Typically used to store information about the permissions defined in the policy.
"
+ }
+ },
+ "PolicyDocument": {
+ "base": null,
+ "refs": {
+ "CreateAccessPolicyRequest$policy": "The JSON policy document to use as the content for the policy.
",
+ "CreateSecurityPolicyRequest$policy": "The JSON policy document to use as the content for the new policy.
",
+ "UpdateAccessPolicyRequest$policy": "The JSON policy document to use as the content for the policy.
",
+ "UpdateSecurityPolicyRequest$policy": "The JSON policy document to use as the content for the new policy.
"
+ }
+ },
+ "PolicyName": {
+ "base": null,
+ "refs": {
+ "AccessPolicyDetail$name": "The name of the policy.
",
+ "AccessPolicySummary$name": "The name of the access policy.
",
+ "CreateAccessPolicyRequest$name": "The name of the policy.
",
+ "CreateSecurityPolicyRequest$name": "The name of the policy.
",
+ "DeleteAccessPolicyRequest$name": "The name of the policy to delete.
",
+ "DeleteSecurityPolicyRequest$name": "The name of the policy to delete.
",
+ "GetAccessPolicyRequest$name": "The name of the access policy.
",
+ "GetSecurityPolicyRequest$name": "The name of the security policy.
",
+ "SecurityPolicyDetail$name": "The name of the policy.
",
+ "SecurityPolicySummary$name": "The name of the policy.
",
+ "UpdateAccessPolicyRequest$name": "The name of the policy.
",
+ "UpdateSecurityPolicyRequest$name": "The name of the policy.
"
+ }
+ },
+ "PolicyVersion": {
+ "base": null,
+ "refs": {
+ "AccessPolicyDetail$policyVersion": "The version of the policy.
",
+ "AccessPolicySummary$policyVersion": "The version of the policy.
",
+ "SecurityConfigDetail$configVersion": "The version of the security configuration.
",
+ "SecurityConfigSummary$configVersion": "The version of the security configuration.
",
+ "SecurityPolicyDetail$policyVersion": "The version of the policy.
",
+ "SecurityPolicySummary$policyVersion": "The version of the policy.
",
+ "UpdateAccessPolicyRequest$policyVersion": "The version of the policy being updated.
",
+ "UpdateSecurityConfigRequest$configVersion": "The version of the security configuration to be updated. You can find the most recent version of a security configuration using the GetSecurityPolicy command.
",
+ "UpdateSecurityPolicyRequest$policyVersion": "The version of the policy being updated.
"
+ }
+ },
+ "Resource": {
+ "base": null,
+ "refs": {
+ "ListAccessPoliciesRequestResourceList$member": null,
+ "ListSecurityPoliciesRequestResourceList$member": null
+ }
+ },
+ "ResourceNotFoundException": {
+ "base": "Thrown when accessing or deleting a resource that does not exist.
",
+ "refs": {
+ }
+ },
+ "SamlConfigOptions": {
+ "base": "Describes SAML options for an OpenSearch Serverless security configuration in the form of a key-value map.
",
+ "refs": {
+ "CreateSecurityConfigRequest$samlOptions": "Describes SAML options in in the form of a key-value map.
",
+ "SecurityConfigDetail$samlOptions": "SAML options for the security configuration in the form of a key-value map.
",
+ "UpdateSecurityConfigRequest$samlOptions": "SAML options in in the form of a key-value map.
"
+ }
+ },
+ "SamlConfigOptionsSessionTimeoutInteger": {
+ "base": null,
+ "refs": {
+ "SamlConfigOptions$sessionTimeout": "The session timeout, in minutes. Minimum is 15 minutes and maximum is 1440 minutes (24 hours or 1 day). Default is 60 minutes.
"
+ }
+ },
+ "SearchCapacityValue": {
+ "base": null,
+ "refs": {
+ "CapacityLimits$maxSearchCapacityInOCU": "The maximum search capacity for collections.
"
+ }
+ },
+ "SecurityConfigDetail": {
+ "base": "Details about a security configuration for OpenSearch Serverless.
",
+ "refs": {
+ "CreateSecurityConfigResponse$securityConfigDetail": "Details about the created security configuration.
",
+ "GetSecurityConfigResponse$securityConfigDetail": "Details of the requested security configuration.
",
+ "UpdateSecurityConfigResponse$securityConfigDetail": "Details about the updated security configuration.
"
+ }
+ },
+ "SecurityConfigId": {
+ "base": null,
+ "refs": {
+ "DeleteSecurityConfigRequest$id": "The security configuration identifier. For SAML the ID will be saml/<accountId>/<idpProviderName>. For example, saml/123456789123/OKTADev.
",
+ "GetSecurityConfigRequest$id": "The unique identifier of the security configuration.
",
+ "SecurityConfigDetail$id": "The unique identifier of the security configuration.
",
+ "SecurityConfigSummary$id": "The unique identifier of the security configuration.
",
+ "UpdateSecurityConfigRequest$id": "The security configuration identifier. For SAML the ID will be saml/<accountId>/<idpProviderName>. For example, saml/123456789123/OKTADev.
"
+ }
+ },
+ "SecurityConfigStats": {
+ "base": "Statistics for an OpenSearch Serverless security configuration.
",
+ "refs": {
+ "GetPoliciesStatsResponse$SecurityConfigStats": "Information about the security configurations in your account.
"
+ }
+ },
+ "SecurityConfigSummaries": {
+ "base": null,
+ "refs": {
+ "ListSecurityConfigsResponse$securityConfigSummaries": "Details about the security configurations in your account.
"
+ }
+ },
+ "SecurityConfigSummary": {
+ "base": "A summary of a security configuration for OpenSearch Serverless.
",
+ "refs": {
+ "SecurityConfigSummaries$member": null
+ }
+ },
+ "SecurityConfigType": {
+ "base": null,
+ "refs": {
+ "CreateSecurityConfigRequest$type": "The type of security configuration.
",
+ "ListSecurityConfigsRequest$type": "The type of security configuration.
",
+ "SecurityConfigDetail$type": "The type of security configuration.
",
+ "SecurityConfigSummary$type": "The type of security configuration.
"
+ }
+ },
+ "SecurityGroupId": {
+ "base": null,
+ "refs": {
+ "SecurityGroupIds$member": null
+ }
+ },
+ "SecurityGroupIds": {
+ "base": null,
+ "refs": {
+ "CreateVpcEndpointRequest$securityGroupIds": "The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.
",
+ "UpdateVpcEndpointDetail$securityGroupIds": "The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.
",
+ "UpdateVpcEndpointRequest$addSecurityGroupIds": "The unique identifiers of the security groups to add to the endpoint. Security groups define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.
",
+ "UpdateVpcEndpointRequest$removeSecurityGroupIds": "The unique identifiers of the security groups to remove from the endpoint.
",
+ "VpcEndpointDetail$securityGroupIds": "The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.
"
+ }
+ },
+ "SecurityPolicyDetail": {
+ "base": "Details about an OpenSearch Serverless security policy.
",
+ "refs": {
+ "CreateSecurityPolicyResponse$securityPolicyDetail": "Details about the created security policy.
",
+ "GetSecurityPolicyResponse$securityPolicyDetail": "Details about the requested security policy.
",
+ "UpdateSecurityPolicyResponse$securityPolicyDetail": "Details about the updated security policy.
"
+ }
+ },
+ "SecurityPolicyStats": {
+ "base": "Statistics for an OpenSearch Serverless security policy.
",
+ "refs": {
+ "GetPoliciesStatsResponse$SecurityPolicyStats": "Information about the security policies in your account.
"
+ }
+ },
+ "SecurityPolicySummaries": {
+ "base": null,
+ "refs": {
+ "ListSecurityPoliciesResponse$securityPolicySummaries": "Details about the security policies in your account.
"
+ }
+ },
+ "SecurityPolicySummary": {
+ "base": "A summary of a security policy for OpenSearch Serverless.
",
+ "refs": {
+ "SecurityPolicySummaries$member": null
+ }
+ },
+ "SecurityPolicyType": {
+ "base": null,
+ "refs": {
+ "CreateSecurityPolicyRequest$type": "The type of security policy.
",
+ "DeleteSecurityPolicyRequest$type": "The type of policy.
",
+ "GetSecurityPolicyRequest$type": "The type of security policy.
",
+ "ListSecurityPoliciesRequest$type": "The type of policy.
",
+ "SecurityPolicyDetail$type": "The type of security policy.
",
+ "SecurityPolicySummary$type": "The type of security policy.
",
+ "UpdateSecurityPolicyRequest$type": "The type of access policy.
"
+ }
+ },
+ "String": {
+ "base": null,
+ "refs": {
+ "CollectionDetail$arn": "The Amazon Resource Name (ARN) of the collection.
",
+ "CollectionDetail$collectionEndpoint": "Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection.
",
+ "CollectionDetail$dashboardEndpoint": "Collection-specific endpoint used to access OpenSearch Dashboards.
",
+ "CollectionDetail$description": "A description of the collection.
",
+ "CollectionDetail$kmsKeyArn": "The ARN of the Amazon Web Services KMS key used to encrypt the collection.
",
+ "CollectionErrorDetail$errorCode": "The error code for the request. For example, NOT_FOUND.
",
+ "CollectionErrorDetail$errorMessage": "A description of the error. For example, The specified Collection is not found.
",
+ "CollectionSummary$arn": "The Amazon Resource Name (ARN) of the collection.
",
+ "ConflictException$message": null,
+ "CreateCollectionDetail$arn": "The Amazon Resource Name (ARN) of the collection.
",
+ "CreateCollectionDetail$description": "A description of the collection.
",
+ "CreateCollectionDetail$kmsKeyArn": "The Amazon Resource Name (ARN) of the KMS key with which to encrypt the collection.
",
+ "InternalServerException$message": null,
+ "ListAccessPoliciesRequest$nextToken": "If your initial ListAccessPolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListAccessPolicies operations, which returns results in the next page.
",
+ "ListAccessPoliciesResponse$nextToken": "When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.
",
+ "ListCollectionsRequest$nextToken": "If your initial ListCollections operation returns a nextToken, you can include the returned nextToken in subsequent ListCollections operations, which returns results in the next page.
",
+ "ListCollectionsResponse$nextToken": "When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.
",
+ "ListSecurityConfigsRequest$nextToken": "If your initial ListSecurityConfigs operation returns a nextToken, you can include the returned nextToken in subsequent ListSecurityConfigs operations, which returns results in the next page.
",
+ "ListSecurityConfigsResponse$nextToken": "When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.
",
+ "ListSecurityPoliciesRequest$nextToken": "If your initial ListSecurityPolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListSecurityPolicies operations, which returns results in the next page.
",
+ "ListSecurityPoliciesResponse$nextToken": "When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.
",
+ "ListVpcEndpointsRequest$nextToken": "If your initial ListVpcEndpoints operation returns a nextToken, you can include the returned nextToken in subsequent ListVpcEndpoints operations, which returns results in the next page.
",
+ "ListVpcEndpointsResponse$nextToken": "When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.
",
+ "ResourceNotFoundException$message": null,
+ "UpdateCollectionDetail$arn": "The Amazon Resource Name (ARN) of the collection.
",
+ "UpdateCollectionDetail$description": "The description of the collection.
",
+ "ValidationException$message": null,
+ "VpcEndpointErrorDetail$errorCode": "The error code for the failed request.
",
+ "VpcEndpointErrorDetail$errorMessage": "An error message describing the reason for the failure.
"
+ }
+ },
+ "SubnetId": {
+ "base": null,
+ "refs": {
+ "SubnetIds$member": null
+ }
+ },
+ "SubnetIds": {
+ "base": null,
+ "refs": {
+ "CreateVpcEndpointRequest$subnetIds": "The ID of one or more subnets from which you'll access OpenSearch Serverless.
",
+ "UpdateVpcEndpointDetail$subnetIds": "The ID of the subnets from which you access OpenSearch Serverless.
",
+ "UpdateVpcEndpointRequest$addSubnetIds": "The ID of one or more subnets to add to the endpoint.
",
+ "UpdateVpcEndpointRequest$removeSubnetIds": "The unique identifiers of the subnets to remove from the endpoint.
",
+ "VpcEndpointDetail$subnetIds": "The ID of the subnets from which you access OpenSearch Serverless.
"
+ }
+ },
+ "Tag": {
+ "base": "A map of key-value pairs associated to an OpenSearch Serverless resource.
",
+ "refs": {
+ "Tags$member": null
+ }
+ },
+ "TagKey": {
+ "base": null,
+ "refs": {
+ "Tag$key": "The key to use in the tag.
",
+ "TagKeys$member": null
+ }
+ },
+ "TagKeys": {
+ "base": null,
+ "refs": {
+ "UntagResourceRequest$tagKeys": "The tag or set of tags to remove from the resource. All tag keys in the request must be unique.
"
+ }
+ },
+ "TagResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "TagResourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "TagValue": {
+ "base": null,
+ "refs": {
+ "Tag$value": "The value of the tag.
"
+ }
+ },
+ "Tags": {
+ "base": null,
+ "refs": {
+ "CreateCollectionRequest$tags": "An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Serverless collection.
",
+ "ListTagsForResourceResponse$tags": "The tags associated with the resource.
",
+ "TagResourceRequest$tags": "A list of tags (key-value pairs) to add to the resource. All tag keys in the request must be unique.
"
+ }
+ },
+ "UntagResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UntagResourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateAccessPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateAccessPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateAccountSettingsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateAccountSettingsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateCollectionDetail": {
+ "base": "Details about an updated OpenSearch Serverless collection.
",
+ "refs": {
+ "UpdateCollectionResponse$updateCollectionDetail": "Details about the updated collection.
"
+ }
+ },
+ "UpdateCollectionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateCollectionRequestDescriptionString": {
+ "base": null,
+ "refs": {
+ "UpdateCollectionRequest$description": "A description of the collection.
"
+ }
+ },
+ "UpdateCollectionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSecurityConfigRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSecurityConfigResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSecurityPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSecurityPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateVpcEndpointDetail": {
+ "base": "Update details for an OpenSearch Serverless-managed interface endpoint.
",
+ "refs": {
+ "UpdateVpcEndpointResponse$UpdateVpcEndpointDetail": "Details about the updated VPC endpoint.
"
+ }
+ },
+ "UpdateVpcEndpointRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateVpcEndpointResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ValidationException": {
+ "base": "Thrown when the HTTP request contains invalid input or is missing required input.
",
+ "refs": {
+ }
+ },
+ "VpcEndpointDetail": {
+ "base": "Details about an OpenSearch Serverless-managed interface endpoint.
",
+ "refs": {
+ "VpcEndpointDetails$member": null
+ }
+ },
+ "VpcEndpointDetails": {
+ "base": null,
+ "refs": {
+ "BatchGetVpcEndpointResponse$vpcEndpointDetails": "Details about the specified VPC endpoint.
"
+ }
+ },
+ "VpcEndpointErrorDetail": {
+ "base": "Error information for a failed BatchGetVpcEndpoint request.
",
+ "refs": {
+ "VpcEndpointErrorDetails$member": null
+ }
+ },
+ "VpcEndpointErrorDetails": {
+ "base": null,
+ "refs": {
+ "BatchGetVpcEndpointResponse$vpcEndpointErrorDetails": "Error information for a failed request.
"
+ }
+ },
+ "VpcEndpointFilters": {
+ "base": "Filter the results of a ListVpcEndpoints request.
",
+ "refs": {
+ "ListVpcEndpointsRequest$vpcEndpointFilters": "Filter the results according to the current status of the VPC endpoint. Possible statuses are CREATING, DELETING, UPDATING, ACTIVE, and FAILED.
"
+ }
+ },
+ "VpcEndpointId": {
+ "base": null,
+ "refs": {
+ "CreateVpcEndpointDetail$id": "The unique identifier of the endpoint.
",
+ "DeleteVpcEndpointDetail$id": "The unique identifier of the endpoint.
",
+ "DeleteVpcEndpointRequest$id": "The VPC endpoint identifier.
",
+ "UpdateVpcEndpointDetail$id": "The unique identifier of the endpoint.
",
+ "UpdateVpcEndpointRequest$id": "The unique identifier of the interface endpoint to update.
",
+ "VpcEndpointDetail$id": "The unique identifier of the endpoint.
",
+ "VpcEndpointErrorDetail$id": "The unique identifier of the VPC endpoint.
",
+ "VpcEndpointIds$member": null,
+ "VpcEndpointSummary$id": "The unique identifier of the endpoint.
"
+ }
+ },
+ "VpcEndpointIds": {
+ "base": null,
+ "refs": {
+ "BatchGetVpcEndpointRequest$ids": "A list of VPC endpoint identifiers.
"
+ }
+ },
+ "VpcEndpointName": {
+ "base": null,
+ "refs": {
+ "CreateVpcEndpointDetail$name": "The name of the endpoint.
",
+ "CreateVpcEndpointRequest$name": "The name of the interface endpoint.
",
+ "DeleteVpcEndpointDetail$name": "The name of the endpoint.
",
+ "UpdateVpcEndpointDetail$name": "The name of the endpoint.
",
+ "VpcEndpointDetail$name": "The name of the endpoint.
",
+ "VpcEndpointSummary$name": "The name of the endpoint.
"
+ }
+ },
+ "VpcEndpointStatus": {
+ "base": null,
+ "refs": {
+ "CreateVpcEndpointDetail$status": "The current status in the endpoint creation process.
",
+ "DeleteVpcEndpointDetail$status": "The current status of the endpoint deletion process.
",
+ "UpdateVpcEndpointDetail$status": "The current status of the endpoint update process.
",
+ "VpcEndpointDetail$status": "The current status of the endpoint.
",
+ "VpcEndpointFilters$status": "The current status of the endpoint.
",
+ "VpcEndpointSummary$status": "The current status of the endpoint.
"
+ }
+ },
+ "VpcEndpointSummaries": {
+ "base": null,
+ "refs": {
+ "ListVpcEndpointsResponse$vpcEndpointSummaries": "Details about each VPC endpoint, including the name and current status.
"
+ }
+ },
+ "VpcEndpointSummary": {
+ "base": "The VPC endpoint object.
",
+ "refs": {
+ "VpcEndpointSummaries$member": null
+ }
+ },
+ "VpcId": {
+ "base": null,
+ "refs": {
+ "CreateVpcEndpointRequest$vpcId": "The ID of the VPC from which you'll access OpenSearch Serverless.
",
+ "VpcEndpointDetail$vpcId": "The ID of the VPC from which you access OpenSearch Serverless
"
+ }
+ },
+ "samlGroupAttribute": {
+ "base": null,
+ "refs": {
+ "SamlConfigOptions$groupAttribute": "The group attribute for this SAML integration.
"
+ }
+ },
+ "samlMetadata": {
+ "base": null,
+ "refs": {
+ "SamlConfigOptions$metadata": "The XML IdP metadata file generated from your identity provider.
"
+ }
+ },
+ "samlUserAttribute": {
+ "base": null,
+ "refs": {
+ "SamlConfigOptions$userAttribute": "A user attribute for this SAML integration.
"
+ }
+ }
+ }
+}
diff --git a/models/apis/opensearchserverless/2021-11-01/endpoint-rule-set-1.json b/models/apis/opensearchserverless/2021-11-01/endpoint-rule-set-1.json
new file mode 100644
index 0000000000..6c4f0a782a
--- /dev/null
+++ b/models/apis/opensearchserverless/2021-11-01/endpoint-rule-set-1.json
@@ -0,0 +1,309 @@
+{
+ "version": "1.0",
+ "parameters": {
+ "Region": {
+ "builtIn": "AWS::Region",
+ "required": true,
+ "documentation": "The AWS region used to dispatch the request.",
+ "type": "String"
+ },
+ "UseDualStack": {
+ "builtIn": "AWS::UseDualStack",
+ "required": true,
+ "default": false,
+ "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
+ "type": "Boolean"
+ },
+ "UseFIPS": {
+ "builtIn": "AWS::UseFIPS",
+ "required": true,
+ "default": false,
+ "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
+ "type": "Boolean"
+ },
+ "Endpoint": {
+ "builtIn": "SDK::Endpoint",
+ "required": false,
+ "documentation": "Override the endpoint used to send this request",
+ "type": "String"
+ }
+ },
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ },
+ {
+ "fn": "parseURL",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ],
+ "assign": "url"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://aoss-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://aoss-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://aoss.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://aoss.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/models/apis/opensearchserverless/2021-11-01/endpoint-tests-1.json b/models/apis/opensearchserverless/2021-11-01/endpoint-tests-1.json
new file mode 100644
index 0000000000..c00d2d53e4
--- /dev/null
+++ b/models/apis/opensearchserverless/2021-11-01/endpoint-tests-1.json
@@ -0,0 +1,295 @@
+{
+ "testCases": [
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://aoss.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips enabled and dualstack disabled",
+ "expect": {
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack enabled",
+ "expect": {
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ }
+ ],
+ "version": "1.0"
+}
\ No newline at end of file
diff --git a/models/apis/opensearchserverless/2021-11-01/examples-1.json b/models/apis/opensearchserverless/2021-11-01/examples-1.json
new file mode 100644
index 0000000000..0ea7e3b0bb
--- /dev/null
+++ b/models/apis/opensearchserverless/2021-11-01/examples-1.json
@@ -0,0 +1,5 @@
+{
+ "version": "1.0",
+ "examples": {
+ }
+}
diff --git a/models/apis/opensearchserverless/2021-11-01/paginators-1.json b/models/apis/opensearchserverless/2021-11-01/paginators-1.json
new file mode 100644
index 0000000000..3eddbddb65
--- /dev/null
+++ b/models/apis/opensearchserverless/2021-11-01/paginators-1.json
@@ -0,0 +1,29 @@
+{
+ "pagination": {
+ "ListAccessPolicies": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults"
+ },
+ "ListCollections": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults"
+ },
+ "ListSecurityConfigs": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults"
+ },
+ "ListSecurityPolicies": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults"
+ },
+ "ListVpcEndpoints": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults"
+ }
+ }
+}
diff --git a/models/apis/securitylake/2018-05-10/api-2.json b/models/apis/securitylake/2018-05-10/api-2.json
new file mode 100644
index 0000000000..a46e6fe8b1
--- /dev/null
+++ b/models/apis/securitylake/2018-05-10/api-2.json
@@ -0,0 +1,1704 @@
+{
+ "version":"2.0",
+ "metadata":{
+ "apiVersion":"2018-05-10",
+ "endpointPrefix":"securitylake",
+ "jsonVersion":"1.1",
+ "protocol":"rest-json",
+ "serviceFullName":"Amazon Security Lake",
+ "serviceId":"SecurityLake",
+ "signatureVersion":"v4",
+ "signingName":"securitylake",
+ "uid":"securitylake-2018-05-10"
+ },
+ "operations":{
+ "CreateAwsLogSource":{
+ "name":"CreateAwsLogSource",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/logsources/aws",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateAwsLogSourceRequest"},
+ "output":{"shape":"CreateAwsLogSourceResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"S3Exception"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "CreateCustomLogSource":{
+ "name":"CreateCustomLogSource",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/logsources/custom",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateCustomLogSourceRequest"},
+ "output":{"shape":"CreateCustomLogSourceResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictSourceNamesException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"BucketNotFoundException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "CreateDatalake":{
+ "name":"CreateDatalake",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/datalake",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateDatalakeRequest"},
+ "output":{"shape":"CreateDatalakeResponse"},
+ "errors":[
+ {"shape":"ServiceQuotaExceededException"},
+ {"shape":"ConflictException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"}
+ ]
+ },
+ "CreateDatalakeAutoEnable":{
+ "name":"CreateDatalakeAutoEnable",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/datalake/autoenable",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateDatalakeAutoEnableRequest"},
+ "output":{"shape":"CreateDatalakeAutoEnableResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "CreateDatalakeDelegatedAdmin":{
+ "name":"CreateDatalakeDelegatedAdmin",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/datalake/delegate",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateDatalakeDelegatedAdminRequest"},
+ "output":{"shape":"CreateDatalakeDelegatedAdminResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "CreateDatalakeExceptionsSubscription":{
+ "name":"CreateDatalakeExceptionsSubscription",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/datalake/exceptions/subscription",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateDatalakeExceptionsSubscriptionRequest"},
+ "output":{"shape":"CreateDatalakeExceptionsSubscriptionResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "CreateSubscriber":{
+ "name":"CreateSubscriber",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/subscribers",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateSubscriberRequest"},
+ "output":{"shape":"CreateSubscriberResponse"},
+ "errors":[
+ {"shape":"ConflictSubscriptionException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"BucketNotFoundException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ]
+ },
+ "CreateSubscriptionNotificationConfiguration":{
+ "name":"CreateSubscriptionNotificationConfiguration",
+ "http":{
+ "method":"POST",
+ "requestUri":"/subscription-notifications/{subscriptionId}",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateSubscriptionNotificationConfigurationRequest"},
+ "output":{"shape":"CreateSubscriptionNotificationConfigurationResponse"},
+ "errors":[
+ {"shape":"ConcurrentModificationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ]
+ },
+ "DeleteAwsLogSource":{
+ "name":"DeleteAwsLogSource",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/logsources/aws/delete",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteAwsLogSourceRequest"},
+ "output":{"shape":"DeleteAwsLogSourceResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "DeleteCustomLogSource":{
+ "name":"DeleteCustomLogSource",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/v1/logsources/custom",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteCustomLogSourceRequest"},
+ "output":{"shape":"DeleteCustomLogSourceResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictSourceNamesException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"BucketNotFoundException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"}
+ ],
+ "idempotent":true
+ },
+ "DeleteDatalake":{
+ "name":"DeleteDatalake",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/v1/datalake",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteDatalakeRequest"},
+ "output":{"shape":"DeleteDatalakeResponse"},
+ "errors":[
+ {"shape":"ServiceQuotaExceededException"},
+ {"shape":"ConflictException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"}
+ ],
+ "idempotent":true
+ },
+ "DeleteDatalakeAutoEnable":{
+ "name":"DeleteDatalakeAutoEnable",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/datalake/autoenable/delete",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteDatalakeAutoEnableRequest"},
+ "output":{"shape":"DeleteDatalakeAutoEnableResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "DeleteDatalakeDelegatedAdmin":{
+ "name":"DeleteDatalakeDelegatedAdmin",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/v1/datalake/delegate/{account}",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteDatalakeDelegatedAdminRequest"},
+ "output":{"shape":"DeleteDatalakeDelegatedAdminResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "DeleteDatalakeExceptionsSubscription":{
+ "name":"DeleteDatalakeExceptionsSubscription",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/v1/datalake/exceptions/subscription",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteDatalakeExceptionsSubscriptionRequest"},
+ "output":{"shape":"DeleteDatalakeExceptionsSubscriptionResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "DeleteSubscriber":{
+ "name":"DeleteSubscriber",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/v1/subscribers",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteSubscriberRequest"},
+ "output":{"shape":"DeleteSubscriberResponse"},
+ "errors":[
+ {"shape":"ConcurrentModificationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"BucketNotFoundException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ],
+ "idempotent":true
+ },
+ "DeleteSubscriptionNotificationConfiguration":{
+ "name":"DeleteSubscriptionNotificationConfiguration",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/subscription-notifications/{subscriptionId}",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteSubscriptionNotificationConfigurationRequest"},
+ "output":{"shape":"DeleteSubscriptionNotificationConfigurationResponse"},
+ "errors":[
+ {"shape":"ConcurrentModificationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ],
+ "idempotent":true
+ },
+ "GetDatalake":{
+ "name":"GetDatalake",
+ "http":{
+ "method":"GET",
+ "requestUri":"/v1/datalake",
+ "responseCode":200
+ },
+ "input":{"shape":"GetDatalakeRequest"},
+ "output":{"shape":"GetDatalakeResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "GetDatalakeAutoEnable":{
+ "name":"GetDatalakeAutoEnable",
+ "http":{
+ "method":"GET",
+ "requestUri":"/v1/datalake/autoenable",
+ "responseCode":200
+ },
+ "input":{"shape":"GetDatalakeAutoEnableRequest"},
+ "output":{"shape":"GetDatalakeAutoEnableResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "GetDatalakeExceptionsExpiry":{
+ "name":"GetDatalakeExceptionsExpiry",
+ "http":{
+ "method":"GET",
+ "requestUri":"/v1/datalake/exceptions/expiry",
+ "responseCode":200
+ },
+ "input":{"shape":"GetDatalakeExceptionsExpiryRequest"},
+ "output":{"shape":"GetDatalakeExceptionsExpiryResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "GetDatalakeExceptionsSubscription":{
+ "name":"GetDatalakeExceptionsSubscription",
+ "http":{
+ "method":"GET",
+ "requestUri":"/v1/datalake/exceptions/subscription",
+ "responseCode":200
+ },
+ "input":{"shape":"GetDatalakeExceptionsSubscriptionRequest"},
+ "output":{"shape":"GetDatalakeExceptionsSubscriptionResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "GetDatalakeStatus":{
+ "name":"GetDatalakeStatus",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/datalake/status",
+ "responseCode":200
+ },
+ "input":{"shape":"GetDatalakeStatusRequest"},
+ "output":{"shape":"GetDatalakeStatusResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "GetSubscriber":{
+ "name":"GetSubscriber",
+ "http":{
+ "method":"GET",
+ "requestUri":"/v1/subscribers/{id}",
+ "responseCode":200
+ },
+ "input":{"shape":"GetSubscriberRequest"},
+ "output":{"shape":"GetSubscriberResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ]
+ },
+ "ListDatalakeExceptions":{
+ "name":"ListDatalakeExceptions",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/datalake/exceptions",
+ "responseCode":200
+ },
+ "input":{"shape":"ListDatalakeExceptionsRequest"},
+ "output":{"shape":"ListDatalakeExceptionsResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "ListLogSources":{
+ "name":"ListLogSources",
+ "http":{
+ "method":"POST",
+ "requestUri":"/v1/logsources/list",
+ "responseCode":200
+ },
+ "input":{"shape":"ListLogSourcesRequest"},
+ "output":{"shape":"ListLogSourcesResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "ListSubscribers":{
+ "name":"ListSubscribers",
+ "http":{
+ "method":"GET",
+ "requestUri":"/v1/subscribers",
+ "responseCode":200
+ },
+ "input":{"shape":"ListSubscribersRequest"},
+ "output":{"shape":"ListSubscribersResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ]
+ },
+ "UpdateDatalake":{
+ "name":"UpdateDatalake",
+ "http":{
+ "method":"PUT",
+ "requestUri":"/v1/datalake",
+ "responseCode":200
+ },
+ "input":{"shape":"UpdateDatalakeRequest"},
+ "output":{"shape":"UpdateDatalakeResponse"},
+ "errors":[
+ {"shape":"EventBridgeException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"}
+ ],
+ "idempotent":true
+ },
+ "UpdateDatalakeExceptionsExpiry":{
+ "name":"UpdateDatalakeExceptionsExpiry",
+ "http":{
+ "method":"PUT",
+ "requestUri":"/v1/datalake/exceptions/expiry",
+ "responseCode":200
+ },
+ "input":{"shape":"UpdateDatalakeExceptionsExpiryRequest"},
+ "output":{"shape":"UpdateDatalakeExceptionsExpiryResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "UpdateDatalakeExceptionsSubscription":{
+ "name":"UpdateDatalakeExceptionsSubscription",
+ "http":{
+ "method":"PUT",
+ "requestUri":"/v1/datalake/exceptions/subscription",
+ "responseCode":200
+ },
+ "input":{"shape":"UpdateDatalakeExceptionsSubscriptionRequest"},
+ "output":{"shape":"UpdateDatalakeExceptionsSubscriptionResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"}
+ ]
+ },
+ "UpdateSubscriber":{
+ "name":"UpdateSubscriber",
+ "http":{
+ "method":"PUT",
+ "requestUri":"/v1/subscribers/{id}",
+ "responseCode":200
+ },
+ "input":{"shape":"UpdateSubscriberRequest"},
+ "output":{"shape":"UpdateSubscriberResponse"},
+ "errors":[
+ {"shape":"ConflictSubscriptionException"},
+ {"shape":"ConcurrentModificationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ],
+ "idempotent":true
+ },
+ "UpdateSubscriptionNotificationConfiguration":{
+ "name":"UpdateSubscriptionNotificationConfiguration",
+ "http":{
+ "method":"PUT",
+ "requestUri":"/subscription-notifications/{subscriptionId}",
+ "responseCode":200
+ },
+ "input":{"shape":"UpdateSubscriptionNotificationConfigurationRequest"},
+ "output":{"shape":"UpdateSubscriptionNotificationConfigurationResponse"},
+ "errors":[
+ {"shape":"ConcurrentModificationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccountNotFoundException"},
+ {"shape":"InvalidInputException"}
+ ]
+ }
+ },
+ "shapes":{
+ "AccessDeniedException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":403,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "AccessType":{
+ "type":"string",
+ "enum":[
+ "LAKEFORMATION",
+ "S3"
+ ]
+ },
+ "AccessTypeList":{
+ "type":"list",
+ "member":{"shape":"AccessType"}
+ },
+ "AccountList":{
+ "type":"list",
+ "member":{"shape":"String"}
+ },
+ "AccountNotFoundException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":403,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "AccountSources":{
+ "type":"structure",
+ "required":[
+ "account",
+ "sourceType"
+ ],
+ "members":{
+ "account":{"shape":"String"},
+ "eventClass":{"shape":"OcsfEventClass"},
+ "logsStatus":{"shape":"LogsStatusList"},
+ "sourceType":{"shape":"String"}
+ }
+ },
+ "AccountSourcesList":{
+ "type":"list",
+ "member":{"shape":"AccountSources"}
+ },
+ "AllDimensionsMap":{
+ "type":"map",
+ "key":{"shape":"String"},
+ "value":{"shape":"TwoDimensionsMap"}
+ },
+ "AutoEnableNewRegionConfiguration":{
+ "type":"structure",
+ "required":[
+ "region",
+ "sources"
+ ],
+ "members":{
+ "region":{"shape":"Region"},
+ "sources":{"shape":"AwsSourceTypeList"}
+ }
+ },
+ "AutoEnableNewRegionConfigurationList":{
+ "type":"list",
+ "member":{"shape":"AutoEnableNewRegionConfiguration"}
+ },
+ "AwsAccountId":{
+ "type":"string",
+ "max":12,
+ "min":12,
+ "pattern":"^\\d+$"
+ },
+ "AwsLogSourceType":{
+ "type":"string",
+ "enum":[
+ "ROUTE53",
+ "VPC_FLOW",
+ "CLOUD_TRAIL",
+ "SH_FINDINGS"
+ ]
+ },
+ "AwsSourceTypeList":{
+ "type":"list",
+ "member":{"shape":"AwsLogSourceType"}
+ },
+ "Boolean":{
+ "type":"boolean",
+ "box":true
+ },
+ "BucketNotFoundException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":409,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "ConcurrentModificationException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":409,
+ "senderFault":true
+ },
+ "exception":true,
+ "retryable":{"throttling":false}
+ },
+ "ConflictException":{
+ "type":"structure",
+ "required":[
+ "message",
+ "resourceId",
+ "resourceType"
+ ],
+ "members":{
+ "message":{"shape":"String"},
+ "resourceId":{"shape":"String"},
+ "resourceType":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":409,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "ConflictSourceNamesException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "ConflictSubscriptionException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "CreateAwsLogSourceRequest":{
+ "type":"structure",
+ "required":["inputOrder"],
+ "members":{
+ "enableAllDimensions":{"shape":"AllDimensionsMap"},
+ "enableSingleDimension":{"shape":"InputSet"},
+ "enableTwoDimensions":{"shape":"TwoDimensionsMap"},
+ "inputOrder":{"shape":"DimensionSet"}
+ }
+ },
+ "CreateAwsLogSourceResponse":{
+ "type":"structure",
+ "members":{
+ "failed":{"shape":"AccountList"},
+ "processing":{"shape":"AccountList"}
+ }
+ },
+ "CreateCustomLogSourceRequest":{
+ "type":"structure",
+ "required":[
+ "customSourceName",
+ "eventClass",
+ "glueInvocationRoleArn",
+ "logProviderAccountId"
+ ],
+ "members":{
+ "customSourceName":{"shape":"CustomSourceType"},
+ "eventClass":{"shape":"OcsfEventClass"},
+ "glueInvocationRoleArn":{"shape":"RoleArn"},
+ "logProviderAccountId":{"shape":"AwsAccountId"}
+ }
+ },
+ "CreateCustomLogSourceResponse":{
+ "type":"structure",
+ "required":[
+ "customDataLocation",
+ "glueCrawlerName",
+ "glueDatabaseName",
+ "glueTableName",
+ "logProviderAccessRoleArn"
+ ],
+ "members":{
+ "customDataLocation":{"shape":"String"},
+ "glueCrawlerName":{"shape":"String"},
+ "glueDatabaseName":{"shape":"String"},
+ "glueTableName":{"shape":"String"},
+ "logProviderAccessRoleArn":{"shape":"String"}
+ }
+ },
+ "CreateDatalakeAutoEnableRequest":{
+ "type":"structure",
+ "required":["configurationForNewAccounts"],
+ "members":{
+ "configurationForNewAccounts":{"shape":"AutoEnableNewRegionConfigurationList"}
+ }
+ },
+ "CreateDatalakeAutoEnableResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "CreateDatalakeDelegatedAdminRequest":{
+ "type":"structure",
+ "required":["account"],
+ "members":{
+ "account":{"shape":"SafeString"}
+ }
+ },
+ "CreateDatalakeDelegatedAdminResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "CreateDatalakeExceptionsSubscriptionRequest":{
+ "type":"structure",
+ "required":[
+ "notificationEndpoint",
+ "subscriptionProtocol"
+ ],
+ "members":{
+ "notificationEndpoint":{"shape":"SafeString"},
+ "subscriptionProtocol":{"shape":"SubscriptionProtocolType"}
+ }
+ },
+ "CreateDatalakeExceptionsSubscriptionResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "CreateDatalakeRequest":{
+ "type":"structure",
+ "members":{
+ "configurations":{"shape":"LakeConfigurationRequestMap"},
+ "enableAll":{"shape":"Boolean"},
+ "metaStoreManagerRoleArn":{"shape":"RoleArn"},
+ "regions":{"shape":"RegionSet"}
+ }
+ },
+ "CreateDatalakeResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "CreateSubscriberRequest":{
+ "type":"structure",
+ "required":[
+ "accountId",
+ "externalId",
+ "sourceTypes",
+ "subscriberName"
+ ],
+ "members":{
+ "accessTypes":{"shape":"AccessTypeList"},
+ "accountId":{"shape":"AwsAccountId"},
+ "externalId":{"shape":"SafeString"},
+ "sourceTypes":{"shape":"SourceTypeList"},
+ "subscriberDescription":{"shape":"SafeString"},
+ "subscriberName":{"shape":"CreateSubscriberRequestSubscriberNameString"}
+ }
+ },
+ "CreateSubscriberRequestSubscriberNameString":{
+ "type":"string",
+ "max":64,
+ "min":0
+ },
+ "CreateSubscriberResponse":{
+ "type":"structure",
+ "required":["subscriptionId"],
+ "members":{
+ "roleArn":{"shape":"RoleArn"},
+ "s3BucketArn":{"shape":"S3BucketArn"},
+ "snsArn":{"shape":"SnsTopicArn"},
+ "subscriptionId":{"shape":"UUID"}
+ }
+ },
+ "CreateSubscriptionNotificationConfigurationRequest":{
+ "type":"structure",
+ "required":["subscriptionId"],
+ "members":{
+ "createSqs":{"shape":"Boolean"},
+ "httpsApiKeyName":{"shape":"String"},
+ "httpsApiKeyValue":{"shape":"String"},
+ "httpsMethod":{"shape":"HttpsMethod"},
+ "roleArn":{"shape":"RoleArn"},
+ "subscriptionEndpoint":{"shape":"CreateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString"},
+ "subscriptionId":{
+ "shape":"UUID",
+ "location":"uri",
+ "locationName":"subscriptionId"
+ }
+ }
+ },
+ "CreateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString":{
+ "type":"string",
+ "pattern":"^(arn:aws:.+$|https?://.+$)"
+ },
+ "CreateSubscriptionNotificationConfigurationResponse":{
+ "type":"structure",
+ "members":{
+ "queueArn":{"shape":"SafeString"}
+ }
+ },
+ "CustomSourceType":{
+ "type":"string",
+ "pattern":"^[\\\\\\w\\-_:/.]*$"
+ },
+ "DeleteAwsLogSourceRequest":{
+ "type":"structure",
+ "required":["inputOrder"],
+ "members":{
+ "disableAllDimensions":{"shape":"AllDimensionsMap"},
+ "disableSingleDimension":{"shape":"InputSet"},
+ "disableTwoDimensions":{"shape":"TwoDimensionsMap"},
+ "inputOrder":{"shape":"DimensionSet"}
+ }
+ },
+ "DeleteAwsLogSourceResponse":{
+ "type":"structure",
+ "members":{
+ "failed":{"shape":"AccountList"},
+ "processing":{"shape":"AccountList"}
+ }
+ },
+ "DeleteCustomLogSourceRequest":{
+ "type":"structure",
+ "required":["customSourceName"],
+ "members":{
+ "customSourceName":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"customSourceName"
+ }
+ }
+ },
+ "DeleteCustomLogSourceResponse":{
+ "type":"structure",
+ "required":["customDataLocation"],
+ "members":{
+ "customDataLocation":{"shape":"String"}
+ }
+ },
+ "DeleteDatalakeAutoEnableRequest":{
+ "type":"structure",
+ "required":["removeFromConfigurationForNewAccounts"],
+ "members":{
+ "removeFromConfigurationForNewAccounts":{"shape":"AutoEnableNewRegionConfigurationList"}
+ }
+ },
+ "DeleteDatalakeAutoEnableResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DeleteDatalakeDelegatedAdminRequest":{
+ "type":"structure",
+ "required":["account"],
+ "members":{
+ "account":{
+ "shape":"SafeString",
+ "location":"uri",
+ "locationName":"account"
+ }
+ }
+ },
+ "DeleteDatalakeDelegatedAdminResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DeleteDatalakeExceptionsSubscriptionRequest":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DeleteDatalakeExceptionsSubscriptionResponse":{
+ "type":"structure",
+ "required":["status"],
+ "members":{
+ "status":{"shape":"SafeString"}
+ }
+ },
+ "DeleteDatalakeRequest":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DeleteDatalakeResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DeleteSubscriberRequest":{
+ "type":"structure",
+ "required":["id"],
+ "members":{
+ "id":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"id"
+ }
+ }
+ },
+ "DeleteSubscriberResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DeleteSubscriptionNotificationConfigurationRequest":{
+ "type":"structure",
+ "required":["subscriptionId"],
+ "members":{
+ "subscriptionId":{
+ "shape":"UUID",
+ "location":"uri",
+ "locationName":"subscriptionId"
+ }
+ }
+ },
+ "DeleteSubscriptionNotificationConfigurationResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "Dimension":{
+ "type":"string",
+ "enum":[
+ "REGION",
+ "SOURCE_TYPE",
+ "MEMBER"
+ ]
+ },
+ "DimensionSet":{
+ "type":"list",
+ "member":{"shape":"Dimension"}
+ },
+ "EndpointProtocol":{
+ "type":"string",
+ "enum":[
+ "HTTPS",
+ "SQS"
+ ]
+ },
+ "EventBridgeException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "Failures":{
+ "type":"structure",
+ "required":[
+ "exceptionMessage",
+ "remediation",
+ "timestamp"
+ ],
+ "members":{
+ "exceptionMessage":{"shape":"SafeString"},
+ "remediation":{"shape":"SafeString"},
+ "timestamp":{"shape":"SyntheticTimestamp_date_time"}
+ }
+ },
+ "FailuresResponse":{
+ "type":"structure",
+ "members":{
+ "failures":{"shape":"Failureslist"},
+ "region":{"shape":"SafeString"}
+ }
+ },
+ "FailuresResponseList":{
+ "type":"list",
+ "member":{"shape":"FailuresResponse"}
+ },
+ "Failureslist":{
+ "type":"list",
+ "member":{"shape":"Failures"}
+ },
+ "GetDatalakeAutoEnableRequest":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "GetDatalakeAutoEnableResponse":{
+ "type":"structure",
+ "required":["autoEnableNewAccounts"],
+ "members":{
+ "autoEnableNewAccounts":{"shape":"AutoEnableNewRegionConfigurationList"}
+ }
+ },
+ "GetDatalakeExceptionsExpiryRequest":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "GetDatalakeExceptionsExpiryResponse":{
+ "type":"structure",
+ "required":["exceptionMessageExpiry"],
+ "members":{
+ "exceptionMessageExpiry":{"shape":"Long"}
+ }
+ },
+ "GetDatalakeExceptionsSubscriptionRequest":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "GetDatalakeExceptionsSubscriptionResponse":{
+ "type":"structure",
+ "required":["protocolAndNotificationEndpoint"],
+ "members":{
+ "protocolAndNotificationEndpoint":{"shape":"ProtocolAndNotificationEndpoint"}
+ }
+ },
+ "GetDatalakeRequest":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "GetDatalakeResponse":{
+ "type":"structure",
+ "required":["configurations"],
+ "members":{
+ "configurations":{"shape":"LakeConfigurationResponseMap"}
+ }
+ },
+ "GetDatalakeStatusRequest":{
+ "type":"structure",
+ "members":{
+ "accountSet":{"shape":"InputSet"},
+ "maxAccountResults":{"shape":"Integer"},
+ "nextToken":{"shape":"SafeString"}
+ }
+ },
+ "GetDatalakeStatusResponse":{
+ "type":"structure",
+ "required":["accountSourcesList"],
+ "members":{
+ "accountSourcesList":{"shape":"AccountSourcesList"},
+ "nextToken":{"shape":"SafeString"}
+ }
+ },
+ "GetSubscriberRequest":{
+ "type":"structure",
+ "required":["id"],
+ "members":{
+ "id":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"id"
+ }
+ }
+ },
+ "GetSubscriberResponse":{
+ "type":"structure",
+ "members":{
+ "subscriber":{"shape":"SubscriberResource"}
+ }
+ },
+ "HttpsMethod":{
+ "type":"string",
+ "enum":[
+ "POST",
+ "PUT"
+ ]
+ },
+ "InputSet":{
+ "type":"list",
+ "member":{"shape":"SafeString"}
+ },
+ "Integer":{
+ "type":"integer",
+ "box":true
+ },
+ "InternalServerException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"},
+ "retryAfterSeconds":{
+ "shape":"Integer",
+ "location":"header",
+ "locationName":"Retry-After"
+ }
+ },
+ "error":{"httpStatusCode":500},
+ "exception":true,
+ "fault":true,
+ "retryable":{"throttling":false}
+ },
+ "InvalidInputException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "LakeConfigurationRequest":{
+ "type":"structure",
+ "members":{
+ "encryptionKey":{"shape":"String"},
+ "replicationDestinationRegions":{"shape":"RegionSet"},
+ "replicationRoleArn":{"shape":"RoleArn"},
+ "retentionSettings":{"shape":"RetentionSettingList"},
+ "tagsMap":{"shape":"TagsMap"}
+ }
+ },
+ "LakeConfigurationRequestMap":{
+ "type":"map",
+ "key":{"shape":"Region"},
+ "value":{"shape":"LakeConfigurationRequest"}
+ },
+ "LakeConfigurationResponse":{
+ "type":"structure",
+ "members":{
+ "encryptionKey":{"shape":"String"},
+ "replicationDestinationRegions":{"shape":"RegionSet"},
+ "replicationRoleArn":{"shape":"RoleArn"},
+ "retentionSettings":{"shape":"RetentionSettingList"},
+ "s3BucketArn":{"shape":"S3BucketArn"},
+ "status":{"shape":"settingsStatus"},
+ "tagsMap":{"shape":"TagsMap"}
+ }
+ },
+ "LakeConfigurationResponseMap":{
+ "type":"map",
+ "key":{"shape":"Region"},
+ "value":{"shape":"LakeConfigurationResponse"}
+ },
+ "ListDatalakeExceptionsRequest":{
+ "type":"structure",
+ "members":{
+ "maxFailures":{"shape":"Integer"},
+ "nextToken":{"shape":"SafeString"},
+ "regionSet":{"shape":"RegionSet"}
+ }
+ },
+ "ListDatalakeExceptionsResponse":{
+ "type":"structure",
+ "required":["nonRetryableFailures"],
+ "members":{
+ "nextToken":{"shape":"SafeString"},
+ "nonRetryableFailures":{"shape":"FailuresResponseList"}
+ }
+ },
+ "ListLogSourcesRequest":{
+ "type":"structure",
+ "members":{
+ "inputOrder":{"shape":"DimensionSet"},
+ "listAllDimensions":{"shape":"AllDimensionsMap"},
+ "listSingleDimension":{"shape":"InputSet"},
+ "listTwoDimensions":{"shape":"TwoDimensionsMap"},
+ "maxResults":{"shape":"Integer"},
+ "nextToken":{"shape":"SafeString"}
+ }
+ },
+ "ListLogSourcesResponse":{
+ "type":"structure",
+ "required":["regionSourceTypesAccountsList"],
+ "members":{
+ "nextToken":{"shape":"String"},
+ "regionSourceTypesAccountsList":{"shape":"RegionSourceTypesAccountsList"}
+ }
+ },
+ "ListSubscribersRequest":{
+ "type":"structure",
+ "members":{
+ "maxResults":{
+ "shape":"Integer",
+ "location":"querystring",
+ "locationName":"maxResults"
+ },
+ "nextToken":{
+ "shape":"SafeString",
+ "location":"querystring",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "ListSubscribersResponse":{
+ "type":"structure",
+ "required":["subscribers"],
+ "members":{
+ "nextToken":{"shape":"SafeString"},
+ "subscribers":{"shape":"SubscriberList"}
+ }
+ },
+ "LogsStatus":{
+ "type":"structure",
+ "required":[
+ "healthStatus",
+ "pathToLogs"
+ ],
+ "members":{
+ "healthStatus":{"shape":"SourceStatus"},
+ "pathToLogs":{"shape":"String"}
+ }
+ },
+ "LogsStatusList":{
+ "type":"list",
+ "member":{"shape":"LogsStatus"}
+ },
+ "Long":{
+ "type":"long",
+ "box":true
+ },
+ "OcsfEventClass":{
+ "type":"string",
+ "enum":[
+ "ACCESS_ACTIVITY",
+ "FILE_ACTIVITY",
+ "KERNEL_ACTIVITY",
+ "KERNEL_EXTENSION",
+ "MEMORY_ACTIVITY",
+ "MODULE_ACTIVITY",
+ "PROCESS_ACTIVITY",
+ "REGISTRY_KEY_ACTIVITY",
+ "REGISTRY_VALUE_ACTIVITY",
+ "RESOURCE_ACTIVITY",
+ "SCHEDULED_JOB_ACTIVITY",
+ "SECURITY_FINDING",
+ "ACCOUNT_CHANGE",
+ "AUTHENTICATION",
+ "AUTHORIZATION",
+ "ENTITY_MANAGEMENT_AUDIT",
+ "DHCP_ACTIVITY",
+ "NETWORK_ACTIVITY",
+ "DNS_ACTIVITY",
+ "FTP_ACTIVITY",
+ "HTTP_ACTIVITY",
+ "RDP_ACTIVITY",
+ "SMB_ACTIVITY",
+ "SSH_ACTIVITY",
+ "CLOUD_API",
+ "CONTAINER_LIFECYCLE",
+ "DATABASE_LIFECYCLE",
+ "CONFIG_STATE",
+ "CLOUD_STORAGE",
+ "INVENTORY_INFO",
+ "RFB_ACTIVITY",
+ "SMTP_ACTIVITY",
+ "VIRTUAL_MACHINE_ACTIVITY"
+ ]
+ },
+ "ProtocolAndNotificationEndpoint":{
+ "type":"structure",
+ "members":{
+ "endpoint":{"shape":"SafeString"},
+ "protocol":{"shape":"SafeString"}
+ }
+ },
+ "Region":{
+ "type":"string",
+ "enum":[
+ "us-east-1",
+ "us-west-2",
+ "eu-central-1",
+ "us-east-2",
+ "eu-west-1",
+ "ap-northeast-1",
+ "ap-southeast-2"
+ ]
+ },
+ "RegionSet":{
+ "type":"list",
+ "member":{"shape":"Region"}
+ },
+ "RegionSourceTypesAccountsList":{
+ "type":"list",
+ "member":{"shape":"AllDimensionsMap"}
+ },
+ "ResourceNotFoundException":{
+ "type":"structure",
+ "required":[
+ "message",
+ "resourceId",
+ "resourceType"
+ ],
+ "members":{
+ "message":{"shape":"String"},
+ "resourceId":{"shape":"String"},
+ "resourceType":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":404,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "RetentionSetting":{
+ "type":"structure",
+ "members":{
+ "retentionPeriod":{"shape":"RetentionSettingRetentionPeriodInteger"},
+ "storageClass":{"shape":"StorageClass"}
+ }
+ },
+ "RetentionSettingList":{
+ "type":"list",
+ "member":{"shape":"RetentionSetting"}
+ },
+ "RetentionSettingRetentionPeriodInteger":{
+ "type":"integer",
+ "box":true,
+ "min":1
+ },
+ "RoleArn":{
+ "type":"string",
+ "pattern":"^arn:.*"
+ },
+ "S3BucketArn":{"type":"string"},
+ "S3Exception":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "SafeString":{
+ "type":"string",
+ "pattern":"^[\\\\\\w\\-_:/.@=+]*$"
+ },
+ "ServiceQuotaExceededException":{
+ "type":"structure",
+ "required":[
+ "message",
+ "quotaCode",
+ "resourceId",
+ "resourceType",
+ "serviceCode"
+ ],
+ "members":{
+ "message":{"shape":"String"},
+ "quotaCode":{"shape":"String"},
+ "resourceId":{"shape":"String"},
+ "resourceType":{"shape":"String"},
+ "serviceCode":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":402,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "SnsTopicArn":{"type":"string"},
+ "SourceStatus":{
+ "type":"string",
+ "enum":[
+ "ACTIVE",
+ "DEACTIVATED",
+ "PENDING"
+ ]
+ },
+ "SourceType":{
+ "type":"structure",
+ "members":{
+ "awsSourceType":{"shape":"AwsLogSourceType"},
+ "customSourceType":{"shape":"CustomSourceType"}
+ },
+ "union":true
+ },
+ "SourceTypeList":{
+ "type":"list",
+ "member":{"shape":"SourceType"}
+ },
+ "StorageClass":{
+ "type":"string",
+ "enum":[
+ "STANDARD_IA",
+ "ONEZONE_IA",
+ "INTELLIGENT_TIERING",
+ "GLACIER_IR",
+ "GLACIER",
+ "DEEP_ARCHIVE",
+ "EXPIRE"
+ ]
+ },
+ "String":{"type":"string"},
+ "SubscriberList":{
+ "type":"list",
+ "member":{"shape":"SubscriberResource"}
+ },
+ "SubscriberResource":{
+ "type":"structure",
+ "required":[
+ "accountId",
+ "sourceTypes",
+ "subscriptionId"
+ ],
+ "members":{
+ "accessTypes":{"shape":"AccessTypeList"},
+ "accountId":{"shape":"AwsAccountId"},
+ "createdAt":{"shape":"SyntheticTimestamp_date_time"},
+ "externalId":{"shape":"SafeString"},
+ "roleArn":{"shape":"RoleArn"},
+ "s3BucketArn":{"shape":"S3BucketArn"},
+ "snsArn":{"shape":"SnsTopicArn"},
+ "sourceTypes":{"shape":"SourceTypeList"},
+ "subscriberDescription":{"shape":"SafeString"},
+ "subscriberName":{"shape":"SafeString"},
+ "subscriptionEndpoint":{"shape":"String"},
+ "subscriptionId":{"shape":"UUID"},
+ "subscriptionProtocol":{"shape":"EndpointProtocol"},
+ "subscriptionStatus":{"shape":"SubscriptionStatus"},
+ "updatedAt":{"shape":"SyntheticTimestamp_date_time"}
+ }
+ },
+ "SubscriptionProtocolType":{
+ "type":"string",
+ "enum":[
+ "HTTP",
+ "HTTPS",
+ "EMAIL",
+ "EMAIL_JSON",
+ "SMS",
+ "SQS",
+ "LAMBDA",
+ "APP",
+ "FIREHOSE"
+ ]
+ },
+ "SubscriptionStatus":{
+ "type":"string",
+ "enum":[
+ "ACTIVE",
+ "DEACTIVATED",
+ "PENDING",
+ "READY"
+ ]
+ },
+ "SyntheticTimestamp_date_time":{
+ "type":"timestamp",
+ "timestampFormat":"iso8601"
+ },
+ "TagsMap":{
+ "type":"map",
+ "key":{"shape":"String"},
+ "value":{"shape":"String"}
+ },
+ "ThrottlingException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"},
+ "quotaCode":{"shape":"String"},
+ "retryAfterSeconds":{
+ "shape":"Integer",
+ "location":"header",
+ "locationName":"Retry-After"
+ },
+ "serviceCode":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":429,
+ "senderFault":true
+ },
+ "exception":true,
+ "retryable":{"throttling":true}
+ },
+ "TwoDimensionsMap":{
+ "type":"map",
+ "key":{"shape":"String"},
+ "value":{"shape":"ValueSet"}
+ },
+ "UUID":{
+ "type":"string",
+ "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+ },
+ "UpdateDatalakeExceptionsExpiryRequest":{
+ "type":"structure",
+ "required":["exceptionMessageExpiry"],
+ "members":{
+ "exceptionMessageExpiry":{"shape":"UpdateDatalakeExceptionsExpiryRequestExceptionMessageExpiryLong"}
+ }
+ },
+ "UpdateDatalakeExceptionsExpiryRequestExceptionMessageExpiryLong":{
+ "type":"long",
+ "box":true,
+ "min":1
+ },
+ "UpdateDatalakeExceptionsExpiryResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "UpdateDatalakeExceptionsSubscriptionRequest":{
+ "type":"structure",
+ "required":[
+ "notificationEndpoint",
+ "subscriptionProtocol"
+ ],
+ "members":{
+ "notificationEndpoint":{"shape":"SafeString"},
+ "subscriptionProtocol":{"shape":"SubscriptionProtocolType"}
+ }
+ },
+ "UpdateDatalakeExceptionsSubscriptionResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "UpdateDatalakeRequest":{
+ "type":"structure",
+ "required":["configurations"],
+ "members":{
+ "configurations":{"shape":"LakeConfigurationRequestMap"}
+ }
+ },
+ "UpdateDatalakeResponse":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "UpdateSubscriberRequest":{
+ "type":"structure",
+ "required":["id"],
+ "members":{
+ "externalId":{"shape":"SafeString"},
+ "id":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"id"
+ },
+ "sourceTypes":{"shape":"SourceTypeList"},
+ "subscriberDescription":{"shape":"SafeString"},
+ "subscriberName":{"shape":"UpdateSubscriberRequestSubscriberNameString"}
+ }
+ },
+ "UpdateSubscriberRequestSubscriberNameString":{
+ "type":"string",
+ "max":64,
+ "min":0,
+ "pattern":"^[\\\\\\w\\-_:/.@=+]*$"
+ },
+ "UpdateSubscriberResponse":{
+ "type":"structure",
+ "members":{
+ "subscriber":{"shape":"SubscriberResource"}
+ }
+ },
+ "UpdateSubscriptionNotificationConfigurationRequest":{
+ "type":"structure",
+ "required":["subscriptionId"],
+ "members":{
+ "createSqs":{"shape":"Boolean"},
+ "httpsApiKeyName":{"shape":"String"},
+ "httpsApiKeyValue":{"shape":"String"},
+ "httpsMethod":{"shape":"HttpsMethod"},
+ "roleArn":{"shape":"RoleArn"},
+ "subscriptionEndpoint":{"shape":"UpdateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString"},
+ "subscriptionId":{
+ "shape":"UUID",
+ "location":"uri",
+ "locationName":"subscriptionId"
+ }
+ }
+ },
+ "UpdateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString":{
+ "type":"string",
+ "pattern":"^(arn:aws:.+$|https?://.+$)"
+ },
+ "UpdateSubscriptionNotificationConfigurationResponse":{
+ "type":"structure",
+ "members":{
+ "queueArn":{"shape":"SafeString"}
+ }
+ },
+ "ValidationException":{
+ "type":"structure",
+ "required":[
+ "message",
+ "reason"
+ ],
+ "members":{
+ "fieldList":{"shape":"ValidationExceptionFieldList"},
+ "message":{"shape":"String"},
+ "reason":{"shape":"ValidationExceptionReason"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "ValidationExceptionField":{
+ "type":"structure",
+ "required":[
+ "message",
+ "name"
+ ],
+ "members":{
+ "message":{"shape":"String"},
+ "name":{"shape":"String"}
+ }
+ },
+ "ValidationExceptionFieldList":{
+ "type":"list",
+ "member":{"shape":"ValidationExceptionField"}
+ },
+ "ValidationExceptionReason":{
+ "type":"string",
+ "enum":[
+ "unknownOperation",
+ "cannotParse",
+ "fieldValidationFailed",
+ "other"
+ ]
+ },
+ "ValueSet":{
+ "type":"list",
+ "member":{"shape":"String"}
+ },
+ "settingsStatus":{
+ "type":"string",
+ "enum":[
+ "INITIALIZED",
+ "PENDING",
+ "COMPLETED",
+ "FAILED"
+ ]
+ }
+ }
+}
diff --git a/models/apis/securitylake/2018-05-10/docs-2.json b/models/apis/securitylake/2018-05-10/docs-2.json
new file mode 100644
index 0000000000..2e4762695a
--- /dev/null
+++ b/models/apis/securitylake/2018-05-10/docs-2.json
@@ -0,0 +1,942 @@
+{
+ "version": "2.0",
+ "service": " Amazon Security Lake is in preview release. Your use of the Amazon Security Lake preview is subject to Section 2 of the Amazon Web Services Service Terms(\"Betas and Previews\").
Amazon Security Lake is a fully-managed security data lake service. You can use Security Lake to automatically centralize security data from cloud, on-premises, and custom sources into a data lake that's stored in your account. Security Lake helps you analyze security data, so you can get a more complete understanding of your security posture across the entire organization and improve the protection of your workloads, applications, and data.
The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you retain ownership over your data.
Security Lake automates the collection of security-related log and event data from integrated Amazon Web Services. and third-party services and manages the lifecycle of data with customizable retention and replication settings. Security Lake also converts ingested data into Apache Parquet format and a standard open-source schema called the Open Cybersecurity Schema Framework (OCSF).
Other Amazon Web Services and third-party services can subscribe to the data that's stored in Security Lake for incident response and security data analytics.
",
+ "operations": {
+ "CreateAwsLogSource": "Adds a natively-supported Amazon Web Services service as a Security Lake source. Enables source types for member accounts in required Regions, based on specified parameters. You can choose any source type in any Region for accounts that are either part of a trusted organization or standalone accounts. At least one of the three dimensions is a mandatory input to this API. However, any combination of the three dimensions can be supplied to this API.
By default, dimension refers to the entire set. When you don't provide a dimension, Security Lake assumes that the missing dimension refers to the entire set. This is overridden when you supply any one of the inputs. For instance, when members is not specified, the API disables all Security Lake member accounts for sources. Similarly, when Regions are not specified, Security Lake is disabled for all the Regions where Security Lake is available as a service.
You can use this API only to enable a natively-supported Amazon Web Services services as a source. Use CreateCustomLogSource to enable data collection from a custom source.
",
+ "CreateCustomLogSource": "Adds a third-party custom source in Amazon Security Lake, from the Region where you want to create a custom source. Security Lake can collect logs and events from third-party custom sources. After creating the appropriate API roles, use this API to add a custom source name in Security Lake. This operation creates a partition in the Security Lake S3 bucket as the target location for log files from the custom source, an associated Glue table, and an Glue crawler.
",
+ "CreateDatalake": "Initializes an Amazon Security Lake instance with the provided (or default) configuration. You can enable Security Lake in Regions with customized settings in advance before enabling log collection in Regions. You can either use the enableAll parameter to specify all Regions or you can specify the Regions you want to enable Security Lake using the Regions parameter and configure these Regions using the configurations parameter. When the CreateDataLake API is called multiple times, if that Region is already enabled, it will update the Region if configuration for that Region is provided. If that Region is a new Region, it will be set up with the customized configurations if it is specified.
When you enable Security Lake, it starts ingesting security data after the CreateAwsLogSource call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your account in the current Region, including security log and event data. For more information, see the Amazon Security Lake User Guide.
",
+ "CreateDatalakeAutoEnable": "Automatically enable Security Lake in the specified Regions to begin ingesting security data. When you choose to enable organization accounts automatically, then Security Lake begins to enable new accounts as member accounts as they are added to the organization. Security Lake does not enable existing organization accounts that are not yet enabled.
",
+ "CreateDatalakeDelegatedAdmin": "Designates the Security Lake administrator account for the organization. This API can only be called by the organization management account. The organization management account cannot be the delegated administrator account.
",
+ "CreateDatalakeExceptionsSubscription": "Creates the specified notification subscription in Security Lake. Creates the specified subscription notifications in the specified organization.
",
+ "CreateSubscriber": "Creates a subscription permission for accounts that are already enabled in Security Lake.
",
+ "CreateSubscriptionNotificationConfiguration": "Creates the specified notification subscription in Security Lake. Creates the specified subscription notifications from the specified organization.
",
+ "DeleteAwsLogSource": "Removes a natively-supported Amazon Web Services service as a Amazon Security Lake source. When you remove the source, Security Lake stops collecting data from that source, and subscribers can no longer consume new data from the source. Subscribers can still consume data that Amazon Security Lake collected from the source before disablement.
You can choose any source type in any Region for accounts that are either part of a trusted organization or standalone accounts. At least one of the three dimensions is a mandatory input to this API. However, any combination of the three dimensions can be supplied to this API.
By default, dimension refers to the entire set. This is overridden when you supply any one of the inputs. For instance, when members is not specified, the API disables all Security Lake member accounts for sources. Similarly, when Regions are not specified, Security Lake is disabled for all the Regions where Security Lake is available as a service.
You can use this API to remove a natively-supported Amazon Web Services service as a source. Use DeregisterCustomData to remove a custom source.
When you don't provide a dimension, Security Lake assumes that the missing dimension refers to the entire set. For example, if you don't provide specific accounts, the API applies to the entire set of accounts in your organization.
",
+ "DeleteCustomLogSource": "Removes a custom log source from Security Lake.
",
+ "DeleteDatalake": "When you delete Amazon Security Lake from your account, Security Lake is disabled in all Regions. Also, this API automatically performs the off-boarding steps to off-board the account from Security Lake . This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also deletes all the existing settings and resources that it stores or maintains for your account in the current Region, including security log and event data. DeleteDatalake does not delete the S3 bucket which is owned by the Amazon Web Services account. For more information, see the Amazon Security Lake User Guide.
",
+ "DeleteDatalakeAutoEnable": "Automatically delete Security Lake in the specified Regions to stop ingesting security data. When you delete Amazon Security Lake from your account, Security Lake is disabled in all Regions. Also, this API automatically performs the off-boarding steps to off-board the account from Security Lake . This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also deletes all the existing settings and resources that it stores or maintains for your account in the current Region, including security log and event data. For more information, see the Amazon Security Lake User Guide.
",
+ "DeleteDatalakeDelegatedAdmin": "Deletes the Security Lake administrator account for the organization. This API can only be called by the organization management account. The organization management account cannot be the delegated administrator account.
",
+ "DeleteDatalakeExceptionsSubscription": "Deletes the specified notification subscription in Security Lake. Deletes the specified subscription notifications in the specified organization.
",
+ "DeleteSubscriber": "Deletes the specified subscription permissions to Security Lake. Deletes the specified subscription permissions from the specified organization.
",
+ "DeleteSubscriptionNotificationConfiguration": "Deletes the specified notification subscription in Security Lake. Deletes the specified subscription notifications from the specified organization.
",
+ "GetDatalake": "Retrieve the Security Lake configuration object for the specified account ID. This API does not take input parameters.
",
+ "GetDatalakeAutoEnable": "Retrieves the configuration that will be automatically set up for accounts added to the organization after the organization has on boarded to Amazon Security Lake. This API does not take input parameters.
",
+ "GetDatalakeExceptionsExpiry": "Retrieves the expiration period and time-to-live (TTL) for which the exception message will remain. Exceptions are stored by default, for a 2 week period of time from when a record was created in Security Lake. This API does not take input parameters. This API does not take input parameters.
",
+ "GetDatalakeExceptionsSubscription": "Retrieves the details of exception notifications for the account in Amazon Security Lake.
",
+ "GetDatalakeStatus": "Retrieve the Security Lake configuration object for the specified account ID. This API does not take input parameters.
",
+ "GetSubscriber": "Retrieves subscription information for the specified subscription ID.
",
+ "ListDatalakeExceptions": "List the Amazon Security Lake exceptions that you can use to find the source of problems and fix them.
",
+ "ListLogSources": "Lists the log sources in the current region.
",
+ "ListSubscribers": "List all subscribers for the specific Security Lake account ID.
",
+ "UpdateDatalake": "Amazon Security Lake allows you to specify where to store your security data and for how long. You can specify a rollup Region to consolidate data from multiple regions.
You can update the properties of a Region or source. Input can either be directly specified to the API.
",
+ "UpdateDatalakeExceptionsExpiry": "Update the expiration period for the exception message to your preferred time, and control the time-to-live (TTL) for the exception message to remain. Exceptions are stored by default, for a 2 week period of time from when a record was created in Security Lake.
",
+ "UpdateDatalakeExceptionsSubscription": "Update the subscription notification for exception notification.
",
+ "UpdateSubscriber": "Update the subscription permission for the given Security Lake account ID.
",
+ "UpdateSubscriptionNotificationConfiguration": "Create a new subscription notification or add the existing subscription notification setting for the specified subscription ID.
"
+ },
+ "shapes": {
+ "AccessDeniedException": {
+ "base": "You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.
",
+ "refs": {
+ }
+ },
+ "AccessType": {
+ "base": null,
+ "refs": {
+ "AccessTypeList$member": null
+ }
+ },
+ "AccessTypeList": {
+ "base": null,
+ "refs": {
+ "CreateSubscriberRequest$accessTypes": "The Amazon S3 or Lake Formation access type.
",
+ "SubscriberResource$accessTypes": "You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber.
Subscribers can consume data by directly querying Lake Formation tables in your S3 bucket via services like Amazon Athena. This subscription type is defined as LAKEFORMATION.
"
+ }
+ },
+ "AccountList": {
+ "base": null,
+ "refs": {
+ "CreateAwsLogSourceResponse$failed": "List of all accounts in which enabling a natively-supported Amazon Web Services service as a Security Lake failed. The failure occurred as these accounts are not part of an organization.
",
+ "CreateAwsLogSourceResponse$processing": "List of all accounts which are in the process of enabling a natively-supported Amazon Web Services service as a Security Lake.
",
+ "DeleteAwsLogSourceResponse$failed": "Deletion of the Amazon Web Services sources failed as the account is not a part of the organization.
",
+ "DeleteAwsLogSourceResponse$processing": "Deletion of the Amazon Web Services sources is in-progress.
"
+ }
+ },
+ "AccountNotFoundException": {
+ "base": "Amazon Security Lake can't find an Amazon Web Services account with the accountID that you specified, or the account whose credentials you used to make this request isn't a member of an organization.
",
+ "refs": {
+ }
+ },
+ "AccountSources": {
+ "base": "Security Lake can collect logs and events from supported Amazon Web Services services and custom sources.
",
+ "refs": {
+ "AccountSourcesList$member": null
+ }
+ },
+ "AccountSourcesList": {
+ "base": null,
+ "refs": {
+ "GetDatalakeStatusResponse$accountSourcesList": "The list of enabled accounts and enabled sources.
"
+ }
+ },
+ "AllDimensionsMap": {
+ "base": null,
+ "refs": {
+ "CreateAwsLogSourceRequest$enableAllDimensions": "Enables specific sources in all Regions and source types.
",
+ "DeleteAwsLogSourceRequest$disableAllDimensions": "Removes the specific Amazon Web Services sources from all Regions and source types.
",
+ "ListLogSourcesRequest$listAllDimensions": "List the view of log sources for enabled Security Lake accounts in all Regions and source types.
",
+ "RegionSourceTypesAccountsList$member": null
+ }
+ },
+ "AutoEnableNewRegionConfiguration": {
+ "base": "Automatically enable new organization accounts as member accounts from a Security Lake administrator account.
",
+ "refs": {
+ "AutoEnableNewRegionConfigurationList$member": null
+ }
+ },
+ "AutoEnableNewRegionConfigurationList": {
+ "base": null,
+ "refs": {
+ "CreateDatalakeAutoEnableRequest$configurationForNewAccounts": "Enable Amazon Security Lake with the specified configurations settings to begin ingesting security data for new accounts in Security Lake.
",
+ "DeleteDatalakeAutoEnableRequest$removeFromConfigurationForNewAccounts": "Delete Amazon Security Lake with the specified configurations settings to stop ingesting security data for new accounts in Security Lake.
",
+ "GetDatalakeAutoEnableResponse$autoEnableNewAccounts": "The configuration for new accounts.
"
+ }
+ },
+ "AwsAccountId": {
+ "base": null,
+ "refs": {
+ "CreateCustomLogSourceRequest$logProviderAccountId": "The Account ID that will assume the above Role to put logs into the Data Lake.
",
+ "CreateSubscriberRequest$accountId": "The third party Amazon Web Services account ID used to access your data.
",
+ "SubscriberResource$accountId": "The Amazon Web Services account ID of the account that you are using to create your Amazon Security Lake account.
"
+ }
+ },
+ "AwsLogSourceType": {
+ "base": null,
+ "refs": {
+ "AwsSourceTypeList$member": null,
+ "SourceType$awsSourceType": "Amazon Security Lake supports logs and events collection for natively-supported Amazon Web Services services. For more information, see the Amazon Security Lake User Guide.
"
+ }
+ },
+ "AwsSourceTypeList": {
+ "base": null,
+ "refs": {
+ "AutoEnableNewRegionConfiguration$sources": "The Amazon Web Services sources which are auto enabled in Security Lake.
"
+ }
+ },
+ "Boolean": {
+ "base": null,
+ "refs": {
+ "CreateDatalakeRequest$enableAll": "Enable Security Lake in all Regions to begin ingesting security data.
",
+ "CreateSubscriptionNotificationConfigurationRequest$createSqs": "Create a new subscription notification for the specified subscription ID in Security Lake.
",
+ "UpdateSubscriptionNotificationConfigurationRequest$createSqs": "Create a new subscription notification for the specified subscription ID in Security Lake.
"
+ }
+ },
+ "BucketNotFoundException": {
+ "base": "Amazon Security Lake generally returns 404 errors if the requested object is missing from the bucket.
",
+ "refs": {
+ }
+ },
+ "ConcurrentModificationException": {
+ "base": "More than one process tried to modify a resource at the same time.
",
+ "refs": {
+ }
+ },
+ "ConflictException": {
+ "base": "Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
",
+ "refs": {
+ }
+ },
+ "ConflictSourceNamesException": {
+ "base": "There was a conflict when you attempted to modify a Security Lake source name.
",
+ "refs": {
+ }
+ },
+ "ConflictSubscriptionException": {
+ "base": "A conflicting subscription exception operation is in progress.
",
+ "refs": {
+ }
+ },
+ "CreateAwsLogSourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateAwsLogSourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateCustomLogSourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateCustomLogSourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeAutoEnableRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeAutoEnableResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeDelegatedAdminRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeDelegatedAdminResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeExceptionsSubscriptionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeExceptionsSubscriptionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateDatalakeResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSubscriberRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSubscriberRequestSubscriberNameString": {
+ "base": null,
+ "refs": {
+ "CreateSubscriberRequest$subscriberName": "The name of your Amazon Security Lake subscriber account.
"
+ }
+ },
+ "CreateSubscriberResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSubscriptionNotificationConfigurationRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString": {
+ "base": null,
+ "refs": {
+ "CreateSubscriptionNotificationConfigurationRequest$subscriptionEndpoint": "The subscription endpoint in Security Lake.
"
+ }
+ },
+ "CreateSubscriptionNotificationConfigurationResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CustomSourceType": {
+ "base": null,
+ "refs": {
+ "CreateCustomLogSourceRequest$customSourceName": "The custom source name for a third-party custom source.
",
+ "SourceType$customSourceType": "Amazon Security Lake supports custom source types. For the detailed list, see the Amazon Security Lake User Guide.
"
+ }
+ },
+ "DeleteAwsLogSourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteAwsLogSourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteCustomLogSourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteCustomLogSourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeAutoEnableRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeAutoEnableResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeDelegatedAdminRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeDelegatedAdminResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeExceptionsSubscriptionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeExceptionsSubscriptionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteDatalakeResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSubscriberRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSubscriberResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSubscriptionNotificationConfigurationRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSubscriptionNotificationConfigurationResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Dimension": {
+ "base": null,
+ "refs": {
+ "DimensionSet$member": null
+ }
+ },
+ "DimensionSet": {
+ "base": null,
+ "refs": {
+ "CreateAwsLogSourceRequest$inputOrder": "Specifies the input order to enable dimensions in Security Lake, namely region, source type, and member account.
",
+ "DeleteAwsLogSourceRequest$inputOrder": "This is a mandatory input. Specifies the input order to disable dimensions in Security Lake, namely Region, source type, and member.
",
+ "ListLogSourcesRequest$inputOrder": "Lists the log sources in input order, namely Region, source type, and member account.
"
+ }
+ },
+ "EndpointProtocol": {
+ "base": null,
+ "refs": {
+ "SubscriberResource$subscriptionProtocol": "The subscription protocol to which exception messages are posted.
"
+ }
+ },
+ "EventBridgeException": {
+ "base": "Represents an error interacting with the Amazon EventBridge service.
",
+ "refs": {
+ }
+ },
+ "Failures": {
+ "base": "List of all failures.
",
+ "refs": {
+ "Failureslist$member": null
+ }
+ },
+ "FailuresResponse": {
+ "base": "Response element for actions which make changes namely create, update, or delete actions.
",
+ "refs": {
+ "FailuresResponseList$member": null
+ }
+ },
+ "FailuresResponseList": {
+ "base": null,
+ "refs": {
+ "ListDatalakeExceptionsResponse$nonRetryableFailures": "Lists the non-retryable failures in the current region.
"
+ }
+ },
+ "Failureslist": {
+ "base": null,
+ "refs": {
+ "FailuresResponse$failures": "List of all failures.
"
+ }
+ },
+ "GetDatalakeAutoEnableRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeAutoEnableResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeExceptionsExpiryRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeExceptionsExpiryResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeExceptionsSubscriptionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeExceptionsSubscriptionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeStatusRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetDatalakeStatusResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetSubscriberRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetSubscriberResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "HttpsMethod": {
+ "base": null,
+ "refs": {
+ "CreateSubscriptionNotificationConfigurationRequest$httpsMethod": "The HTTPS method used for the subscription notification.
",
+ "UpdateSubscriptionNotificationConfigurationRequest$httpsMethod": "The HTTPS method used for the subscription notification.
"
+ }
+ },
+ "InputSet": {
+ "base": null,
+ "refs": {
+ "CreateAwsLogSourceRequest$enableSingleDimension": "Enables all sources in specific accounts or Regions.
",
+ "DeleteAwsLogSourceRequest$disableSingleDimension": "Removes all Amazon Web Services sources from specific accounts or Regions.
",
+ "GetDatalakeStatusRequest$accountSet": "The account IDs for which a static snapshot of the current Region, including enabled accounts and log sources is retrieved.
",
+ "ListLogSourcesRequest$listSingleDimension": "List the view of log sources for enabled Security Lake accounts for the entire region.
"
+ }
+ },
+ "Integer": {
+ "base": null,
+ "refs": {
+ "GetDatalakeStatusRequest$maxAccountResults": "The maximum limit of accounts for which the static snapshot of the current Region including enabled accounts and log sources is retrieved.
",
+ "InternalServerException$retryAfterSeconds": "Retry the request after the specified time.
",
+ "ListDatalakeExceptionsRequest$maxFailures": "List the maximum number of failures in Security Lake.
",
+ "ListLogSourcesRequest$maxResults": "The maximum number of accounts for which the configuration is displayed.
",
+ "ListSubscribersRequest$maxResults": "The maximum number of accounts for which the configuration is displayed.
",
+ "ThrottlingException$retryAfterSeconds": "Retry the request after the specified time.
"
+ }
+ },
+ "InternalServerException": {
+ "base": "Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.
",
+ "refs": {
+ }
+ },
+ "InvalidInputException": {
+ "base": "The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
",
+ "refs": {
+ }
+ },
+ "LakeConfigurationRequest": {
+ "base": "Provides details of lake configuration object in Amazon Security Lake.
",
+ "refs": {
+ "LakeConfigurationRequestMap$value": null
+ }
+ },
+ "LakeConfigurationRequestMap": {
+ "base": null,
+ "refs": {
+ "CreateDatalakeRequest$configurations": "Enable Security Lake with the specified configurations settings to begin ingesting security data.
",
+ "UpdateDatalakeRequest$configurations": "The configuration object
"
+ }
+ },
+ "LakeConfigurationResponse": {
+ "base": "Provides details of lake configuration object in Amazon Security Lake.
",
+ "refs": {
+ "LakeConfigurationResponseMap$value": null
+ }
+ },
+ "LakeConfigurationResponseMap": {
+ "base": null,
+ "refs": {
+ "GetDatalakeResponse$configurations": "Retrieves the Security Lake configuration object.
"
+ }
+ },
+ "ListDatalakeExceptionsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListDatalakeExceptionsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListLogSourcesRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListLogSourcesResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSubscribersRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSubscribersResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "LogsStatus": {
+ "base": "Log status for the Security Lake account.
",
+ "refs": {
+ "LogsStatusList$member": null
+ }
+ },
+ "LogsStatusList": {
+ "base": null,
+ "refs": {
+ "AccountSources$logsStatus": "Log status for the Security Lake account.
"
+ }
+ },
+ "Long": {
+ "base": null,
+ "refs": {
+ "GetDatalakeExceptionsExpiryResponse$exceptionMessageExpiry": "The expiration period and time-to-live (TTL).
"
+ }
+ },
+ "OcsfEventClass": {
+ "base": null,
+ "refs": {
+ "AccountSources$eventClass": "Initializes a new instance of the Event class.
",
+ "CreateCustomLogSourceRequest$eventClass": "The Open Cybersecurity Schema Framework (OCSF) event class.
"
+ }
+ },
+ "ProtocolAndNotificationEndpoint": {
+ "base": "Notifications in Security Lake which dictates how notifications are posted at the endpoint.
",
+ "refs": {
+ "GetDatalakeExceptionsSubscriptionResponse$protocolAndNotificationEndpoint": "Retrieves the exception notification subscription information.
"
+ }
+ },
+ "Region": {
+ "base": null,
+ "refs": {
+ "AutoEnableNewRegionConfiguration$region": "The Regions where Security Lake is auto enabled
",
+ "LakeConfigurationRequestMap$key": null,
+ "LakeConfigurationResponseMap$key": null,
+ "RegionSet$member": null
+ }
+ },
+ "RegionSet": {
+ "base": null,
+ "refs": {
+ "CreateDatalakeRequest$regions": "Enable Security Lake in the specified Regions to begin ingesting security data. To enable Security Lake in specific Amazon Web Services Regions, such as us-east-1 or ap-northeast-3, provide the Region codes. For a list of Region codes, see Region codes in the Amazon Web Services General Reference.
",
+ "LakeConfigurationRequest$replicationDestinationRegions": "Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same Amazon Web Services account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Amazon Web Services Regions or within the same Region as the source bucket.
Set up one or more rollup Regions by providing the Region or Regions that should contribute to the central rollup Region.
",
+ "LakeConfigurationResponse$replicationDestinationRegions": "Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Amazon Web Services Regions or within the same Region as the source bucket.
Set up one or more rollup Regions by providing the Region or Regions that should contribute to the central rollup Region.
",
+ "ListDatalakeExceptionsRequest$regionSet": "List the regions from which exceptions are retrieved.
"
+ }
+ },
+ "RegionSourceTypesAccountsList": {
+ "base": null,
+ "refs": {
+ "ListLogSourcesResponse$regionSourceTypesAccountsList": "Lists the log sources in the Regions for enabled Security Lake accounts.
"
+ }
+ },
+ "ResourceNotFoundException": {
+ "base": "The resource could not be found.
",
+ "refs": {
+ }
+ },
+ "RetentionSetting": {
+ "base": "Retention settings for the destination Amazon S3 buckets in Security Lake.
",
+ "refs": {
+ "RetentionSettingList$member": null
+ }
+ },
+ "RetentionSettingList": {
+ "base": null,
+ "refs": {
+ "LakeConfigurationRequest$retentionSettings": "Retention settings for the destination Amazon S3 buckets.
",
+ "LakeConfigurationResponse$retentionSettings": "Retention settings for the destination Amazon S3 buckets.
"
+ }
+ },
+ "RetentionSettingRetentionPeriodInteger": {
+ "base": null,
+ "refs": {
+ "RetentionSetting$retentionPeriod": "The retention period specifies a fixed period of time during which the Security Lake object remains locked. You can specify the retention period for one or more source in days.
"
+ }
+ },
+ "RoleArn": {
+ "base": null,
+ "refs": {
+ "CreateCustomLogSourceRequest$glueInvocationRoleArn": "The IAM Role ARN to be used by the Glue Crawler. The recommended IAM policies are:
",
+ "CreateDatalakeRequest$metaStoreManagerRoleArn": "The Role ARN used to create and update the Glue table with partitions generated by ingestion and normalization of Amazon Web Services log sources and custom sources.
",
+ "CreateSubscriberResponse$roleArn": "The Amazon Resource Name (ARN) created by the user to provide to the subscriber. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.
",
+ "CreateSubscriptionNotificationConfigurationRequest$roleArn": "The Amazon Resource Name (ARN) specifying the role of the subscriber.
",
+ "LakeConfigurationRequest$replicationRoleArn": "Replication settings for the Amazon S3 buckets. This parameter uses the IAM role created by you that is managed by Security Lake, to ensure the replication setting is correct.
",
+ "LakeConfigurationResponse$replicationRoleArn": "Replication settings for the Amazon S3 buckets. This parameter uses the IAM role created by you that is managed by Security Lake, to ensure the replication setting is correct.
",
+ "SubscriberResource$roleArn": "The Amazon Resource Name (ARN) specifying the role of the subscriber.
",
+ "UpdateSubscriptionNotificationConfigurationRequest$roleArn": "The Amazon Resource Name (ARN) specifying the role of the subscriber.
"
+ }
+ },
+ "S3BucketArn": {
+ "base": null,
+ "refs": {
+ "CreateSubscriberResponse$s3BucketArn": "The Amazon Resource Name (ARN) for the Amazon S3 bucket.
",
+ "LakeConfigurationResponse$s3BucketArn": "Amazon Resource Names (ARNs) uniquely identify Amazon Web Services resources. Security Lake requires an ARN when you need to specify a resource unambiguously across all of Amazon Web Services, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.
",
+ "SubscriberResource$s3BucketArn": "The Amazon Resource Name (ARN) for the Amazon S3 bucket.
"
+ }
+ },
+ "S3Exception": {
+ "base": "Provides an extension of the AmazonServiceException for errors reported by Amazon S3 while processing a request. In particular, this class provides access to Amazon S3's extended request ID. This ID is required debugging information in the case the user needs to contact Amazon about an issue where Amazon S3 is incorrectly handling a request.
",
+ "refs": {
+ }
+ },
+ "SafeString": {
+ "base": null,
+ "refs": {
+ "CreateDatalakeDelegatedAdminRequest$account": "Account ID of the Security Lake delegated administrator.
",
+ "CreateDatalakeExceptionsSubscriptionRequest$notificationEndpoint": "The account in which the exception notifications subscription is created.
",
+ "CreateSubscriberRequest$externalId": "The external ID of the subscriber. External ID allows the user that is assuming the role to assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances.
",
+ "CreateSubscriberRequest$subscriberDescription": "The subscriber descriptions for the subscriber account in Amazon Security Lake.
",
+ "CreateSubscriptionNotificationConfigurationResponse$queueArn": "Returns the Amazon resource name (ARN) of the queue.
",
+ "DeleteDatalakeDelegatedAdminRequest$account": "Account ID the Security Lake delegated administrator.
",
+ "DeleteDatalakeExceptionsSubscriptionResponse$status": "Retrieves the status of the delete Security Lake operation for an account.
",
+ "Failures$exceptionMessage": "List of all exception messages.
",
+ "Failures$remediation": "List of all remediation steps for failures.
",
+ "FailuresResponse$region": "List of Regions where the failure occurred.
",
+ "GetDatalakeStatusRequest$nextToken": "If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
",
+ "GetDatalakeStatusResponse$nextToken": "If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
",
+ "InputSet$member": null,
+ "ListDatalakeExceptionsRequest$nextToken": "List if there are more results available. if nextToken is returned, You can make the call again using the returned token to retrieve the next page
",
+ "ListDatalakeExceptionsResponse$nextToken": "List if there are more results available. if nextToken is returned, You can make the call again using the returned token to retrieve the next page
",
+ "ListLogSourcesRequest$nextToken": "If nextToken is returned, there are more results available. You can make the call again using the returned token to retrieve the next page.
",
+ "ListSubscribersRequest$nextToken": "If nextToken is returned, there are more results available. You can make the call again using the returned token to retrieve the next page.
",
+ "ListSubscribersResponse$nextToken": "If nextToken is returned, there are more results available. You can make the call again using the returned token to retrieve the next page.
",
+ "ProtocolAndNotificationEndpoint$endpoint": "The account which is subscribed to receive exception notifications.
",
+ "ProtocolAndNotificationEndpoint$protocol": "The protocol to which notification messages are posted.
",
+ "SubscriberResource$externalId": "The external ID of the subscriber. External ID allows the user that is assuming the role to assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances.
",
+ "SubscriberResource$subscriberDescription": "The subscriber descriptions for a subscriber account. The description for a subscriber includes subscriberName, accountID, externalID, and subscriptionId.
",
+ "SubscriberResource$subscriberName": "The name of your Amazon Security Lake subscriber account.
",
+ "UpdateDatalakeExceptionsSubscriptionRequest$notificationEndpoint": "The account which is subscribed to receive exception notifications.
",
+ "UpdateSubscriberRequest$externalId": "External ID of the Security Lake account.
",
+ "UpdateSubscriberRequest$subscriberDescription": "Description of the Security Lake account subscriber.
",
+ "UpdateSubscriptionNotificationConfigurationResponse$queueArn": "Returns the Amazon resource name (ARN) of the queue.
"
+ }
+ },
+ "ServiceQuotaExceededException": {
+ "base": "You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
",
+ "refs": {
+ }
+ },
+ "SnsTopicArn": {
+ "base": null,
+ "refs": {
+ "CreateSubscriberResponse$snsArn": "The Amazon Resource Name (ARN) for the Amazon Simple Notification Service.
",
+ "SubscriberResource$snsArn": "The Amazon Resource Name (ARN) for the Amazon Simple Notification Service.
"
+ }
+ },
+ "SourceStatus": {
+ "base": null,
+ "refs": {
+ "LogsStatus$healthStatus": "Health status of services including error codes and patterns.
"
+ }
+ },
+ "SourceType": {
+ "base": "The supported source types from which logs and events are collected in Amazon Security Lake.
",
+ "refs": {
+ "SourceTypeList$member": null
+ }
+ },
+ "SourceTypeList": {
+ "base": null,
+ "refs": {
+ "CreateSubscriberRequest$sourceTypes": "The supported Amazon Web Services services from which logs and events are collected. Amazon Security Lake supports logs and events collection for natively-supported Amazon Web Services services.
",
+ "SubscriberResource$sourceTypes": "Amazon Security Lake supports logs and events collection for the natively-supported Amazon Web Services services. For more information, see the Amazon Security Lake User Guide.
",
+ "UpdateSubscriberRequest$sourceTypes": "The supported Amazon Web Services services from which logs and events are collected. Amazon Security Lake supports logs and events collection for the following natively-supported Amazon Web Services services. For more information, see the Amazon Security Lake User Guide.
"
+ }
+ },
+ "StorageClass": {
+ "base": null,
+ "refs": {
+ "RetentionSetting$storageClass": "The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
"
+ }
+ },
+ "String": {
+ "base": null,
+ "refs": {
+ "AccessDeniedException$message": null,
+ "AccountList$member": null,
+ "AccountNotFoundException$message": null,
+ "AccountSources$account": "Account ID of the Security Lake account for which logs are collected.
",
+ "AccountSources$sourceType": "The supported Amazon Web Services services from which logs and events are collected. Amazon Security Lake supports logs and events collection for natively-supported Amazon Web Services services. For more information, see the Amazon Security Lake User Guide.
",
+ "AllDimensionsMap$key": null,
+ "BucketNotFoundException$message": null,
+ "ConcurrentModificationException$message": null,
+ "ConflictException$message": null,
+ "ConflictException$resourceId": "A conflict occurred when prompting for the Resource ID.
",
+ "ConflictException$resourceType": "The resource type.
",
+ "ConflictSourceNamesException$message": null,
+ "ConflictSubscriptionException$message": null,
+ "CreateCustomLogSourceResponse$customDataLocation": "The location of the partition in the Security Lake S3 bucket.
",
+ "CreateCustomLogSourceResponse$glueCrawlerName": "The name of the Glue crawler.
",
+ "CreateCustomLogSourceResponse$glueDatabaseName": "The Glue database where results are written, such as: arn:aws:daylight:us-east-1::database/sometable/*.
",
+ "CreateCustomLogSourceResponse$glueTableName": "The table name of the Glue crawler.
",
+ "CreateCustomLogSourceResponse$logProviderAccessRoleArn": " IAM Role ARN to be used by the entity putting logs into your Custom Source partition. Security Lake will apply the correct access policies to this Role, but this Role must have the trust policy created manually. This Role's name must start with the text 'Security Lake'. It must trust the logProviderAccountId to assume it.
",
+ "CreateSubscriptionNotificationConfigurationRequest$httpsApiKeyName": "The key name for the subscription notification.
",
+ "CreateSubscriptionNotificationConfigurationRequest$httpsApiKeyValue": "The key value for the subscription notification.
",
+ "DeleteCustomLogSourceRequest$customSourceName": "The custom source name for the custome log source.
",
+ "DeleteCustomLogSourceResponse$customDataLocation": "The location of the partition in the Security Lake S3 bucket.
",
+ "DeleteSubscriberRequest$id": "A value created by Security Lake that uniquely identifies your DeleteSubscriber API request.
",
+ "EventBridgeException$message": null,
+ "GetSubscriberRequest$id": "A value created by Security Lake that uniquely identifies your GetSubscriber API request.
",
+ "InternalServerException$message": null,
+ "InvalidInputException$message": null,
+ "LakeConfigurationRequest$encryptionKey": "The type of encryption key used by Security Lake to encrypt the lake configuration object.
",
+ "LakeConfigurationResponse$encryptionKey": "The type of encryption key used by Security Lake to encrypt the lake configuration
",
+ "ListLogSourcesResponse$nextToken": "If nextToken is returned, there are more results available. You can make the call again using the returned token to retrieve the next page.
",
+ "LogsStatus$pathToLogs": "Defines path the stored logs are available which has information on your systems, applications, and services.
",
+ "ResourceNotFoundException$message": null,
+ "ResourceNotFoundException$resourceId": "The ID of the resource for which the type of resource could not be found.
",
+ "ResourceNotFoundException$resourceType": "The type of the resource that could not be found.
",
+ "S3Exception$message": null,
+ "ServiceQuotaExceededException$message": null,
+ "ServiceQuotaExceededException$quotaCode": "That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
",
+ "ServiceQuotaExceededException$resourceId": "The ID of the resource that exceeds the service quota.
",
+ "ServiceQuotaExceededException$resourceType": "The type of the resource that exceeds the service quota.
",
+ "ServiceQuotaExceededException$serviceCode": "The code for the service in Service Quotas.
",
+ "SubscriberResource$subscriptionEndpoint": "The subscription endpoint to which exception messages are posted.
",
+ "TagsMap$key": null,
+ "TagsMap$value": null,
+ "ThrottlingException$message": null,
+ "ThrottlingException$quotaCode": "That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
",
+ "ThrottlingException$serviceCode": "The code for the service in Service Quotas.
",
+ "TwoDimensionsMap$key": null,
+ "UpdateSubscriberRequest$id": "A value created by Security Lake that uniquely identifies your UpdateSubscriber API request.
",
+ "UpdateSubscriptionNotificationConfigurationRequest$httpsApiKeyName": "The key name for the subscription notification.
",
+ "UpdateSubscriptionNotificationConfigurationRequest$httpsApiKeyValue": "The key value for the subscription notification.
",
+ "ValidationException$message": null,
+ "ValidationExceptionField$message": "Describes the error encountered.
",
+ "ValidationExceptionField$name": "Name of the validation exception.
",
+ "ValueSet$member": null
+ }
+ },
+ "SubscriberList": {
+ "base": null,
+ "refs": {
+ "ListSubscribersResponse$subscribers": "The subscribers available in the specified Security Lake account ID.
"
+ }
+ },
+ "SubscriberResource": {
+ "base": "Provides details of the Amazon Security Lake account subscription. Subscribers are notified of new objects for a source as the data is written to your Amazon Security Lake S3 bucket.
",
+ "refs": {
+ "GetSubscriberResponse$subscriber": "Subscription information for the specified subscription ID
",
+ "SubscriberList$member": null,
+ "UpdateSubscriberResponse$subscriber": "The account subscriber in Amazon Security Lake.
"
+ }
+ },
+ "SubscriptionProtocolType": {
+ "base": null,
+ "refs": {
+ "CreateDatalakeExceptionsSubscriptionRequest$subscriptionProtocol": "The subscription protocol to which exception messages are posted.
",
+ "UpdateDatalakeExceptionsSubscriptionRequest$subscriptionProtocol": "The subscription protocol to which exception messages are posted.
"
+ }
+ },
+ "SubscriptionStatus": {
+ "base": null,
+ "refs": {
+ "SubscriberResource$subscriptionStatus": "Subscription status of the Amazon Security Lake subscriber account.
"
+ }
+ },
+ "SyntheticTimestamp_date_time": {
+ "base": null,
+ "refs": {
+ "Failures$timestamp": "This error can occur if you configure the wrong timestamp format, or if the subset of entries used for validation had errors or missing values.
",
+ "SubscriberResource$createdAt": "The date and time when the subscription was created.
",
+ "SubscriberResource$updatedAt": "The date and time when the subscription was created.
"
+ }
+ },
+ "TagsMap": {
+ "base": null,
+ "refs": {
+ "LakeConfigurationRequest$tagsMap": "A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an optional value, both of which you define.
",
+ "LakeConfigurationResponse$tagsMap": "A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an optional value, both of which you define.
"
+ }
+ },
+ "ThrottlingException": {
+ "base": "The limit on the number of requests per second was exceeded.
",
+ "refs": {
+ }
+ },
+ "TwoDimensionsMap": {
+ "base": null,
+ "refs": {
+ "AllDimensionsMap$value": null,
+ "CreateAwsLogSourceRequest$enableTwoDimensions": "Enables specific service sources in specific accounts or Regions.
",
+ "DeleteAwsLogSourceRequest$disableTwoDimensions": "Remove a specific Amazon Web Services source from specific accounts or Regions.
",
+ "ListLogSourcesRequest$listTwoDimensions": "Lists the log sources for the specified source types in enabled Security Lake accounts for the entire Region, for selected member accounts.
"
+ }
+ },
+ "UUID": {
+ "base": null,
+ "refs": {
+ "CreateSubscriberResponse$subscriptionId": "The subscriptionId that was created by the CreateSubscriber API call.
",
+ "CreateSubscriptionNotificationConfigurationRequest$subscriptionId": "The subscription ID for which the subscription notification is specified.
",
+ "DeleteSubscriptionNotificationConfigurationRequest$subscriptionId": "The subscription ID of the Amazon Security Lake subscriber account.
",
+ "SubscriberResource$subscriptionId": "The subscription ID of the Amazon Security Lake subscriber account.
",
+ "UpdateSubscriptionNotificationConfigurationRequest$subscriptionId": "The subscription ID for which the subscription notification is specified.
"
+ }
+ },
+ "UpdateDatalakeExceptionsExpiryRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateDatalakeExceptionsExpiryRequestExceptionMessageExpiryLong": {
+ "base": null,
+ "refs": {
+ "UpdateDatalakeExceptionsExpiryRequest$exceptionMessageExpiry": "The time-to-live (TTL) for the exception message to remain.
"
+ }
+ },
+ "UpdateDatalakeExceptionsExpiryResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateDatalakeExceptionsSubscriptionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateDatalakeExceptionsSubscriptionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateDatalakeRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateDatalakeResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSubscriberRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSubscriberRequestSubscriberNameString": {
+ "base": null,
+ "refs": {
+ "UpdateSubscriberRequest$subscriberName": "Name of the Security Lake account subscriber.
"
+ }
+ },
+ "UpdateSubscriberResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSubscriptionNotificationConfigurationRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UpdateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString": {
+ "base": null,
+ "refs": {
+ "UpdateSubscriptionNotificationConfigurationRequest$subscriptionEndpoint": "The subscription endpoint in Security Lake.
"
+ }
+ },
+ "UpdateSubscriptionNotificationConfigurationResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ValidationException": {
+ "base": "Your signing certificate could not be validated.
",
+ "refs": {
+ }
+ },
+ "ValidationExceptionField": {
+ "base": "The input fails to meet the constraints specified in Amazon Security Lake
",
+ "refs": {
+ "ValidationExceptionFieldList$member": null
+ }
+ },
+ "ValidationExceptionFieldList": {
+ "base": null,
+ "refs": {
+ "ValidationException$fieldList": "The list of parameters that failed to validate.
"
+ }
+ },
+ "ValidationExceptionReason": {
+ "base": null,
+ "refs": {
+ "ValidationException$reason": "The reason for the validation exception.
"
+ }
+ },
+ "ValueSet": {
+ "base": null,
+ "refs": {
+ "TwoDimensionsMap$value": null
+ }
+ },
+ "settingsStatus": {
+ "base": null,
+ "refs": {
+ "LakeConfigurationResponse$status": "Retrieves the status of the configuration operation for an account in Amazon Security Lake.
"
+ }
+ }
+ }
+}
diff --git a/models/apis/securitylake/2018-05-10/endpoint-rule-set-1.json b/models/apis/securitylake/2018-05-10/endpoint-rule-set-1.json
new file mode 100644
index 0000000000..14d2d67cf1
--- /dev/null
+++ b/models/apis/securitylake/2018-05-10/endpoint-rule-set-1.json
@@ -0,0 +1,309 @@
+{
+ "version": "1.0",
+ "parameters": {
+ "Region": {
+ "builtIn": "AWS::Region",
+ "required": true,
+ "documentation": "The AWS region used to dispatch the request.",
+ "type": "String"
+ },
+ "UseDualStack": {
+ "builtIn": "AWS::UseDualStack",
+ "required": true,
+ "default": false,
+ "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
+ "type": "Boolean"
+ },
+ "UseFIPS": {
+ "builtIn": "AWS::UseFIPS",
+ "required": true,
+ "default": false,
+ "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
+ "type": "Boolean"
+ },
+ "Endpoint": {
+ "builtIn": "SDK::Endpoint",
+ "required": false,
+ "documentation": "Override the endpoint used to send this request",
+ "type": "String"
+ }
+ },
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ },
+ {
+ "fn": "parseURL",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ],
+ "assign": "url"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://securitylake-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://securitylake-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://securitylake.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://securitylake.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/models/apis/securitylake/2018-05-10/endpoint-tests-1.json b/models/apis/securitylake/2018-05-10/endpoint-tests-1.json
new file mode 100644
index 0000000000..44e4b725ce
--- /dev/null
+++ b/models/apis/securitylake/2018-05-10/endpoint-tests-1.json
@@ -0,0 +1,295 @@
+{
+ "testCases": [
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://securitylake.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips enabled and dualstack disabled",
+ "expect": {
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack enabled",
+ "expect": {
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ }
+ ],
+ "version": "1.0"
+}
\ No newline at end of file
diff --git a/models/apis/securitylake/2018-05-10/examples-1.json b/models/apis/securitylake/2018-05-10/examples-1.json
new file mode 100644
index 0000000000..0ea7e3b0bb
--- /dev/null
+++ b/models/apis/securitylake/2018-05-10/examples-1.json
@@ -0,0 +1,5 @@
+{
+ "version": "1.0",
+ "examples": {
+ }
+}
diff --git a/models/apis/securitylake/2018-05-10/paginators-1.json b/models/apis/securitylake/2018-05-10/paginators-1.json
new file mode 100644
index 0000000000..4720717302
--- /dev/null
+++ b/models/apis/securitylake/2018-05-10/paginators-1.json
@@ -0,0 +1,28 @@
+{
+ "pagination": {
+ "GetDatalakeStatus": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxAccountResults",
+ "result_key": "accountSourcesList"
+ },
+ "ListDatalakeExceptions": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxFailures",
+ "result_key": "nonRetryableFailures"
+ },
+ "ListLogSources": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "regionSourceTypesAccountsList"
+ },
+ "ListSubscribers": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "subscribers"
+ }
+ }
+}
diff --git a/models/apis/simspaceweaver/2022-10-28/api-2.json b/models/apis/simspaceweaver/2022-10-28/api-2.json
new file mode 100644
index 0000000000..9074d29b48
--- /dev/null
+++ b/models/apis/simspaceweaver/2022-10-28/api-2.json
@@ -0,0 +1,955 @@
+{
+ "version":"2.0",
+ "metadata":{
+ "apiVersion":"2022-10-28",
+ "endpointPrefix":"simspaceweaver",
+ "jsonVersion":"1.1",
+ "protocol":"rest-json",
+ "serviceFullName":"AWS SimSpace Weaver",
+ "serviceId":"SimSpaceWeaver",
+ "signatureVersion":"v4",
+ "signingName":"simspaceweaver",
+ "uid":"simspaceweaver-2022-10-28"
+ },
+ "operations":{
+ "DeleteApp":{
+ "name":"DeleteApp",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/deleteapp",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteAppInput"},
+ "output":{"shape":"DeleteAppOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictException"}
+ ],
+ "idempotent":true
+ },
+ "DeleteSimulation":{
+ "name":"DeleteSimulation",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/deletesimulation",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteSimulationInput"},
+ "output":{"shape":"DeleteSimulationOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictException"}
+ ],
+ "idempotent":true
+ },
+ "DescribeApp":{
+ "name":"DescribeApp",
+ "http":{
+ "method":"GET",
+ "requestUri":"/describeapp",
+ "responseCode":200
+ },
+ "input":{"shape":"DescribeAppInput"},
+ "output":{"shape":"DescribeAppOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"}
+ ]
+ },
+ "DescribeSimulation":{
+ "name":"DescribeSimulation",
+ "http":{
+ "method":"GET",
+ "requestUri":"/describesimulation",
+ "responseCode":200
+ },
+ "input":{"shape":"DescribeSimulationInput"},
+ "output":{"shape":"DescribeSimulationOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"}
+ ]
+ },
+ "ListApps":{
+ "name":"ListApps",
+ "http":{
+ "method":"GET",
+ "requestUri":"/listapps",
+ "responseCode":200
+ },
+ "input":{"shape":"ListAppsInput"},
+ "output":{"shape":"ListAppsOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"}
+ ]
+ },
+ "ListSimulations":{
+ "name":"ListSimulations",
+ "http":{
+ "method":"GET",
+ "requestUri":"/listsimulations",
+ "responseCode":200
+ },
+ "input":{"shape":"ListSimulationsInput"},
+ "output":{"shape":"ListSimulationsOutput"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"}
+ ]
+ },
+ "ListTagsForResource":{
+ "name":"ListTagsForResource",
+ "http":{
+ "method":"GET",
+ "requestUri":"/tags/{ResourceArn}",
+ "responseCode":200
+ },
+ "input":{"shape":"ListTagsForResourceInput"},
+ "output":{"shape":"ListTagsForResourceOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"ValidationException"}
+ ]
+ },
+ "StartApp":{
+ "name":"StartApp",
+ "http":{
+ "method":"POST",
+ "requestUri":"/startapp",
+ "responseCode":200
+ },
+ "input":{"shape":"StartAppInput"},
+ "output":{"shape":"StartAppOutput"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ServiceQuotaExceededException"},
+ {"shape":"ConflictException"}
+ ]
+ },
+ "StartClock":{
+ "name":"StartClock",
+ "http":{
+ "method":"POST",
+ "requestUri":"/startclock",
+ "responseCode":200
+ },
+ "input":{"shape":"StartClockInput"},
+ "output":{"shape":"StartClockOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictException"}
+ ]
+ },
+ "StartSimulation":{
+ "name":"StartSimulation",
+ "http":{
+ "method":"POST",
+ "requestUri":"/startsimulation",
+ "responseCode":200
+ },
+ "input":{"shape":"StartSimulationInput"},
+ "output":{"shape":"StartSimulationOutput"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ServiceQuotaExceededException"},
+ {"shape":"ConflictException"}
+ ]
+ },
+ "StopApp":{
+ "name":"StopApp",
+ "http":{
+ "method":"POST",
+ "requestUri":"/stopapp",
+ "responseCode":200
+ },
+ "input":{"shape":"StopAppInput"},
+ "output":{"shape":"StopAppOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictException"}
+ ]
+ },
+ "StopClock":{
+ "name":"StopClock",
+ "http":{
+ "method":"POST",
+ "requestUri":"/stopclock",
+ "responseCode":200
+ },
+ "input":{"shape":"StopClockInput"},
+ "output":{"shape":"StopClockOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictException"}
+ ]
+ },
+ "StopSimulation":{
+ "name":"StopSimulation",
+ "http":{
+ "method":"POST",
+ "requestUri":"/stopsimulation",
+ "responseCode":200
+ },
+ "input":{"shape":"StopSimulationInput"},
+ "output":{"shape":"StopSimulationOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictException"}
+ ]
+ },
+ "TagResource":{
+ "name":"TagResource",
+ "http":{
+ "method":"POST",
+ "requestUri":"/tags/{ResourceArn}",
+ "responseCode":200
+ },
+ "input":{"shape":"TagResourceInput"},
+ "output":{"shape":"TagResourceOutput"},
+ "errors":[
+ {"shape":"TooManyTagsException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"ValidationException"}
+ ]
+ },
+ "UntagResource":{
+ "name":"UntagResource",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/tags/{ResourceArn}",
+ "responseCode":200
+ },
+ "input":{"shape":"UntagResourceInput"},
+ "output":{"shape":"UntagResourceOutput"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"ValidationException"}
+ ]
+ }
+ },
+ "shapes":{
+ "AccessDeniedException":{
+ "type":"structure",
+ "members":{
+ "Message":{"shape":"NonEmptyString"}
+ },
+ "error":{
+ "httpStatusCode":403,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "AppPortMappings":{
+ "type":"list",
+ "member":{"shape":"SimulationAppPortMapping"}
+ },
+ "BucketName":{
+ "type":"string",
+ "max":63,
+ "min":3
+ },
+ "ClientToken":{
+ "type":"string",
+ "max":128,
+ "min":32,
+ "pattern":"^[a-zA-Z0-9-]+$",
+ "sensitive":true
+ },
+ "ClockStatus":{
+ "type":"string",
+ "enum":[
+ "UNKNOWN",
+ "STARTING",
+ "STARTED",
+ "STOPPING",
+ "STOPPED"
+ ]
+ },
+ "ClockTargetStatus":{
+ "type":"string",
+ "enum":[
+ "UNKNOWN",
+ "STARTED",
+ "STOPPED"
+ ]
+ },
+ "CloudWatchLogsLogGroup":{
+ "type":"structure",
+ "members":{
+ "LogGroupArn":{"shape":"LogGroupArn"}
+ }
+ },
+ "ConflictException":{
+ "type":"structure",
+ "members":{
+ "Message":{"shape":"NonEmptyString"}
+ },
+ "error":{
+ "httpStatusCode":409,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "DeleteAppInput":{
+ "type":"structure",
+ "required":[
+ "App",
+ "Domain",
+ "Simulation"
+ ],
+ "members":{
+ "App":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"app"
+ },
+ "Domain":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"domain"
+ },
+ "Simulation":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"simulation"
+ }
+ }
+ },
+ "DeleteAppOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DeleteSimulationInput":{
+ "type":"structure",
+ "required":["Simulation"],
+ "members":{
+ "Simulation":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"simulation"
+ }
+ }
+ },
+ "DeleteSimulationOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "DescribeAppInput":{
+ "type":"structure",
+ "required":[
+ "App",
+ "Domain",
+ "Simulation"
+ ],
+ "members":{
+ "App":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"app"
+ },
+ "Domain":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"domain"
+ },
+ "Simulation":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"simulation"
+ }
+ }
+ },
+ "DescribeAppOutput":{
+ "type":"structure",
+ "members":{
+ "Description":{"shape":"Description"},
+ "Domain":{"shape":"SimSpaceWeaverResourceName"},
+ "EndpointInfo":{"shape":"SimulationAppEndpointInfo"},
+ "LaunchOverrides":{"shape":"LaunchOverrides"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"},
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"},
+ "Status":{"shape":"SimulationAppStatus"},
+ "TargetStatus":{"shape":"SimulationAppTargetStatus"}
+ }
+ },
+ "DescribeSimulationInput":{
+ "type":"structure",
+ "required":["Simulation"],
+ "members":{
+ "Simulation":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"simulation"
+ }
+ }
+ },
+ "DescribeSimulationOutput":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"SimSpaceWeaverArn"},
+ "CreationTime":{"shape":"Timestamp"},
+ "Description":{"shape":"Description"},
+ "ExecutionId":{"shape":"UUID"},
+ "LiveSimulationState":{"shape":"LiveSimulationState"},
+ "LoggingConfiguration":{"shape":"LoggingConfiguration"},
+ "MaximumDuration":{"shape":"TimeToLiveString"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"},
+ "RoleArn":{"shape":"RoleArn"},
+ "SchemaError":{"shape":"OptionalString"},
+ "SchemaS3Location":{"shape":"S3Location"},
+ "Status":{"shape":"SimulationStatus"},
+ "TargetStatus":{"shape":"SimulationTargetStatus"}
+ }
+ },
+ "Description":{
+ "type":"string",
+ "max":500,
+ "min":0
+ },
+ "Domain":{
+ "type":"structure",
+ "members":{
+ "Lifecycle":{"shape":"LifecycleManagementStrategy"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"}
+ }
+ },
+ "DomainList":{
+ "type":"list",
+ "member":{"shape":"Domain"}
+ },
+ "InternalServerException":{
+ "type":"structure",
+ "members":{
+ "Message":{"shape":"NonEmptyString"}
+ },
+ "error":{"httpStatusCode":500},
+ "exception":true,
+ "fault":true
+ },
+ "LaunchCommandList":{
+ "type":"list",
+ "member":{"shape":"NonEmptyString"}
+ },
+ "LaunchOverrides":{
+ "type":"structure",
+ "members":{
+ "LaunchCommands":{"shape":"LaunchCommandList"}
+ }
+ },
+ "LifecycleManagementStrategy":{
+ "type":"string",
+ "enum":[
+ "Unknown",
+ "PerWorker",
+ "BySpatialSubdivision",
+ "ByRequest"
+ ]
+ },
+ "ListAppsInput":{
+ "type":"structure",
+ "required":["Simulation"],
+ "members":{
+ "Domain":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"domain"
+ },
+ "MaxResults":{
+ "shape":"PositiveInteger",
+ "location":"querystring",
+ "locationName":"maxResults"
+ },
+ "NextToken":{
+ "shape":"OptionalString",
+ "location":"querystring",
+ "locationName":"nextToken"
+ },
+ "Simulation":{
+ "shape":"SimSpaceWeaverResourceName",
+ "location":"querystring",
+ "locationName":"simulation"
+ }
+ }
+ },
+ "ListAppsOutput":{
+ "type":"structure",
+ "members":{
+ "Apps":{"shape":"SimulationAppList"},
+ "NextToken":{"shape":"OptionalString"}
+ }
+ },
+ "ListSimulationsInput":{
+ "type":"structure",
+ "members":{
+ "MaxResults":{
+ "shape":"PositiveInteger",
+ "location":"querystring",
+ "locationName":"maxResults"
+ },
+ "NextToken":{
+ "shape":"OptionalString",
+ "location":"querystring",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "ListSimulationsOutput":{
+ "type":"structure",
+ "members":{
+ "NextToken":{"shape":"OptionalString"},
+ "Simulations":{"shape":"SimulationList"}
+ }
+ },
+ "ListTagsForResourceInput":{
+ "type":"structure",
+ "required":["ResourceArn"],
+ "members":{
+ "ResourceArn":{
+ "shape":"SimSpaceWeaverArn",
+ "location":"uri",
+ "locationName":"ResourceArn"
+ }
+ }
+ },
+ "ListTagsForResourceOutput":{
+ "type":"structure",
+ "members":{
+ "Tags":{"shape":"TagMap"}
+ }
+ },
+ "LiveSimulationState":{
+ "type":"structure",
+ "members":{
+ "Clocks":{"shape":"SimulationClockList"},
+ "Domains":{"shape":"DomainList"}
+ }
+ },
+ "LogDestination":{
+ "type":"structure",
+ "members":{
+ "CloudWatchLogsLogGroup":{"shape":"CloudWatchLogsLogGroup"}
+ }
+ },
+ "LogDestinations":{
+ "type":"list",
+ "member":{"shape":"LogDestination"}
+ },
+ "LogGroupArn":{
+ "type":"string",
+ "max":1600,
+ "min":0,
+ "pattern":"^arn:(?:aws|aws-cn):log-group:([a-z]{2}-[a-z]+-\\d{1}):(\\d{12})?:role\\/(.+)$"
+ },
+ "LoggingConfiguration":{
+ "type":"structure",
+ "members":{
+ "Destinations":{"shape":"LogDestinations"}
+ }
+ },
+ "NonEmptyString":{
+ "type":"string",
+ "max":1600,
+ "min":1
+ },
+ "ObjectKey":{
+ "type":"string",
+ "max":1024,
+ "min":1
+ },
+ "OptionalString":{"type":"string"},
+ "PortNumber":{
+ "type":"integer",
+ "box":true,
+ "max":65535,
+ "min":0
+ },
+ "PositiveInteger":{
+ "type":"integer",
+ "box":true,
+ "min":1
+ },
+ "ResourceNotFoundException":{
+ "type":"structure",
+ "members":{
+ "Message":{"shape":"NonEmptyString"}
+ },
+ "error":{
+ "httpStatusCode":404,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "RoleArn":{
+ "type":"string",
+ "max":1600,
+ "min":0,
+ "pattern":"^arn:(?:aws|aws-cn):iam::(\\d{12})?:role\\/(.+)$"
+ },
+ "S3Location":{
+ "type":"structure",
+ "members":{
+ "BucketName":{"shape":"BucketName"},
+ "ObjectKey":{"shape":"ObjectKey"}
+ }
+ },
+ "ServiceQuotaExceededException":{
+ "type":"structure",
+ "members":{
+ "Message":{"shape":"NonEmptyString"}
+ },
+ "error":{
+ "httpStatusCode":402,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "SimSpaceWeaverArn":{
+ "type":"string",
+ "max":1600,
+ "min":0,
+ "pattern":"^arn:(?:aws|aws-cn):simspaceweaver:([a-z]{2}-[a-z]+-\\d{1}):(\\d{12})?:([a-z]+)\\/(.+)$"
+ },
+ "SimSpaceWeaverResourceName":{
+ "type":"string",
+ "max":64,
+ "min":1,
+ "pattern":"^[a-zA-Z0-9_.-]+$"
+ },
+ "SimulationAppEndpointInfo":{
+ "type":"structure",
+ "members":{
+ "Address":{"shape":"NonEmptyString"},
+ "IngressPortMappings":{"shape":"AppPortMappings"}
+ }
+ },
+ "SimulationAppList":{
+ "type":"list",
+ "member":{"shape":"SimulationAppMetadata"}
+ },
+ "SimulationAppMetadata":{
+ "type":"structure",
+ "members":{
+ "Domain":{"shape":"SimSpaceWeaverResourceName"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"},
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"},
+ "Status":{"shape":"SimulationAppStatus"},
+ "TargetStatus":{"shape":"SimulationAppTargetStatus"}
+ }
+ },
+ "SimulationAppPortMapping":{
+ "type":"structure",
+ "members":{
+ "Actual":{"shape":"PortNumber"},
+ "Declared":{"shape":"PortNumber"}
+ }
+ },
+ "SimulationAppStatus":{
+ "type":"string",
+ "enum":[
+ "STARTING",
+ "STARTED",
+ "STOPPING",
+ "STOPPED",
+ "ERROR",
+ "UNKNOWN"
+ ]
+ },
+ "SimulationAppTargetStatus":{
+ "type":"string",
+ "enum":[
+ "UNKNOWN",
+ "STARTED",
+ "STOPPED"
+ ]
+ },
+ "SimulationClock":{
+ "type":"structure",
+ "members":{
+ "Status":{"shape":"ClockStatus"},
+ "TargetStatus":{"shape":"ClockTargetStatus"}
+ }
+ },
+ "SimulationClockList":{
+ "type":"list",
+ "member":{"shape":"SimulationClock"}
+ },
+ "SimulationList":{
+ "type":"list",
+ "member":{"shape":"SimulationMetadata"}
+ },
+ "SimulationMetadata":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"SimSpaceWeaverArn"},
+ "CreationTime":{"shape":"Timestamp"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"},
+ "Status":{"shape":"SimulationStatus"},
+ "TargetStatus":{"shape":"SimulationTargetStatus"}
+ }
+ },
+ "SimulationStatus":{
+ "type":"string",
+ "enum":[
+ "UNKNOWN",
+ "STARTING",
+ "STARTED",
+ "STOPPING",
+ "STOPPED",
+ "FAILED",
+ "DELETING",
+ "DELETED"
+ ]
+ },
+ "SimulationTargetStatus":{
+ "type":"string",
+ "enum":[
+ "UNKNOWN",
+ "STARTED",
+ "STOPPED",
+ "DELETED"
+ ]
+ },
+ "StartAppInput":{
+ "type":"structure",
+ "required":[
+ "Domain",
+ "Name",
+ "Simulation"
+ ],
+ "members":{
+ "ClientToken":{
+ "shape":"ClientToken",
+ "idempotencyToken":true
+ },
+ "Description":{"shape":"Description"},
+ "Domain":{"shape":"SimSpaceWeaverResourceName"},
+ "LaunchOverrides":{"shape":"LaunchOverrides"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"},
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"}
+ }
+ },
+ "StartAppOutput":{
+ "type":"structure",
+ "members":{
+ "Domain":{"shape":"SimSpaceWeaverResourceName"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"},
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"}
+ }
+ },
+ "StartClockInput":{
+ "type":"structure",
+ "required":["Simulation"],
+ "members":{
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"}
+ }
+ },
+ "StartClockOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "StartSimulationInput":{
+ "type":"structure",
+ "required":[
+ "Name",
+ "RoleArn",
+ "SchemaS3Location"
+ ],
+ "members":{
+ "ClientToken":{
+ "shape":"ClientToken",
+ "idempotencyToken":true
+ },
+ "Description":{"shape":"Description"},
+ "MaximumDuration":{"shape":"TimeToLiveString"},
+ "Name":{"shape":"SimSpaceWeaverResourceName"},
+ "RoleArn":{"shape":"RoleArn"},
+ "SchemaS3Location":{"shape":"S3Location"},
+ "Tags":{"shape":"TagMap"}
+ }
+ },
+ "StartSimulationOutput":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"SimSpaceWeaverArn"},
+ "CreationTime":{"shape":"Timestamp"},
+ "ExecutionId":{"shape":"UUID"}
+ }
+ },
+ "StopAppInput":{
+ "type":"structure",
+ "required":[
+ "App",
+ "Domain",
+ "Simulation"
+ ],
+ "members":{
+ "App":{"shape":"SimSpaceWeaverResourceName"},
+ "Domain":{"shape":"SimSpaceWeaverResourceName"},
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"}
+ }
+ },
+ "StopAppOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "StopClockInput":{
+ "type":"structure",
+ "required":["Simulation"],
+ "members":{
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"}
+ }
+ },
+ "StopClockOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "StopSimulationInput":{
+ "type":"structure",
+ "required":["Simulation"],
+ "members":{
+ "Simulation":{"shape":"SimSpaceWeaverResourceName"}
+ }
+ },
+ "StopSimulationOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "TagKey":{
+ "type":"string",
+ "max":128,
+ "min":1
+ },
+ "TagKeyList":{
+ "type":"list",
+ "member":{"shape":"TagKey"},
+ "max":50,
+ "min":1
+ },
+ "TagMap":{
+ "type":"map",
+ "key":{"shape":"TagKey"},
+ "value":{"shape":"TagValue"},
+ "max":50,
+ "min":1
+ },
+ "TagResourceInput":{
+ "type":"structure",
+ "required":[
+ "ResourceArn",
+ "Tags"
+ ],
+ "members":{
+ "ResourceArn":{
+ "shape":"SimSpaceWeaverArn",
+ "location":"uri",
+ "locationName":"ResourceArn"
+ },
+ "Tags":{"shape":"TagMap"}
+ }
+ },
+ "TagResourceOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "TagValue":{
+ "type":"string",
+ "max":256,
+ "min":0
+ },
+ "TimeToLiveString":{
+ "type":"string",
+ "max":6,
+ "min":2,
+ "pattern":"^\\d{1,5}[mhdMHD]$"
+ },
+ "Timestamp":{"type":"timestamp"},
+ "TooManyTagsException":{
+ "type":"structure",
+ "members":{
+ "Message":{"shape":"NonEmptyString"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "UUID":{
+ "type":"string",
+ "min":36,
+ "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
+ },
+ "UntagResourceInput":{
+ "type":"structure",
+ "required":[
+ "ResourceArn",
+ "TagKeys"
+ ],
+ "members":{
+ "ResourceArn":{
+ "shape":"SimSpaceWeaverArn",
+ "location":"uri",
+ "locationName":"ResourceArn"
+ },
+ "TagKeys":{
+ "shape":"TagKeyList",
+ "location":"querystring",
+ "locationName":"tagKeys"
+ }
+ }
+ },
+ "UntagResourceOutput":{
+ "type":"structure",
+ "members":{
+ }
+ },
+ "ValidationException":{
+ "type":"structure",
+ "members":{
+ "Message":{"shape":"NonEmptyString"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ }
+ }
+}
diff --git a/models/apis/simspaceweaver/2022-10-28/docs-2.json b/models/apis/simspaceweaver/2022-10-28/docs-2.json
new file mode 100644
index 0000000000..73857c5441
--- /dev/null
+++ b/models/apis/simspaceweaver/2022-10-28/docs-2.json
@@ -0,0 +1,546 @@
+{
+ "version": "2.0",
+ "service": "Amazon Web Services SimSpace Weaver (SimSpace Weaver) is a managed service that you can use to build and operate large-scale spatial simulations in the Amazon Web Services Cloud. For example, you can create a digital twin of a city, crowd simulations with millions of people and objects, and massilvely-multiplayer games with hundreds of thousands of connected players. For more information about SimSpace Weaver, see the Amazon Web Services SimSpace Weaver User Guide .
This API reference describes the API operations and data types that you can use to communicate directly with SimSpace Weaver.
SimSpace Weaver also provides the SimSpace Weaver app SDK, which you use for app development. The SimSpace Weaver app SDK API reference is included in the SimSpace Weaver app SDK documentation, which is part of the SimSpace Weaver app SDK distributable package.
",
+ "operations": {
+ "DeleteApp": "Deletes the instance of the given custom app.
",
+ "DeleteSimulation": "Deletes all SimSpace Weaver resources assigned to the given simulation.
Your simulation uses resources in other Amazon Web Services services. This API operation doesn't delete resources in other Amazon Web Services services.
",
+ "DescribeApp": "Returns the state of the given custom app.
",
+ "DescribeSimulation": "Returns the current state of the given simulation.
",
+ "ListApps": "Lists all custom apps or service apps for the given simulation and domain.
",
+ "ListSimulations": "Lists the SimSpace Weaver simulations in the Amazon Web Services account used to make the API call.
",
+ "ListTagsForResource": "Lists all tags on a SimSpace Weaver resource.
",
+ "StartApp": "Starts a custom app with the configuration specified in the simulation schema.
",
+ "StartClock": "Starts the simulation clock.
",
+ "StartSimulation": "Starts a simulation with the given name and schema.
",
+ "StopApp": "Stops the given custom app and shuts down all of its allocated compute resources.
",
+ "StopClock": "Stops the simulation clock.
",
+ "StopSimulation": "Stops the given simulation.
You can't restart a simulation after you stop it. If you need to restart a simulation, you must stop it, delete it, and start a new instance of it.
",
+ "TagResource": "Adds tags to a SimSpace Weaver resource. For more information about tags, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.
",
+ "UntagResource": "Removes tags from a SimSpace Weaver resource. For more information about tags, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.
"
+ },
+ "shapes": {
+ "AccessDeniedException": {
+ "base": "",
+ "refs": {
+ }
+ },
+ "AppPortMappings": {
+ "base": null,
+ "refs": {
+ "SimulationAppEndpointInfo$IngressPortMappings": "The inbound TCP/UDP port numbers of the app. The combination of an IP address and a port number form a network endpoint.
"
+ }
+ },
+ "BucketName": {
+ "base": null,
+ "refs": {
+ "S3Location$BucketName": "The name of an Amazon S3 bucket. For more information about buckets, see Creating, configuring, and working with Amazon S3 buckets in the Amazon Simple Storage Service User Guide.
"
+ }
+ },
+ "ClientToken": {
+ "base": null,
+ "refs": {
+ "StartAppInput$ClientToken": "A value that you provide to ensure that repeated calls to this API operation using the same parameters complete only once. A ClientToken is also known as an idempotency token. A ClientToken expires after 24 hours.
",
+ "StartSimulationInput$ClientToken": "A value that you provide to ensure that repeated calls to this API operation using the same parameters complete only once. A ClientToken is also known as an idempotency token. A ClientToken expires after 24 hours.
"
+ }
+ },
+ "ClockStatus": {
+ "base": null,
+ "refs": {
+ "SimulationClock$Status": "The current status of the simulation clock.
"
+ }
+ },
+ "ClockTargetStatus": {
+ "base": null,
+ "refs": {
+ "SimulationClock$TargetStatus": "The desired status of the simulation clock.
"
+ }
+ },
+ "CloudWatchLogsLogGroup": {
+ "base": "The Amazon CloudWatch Logs log group for the simulation. For more information about log groups, see Working with log groups and log streams in the Amazon CloudWatch Logs User Guide.
",
+ "refs": {
+ "LogDestination$CloudWatchLogsLogGroup": "An Amazon CloudWatch Logs log group that stores simulation log data. For more information about log groups, see Working with log groups and log streams in the Amazon CloudWatch Logs User Guide.
"
+ }
+ },
+ "ConflictException": {
+ "base": "",
+ "refs": {
+ }
+ },
+ "DeleteAppInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteAppOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSimulationInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteSimulationOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeAppInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeAppOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeSimulationInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DescribeSimulationOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Description": {
+ "base": null,
+ "refs": {
+ "DescribeAppOutput$Description": "The description of the app.
",
+ "DescribeSimulationOutput$Description": "The description of the simulation.
",
+ "StartAppInput$Description": "The description of the app.
",
+ "StartSimulationInput$Description": "The description of the simulation.
"
+ }
+ },
+ "Domain": {
+ "base": "A collection of app instances that run the same executable app code and have the same launch options and commands.
For more information about domains, see Key concepts in the Amazon Web Services SimSpace Weaver User Guide.
",
+ "refs": {
+ "DomainList$member": null
+ }
+ },
+ "DomainList": {
+ "base": null,
+ "refs": {
+ "LiveSimulationState$Domains": "A list of domains for the simulation. For more information about domains, see Key concepts in the Amazon Web Services SimSpace Weaver User Guide.
"
+ }
+ },
+ "InternalServerException": {
+ "base": "",
+ "refs": {
+ }
+ },
+ "LaunchCommandList": {
+ "base": null,
+ "refs": {
+ "LaunchOverrides$LaunchCommands": "App launch commands and command line parameters that override the launch command configured in the simulation schema.
"
+ }
+ },
+ "LaunchOverrides": {
+ "base": "Options that apply when the app starts. These optiAons override default behavior.
",
+ "refs": {
+ "DescribeAppOutput$LaunchOverrides": null,
+ "StartAppInput$LaunchOverrides": null
+ }
+ },
+ "LifecycleManagementStrategy": {
+ "base": null,
+ "refs": {
+ "Domain$Lifecycle": "The type of lifecycle management for apps in the domain. This value indicates whether apps in this domain are managed (SimSpace Weaver starts and stops the apps) or unmanaged (you must start and stop the apps).
Lifecycle types
-
PerWorker – Managed: SimSpace Weaver starts 1 app on each worker
-
BySpatialSubdivision – Managed: SimSpace Weaver starts 1 app for each spatial partition
-
ByRequest – Unmanaged: You use the StartApp API to start the apps and use the StopApp API to stop the apps.
The lifecycle types will change when the service is released for general availability (GA).
"
+ }
+ },
+ "ListAppsInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListAppsOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSimulationsInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListSimulationsOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "LiveSimulationState": {
+ "base": "A collection of additional state information, such as domain and clock configuration.
",
+ "refs": {
+ "DescribeSimulationOutput$LiveSimulationState": "A collection of additional state information, such as domain and clock configuration.
"
+ }
+ },
+ "LogDestination": {
+ "base": "The location where SimSpace Weaver sends simulation log data.
",
+ "refs": {
+ "LogDestinations$member": null
+ }
+ },
+ "LogDestinations": {
+ "base": null,
+ "refs": {
+ "LoggingConfiguration$Destinations": "A list of the locations where SimSpace Weaver sends simulation log data.
"
+ }
+ },
+ "LogGroupArn": {
+ "base": null,
+ "refs": {
+ "CloudWatchLogsLogGroup$LogGroupArn": "The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log group for the simulation. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference. For more information about log groups, see Working with log groups and log streams in the Amazon CloudWatch Logs User Guide.
"
+ }
+ },
+ "LoggingConfiguration": {
+ "base": "The logging configuration for a simulation.
",
+ "refs": {
+ "DescribeSimulationOutput$LoggingConfiguration": "Settings that control how SimSpace Weaver handles your simulation log data.
"
+ }
+ },
+ "NonEmptyString": {
+ "base": null,
+ "refs": {
+ "AccessDeniedException$Message": null,
+ "ConflictException$Message": null,
+ "InternalServerException$Message": null,
+ "LaunchCommandList$member": null,
+ "ResourceNotFoundException$Message": null,
+ "ServiceQuotaExceededException$Message": null,
+ "SimulationAppEndpointInfo$Address": "The IP address of the app. SimSpace Weaver dynamically assigns this IP address when the app starts.
",
+ "TooManyTagsException$Message": null,
+ "ValidationException$Message": null
+ }
+ },
+ "ObjectKey": {
+ "base": null,
+ "refs": {
+ "S3Location$ObjectKey": "The key name of an object in Amazon S3. For more information about Amazon S3 objects and object keys, see Uploading, downloading, and working with objects in Amazon S3 in the Amazon Simple Storage Service User Guide.
"
+ }
+ },
+ "OptionalString": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$SchemaError": "An error message that SimSpace Weaver returns only if there is a problem with the simulation schema.
",
+ "ListAppsInput$NextToken": "If SimSpace Weaver returns nextToken, there are more results available. The value of nextToken is a unique pagination token for each page. To retrieve the next page, call the operation again using the returned token. Keep all other arguments unchanged. If no results remain, nextToken is set to null. Each pagination token expires after 24 hours. If you provide a token that isn't valid, you receive an HTTP 400 ValidationException error.
",
+ "ListAppsOutput$NextToken": "If SimSpace Weaver returns nextToken, there are more results available. The value of nextToken is a unique pagination token for each page. To retrieve the next page, call the operation again using the returned token. Keep all other arguments unchanged. If no results remain, nextToken is set to null. Each pagination token expires after 24 hours. If you provide a token that isn't valid, you receive an HTTP 400 ValidationException error.
",
+ "ListSimulationsInput$NextToken": "If SimSpace Weaver returns nextToken, there are more results available. The value of nextToken is a unique pagination token for each page. To retrieve the next page, call the operation again using the returned token. Keep all other arguments unchanged. If no results remain, nextToken is set to null. Each pagination token expires after 24 hours. If you provide a token that isn't valid, you receive an HTTP 400 ValidationException error.
",
+ "ListSimulationsOutput$NextToken": "If SimSpace Weaver returns nextToken, there are more results available. The value of nextToken is a unique pagination token for each page. To retrieve the next page, call the operation again using the returned token. Keep all other arguments unchanged. If no results remain, nextToken is set to null. Each pagination token expires after 24 hours. If you provide a token that isn't valid, you receive an HTTP 400 ValidationException error.
"
+ }
+ },
+ "PortNumber": {
+ "base": null,
+ "refs": {
+ "SimulationAppPortMapping$Actual": "The TCP/UDP port number of the running app. SimSpace Weaver dynamically assigns this port number when the app starts. SimSpace Weaver maps the Declared port to the Actual port. Clients connect to the app using the app's IP address and the Actual port number.
",
+ "SimulationAppPortMapping$Declared": "The TCP/UDP port number of the app, declared in the simulation schema. SimSpace Weaver maps the Declared port to the Actual port. The source code for the app should bind to the Declared port.
"
+ }
+ },
+ "PositiveInteger": {
+ "base": null,
+ "refs": {
+ "ListAppsInput$MaxResults": "The maximum number of apps to list.
",
+ "ListSimulationsInput$MaxResults": "The maximum number of simulations to list.
"
+ }
+ },
+ "ResourceNotFoundException": {
+ "base": "",
+ "refs": {
+ }
+ },
+ "RoleArn": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$RoleArn": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that the simulation assumes to perform actions. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference. For more information about IAM roles, see IAM roles in the Identity and Access Management User Guide.
",
+ "StartSimulationInput$RoleArn": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that the simulation assumes to perform actions. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference. For more information about IAM roles, see IAM roles in the Identity and Access Management User Guide.
"
+ }
+ },
+ "S3Location": {
+ "base": "A location in Amazon Simple Storage Service (Amazon S3) where SimSpace Weaver stores simulation data, such as your app zip files and schema file. For more information about Amazon S3, see the Amazon Simple Storage Service User Guide .
",
+ "refs": {
+ "DescribeSimulationOutput$SchemaS3Location": "The location of the simulation schema in Amazon Simple Storage Service (Amazon S3). For more information about Amazon S3, see the Amazon Simple Storage Service User Guide .
",
+ "StartSimulationInput$SchemaS3Location": "The location of the simulation schema in Amazon Simple Storage Service (Amazon S3). For more information about Amazon S3, see the Amazon Simple Storage Service User Guide .
"
+ }
+ },
+ "ServiceQuotaExceededException": {
+ "base": "",
+ "refs": {
+ }
+ },
+ "SimSpaceWeaverArn": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$Arn": "The Amazon Resource Name (ARN) of the simulation. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
",
+ "ListTagsForResourceInput$ResourceArn": "The Amazon Resource Name (ARN) of the resource. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
",
+ "SimulationMetadata$Arn": "The Amazon Resource Name (ARN) of the simulation. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
",
+ "StartSimulationOutput$Arn": "The Amazon Resource Name (ARN) of the simulation. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
",
+ "TagResourceInput$ResourceArn": "The Amazon Resource Name (ARN) of the resource that you want to add tags to. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
",
+ "UntagResourceInput$ResourceArn": "The Amazon Resource Name (ARN) of the resource that you want to remove tags from. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
"
+ }
+ },
+ "SimSpaceWeaverResourceName": {
+ "base": null,
+ "refs": {
+ "DeleteAppInput$App": "The name of the app.
",
+ "DeleteAppInput$Domain": "The name of the domain of the app.
",
+ "DeleteAppInput$Simulation": "The name of the simulation of the app.
",
+ "DeleteSimulationInput$Simulation": "The name of the simulation.
",
+ "DescribeAppInput$App": "The name of the app.
",
+ "DescribeAppInput$Domain": "The name of the domain of the app.
",
+ "DescribeAppInput$Simulation": "The name of the simulation of the app.
",
+ "DescribeAppOutput$Domain": "The name of the domain of the app.
",
+ "DescribeAppOutput$Name": "The name of the app.
",
+ "DescribeAppOutput$Simulation": "The name of the simulation of the app.
",
+ "DescribeSimulationInput$Simulation": "The name of the simulation.
",
+ "DescribeSimulationOutput$Name": "The name of the simulation.
",
+ "Domain$Name": "The name of the domain.
",
+ "ListAppsInput$Domain": "The name of the domain that you want to list apps for.
",
+ "ListAppsInput$Simulation": "The name of the simulation that you want to list apps for.
",
+ "SimulationAppMetadata$Domain": "The domain of the app. For more information about domains, see Key concepts in the Amazon Web Services SimSpace Weaver User Guide.
",
+ "SimulationAppMetadata$Name": "The name of the app.
",
+ "SimulationAppMetadata$Simulation": "The name of the simulation of the app.
",
+ "SimulationMetadata$Name": "The name of the simulation.
",
+ "StartAppInput$Domain": "The name of the domain of the app.
",
+ "StartAppInput$Name": "The name of the app.
",
+ "StartAppInput$Simulation": "The name of the simulation of the app.
",
+ "StartAppOutput$Domain": "The name of the domain of the app.
",
+ "StartAppOutput$Name": "The name of the app.
",
+ "StartAppOutput$Simulation": "The name of the simulation of the app.
",
+ "StartClockInput$Simulation": "The name of the simulation.
",
+ "StartSimulationInput$Name": "The name of the simulation.
",
+ "StopAppInput$App": "The name of the app.
",
+ "StopAppInput$Domain": "The name of the domain of the app.
",
+ "StopAppInput$Simulation": "The name of the simulation of the app.
",
+ "StopClockInput$Simulation": "The name of the simulation.
",
+ "StopSimulationInput$Simulation": "The name of the simulation.
"
+ }
+ },
+ "SimulationAppEndpointInfo": {
+ "base": "Information about the network endpoint that you can use to connect to your custom or service app.
",
+ "refs": {
+ "DescribeAppOutput$EndpointInfo": "Information about the network endpoint for the custom app. You can use the endpoint to connect to the custom app.
"
+ }
+ },
+ "SimulationAppList": {
+ "base": null,
+ "refs": {
+ "ListAppsOutput$Apps": "The list of apps for the given simulation and domain.
"
+ }
+ },
+ "SimulationAppMetadata": {
+ "base": "A collection of metadata about an app.
",
+ "refs": {
+ "SimulationAppList$member": null
+ }
+ },
+ "SimulationAppPortMapping": {
+ "base": "A collection of TCP/UDP ports for a custom or service app.
",
+ "refs": {
+ "AppPortMappings$member": null
+ }
+ },
+ "SimulationAppStatus": {
+ "base": null,
+ "refs": {
+ "DescribeAppOutput$Status": "The current lifecycle state of the custom app.
",
+ "SimulationAppMetadata$Status": "The current status of the app.
"
+ }
+ },
+ "SimulationAppTargetStatus": {
+ "base": null,
+ "refs": {
+ "DescribeAppOutput$TargetStatus": "The desired lifecycle state of the custom app.
",
+ "SimulationAppMetadata$TargetStatus": "The desired status of the app.
"
+ }
+ },
+ "SimulationClock": {
+ "base": "Status information about the simulation clock.
",
+ "refs": {
+ "SimulationClockList$member": null
+ }
+ },
+ "SimulationClockList": {
+ "base": null,
+ "refs": {
+ "LiveSimulationState$Clocks": "A list of simulation clocks.
At this time, a simulation has only one clock.
"
+ }
+ },
+ "SimulationList": {
+ "base": null,
+ "refs": {
+ "ListSimulationsOutput$Simulations": "The list of simulations.
"
+ }
+ },
+ "SimulationMetadata": {
+ "base": "A collection of data about the simulation.
",
+ "refs": {
+ "SimulationList$member": null
+ }
+ },
+ "SimulationStatus": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$Status": "The current lifecycle state of the simulation.
",
+ "SimulationMetadata$Status": "The current status of the simulation.
"
+ }
+ },
+ "SimulationTargetStatus": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$TargetStatus": "The desired lifecycle state of the simulation.
",
+ "SimulationMetadata$TargetStatus": "The desired status of the simulation.
"
+ }
+ },
+ "StartAppInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartAppOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartClockInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartClockOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartSimulationInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StartSimulationOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StopAppInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StopAppOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StopClockInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StopClockOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StopSimulationInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "StopSimulationOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "TagKey": {
+ "base": null,
+ "refs": {
+ "TagKeyList$member": null,
+ "TagMap$key": null
+ }
+ },
+ "TagKeyList": {
+ "base": null,
+ "refs": {
+ "UntagResourceInput$TagKeys": "A list of tag keys to remove from the resource.
"
+ }
+ },
+ "TagMap": {
+ "base": null,
+ "refs": {
+ "ListTagsForResourceOutput$Tags": "The list of tags for the resource.
",
+ "StartSimulationInput$Tags": "A list of tags for the simulation. For more information about tags, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.
",
+ "TagResourceInput$Tags": "A list of tags to apply to the resource.
"
+ }
+ },
+ "TagResourceInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "TagResourceOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "TagValue": {
+ "base": null,
+ "refs": {
+ "TagMap$value": null
+ }
+ },
+ "TimeToLiveString": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$MaximumDuration": "The maximum running time of the simulation, specified as a number of months (m or M), hours (h or H), or days (d or D). The simulation stops when it reaches this limit.
",
+ "StartSimulationInput$MaximumDuration": "The maximum running time of the simulation, specified as a number of months (m or M), hours (h or H), or days (d or D). The simulation stops when it reaches this limit.
"
+ }
+ },
+ "Timestamp": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$CreationTime": "The time when the simulation was created, expressed as the number of seconds and milliseconds in UTC since the Unix epoch (0:0:0.000, January 1, 1970).
",
+ "SimulationMetadata$CreationTime": "The time when the simulation was created, expressed as the number of seconds and milliseconds in UTC since the Unix epoch (0:0:0.000, January 1, 1970).
",
+ "StartSimulationOutput$CreationTime": "The time when the simulation was created, expressed as the number of seconds and milliseconds in UTC since the Unix epoch (0:0:0.000, January 1, 1970).
"
+ }
+ },
+ "TooManyTagsException": {
+ "base": "",
+ "refs": {
+ }
+ },
+ "UUID": {
+ "base": null,
+ "refs": {
+ "DescribeSimulationOutput$ExecutionId": "A universally unique identifier (UUID) for this simulation.
",
+ "StartSimulationOutput$ExecutionId": "A universally unique identifier (UUID) for this simulation.
"
+ }
+ },
+ "UntagResourceInput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "UntagResourceOutput": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ValidationException": {
+ "base": "",
+ "refs": {
+ }
+ }
+ }
+}
diff --git a/models/apis/simspaceweaver/2022-10-28/endpoint-rule-set-1.json b/models/apis/simspaceweaver/2022-10-28/endpoint-rule-set-1.json
new file mode 100644
index 0000000000..b458c7afe9
--- /dev/null
+++ b/models/apis/simspaceweaver/2022-10-28/endpoint-rule-set-1.json
@@ -0,0 +1,309 @@
+{
+ "version": "1.0",
+ "parameters": {
+ "Region": {
+ "builtIn": "AWS::Region",
+ "required": false,
+ "documentation": "The AWS region used to dispatch the request.",
+ "type": "String"
+ },
+ "UseDualStack": {
+ "builtIn": "AWS::UseDualStack",
+ "required": true,
+ "default": false,
+ "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
+ "type": "Boolean"
+ },
+ "UseFIPS": {
+ "builtIn": "AWS::UseFIPS",
+ "required": true,
+ "default": false,
+ "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
+ "type": "Boolean"
+ },
+ "Endpoint": {
+ "builtIn": "SDK::Endpoint",
+ "required": false,
+ "documentation": "Override the endpoint used to send this request",
+ "type": "String"
+ }
+ },
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ },
+ {
+ "fn": "parseURL",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ],
+ "assign": "url"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://simspaceweaver.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://simspaceweaver.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/models/apis/simspaceweaver/2022-10-28/endpoint-tests-1.json b/models/apis/simspaceweaver/2022-10-28/endpoint-tests-1.json
new file mode 100644
index 0000000000..38383d6e5e
--- /dev/null
+++ b/models/apis/simspaceweaver/2022-10-28/endpoint-tests-1.json
@@ -0,0 +1,295 @@
+{
+ "testCases": [
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-gov-east-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "cn-north-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-iso-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://simspaceweaver.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-isob-east-1"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips enabled and dualstack disabled",
+ "expect": {
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": false,
+ "UseFIPS": true,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack enabled",
+ "expect": {
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
+ },
+ "params": {
+ "UseDualStack": true,
+ "UseFIPS": false,
+ "Region": "us-east-1",
+ "Endpoint": "https://example.com"
+ }
+ }
+ ],
+ "version": "1.0"
+}
\ No newline at end of file
diff --git a/models/apis/simspaceweaver/2022-10-28/examples-1.json b/models/apis/simspaceweaver/2022-10-28/examples-1.json
new file mode 100644
index 0000000000..0ea7e3b0bb
--- /dev/null
+++ b/models/apis/simspaceweaver/2022-10-28/examples-1.json
@@ -0,0 +1,5 @@
+{
+ "version": "1.0",
+ "examples": {
+ }
+}
diff --git a/models/apis/simspaceweaver/2022-10-28/paginators-1.json b/models/apis/simspaceweaver/2022-10-28/paginators-1.json
new file mode 100644
index 0000000000..76802c24d4
--- /dev/null
+++ b/models/apis/simspaceweaver/2022-10-28/paginators-1.json
@@ -0,0 +1,14 @@
+{
+ "pagination": {
+ "ListApps": {
+ "input_token": "NextToken",
+ "output_token": "NextToken",
+ "limit_key": "MaxResults"
+ },
+ "ListSimulations": {
+ "input_token": "NextToken",
+ "output_token": "NextToken",
+ "limit_key": "MaxResults"
+ }
+ }
+}
diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json
index 87f8600e32..85cf3fc330 100644
--- a/models/endpoints/endpoints.json
+++ b/models/endpoints/endpoints.json
@@ -12813,6 +12813,17 @@
}
}
},
+ "securitylake" : {
+ "endpoints" : {
+ "ap-northeast-1" : { },
+ "ap-southeast-2" : { },
+ "eu-central-1" : { },
+ "eu-west-1" : { },
+ "us-east-1" : { },
+ "us-east-2" : { },
+ "us-west-2" : { }
+ }
+ },
"serverlessrepo" : {
"defaults" : {
"protocols" : [ "https" ]
@@ -13245,6 +13256,18 @@
"isRegionalized" : false,
"partitionEndpoint" : "aws-global"
},
+ "simspaceweaver" : {
+ "endpoints" : {
+ "ap-southeast-1" : { },
+ "ap-southeast-2" : { },
+ "eu-central-1" : { },
+ "eu-north-1" : { },
+ "eu-west-1" : { },
+ "us-east-1" : { },
+ "us-east-2" : { },
+ "us-west-2" : { }
+ }
+ },
"sms" : {
"endpoints" : {
"af-south-1" : { },
diff --git a/service/firehose/api.go b/service/firehose/api.go
index eebb57f695..7552f85e9f 100644
--- a/service/firehose/api.go
+++ b/service/firehose/api.go
@@ -58,7 +58,8 @@ func (c *Firehose) CreateDeliveryStreamRequest(input *CreateDeliveryStreamInput)
//
// Creates a Kinesis Data Firehose delivery stream.
//
-// By default, you can create up to 50 delivery streams per AWS Region.
+// By default, you can create up to 50 delivery streams per Amazon Web Services
+// Region.
//
// This is an asynchronous operation that immediately returns. The initial status
// of the delivery stream is CREATING. After the delivery stream is created,
@@ -1090,13 +1091,13 @@ func (c *Firehose) TagDeliveryStreamRequest(input *TagDeliveryStreamInput) (req
// TagDeliveryStream API operation for Amazon Kinesis Firehose.
//
// Adds or updates tags for the specified delivery stream. A tag is a key-value
-// pair that you can define and assign to AWS resources. If you specify a tag
-// that already exists, the tag value is replaced with the value that you specify
-// in the request. Tags are metadata. For example, you can add friendly names
-// and descriptions or other types of information that can help you distinguish
-// the delivery stream. For more information about tags, see Using Cost Allocation
-// Tags (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
-// in the AWS Billing and Cost Management User Guide.
+// pair that you can define and assign to Amazon Web Services resources. If
+// you specify a tag that already exists, the tag value is replaced with the
+// value that you specify in the request. Tags are metadata. For example, you
+// can add friendly names and descriptions or other types of information that
+// can help you distinguish the delivery stream. For more information about
+// tags, see Using Cost Allocation Tags (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
+// in the Amazon Web Services Billing and Cost Management User Guide.
//
// Each delivery stream can have up to 50 tags.
//
@@ -1358,11 +1359,552 @@ func (c *Firehose) UpdateDestinationWithContext(ctx aws.Context, input *UpdateDe
return out, req.Send()
}
+// Describes the buffering to perform before delivering data to the Serverless
+// offering for Amazon OpenSearch Service destination.
+type AmazonOpenSearchServerlessBufferingHints struct {
+ _ struct{} `type:"structure"`
+
+ // Buffer incoming data for the specified period of time, in seconds, before
+ // delivering it to the destination. The default value is 300 (5 minutes).
+ IntervalInSeconds *int64 `min:"60" type:"integer"`
+
+ // Buffer incoming data to the specified size, in MBs, before delivering it
+ // to the destination. The default value is 5.
+ //
+ // We recommend setting this parameter to a value greater than the amount of
+ // data you typically ingest into the delivery stream in 10 seconds. For example,
+ // if you typically ingest data at 1 MB/sec, the value should be 10 MB or higher.
+ SizeInMBs *int64 `min:"1" type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessBufferingHints) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessBufferingHints) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AmazonOpenSearchServerlessBufferingHints) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AmazonOpenSearchServerlessBufferingHints"}
+ if s.IntervalInSeconds != nil && *s.IntervalInSeconds < 60 {
+ invalidParams.Add(request.NewErrParamMinValue("IntervalInSeconds", 60))
+ }
+ if s.SizeInMBs != nil && *s.SizeInMBs < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("SizeInMBs", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetIntervalInSeconds sets the IntervalInSeconds field's value.
+func (s *AmazonOpenSearchServerlessBufferingHints) SetIntervalInSeconds(v int64) *AmazonOpenSearchServerlessBufferingHints {
+ s.IntervalInSeconds = &v
+ return s
+}
+
+// SetSizeInMBs sets the SizeInMBs field's value.
+func (s *AmazonOpenSearchServerlessBufferingHints) SetSizeInMBs(v int64) *AmazonOpenSearchServerlessBufferingHints {
+ s.SizeInMBs = &v
+ return s
+}
+
+// Describes the configuration of a destination in the Serverless offering for
+// Amazon OpenSearch Service.
+type AmazonOpenSearchServerlessDestinationConfiguration struct {
+ _ struct{} `type:"structure"`
+
+ // The buffering options. If no value is specified, the default values for AmazonopensearchserviceBufferingHints
+ // are used.
+ BufferingHints *AmazonOpenSearchServerlessBufferingHints `type:"structure"`
+
+ // Describes the Amazon CloudWatch logging options for your delivery stream.
+ CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
+
+ // The endpoint to use when communicating with the collection in the Serverless
+ // offering for Amazon OpenSearch Service.
+ CollectionEndpoint *string `min:"1" type:"string"`
+
+ // The Serverless offering for Amazon OpenSearch Service index name.
+ //
+ // IndexName is a required field
+ IndexName *string `min:"1" type:"string" required:"true"`
+
+ // Describes a data processing configuration.
+ ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
+
+ // The retry behavior in case Kinesis Data Firehose is unable to deliver documents
+ // to the Serverless offering for Amazon OpenSearch Service. The default value
+ // is 300 (5 minutes).
+ RetryOptions *AmazonOpenSearchServerlessRetryOptions `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data
+ // Firehose for calling the Serverless offering for Amazon OpenSearch Service
+ // Configuration API and for indexing documents.
+ //
+ // RoleARN is a required field
+ RoleARN *string `min:"1" type:"string" required:"true"`
+
+ // Defines how documents should be delivered to Amazon S3. When it is set to
+ // FailedDocumentsOnly, Kinesis Data Firehose writes any documents that could
+ // not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/
+ // appended to the key prefix. When set to AllDocuments, Kinesis Data Firehose
+ // delivers all incoming records to Amazon S3, and also writes failed documents
+ // with AmazonOpenSearchService-failed/ appended to the prefix.
+ S3BackupMode *string `type:"string" enum:"AmazonOpenSearchServerlessS3BackupMode"`
+
+ // Describes the configuration of a destination in Amazon S3.
+ //
+ // S3Configuration is a required field
+ S3Configuration *S3DestinationConfiguration `type:"structure" required:"true"`
+
+ // The details of the VPC of the Amazon ES destination.
+ VpcConfiguration *VpcConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessDestinationConfiguration) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessDestinationConfiguration) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AmazonOpenSearchServerlessDestinationConfiguration"}
+ if s.CollectionEndpoint != nil && len(*s.CollectionEndpoint) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("CollectionEndpoint", 1))
+ }
+ if s.IndexName == nil {
+ invalidParams.Add(request.NewErrParamRequired("IndexName"))
+ }
+ if s.IndexName != nil && len(*s.IndexName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("IndexName", 1))
+ }
+ if s.RoleARN == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleARN"))
+ }
+ if s.RoleARN != nil && len(*s.RoleARN) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("RoleARN", 1))
+ }
+ if s.S3Configuration == nil {
+ invalidParams.Add(request.NewErrParamRequired("S3Configuration"))
+ }
+ if s.BufferingHints != nil {
+ if err := s.BufferingHints.Validate(); err != nil {
+ invalidParams.AddNested("BufferingHints", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.ProcessingConfiguration != nil {
+ if err := s.ProcessingConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("ProcessingConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.S3Configuration != nil {
+ if err := s.S3Configuration.Validate(); err != nil {
+ invalidParams.AddNested("S3Configuration", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.VpcConfiguration != nil {
+ if err := s.VpcConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("VpcConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetBufferingHints sets the BufferingHints field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetBufferingHints(v *AmazonOpenSearchServerlessBufferingHints) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.BufferingHints = v
+ return s
+}
+
+// SetCloudWatchLoggingOptions sets the CloudWatchLoggingOptions field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetCloudWatchLoggingOptions(v *CloudWatchLoggingOptions) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.CloudWatchLoggingOptions = v
+ return s
+}
+
+// SetCollectionEndpoint sets the CollectionEndpoint field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetCollectionEndpoint(v string) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.CollectionEndpoint = &v
+ return s
+}
+
+// SetIndexName sets the IndexName field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetIndexName(v string) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.IndexName = &v
+ return s
+}
+
+// SetProcessingConfiguration sets the ProcessingConfiguration field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetProcessingConfiguration(v *ProcessingConfiguration) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.ProcessingConfiguration = v
+ return s
+}
+
+// SetRetryOptions sets the RetryOptions field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetRetryOptions(v *AmazonOpenSearchServerlessRetryOptions) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.RetryOptions = v
+ return s
+}
+
+// SetRoleARN sets the RoleARN field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetRoleARN(v string) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.RoleARN = &v
+ return s
+}
+
+// SetS3BackupMode sets the S3BackupMode field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetS3BackupMode(v string) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.S3BackupMode = &v
+ return s
+}
+
+// SetS3Configuration sets the S3Configuration field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetS3Configuration(v *S3DestinationConfiguration) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.S3Configuration = v
+ return s
+}
+
+// SetVpcConfiguration sets the VpcConfiguration field's value.
+func (s *AmazonOpenSearchServerlessDestinationConfiguration) SetVpcConfiguration(v *VpcConfiguration) *AmazonOpenSearchServerlessDestinationConfiguration {
+ s.VpcConfiguration = v
+ return s
+}
+
+// The destination description in the Serverless offering for Amazon OpenSearch
+// Service.
+type AmazonOpenSearchServerlessDestinationDescription struct {
+ _ struct{} `type:"structure"`
+
+ // The buffering options.
+ BufferingHints *AmazonOpenSearchServerlessBufferingHints `type:"structure"`
+
+ // Describes the Amazon CloudWatch logging options for your delivery stream.
+ CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
+
+ // The endpoint to use when communicating with the collection in the Serverless
+ // offering for Amazon OpenSearch Service.
+ CollectionEndpoint *string `min:"1" type:"string"`
+
+ // The Serverless offering for Amazon OpenSearch Service index name.
+ IndexName *string `min:"1" type:"string"`
+
+ // Describes a data processing configuration.
+ ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
+
+ // The Serverless offering for Amazon OpenSearch Service retry options.
+ RetryOptions *AmazonOpenSearchServerlessRetryOptions `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the AWS credentials.
+ RoleARN *string `min:"1" type:"string"`
+
+ // The Amazon S3 backup mode.
+ S3BackupMode *string `type:"string" enum:"AmazonOpenSearchServerlessS3BackupMode"`
+
+ // Describes a destination in Amazon S3.
+ S3DestinationDescription *S3DestinationDescription `type:"structure"`
+
+ // The details of the VPC of the Amazon ES destination.
+ VpcConfigurationDescription *VpcConfigurationDescription `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessDestinationDescription) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessDestinationDescription) GoString() string {
+ return s.String()
+}
+
+// SetBufferingHints sets the BufferingHints field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetBufferingHints(v *AmazonOpenSearchServerlessBufferingHints) *AmazonOpenSearchServerlessDestinationDescription {
+ s.BufferingHints = v
+ return s
+}
+
+// SetCloudWatchLoggingOptions sets the CloudWatchLoggingOptions field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetCloudWatchLoggingOptions(v *CloudWatchLoggingOptions) *AmazonOpenSearchServerlessDestinationDescription {
+ s.CloudWatchLoggingOptions = v
+ return s
+}
+
+// SetCollectionEndpoint sets the CollectionEndpoint field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetCollectionEndpoint(v string) *AmazonOpenSearchServerlessDestinationDescription {
+ s.CollectionEndpoint = &v
+ return s
+}
+
+// SetIndexName sets the IndexName field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetIndexName(v string) *AmazonOpenSearchServerlessDestinationDescription {
+ s.IndexName = &v
+ return s
+}
+
+// SetProcessingConfiguration sets the ProcessingConfiguration field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetProcessingConfiguration(v *ProcessingConfiguration) *AmazonOpenSearchServerlessDestinationDescription {
+ s.ProcessingConfiguration = v
+ return s
+}
+
+// SetRetryOptions sets the RetryOptions field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetRetryOptions(v *AmazonOpenSearchServerlessRetryOptions) *AmazonOpenSearchServerlessDestinationDescription {
+ s.RetryOptions = v
+ return s
+}
+
+// SetRoleARN sets the RoleARN field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetRoleARN(v string) *AmazonOpenSearchServerlessDestinationDescription {
+ s.RoleARN = &v
+ return s
+}
+
+// SetS3BackupMode sets the S3BackupMode field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetS3BackupMode(v string) *AmazonOpenSearchServerlessDestinationDescription {
+ s.S3BackupMode = &v
+ return s
+}
+
+// SetS3DestinationDescription sets the S3DestinationDescription field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetS3DestinationDescription(v *S3DestinationDescription) *AmazonOpenSearchServerlessDestinationDescription {
+ s.S3DestinationDescription = v
+ return s
+}
+
+// SetVpcConfigurationDescription sets the VpcConfigurationDescription field's value.
+func (s *AmazonOpenSearchServerlessDestinationDescription) SetVpcConfigurationDescription(v *VpcConfigurationDescription) *AmazonOpenSearchServerlessDestinationDescription {
+ s.VpcConfigurationDescription = v
+ return s
+}
+
+// Describes an update for a destination in the Serverless offering for Amazon
+// OpenSearch Service.
+type AmazonOpenSearchServerlessDestinationUpdate struct {
+ _ struct{} `type:"structure"`
+
+ // The buffering options. If no value is specified, AmazonopensearchBufferingHints
+ // object default values are used.
+ BufferingHints *AmazonOpenSearchServerlessBufferingHints `type:"structure"`
+
+ // Describes the Amazon CloudWatch logging options for your delivery stream.
+ CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
+
+ // The endpoint to use when communicating with the collection in the Serverless
+ // offering for Amazon OpenSearch Service.
+ CollectionEndpoint *string `min:"1" type:"string"`
+
+ // The Serverless offering for Amazon OpenSearch Service index name.
+ IndexName *string `min:"1" type:"string"`
+
+ // Describes a data processing configuration.
+ ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
+
+ // The retry behavior in case Kinesis Data Firehose is unable to deliver documents
+ // to the Serverless offering for Amazon OpenSearch Service. The default value
+ // is 300 (5 minutes).
+ RetryOptions *AmazonOpenSearchServerlessRetryOptions `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data
+ // Firehose for calling the Serverless offering for Amazon OpenSearch Service
+ // Configuration API and for indexing documents.
+ RoleARN *string `min:"1" type:"string"`
+
+ // Describes an update for a destination in Amazon S3.
+ S3Update *S3DestinationUpdate `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessDestinationUpdate) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessDestinationUpdate) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AmazonOpenSearchServerlessDestinationUpdate"}
+ if s.CollectionEndpoint != nil && len(*s.CollectionEndpoint) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("CollectionEndpoint", 1))
+ }
+ if s.IndexName != nil && len(*s.IndexName) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("IndexName", 1))
+ }
+ if s.RoleARN != nil && len(*s.RoleARN) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("RoleARN", 1))
+ }
+ if s.BufferingHints != nil {
+ if err := s.BufferingHints.Validate(); err != nil {
+ invalidParams.AddNested("BufferingHints", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.ProcessingConfiguration != nil {
+ if err := s.ProcessingConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("ProcessingConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.S3Update != nil {
+ if err := s.S3Update.Validate(); err != nil {
+ invalidParams.AddNested("S3Update", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetBufferingHints sets the BufferingHints field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetBufferingHints(v *AmazonOpenSearchServerlessBufferingHints) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.BufferingHints = v
+ return s
+}
+
+// SetCloudWatchLoggingOptions sets the CloudWatchLoggingOptions field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetCloudWatchLoggingOptions(v *CloudWatchLoggingOptions) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.CloudWatchLoggingOptions = v
+ return s
+}
+
+// SetCollectionEndpoint sets the CollectionEndpoint field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetCollectionEndpoint(v string) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.CollectionEndpoint = &v
+ return s
+}
+
+// SetIndexName sets the IndexName field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetIndexName(v string) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.IndexName = &v
+ return s
+}
+
+// SetProcessingConfiguration sets the ProcessingConfiguration field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetProcessingConfiguration(v *ProcessingConfiguration) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.ProcessingConfiguration = v
+ return s
+}
+
+// SetRetryOptions sets the RetryOptions field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetRetryOptions(v *AmazonOpenSearchServerlessRetryOptions) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.RetryOptions = v
+ return s
+}
+
+// SetRoleARN sets the RoleARN field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetRoleARN(v string) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.RoleARN = &v
+ return s
+}
+
+// SetS3Update sets the S3Update field's value.
+func (s *AmazonOpenSearchServerlessDestinationUpdate) SetS3Update(v *S3DestinationUpdate) *AmazonOpenSearchServerlessDestinationUpdate {
+ s.S3Update = v
+ return s
+}
+
+// Configures retry behavior in case Kinesis Data Firehose is unable to deliver
+// documents to the Serverless offering for Amazon OpenSearch Service.
+type AmazonOpenSearchServerlessRetryOptions struct {
+ _ struct{} `type:"structure"`
+
+ // After an initial failure to deliver to the Serverless offering for Amazon
+ // OpenSearch Service, the total amount of time during which Kinesis Data Firehose
+ // retries delivery (including the first attempt). After this time has elapsed,
+ // the failed documents are written to Amazon S3. Default value is 300 seconds
+ // (5 minutes). A value of 0 (zero) results in no retries.
+ DurationInSeconds *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessRetryOptions) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AmazonOpenSearchServerlessRetryOptions) GoString() string {
+ return s.String()
+}
+
+// SetDurationInSeconds sets the DurationInSeconds field's value.
+func (s *AmazonOpenSearchServerlessRetryOptions) SetDurationInSeconds(v int64) *AmazonOpenSearchServerlessRetryOptions {
+ s.DurationInSeconds = &v
+ return s
+}
+
+// Describes the buffering to perform before delivering data to the Amazon OpenSearch
+// Service destination.
type AmazonopensearchserviceBufferingHints struct {
_ struct{} `type:"structure"`
+ // Buffer incoming data for the specified period of time, in seconds, before
+ // delivering it to the destination. The default value is 300 (5 minutes).
IntervalInSeconds *int64 `min:"60" type:"integer"`
+ // Buffer incoming data to the specified size, in MBs, before delivering it
+ // to the destination. The default value is 5.
+ //
+ // We recommend setting this parameter to a value greater than the amount of
+ // data you typically ingest into the delivery stream in 10 seconds. For example,
+ // if you typically ingest data at 1 MB/sec, the value should be 10 MB or higher.
SizeInMBs *int64 `min:"1" type:"integer"`
}
@@ -1412,31 +1954,55 @@ func (s *AmazonopensearchserviceBufferingHints) SetSizeInMBs(v int64) *Amazonope
return s
}
+// Describes the configuration of a destination in Amazon OpenSearch Service
type AmazonopensearchserviceDestinationConfiguration struct {
_ struct{} `type:"structure"`
+ // The buffering options. If no value is specified, the default values for AmazonopensearchserviceBufferingHints
+ // are used.
BufferingHints *AmazonopensearchserviceBufferingHints `type:"structure"`
// Describes the Amazon CloudWatch logging options for your delivery stream.
CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
+ // The endpoint to use when communicating with the cluster. Specify either this
+ // ClusterEndpoint or the DomainARN field.
ClusterEndpoint *string `min:"1" type:"string"`
+ // The ARN of the Amazon OpenSearch Service domain. The IAM role must have permissions
+ // for DescribeElasticsearchDomain, DescribeElasticsearchDomains, and DescribeElasticsearchDomainConfig
+ // after assuming the role specified in RoleARN.
DomainARN *string `min:"1" type:"string"`
+ // The ElasticsearAmazon OpenSearch Service index name.
+ //
// IndexName is a required field
IndexName *string `min:"1" type:"string" required:"true"`
+ // The Amazon OpenSearch Service index rotation period. Index rotation appends
+ // a timestamp to the IndexName to facilitate the expiration of old data.
IndexRotationPeriod *string `type:"string" enum:"AmazonopensearchserviceIndexRotationPeriod"`
// Describes a data processing configuration.
ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
+ // The retry behavior in case Kinesis Data Firehose is unable to deliver documents
+ // to Amazon OpenSearch Service. The default value is 300 (5 minutes).
RetryOptions *AmazonopensearchserviceRetryOptions `type:"structure"`
+ // The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data
+ // Firehose for calling the Amazon OpenSearch Service Configuration API and
+ // for indexing documents.
+ //
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
+ // Defines how documents should be delivered to Amazon S3. When it is set to
+ // FailedDocumentsOnly, Kinesis Data Firehose writes any documents that could
+ // not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/
+ // appended to the key prefix. When set to AllDocuments, Kinesis Data Firehose
+ // delivers all incoming records to Amazon S3, and also writes failed documents
+ // with AmazonOpenSearchService-failed/ appended to the prefix.
S3BackupMode *string `type:"string" enum:"AmazonopensearchserviceS3BackupMode"`
// Describes the configuration of a destination in Amazon S3.
@@ -1444,6 +2010,10 @@ type AmazonopensearchserviceDestinationConfiguration struct {
// S3Configuration is a required field
S3Configuration *S3DestinationConfiguration `type:"structure" required:"true"`
+ // The Amazon OpenSearch Service type name. For Elasticsearch 6.x, there can
+ // be only one type per index. If you try to specify a new type for an existing
+ // index that already has another type, Kinesis Data Firehose returns an error
+ // during run time.
TypeName *string `type:"string"`
// The details of the VPC of the Amazon ES destination.
@@ -1597,34 +2167,48 @@ func (s *AmazonopensearchserviceDestinationConfiguration) SetVpcConfiguration(v
return s
}
+// The destination description in Amazon OpenSearch Service.
type AmazonopensearchserviceDestinationDescription struct {
_ struct{} `type:"structure"`
+ // The buffering options.
BufferingHints *AmazonopensearchserviceBufferingHints `type:"structure"`
// Describes the Amazon CloudWatch logging options for your delivery stream.
CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
+ // The endpoint to use when communicating with the cluster. Kinesis Data Firehose
+ // uses either this ClusterEndpoint or the DomainARN field to send data to Amazon
+ // OpenSearch Service.
ClusterEndpoint *string `min:"1" type:"string"`
+ // The ARN of the Amazon OpenSearch Service domain.
DomainARN *string `min:"1" type:"string"`
+ // The Amazon OpenSearch Service index name.
IndexName *string `min:"1" type:"string"`
+ // The Amazon OpenSearch Service index rotation period
IndexRotationPeriod *string `type:"string" enum:"AmazonopensearchserviceIndexRotationPeriod"`
// Describes a data processing configuration.
ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
+ // The Amazon OpenSearch Service retry options.
RetryOptions *AmazonopensearchserviceRetryOptions `type:"structure"`
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials.
RoleARN *string `min:"1" type:"string"`
+ // The Amazon S3 backup mode.
S3BackupMode *string `type:"string" enum:"AmazonopensearchserviceS3BackupMode"`
// Describes a destination in Amazon S3.
S3DestinationDescription *S3DestinationDescription `type:"structure"`
+ // The Amazon OpenSearch Service type name. This applies to Elasticsearch 6.x
+ // and lower versions. For Elasticsearch 7.x and OpenSearch Service 1.x, there's
+ // no value for TypeName.
TypeName *string `type:"string"`
// The details of the VPC of the Amazon ES destination.
@@ -1727,32 +2311,57 @@ func (s *AmazonopensearchserviceDestinationDescription) SetVpcConfigurationDescr
return s
}
+// Describes an update for a destination in Amazon OpenSearch Service.
type AmazonopensearchserviceDestinationUpdate struct {
_ struct{} `type:"structure"`
+ // The buffering options. If no value is specified, AmazonopensearchBufferingHints
+ // object default values are used.
BufferingHints *AmazonopensearchserviceBufferingHints `type:"structure"`
// Describes the Amazon CloudWatch logging options for your delivery stream.
CloudWatchLoggingOptions *CloudWatchLoggingOptions `type:"structure"`
+ // The endpoint to use when communicating with the cluster. Specify either this
+ // ClusterEndpoint or the DomainARN field.
ClusterEndpoint *string `min:"1" type:"string"`
+ // The ARN of the Amazon OpenSearch Service domain. The IAM role must have permissions
+ // for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming
+ // the IAM role specified in RoleARN.
DomainARN *string `min:"1" type:"string"`
+ // The Amazon OpenSearch Service index name.
IndexName *string `min:"1" type:"string"`
+ // The Amazon OpenSearch Service index rotation period. Index rotation appends
+ // a timestamp to IndexName to facilitate the expiration of old data.
IndexRotationPeriod *string `type:"string" enum:"AmazonopensearchserviceIndexRotationPeriod"`
// Describes a data processing configuration.
ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
+ // The retry behavior in case Kinesis Data Firehose is unable to deliver documents
+ // to Amazon OpenSearch Service. The default value is 300 (5 minutes).
RetryOptions *AmazonopensearchserviceRetryOptions `type:"structure"`
+ // The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data
+ // Firehose for calling the Amazon OpenSearch Service Configuration API and
+ // for indexing documents.
RoleARN *string `min:"1" type:"string"`
// Describes an update for a destination in Amazon S3.
S3Update *S3DestinationUpdate `type:"structure"`
+ // The Amazon OpenSearch Service type name. For Elasticsearch 6.x, there can
+ // be only one type per index. If you try to specify a new type for an existing
+ // index that already has another type, Kinesis Data Firehose returns an error
+ // during runtime.
+ //
+ // If you upgrade Elasticsearch from 6.x to 7.x and don’t update your delivery
+ // stream, Kinesis Data Firehose still delivers data to Elasticsearch with the
+ // old index name and type name. If you want to update your delivery stream
+ // with a new index name, provide an empty string for TypeName.
TypeName *string `type:"string"`
}
@@ -1877,9 +2486,16 @@ func (s *AmazonopensearchserviceDestinationUpdate) SetTypeName(v string) *Amazon
return s
}
+// Configures retry behavior in case Kinesis Data Firehose is unable to deliver
+// documents to Amazon OpenSearch Service.
type AmazonopensearchserviceRetryOptions struct {
_ struct{} `type:"structure"`
+ // After an initial failure to deliver to Amazon OpenSearch Service, the total
+ // amount of time during which Kinesis Data Firehose retries delivery (including
+ // the first attempt). After this time has elapsed, the failed documents are
+ // written to Amazon S3. Default value is 300 seconds (5 minutes). A value of
+ // 0 (zero) results in no retries.
DurationInSeconds *int64 `type:"integer"`
}
@@ -2187,16 +2803,21 @@ func (s *CopyCommand) SetDataTableName(v string) *CopyCommand {
type CreateDeliveryStreamInput struct {
_ struct{} `type:"structure"`
+ // The destination in the Serverless offering for Amazon OpenSearch Service.
+ // You can specify only one destination.
+ AmazonOpenSearchServerlessDestinationConfiguration *AmazonOpenSearchServerlessDestinationConfiguration `type:"structure"`
+
+ // The destination in Amazon OpenSearch Service. You can specify only one destination.
AmazonopensearchserviceDestinationConfiguration *AmazonopensearchserviceDestinationConfiguration `type:"structure"`
// Used to specify the type and Amazon Resource Name (ARN) of the KMS key needed
// for Server-Side Encryption (SSE).
DeliveryStreamEncryptionConfigurationInput *DeliveryStreamEncryptionConfigurationInput `type:"structure"`
- // The name of the delivery stream. This name must be unique per AWS account
- // in the same AWS Region. If the delivery streams are in different accounts
- // or different Regions, you can have multiple delivery streams with the same
- // name.
+ // The name of the delivery stream. This name must be unique per Amazon Web
+ // Services account in the same Amazon Web Services Region. If the delivery
+ // streams are in different accounts or different Regions, you can have multiple
+ // delivery streams with the same name.
//
// DeliveryStreamName is a required field
DeliveryStreamName *string `min:"1" type:"string" required:"true"`
@@ -2236,11 +2857,11 @@ type CreateDeliveryStreamInput struct {
SplunkDestinationConfiguration *SplunkDestinationConfiguration `type:"structure"`
// A set of tags to assign to the delivery stream. A tag is a key-value pair
- // that you can define and assign to AWS resources. Tags are metadata. For example,
- // you can add friendly names and descriptions or other types of information
- // that can help you distinguish the delivery stream. For more information about
- // tags, see Using Cost Allocation Tags (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
- // in the AWS Billing and Cost Management User Guide.
+ // that you can define and assign to Amazon Web Services resources. Tags are
+ // metadata. For example, you can add friendly names and descriptions or other
+ // types of information that can help you distinguish the delivery stream. For
+ // more information about tags, see Using Cost Allocation Tags (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
+ // in the Amazon Web Services Billing and Cost Management User Guide.
//
// You can specify up to 50 tags when creating a delivery stream.
Tags []*Tag `min:"1" type:"list"`
@@ -2276,6 +2897,11 @@ func (s *CreateDeliveryStreamInput) Validate() error {
if s.Tags != nil && len(s.Tags) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
}
+ if s.AmazonOpenSearchServerlessDestinationConfiguration != nil {
+ if err := s.AmazonOpenSearchServerlessDestinationConfiguration.Validate(); err != nil {
+ invalidParams.AddNested("AmazonOpenSearchServerlessDestinationConfiguration", err.(request.ErrInvalidParams))
+ }
+ }
if s.AmazonopensearchserviceDestinationConfiguration != nil {
if err := s.AmazonopensearchserviceDestinationConfiguration.Validate(); err != nil {
invalidParams.AddNested("AmazonopensearchserviceDestinationConfiguration", err.(request.ErrInvalidParams))
@@ -2338,6 +2964,12 @@ func (s *CreateDeliveryStreamInput) Validate() error {
return nil
}
+// SetAmazonOpenSearchServerlessDestinationConfiguration sets the AmazonOpenSearchServerlessDestinationConfiguration field's value.
+func (s *CreateDeliveryStreamInput) SetAmazonOpenSearchServerlessDestinationConfiguration(v *AmazonOpenSearchServerlessDestinationConfiguration) *CreateDeliveryStreamInput {
+ s.AmazonOpenSearchServerlessDestinationConfiguration = v
+ return s
+}
+
// SetAmazonopensearchserviceDestinationConfiguration sets the AmazonopensearchserviceDestinationConfiguration field's value.
func (s *CreateDeliveryStreamInput) SetAmazonopensearchserviceDestinationConfiguration(v *AmazonopensearchserviceDestinationConfiguration) *CreateDeliveryStreamInput {
s.AmazonopensearchserviceDestinationConfiguration = v
@@ -2444,9 +3076,10 @@ func (s *CreateDeliveryStreamOutput) SetDeliveryStreamARN(v string) *CreateDeliv
// Specifies that you want Kinesis Data Firehose to convert data from the JSON
// format to the Parquet or ORC format before writing it to Amazon S3. Kinesis
// Data Firehose uses the serializer and deserializer that you specify, in addition
-// to the column information from the AWS Glue table, to deserialize your input
-// data from JSON and then serialize it to the Parquet or ORC format. For more
-// information, see Kinesis Data Firehose Record Format Conversion (https://docs.aws.amazon.com/firehose/latest/dev/record-format-conversion.html).
+// to the column information from the Amazon Web Services Glue table, to deserialize
+// your input data from JSON and then serialize it to the Parquet or ORC format.
+// For more information, see Kinesis Data Firehose Record Format Conversion
+// (https://docs.aws.amazon.com/firehose/latest/dev/record-format-conversion.html).
type DataFormatConversionConfiguration struct {
_ struct{} `type:"structure"`
@@ -2464,8 +3097,8 @@ type DataFormatConversionConfiguration struct {
// if Enabled is set to true.
OutputFormatConfiguration *OutputFormatConfiguration `type:"structure"`
- // Specifies the AWS Glue Data Catalog table that contains the column information.
- // This parameter is required if Enabled is set to true.
+ // Specifies the Amazon Web Services Glue Data Catalog table that contains the
+ // column information. This parameter is required if Enabled is set to true.
SchemaConfiguration *SchemaConfiguration `type:"structure"`
}
@@ -2540,8 +3173,8 @@ type DeleteDeliveryStreamInput struct {
// the CMK or the grant are in an invalid state. If you force deletion, you
// can then use the RevokeGrant (https://docs.aws.amazon.com/kms/latest/APIReference/API_RevokeGrant.html)
// operation to revoke the grant you gave to Kinesis Data Firehose. If a failure
- // to retire the grant happens due to an AWS KMS issue, Kinesis Data Firehose
- // keeps retrying the delete operation.
+ // to retire the grant happens due to an Amazon Web Services KMS issue, Kinesis
+ // Data Firehose keeps retrying the delete operation.
//
// The default value is false.
AllowForceDelete *bool `type:"boolean"`
@@ -2628,7 +3261,8 @@ type DeliveryStreamDescription struct {
CreateTimestamp *time.Time `type:"timestamp"`
// The Amazon Resource Name (ARN) of the delivery stream. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
+ // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// DeliveryStreamARN is a required field
DeliveryStreamARN *string `min:"1" type:"string" required:"true"`
@@ -2793,13 +3427,13 @@ type DeliveryStreamEncryptionConfiguration struct {
FailureDescription *FailureDescription `type:"structure"`
// If KeyType is CUSTOMER_MANAGED_CMK, this field contains the ARN of the customer
- // managed CMK. If KeyType is AWS_OWNED_CMK, DeliveryStreamEncryptionConfiguration
+ // managed CMK. If KeyType is Amazon Web Services_OWNED_CMK, DeliveryStreamEncryptionConfiguration
// doesn't contain a value for KeyARN.
KeyARN *string `min:"1" type:"string"`
// Indicates the type of customer master key (CMK) that is used for encryption.
- // The default setting is AWS_OWNED_CMK. For more information about CMKs, see
- // Customer Master Keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys).
+ // The default setting is Amazon Web Services_OWNED_CMK. For more information
+ // about CMKs, see Customer Master Keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys).
KeyType *string `type:"string" enum:"KeyType"`
// This is the server-side encryption (SSE) status for the delivery stream.
@@ -2857,13 +3491,13 @@ type DeliveryStreamEncryptionConfigurationInput struct {
_ struct{} `type:"structure"`
// If you set KeyType to CUSTOMER_MANAGED_CMK, you must specify the Amazon Resource
- // Name (ARN) of the CMK. If you set KeyType to AWS_OWNED_CMK, Kinesis Data
- // Firehose uses a service-account CMK.
+ // Name (ARN) of the CMK. If you set KeyType to Amazon Web Services_OWNED_CMK,
+ // Kinesis Data Firehose uses a service-account CMK.
KeyARN *string `min:"1" type:"string"`
// Indicates the type of customer master key (CMK) to use for encryption. The
- // default setting is AWS_OWNED_CMK. For more information about CMKs, see Customer
- // Master Keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys).
+ // default setting is Amazon Web Services_OWNED_CMK. For more information about
+ // CMKs, see Customer Master Keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys).
// When you invoke CreateDeliveryStream or StartDeliveryStreamEncryption with
// KeyType set to CUSTOMER_MANAGED_CMK, Kinesis Data Firehose invokes the Amazon
// KMS operation CreateGrant (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html)
@@ -2882,7 +3516,7 @@ type DeliveryStreamEncryptionConfigurationInput struct {
// To encrypt your delivery stream, use symmetric CMKs. Kinesis Data Firehose
// doesn't support asymmetric CMKs. For information about symmetric and asymmetric
// CMKs, see About Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html)
- // in the AWS Key Management Service developer guide.
+ // in the Amazon Web Services Key Management Service developer guide.
//
// KeyType is a required field
KeyType *string `type:"string" required:"true" enum:"KeyType"`
@@ -3099,6 +3733,10 @@ func (s *Deserializer) SetOpenXJsonSerDe(v *OpenXJsonSerDe) *Deserializer {
type DestinationDescription struct {
_ struct{} `type:"structure"`
+ // The destination in the Serverless offering for Amazon OpenSearch Service.
+ AmazonOpenSearchServerlessDestinationDescription *AmazonOpenSearchServerlessDestinationDescription `type:"structure"`
+
+ // The destination in Amazon OpenSearch Service.
AmazonopensearchserviceDestinationDescription *AmazonopensearchserviceDestinationDescription `type:"structure"`
// The ID of the destination.
@@ -3143,6 +3781,12 @@ func (s DestinationDescription) GoString() string {
return s.String()
}
+// SetAmazonOpenSearchServerlessDestinationDescription sets the AmazonOpenSearchServerlessDestinationDescription field's value.
+func (s *DestinationDescription) SetAmazonOpenSearchServerlessDestinationDescription(v *AmazonOpenSearchServerlessDestinationDescription) *DestinationDescription {
+ s.AmazonOpenSearchServerlessDestinationDescription = v
+ return s
+}
+
// SetAmazonopensearchserviceDestinationDescription sets the AmazonopensearchserviceDestinationDescription field's value.
func (s *DestinationDescription) SetAmazonopensearchserviceDestinationDescription(v *AmazonopensearchserviceDestinationDescription) *DestinationDescription {
s.AmazonopensearchserviceDestinationDescription = v
@@ -3194,8 +3838,6 @@ func (s *DestinationDescription) SetSplunkDestinationDescription(v *SplunkDestin
// The configuration of the dynamic partitioning mechanism that creates smaller
// data sets from the streaming data by partitioning it based on partition keys.
// Currently, dynamic partitioning is only supported for Amazon S3 destinations.
-// For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
-// (https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html)
type DynamicPartitioningConfiguration struct {
_ struct{} `type:"structure"`
@@ -3317,10 +3959,10 @@ type ElasticsearchDestinationConfiguration struct {
// ClusterEndpoint or the DomainARN field.
ClusterEndpoint *string `min:"1" type:"string"`
- // The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeElasticsearchDomain,
- // DescribeElasticsearchDomains, and DescribeElasticsearchDomainConfig after
- // assuming the role specified in RoleARN. For more information, see Amazon
- // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeDomain,
+ // DescribeDomains, and DescribeDomainConfig after assuming the role specified
+ // in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon
+ // Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// Specify either ClusterEndpoint or DomainARN.
DomainARN *string `min:"1" type:"string"`
@@ -3347,17 +3989,18 @@ type ElasticsearchDestinationConfiguration struct {
// Firehose for calling the Amazon ES Configuration API and for indexing documents.
// For more information, see Grant Kinesis Data Firehose Access to an Amazon
// S3 Destination (https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3)
- // and Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
+ // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
// Defines how documents should be delivered to Amazon S3. When it is set to
// FailedDocumentsOnly, Kinesis Data Firehose writes any documents that could
- // not be indexed to the configured Amazon S3 destination, with elasticsearch-failed/
+ // not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/
// appended to the key prefix. When set to AllDocuments, Kinesis Data Firehose
// delivers all incoming records to Amazon S3, and also writes failed documents
- // with elasticsearch-failed/ appended to the prefix. For more information,
+ // with AmazonOpenSearchService-failed/ appended to the prefix. For more information,
// see Amazon S3 Backup for the Amazon ES Destination (https://docs.aws.amazon.com/firehose/latest/dev/basic-deliver.html#es-s3-backup).
// Default value is FailedDocumentsOnly.
//
@@ -3544,7 +4187,7 @@ type ElasticsearchDestinationDescription struct {
ClusterEndpoint *string `min:"1" type:"string"`
// The ARN of the Amazon ES domain. For more information, see Amazon Resource
- // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// Kinesis Data Firehose uses either ClusterEndpoint or DomainARN to send data
// to Amazon ES.
@@ -3562,8 +4205,9 @@ type ElasticsearchDestinationDescription struct {
// The Amazon ES retry options.
RetryOptions *ElasticsearchRetryOptions `type:"structure"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
RoleARN *string `min:"1" type:"string"`
// The Amazon S3 backup mode.
@@ -3573,7 +4217,8 @@ type ElasticsearchDestinationDescription struct {
S3DestinationDescription *S3DestinationDescription `type:"structure"`
// The Elasticsearch type name. This applies to Elasticsearch 6.x and lower
- // versions. For Elasticsearch 7.x, there's no value for TypeName.
+ // versions. For Elasticsearch 7.x and OpenSearch Service 1.x, there's no value
+ // for TypeName.
TypeName *string `type:"string"`
// The details of the VPC of the Amazon ES destination.
@@ -3691,10 +4336,10 @@ type ElasticsearchDestinationUpdate struct {
// ClusterEndpoint or the DomainARN field.
ClusterEndpoint *string `min:"1" type:"string"`
- // The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeElasticsearchDomain,
- // DescribeElasticsearchDomains, and DescribeElasticsearchDomainConfig after
- // assuming the IAM role specified in RoleARN. For more information, see Amazon
- // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeDomain,
+ // DescribeDomains, and DescribeDomainConfig after assuming the IAM role specified
+ // in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon
+ // Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// Specify either ClusterEndpoint or DomainARN.
DomainARN *string `min:"1" type:"string"`
@@ -3719,7 +4364,8 @@ type ElasticsearchDestinationUpdate struct {
// Firehose for calling the Amazon ES Configuration API and for indexing documents.
// For more information, see Grant Kinesis Data Firehose Access to an Amazon
// S3 Destination (https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3)
- // and Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
+ // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
RoleARN *string `min:"1" type:"string"`
// The Amazon S3 destination.
@@ -3956,7 +4602,7 @@ type ExtendedS3DestinationConfiguration struct {
_ struct{} `type:"structure"`
// The ARN of the S3 bucket. For more information, see Amazon Resource Names
- // (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// BucketARN is a required field
BucketARN *string `min:"1" type:"string" required:"true"`
@@ -3977,8 +4623,6 @@ type ExtendedS3DestinationConfiguration struct {
// The configuration of the dynamic partitioning mechanism that creates smaller
// data sets from the streaming data by partitioning it based on partition keys.
// Currently, dynamic partitioning is only supported for Amazon S3 destinations.
- // For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
- // (https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html)
DynamicPartitioningConfiguration *DynamicPartitioningConfiguration `type:"structure"`
// The encryption configuration. If no value is specified, the default is no
@@ -3999,8 +4643,9 @@ type ExtendedS3DestinationConfiguration struct {
// The data processing configuration.
ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
@@ -4162,7 +4807,7 @@ type ExtendedS3DestinationDescription struct {
_ struct{} `type:"structure"`
// The ARN of the S3 bucket. For more information, see Amazon Resource Names
- // (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// BucketARN is a required field
BucketARN *string `min:"1" type:"string" required:"true"`
@@ -4187,8 +4832,6 @@ type ExtendedS3DestinationDescription struct {
// The configuration of the dynamic partitioning mechanism that creates smaller
// data sets from the streaming data by partitioning it based on partition keys.
// Currently, dynamic partitioning is only supported for Amazon S3 destinations.
- // For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
- // (https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html)
DynamicPartitioningConfiguration *DynamicPartitioningConfiguration `type:"structure"`
// The encryption configuration. If no value is specified, the default is no
@@ -4211,8 +4854,9 @@ type ExtendedS3DestinationDescription struct {
// The data processing configuration.
ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
@@ -4325,7 +4969,7 @@ type ExtendedS3DestinationUpdate struct {
_ struct{} `type:"structure"`
// The ARN of the S3 bucket. For more information, see Amazon Resource Names
- // (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
BucketARN *string `min:"1" type:"string"`
// The buffering option.
@@ -4344,8 +4988,6 @@ type ExtendedS3DestinationUpdate struct {
// The configuration of the dynamic partitioning mechanism that creates smaller
// data sets from the streaming data by partitioning it based on partition keys.
// Currently, dynamic partitioning is only supported for Amazon S3 destinations.
- // For more information, see https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
- // (https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html)
DynamicPartitioningConfiguration *DynamicPartitioningConfiguration `type:"structure"`
// The encryption configuration. If no value is specified, the default is no
@@ -4366,8 +5008,9 @@ type ExtendedS3DestinationUpdate struct {
// The data processing configuration.
ProcessingConfiguration *ProcessingConfiguration `type:"structure"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
RoleARN *string `min:"1" type:"string"`
// You can update a delivery stream to enable Amazon S3 backup if it is disabled.
@@ -5579,8 +6222,9 @@ type KMSEncryptionConfig struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the encryption key. Must belong to the
- // same AWS Region as the destination Amazon S3 bucket. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // same Amazon Web Services Region as the destination Amazon S3 bucket. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// AWSKMSKeyARN is a required field
AWSKMSKeyARN *string `min:"1" type:"string" required:"true"`
@@ -5638,8 +6282,8 @@ type KinesisStreamSourceConfiguration struct {
KinesisStreamARN *string `min:"1" type:"string" required:"true"`
// The ARN of the role that provides access to the source Kinesis data stream.
- // For more information, see AWS Identity and Access Management (IAM) ARN Format
- // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam).
+ // For more information, see Amazon Web Services Identity and Access Management
+ // (IAM) ARN Format (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
@@ -5711,7 +6355,7 @@ type KinesisStreamSourceDescription struct {
KinesisStreamARN *string `min:"1" type:"string"`
// The ARN of the role used by the source Kinesis data stream. For more information,
- // see AWS Identity and Access Management (IAM) ARN Format (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam).
+ // see Amazon Web Services Identity and Access Management (IAM) ARN Format (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam).
RoleARN *string `min:"1" type:"string"`
}
@@ -6566,7 +7210,11 @@ func (s *Processor) SetType(v string) *Processor {
type ProcessorParameter struct {
_ struct{} `type:"structure"`
- // The name of the parameter.
+ // The name of the parameter. Currently the following default values are supported:
+ // 3 for NumberOfRetries and 60 for the BufferIntervalInSeconds. The BufferSizeInMBs
+ // ranges between 0.2 MB and up to 3MB. The default buffering hint is 1MB for
+ // all destinations, except Splunk. For Splunk, the default buffering hint is
+ // 256 KB.
//
// ParameterName is a required field
ParameterName *string `type:"string" required:"true" enum:"ProcessorParameterName"`
@@ -7003,8 +7651,9 @@ type RedshiftDestinationConfiguration struct {
// to Amazon Redshift. Default value is 3600 (60 minutes).
RetryOptions *RedshiftRetryOptions `type:"structure"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
@@ -7205,8 +7854,9 @@ type RedshiftDestinationDescription struct {
// to Amazon Redshift. Default value is 3600 (60 minutes).
RetryOptions *RedshiftRetryOptions `type:"structure"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
@@ -7337,8 +7987,9 @@ type RedshiftDestinationUpdate struct {
// to Amazon Redshift. Default value is 3600 (60 minutes).
RetryOptions *RedshiftRetryOptions `type:"structure"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
RoleARN *string `min:"1" type:"string"`
// You can update a delivery stream to enable Amazon S3 backup if it is disabled.
@@ -7695,7 +8346,7 @@ type S3DestinationConfiguration struct {
_ struct{} `type:"structure"`
// The ARN of the S3 bucket. For more information, see Amazon Resource Names
- // (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// BucketARN is a required field
BucketARN *string `min:"1" type:"string" required:"true"`
@@ -7729,8 +8380,9 @@ type S3DestinationConfiguration struct {
// Prefixes for Amazon S3 Objects (https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html).
Prefix *string `type:"string"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
@@ -7839,7 +8491,7 @@ type S3DestinationDescription struct {
_ struct{} `type:"structure"`
// The ARN of the S3 bucket. For more information, see Amazon Resource Names
- // (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// BucketARN is a required field
BucketARN *string `min:"1" type:"string" required:"true"`
@@ -7875,8 +8527,9 @@ type S3DestinationDescription struct {
// Prefixes for Amazon S3 Objects (https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html).
Prefix *string `type:"string"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
//
// RoleARN is a required field
RoleARN *string `min:"1" type:"string" required:"true"`
@@ -7953,7 +8606,7 @@ type S3DestinationUpdate struct {
_ struct{} `type:"structure"`
// The ARN of the S3 bucket. For more information, see Amazon Resource Names
- // (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
BucketARN *string `min:"1" type:"string"`
// The buffering option. If no value is specified, BufferingHints object default
@@ -7985,8 +8638,9 @@ type S3DestinationUpdate struct {
// Prefixes for Amazon S3 Objects (https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html).
Prefix *string `type:"string"`
- // The Amazon Resource Name (ARN) of the AWS credentials. For more information,
- // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // The Amazon Resource Name (ARN) of the Amazon Web Services credentials. For
+ // more information, see Amazon Resource Names (ARNs) and Amazon Web Services
+ // Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
RoleARN *string `min:"1" type:"string"`
}
@@ -8088,32 +8742,33 @@ func (s *S3DestinationUpdate) SetRoleARN(v string) *S3DestinationUpdate {
type SchemaConfiguration struct {
_ struct{} `type:"structure"`
- // The ID of the AWS Glue Data Catalog. If you don't supply this, the AWS account
- // ID is used by default.
+ // The ID of the Amazon Web Services Glue Data Catalog. If you don't supply
+ // this, the Amazon Web Services account ID is used by default.
CatalogId *string `min:"1" type:"string"`
- // Specifies the name of the AWS Glue database that contains the schema for
- // the output data.
+ // Specifies the name of the Amazon Web Services Glue database that contains
+ // the schema for the output data.
//
// If the SchemaConfiguration request parameter is used as part of invoking
// the CreateDeliveryStream API, then the DatabaseName property is required
// and its value must be specified.
DatabaseName *string `min:"1" type:"string"`
- // If you don't specify an AWS Region, the default is the current Region.
+ // If you don't specify an Amazon Web Services Region, the default is the current
+ // Region.
Region *string `min:"1" type:"string"`
- // The role that Kinesis Data Firehose can use to access AWS Glue. This role
- // must be in the same account you use for Kinesis Data Firehose. Cross-account
- // roles aren't allowed.
+ // The role that Kinesis Data Firehose can use to access Amazon Web Services
+ // Glue. This role must be in the same account you use for Kinesis Data Firehose.
+ // Cross-account roles aren't allowed.
//
// If the SchemaConfiguration request parameter is used as part of invoking
// the CreateDeliveryStream API, then the RoleARN property is required and its
// value must be specified.
RoleARN *string `min:"1" type:"string"`
- // Specifies the AWS Glue table that contains the column information that constitutes
- // your data schema.
+ // Specifies the Amazon Web Services Glue table that contains the column information
+ // that constitutes your data schema.
//
// If the SchemaConfiguration request parameter is used as part of invoking
// the CreateDeliveryStream API, then the TableName property is required and
@@ -9236,6 +9891,11 @@ func (s UntagDeliveryStreamOutput) GoString() string {
type UpdateDestinationInput struct {
_ struct{} `type:"structure"`
+ // Describes an update for a destination in the Serverless offering for Amazon
+ // OpenSearch Service.
+ AmazonOpenSearchServerlessDestinationUpdate *AmazonOpenSearchServerlessDestinationUpdate `type:"structure"`
+
+ // Describes an update for a destination in Amazon OpenSearch Service.
AmazonopensearchserviceDestinationUpdate *AmazonopensearchserviceDestinationUpdate `type:"structure"`
// Obtain this value from the VersionId result of DeliveryStreamDescription.
@@ -9318,6 +9978,11 @@ func (s *UpdateDestinationInput) Validate() error {
if s.DestinationId != nil && len(*s.DestinationId) < 1 {
invalidParams.Add(request.NewErrParamMinLen("DestinationId", 1))
}
+ if s.AmazonOpenSearchServerlessDestinationUpdate != nil {
+ if err := s.AmazonOpenSearchServerlessDestinationUpdate.Validate(); err != nil {
+ invalidParams.AddNested("AmazonOpenSearchServerlessDestinationUpdate", err.(request.ErrInvalidParams))
+ }
+ }
if s.AmazonopensearchserviceDestinationUpdate != nil {
if err := s.AmazonopensearchserviceDestinationUpdate.Validate(); err != nil {
invalidParams.AddNested("AmazonopensearchserviceDestinationUpdate", err.(request.ErrInvalidParams))
@@ -9360,6 +10025,12 @@ func (s *UpdateDestinationInput) Validate() error {
return nil
}
+// SetAmazonOpenSearchServerlessDestinationUpdate sets the AmazonOpenSearchServerlessDestinationUpdate field's value.
+func (s *UpdateDestinationInput) SetAmazonOpenSearchServerlessDestinationUpdate(v *AmazonOpenSearchServerlessDestinationUpdate) *UpdateDestinationInput {
+ s.AmazonOpenSearchServerlessDestinationUpdate = v
+ return s
+}
+
// SetAmazonopensearchserviceDestinationUpdate sets the AmazonopensearchserviceDestinationUpdate field's value.
func (s *UpdateDestinationInput) SetAmazonopensearchserviceDestinationUpdate(v *AmazonopensearchserviceDestinationUpdate) *UpdateDestinationInput {
s.AmazonopensearchserviceDestinationUpdate = v
@@ -9689,6 +10360,22 @@ func (s *VpcConfigurationDescription) SetVpcId(v string) *VpcConfigurationDescri
return s
}
+const (
+ // AmazonOpenSearchServerlessS3BackupModeFailedDocumentsOnly is a AmazonOpenSearchServerlessS3BackupMode enum value
+ AmazonOpenSearchServerlessS3BackupModeFailedDocumentsOnly = "FailedDocumentsOnly"
+
+ // AmazonOpenSearchServerlessS3BackupModeAllDocuments is a AmazonOpenSearchServerlessS3BackupMode enum value
+ AmazonOpenSearchServerlessS3BackupModeAllDocuments = "AllDocuments"
+)
+
+// AmazonOpenSearchServerlessS3BackupMode_Values returns all elements of the AmazonOpenSearchServerlessS3BackupMode enum
+func AmazonOpenSearchServerlessS3BackupMode_Values() []string {
+ return []string{
+ AmazonOpenSearchServerlessS3BackupModeFailedDocumentsOnly,
+ AmazonOpenSearchServerlessS3BackupModeAllDocuments,
+ }
+}
+
const (
// AmazonopensearchserviceIndexRotationPeriodNoRotation is a AmazonopensearchserviceIndexRotationPeriod enum value
AmazonopensearchserviceIndexRotationPeriodNoRotation = "NoRotation"
diff --git a/service/firehose/doc.go b/service/firehose/doc.go
index db41e93288..22cc2e8180 100644
--- a/service/firehose/doc.go
+++ b/service/firehose/doc.go
@@ -5,7 +5,8 @@
//
// Amazon Kinesis Data Firehose is a fully managed service that delivers real-time
// streaming data to destinations such as Amazon Simple Storage Service (Amazon
-// S3), Amazon Elasticsearch Service (Amazon ES), Amazon Redshift, and Splunk.
+// S3), Amazon OpenSearch Service, Amazon Redshift, Splunk, and various other
+// supportd destinations.
//
// See https://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04 for more information on this service.
//
diff --git a/service/kinesis/api.go b/service/kinesis/api.go
index 17811211de..ec5fbcb3cd 100644
--- a/service/kinesis/api.go
+++ b/service/kinesis/api.go
@@ -3383,8 +3383,8 @@ func (e eventTypeForSubscribeToShardEventStreamOutputEvent) UnmarshalerForEventN
//
// These events are:
//
-// - SubscribeToShardEvent
-// - SubscribeToShardEventStreamUnknownEvent
+// * SubscribeToShardEvent
+// * SubscribeToShardEventStreamUnknownEvent
func (es *SubscribeToShardEventStream) Events() <-chan SubscribeToShardEventStreamEvent {
return es.Reader.Events()
}
diff --git a/service/kinesis/eventstream_test.go b/service/kinesis/eventstream_test.go
index 129386433e..a0c6f53ddf 100644
--- a/service/kinesis/eventstream_test.go
+++ b/service/kinesis/eventstream_test.go
@@ -230,7 +230,7 @@ func mockSubscribeToShardReadEvents() (
&SubscribeToShardOutput{},
&SubscribeToShardEvent{
ChildShards: []*ChildShard{
- {
+ &ChildShard{
HashKeyRange: &HashKeyRange{
EndingHashKey: aws.String("string value goes here"),
StartingHashKey: aws.String("string value goes here"),
@@ -242,7 +242,7 @@ func mockSubscribeToShardReadEvents() (
},
ShardId: aws.String("string value goes here"),
},
- {
+ &ChildShard{
HashKeyRange: &HashKeyRange{
EndingHashKey: aws.String("string value goes here"),
StartingHashKey: aws.String("string value goes here"),
@@ -254,7 +254,7 @@ func mockSubscribeToShardReadEvents() (
},
ShardId: aws.String("string value goes here"),
},
- {
+ &ChildShard{
HashKeyRange: &HashKeyRange{
EndingHashKey: aws.String("string value goes here"),
StartingHashKey: aws.String("string value goes here"),
@@ -270,21 +270,21 @@ func mockSubscribeToShardReadEvents() (
ContinuationSequenceNumber: aws.String("string value goes here"),
MillisBehindLatest: aws.Int64(1234),
Records: []*Record{
- {
+ &Record{
ApproximateArrivalTimestamp: aws.Time(time.Unix(1396594860, 0).UTC()),
Data: []byte("blob value goes here"),
EncryptionType: aws.String("string value goes here"),
PartitionKey: aws.String("string value goes here"),
SequenceNumber: aws.String("string value goes here"),
},
- {
+ &Record{
ApproximateArrivalTimestamp: aws.Time(time.Unix(1396594860, 0).UTC()),
Data: []byte("blob value goes here"),
EncryptionType: aws.String("string value goes here"),
PartitionKey: aws.String("string value goes here"),
SequenceNumber: aws.String("string value goes here"),
},
- {
+ &Record{
ApproximateArrivalTimestamp: aws.Time(time.Unix(1396594860, 0).UTC()),
Data: []byte("blob value goes here"),
EncryptionType: aws.String("string value goes here"),
diff --git a/service/kms/api.go b/service/kms/api.go
index 2ac8aa1be1..33a8b05d44 100644
--- a/service/kms/api.go
+++ b/service/kms/api.go
@@ -93,8 +93,8 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -104,10 +104,18 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion
func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) {
req, out := c.CancelKeyDeletionRequest(input)
@@ -175,32 +183,26 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r
// ConnectCustomKeyStore API operation for AWS Key Management Service.
//
// Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
-// to its associated CloudHSM cluster.
+// to its backing key store. For an CloudHSM key store, ConnectCustomKeyStore
+// connects the key store to its associated CloudHSM cluster. For an external
+// key store, ConnectCustomKeyStore connects the key store to the external key
+// store proxy that communicates with your external key manager.
//
// The custom key store must be connected before you can create KMS keys in
// the key store or use the KMS keys it contains. You can disconnect and reconnect
// a custom key store at any time.
//
-// To connect a custom key store, its associated CloudHSM cluster must have
-// at least one active HSM. To get the number of active HSMs in a cluster, use
-// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
-// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
-// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
-// (CU) must not be logged into the cluster. This prevents KMS from using this
-// account to log in.
-//
-// The connection process can take an extended amount of time to complete; up
-// to 20 minutes. This operation starts the connection process, but it does
-// not wait for it to complete. When it succeeds, this operation quickly returns
-// an HTTP 200 response and a JSON object with no properties. However, this
-// response does not indicate that the custom key store is connected. To get
-// the connection state of the custom key store, use the DescribeCustomKeyStores
+// The connection process for a custom key store can take an extended amount
+// of time to complete. This operation starts the connection process, but it
+// does not wait for it to complete. When it succeeds, this operation quickly
+// returns an HTTP 200 response and a JSON object with no properties. However,
+// this response does not indicate that the custom key store is connected. To
+// get the connection state of the custom key store, use the DescribeCustomKeyStores
// operation.
//
-// During the connection process, KMS finds the CloudHSM cluster that is associated
-// with the custom key store, creates the connection infrastructure, connects
-// to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates
-// its password.
+// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+// feature in KMS, which combines the convenience and extensive integration
+// of KMS with the isolation and control of a key store that you own and manage.
//
// The ConnectCustomKeyStore operation might fail for various reasons. To find
// the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode
@@ -210,8 +212,44 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r
// the custom key store, correct the error, use the UpdateCustomKeyStore operation
// if necessary, and then use ConnectCustomKeyStore again.
//
-// If you are having trouble connecting or disconnecting a custom key store,
-// see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
+// # CloudHSM key store
+//
+// During the connection process for an CloudHSM key store, KMS finds the CloudHSM
+// cluster that is associated with the custom key store, creates the connection
+// infrastructure, connects to the cluster, logs into the CloudHSM client as
+// the kmsuser CU, and rotates its password.
+//
+// To connect an CloudHSM key store, its associated CloudHSM cluster must have
+// at least one active HSM. To get the number of active HSMs in a cluster, use
+// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
+// (CU) must not be logged into the cluster. This prevents KMS from using this
+// account to log in.
+//
+// If you are having trouble connecting or disconnecting a CloudHSM key store,
+// see Troubleshooting an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
+// in the Key Management Service Developer Guide.
+//
+// # External key store
+//
+// When you connect an external key store that uses public endpoint connectivity,
+// KMS tests its ability to communicate with your external key manager by sending
+// a request via the external key store proxy.
+//
+// When you connect to an external key store that uses VPC endpoint service
+// connectivity, KMS establishes the networking elements that it needs to communicate
+// with your external key manager via the external key store proxy. This includes
+// creating an interface endpoint to the VPC endpoint service and a private
+// hosted zone for traffic between KMS and the VPC endpoint service.
+//
+// To connect an external key store, KMS must be able to connect to the external
+// key store proxy, the external key store proxy must be able to communicate
+// with your external key manager, and the external key manager must be available
+// for cryptographic operations.
+//
+// If you are having trouble connecting or disconnecting an external key store,
+// see Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html)
// in the Key Management Service Developer Guide.
//
// Cross-account use: No. You cannot perform this operation on a custom key
@@ -242,10 +280,9 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r
// Returned Error Types:
//
// - CloudHsmClusterNotActiveException
-// The request was rejected because the CloudHSM cluster that is associated
-// with the custom key store is not active. Initialize and activate the cluster
-// and try the command again. For detailed instructions, see Getting Started
-// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
+// The request was rejected because the CloudHSM cluster associated with the
+// CloudHSM key store is not active. Initialize and activate the cluster and
+// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the CloudHSM User Guide.
//
// - CustomKeyStoreInvalidStateException
@@ -255,17 +292,27 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r
//
// This exception is thrown under the following conditions:
//
-// - You requested the CreateKey or GenerateRandom operation in a custom
-// key store that is not connected. These operations are valid only when
-// the custom key store ConnectionState is CONNECTED.
+// - You requested the ConnectCustomKeyStore operation on a custom key store
+// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+// for all other ConnectionState values. To reconnect a custom key store
+// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+// it (ConnectCustomKeyStore).
+//
+// - You requested the CreateKey operation in a custom key store that is
+// not connected. This operations is valid only when the custom key store
+// ConnectionState is CONNECTED.
+//
+// - You requested the DisconnectCustomKeyStore operation on a custom key
+// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+// is valid for all other ConnectionState values.
//
// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
-// - You requested the ConnectCustomKeyStore operation on a custom key store
-// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-// for all other ConnectionState values.
+// - You requested the GenerateRandom operation in an CloudHSM key store
+// that is not connected. This operation is valid only when the CloudHSM
+// key store ConnectionState is CONNECTED.
//
// - CustomKeyStoreNotFoundException
// The request was rejected because KMS cannot find a custom key store with
@@ -277,29 +324,29 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r
//
// - CloudHsmClusterInvalidConfigurationException
// The request was rejected because the associated CloudHSM cluster did not
-// meet the configuration requirements for a custom key store.
+// meet the configuration requirements for an CloudHSM key store.
//
-// - The cluster must be configured with private subnets in at least two
-// different Availability Zones in the Region.
+// - The CloudHSM cluster must be configured with private subnets in at least
+// two different Availability Zones in the Region.
//
// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// (cloudhsm-cluster--sg) must include inbound rules and outbound
// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
// rules and the Destination in the outbound rules must match the security
-// group ID. These rules are set by default when you create the cluster.
-// Do not delete or change them. To get information about a particular security
-// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+// group ID. These rules are set by default when you create the CloudHSM
+// cluster. Do not delete or change them. To get information about a particular
+// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
// operation.
//
-// - The cluster must contain at least as many HSMs as the operation requires.
-// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+// - The CloudHSM cluster must contain at least as many HSMs as the operation
+// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
// operations, the CloudHSM cluster must have at least two active HSMs, each
// in a different Availability Zone. For the ConnectCustomKeyStore operation,
// the CloudHSM must contain at least one active HSM.
//
// For information about the requirements for an CloudHSM cluster that is associated
-// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the Key Management Service Developer Guide. For information about creating
// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the CloudHSM User Guide. For information about cluster security groups,
@@ -375,7 +422,7 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request,
// Creates a friendly name for a KMS key.
//
// Adding, deleting, or updating an alias can allow or deny permission to the
-// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
//
// You can use an alias to identify a KMS key in the KMS console, in the DescribeKey
@@ -433,8 +480,8 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request,
// Returned Error Types:
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - AlreadyExistsException
// The request was rejected because it attempted to create a resource that already
@@ -460,10 +507,18 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias
func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) {
req, out := c.CreateAliasRequest(input)
@@ -530,27 +585,65 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
// CreateCustomKeyStore API operation for AWS Key Management Service.
//
// Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
-// that is associated with an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html)
-// that you own and manage.
-//
-// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+// backed by a key store that you own and manage. When you use a KMS key in
+// a custom key store for a cryptographic operation, the cryptographic operation
+// is actually performed in your key store using your keys. KMS supports CloudHSM
+// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html)
+// backed by an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html)
+// and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html)
+// backed by an external key store proxy and external key manager outside of
+// Amazon Web Services.
+//
+// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in KMS, which combines the convenience and extensive integration
-// of KMS with the isolation and control of a single-tenant key store.
-//
-// Before you create the custom key store, you must assemble the required elements,
-// including an CloudHSM cluster that fulfills the requirements for a custom
-// key store. For details about the required elements, see Assemble the Prerequisites
-// (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+// of KMS with the isolation and control of a key store that you own and manage.
+//
+// Before you create the custom key store, the required elements must be in
+// place and operational. We recommend that you use the test tools that KMS
+// provides to verify the configuration your external key store proxy. For details
+// about the required elements and verification tests, see Assemble the prerequisites
+// (for CloudHSM key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+// or Assemble the prerequisites (for external key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements)
// in the Key Management Service Developer Guide.
//
+// To create a custom key store, use the following parameters.
+//
+// - To create an CloudHSM key store, specify the CustomKeyStoreName, CloudHsmClusterId,
+// KeyStorePassword, and TrustAnchorCertificate. The CustomKeyStoreType parameter
+// is optional for CloudHSM key stores. If you include it, set it to the
+// default value, AWS_CLOUDHSM. For help with failures, see Troubleshooting
+// an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
+// in the Key Management Service Developer Guide.
+//
+// - To create an external key store, specify the CustomKeyStoreName and
+// a CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values for XksProxyConnectivity,
+// XksProxyAuthenticationCredential, XksProxyUriEndpoint, and XksProxyUriPath.
+// If your XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify the
+// XksProxyVpcEndpointServiceName parameter. For help with failures, see
+// Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html)
+// in the Key Management Service Developer Guide.
+//
+// For external key stores:
+//
+// Some external key managers provide a simpler method for creating an external
+// key store. For details, see your external key manager documentation.
+//
+// When creating an external key store in the KMS console, you can upload a
+// JSON-based proxy configuration file with the desired values. You cannot use
+// a proxy configuration with the CreateCustomKeyStore operation. However, you
+// can use the values in the file to help you determine the correct values for
+// the CreateCustomKeyStore parameters.
+//
// When the operation completes successfully, it returns the ID of the new custom
// key store. Before you can use your new custom key store, you need to use
-// the ConnectCustomKeyStore operation to connect the new key store to its CloudHSM
-// cluster. Even if you are not going to use your custom key store immediately,
-// you might want to connect it to verify that all settings are correct and
-// then disconnect it until you are ready to use it.
-//
-// For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
+// the ConnectCustomKeyStore operation to connect a new CloudHSM key store to
+// its CloudHSM cluster, or to connect a new external key store to the external
+// key store proxy for your external key manager. Even if you are not going
+// to use your custom key store immediately, you might want to connect it to
+// verify that all settings are correct and then disconnect it until you are
+// ready to use it.
+//
+// For help with failures, see Troubleshooting a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
// in the Key Management Service Developer Guide.
//
// Cross-account use: No. You cannot perform this operation on a custom key
@@ -582,12 +675,13 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
//
// - CloudHsmClusterInUseException
// The request was rejected because the specified CloudHSM cluster is already
-// associated with a custom key store or it shares a backup history with a cluster
-// that is associated with a custom key store. Each custom key store must be
-// associated with a different CloudHSM cluster.
+// associated with an CloudHSM key store in the account, or it shares a backup
+// history with an CloudHSM key store in the account. Each CloudHSM key store
+// in the account must be associated with a different CloudHSM cluster.
//
-// Clusters that share a backup history have the same cluster certificate. To
-// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+// CloudHSM clusters that share a backup history have the same cluster certificate.
+// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
//
// - CustomKeyStoreNameInUseException
@@ -604,51 +698,113 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
// can be retried.
//
// - CloudHsmClusterNotActiveException
-// The request was rejected because the CloudHSM cluster that is associated
-// with the custom key store is not active. Initialize and activate the cluster
-// and try the command again. For detailed instructions, see Getting Started
-// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
+// The request was rejected because the CloudHSM cluster associated with the
+// CloudHSM key store is not active. Initialize and activate the cluster and
+// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the CloudHSM User Guide.
//
// - IncorrectTrustAnchorException
// The request was rejected because the trust anchor certificate in the request
-// is not the trust anchor certificate for the specified CloudHSM cluster.
+// to create an CloudHSM key store is not the trust anchor certificate for the
+// specified CloudHSM cluster.
//
-// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
+// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
// you create the trust anchor certificate and save it in the customerCA.crt
// file.
//
// - CloudHsmClusterInvalidConfigurationException
// The request was rejected because the associated CloudHSM cluster did not
-// meet the configuration requirements for a custom key store.
+// meet the configuration requirements for an CloudHSM key store.
//
-// - The cluster must be configured with private subnets in at least two
-// different Availability Zones in the Region.
+// - The CloudHSM cluster must be configured with private subnets in at least
+// two different Availability Zones in the Region.
//
// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// (cloudhsm-cluster--sg) must include inbound rules and outbound
// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
// rules and the Destination in the outbound rules must match the security
-// group ID. These rules are set by default when you create the cluster.
-// Do not delete or change them. To get information about a particular security
-// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+// group ID. These rules are set by default when you create the CloudHSM
+// cluster. Do not delete or change them. To get information about a particular
+// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
// operation.
//
-// - The cluster must contain at least as many HSMs as the operation requires.
-// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+// - The CloudHSM cluster must contain at least as many HSMs as the operation
+// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
// operations, the CloudHSM cluster must have at least two active HSMs, each
// in a different Availability Zone. For the ConnectCustomKeyStore operation,
// the CloudHSM must contain at least one active HSM.
//
// For information about the requirements for an CloudHSM cluster that is associated
-// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the Key Management Service Developer Guide. For information about creating
// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the CloudHSM User Guide. For information about cluster security groups,
// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// in the CloudHSM User Guide .
//
+// - LimitExceededException
+// The request was rejected because a quota was exceeded. For more information,
+// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
+// in the Key Management Service Developer Guide.
+//
+// - XksProxyUriInUseException
+// The request was rejected because the concatenation of the XksProxyUriEndpoint
+// and XksProxyUriPath is already associated with an external key store in the
+// Amazon Web Services account and Region. Each external key store in an account
+// and Region must use a unique external key store proxy API address.
+//
+// - XksProxyUriEndpointInUseException
+// The request was rejected because the concatenation of the XksProxyUriEndpoint
+// is already associated with an external key store in the Amazon Web Services
+// account and Region. Each external key store in an account and Region must
+// use a unique external key store proxy address.
+//
+// - XksProxyUriUnreachableException
+// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable
+// before you create the external key store or update its settings.
+//
+// This exception is also thrown when the external key store proxy response
+// to a GetHealthStatus request indicates that all external key manager instances
+// are unavailable.
+//
+// - XksProxyIncorrectAuthenticationCredentialException
+// The request was rejected because the proxy credentials failed to authenticate
+// to the specified external key store proxy. The specified external key store
+// proxy rejected a status request from KMS due to invalid credentials. This
+// can indicate an error in the credentials or in the identification of the
+// external key store proxy.
+//
+// - XksProxyVpcEndpointServiceInUseException
+// The request was rejected because the specified Amazon VPC endpoint service
+// is already associated with an external key store in the Amazon Web Services
+// account and Region. Each external key store in an Amazon Web Services account
+// and Region must use a different Amazon VPC endpoint service.
+//
+// - XksProxyVpcEndpointServiceNotFoundException
+// The request was rejected because KMS could not find the specified VPC endpoint
+// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name
+// for the external key store. Also, confirm that the Allow principals list
+// for the VPC endpoint service includes the KMS service principal for the Region,
+// such as cks.kms.us-east-1.amazonaws.com.
+//
+// - XksProxyVpcEndpointServiceInvalidConfigurationException
+// The request was rejected because the Amazon VPC endpoint service configuration
+// does not fulfill the requirements for an external key store proxy. For details,
+// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+// for Amazon VPC endpoint service connectivity for an external key store.
+//
+// - XksProxyInvalidResponseException
+// KMS cannot interpret the response it received from the external key store
+// proxy. The problem might be a poorly constructed response, but it could also
+// be a transient network issue. If you see this error repeatedly, report it
+// to the proxy vendor.
+//
+// - XksProxyInvalidConfigurationException
+// The request was rejected because the Amazon VPC endpoint service configuration
+// does not fulfill the requirements for an external key store proxy. For details,
+// see the exception message.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore
func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) {
req, out := c.CreateCustomKeyStoreRequest(input)
@@ -783,8 +939,8 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request,
// The request was rejected because the specified KMS key is not enabled.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidArnException
// The request was rejected because a specified ARN, or an ARN in a key policy,
@@ -806,10 +962,18 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant
func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) {
req, out := c.CreateGrantRequest(input)
@@ -876,13 +1040,21 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
// CreateKey API operation for AWS Key Management Service.
//
// Creates a unique customer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys)
-// in your Amazon Web Services account and Region.
+// in your Amazon Web Services account and Region. You can use a KMS key in
+// cryptographic operations, such as encryption and signing. Some Amazon Web
+// Services services let you use KMS keys that you create and manage to protect
+// your service resources.
//
-// In addition to the required parameters, you can use the optional parameters
-// to specify a key policy, description, tags, and other useful elements for
-// any key type.
+// A KMS key is a logical representation of a cryptographic key. In addition
+// to the key material used in cryptographic operations, a KMS key includes
+// metadata, such as the key ID, key policy, creation date, description, and
+// key state. For details, see Managing keys (https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html)
+// in the Key Management Service Developer Guide
//
-// KMS is replacing the term customer master key (CMK) with KMS key and KMS
+// Use the parameters of CreateKey to specify the type of KMS key, the source
+// of its key material, its key policy, description, tags, and other properties.
+//
+// KMS has replaced the term customer master key (CMK) with KMS key and KMS
// key. The concept has not changed. To prevent breaking changes, KMS is keeping
// some variations of this term.
//
@@ -890,11 +1062,14 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
//
// # Symmetric encryption KMS key
//
-// To create a symmetric encryption KMS key, you aren't required to specify
-// any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, and the
-// default value for KeyUsage, ENCRYPT_DECRYPT, create a symmetric encryption
-// KMS key. For technical details, see SYMMETRIC_DEFAULT key spec (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-symmetric-default)
-// in the Key Management Service Developer Guide.
+// By default, CreateKey creates a symmetric encryption KMS key with key material
+// that KMS generates. This is the basic and most widely used type of KMS key,
+// and provides the best performance.
+//
+// To create a symmetric encryption KMS key, you don't need to specify any parameters.
+// The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage,
+// ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric
+// encryption KMS key with KMS key material.
//
// If you need a key for basic encryption and decryption or you are creating
// a KMS key to protect your resources in an Amazon Web Services service, create
@@ -965,12 +1140,13 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html)
// in the Key Management Service Developer Guide.
//
-// To import your own key material, begin by creating a symmetric encryption
-// KMS key with no key material. To do this, use the Origin parameter of CreateKey
-// with a value of EXTERNAL. Next, use GetParametersForImport operation to get
-// a public key and import token, and use the public key to encrypt your key
-// material. Then, use ImportKeyMaterial with your import token to import the
-// key material. For step-by-step instructions, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
+// To import your own key material into a KMS key, begin by creating a symmetric
+// encryption KMS key with no key material. To do this, use the Origin parameter
+// of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation
+// to get a public key and import token, and use the public key to encrypt your
+// key material. Then, use ImportKeyMaterial with your import token to import
+// the key material. For step-by-step instructions, see Importing Key Material
+// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the Key Management Service Developer Guide .
//
// This feature supports only symmetric encryption KMS keys, including multi-Region
@@ -980,22 +1156,52 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
// To create a multi-Region primary key with imported key material, use the
// Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion
// parameter with a value of True. To create replicas of the multi-Region primary
-// key, use the ReplicateKey operation. For more information about multi-Region
-// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html)
+// key, use the ReplicateKey operation. For instructions, see Importing key
+// material into multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html).
+// For more information about multi-Region keys, see Multi-Region keys in KMS
+// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html)
// in the Key Management Service Developer Guide.
//
// # Custom key store
//
-// To create a symmetric encryption KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html),
-// use the CustomKeyStoreId parameter to specify the custom key store. You must
-// also use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM
-// cluster that is associated with the custom key store must have at least two
-// active HSMs in different Availability Zones in the Amazon Web Services Region.
+// A custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+// lets you protect your Amazon Web Services resources using keys in a backing
+// key store that you own and manage. When you request a cryptographic operation
+// with a KMS key in a custom key store, the operation is performed in the backing
+// key store using its cryptographic keys.
+//
+// KMS supports CloudHSM key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html)
+// backed by an CloudHSM cluster and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html)
+// backed by an external key manager outside of Amazon Web Services. When you
+// create a KMS key in an CloudHSM key store, KMS generates an encryption key
+// in the CloudHSM cluster and associates it with the KMS key. When you create
+// a KMS key in an external key store, you specify an existing encryption key
+// in the external key manager.
+//
+// Some external key managers provide a simpler method for creating a KMS key
+// in an external key store. For details, see your external key manager documentation.
+//
+// Before you create a KMS key in a custom key store, the ConnectionState of
+// the key store must be CONNECTED. To connect the custom key store, use the
+// ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores
+// operation.
//
-// Custom key stores support only symmetric encryption KMS keys. You cannot
-// create an HMAC KMS key or an asymmetric KMS key in a custom key store. For
-// information about custom key stores in KMS see Custom key stores in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
-// in the Key Management Service Developer Guide .
+// To create a KMS key in a custom key store, use the CustomKeyStoreId. Use
+// the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value,
+// ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is
+// supported in a custom key store.
+//
+// To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html),
+// use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster
+// that is associated with the custom key store must have at least two active
+// HSMs in different Availability Zones in the Amazon Web Services Region.
+//
+// To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html),
+// use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId
+// parameter that identifies an existing external key.
+//
+// Some external key managers provide a simpler method for creating a KMS key
+// in an external key store. For details, see your external key manager documentation.
//
// Cross-account use: No. You cannot use this operation to create a KMS key
// in a different Amazon Web Services account.
@@ -1028,8 +1234,8 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
// or semantically correct.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidArnException
// The request was rejected because a specified ARN, or an ARN in a key policy,
@@ -1062,49 +1268,83 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
//
// This exception is thrown under the following conditions:
//
-// - You requested the CreateKey or GenerateRandom operation in a custom
-// key store that is not connected. These operations are valid only when
-// the custom key store ConnectionState is CONNECTED.
+// - You requested the ConnectCustomKeyStore operation on a custom key store
+// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+// for all other ConnectionState values. To reconnect a custom key store
+// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+// it (ConnectCustomKeyStore).
+//
+// - You requested the CreateKey operation in a custom key store that is
+// not connected. This operations is valid only when the custom key store
+// ConnectionState is CONNECTED.
+//
+// - You requested the DisconnectCustomKeyStore operation on a custom key
+// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+// is valid for all other ConnectionState values.
//
// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
-// - You requested the ConnectCustomKeyStore operation on a custom key store
-// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-// for all other ConnectionState values.
+// - You requested the GenerateRandom operation in an CloudHSM key store
+// that is not connected. This operation is valid only when the CloudHSM
+// key store ConnectionState is CONNECTED.
//
// - CloudHsmClusterInvalidConfigurationException
// The request was rejected because the associated CloudHSM cluster did not
-// meet the configuration requirements for a custom key store.
+// meet the configuration requirements for an CloudHSM key store.
//
-// - The cluster must be configured with private subnets in at least two
-// different Availability Zones in the Region.
+// - The CloudHSM cluster must be configured with private subnets in at least
+// two different Availability Zones in the Region.
//
// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// (cloudhsm-cluster--sg) must include inbound rules and outbound
// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
// rules and the Destination in the outbound rules must match the security
-// group ID. These rules are set by default when you create the cluster.
-// Do not delete or change them. To get information about a particular security
-// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+// group ID. These rules are set by default when you create the CloudHSM
+// cluster. Do not delete or change them. To get information about a particular
+// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
// operation.
//
-// - The cluster must contain at least as many HSMs as the operation requires.
-// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+// - The CloudHSM cluster must contain at least as many HSMs as the operation
+// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
// operations, the CloudHSM cluster must have at least two active HSMs, each
// in a different Availability Zone. For the ConnectCustomKeyStore operation,
// the CloudHSM must contain at least one active HSM.
//
// For information about the requirements for an CloudHSM cluster that is associated
-// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the Key Management Service Developer Guide. For information about creating
// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the CloudHSM User Guide. For information about cluster security groups,
// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// in the CloudHSM User Guide .
//
+// - XksKeyInvalidConfigurationException
+// The request was rejected because the external key specified by the XksKeyId
+// parameter did not meet the configuration requirements for an external key
+// store.
+//
+// The external key must be an AES-256 symmetric key that is enabled and performs
+// encryption and decryption.
+//
+// - XksKeyAlreadyInUseException
+// The request was rejected because the (XksKeyId) is already associated with
+// a KMS key in this external key store. Each KMS key in an external key store
+// must be associated with a different external key.
+//
+// - XksKeyNotFoundException
+// The request was rejected because the external key store proxy could not find
+// the external key. This exception is thrown when the value of the XksKeyId
+// parameter doesn't identify a key in the external key manager associated with
+// the external key proxy.
+//
+// Verify that the XksKeyId represents an existing key in the external key manager.
+// Use the key identifier that the external key store proxy uses to identify
+// the key. For details, see the documentation provided with your external key
+// store proxy or key manager.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey
func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) {
req, out := c.CreateKeyRequest(input)
@@ -1192,8 +1432,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
//
// The Decrypt operation also decrypts ciphertext that was encrypted outside
// of KMS by the public key in an KMS asymmetric KMS key. However, it cannot
-// decrypt ciphertext produced by other libraries, such as the Amazon Web Services
-// Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/)
+// decrypt symmetric ciphertext produced by other libraries, such as the Amazon
+// Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/)
// or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html).
// These libraries return a ciphertext format that is incompatible with KMS.
//
@@ -1297,8 +1537,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
// key, use the DescribeKey operation.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidGrantTokenException
// The request was rejected because the specified grant token is not valid.
@@ -1311,10 +1551,18 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt
func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) {
req, out := c.DecryptRequest(input)
@@ -1384,7 +1632,7 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request,
// Deletes the specified alias.
//
// Adding, deleting, or updating an alias can allow or deny permission to the
-// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
//
// Because an alias is not a property of a KMS key, you can delete and change
@@ -1428,8 +1676,8 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request,
// Returned Error Types:
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - NotFoundException
// The request was rejected because the specified entity or resource could not
@@ -1443,10 +1691,18 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias
func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) {
req, out := c.DeleteAliasRequest(input)
@@ -1514,33 +1770,39 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req
// DeleteCustomKeyStore API operation for AWS Key Management Service.
//
// Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-// This operation does not delete the CloudHSM cluster that is associated with
-// the custom key store, or affect any users or keys in the cluster.
+// This operation does not affect any backing elements of the custom key store.
+// It does not delete the CloudHSM cluster that is associated with an CloudHSM
+// key store, or affect any users or keys in the cluster. For an external key
+// store, it does not affect the external key store proxy, external key manager,
+// or any external keys.
+//
+// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+// feature in KMS, which combines the convenience and extensive integration
+// of KMS with the isolation and control of a key store that you own and manage.
//
// The custom key store that you delete cannot contain any KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys).
// Before deleting the key store, verify that you will never need to use any
// of the KMS keys in the key store for any cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations).
// Then, use ScheduleKeyDeletion to delete the KMS keys from the key store.
-// When the scheduled waiting period expires, the ScheduleKeyDeletion operation
-// deletes the KMS keys. Then it makes a best effort to delete the key material
-// from the associated cluster. However, you might need to manually delete the
-// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key)
-// from the cluster and its backups.
-//
-// After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to
-// disconnect the key store from KMS. Then, you can delete the custom key store.
-//
-// Instead of deleting the custom key store, consider using DisconnectCustomKeyStore
-// to disconnect it from KMS. While the key store is disconnected, you cannot
-// create or use the KMS keys in the key store. But, you do not need to delete
-// KMS keys and you can reconnect a disconnected custom key store at any time.
+// After the required waiting period expires and all KMS keys are deleted from
+// the custom key store, use DisconnectCustomKeyStore to disconnect the key
+// store from KMS. Then, you can delete the custom key store.
+//
+// For keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes
+// a best effort to delete the key material from the associated cluster. However,
+// you might need to manually delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key)
+// from the cluster and its backups. KMS never creates, manages, or deletes
+// cryptographic keys in the external key manager associated with an external
+// key store. You must manage them using your external key manager tools.
+//
+// Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore
+// operation to disconnect the custom key store from its backing key store.
+// While the key store is disconnected, you cannot create or use the KMS keys
+// in the key store. But, you do not need to delete KMS keys and you can reconnect
+// a disconnected custom key store at any time.
//
// If the operation succeeds, it returns a JSON object with no properties.
//
-// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
-// feature in KMS, which combines the convenience and extensive integration
-// of KMS with the isolation and control of a single-tenant key store.
-//
// Cross-account use: No. You cannot perform this operation on a custom key
// store in a different Amazon Web Services account.
//
@@ -1581,17 +1843,27 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req
//
// This exception is thrown under the following conditions:
//
-// - You requested the CreateKey or GenerateRandom operation in a custom
-// key store that is not connected. These operations are valid only when
-// the custom key store ConnectionState is CONNECTED.
+// - You requested the ConnectCustomKeyStore operation on a custom key store
+// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+// for all other ConnectionState values. To reconnect a custom key store
+// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+// it (ConnectCustomKeyStore).
+//
+// - You requested the CreateKey operation in a custom key store that is
+// not connected. This operations is valid only when the custom key store
+// ConnectionState is CONNECTED.
+//
+// - You requested the DisconnectCustomKeyStore operation on a custom key
+// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+// is valid for all other ConnectionState values.
//
// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
-// - You requested the ConnectCustomKeyStore operation on a custom key store
-// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-// for all other ConnectionState values.
+// - You requested the GenerateRandom operation in an CloudHSM key store
+// that is not connected. This operation is valid only when the CloudHSM
+// key store ConnectionState is CONNECTED.
//
// - CustomKeyStoreNotFoundException
// The request was rejected because KMS cannot find a custom key store with
@@ -1713,8 +1985,8 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI
// a specified resource is not valid for this operation.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - NotFoundException
// The request was rejected because the specified entity or resource could not
@@ -1728,10 +2000,18 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial
func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) {
req, out := c.DeleteImportedKeyMaterialRequest(input)
@@ -1788,7 +2068,7 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput
InputTokens: []string{"Marker"},
OutputTokens: []string{"NextMarker"},
LimitToken: "Limit",
- TruncationToken: "Truncated",
+ TruncationToken: "",
},
}
@@ -1806,30 +2086,37 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput
// Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// in the account and Region.
//
-// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in KMS, which combines the convenience and extensive integration
-// of KMS with the isolation and control of a single-tenant key store.
+// of KMS with the isolation and control of a key store that you own and manage.
//
// By default, this operation returns information about all custom key stores
// in the account and Region. To get only information about a particular custom
// key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter
// (but not both).
//
-// To determine whether the custom key store is connected to its CloudHSM cluster,
-// use the ConnectionState element in the response. If an attempt to connect
-// the custom key store failed, the ConnectionState value is FAILED and the
-// ConnectionErrorCode element in the response indicates the cause of the failure.
-// For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
+// To determine whether the custom key store is connected to its CloudHSM cluster
+// or external key store proxy, use the ConnectionState element in the response.
+// If an attempt to connect the custom key store failed, the ConnectionState
+// value is FAILED and the ConnectionErrorCode element in the response indicates
+// the cause of the failure. For help interpreting the ConnectionErrorCode,
+// see CustomKeyStoresListEntry.
//
// Custom key stores have a DISCONNECTED connection state if the key store has
-// never been connected or you use the DisconnectCustomKeyStore operation to
-// disconnect it. If your custom key store state is CONNECTED but you are having
-// trouble using it, make sure that its associated CloudHSM cluster is active
-// and contains the minimum number of HSMs required for the operation, if any.
-//
-// For help repairing your custom key store, see the Troubleshooting Custom
-// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
-// topic in the Key Management Service Developer Guide.
+// never been connected or you used the DisconnectCustomKeyStore operation to
+// disconnect it. Otherwise, the connection state is CONNECTED. If your custom
+// key store connection state is CONNECTED but you are having trouble using
+// it, verify that the backing store is active and available. For an CloudHSM
+// key store, verify that the associated CloudHSM cluster is active and contains
+// the minimum number of HSMs required for the operation, if any. For an external
+// key store, verify that the external key store proxy and its associated external
+// key manager are reachable and enabled.
+//
+// For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM
+// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html).
+// For help repairing your external key store, see the Troubleshooting external
+// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html).
+// Both topics are in the Key Management Service Developer Guide.
//
// Cross-account use: No. You cannot perform this operation on a custom key
// store in a different Amazon Web Services account.
@@ -1995,10 +2282,13 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request,
// any) of the key material. It includes fields, like KeySpec, that help you
// distinguish different types of KMS keys. It also displays the key usage (encryption,
// signing, or generating and verifying MACs) and the algorithms that the KMS
-// key supports. For KMS keys in custom key stores, it includes information
-// about the custom key store, such as the key store ID and the CloudHSM cluster
-// ID. For multi-Region keys, it displays the primary key and all related replica
-// keys.
+// key supports. For multi-Region keys (kms/latest/developerguide/multi-region-keys-overview.html),
+// it displays the primary key and all related replica keys. For KMS keys in
+// CloudHSM key stores (kms/latest/developerguide/keystore-cloudhsm.html), it
+// includes information about the custom key store, such as the key store ID
+// and the CloudHSM cluster ID. For KMS key in external key stores (kms/latest/developerguide/keystore-external.html),
+// it includes the custom key store ID and the ID and status of the associated
+// external key.
//
// DescribeKey does not return the following information:
//
@@ -2061,8 +2351,8 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request,
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -2171,8 +2461,8 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -2182,10 +2472,18 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey
func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) {
req, out := c.DisableKeyRequest(input)
@@ -2256,12 +2554,12 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re
// of the specified symmetric encryption KMS key.
//
// Automatic key rotation is supported only on symmetric encryption KMS keys.
-// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-// The key rotation status of these KMS keys is always false. To enable or disable
-// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+// To enable or disable automatic rotation of a set of related multi-Region
+// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key.
//
// You can enable (EnableKeyRotation) and disable automatic rotation of the
@@ -2311,8 +2609,8 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -2322,10 +2620,18 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - UnsupportedOperationException
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
@@ -2397,10 +2703,18 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp
// DisconnectCustomKeyStore API operation for AWS Key Management Service.
//
// Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
-// from its associated CloudHSM cluster. While a custom key store is disconnected,
-// you can manage the custom key store and its KMS keys, but you cannot create
-// or use KMS keys in the custom key store. You can reconnect the custom key
-// store at any time.
+// from its backing key store. This operation disconnects an CloudHSM key store
+// from its associated CloudHSM cluster or disconnects an external key store
+// from the external key store proxy that communicates with your external key
+// manager.
+//
+// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+// feature in KMS, which combines the convenience and extensive integration
+// of KMS with the isolation and control of a key store that you own and manage.
+//
+// While a custom key store is disconnected, you can manage the custom key store
+// and its KMS keys, but you cannot create or use its KMS keys. You can reconnect
+// the custom key store at any time.
//
// While a custom key store is disconnected, all attempts to create KMS keys
// in the custom key store or to use existing KMS keys in cryptographic operations
@@ -2408,16 +2722,13 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp
// will fail. This action can prevent users from storing and accessing sensitive
// data.
//
+// When you disconnect a custom key store, its ConnectionState changes to Disconnected.
// To find the connection state of a custom key store, use the DescribeCustomKeyStores
// operation. To reconnect a custom key store, use the ConnectCustomKeyStore
// operation.
//
// If the operation succeeds, it returns a JSON object with no properties.
//
-// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
-// feature in KMS, which combines the convenience and extensive integration
-// of KMS with the isolation and control of a single-tenant key store.
-//
// Cross-account use: No. You cannot perform this operation on a custom key
// store in a different Amazon Web Services account.
//
@@ -2452,17 +2763,27 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp
//
// This exception is thrown under the following conditions:
//
-// - You requested the CreateKey or GenerateRandom operation in a custom
-// key store that is not connected. These operations are valid only when
-// the custom key store ConnectionState is CONNECTED.
+// - You requested the ConnectCustomKeyStore operation on a custom key store
+// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+// for all other ConnectionState values. To reconnect a custom key store
+// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+// it (ConnectCustomKeyStore).
+//
+// - You requested the CreateKey operation in a custom key store that is
+// not connected. This operations is valid only when the custom key store
+// ConnectionState is CONNECTED.
+//
+// - You requested the DisconnectCustomKeyStore operation on a custom key
+// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+// is valid for all other ConnectionState values.
//
// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
-// - You requested the ConnectCustomKeyStore operation on a custom key store
-// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-// for all other ConnectionState values.
+// - You requested the GenerateRandom operation in an CloudHSM key store
+// that is not connected. This operation is valid only when the CloudHSM
+// key store ConnectionState is CONNECTED.
//
// - CustomKeyStoreNotFoundException
// The request was rejected because KMS cannot find a custom key store with
@@ -2571,8 +2892,8 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -2587,10 +2908,18 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey
func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) {
req, out := c.EnableKeyRequest(input)
@@ -2669,12 +2998,12 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ
//
// Automatic key rotation is supported only on symmetric encryption KMS keys
// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks).
-// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-// The key rotation status of these KMS keys is always false. To enable or disable
-// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+// To enable or disable automatic rotation of a set of related multi-Region
+// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key.
//
// You cannot enable or disable automatic rotation Amazon Web Services managed
@@ -2730,8 +3059,8 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -2741,10 +3070,18 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - UnsupportedOperationException
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
@@ -2899,8 +3236,8 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -2930,10 +3267,18 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt
func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) {
req, out := c.EncryptRequest(input)
@@ -3106,8 +3451,8 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -3137,10 +3482,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey
func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) {
req, out := c.GenerateDataKeyRequest(input)
@@ -3296,8 +3649,8 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req *
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -3327,10 +3680,18 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req *
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - UnsupportedOperationException
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
@@ -3479,8 +3840,8 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -3510,10 +3871,18 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - UnsupportedOperationException
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
@@ -3612,6 +3981,14 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho
// or a key in a custom key store to generate a data key. To get the type of
// your KMS key, use the DescribeKey operation.
//
+// You must also specify the length of the data key. Use either the KeySpec
+// or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data
+// keys, use the KeySpec parameter.
+//
+// To generate an SM4 data key (China Regions only), specify a KeySpec value
+// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used
+// in China Regions to encrypt your data key is an SM4 encryption key.
+//
// If the operation succeeds, you will find the encrypted copy of the data key
// in the CiphertextBlob field.
//
@@ -3666,8 +4043,8 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -3697,10 +4074,18 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext
func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) {
req, out := c.GenerateDataKeyWithoutPlaintextRequest(input)
@@ -3767,15 +4152,18 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request,
// GenerateMac API operation for AWS Key Management Service.
//
// Generates a hash-based message authentication code (HMAC) for a message using
-// an HMAC KMS key and a MAC algorithm that the key supports. The MAC algorithm
-// computes the HMAC for the message and the key as described in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104).
-//
-// You can use the HMAC that this operation generates with the VerifyMac operation
-// to demonstrate that the original message has not changed. Also, because a
-// secret key is used to create the hash, you can verify that the party that
-// generated the hash has the required secret key. This operation is part of
-// KMS support for HMAC KMS keys. For details, see HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html)
-// in the Key Management Service Developer Guide .
+// an HMAC KMS key and a MAC algorithm that the key supports. HMAC KMS keys
+// and the HMAC algorithms that KMS uses conform to industry standards defined
+// in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104).
+//
+// You can use value that GenerateMac returns in the VerifyMac operation to
+// demonstrate that the original message has not changed. Also, because a secret
+// key is used to create the hash, you can verify that the party that generated
+// the hash has the required secret key. You can also use the raw result to
+// implement HMAC-based algorithms such as key derivation functions. This operation
+// is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS
+// (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the
+// Key Management Service Developer Guide .
//
// Best practices recommend that you limit the time during which any signing
// mechanism, including an HMAC, is effective. This deters an attack where the
@@ -3845,10 +4233,18 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateMac
func (c *KMS) GenerateMac(input *GenerateMacInput) (*GenerateMacOutput, error) {
req, out := c.GenerateMacRequest(input)
@@ -3920,9 +4316,8 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re
// byte string. There is no default value for string length.
//
// By default, the random byte string is generated in KMS. To generate the byte
-// string in the CloudHSM cluster that is associated with a custom key store
-// (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html),
-// specify the custom key store ID.
+// string in the CloudHSM cluster associated with an CloudHSM key store, use
+// the CustomKeyStoreId parameter.
//
// Applications in Amazon Web Services Nitro Enclaves can call this operation
// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c).
@@ -3949,13 +4344,17 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re
// Returned Error Types:
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
+// - UnsupportedOperationException
+// The request was rejected because a specified parameter is not supported or
+// a specified resource is not valid for this operation.
+//
// - CustomKeyStoreNotFoundException
// The request was rejected because KMS cannot find a custom key store with
// the specified key store name or ID.
@@ -3967,17 +4366,27 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re
//
// This exception is thrown under the following conditions:
//
-// - You requested the CreateKey or GenerateRandom operation in a custom
-// key store that is not connected. These operations are valid only when
-// the custom key store ConnectionState is CONNECTED.
+// - You requested the ConnectCustomKeyStore operation on a custom key store
+// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+// for all other ConnectionState values. To reconnect a custom key store
+// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+// it (ConnectCustomKeyStore).
+//
+// - You requested the CreateKey operation in a custom key store that is
+// not connected. This operations is valid only when the custom key store
+// ConnectionState is CONNECTED.
+//
+// - You requested the DisconnectCustomKeyStore operation on a custom key
+// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+// is valid for all other ConnectionState values.
//
// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
-// - You requested the ConnectCustomKeyStore operation on a custom key store
-// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-// for all other ConnectionState values.
+// - You requested the GenerateRandom operation in an CloudHSM key store
+// that is not connected. This operation is valid only when the CloudHSM
+// key store ConnectionState is CONNECTED.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom
func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) {
@@ -4072,8 +4481,8 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -4083,10 +4492,18 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy
func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) {
req, out := c.GetKeyPolicyRequest(input)
@@ -4163,12 +4580,12 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req
//
// Automatic key rotation is supported only on symmetric encryption KMS keys
// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks).
-// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
-// The key rotation status of these KMS keys is always false. To enable or disable
-// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+// To enable or disable automatic rotation of a set of related multi-Region
+// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key..
//
// You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation)
@@ -4228,8 +4645,8 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -4239,10 +4656,18 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - UnsupportedOperationException
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
@@ -4322,11 +4747,11 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput)
// a subsequent ImportKeyMaterial request.
//
// You must specify the key ID of the symmetric encryption KMS key into which
-// you will import key material. This KMS key's Origin must be EXTERNAL. You
-// must also specify the wrapping algorithm and type of wrapping key (public
-// key) that you will use to encrypt the key material. You cannot perform this
-// operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in
-// a different Amazon Web Services account.
+// you will import key material. The KMS key Origin must be EXTERNAL. You must
+// also specify the wrapping algorithm and type of wrapping key (public key)
+// that you will use to encrypt the key material. You cannot perform this operation
+// on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different
+// Amazon Web Services account.
//
// To import key material, you must use the public key and import token from
// the same response. These items are valid for 24 hours. The expiration date
@@ -4368,8 +4793,8 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput)
// a specified resource is not valid for this operation.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - NotFoundException
// The request was rejected because the specified entity or resource could not
@@ -4383,10 +4808,18 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput)
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport
func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) {
req, out := c.GetParametersForImportRequest(input)
@@ -4467,11 +4900,6 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques
// are part of every KMS operation. You also reduce of risk of encrypting data
// that cannot be decrypted. These features are not effective outside of KMS.
//
-// To verify a signature outside of KMS with an SM2 public key (China Regions
-// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678
-// as the distinguishing ID. For more information, see Offline verification
-// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification).
-//
// To help you use the public key safely outside of KMS, GetPublicKey returns
// important information about the public key in the response, including:
//
@@ -4493,6 +4921,11 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques
// algorithm that is not supported by KMS. You can also avoid errors, such as
// using the wrong signing algorithm in a verification operation.
//
+// To verify a signature outside of KMS with an SM2 public key (China Regions
+// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678
+// as the distinguishing ID. For more information, see Offline verification
+// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification).
+//
// The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide.
@@ -4527,8 +4960,8 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - UnsupportedOperationException
// The request was rejected because a specified parameter is not supported or
@@ -4566,10 +4999,18 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey
func (c *KMS) GetPublicKey(input *GetPublicKeyInput) (*GetPublicKeyOutput, error) {
req, out := c.GetPublicKeyRequest(input)
@@ -4664,11 +5105,13 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ
// - The import token that GetParametersForImport returned. You must use
// a public key and token from the same GetParametersForImport response.
//
-// - Whether the key material expires and if so, when. If you set an expiration
-// date, KMS deletes the key material from the KMS key on the specified date,
-// and the KMS key becomes unusable. To use the KMS key again, you must reimport
-// the same key material. The only way to change an expiration date is by
-// reimporting the same key material and specifying a new expiration date.
+// - Whether the key material expires (ExpirationModel) and, if so, when
+// (ValidTo). If you set an expiration date, on the specified date, KMS deletes
+// the key material from the KMS key, making the KMS key unusable. To use
+// the KMS key in cryptographic operations again, you must reimport the same
+// key material. The only way to change the expiration model or expiration
+// date is by reimporting the same key material and specifying a new expiration
+// date.
//
// When this operation is successful, the key state of the KMS key changes from
// PendingImport to Enabled, and you can use the KMS key.
@@ -4714,8 +5157,8 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ
// a specified resource is not valid for this operation.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - NotFoundException
// The request was rejected because the specified entity or resource could not
@@ -4729,10 +5172,18 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - InvalidCiphertextException
// From the Decrypt or ReEncrypt operation, the request was rejected because
// the specified ciphertext, or additional authenticated data incorporated into
@@ -4812,7 +5263,7 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request,
InputTokens: []string{"Marker"},
OutputTokens: []string{"NextMarker"},
LimitToken: "Limit",
- TruncationToken: "Truncated",
+ TruncationToken: "",
},
}
@@ -4873,8 +5324,8 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request,
// Returned Error Types:
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidMarkerException
// The request was rejected because the marker that specifies where pagination
@@ -4999,7 +5450,7 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o
InputTokens: []string{"Marker"},
OutputTokens: []string{"NextMarker"},
LimitToken: "Limit",
- TruncationToken: "Truncated",
+ TruncationToken: "",
},
}
@@ -5061,8 +5512,8 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o
// be found.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidMarkerException
// The request was rejected because the marker that specifies where pagination
@@ -5083,10 +5534,18 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants
func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) {
req, out := c.ListGrantsRequest(input)
@@ -5194,7 +5653,7 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.
InputTokens: []string{"Marker"},
OutputTokens: []string{"NextMarker"},
LimitToken: "Limit",
- TruncationToken: "Truncated",
+ TruncationToken: "",
},
}
@@ -5243,8 +5702,8 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -5254,10 +5713,18 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies
func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) {
req, out := c.ListKeyPoliciesRequest(input)
@@ -5365,7 +5832,7 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu
InputTokens: []string{"Marker"},
OutputTokens: []string{"NextMarker"},
LimitToken: "Limit",
- TruncationToken: "Truncated",
+ TruncationToken: "",
},
}
@@ -5409,8 +5876,8 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu
// Returned Error Types:
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -5527,7 +5994,7 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques
InputTokens: []string{"Marker"},
OutputTokens: []string{"NextMarker"},
LimitToken: "Limit",
- TruncationToken: "Truncated",
+ TruncationToken: "",
},
}
@@ -5697,7 +6164,7 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req *
InputTokens: []string{"Marker"},
OutputTokens: []string{"NextMarker"},
LimitToken: "Limit",
- TruncationToken: "Truncated",
+ TruncationToken: "",
},
}
@@ -5755,8 +6222,8 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req *
// Returned Error Types:
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidMarkerException
// The request was rejected because the marker that specifies where pagination
@@ -5931,8 +6398,8 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques
// or semantically correct.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - UnsupportedOperationException
// The request was rejected because a specified parameter is not supported or
@@ -5951,10 +6418,18 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy
func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) {
req, out := c.PutKeyPolicyRequest(input)
@@ -6056,20 +6531,20 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out
// was encrypted under a different KMS key, the ReEncrypt operation fails.
// This practice ensures that you use the KMS key that you intend.
//
-// - To reencrypt the data, you must use the DestinationKeyId parameter specify
-// the KMS key that re-encrypts the data after it is decrypted. If the destination
-// KMS key is an asymmetric KMS key, you must also provide the encryption
-// algorithm. The algorithm that you choose must be compatible with the KMS
-// key. When you use an asymmetric KMS key to encrypt or reencrypt data,
-// be sure to record the KMS key and encryption algorithm that you choose.
-// You will be required to provide the same KMS key and encryption algorithm
-// when you decrypt the data. If the KMS key and algorithm do not match the
-// values used to encrypt the data, the decrypt operation fails. You are
-// not required to supply the key ID and encryption algorithm when you decrypt
-// with symmetric encryption KMS keys because KMS stores this information
-// in the ciphertext blob. KMS cannot store metadata in ciphertext generated
-// with asymmetric keys. The standard format for asymmetric key ciphertext
-// does not include configurable fields.
+// - To reencrypt the data, you must use the DestinationKeyId parameter to
+// specify the KMS key that re-encrypts the data after it is decrypted. If
+// the destination KMS key is an asymmetric KMS key, you must also provide
+// the encryption algorithm. The algorithm that you choose must be compatible
+// with the KMS key. When you use an asymmetric KMS key to encrypt or reencrypt
+// data, be sure to record the KMS key and encryption algorithm that you
+// choose. You will be required to provide the same KMS key and encryption
+// algorithm when you decrypt the data. If the KMS key and algorithm do not
+// match the values used to encrypt the data, the decrypt operation fails.
+// You are not required to supply the key ID and encryption algorithm when
+// you decrypt with symmetric encryption KMS keys because KMS stores this
+// information in the ciphertext blob. KMS cannot store metadata in ciphertext
+// generated with asymmetric keys. The standard format for asymmetric key
+// ciphertext does not include configurable fields.
//
// The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
@@ -6140,8 +6615,8 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out
// must identify the same KMS key that was used to encrypt the ciphertext.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -6171,10 +6646,18 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt
func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) {
req, out := c.ReEncryptRequest(input)
@@ -6348,10 +6831,18 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - InternalException
// The request was rejected because an internal exception occurred. The request
// can be retried.
@@ -6500,8 +6991,8 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request,
// be found.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -6511,10 +7002,18 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant
func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) {
req, out := c.RetireGrantRequest(input)
@@ -6628,8 +7127,8 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request,
// be found.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidArnException
// The request was rejected because a specified ARN, or an ARN in a key policy,
@@ -6646,10 +7145,18 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant
func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) {
req, out := c.RevokeGrantRequest(input)
@@ -6730,13 +7237,6 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *
// is unrecoverable. (The only exception is a multi-Region replica key.) To
// prevent the use of a KMS key without deleting it, use DisableKey.
//
-// If you schedule deletion of a KMS key from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html),
-// when the waiting period expires, ScheduleKeyDeletion deletes the KMS key
-// from KMS. Then KMS makes a best effort to delete the key material from the
-// associated CloudHSM cluster. However, you might need to manually delete the
-// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key)
-// from the cluster and its backups.
-//
// You can schedule the deletion of a multi-Region primary key and its replica
// keys at any time. However, KMS will not delete a multi-Region primary key
// with existing replica keys. If you schedule the deletion of a primary key
@@ -6748,6 +7248,18 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *
// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html)
// in the Key Management Service Developer Guide.
//
+// When KMS deletes a KMS key from an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-cmk-keystore.html),
+// it makes a best effort to delete the associated key material from the associated
+// CloudHSM cluster. However, you might need to manually delete the orphaned
+// key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key)
+// from the cluster and its backups. Deleting a KMS key from an external key
+// store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-xks-key.html)
+// has no effect on the associated external key. However, for both types of
+// custom key stores, deleting a KMS key is destructive and irreversible. You
+// cannot decrypt ciphertext encrypted under the KMS key by using only its associated
+// external key or CloudHSM key. Also, you cannot recreate a KMS key in an external
+// key store by creating a new KMS key with the same key material.
+//
// For more information about scheduling a KMS key for deletion, see Deleting
// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html)
// in the Key Management Service Developer Guide.
@@ -6785,8 +7297,8 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -6796,10 +7308,18 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion
func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) {
req, out := c.ScheduleKeyDeletionRequest(input)
@@ -6940,8 +7460,8 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -6971,10 +7491,18 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign
func (c *KMS) Sign(input *SignInput) (*SignOutput, error) {
req, out := c.SignRequest(input)
@@ -7044,7 +7572,7 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request,
// Adds or edits tags on a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk).
//
// Tagging or untagging a KMS key can allow or deny permission to the KMS key.
-// For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
//
// Each tag consists of a tag key and a tag value, both of which are case-sensitive
@@ -7111,10 +7639,18 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - LimitExceededException
// The request was rejected because a quota was exceeded. For more information,
// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
@@ -7193,7 +7729,7 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ
// To delete a tag, specify the tag key and the KMS key.
//
// Tagging or untagging a KMS key can allow or deny permission to the KMS key.
-// For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
//
// When it succeeds, the UntagResource operation doesn't return any output.
@@ -7251,10 +7787,18 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - TagException
// The request was rejected because one or more tags are not valid.
//
@@ -7330,14 +7874,14 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request,
// account and Region.
//
// Adding, deleting, or updating an alias can allow or deny permission to the
-// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
//
// The current and new KMS key must be the same type (both symmetric or both
-// asymmetric), and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY).
-// This restriction prevents errors in code that uses aliases. If you must assign
-// an alias to a different type of KMS key, use DeleteAlias to delete the old
-// alias and CreateAlias to create a new alias.
+// asymmetric or both HMAC), and they must have the same key usage. This restriction
+// prevents errors in code that uses aliases. If you must assign an alias to
+// a different type of KMS key, use DeleteAlias to delete the old alias and
+// CreateAlias to create a new alias.
//
// You cannot use UpdateAlias to change an alias name. To change an alias name,
// use DeleteAlias to delete the old alias and CreateAlias to create a new alias.
@@ -7386,8 +7930,8 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request,
// Returned Error Types:
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - NotFoundException
// The request was rejected because the specified entity or resource could not
@@ -7406,10 +7950,18 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request,
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias
func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) {
req, out := c.UpdateAliasRequest(input)
@@ -7476,42 +8028,70 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
// UpdateCustomKeyStore API operation for AWS Key Management Service.
//
-// Changes the properties of a custom key store. Use the CustomKeyStoreId parameter
-// to identify the custom key store you want to edit. Use the remaining parameters
-// to change the properties of the custom key store.
-//
-// You can only update a custom key store that is disconnected. To disconnect
-// the custom key store, use DisconnectCustomKeyStore. To reconnect the custom
-// key store after the update completes, use ConnectCustomKeyStore. To find
-// the connection state of a custom key store, use the DescribeCustomKeyStores
-// operation.
-//
-// The CustomKeyStoreId parameter is required in all commands. Use the other
-// parameters of UpdateCustomKeyStore to edit your key store settings.
+// Changes the properties of a custom key store. You can use this operation
+// to change the properties of an CloudHSM key store or an external key store.
//
-// - Use the NewCustomKeyStoreName parameter to change the friendly name
-// of the custom key store to the value that you specify.
+// Use the required CustomKeyStoreId parameter to identify the custom key store.
+// Use the remaining optional parameters to change its properties. This operation
+// does not return any property values. To verify the updated property values,
+// use the DescribeCustomKeyStores operation.
//
-// - Use the KeyStorePassword parameter tell KMS the current password of
-// the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
-// in the associated CloudHSM cluster. You can use this parameter to fix
-// connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password)
-// that occur when KMS cannot log into the associated cluster because the
-// kmsuser password has changed. This value does not change the password
-// in the CloudHSM cluster.
-//
-// - Use the CloudHsmClusterId parameter to associate the custom key store
-// with a different, but related, CloudHSM cluster. You can use this parameter
-// to repair a custom key store if its CloudHSM cluster becomes corrupted
-// or is deleted, or when you need to create or restore a cluster from a
-// backup.
+// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+// feature in KMS, which combines the convenience and extensive integration
+// of KMS with the isolation and control of a key store that you own and manage.
+//
+// When updating the properties of an external key store, verify that the updated
+// settings connect your key store, via the external key store proxy, to the
+// same external key manager as the previous settings, or to a backup or snapshot
+// of the external key manager with the same cryptographic keys. If the updated
+// connection settings fail, you can fix them and retry, although an extended
+// delay might disrupt Amazon Web Services services. However, if KMS permanently
+// loses its access to cryptographic keys, ciphertext encrypted under those
+// keys is unrecoverable.
+//
+// For external key stores:
+//
+// Some external key managers provide a simpler method for updating an external
+// key store. For details, see your external key manager documentation.
+//
+// When updating an external key store in the KMS console, you can upload a
+// JSON-based proxy configuration file with the desired values. You cannot upload
+// the proxy configuration file to the UpdateCustomKeyStore operation. However,
+// you can use the file to help you determine the correct values for the UpdateCustomKeyStore
+// parameters.
+//
+// For an CloudHSM key store, you can use this operation to change the custom
+// key store friendly name (NewCustomKeyStoreName), to tell KMS about a change
+// to the kmsuser crypto user password (KeyStorePassword), or to associate the
+// custom key store with a different, but related, CloudHSM cluster (CloudHsmClusterId).
+// To update any property of an CloudHSM key store, the ConnectionState of the
+// CloudHSM key store must be DISCONNECTED.
+//
+// For an external key store, you can use this operation to change the custom
+// key store friendly name (NewCustomKeyStoreName), or to tell KMS about a change
+// to the external key store proxy authentication credentials (XksProxyAuthenticationCredential),
+// connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint)
+// and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity
+// of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint service
+// name (XksProxyVpcEndpointServiceName). To update most properties of an external
+// key store, the ConnectionState of the external key store must be DISCONNECTED.
+// However, you can update the CustomKeyStoreName, XksProxyAuthenticationCredential,
+// and XksProxyUriPath of an external key store when it is in the CONNECTED
+// or DISCONNECTED state.
+//
+// If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore,
+// use the DisconnectCustomKeyStore operation to disconnect the custom key store.
+// After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore
+// to reconnect the custom key store. To find the ConnectionState of the custom
+// key store, use the DescribeCustomKeyStores operation.
+//
+// Before updating the custom key store, verify that the new values allow KMS
+// to connect the custom key store to its backing key store. For example, before
+// you change the XksProxyUriPath value, verify that the external key store
+// proxy is reachable at the new path.
//
// If the operation succeeds, it returns a JSON object with no properties.
//
-// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
-// feature in KMS, which combines the convenience and extensive integration
-// of KMS with the isolation and control of a single-tenant key store.
-//
// Cross-account use: No. You cannot perform this operation on a custom key
// store in a different Amazon Web Services account.
//
@@ -7555,15 +8135,16 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
// - CloudHsmClusterNotRelatedException
// The request was rejected because the specified CloudHSM cluster has a different
// cluster certificate than the original cluster. You cannot use the operation
-// to specify an unrelated cluster.
+// to specify an unrelated cluster for an CloudHSM key store.
//
-// Specify a cluster that shares a backup history with the original cluster.
-// This includes clusters that were created from a backup of the current cluster,
-// and clusters that were created from the same backup that produced the current
-// cluster.
+// Specify an CloudHSM cluster that shares a backup history with the original
+// cluster. This includes clusters that were created from a backup of the current
+// cluster, and clusters that were created from the same backup that produced
+// the current cluster.
//
-// Clusters that share a backup history have the same cluster certificate. To
-// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+// CloudHSM clusters that share a backup history have the same cluster certificate.
+// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
//
// - CustomKeyStoreInvalidStateException
@@ -7573,60 +8154,126 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
//
// This exception is thrown under the following conditions:
//
-// - You requested the CreateKey or GenerateRandom operation in a custom
-// key store that is not connected. These operations are valid only when
-// the custom key store ConnectionState is CONNECTED.
+// - You requested the ConnectCustomKeyStore operation on a custom key store
+// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+// for all other ConnectionState values. To reconnect a custom key store
+// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+// it (ConnectCustomKeyStore).
+//
+// - You requested the CreateKey operation in a custom key store that is
+// not connected. This operations is valid only when the custom key store
+// ConnectionState is CONNECTED.
+//
+// - You requested the DisconnectCustomKeyStore operation on a custom key
+// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+// is valid for all other ConnectionState values.
//
// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
-// - You requested the ConnectCustomKeyStore operation on a custom key store
-// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-// for all other ConnectionState values.
+// - You requested the GenerateRandom operation in an CloudHSM key store
+// that is not connected. This operation is valid only when the CloudHSM
+// key store ConnectionState is CONNECTED.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// - CloudHsmClusterNotActiveException
-// The request was rejected because the CloudHSM cluster that is associated
-// with the custom key store is not active. Initialize and activate the cluster
-// and try the command again. For detailed instructions, see Getting Started
-// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
+// The request was rejected because the CloudHSM cluster associated with the
+// CloudHSM key store is not active. Initialize and activate the cluster and
+// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the CloudHSM User Guide.
//
// - CloudHsmClusterInvalidConfigurationException
// The request was rejected because the associated CloudHSM cluster did not
-// meet the configuration requirements for a custom key store.
+// meet the configuration requirements for an CloudHSM key store.
//
-// - The cluster must be configured with private subnets in at least two
-// different Availability Zones in the Region.
+// - The CloudHSM cluster must be configured with private subnets in at least
+// two different Availability Zones in the Region.
//
// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// (cloudhsm-cluster--sg) must include inbound rules and outbound
// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
// rules and the Destination in the outbound rules must match the security
-// group ID. These rules are set by default when you create the cluster.
-// Do not delete or change them. To get information about a particular security
-// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+// group ID. These rules are set by default when you create the CloudHSM
+// cluster. Do not delete or change them. To get information about a particular
+// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
// operation.
//
-// - The cluster must contain at least as many HSMs as the operation requires.
-// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+// - The CloudHSM cluster must contain at least as many HSMs as the operation
+// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
// operations, the CloudHSM cluster must have at least two active HSMs, each
// in a different Availability Zone. For the ConnectCustomKeyStore operation,
// the CloudHSM must contain at least one active HSM.
//
// For information about the requirements for an CloudHSM cluster that is associated
-// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the Key Management Service Developer Guide. For information about creating
// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the CloudHSM User Guide. For information about cluster security groups,
// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// in the CloudHSM User Guide .
//
+// - XksProxyUriInUseException
+// The request was rejected because the concatenation of the XksProxyUriEndpoint
+// and XksProxyUriPath is already associated with an external key store in the
+// Amazon Web Services account and Region. Each external key store in an account
+// and Region must use a unique external key store proxy API address.
+//
+// - XksProxyUriEndpointInUseException
+// The request was rejected because the concatenation of the XksProxyUriEndpoint
+// is already associated with an external key store in the Amazon Web Services
+// account and Region. Each external key store in an account and Region must
+// use a unique external key store proxy address.
+//
+// - XksProxyUriUnreachableException
+// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable
+// before you create the external key store or update its settings.
+//
+// This exception is also thrown when the external key store proxy response
+// to a GetHealthStatus request indicates that all external key manager instances
+// are unavailable.
+//
+// - XksProxyIncorrectAuthenticationCredentialException
+// The request was rejected because the proxy credentials failed to authenticate
+// to the specified external key store proxy. The specified external key store
+// proxy rejected a status request from KMS due to invalid credentials. This
+// can indicate an error in the credentials or in the identification of the
+// external key store proxy.
+//
+// - XksProxyVpcEndpointServiceInUseException
+// The request was rejected because the specified Amazon VPC endpoint service
+// is already associated with an external key store in the Amazon Web Services
+// account and Region. Each external key store in an Amazon Web Services account
+// and Region must use a different Amazon VPC endpoint service.
+//
+// - XksProxyVpcEndpointServiceNotFoundException
+// The request was rejected because KMS could not find the specified VPC endpoint
+// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name
+// for the external key store. Also, confirm that the Allow principals list
+// for the VPC endpoint service includes the KMS service principal for the Region,
+// such as cks.kms.us-east-1.amazonaws.com.
+//
+// - XksProxyVpcEndpointServiceInvalidConfigurationException
+// The request was rejected because the Amazon VPC endpoint service configuration
+// does not fulfill the requirements for an external key store proxy. For details,
+// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+// for Amazon VPC endpoint service connectivity for an external key store.
+//
+// - XksProxyInvalidResponseException
+// KMS cannot interpret the response it received from the external key store
+// proxy. The problem might be a poorly constructed response, but it could also
+// be a transient network issue. If you see this error repeatedly, report it
+// to the proxy vendor.
+//
+// - XksProxyInvalidConfigurationException
+// The request was rejected because the Amazon VPC endpoint service configuration
+// does not fulfill the requirements for an external key store proxy. For details,
+// see the exception message.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore
func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) {
req, out := c.UpdateCustomKeyStoreRequest(input)
@@ -7730,8 +8377,8 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req
// is not valid.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InternalException
// The request was rejected because an internal exception occurred. The request
@@ -7741,10 +8388,18 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription
func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) {
req, out := c.UpdateKeyDescriptionRequest(input)
@@ -7902,10 +8557,18 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req *
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - InternalException
// The request was rejected because an internal exception occurred. The request
// can be retried.
@@ -8004,15 +8667,16 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V
// You can also verify the digital signature by using the public key of the
// KMS key outside of KMS. Use the GetPublicKey operation to download the public
// key in the asymmetric KMS key and then use the public key to verify the signature
-// outside of KMS. To verify a signature outside of KMS with an SM2 public key,
-// you must specify the distinguishing ID. By default, KMS uses 1234567812345678
+// outside of KMS. The advantage of using the Verify operation is that it is
+// performed within KMS. As a result, it's easy to call, the operation is performed
+// within the FIPS boundary, it is logged in CloudTrail, and you can use key
+// policy and IAM policy to determine who is authorized to use the KMS key to
+// verify signatures.
+//
+// To verify a signature outside of KMS with an SM2 public key (China Regions
+// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678
// as the distinguishing ID. For more information, see Offline verification
-// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification)
-// in Key Management Service Developer Guide. The advantage of using the Verify
-// operation is that it is performed within KMS. As a result, it's easy to call,
-// the operation is performed within the FIPS boundary, it is logged in CloudTrail,
-// and you can use key policy and IAM policy to determine who is authorized
-// to use the KMS key to verify signatures.
+// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification).
//
// The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
@@ -8048,8 +8712,8 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V
// You can retry the request.
//
// - DependencyTimeoutException
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
//
// - InvalidKeyUsageException
// The request was rejected for one of the following reasons:
@@ -8079,10 +8743,18 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// - KMSInvalidSignatureException
// The request was rejected because the signature verification failed. Signature
// verification fails when it cannot confirm that signature was produced by
@@ -8157,10 +8829,12 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out
// message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes
// an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify,
// and compares the computed HMAC to the HMAC that you specify. If the HMACs
-// are identical, the verification succeeds; otherwise, it fails.
+// are identical, the verification succeeds; otherwise, it fails. Verification
+// indicates that the message hasn't changed since the HMAC was calculated,
+// and the specified key was used to generate and verify the HMAC.
//
-// Verification indicates that the message hasn't changed since the HMAC was
-// calculated, and the specified key was used to generate and verify the HMAC.
+// HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards
+// defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104).
//
// This operation is part of KMS support for HMAC KMS keys. For details, see
// HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html)
@@ -8232,10 +8906,18 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide .
//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
+//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/VerifyMac
func (c *KMS) VerifyMac(input *VerifyMacInput) (*VerifyMacOutput, error) {
req, out := c.VerifyMacRequest(input)
@@ -8486,12 +9168,13 @@ func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput {
}
// The request was rejected because the specified CloudHSM cluster is already
-// associated with a custom key store or it shares a backup history with a cluster
-// that is associated with a custom key store. Each custom key store must be
-// associated with a different CloudHSM cluster.
+// associated with an CloudHSM key store in the account, or it shares a backup
+// history with an CloudHSM key store in the account. Each CloudHSM key store
+// in the account must be associated with a different CloudHSM cluster.
//
-// Clusters that share a backup history have the same cluster certificate. To
-// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+// CloudHSM clusters that share a backup history have the same cluster certificate.
+// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
type CloudHsmClusterInUseException struct {
_ struct{} `type:"structure"`
@@ -8557,29 +9240,29 @@ func (s *CloudHsmClusterInUseException) RequestID() string {
}
// The request was rejected because the associated CloudHSM cluster did not
-// meet the configuration requirements for a custom key store.
+// meet the configuration requirements for an CloudHSM key store.
//
-// - The cluster must be configured with private subnets in at least two
-// different Availability Zones in the Region.
+// - The CloudHSM cluster must be configured with private subnets in at least
+// two different Availability Zones in the Region.
//
// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// (cloudhsm-cluster--sg) must include inbound rules and outbound
// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
// rules and the Destination in the outbound rules must match the security
-// group ID. These rules are set by default when you create the cluster.
-// Do not delete or change them. To get information about a particular security
-// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+// group ID. These rules are set by default when you create the CloudHSM
+// cluster. Do not delete or change them. To get information about a particular
+// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
// operation.
//
-// - The cluster must contain at least as many HSMs as the operation requires.
-// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+// - The CloudHSM cluster must contain at least as many HSMs as the operation
+// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
// operations, the CloudHSM cluster must have at least two active HSMs, each
// in a different Availability Zone. For the ConnectCustomKeyStore operation,
// the CloudHSM must contain at least one active HSM.
//
// For information about the requirements for an CloudHSM cluster that is associated
-// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the Key Management Service Developer Guide. For information about creating
// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the CloudHSM User Guide. For information about cluster security groups,
@@ -8648,10 +9331,9 @@ func (s *CloudHsmClusterInvalidConfigurationException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The request was rejected because the CloudHSM cluster that is associated
-// with the custom key store is not active. Initialize and activate the cluster
-// and try the command again. For detailed instructions, see Getting Started
-// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
+// The request was rejected because the CloudHSM cluster associated with the
+// CloudHSM key store is not active. Initialize and activate the cluster and
+// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the CloudHSM User Guide.
type CloudHsmClusterNotActiveException struct {
_ struct{} `type:"structure"`
@@ -8783,15 +9465,16 @@ func (s *CloudHsmClusterNotFoundException) RequestID() string {
// The request was rejected because the specified CloudHSM cluster has a different
// cluster certificate than the original cluster. You cannot use the operation
-// to specify an unrelated cluster.
+// to specify an unrelated cluster for an CloudHSM key store.
//
-// Specify a cluster that shares a backup history with the original cluster.
-// This includes clusters that were created from a backup of the current cluster,
-// and clusters that were created from the same backup that produced the current
-// cluster.
+// Specify an CloudHSM cluster that shares a backup history with the original
+// cluster. This includes clusters that were created from a backup of the current
+// cluster, and clusters that were created from the same backup that produced
+// the current cluster.
//
-// Clusters that share a backup history have the same cluster certificate. To
-// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+// CloudHSM clusters that share a backup history have the same cluster certificate.
+// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
type CloudHsmClusterNotRelatedException struct {
_ struct{} `type:"structure"`
@@ -9042,18 +9725,33 @@ func (s CreateAliasOutput) GoString() string {
type CreateCustomKeyStoreInput struct {
_ struct{} `type:"structure"`
- // Identifies the CloudHSM cluster for the custom key store. Enter the cluster
- // ID of any active CloudHSM cluster that is not already associated with a custom
- // key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+ // Identifies the CloudHSM cluster for an CloudHSM key store. This parameter
+ // is required for custom key stores with CustomKeyStoreType of AWS_CLOUDHSM.
+ //
+ // Enter the cluster ID of any active CloudHSM cluster that is not already associated
+ // with a custom key store. To find the cluster ID, use the DescribeClusters
+ // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
CloudHsmClusterId *string `min:"19" type:"string"`
// Specifies a friendly name for the custom key store. The name must be unique
- // in your Amazon Web Services account.
+ // in your Amazon Web Services account and Region. This parameter is required
+ // for all custom key stores.
//
// CustomKeyStoreName is a required field
CustomKeyStoreName *string `min:"1" type:"string" required:"true"`
+ // Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
+ //
+ // For a custom key store backed by an CloudHSM cluster, omit the parameter
+ // or enter AWS_CLOUDHSM. For a custom key store backed by an external key manager
+ // outside of Amazon Web Services, enter EXTERNAL_KEY_STORE. You cannot change
+ // this property after the key store is created.
+ CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"`
+
+ // Specifies the kmsuser password for an CloudHSM key store. This parameter
+ // is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
+ //
// Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
// in the specified CloudHSM cluster. KMS logs into the cluster as this user
// to manage key material on your behalf.
@@ -9068,10 +9766,120 @@ type CreateCustomKeyStoreInput struct {
// String and GoString methods.
KeyStorePassword *string `min:"7" type:"string" sensitive:"true"`
- // Enter the content of the trust anchor certificate for the cluster. This is
- // the content of the customerCA.crt file that you created when you initialized
- // the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html).
+ // * CreateCustom
+ //
+ // Specifies the certificate for an CloudHSM key store. This parameter is required
+ // for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
+ //
+ // Enter the content of the trust anchor certificate for the CloudHSM cluster.
+ // This is the content of the customerCA.crt file that you created when you
+ // initialized the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html).
TrustAnchorCertificate *string `min:"1" type:"string"`
+
+ // Specifies an authentication credential for the external key store proxy (XKS
+ // proxy). This parameter is required for all custom key stores with a CustomKeyStoreType
+ // of EXTERNAL_KEY_STORE.
+ //
+ // The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey,
+ // a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey.
+ // For character requirements, see XksProxyAuthenticationCredentialType (kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html).
+ //
+ // KMS uses this authentication credential to sign requests to the external
+ // key store proxy on your behalf. This credential is unrelated to Identity
+ // and Access Management (IAM) and Amazon Web Services credentials.
+ //
+ // This parameter doesn't set or change the authentication credentials on the
+ // XKS proxy. It just tells KMS the credential that you established on your
+ // external key store proxy. If you rotate your proxy authentication credential,
+ // use the UpdateCustomKeyStore operation to provide the new credential to KMS.
+ XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"`
+
+ // Indicates how KMS communicates with the external key store proxy. This parameter
+ // is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
+ //
+ // If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT.
+ // If the external key store proxy uses a Amazon VPC endpoint service for communication
+ // with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, see
+ // Choosing a connectivity option (https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity)
+ // in the Key Management Service Developer Guide.
+ //
+ // An Amazon VPC endpoint service keeps your communication with KMS in a private
+ // address space entirely within Amazon Web Services, but it requires more configuration,
+ // including establishing a Amazon VPC with multiple subnets, a VPC endpoint
+ // service, a network load balancer, and a verified private DNS name. A public
+ // endpoint is simpler to set up, but it might be slower and might not fulfill
+ // your security requirements. You might consider testing with a public endpoint,
+ // and then establishing a VPC endpoint service for production tasks. Note that
+ // this choice does not determine the location of the external key store proxy.
+ // Even if you choose a VPC endpoint service, the proxy can be hosted within
+ // the VPC or outside of Amazon Web Services such as in your corporate data
+ // center.
+ XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"`
+
+ // Specifies the endpoint that KMS uses to send requests to the external key
+ // store proxy (XKS proxy). This parameter is required for custom key stores
+ // with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
+ //
+ // The protocol must be HTTPS. KMS communicates on port 443. Do not specify
+ // the port in the XksProxyUriEndpoint value.
+ //
+ // For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
+ // specify https:// followed by the private DNS name of the VPC endpoint service.
+ //
+ // For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint
+ // must be reachable before you create the custom key store. KMS connects to
+ // the external key store proxy while creating the custom key store. For external
+ // key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you
+ // call the ConnectCustomKeyStore operation.
+ //
+ // The value of this parameter must begin with https://. The remainder can contain
+ // upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), and
+ // hyphens (-). Additional slashes (/ and \) are not permitted.
+ //
+ // Uniqueness requirements:
+ //
+ // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be
+ // unique in the Amazon Web Services account and Region.
+ //
+ // * An external key store with PUBLIC_ENDPOINT connectivity cannot use the
+ // same XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
+ // connectivity in the same Amazon Web Services Region.
+ //
+ // * Each external key store with VPC_ENDPOINT_SERVICE connectivity must
+ // have its own private DNS name. The XksProxyUriEndpoint value for external
+ // key stores with VPC_ENDPOINT_SERVICE connectivity (private DNS name) must
+ // be unique in the Amazon Web Services account and Region.
+ XksProxyUriEndpoint *string `min:"10" type:"string"`
+
+ // Specifies the base path to the proxy APIs for this external key store. To
+ // find this value, see the documentation for your external key store proxy.
+ // This parameter is required for all custom key stores with a CustomKeyStoreType
+ // of EXTERNAL_KEY_STORE.
+ //
+ // The value must start with / and must end with /kms/xks/v1 where v1 represents
+ // the version of the KMS external key store proxy API. This path can include
+ // an optional prefix between the required elements such as /prefix/kms/xks/v1.
+ //
+ // Uniqueness requirements:
+ //
+ // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be
+ // unique in the Amazon Web Services account and Region.
+ XksProxyUriPath *string `min:"10" type:"string"`
+
+ // Specifies the name of the Amazon VPC endpoint service for interface endpoints
+ // that is used to communicate with your external key store proxy (XKS proxy).
+ // This parameter is required when the value of CustomKeyStoreType is EXTERNAL_KEY_STORE
+ // and the value of XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
+ //
+ // The Amazon VPC endpoint service must fulfill all requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements)
+ // for use with an external key store.
+ //
+ // Uniqueness requirements:
+ //
+ // * External key stores with VPC_ENDPOINT_SERVICE connectivity can share
+ // an Amazon VPC, but each external key store must have its own VPC endpoint
+ // service and private DNS name.
+ XksProxyVpcEndpointServiceName *string `min:"20" type:"string"`
}
// String returns the string representation.
@@ -9110,6 +9918,20 @@ func (s *CreateCustomKeyStoreInput) Validate() error {
if s.TrustAnchorCertificate != nil && len(*s.TrustAnchorCertificate) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TrustAnchorCertificate", 1))
}
+ if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 {
+ invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10))
+ }
+ if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 {
+ invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10))
+ }
+ if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20))
+ }
+ if s.XksProxyAuthenticationCredential != nil {
+ if err := s.XksProxyAuthenticationCredential.Validate(); err != nil {
+ invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams))
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -9129,6 +9951,12 @@ func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreName(v string) *CreateCusto
return s
}
+// SetCustomKeyStoreType sets the CustomKeyStoreType field's value.
+func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreType(v string) *CreateCustomKeyStoreInput {
+ s.CustomKeyStoreType = &v
+ return s
+}
+
// SetKeyStorePassword sets the KeyStorePassword field's value.
func (s *CreateCustomKeyStoreInput) SetKeyStorePassword(v string) *CreateCustomKeyStoreInput {
s.KeyStorePassword = &v
@@ -9141,8 +9969,38 @@ func (s *CreateCustomKeyStoreInput) SetTrustAnchorCertificate(v string) *CreateC
return s
}
-type CreateCustomKeyStoreOutput struct {
- _ struct{} `type:"structure"`
+// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value.
+func (s *CreateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *CreateCustomKeyStoreInput {
+ s.XksProxyAuthenticationCredential = v
+ return s
+}
+
+// SetXksProxyConnectivity sets the XksProxyConnectivity field's value.
+func (s *CreateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *CreateCustomKeyStoreInput {
+ s.XksProxyConnectivity = &v
+ return s
+}
+
+// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value.
+func (s *CreateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *CreateCustomKeyStoreInput {
+ s.XksProxyUriEndpoint = &v
+ return s
+}
+
+// SetXksProxyUriPath sets the XksProxyUriPath field's value.
+func (s *CreateCustomKeyStoreInput) SetXksProxyUriPath(v string) *CreateCustomKeyStoreInput {
+ s.XksProxyUriPath = &v
+ return s
+}
+
+// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value.
+func (s *CreateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *CreateCustomKeyStoreInput {
+ s.XksProxyVpcEndpointServiceName = &v
+ return s
+}
+
+type CreateCustomKeyStoreOutput struct {
+ _ struct{} `type:"structure"`
// A unique identifier for the new custom key store.
CustomKeyStoreId *string `min:"1" type:"string"`
@@ -9446,31 +10304,25 @@ type CreateKeyInput struct {
// The default value is false.
BypassPolicyLockoutSafetyCheck *bool `type:"boolean"`
- // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
- // and the key material in its associated CloudHSM cluster. To create a KMS
- // key in a custom key store, you must also specify the Origin parameter with
- // a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the
- // custom key store must have at least two active HSMs, each in a different
- // Availability Zone in the Region.
+ // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
+ // The ConnectionState of the custom key store must be CONNECTED. To find the
+ // CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation.
//
// This parameter is valid only for symmetric encryption KMS keys in a single
// Region. You cannot create any other type of KMS key in a custom key store.
//
- // To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
- //
- // The response includes the custom key store ID and the ID of the CloudHSM
- // cluster.
- //
- // This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
- // feature in KMS, which combines the convenience and extensive integration
- // of KMS with the isolation and control of a single-tenant key store.
+ // When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable
+ // 256-bit symmetric key in its associated CloudHSM cluster and associates it
+ // with the KMS key. When you create a KMS key in an external key store, you
+ // must use the XksKeyId parameter to specify an external key that serves as
+ // key material for the KMS key.
CustomKeyStoreId *string `min:"1" type:"string"`
// Instead, use the KeySpec parameter.
//
// The KeySpec and CustomerMasterKeySpec parameters work the same way. Only
// the names differ. We recommend that you use KeySpec parameter in your code.
- // However, to avoid breaking changes, KMS will support both parameters.
+ // However, to avoid breaking changes, KMS supports both parameters.
//
// Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter.
CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"`
@@ -9491,11 +10343,11 @@ type CreateKeyInput struct {
// in the Key Management Service Developer Guide .
//
// The KeySpec determines whether the KMS key contains a symmetric key or an
- // asymmetric key pair. It also determines the cryptographic algorithms that
- // the KMS key supports. You can't change the KeySpec after the KMS key is created.
- // To further restrict the algorithms that can be used with the KMS key, use
- // a condition key in its key policy or IAM policy. For more information, see
- // kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm),
+ // asymmetric key pair. It also determines the algorithms that the KMS key supports.
+ // You can't change the KeySpec after the KMS key is created. To further restrict
+ // the algorithms that can be used with the KMS key, use a condition key in
+ // its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm
+ // (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm),
// kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm)
// or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm)
// in the Key Management Service Developer Guide .
@@ -9561,36 +10413,37 @@ type CreateKeyInput struct {
// This value creates a primary key, not a replica. To create a replica key,
// use the ReplicateKey operation.
//
- // You can create a multi-Region version of a symmetric encryption KMS key,
- // an HMAC KMS key, an asymmetric KMS key, or a KMS key with imported key material.
- // However, you cannot create a multi-Region key in a custom key store.
+ // You can create a symmetric or asymmetric multi-Region key, and you can create
+ // a multi-Region key with imported key material. However, you cannot create
+ // a multi-Region key in a custom key store.
MultiRegion *bool `type:"boolean"`
// The source of the key material for the KMS key. You cannot change the origin
// after you create the KMS key. The default is AWS_KMS, which means that KMS
// creates the key material.
//
- // To create a KMS key with no key material (for imported key material), set
- // the value to EXTERNAL. For more information about importing key material
- // into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
- // in the Key Management Service Developer Guide. This value is valid only for
- // symmetric encryption KMS keys.
+ // To create a KMS key with no key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html)
+ // (for imported key material), set this value to EXTERNAL. For more information
+ // about importing key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
+ // in the Key Management Service Developer Guide. The EXTERNAL origin value
+ // is valid only for symmetric KMS keys.
//
- // To create a KMS key in an KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
+ // To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html)
// and create its key material in the associated CloudHSM cluster, set this
// value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to
- // identify the custom key store. This value is valid only for symmetric encryption
- // KMS keys.
+ // identify the CloudHSM key store. The KeySpec value must be SYMMETRIC_DEFAULT.
+ //
+ // To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html),
+ // set this value to EXTERNAL_KEY_STORE. You must also use the CustomKeyStoreId
+ // parameter to identify the external key store and the XksKeyId parameter to
+ // identify the associated external key. The KeySpec value must be SYMMETRIC_DEFAULT.
Origin *string `type:"string" enum:"OriginType"`
- // The key policy to attach to the KMS key. If you do not specify a key policy,
- // KMS attaches a default key policy to the KMS key. For more information, see
- // Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
- // in the Key Management Service Developer Guide.
+ // The key policy to attach to the KMS key.
//
// If you provide a key policy, it must meet the following criteria:
//
- // * If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy
+ // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// must allow the principal that is making the CreateKey request to make
// a subsequent PutKeyPolicy request on the KMS key. This reduces the risk
// that the KMS key becomes unmanageable. For more information, refer to
@@ -9606,20 +10459,14 @@ type CreateKeyInput struct {
// visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Amazon Web Services Identity and Access Management User Guide.
//
- // A key policy document can include only the following characters:
- //
- // * Printable ASCII characters from the space character (\u0020) through
- // the end of the ASCII character range.
- //
- // * Printable characters in the Basic Latin and Latin-1 Supplement character
- // set (through \u00FF).
+ // If you do not provide a key policy, KMS attaches a default key policy to
+ // the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
+ // in the Key Management Service Developer Guide.
//
- // * The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special
- // characters
+ // The key policy size quota is 32 kilobytes (32768 bytes).
//
- // For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)
- // in the Key Management Service Developer Guide. For help writing and formatting
- // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html)
+ // For help writing and formatting a JSON policy document, see the IAM JSON
+ // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html)
// in the Identity and Access Management User Guide .
Policy *string `min:"1" type:"string"`
@@ -9627,7 +10474,7 @@ type CreateKeyInput struct {
// key when it is created. To tag an existing KMS key, use the TagResource operation.
//
// Tagging or untagging a KMS key can allow or deny permission to the KMS key.
- // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+ // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
//
// To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html)
@@ -9644,6 +10491,33 @@ type CreateKeyInput struct {
// Tags can also be used to control access to a KMS key. For details, see Tagging
// Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html).
Tags []*Tag `type:"list"`
+
+ // Identifies the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)
+ // that serves as key material for the KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html).
+ // Specify the ID that the external key store proxy (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy)
+ // uses to refer to the external key. For help, see the documentation for your
+ // external key store proxy.
+ //
+ // This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE.
+ // It is not valid for KMS keys with any other Origin value.
+ //
+ // The external key must be an existing 256-bit AES symmetric encryption key
+ // hosted outside of Amazon Web Services in an external key manager associated
+ // with the external key store specified by the CustomKeyStoreId parameter.
+ // This key must be enabled and configured to perform encryption and decryption.
+ // Each KMS key in an external key store must use a different external key.
+ // For details, see Requirements for a KMS key in an external key store (https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements)
+ // in the Key Management Service Developer Guide.
+ //
+ // Each KMS key in an external key store is associated two backing keys. One
+ // is key material that KMS generates. The other is the external key specified
+ // by this parameter. When you use the KMS key in an external key store to encrypt
+ // data, the encryption operation is performed first by KMS using the KMS key
+ // material, and then by the external key manager using the specified external
+ // key, a process known as double encryption. For details, see Double encryption
+ // (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption)
+ // in the Key Management Service Developer Guide.
+ XksKeyId *string `min:"1" type:"string"`
}
// String returns the string representation.
@@ -9673,6 +10547,9 @@ func (s *CreateKeyInput) Validate() error {
if s.Policy != nil && len(*s.Policy) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
}
+ if s.XksKeyId != nil && len(*s.XksKeyId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("XksKeyId", 1))
+ }
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
@@ -9750,6 +10627,12 @@ func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput {
return s
}
+// SetXksKeyId sets the XksKeyId field's value.
+func (s *CreateKeyInput) SetXksKeyId(v string) *CreateKeyInput {
+ s.XksKeyId = &v
+ return s
+}
+
type CreateKeyOutput struct {
_ struct{} `type:"structure"`
@@ -9854,17 +10737,27 @@ func (s *CustomKeyStoreHasCMKsException) RequestID() string {
//
// This exception is thrown under the following conditions:
//
-// - You requested the CreateKey or GenerateRandom operation in a custom
-// key store that is not connected. These operations are valid only when
-// the custom key store ConnectionState is CONNECTED.
+// - You requested the ConnectCustomKeyStore operation on a custom key store
+// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+// for all other ConnectionState values. To reconnect a custom key store
+// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+// it (ConnectCustomKeyStore).
+//
+// - You requested the CreateKey operation in a custom key store that is
+// not connected. This operations is valid only when the custom key store
+// ConnectionState is CONNECTED.
+//
+// - You requested the DisconnectCustomKeyStore operation on a custom key
+// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+// is valid for all other ConnectionState values.
//
// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
-// - You requested the ConnectCustomKeyStore operation on a custom key store
-// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
-// for all other ConnectionState values.
+// - You requested the GenerateRandom operation in an CloudHSM key store
+// that is not connected. This operation is valid only when the CloudHSM
+// key store ConnectionState is CONNECTED.
type CustomKeyStoreInvalidStateException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -10064,39 +10957,53 @@ func (s *CustomKeyStoreNotFoundException) RequestID() string {
type CustomKeyStoresListEntry struct {
_ struct{} `type:"structure"`
- // A unique identifier for the CloudHSM cluster that is associated with the
- // custom key store.
+ // A unique identifier for the CloudHSM cluster that is associated with an CloudHSM
+ // key store. This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM.
CloudHsmClusterId *string `min:"19" type:"string"`
// Describes the connection error. This field appears in the response only when
- // the ConnectionState is FAILED. For help resolving these errors, see How to
- // Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed)
- // in Key Management Service Developer Guide.
- //
- // Valid values are:
+ // the ConnectionState is FAILED.
//
- // * CLUSTER_NOT_FOUND - KMS cannot find the CloudHSM cluster with the specified
- // cluster ID.
+ // Many failures can be resolved by updating the properties of the custom key
+ // store. To update a custom key store, disconnect it (DisconnectCustomKeyStore),
+ // correct the errors (UpdateCustomKeyStore), and try to connect again (ConnectCustomKeyStore).
+ // For additional help resolving these errors, see How to Fix a Connection Failure
+ // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed)
+ // in Key Management Service Developer Guide.
//
- // * INSUFFICIENT_CLOUDHSM_HSMS - The associated CloudHSM cluster does not
- // contain any active HSMs. To connect a custom key store to its CloudHSM
- // cluster, the cluster must contain at least one active HSM.
+ // All custom key stores:
//
- // * INTERNAL_ERROR - KMS could not complete the request due to an internal
+ // * INTERNAL_ERROR — KMS could not complete the request due to an internal
// error. Retry the request. For ConnectCustomKeyStore requests, disconnect
// the custom key store before trying to connect again.
//
- // * INVALID_CREDENTIALS - KMS does not have the correct password for the
- // kmsuser crypto user in the CloudHSM cluster. Before you can connect your
- // custom key store to its CloudHSM cluster, you must change the kmsuser
- // account password and update the key store password value for the custom
- // key store.
+ // * NETWORK_ERRORS — Network errors are preventing KMS from connecting
+ // the custom key store to its backing key store.
//
- // * NETWORK_ERRORS - Network errors are preventing KMS from connecting to
- // the custom key store.
+ // CloudHSM key stores:
+ //
+ // * CLUSTER_NOT_FOUND — KMS cannot find the CloudHSM cluster with the
+ // specified cluster ID.
+ //
+ // * INSUFFICIENT_CLOUDHSM_HSMS — The associated CloudHSM cluster does
+ // not contain any active HSMs. To connect a custom key store to its CloudHSM
+ // cluster, the cluster must contain at least one active HSM.
//
- // * SUBNET_NOT_FOUND - A subnet in the CloudHSM cluster configuration was
- // deleted. If KMS cannot find all of the subnets in the cluster configuration,
+ // * INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET — At least one private subnet
+ // associated with the CloudHSM cluster doesn't have any available IP addresses.
+ // A CloudHSM key store connection requires one free IP address in each of
+ // the associated private subnets, although two are preferable. For details,
+ // see How to Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed)
+ // in the Key Management Service Developer Guide.
+ //
+ // * INVALID_CREDENTIALS — The KeyStorePassword for the custom key store
+ // doesn't match the current password of the kmsuser crypto user in the CloudHSM
+ // cluster. Before you can connect your custom key store to its CloudHSM
+ // cluster, you must change the kmsuser account password and update the KeyStorePassword
+ // value for the custom key store.
+ //
+ // * SUBNET_NOT_FOUND — A subnet in the CloudHSM cluster configuration
+ // was deleted. If KMS cannot find all of the subnets in the cluster configuration,
// attempts to connect the custom key store to the CloudHSM cluster fail.
// To fix this error, create a cluster from a recent backup and associate
// it with your custom key store. (This process creates a new cluster configuration
@@ -10104,13 +11011,13 @@ type CustomKeyStoresListEntry struct {
// Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed)
// in the Key Management Service Developer Guide.
//
- // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated
+ // * USER_LOCKED_OUT — The kmsuser CU account is locked out of the associated
// CloudHSM cluster due to too many failed password attempts. Before you
// can connect your custom key store to its CloudHSM cluster, you must change
// the kmsuser account password and update the key store password value for
// the custom key store.
//
- // * USER_LOGGED_IN - The kmsuser CU account is logged into the the associated
+ // * USER_LOGGED_IN — The kmsuser CU account is logged into the associated
// CloudHSM cluster. This prevents KMS from rotating the kmsuser account
// password and logging into the cluster. Before you can connect your custom
// key store to its CloudHSM cluster, you must log the kmsuser CU out of
@@ -10119,27 +11026,94 @@ type CustomKeyStoresListEntry struct {
// store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2)
// in the Key Management Service Developer Guide.
//
- // * USER_NOT_FOUND - KMS cannot find a kmsuser CU account in the associated
+ // * USER_NOT_FOUND — KMS cannot find a kmsuser CU account in the associated
// CloudHSM cluster. Before you can connect your custom key store to its
// CloudHSM cluster, you must create a kmsuser CU account in the cluster,
// and then update the key store password value for the custom key store.
+ //
+ // External key stores:
+ //
+ // * INVALID_CREDENTIALS — One or both of the XksProxyAuthenticationCredential
+ // values is not valid on the specified external key store proxy.
+ //
+ // * XKS_PROXY_ACCESS_DENIED — KMS requests are denied access to the external
+ // key store proxy. If the external key store proxy has authorization rules,
+ // verify that they permit KMS to communicate with the proxy on your behalf.
+ //
+ // * XKS_PROXY_INVALID_CONFIGURATION — A configuration error is preventing
+ // the external key store from connecting to its proxy. Verify the value
+ // of the XksProxyUriPath.
+ //
+ // * XKS_PROXY_INVALID_RESPONSE — KMS cannot interpret the response from
+ // the external key store proxy. If you see this connection error code repeatedly,
+ // notify your external key store proxy vendor.
+ //
+ // * XKS_PROXY_INVALID_TLS_CONFIGURATION — KMS cannot connect to the external
+ // key store proxy because the TLS configuration is invalid. Verify that
+ // the XKS proxy supports TLS 1.2 or 1.3. Also, verify that the TLS certificate
+ // is not expired, and that it matches the hostname in the XksProxyUriEndpoint
+ // value, and that it is signed by a certificate authority included in the
+ // Trusted Certificate Authorities (https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities)
+ // list.
+ //
+ // * XKS_PROXY_NOT_REACHABLE — KMS can't communicate with your external
+ // key store proxy. Verify that the XksProxyUriEndpoint and XksProxyUriPath
+ // are correct. Use the tools for your external key store proxy to verify
+ // that the proxy is active and available on its network. Also, verify that
+ // your external key manager instances are operating properly. Connection
+ // attempts fail with this connection error code if the proxy reports that
+ // all external key manager instances are unavailable.
+ //
+ // * XKS_PROXY_TIMED_OUT — KMS can connect to the external key store proxy,
+ // but the proxy does not respond to KMS in the time allotted. If you see
+ // this connection error code repeatedly, notify your external key store
+ // proxy vendor.
+ //
+ // * XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION — The Amazon VPC endpoint
+ // service configuration doesn't conform to the requirements for an KMS external
+ // key store. The VPC endpoint service must be an endpoint service for interface
+ // endpoints in the caller's Amazon Web Services account. It must have a
+ // network load balancer (NLB) connected to at least two subnets, each in
+ // a different Availability Zone. The Allow principals list must include
+ // the KMS service principal for the Region, cks.kms..amazonaws.com,
+ // such as cks.kms.us-east-1.amazonaws.com. It must not require acceptance
+ // (https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html)
+ // of connection requests. It must have a private DNS name. The private DNS
+ // name for an external key store with VPC_ENDPOINT_SERVICE connectivity
+ // must be unique in its Amazon Web Services Region. The domain of the private
+ // DNS name must have a verification status (https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html)
+ // of verified. The TLS certificate (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html)
+ // specifies the private DNS hostname at which the endpoint is reachable.
+ //
+ // * XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND — KMS can't find the VPC endpoint
+ // service that it uses to communicate with the external key store proxy.
+ // Verify that the XksProxyVpcEndpointServiceName is correct and the KMS
+ // service principal has service consumer permissions on the Amazon VPC endpoint
+ // service.
ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"`
- // Indicates whether the custom key store is connected to its CloudHSM cluster.
+ // Indicates whether the custom key store is connected to its backing key store.
+ // For an CloudHSM key store, the ConnectionState indicates whether it is connected
+ // to its CloudHSM cluster. For an external key store, the ConnectionState indicates
+ // whether it is connected to the external key store proxy that communicates
+ // with your external key manager.
//
- // You can create and use KMS keys in your custom key stores only when its connection
- // state is CONNECTED.
+ // You can create and use KMS keys in your custom key stores only when its ConnectionState
+ // is CONNECTED.
//
- // The value is DISCONNECTED if the key store has never been connected or you
- // use the DisconnectCustomKeyStore operation to disconnect it. If the value
- // is CONNECTED but you are having trouble using the custom key store, make
- // sure that its associated CloudHSM cluster is active and contains at least
- // one active HSM.
+ // The ConnectionState value is DISCONNECTED only if the key store has never
+ // been connected or you use the DisconnectCustomKeyStore operation to disconnect
+ // it. If the value is CONNECTED but you are having trouble using the custom
+ // key store, make sure that the backing key store is reachable and active.
+ // For an CloudHSM key store, verify that its associated CloudHSM cluster is
+ // active and contains at least one active HSM. For an external key store, verify
+ // that the external key store proxy and external key manager are connected
+ // and enabled.
//
// A value of FAILED indicates that an attempt to connect was unsuccessful.
// The ConnectionErrorCode field in the response indicates the cause of the
- // failure. For help resolving a connection failure, see Troubleshooting a Custom
- // Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
+ // failure. For help resolving a connection failure, see Troubleshooting a custom
+ // key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
// in the Key Management Service Developer Guide.
ConnectionState *string `type:"string" enum:"ConnectionStateType"`
@@ -10152,10 +11126,26 @@ type CustomKeyStoresListEntry struct {
// The user-specified friendly name for the custom key store.
CustomKeyStoreName *string `min:"1" type:"string"`
- // The trust anchor certificate of the associated CloudHSM cluster. When you
- // initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
+ // Indicates the type of the custom key store. AWS_CLOUDHSM indicates a custom
+ // key store backed by an CloudHSM cluster. EXTERNAL_KEY_STORE indicates a custom
+ // key store backed by an external key store proxy and external key manager
+ // outside of Amazon Web Services.
+ CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"`
+
+ // The trust anchor certificate of the CloudHSM cluster associated with an CloudHSM
+ // key store. When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
// you create this certificate and save it in the customerCA.crt file.
+ //
+ // This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM.
TrustAnchorCertificate *string `min:"1" type:"string"`
+
+ // Configuration settings for the external key store proxy (XKS proxy). The
+ // external key store proxy translates KMS requests into a format that your
+ // external key manager can understand. The proxy configuration includes connection
+ // information that KMS requires.
+ //
+ // This field appears only when the CustomKeyStoreType is EXTERNAL_KEY_STORE.
+ XksProxyConfiguration *XksProxyConfigurationType `type:"structure"`
}
// String returns the string representation.
@@ -10212,12 +11202,24 @@ func (s *CustomKeyStoresListEntry) SetCustomKeyStoreName(v string) *CustomKeySto
return s
}
+// SetCustomKeyStoreType sets the CustomKeyStoreType field's value.
+func (s *CustomKeyStoresListEntry) SetCustomKeyStoreType(v string) *CustomKeyStoresListEntry {
+ s.CustomKeyStoreType = &v
+ return s
+}
+
// SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value.
func (s *CustomKeyStoresListEntry) SetTrustAnchorCertificate(v string) *CustomKeyStoresListEntry {
s.TrustAnchorCertificate = &v
return s
}
+// SetXksProxyConfiguration sets the XksProxyConfiguration field's value.
+func (s *CustomKeyStoresListEntry) SetXksProxyConfiguration(v *XksProxyConfigurationType) *CustomKeyStoresListEntry {
+ s.XksProxyConfiguration = v
+ return s
+}
+
type DecryptInput struct {
_ struct{} `type:"structure"`
@@ -10643,8 +11645,8 @@ func (s DeleteImportedKeyMaterialOutput) GoString() string {
return s.String()
}
-// The system timed out while trying to fulfill the request. The request can
-// be retried.
+// The system timed out while trying to fulfill the request. You can retry the
+// request.
type DependencyTimeoutException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -10716,8 +11718,8 @@ type DescribeCustomKeyStoresInput struct {
//
// By default, this operation gets information about all custom key stores in
// the account and Region. To limit the output to a particular custom key store,
- // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter,
- // but not both.
+ // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but
+ // not both.
CustomKeyStoreId *string `min:"1" type:"string"`
// Gets only information about the specified custom key store. Enter the friendly
@@ -10725,8 +11727,8 @@ type DescribeCustomKeyStoresInput struct {
//
// By default, this operation gets information about all custom key stores in
// the account and Region. To limit the output to a particular custom key store,
- // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter,
- // but not both.
+ // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but
+ // not both.
CustomKeyStoreName *string `min:"1" type:"string"`
// Use this parameter to specify the maximum number of items to return. When
@@ -11361,13 +12363,13 @@ func (s EnableKeyOutput) GoString() string {
type EnableKeyRotationInput struct {
_ struct{} `type:"structure"`
- // Identifies a symmetric encryption KMS key. You cannot enable or disable automatic
- // rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
+ // Identifies a symmetric encryption KMS key. You cannot enable automatic rotation
+ // of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
- // The key rotation status of these KMS keys is always false. To enable or disable
- // automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
+ // To enable or disable automatic rotation of a set of related multi-Region
+ // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key.
//
// Specify the key ID or key ARN of the KMS key.
@@ -11455,6 +12457,8 @@ type EncryptInput struct {
// This parameter is required only for asymmetric KMS keys. The default value,
// SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys.
// If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.
+ //
+ // The SM2PKE algorithm is only available in China Regions.
EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"`
// Specifies the encryption context that will be used to encrypt the data. An
@@ -11963,8 +12967,7 @@ type GenerateDataKeyPairInput struct {
// encrypt and decrypt or to sign and verify (but not both), and the rule that
// permits you to use ECC KMS keys only to sign and verify, are not effective
// on data key pairs, which are used outside of KMS. The SM2 key spec is only
- // available in China Regions. RSA and ECC asymmetric key pairs are also available
- // in China Regions.
+ // available in China Regions.
//
// KeyPairSpec is a required field
KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"`
@@ -12169,8 +13172,7 @@ type GenerateDataKeyPairWithoutPlaintextInput struct {
// encrypt and decrypt or to sign and verify (but not both), and the rule that
// permits you to use ECC KMS keys only to sign and verify, are not effective
// on data key pairs, which are used outside of KMS. The SM2 key spec is only
- // available in China Regions. RSA and ECC asymmetric key pairs are also available
- // in China Regions.
+ // available in China Regions.
//
// KeyPairSpec is a required field
KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"`
@@ -12592,8 +13594,10 @@ type GenerateMacOutput struct {
// The HMAC KMS key used in the operation.
KeyId *string `min:"1" type:"string"`
- // The hash-based message authentication code (HMAC) for the given message,
- // key, and MAC algorithm.
+ // The hash-based message authentication code (HMAC) that was generated for
+ // the specified message, HMAC KMS key, and MAC algorithm.
+ //
+ // This is the standard, raw HMAC defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104).
// Mac is automatically base64 encoded/decoded by the SDK.
Mac []byte `min:"1" type:"blob"`
@@ -12641,8 +13645,11 @@ type GenerateRandomInput struct {
_ struct{} `type:"structure"`
// Generates the random byte string in the CloudHSM cluster that is associated
- // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
- // To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
+ // with the specified CloudHSM key store. To find the ID of a custom key store,
+ // use the DescribeCustomKeyStores operation.
+ //
+ // External key store IDs are not valid for this parameter. If you specify the
+ // ID of an external key store, GenerateRandom throws an UnsupportedOperationException.
CustomKeyStoreId *string `min:"1" type:"string"`
// The length of the random byte string. This parameter is required.
@@ -13183,7 +14190,7 @@ type GetPublicKeyOutput struct {
//
// The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend
// that you use the KeySpec field in your code. However, to avoid breaking changes,
- // KMS will support both fields.
+ // KMS supports both fields.
//
// Deprecated: This field has been deprecated. Instead, use the KeySpec field.
CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"`
@@ -13293,10 +14300,10 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp
//
// KMS applies the grant constraints only to cryptographic operations that support
// an encryption context, that is, all cryptographic operations with a symmetric
-// encryption KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks).
+// KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks).
// Grant constraints are not applied to operations that do not support an encryption
-// context, such as cryptographic operations with HMAC KMS keys or asymmetric
-// KMS keys, and management operations, such as DescribeKey or RetireGrant.
+// context, such as cryptographic operations with asymmetric KMS keys and management
+// operations, such as DescribeKey or RetireGrant.
//
// In a cryptographic operation, the encryption context in the decryption operation
// must be an exact, case-sensitive match for the keys and values in the encryption
@@ -13481,9 +14488,15 @@ type ImportKeyMaterialInput struct {
// EncryptedKeyMaterial is a required field
EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"`
- // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES,
- // in which case you must include the ValidTo parameter. When this parameter
- // is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter.
+ // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES.
+ //
+ // When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify
+ // a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE,
+ // you must omit the ValidTo parameter.
+ //
+ // You cannot change the ExpirationModel or ValidTo values for the current import
+ // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial)
+ // and reimport the key material.
ExpirationModel *string `type:"string" enum:"ExpirationModelType"`
// The import token that you received in the response to a previous GetParametersForImport
@@ -13514,10 +14527,20 @@ type ImportKeyMaterialInput struct {
// KeyId is a required field
KeyId *string `min:"1" type:"string" required:"true"`
- // The time at which the imported key material expires. When the key material
- // expires, KMS deletes the key material and the KMS key becomes unusable. You
- // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE.
- // Otherwise it is required.
+ // The date and time when the imported key material expires. This parameter
+ // is required when the value of the ExpirationModel parameter is KEY_MATERIAL_EXPIRES.
+ // Otherwise it is not valid.
+ //
+ // The value of this parameter must be a future date and time. The maximum value
+ // is 365 days from the request date.
+ //
+ // When the key material expires, KMS deletes the key material from the KMS
+ // key. Without its key material, the KMS key is unusable. To use the KMS key
+ // in cryptographic operations, you must reimport the same key material.
+ //
+ // You cannot change the ExpirationModel or ValidTo values for the current import
+ // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial)
+ // and reimport the key material.
ValidTo *time.Time `type:"timestamp"`
}
@@ -13752,9 +14775,10 @@ func (s *IncorrectKeyMaterialException) RequestID() string {
}
// The request was rejected because the trust anchor certificate in the request
-// is not the trust anchor certificate for the specified CloudHSM cluster.
+// to create an CloudHSM key store is not the trust anchor certificate for the
+// specified CloudHSM cluster.
//
-// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
+// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
// you create the trust anchor certificate and save it in the customerCA.crt
// file.
type IncorrectTrustAnchorException struct {
@@ -14423,9 +15447,17 @@ func (s *InvalidMarkerException) RequestID() string {
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
-// For more information about how key state affects the use of a KMS key, see
-// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
-// in the Key Management Service Developer Guide .
+// This exceptions means one of the following:
+//
+// - The key state of the KMS key is not compatible with the operation. To
+// find the key state, use the DescribeKey operation. For more information
+// about which key states are compatible with each KMS operation, see Key
+// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+// in the Key Management Service Developer Guide .
+//
+// - For cryptographic operations on KMS keys in custom key stores, this
+// exception represents a general failure with many possible causes. To identify
+// the cause, see the error message that accompanies the exception.
type InvalidStateException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -14664,8 +15696,8 @@ func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry {
// Contains metadata about a KMS key.
//
-// This data type is used as a response element for the CreateKey and DescribeKey
-// operations.
+// This data type is used as a response element for the CreateKey, DescribeKey,
+// and ReplicateKey operations.
type KeyMetadata struct {
_ struct{} `type:"structure"`
@@ -14679,16 +15711,17 @@ type KeyMetadata struct {
Arn *string `min:"20" type:"string"`
// The cluster ID of the CloudHSM cluster that contains the key material for
- // the KMS key. When you create a KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html),
+ // the KMS key. When you create a KMS key in an CloudHSM custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html),
// KMS creates the key material for the KMS key in the associated CloudHSM cluster.
- // This value is present only when the KMS key is created in a custom key store.
+ // This field is present only when the KMS key is created in an CloudHSM key
+ // store.
CloudHsmClusterId *string `min:"19" type:"string"`
// The date and time when the KMS key was created.
CreationDate *time.Time `type:"timestamp"`
// A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
- // that contains the KMS key. This value is present only when the KMS key is
+ // that contains the KMS key. This field is present only when the KMS key is
// created in a custom key store.
CustomKeyStoreId *string `min:"1" type:"string"`
@@ -14696,7 +15729,7 @@ type KeyMetadata struct {
//
// The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend
// that you use the KeySpec field in your code. However, to avoid breaking changes,
- // KMS will support both fields.
+ // KMS supports both fields.
//
// Deprecated: This field has been deprecated. Instead, use the KeySpec field.
CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"`
@@ -14814,6 +15847,13 @@ type KeyMetadata struct {
// value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel
// is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.
ValidTo *time.Time `type:"timestamp"`
+
+ // Information about the external key that is associated with a KMS key in an
+ // external key store.
+ //
+ // For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)
+ // in the Key Management Service Developer Guide.
+ XksKeyConfiguration *XksKeyConfigurationType `type:"structure"`
}
// String returns the string representation.
@@ -14972,6 +16012,12 @@ func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata {
return s
}
+// SetXksKeyConfiguration sets the XksKeyConfiguration field's value.
+func (s *KeyMetadata) SetXksKeyConfiguration(v *XksKeyConfigurationType) *KeyMetadata {
+ s.XksKeyConfiguration = v
+ return s
+}
+
// The request was rejected because the specified KMS key was not available.
// You can retry the request.
type KeyUnavailableException struct {
@@ -15781,7 +16827,7 @@ type ListResourceTagsOutput struct {
// A list of tags. Each tag consists of a tag key and a tag value.
//
// Tagging or untagging a KMS key can allow or deny permission to the KMS key.
- // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+ // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
Tags []*Tag `type:"list"`
@@ -16208,7 +17254,7 @@ type PutKeyPolicyInput struct {
// characters
//
// For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)
- // in the Key Management Service Developer Guide. For help writing and formatting
+ // in the Key Management Service Developer Guide.For help writing and formatting
// a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html)
// in the Identity and Access Management User Guide .
//
@@ -16720,7 +17766,7 @@ type ReplicateKeyInput struct {
// operation.
//
// Tagging or untagging a KMS key can allow or deny permission to the KMS key.
- // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
+ // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html)
// in the Key Management Service Developer Guide.
//
// To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html)
@@ -17863,8 +18909,8 @@ type UpdateAliasInput struct {
//
// The KMS key must be in the same Amazon Web Services account and Region as
// the alias. Also, the new target KMS key must be the same type as the current
- // target KMS key (both symmetric or both asymmetric) and they must have the
- // same key usage.
+ // target KMS key (both symmetric or both asymmetric or both HMAC) and they
+ // must have the same key usage.
//
// Specify the key ID or key ARN of the KMS key.
//
@@ -17959,7 +19005,8 @@ func (s UpdateAliasOutput) GoString() string {
type UpdateCustomKeyStoreInput struct {
_ struct{} `type:"structure"`
- // Associates the custom key store with a related CloudHSM cluster.
+ // Associates the custom key store with a related CloudHSM cluster. This parameter
+ // is valid only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
//
// Enter the cluster ID of the cluster that you used to create the custom key
// store or a cluster that shares a backup history and has the same cluster
@@ -17969,6 +19016,8 @@ type UpdateCustomKeyStoreInput struct {
// for a cluster associated with a custom key store. To view the cluster certificate
// of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
+ //
+ // To change this value, the CloudHSM key store must be disconnected.
CloudHsmClusterId *string `min:"19" type:"string"`
// Identifies the custom key store that you want to update. Enter the ID of
@@ -17979,12 +19028,15 @@ type UpdateCustomKeyStoreInput struct {
CustomKeyStoreId *string `min:"1" type:"string" required:"true"`
// Enter the current password of the kmsuser crypto user (CU) in the CloudHSM
- // cluster that is associated with the custom key store.
+ // cluster that is associated with the custom key store. This parameter is valid
+ // only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
//
// This parameter tells KMS the current password of the kmsuser crypto user
// (CU). It does not set or change the password of any users in the CloudHSM
// cluster.
//
+ // To change this value, the CloudHSM key store must be disconnected.
+ //
// KeyStorePassword is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by UpdateCustomKeyStoreInput's
// String and GoString methods.
@@ -17992,7 +19044,82 @@ type UpdateCustomKeyStoreInput struct {
// Changes the friendly name of the custom key store to the value that you specify.
// The custom key store name must be unique in the Amazon Web Services account.
+ //
+ // To change this value, an CloudHSM key store must be disconnected. An external
+ // key store can be connected or disconnected.
NewCustomKeyStoreName *string `min:"1" type:"string"`
+
+ // Changes the credentials that KMS uses to sign requests to the external key
+ // store proxy (XKS proxy). This parameter is valid only for custom key stores
+ // with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
+ //
+ // You must specify both the AccessKeyId and SecretAccessKey value in the authentication
+ // credential, even if you are only updating one value.
+ //
+ // This parameter doesn't establish or change your authentication credentials
+ // on the proxy. It just tells KMS the credential that you established with
+ // your external key store proxy. For example, if you rotate the credential
+ // on your external key store proxy, you can use this parameter to update the
+ // credential in KMS.
+ //
+ // You can change this value when the external key store is connected or disconnected.
+ XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"`
+
+ // Changes the connectivity setting for the external key store. To indicate
+ // that the external key store proxy uses a Amazon VPC endpoint service to communicate
+ // with KMS, specify VPC_ENDPOINT_SERVICE. Otherwise, specify PUBLIC_ENDPOINT.
+ //
+ // If you change the XksProxyConnectivity to VPC_ENDPOINT_SERVICE, you must
+ // also change the XksProxyUriEndpoint and add an XksProxyVpcEndpointServiceName
+ // value.
+ //
+ // If you change the XksProxyConnectivity to PUBLIC_ENDPOINT, you must also
+ // change the XksProxyUriEndpoint and specify a null or empty string for the
+ // XksProxyVpcEndpointServiceName value.
+ //
+ // To change this value, the external key store must be disconnected.
+ XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"`
+
+ // Changes the URI endpoint that KMS uses to connect to your external key store
+ // proxy (XKS proxy). This parameter is valid only for custom key stores with
+ // a CustomKeyStoreType of EXTERNAL_KEY_STORE.
+ //
+ // For external key stores with an XksProxyConnectivity value of PUBLIC_ENDPOINT,
+ // the protocol must be HTTPS.
+ //
+ // For external key stores with an XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
+ // specify https:// followed by the private DNS name associated with the VPC
+ // endpoint service. Each external key store must use a different private DNS
+ // name.
+ //
+ // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique
+ // in the Amazon Web Services account and Region.
+ //
+ // To change this value, the external key store must be disconnected.
+ XksProxyUriEndpoint *string `min:"10" type:"string"`
+
+ // Changes the base path to the proxy APIs for this external key store. To find
+ // this value, see the documentation for your external key manager and external
+ // key store proxy (XKS proxy). This parameter is valid only for custom key
+ // stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
+ //
+ // The value must start with / and must end with /kms/xks/v1, where v1 represents
+ // the version of the KMS external key store proxy API. You can include an optional
+ // prefix between the required elements such as /example/kms/xks/v1.
+ //
+ // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique
+ // in the Amazon Web Services account and Region.
+ //
+ // You can change this value when the external key store is connected or disconnected.
+ XksProxyUriPath *string `min:"10" type:"string"`
+
+ // Changes the name that KMS uses to identify the Amazon VPC endpoint service
+ // for your external key store proxy (XKS proxy). This parameter is valid when
+ // the CustomKeyStoreType is EXTERNAL_KEY_STORE and the XksProxyConnectivity
+ // is VPC_ENDPOINT_SERVICE.
+ //
+ // To change this value, the external key store must be disconnected.
+ XksProxyVpcEndpointServiceName *string `min:"20" type:"string"`
}
// String returns the string representation.
@@ -18031,6 +19158,20 @@ func (s *UpdateCustomKeyStoreInput) Validate() error {
if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1))
}
+ if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 {
+ invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10))
+ }
+ if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 {
+ invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10))
+ }
+ if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20))
+ }
+ if s.XksProxyAuthenticationCredential != nil {
+ if err := s.XksProxyAuthenticationCredential.Validate(); err != nil {
+ invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams))
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -18062,6 +19203,36 @@ func (s *UpdateCustomKeyStoreInput) SetNewCustomKeyStoreName(v string) *UpdateCu
return s
}
+// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value.
+func (s *UpdateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *UpdateCustomKeyStoreInput {
+ s.XksProxyAuthenticationCredential = v
+ return s
+}
+
+// SetXksProxyConnectivity sets the XksProxyConnectivity field's value.
+func (s *UpdateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *UpdateCustomKeyStoreInput {
+ s.XksProxyConnectivity = &v
+ return s
+}
+
+// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value.
+func (s *UpdateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *UpdateCustomKeyStoreInput {
+ s.XksProxyUriEndpoint = &v
+ return s
+}
+
+// SetXksProxyUriPath sets the XksProxyUriPath field's value.
+func (s *UpdateCustomKeyStoreInput) SetXksProxyUriPath(v string) *UpdateCustomKeyStoreInput {
+ s.XksProxyUriPath = &v
+ return s
+}
+
+// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value.
+func (s *UpdateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *UpdateCustomKeyStoreInput {
+ s.XksProxyVpcEndpointServiceName = &v
+ return s
+}
+
type UpdateCustomKeyStoreOutput struct {
_ struct{} `type:"structure"`
}
@@ -18683,77 +19854,1131 @@ func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput {
return s
}
-const (
- // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value
- AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5"
+// The request was rejected because the (XksKeyId) is already associated with
+// a KMS key in this external key store. Each KMS key in an external key store
+// must be associated with a different external key.
+type XksKeyAlreadyInUseException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
- // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value
- AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1"
+ Message_ *string `locationName:"message" type:"string"`
+}
- // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value
- AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256"
-)
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyAlreadyInUseException) String() string {
+ return awsutil.Prettify(s)
+}
-// AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum
-func AlgorithmSpec_Values() []string {
- return []string{
- AlgorithmSpecRsaesPkcs1V15,
- AlgorithmSpecRsaesOaepSha1,
- AlgorithmSpecRsaesOaepSha256,
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyAlreadyInUseException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksKeyAlreadyInUseException(v protocol.ResponseMetadata) error {
+ return &XksKeyAlreadyInUseException{
+ RespMetadata: v,
}
}
-const (
- // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS"
+// Code returns the exception type name.
+func (s *XksKeyAlreadyInUseException) Code() string {
+ return "XksKeyAlreadyInUseException"
+}
- // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND"
+// Message returns the exception's message.
+func (s *XksKeyAlreadyInUseException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
- // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS"
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksKeyAlreadyInUseException) OrigErr() error {
+ return nil
+}
- // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR"
+func (s *XksKeyAlreadyInUseException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
- // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS"
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksKeyAlreadyInUseException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
- // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT"
+// RequestID returns the service's response RequestID for request.
+func (s *XksKeyAlreadyInUseException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
- // ConnectionErrorCodeTypeUserNotFound is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeUserNotFound = "USER_NOT_FOUND"
+// Information about the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)that
+// is associated with a KMS key in an external key store.
+//
+// These fields appear in a CreateKey or DescribeKey response only for a KMS
+// key in an external key store.
+//
+// The external key is a symmetric encryption key that is hosted by an external
+// key manager outside of Amazon Web Services. When you use the KMS key in an
+// external key store in a cryptographic operation, the cryptographic operation
+// is performed in the external key manager using the specified external key.
+// For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)
+// in the Key Management Service Developer Guide.
+type XksKeyConfigurationType struct {
+ _ struct{} `type:"structure"`
- // ConnectionErrorCodeTypeUserLoggedIn is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeUserLoggedIn = "USER_LOGGED_IN"
+ // The ID of the external key in its external key manager. This is the ID that
+ // the external key store proxy uses to identify the external key.
+ Id *string `min:"1" type:"string"`
+}
- // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND"
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyConfigurationType) String() string {
+ return awsutil.Prettify(s)
+}
- // ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet is a ConnectionErrorCodeType enum value
- ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET"
-)
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyConfigurationType) GoString() string {
+ return s.String()
+}
-// ConnectionErrorCodeType_Values returns all elements of the ConnectionErrorCodeType enum
-func ConnectionErrorCodeType_Values() []string {
- return []string{
- ConnectionErrorCodeTypeInvalidCredentials,
- ConnectionErrorCodeTypeClusterNotFound,
- ConnectionErrorCodeTypeNetworkErrors,
- ConnectionErrorCodeTypeInternalError,
- ConnectionErrorCodeTypeInsufficientCloudhsmHsms,
- ConnectionErrorCodeTypeUserLockedOut,
- ConnectionErrorCodeTypeUserNotFound,
- ConnectionErrorCodeTypeUserLoggedIn,
- ConnectionErrorCodeTypeSubnetNotFound,
- ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet,
- }
+// SetId sets the Id field's value.
+func (s *XksKeyConfigurationType) SetId(v string) *XksKeyConfigurationType {
+ s.Id = &v
+ return s
}
-const (
- // ConnectionStateTypeConnected is a ConnectionStateType enum value
- ConnectionStateTypeConnected = "CONNECTED"
+// The request was rejected because the external key specified by the XksKeyId
+// parameter did not meet the configuration requirements for an external key
+// store.
+//
+// The external key must be an AES-256 symmetric key that is enabled and performs
+// encryption and decryption.
+type XksKeyInvalidConfigurationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyInvalidConfigurationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyInvalidConfigurationException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksKeyInvalidConfigurationException(v protocol.ResponseMetadata) error {
+ return &XksKeyInvalidConfigurationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksKeyInvalidConfigurationException) Code() string {
+ return "XksKeyInvalidConfigurationException"
+}
+
+// Message returns the exception's message.
+func (s *XksKeyInvalidConfigurationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksKeyInvalidConfigurationException) OrigErr() error {
+ return nil
+}
+
+func (s *XksKeyInvalidConfigurationException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksKeyInvalidConfigurationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksKeyInvalidConfigurationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because the external key store proxy could not find
+// the external key. This exception is thrown when the value of the XksKeyId
+// parameter doesn't identify a key in the external key manager associated with
+// the external key proxy.
+//
+// Verify that the XksKeyId represents an existing key in the external key manager.
+// Use the key identifier that the external key store proxy uses to identify
+// the key. For details, see the documentation provided with your external key
+// store proxy or key manager.
+type XksKeyNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksKeyNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksKeyNotFoundException(v protocol.ResponseMetadata) error {
+ return &XksKeyNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksKeyNotFoundException) Code() string {
+ return "XksKeyNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *XksKeyNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksKeyNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *XksKeyNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksKeyNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksKeyNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// KMS uses the authentication credential to sign requests that it sends to
+// the external key store proxy (XKS proxy) on your behalf. You establish these
+// credentials on your external key store proxy and report them to KMS.
+//
+// The XksProxyAuthenticationCredential includes two required elements.
+type XksProxyAuthenticationCredentialType struct {
+ _ struct{} `type:"structure"`
+
+ // A unique identifier for the raw secret access key.
+ //
+ // AccessKeyId is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's
+ // String and GoString methods.
+ //
+ // AccessKeyId is a required field
+ AccessKeyId *string `min:"20" type:"string" required:"true" sensitive:"true"`
+
+ // A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9,
+ // /, +, and =.
+ //
+ // RawSecretAccessKey is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's
+ // String and GoString methods.
+ //
+ // RawSecretAccessKey is a required field
+ RawSecretAccessKey *string `min:"43" type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyAuthenticationCredentialType) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyAuthenticationCredentialType) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *XksProxyAuthenticationCredentialType) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "XksProxyAuthenticationCredentialType"}
+ if s.AccessKeyId == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
+ }
+ if s.AccessKeyId != nil && len(*s.AccessKeyId) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 20))
+ }
+ if s.RawSecretAccessKey == nil {
+ invalidParams.Add(request.NewErrParamRequired("RawSecretAccessKey"))
+ }
+ if s.RawSecretAccessKey != nil && len(*s.RawSecretAccessKey) < 43 {
+ invalidParams.Add(request.NewErrParamMinLen("RawSecretAccessKey", 43))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *XksProxyAuthenticationCredentialType) SetAccessKeyId(v string) *XksProxyAuthenticationCredentialType {
+ s.AccessKeyId = &v
+ return s
+}
+
+// SetRawSecretAccessKey sets the RawSecretAccessKey field's value.
+func (s *XksProxyAuthenticationCredentialType) SetRawSecretAccessKey(v string) *XksProxyAuthenticationCredentialType {
+ s.RawSecretAccessKey = &v
+ return s
+}
+
+// Detailed information about the external key store proxy (XKS proxy). Your
+// external key store proxy translates KMS requests into a format that your
+// external key manager can understand. These fields appear in a DescribeCustomKeyStores
+// response only when the CustomKeyStoreType is EXTERNAL_KEY_STORE.
+type XksProxyConfigurationType struct {
+ _ struct{} `type:"structure"`
+
+ // The part of the external key store proxy authentication credential (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential)
+ // that uniquely identifies the secret access key.
+ //
+ // AccessKeyId is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by XksProxyConfigurationType's
+ // String and GoString methods.
+ AccessKeyId *string `min:"20" type:"string" sensitive:"true"`
+
+ // Indicates whether the external key store proxy uses a public endpoint or
+ // an Amazon VPC endpoint service to communicate with KMS.
+ Connectivity *string `type:"string" enum:"XksProxyConnectivityType"`
+
+ // The URI endpoint for the external key store proxy.
+ //
+ // If the external key store proxy has a public endpoint, it is displayed here.
+ //
+ // If the external key store proxy uses an Amazon VPC endpoint service name,
+ // this field displays the private DNS name associated with the VPC endpoint
+ // service.
+ UriEndpoint *string `min:"10" type:"string"`
+
+ // The path to the external key store proxy APIs.
+ UriPath *string `min:"10" type:"string"`
+
+ // The Amazon VPC endpoint service used to communicate with the external key
+ // store proxy. This field appears only when the external key store proxy uses
+ // an Amazon VPC endpoint service to communicate with KMS.
+ VpcEndpointServiceName *string `min:"20" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyConfigurationType) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyConfigurationType) GoString() string {
+ return s.String()
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *XksProxyConfigurationType) SetAccessKeyId(v string) *XksProxyConfigurationType {
+ s.AccessKeyId = &v
+ return s
+}
+
+// SetConnectivity sets the Connectivity field's value.
+func (s *XksProxyConfigurationType) SetConnectivity(v string) *XksProxyConfigurationType {
+ s.Connectivity = &v
+ return s
+}
+
+// SetUriEndpoint sets the UriEndpoint field's value.
+func (s *XksProxyConfigurationType) SetUriEndpoint(v string) *XksProxyConfigurationType {
+ s.UriEndpoint = &v
+ return s
+}
+
+// SetUriPath sets the UriPath field's value.
+func (s *XksProxyConfigurationType) SetUriPath(v string) *XksProxyConfigurationType {
+ s.UriPath = &v
+ return s
+}
+
+// SetVpcEndpointServiceName sets the VpcEndpointServiceName field's value.
+func (s *XksProxyConfigurationType) SetVpcEndpointServiceName(v string) *XksProxyConfigurationType {
+ s.VpcEndpointServiceName = &v
+ return s
+}
+
+// The request was rejected because the proxy credentials failed to authenticate
+// to the specified external key store proxy. The specified external key store
+// proxy rejected a status request from KMS due to invalid credentials. This
+// can indicate an error in the credentials or in the identification of the
+// external key store proxy.
+type XksProxyIncorrectAuthenticationCredentialException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyIncorrectAuthenticationCredentialException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyIncorrectAuthenticationCredentialException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyIncorrectAuthenticationCredentialException(v protocol.ResponseMetadata) error {
+ return &XksProxyIncorrectAuthenticationCredentialException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyIncorrectAuthenticationCredentialException) Code() string {
+ return "XksProxyIncorrectAuthenticationCredentialException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyIncorrectAuthenticationCredentialException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyIncorrectAuthenticationCredentialException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyIncorrectAuthenticationCredentialException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyIncorrectAuthenticationCredentialException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyIncorrectAuthenticationCredentialException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because the Amazon VPC endpoint service configuration
+// does not fulfill the requirements for an external key store proxy. For details,
+// see the exception message.
+type XksProxyInvalidConfigurationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyInvalidConfigurationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyInvalidConfigurationException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyInvalidConfigurationException(v protocol.ResponseMetadata) error {
+ return &XksProxyInvalidConfigurationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyInvalidConfigurationException) Code() string {
+ return "XksProxyInvalidConfigurationException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyInvalidConfigurationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyInvalidConfigurationException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyInvalidConfigurationException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyInvalidConfigurationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyInvalidConfigurationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// KMS cannot interpret the response it received from the external key store
+// proxy. The problem might be a poorly constructed response, but it could also
+// be a transient network issue. If you see this error repeatedly, report it
+// to the proxy vendor.
+type XksProxyInvalidResponseException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyInvalidResponseException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyInvalidResponseException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyInvalidResponseException(v protocol.ResponseMetadata) error {
+ return &XksProxyInvalidResponseException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyInvalidResponseException) Code() string {
+ return "XksProxyInvalidResponseException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyInvalidResponseException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyInvalidResponseException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyInvalidResponseException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyInvalidResponseException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyInvalidResponseException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because the concatenation of the XksProxyUriEndpoint
+// is already associated with an external key store in the Amazon Web Services
+// account and Region. Each external key store in an account and Region must
+// use a unique external key store proxy address.
+type XksProxyUriEndpointInUseException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyUriEndpointInUseException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyUriEndpointInUseException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyUriEndpointInUseException(v protocol.ResponseMetadata) error {
+ return &XksProxyUriEndpointInUseException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyUriEndpointInUseException) Code() string {
+ return "XksProxyUriEndpointInUseException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyUriEndpointInUseException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyUriEndpointInUseException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyUriEndpointInUseException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyUriEndpointInUseException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyUriEndpointInUseException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because the concatenation of the XksProxyUriEndpoint
+// and XksProxyUriPath is already associated with an external key store in the
+// Amazon Web Services account and Region. Each external key store in an account
+// and Region must use a unique external key store proxy API address.
+type XksProxyUriInUseException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyUriInUseException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyUriInUseException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyUriInUseException(v protocol.ResponseMetadata) error {
+ return &XksProxyUriInUseException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyUriInUseException) Code() string {
+ return "XksProxyUriInUseException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyUriInUseException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyUriInUseException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyUriInUseException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyUriInUseException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyUriInUseException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable
+// before you create the external key store or update its settings.
+//
+// This exception is also thrown when the external key store proxy response
+// to a GetHealthStatus request indicates that all external key manager instances
+// are unavailable.
+type XksProxyUriUnreachableException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyUriUnreachableException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyUriUnreachableException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyUriUnreachableException(v protocol.ResponseMetadata) error {
+ return &XksProxyUriUnreachableException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyUriUnreachableException) Code() string {
+ return "XksProxyUriUnreachableException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyUriUnreachableException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyUriUnreachableException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyUriUnreachableException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyUriUnreachableException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyUriUnreachableException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because the specified Amazon VPC endpoint service
+// is already associated with an external key store in the Amazon Web Services
+// account and Region. Each external key store in an Amazon Web Services account
+// and Region must use a different Amazon VPC endpoint service.
+type XksProxyVpcEndpointServiceInUseException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyVpcEndpointServiceInUseException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyVpcEndpointServiceInUseException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyVpcEndpointServiceInUseException(v protocol.ResponseMetadata) error {
+ return &XksProxyVpcEndpointServiceInUseException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyVpcEndpointServiceInUseException) Code() string {
+ return "XksProxyVpcEndpointServiceInUseException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyVpcEndpointServiceInUseException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyVpcEndpointServiceInUseException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyVpcEndpointServiceInUseException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyVpcEndpointServiceInUseException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyVpcEndpointServiceInUseException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because the Amazon VPC endpoint service configuration
+// does not fulfill the requirements for an external key store proxy. For details,
+// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+// for Amazon VPC endpoint service connectivity for an external key store.
+type XksProxyVpcEndpointServiceInvalidConfigurationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyVpcEndpointServiceInvalidConfigurationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyVpcEndpointServiceInvalidConfigurationException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyVpcEndpointServiceInvalidConfigurationException(v protocol.ResponseMetadata) error {
+ return &XksProxyVpcEndpointServiceInvalidConfigurationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Code() string {
+ return "XksProxyVpcEndpointServiceInvalidConfigurationException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because KMS could not find the specified VPC endpoint
+// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name
+// for the external key store. Also, confirm that the Allow principals list
+// for the VPC endpoint service includes the KMS service principal for the Region,
+// such as cks.kms.us-east-1.amazonaws.com.
+type XksProxyVpcEndpointServiceNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyVpcEndpointServiceNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s XksProxyVpcEndpointServiceNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorXksProxyVpcEndpointServiceNotFoundException(v protocol.ResponseMetadata) error {
+ return &XksProxyVpcEndpointServiceNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *XksProxyVpcEndpointServiceNotFoundException) Code() string {
+ return "XksProxyVpcEndpointServiceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *XksProxyVpcEndpointServiceNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *XksProxyVpcEndpointServiceNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *XksProxyVpcEndpointServiceNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *XksProxyVpcEndpointServiceNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *XksProxyVpcEndpointServiceNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+const (
+ // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value
+ AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5"
+
+ // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value
+ AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1"
+
+ // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value
+ AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256"
+)
+
+// AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum
+func AlgorithmSpec_Values() []string {
+ return []string{
+ AlgorithmSpecRsaesPkcs1V15,
+ AlgorithmSpecRsaesOaepSha1,
+ AlgorithmSpecRsaesOaepSha256,
+ }
+}
+
+const (
+ // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS"
+
+ // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND"
+
+ // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS"
+
+ // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR"
+
+ // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS"
+
+ // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT"
+
+ // ConnectionErrorCodeTypeUserNotFound is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeUserNotFound = "USER_NOT_FOUND"
+
+ // ConnectionErrorCodeTypeUserLoggedIn is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeUserLoggedIn = "USER_LOGGED_IN"
+
+ // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND"
+
+ // ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET"
+
+ // ConnectionErrorCodeTypeXksProxyAccessDenied is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksProxyAccessDenied = "XKS_PROXY_ACCESS_DENIED"
+
+ // ConnectionErrorCodeTypeXksProxyNotReachable is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksProxyNotReachable = "XKS_PROXY_NOT_REACHABLE"
+
+ // ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound = "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND"
+
+ // ConnectionErrorCodeTypeXksProxyInvalidResponse is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksProxyInvalidResponse = "XKS_PROXY_INVALID_RESPONSE"
+
+ // ConnectionErrorCodeTypeXksProxyInvalidConfiguration is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksProxyInvalidConfiguration = "XKS_PROXY_INVALID_CONFIGURATION"
+
+ // ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration = "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION"
+
+ // ConnectionErrorCodeTypeXksProxyTimedOut is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksProxyTimedOut = "XKS_PROXY_TIMED_OUT"
+
+ // ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration is a ConnectionErrorCodeType enum value
+ ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration = "XKS_PROXY_INVALID_TLS_CONFIGURATION"
+)
+
+// ConnectionErrorCodeType_Values returns all elements of the ConnectionErrorCodeType enum
+func ConnectionErrorCodeType_Values() []string {
+ return []string{
+ ConnectionErrorCodeTypeInvalidCredentials,
+ ConnectionErrorCodeTypeClusterNotFound,
+ ConnectionErrorCodeTypeNetworkErrors,
+ ConnectionErrorCodeTypeInternalError,
+ ConnectionErrorCodeTypeInsufficientCloudhsmHsms,
+ ConnectionErrorCodeTypeUserLockedOut,
+ ConnectionErrorCodeTypeUserNotFound,
+ ConnectionErrorCodeTypeUserLoggedIn,
+ ConnectionErrorCodeTypeSubnetNotFound,
+ ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet,
+ ConnectionErrorCodeTypeXksProxyAccessDenied,
+ ConnectionErrorCodeTypeXksProxyNotReachable,
+ ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound,
+ ConnectionErrorCodeTypeXksProxyInvalidResponse,
+ ConnectionErrorCodeTypeXksProxyInvalidConfiguration,
+ ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration,
+ ConnectionErrorCodeTypeXksProxyTimedOut,
+ ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration,
+ }
+}
+
+const (
+ // ConnectionStateTypeConnected is a ConnectionStateType enum value
+ ConnectionStateTypeConnected = "CONNECTED"
// ConnectionStateTypeConnecting is a ConnectionStateType enum value
ConnectionStateTypeConnecting = "CONNECTING"
@@ -18779,6 +21004,22 @@ func ConnectionStateType_Values() []string {
}
}
+const (
+ // CustomKeyStoreTypeAwsCloudhsm is a CustomKeyStoreType enum value
+ CustomKeyStoreTypeAwsCloudhsm = "AWS_CLOUDHSM"
+
+ // CustomKeyStoreTypeExternalKeyStore is a CustomKeyStoreType enum value
+ CustomKeyStoreTypeExternalKeyStore = "EXTERNAL_KEY_STORE"
+)
+
+// CustomKeyStoreType_Values returns all elements of the CustomKeyStoreType enum
+func CustomKeyStoreType_Values() []string {
+ return []string{
+ CustomKeyStoreTypeAwsCloudhsm,
+ CustomKeyStoreTypeExternalKeyStore,
+ }
+}
+
const (
// CustomerMasterKeySpecRsa2048 is a CustomerMasterKeySpec enum value
CustomerMasterKeySpecRsa2048 = "RSA_2048"
@@ -19208,6 +21449,9 @@ const (
// OriginTypeAwsCloudhsm is a OriginType enum value
OriginTypeAwsCloudhsm = "AWS_CLOUDHSM"
+
+ // OriginTypeExternalKeyStore is a OriginType enum value
+ OriginTypeExternalKeyStore = "EXTERNAL_KEY_STORE"
)
// OriginType_Values returns all elements of the OriginType enum
@@ -19216,6 +21460,7 @@ func OriginType_Values() []string {
OriginTypeAwsKms,
OriginTypeExternal,
OriginTypeAwsCloudhsm,
+ OriginTypeExternalKeyStore,
}
}
@@ -19278,3 +21523,19 @@ func WrappingKeySpec_Values() []string {
WrappingKeySpecRsa2048,
}
}
+
+const (
+ // XksProxyConnectivityTypePublicEndpoint is a XksProxyConnectivityType enum value
+ XksProxyConnectivityTypePublicEndpoint = "PUBLIC_ENDPOINT"
+
+ // XksProxyConnectivityTypeVpcEndpointService is a XksProxyConnectivityType enum value
+ XksProxyConnectivityTypeVpcEndpointService = "VPC_ENDPOINT_SERVICE"
+)
+
+// XksProxyConnectivityType_Values returns all elements of the XksProxyConnectivityType enum
+func XksProxyConnectivityType_Values() []string {
+ return []string{
+ XksProxyConnectivityTypePublicEndpoint,
+ XksProxyConnectivityTypeVpcEndpointService,
+ }
+}
diff --git a/service/kms/doc.go b/service/kms/doc.go
index d926e08e68..7dc9bd4427 100644
--- a/service/kms/doc.go
+++ b/service/kms/doc.go
@@ -8,7 +8,7 @@
// For general information about KMS, see the Key Management Service Developer
// Guide (https://docs.aws.amazon.com/kms/latest/developerguide/).
//
-// KMS is replacing the term customer master key (CMK) with KMS key and KMS
+// KMS has replaced the term customer master key (CMK) with KMS key and KMS
// key. The concept has not changed. To prevent breaking changes, KMS is keeping
// some variations of this term.
//
@@ -40,7 +40,7 @@
//
// Requests must be signed by using an access key ID and a secret access key.
// We strongly recommend that you do not use your Amazon Web Services account
-// (root) access key ID and secret key for everyday work with KMS. Instead,
+// (root) access key ID and secret access key for everyday work with KMS. Instead,
// use the access key ID and secret access key for an IAM user. You can also
// use the Amazon Web Services Security Token Service to generate temporary
// security credentials that you can use to sign requests.
diff --git a/service/kms/errors.go b/service/kms/errors.go
index 4f8fc21049..c897f63899 100644
--- a/service/kms/errors.go
+++ b/service/kms/errors.go
@@ -19,12 +19,13 @@ const (
// "CloudHsmClusterInUseException".
//
// The request was rejected because the specified CloudHSM cluster is already
- // associated with a custom key store or it shares a backup history with a cluster
- // that is associated with a custom key store. Each custom key store must be
- // associated with a different CloudHSM cluster.
+ // associated with an CloudHSM key store in the account, or it shares a backup
+ // history with an CloudHSM key store in the account. Each CloudHSM key store
+ // in the account must be associated with a different CloudHSM cluster.
//
- // Clusters that share a backup history have the same cluster certificate. To
- // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+ // CloudHSM clusters that share a backup history have the same cluster certificate.
+ // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+ // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException"
@@ -32,29 +33,29 @@ const (
// "CloudHsmClusterInvalidConfigurationException".
//
// The request was rejected because the associated CloudHSM cluster did not
- // meet the configuration requirements for a custom key store.
+ // meet the configuration requirements for an CloudHSM key store.
//
- // * The cluster must be configured with private subnets in at least two
- // different Availability Zones in the Region.
+ // * The CloudHSM cluster must be configured with private subnets in at least
+ // two different Availability Zones in the Region.
//
// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// (cloudhsm-cluster--sg) must include inbound rules and outbound
// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
// rules and the Destination in the outbound rules must match the security
- // group ID. These rules are set by default when you create the cluster.
- // Do not delete or change them. To get information about a particular security
- // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+ // group ID. These rules are set by default when you create the CloudHSM
+ // cluster. Do not delete or change them. To get information about a particular
+ // security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
// operation.
//
- // * The cluster must contain at least as many HSMs as the operation requires.
- // To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+ // * The CloudHSM cluster must contain at least as many HSMs as the operation
+ // requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
// operations, the CloudHSM cluster must have at least two active HSMs, each
// in a different Availability Zone. For the ConnectCustomKeyStore operation,
// the CloudHSM must contain at least one active HSM.
//
// For information about the requirements for an CloudHSM cluster that is associated
- // with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+ // with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the Key Management Service Developer Guide. For information about creating
// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the CloudHSM User Guide. For information about cluster security groups,
@@ -65,10 +66,9 @@ const (
// ErrCodeCloudHsmClusterNotActiveException for service response error code
// "CloudHsmClusterNotActiveException".
//
- // The request was rejected because the CloudHSM cluster that is associated
- // with the custom key store is not active. Initialize and activate the cluster
- // and try the command again. For detailed instructions, see Getting Started
- // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
+ // The request was rejected because the CloudHSM cluster associated with the
+ // CloudHSM key store is not active. Initialize and activate the cluster and
+ // try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the CloudHSM User Guide.
ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException"
@@ -84,15 +84,16 @@ const (
//
// The request was rejected because the specified CloudHSM cluster has a different
// cluster certificate than the original cluster. You cannot use the operation
- // to specify an unrelated cluster.
+ // to specify an unrelated cluster for an CloudHSM key store.
//
- // Specify a cluster that shares a backup history with the original cluster.
- // This includes clusters that were created from a backup of the current cluster,
- // and clusters that were created from the same backup that produced the current
- // cluster.
+ // Specify an CloudHSM cluster that shares a backup history with the original
+ // cluster. This includes clusters that were created from a backup of the current
+ // cluster, and clusters that were created from the same backup that produced
+ // the current cluster.
//
- // Clusters that share a backup history have the same cluster certificate. To
- // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+ // CloudHSM clusters that share a backup history have the same cluster certificate.
+ // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters
+ // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException"
@@ -114,17 +115,27 @@ const (
//
// This exception is thrown under the following conditions:
//
- // * You requested the CreateKey or GenerateRandom operation in a custom
- // key store that is not connected. These operations are valid only when
- // the custom key store ConnectionState is CONNECTED.
+ // * You requested the ConnectCustomKeyStore operation on a custom key store
+ // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
+ // for all other ConnectionState values. To reconnect a custom key store
+ // in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect
+ // it (ConnectCustomKeyStore).
+ //
+ // * You requested the CreateKey operation in a custom key store that is
+ // not connected. This operations is valid only when the custom key store
+ // ConnectionState is CONNECTED.
+ //
+ // * You requested the DisconnectCustomKeyStore operation on a custom key
+ // store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation
+ // is valid for all other ConnectionState values.
//
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
- // * You requested the ConnectCustomKeyStore operation on a custom key store
- // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
- // for all other ConnectionState values.
+ // * You requested the GenerateRandom operation in an CloudHSM key store
+ // that is not connected. This operation is valid only when the CloudHSM
+ // key store ConnectionState is CONNECTED.
ErrCodeCustomKeyStoreInvalidStateException = "CustomKeyStoreInvalidStateException"
// ErrCodeCustomKeyStoreNameInUseException for service response error code
@@ -145,8 +156,8 @@ const (
// ErrCodeDependencyTimeoutException for service response error code
// "DependencyTimeoutException".
//
- // The system timed out while trying to fulfill the request. The request can
- // be retried.
+ // The system timed out while trying to fulfill the request. You can retry the
+ // request.
ErrCodeDependencyTimeoutException = "DependencyTimeoutException"
// ErrCodeDisabledException for service response error code
@@ -183,9 +194,10 @@ const (
// "IncorrectTrustAnchorException".
//
// The request was rejected because the trust anchor certificate in the request
- // is not the trust anchor certificate for the specified CloudHSM cluster.
+ // to create an CloudHSM key store is not the trust anchor certificate for the
+ // specified CloudHSM cluster.
//
- // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
+ // When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
// you create the trust anchor certificate and save it in the customerCA.crt
// file.
ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException"
@@ -274,9 +286,17 @@ const (
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
- // For more information about how key state affects the use of a KMS key, see
- // Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
- // in the Key Management Service Developer Guide .
+ // This exceptions means one of the following:
+ //
+ // * The key state of the KMS key is not compatible with the operation. To
+ // find the key state, use the DescribeKey operation. For more information
+ // about which key states are compatible with each KMS operation, see Key
+ // states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+ // in the Key Management Service Developer Guide .
+ //
+ // * For cryptographic operations on KMS keys in custom key stores, this
+ // exception represents a general failure with many possible causes. To identify
+ // the cause, see the error message that accompanies the exception.
ErrCodeInvalidStateException = "KMSInvalidStateException"
// ErrCodeKMSInvalidMacException for service response error code
@@ -336,41 +356,170 @@ const (
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
ErrCodeUnsupportedOperationException = "UnsupportedOperationException"
+
+ // ErrCodeXksKeyAlreadyInUseException for service response error code
+ // "XksKeyAlreadyInUseException".
+ //
+ // The request was rejected because the (XksKeyId) is already associated with
+ // a KMS key in this external key store. Each KMS key in an external key store
+ // must be associated with a different external key.
+ ErrCodeXksKeyAlreadyInUseException = "XksKeyAlreadyInUseException"
+
+ // ErrCodeXksKeyInvalidConfigurationException for service response error code
+ // "XksKeyInvalidConfigurationException".
+ //
+ // The request was rejected because the external key specified by the XksKeyId
+ // parameter did not meet the configuration requirements for an external key
+ // store.
+ //
+ // The external key must be an AES-256 symmetric key that is enabled and performs
+ // encryption and decryption.
+ ErrCodeXksKeyInvalidConfigurationException = "XksKeyInvalidConfigurationException"
+
+ // ErrCodeXksKeyNotFoundException for service response error code
+ // "XksKeyNotFoundException".
+ //
+ // The request was rejected because the external key store proxy could not find
+ // the external key. This exception is thrown when the value of the XksKeyId
+ // parameter doesn't identify a key in the external key manager associated with
+ // the external key proxy.
+ //
+ // Verify that the XksKeyId represents an existing key in the external key manager.
+ // Use the key identifier that the external key store proxy uses to identify
+ // the key. For details, see the documentation provided with your external key
+ // store proxy or key manager.
+ ErrCodeXksKeyNotFoundException = "XksKeyNotFoundException"
+
+ // ErrCodeXksProxyIncorrectAuthenticationCredentialException for service response error code
+ // "XksProxyIncorrectAuthenticationCredentialException".
+ //
+ // The request was rejected because the proxy credentials failed to authenticate
+ // to the specified external key store proxy. The specified external key store
+ // proxy rejected a status request from KMS due to invalid credentials. This
+ // can indicate an error in the credentials or in the identification of the
+ // external key store proxy.
+ ErrCodeXksProxyIncorrectAuthenticationCredentialException = "XksProxyIncorrectAuthenticationCredentialException"
+
+ // ErrCodeXksProxyInvalidConfigurationException for service response error code
+ // "XksProxyInvalidConfigurationException".
+ //
+ // The request was rejected because the Amazon VPC endpoint service configuration
+ // does not fulfill the requirements for an external key store proxy. For details,
+ // see the exception message.
+ ErrCodeXksProxyInvalidConfigurationException = "XksProxyInvalidConfigurationException"
+
+ // ErrCodeXksProxyInvalidResponseException for service response error code
+ // "XksProxyInvalidResponseException".
+ //
+ // KMS cannot interpret the response it received from the external key store
+ // proxy. The problem might be a poorly constructed response, but it could also
+ // be a transient network issue. If you see this error repeatedly, report it
+ // to the proxy vendor.
+ ErrCodeXksProxyInvalidResponseException = "XksProxyInvalidResponseException"
+
+ // ErrCodeXksProxyUriEndpointInUseException for service response error code
+ // "XksProxyUriEndpointInUseException".
+ //
+ // The request was rejected because the concatenation of the XksProxyUriEndpoint
+ // is already associated with an external key store in the Amazon Web Services
+ // account and Region. Each external key store in an account and Region must
+ // use a unique external key store proxy address.
+ ErrCodeXksProxyUriEndpointInUseException = "XksProxyUriEndpointInUseException"
+
+ // ErrCodeXksProxyUriInUseException for service response error code
+ // "XksProxyUriInUseException".
+ //
+ // The request was rejected because the concatenation of the XksProxyUriEndpoint
+ // and XksProxyUriPath is already associated with an external key store in the
+ // Amazon Web Services account and Region. Each external key store in an account
+ // and Region must use a unique external key store proxy API address.
+ ErrCodeXksProxyUriInUseException = "XksProxyUriInUseException"
+
+ // ErrCodeXksProxyUriUnreachableException for service response error code
+ // "XksProxyUriUnreachableException".
+ //
+ // KMS was unable to reach the specified XksProxyUriPath. The path must be reachable
+ // before you create the external key store or update its settings.
+ //
+ // This exception is also thrown when the external key store proxy response
+ // to a GetHealthStatus request indicates that all external key manager instances
+ // are unavailable.
+ ErrCodeXksProxyUriUnreachableException = "XksProxyUriUnreachableException"
+
+ // ErrCodeXksProxyVpcEndpointServiceInUseException for service response error code
+ // "XksProxyVpcEndpointServiceInUseException".
+ //
+ // The request was rejected because the specified Amazon VPC endpoint service
+ // is already associated with an external key store in the Amazon Web Services
+ // account and Region. Each external key store in an Amazon Web Services account
+ // and Region must use a different Amazon VPC endpoint service.
+ ErrCodeXksProxyVpcEndpointServiceInUseException = "XksProxyVpcEndpointServiceInUseException"
+
+ // ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException for service response error code
+ // "XksProxyVpcEndpointServiceInvalidConfigurationException".
+ //
+ // The request was rejected because the Amazon VPC endpoint service configuration
+ // does not fulfill the requirements for an external key store proxy. For details,
+ // see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements)
+ // for Amazon VPC endpoint service connectivity for an external key store.
+ ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException = "XksProxyVpcEndpointServiceInvalidConfigurationException"
+
+ // ErrCodeXksProxyVpcEndpointServiceNotFoundException for service response error code
+ // "XksProxyVpcEndpointServiceNotFoundException".
+ //
+ // The request was rejected because KMS could not find the specified VPC endpoint
+ // service. Use DescribeCustomKeyStores to verify the VPC endpoint service name
+ // for the external key store. Also, confirm that the Allow principals list
+ // for the VPC endpoint service includes the KMS service principal for the Region,
+ // such as cks.kms.us-east-1.amazonaws.com.
+ ErrCodeXksProxyVpcEndpointServiceNotFoundException = "XksProxyVpcEndpointServiceNotFoundException"
)
var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
- "AlreadyExistsException": newErrorAlreadyExistsException,
- "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException,
- "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException,
- "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException,
- "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException,
- "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException,
- "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException,
- "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException,
- "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException,
- "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException,
- "DependencyTimeoutException": newErrorDependencyTimeoutException,
- "DisabledException": newErrorDisabledException,
- "ExpiredImportTokenException": newErrorExpiredImportTokenException,
- "IncorrectKeyException": newErrorIncorrectKeyException,
- "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException,
- "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException,
- "KMSInternalException": newErrorInternalException,
- "InvalidAliasNameException": newErrorInvalidAliasNameException,
- "InvalidArnException": newErrorInvalidArnException,
- "InvalidCiphertextException": newErrorInvalidCiphertextException,
- "InvalidGrantIdException": newErrorInvalidGrantIdException,
- "InvalidGrantTokenException": newErrorInvalidGrantTokenException,
- "InvalidImportTokenException": newErrorInvalidImportTokenException,
- "InvalidKeyUsageException": newErrorInvalidKeyUsageException,
- "InvalidMarkerException": newErrorInvalidMarkerException,
- "KMSInvalidStateException": newErrorInvalidStateException,
- "KMSInvalidMacException": newErrorKMSInvalidMacException,
- "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException,
- "KeyUnavailableException": newErrorKeyUnavailableException,
- "LimitExceededException": newErrorLimitExceededException,
- "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException,
- "NotFoundException": newErrorNotFoundException,
- "TagException": newErrorTagException,
- "UnsupportedOperationException": newErrorUnsupportedOperationException,
+ "AlreadyExistsException": newErrorAlreadyExistsException,
+ "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException,
+ "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException,
+ "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException,
+ "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException,
+ "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException,
+ "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException,
+ "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException,
+ "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException,
+ "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException,
+ "DependencyTimeoutException": newErrorDependencyTimeoutException,
+ "DisabledException": newErrorDisabledException,
+ "ExpiredImportTokenException": newErrorExpiredImportTokenException,
+ "IncorrectKeyException": newErrorIncorrectKeyException,
+ "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException,
+ "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException,
+ "KMSInternalException": newErrorInternalException,
+ "InvalidAliasNameException": newErrorInvalidAliasNameException,
+ "InvalidArnException": newErrorInvalidArnException,
+ "InvalidCiphertextException": newErrorInvalidCiphertextException,
+ "InvalidGrantIdException": newErrorInvalidGrantIdException,
+ "InvalidGrantTokenException": newErrorInvalidGrantTokenException,
+ "InvalidImportTokenException": newErrorInvalidImportTokenException,
+ "InvalidKeyUsageException": newErrorInvalidKeyUsageException,
+ "InvalidMarkerException": newErrorInvalidMarkerException,
+ "KMSInvalidStateException": newErrorInvalidStateException,
+ "KMSInvalidMacException": newErrorKMSInvalidMacException,
+ "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException,
+ "KeyUnavailableException": newErrorKeyUnavailableException,
+ "LimitExceededException": newErrorLimitExceededException,
+ "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException,
+ "NotFoundException": newErrorNotFoundException,
+ "TagException": newErrorTagException,
+ "UnsupportedOperationException": newErrorUnsupportedOperationException,
+ "XksKeyAlreadyInUseException": newErrorXksKeyAlreadyInUseException,
+ "XksKeyInvalidConfigurationException": newErrorXksKeyInvalidConfigurationException,
+ "XksKeyNotFoundException": newErrorXksKeyNotFoundException,
+ "XksProxyIncorrectAuthenticationCredentialException": newErrorXksProxyIncorrectAuthenticationCredentialException,
+ "XksProxyInvalidConfigurationException": newErrorXksProxyInvalidConfigurationException,
+ "XksProxyInvalidResponseException": newErrorXksProxyInvalidResponseException,
+ "XksProxyUriEndpointInUseException": newErrorXksProxyUriEndpointInUseException,
+ "XksProxyUriInUseException": newErrorXksProxyUriInUseException,
+ "XksProxyUriUnreachableException": newErrorXksProxyUriUnreachableException,
+ "XksProxyVpcEndpointServiceInUseException": newErrorXksProxyVpcEndpointServiceInUseException,
+ "XksProxyVpcEndpointServiceInvalidConfigurationException": newErrorXksProxyVpcEndpointServiceInvalidConfigurationException,
+ "XksProxyVpcEndpointServiceNotFoundException": newErrorXksProxyVpcEndpointServiceNotFoundException,
}
diff --git a/service/lexruntimev2/api.go b/service/lexruntimev2/api.go
index 233eb8420f..807079d921 100644
--- a/service/lexruntimev2/api.go
+++ b/service/lexruntimev2/api.go
@@ -838,12 +838,12 @@ func (es *StartConversationEventStream) closeInputPipe() error {
//
// These events are:
//
-// - AudioInputEvent
-// - ConfigurationEvent
-// - DTMFInputEvent
-// - DisconnectionEvent
-// - PlaybackCompletionEvent
-// - TextInputEvent
+// * AudioInputEvent
+// * ConfigurationEvent
+// * DTMFInputEvent
+// * DisconnectionEvent
+// * PlaybackCompletionEvent
+// * TextInputEvent
func (es *StartConversationEventStream) Send(ctx aws.Context, event StartConversationRequestEventStreamEvent) error {
return es.Writer.Send(ctx, event)
}
@@ -887,13 +887,13 @@ func (es *StartConversationEventStream) runInputStream(r *request.Request) {
//
// These events are:
//
-// - AudioResponseEvent
-// - HeartbeatEvent
-// - IntentResultEvent
-// - PlaybackInterruptionEvent
-// - TextResponseEvent
-// - TranscriptEvent
-// - StartConversationResponseEventStreamUnknownEvent
+// * AudioResponseEvent
+// * HeartbeatEvent
+// * IntentResultEvent
+// * PlaybackInterruptionEvent
+// * TextResponseEvent
+// * TranscriptEvent
+// * StartConversationResponseEventStreamUnknownEvent
func (es *StartConversationEventStream) Events() <-chan StartConversationResponseEventStreamEvent {
return es.Reader.Events()
}
diff --git a/service/lexruntimev2/eventstream_test.go b/service/lexruntimev2/eventstream_test.go
index cbb927c07f..96cd395217 100644
--- a/service/lexruntimev2/eventstream_test.go
+++ b/service/lexruntimev2/eventstream_test.go
@@ -235,12 +235,12 @@ func mockStartConversationReadEvents() (
EventId: aws.String("string value goes here"),
InputMode: aws.String("string value goes here"),
Interpretations: []*Interpretation{
- {
+ &Interpretation{
Intent: &Intent{
ConfirmationState: aws.String("string value goes here"),
Name: aws.String("string value goes here"),
Slots: map[string]*Slot{
- "a": {
+ "a": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -254,7 +254,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "b": {
+ "b": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -268,7 +268,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "c": {
+ "c": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -298,12 +298,12 @@ func mockStartConversationReadEvents() (
},
},
},
- {
+ &Interpretation{
Intent: &Intent{
ConfirmationState: aws.String("string value goes here"),
Name: aws.String("string value goes here"),
Slots: map[string]*Slot{
- "a": {
+ "a": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -317,7 +317,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "b": {
+ "b": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -331,7 +331,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "c": {
+ "c": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -361,12 +361,12 @@ func mockStartConversationReadEvents() (
},
},
},
- {
+ &Interpretation{
Intent: &Intent{
ConfirmationState: aws.String("string value goes here"),
Name: aws.String("string value goes here"),
Slots: map[string]*Slot{
- "a": {
+ "a": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -380,7 +380,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "b": {
+ "b": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -394,7 +394,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "c": {
+ "c": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -433,7 +433,7 @@ func mockStartConversationReadEvents() (
SessionId: aws.String("string value goes here"),
SessionState: &SessionState{
ActiveContexts: []*ActiveContext{
- {
+ &ActiveContext{
ContextAttributes: map[string]*string{
"a": aws.String("string value goes here"),
"b": aws.String("string value goes here"),
@@ -445,7 +445,7 @@ func mockStartConversationReadEvents() (
TurnsToLive: aws.Int64(123),
},
},
- {
+ &ActiveContext{
ContextAttributes: map[string]*string{
"a": aws.String("string value goes here"),
"b": aws.String("string value goes here"),
@@ -457,7 +457,7 @@ func mockStartConversationReadEvents() (
TurnsToLive: aws.Int64(123),
},
},
- {
+ &ActiveContext{
ContextAttributes: map[string]*string{
"a": aws.String("string value goes here"),
"b": aws.String("string value goes here"),
@@ -483,7 +483,7 @@ func mockStartConversationReadEvents() (
ConfirmationState: aws.String("string value goes here"),
Name: aws.String("string value goes here"),
Slots: map[string]*Slot{
- "a": {
+ "a": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -497,7 +497,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "b": {
+ "b": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -511,7 +511,7 @@ func mockStartConversationReadEvents() (
},
Values: []*Slot{},
},
- "c": {
+ "c": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -531,132 +531,132 @@ func mockStartConversationReadEvents() (
OriginatingRequestId: aws.String("string value goes here"),
RuntimeHints: &RuntimeHints{
SlotHints: map[string]map[string]*RuntimeHintDetails{
- "a": {
- "a": {
+ "a": map[string]*RuntimeHintDetails{
+ "a": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "b": {
+ "b": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "c": {
+ "c": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
},
- "b": {
- "a": {
+ "b": map[string]*RuntimeHintDetails{
+ "a": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "b": {
+ "b": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "c": {
+ "c": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
},
- "c": {
- "a": {
+ "c": map[string]*RuntimeHintDetails{
+ "a": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "b": {
+ "b": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "c": {
+ "c": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
@@ -680,20 +680,20 @@ func mockStartConversationReadEvents() (
&TextResponseEvent{
EventId: aws.String("string value goes here"),
Messages: []*Message{
- {
+ &Message{
Content: aws.String("string value goes here"),
ContentType: aws.String("string value goes here"),
ImageResponseCard: &ImageResponseCard{
Buttons: []*Button{
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
@@ -703,20 +703,20 @@ func mockStartConversationReadEvents() (
Title: aws.String("string value goes here"),
},
},
- {
+ &Message{
Content: aws.String("string value goes here"),
ContentType: aws.String("string value goes here"),
ImageResponseCard: &ImageResponseCard{
Buttons: []*Button{
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
@@ -726,20 +726,20 @@ func mockStartConversationReadEvents() (
Title: aws.String("string value goes here"),
},
},
- {
+ &Message{
Content: aws.String("string value goes here"),
ContentType: aws.String("string value goes here"),
ImageResponseCard: &ImageResponseCard{
Buttons: []*Button{
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
@@ -1103,7 +1103,7 @@ func mockStartConversationWriteEvents() (
ResponseContentType: aws.String("string value goes here"),
SessionState: &SessionState{
ActiveContexts: []*ActiveContext{
- {
+ &ActiveContext{
ContextAttributes: map[string]*string{
"a": aws.String("string value goes here"),
"b": aws.String("string value goes here"),
@@ -1115,7 +1115,7 @@ func mockStartConversationWriteEvents() (
TurnsToLive: aws.Int64(123),
},
},
- {
+ &ActiveContext{
ContextAttributes: map[string]*string{
"a": aws.String("string value goes here"),
"b": aws.String("string value goes here"),
@@ -1127,7 +1127,7 @@ func mockStartConversationWriteEvents() (
TurnsToLive: aws.Int64(123),
},
},
- {
+ &ActiveContext{
ContextAttributes: map[string]*string{
"a": aws.String("string value goes here"),
"b": aws.String("string value goes here"),
@@ -1153,7 +1153,7 @@ func mockStartConversationWriteEvents() (
ConfirmationState: aws.String("string value goes here"),
Name: aws.String("string value goes here"),
Slots: map[string]*Slot{
- "a": {
+ "a": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -1167,7 +1167,7 @@ func mockStartConversationWriteEvents() (
},
Values: []*Slot{},
},
- "b": {
+ "b": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -1181,7 +1181,7 @@ func mockStartConversationWriteEvents() (
},
Values: []*Slot{},
},
- "c": {
+ "c": &Slot{
Shape: aws.String("string value goes here"),
SubSlots: nil,
Value: &Value{
@@ -1201,132 +1201,132 @@ func mockStartConversationWriteEvents() (
OriginatingRequestId: aws.String("string value goes here"),
RuntimeHints: &RuntimeHints{
SlotHints: map[string]map[string]*RuntimeHintDetails{
- "a": {
- "a": {
+ "a": map[string]*RuntimeHintDetails{
+ "a": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "b": {
+ "b": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "c": {
+ "c": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
},
- "b": {
- "a": {
+ "b": map[string]*RuntimeHintDetails{
+ "a": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "b": {
+ "b": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "c": {
+ "c": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
},
- "c": {
- "a": {
+ "c": map[string]*RuntimeHintDetails{
+ "a": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "b": {
+ "b": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
SubSlotHints: nil,
},
- "c": {
+ "c": &RuntimeHintDetails{
RuntimeHintValues: []*RuntimeHintValue{
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
- {
+ &RuntimeHintValue{
Phrase: aws.String("string value goes here"),
},
},
@@ -1342,20 +1342,20 @@ func mockStartConversationWriteEvents() (
},
},
WelcomeMessages: []*Message{
- {
+ &Message{
Content: aws.String("string value goes here"),
ContentType: aws.String("string value goes here"),
ImageResponseCard: &ImageResponseCard{
Buttons: []*Button{
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
@@ -1365,20 +1365,20 @@ func mockStartConversationWriteEvents() (
Title: aws.String("string value goes here"),
},
},
- {
+ &Message{
Content: aws.String("string value goes here"),
ContentType: aws.String("string value goes here"),
ImageResponseCard: &ImageResponseCard{
Buttons: []*Button{
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
@@ -1388,20 +1388,20 @@ func mockStartConversationWriteEvents() (
Title: aws.String("string value goes here"),
},
},
- {
+ &Message{
Content: aws.String("string value goes here"),
ContentType: aws.String("string value goes here"),
ImageResponseCard: &ImageResponseCard{
Buttons: []*Button{
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
- {
+ &Button{
Text: aws.String("string value goes here"),
Value: aws.String("string value goes here"),
},
diff --git a/service/omics/doc.go b/service/omics/doc.go
new file mode 100644
index 0000000000..0aeadf0fb4
--- /dev/null
+++ b/service/omics/doc.go
@@ -0,0 +1,30 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package omics provides the client and types for making API
+// requests to Amazon Omics.
+//
+// This is the Amazon Omics API Reference. For an introduction to the service,
+// see What is Amazon Omics? (https://docs.aws.amazon.com/omics/latest/dev/)
+// in the Amazon Omics Developer Guide.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/omics-2022-11-28 for more information on this service.
+//
+// See omics package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/omics/
+//
+// # Using the Client
+//
+// To contact Amazon Omics with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Amazon Omics client Omics for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/omics/#New
+package omics
diff --git a/service/opensearchserverless/api.go b/service/opensearchserverless/api.go
new file mode 100644
index 0000000000..95c4179186
--- /dev/null
+++ b/service/opensearchserverless/api.go
@@ -0,0 +1,8508 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package opensearchserverless
+
+import (
+ "fmt"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
+)
+
+const opBatchGetCollection = "BatchGetCollection"
+
+// BatchGetCollectionRequest generates a "aws/request.Request" representing the
+// client's request for the BatchGetCollection operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See BatchGetCollection for more information on using the BatchGetCollection
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the BatchGetCollectionRequest method.
+// req, resp := client.BatchGetCollectionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/BatchGetCollection
+func (c *OpenSearchServerless) BatchGetCollectionRequest(input *BatchGetCollectionInput) (req *request.Request, output *BatchGetCollectionOutput) {
+ op := &request.Operation{
+ Name: opBatchGetCollection,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &BatchGetCollectionInput{}
+ }
+
+ output = &BatchGetCollectionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// BatchGetCollection API operation for OpenSearch Service Serverless.
+//
+// Returns attributes for one or more collections, including the collection
+// endpoint and the OpenSearch Dashboards endpoint. For more information, see
+// Creating and managing Amazon OpenSearch Serverless collections (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-manage.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation BatchGetCollection for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/BatchGetCollection
+func (c *OpenSearchServerless) BatchGetCollection(input *BatchGetCollectionInput) (*BatchGetCollectionOutput, error) {
+ req, out := c.BatchGetCollectionRequest(input)
+ return out, req.Send()
+}
+
+// BatchGetCollectionWithContext is the same as BatchGetCollection with the addition of
+// the ability to pass a context and additional request options.
+//
+// See BatchGetCollection for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) BatchGetCollectionWithContext(ctx aws.Context, input *BatchGetCollectionInput, opts ...request.Option) (*BatchGetCollectionOutput, error) {
+ req, out := c.BatchGetCollectionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opBatchGetVpcEndpoint = "BatchGetVpcEndpoint"
+
+// BatchGetVpcEndpointRequest generates a "aws/request.Request" representing the
+// client's request for the BatchGetVpcEndpoint operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See BatchGetVpcEndpoint for more information on using the BatchGetVpcEndpoint
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the BatchGetVpcEndpointRequest method.
+// req, resp := client.BatchGetVpcEndpointRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/BatchGetVpcEndpoint
+func (c *OpenSearchServerless) BatchGetVpcEndpointRequest(input *BatchGetVpcEndpointInput) (req *request.Request, output *BatchGetVpcEndpointOutput) {
+ op := &request.Operation{
+ Name: opBatchGetVpcEndpoint,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &BatchGetVpcEndpointInput{}
+ }
+
+ output = &BatchGetVpcEndpointOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// BatchGetVpcEndpoint API operation for OpenSearch Service Serverless.
+//
+// Returns attributes for one or more VPC endpoints associated with the current
+// account. For more information, see Access Amazon OpenSearch Serverless using
+// an interface endpoint (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-vpc.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation BatchGetVpcEndpoint for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/BatchGetVpcEndpoint
+func (c *OpenSearchServerless) BatchGetVpcEndpoint(input *BatchGetVpcEndpointInput) (*BatchGetVpcEndpointOutput, error) {
+ req, out := c.BatchGetVpcEndpointRequest(input)
+ return out, req.Send()
+}
+
+// BatchGetVpcEndpointWithContext is the same as BatchGetVpcEndpoint with the addition of
+// the ability to pass a context and additional request options.
+//
+// See BatchGetVpcEndpoint for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) BatchGetVpcEndpointWithContext(ctx aws.Context, input *BatchGetVpcEndpointInput, opts ...request.Option) (*BatchGetVpcEndpointOutput, error) {
+ req, out := c.BatchGetVpcEndpointRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateAccessPolicy = "CreateAccessPolicy"
+
+// CreateAccessPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the CreateAccessPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateAccessPolicy for more information on using the CreateAccessPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateAccessPolicyRequest method.
+// req, resp := client.CreateAccessPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateAccessPolicy
+func (c *OpenSearchServerless) CreateAccessPolicyRequest(input *CreateAccessPolicyInput) (req *request.Request, output *CreateAccessPolicyOutput) {
+ op := &request.Operation{
+ Name: opCreateAccessPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &CreateAccessPolicyInput{}
+ }
+
+ output = &CreateAccessPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateAccessPolicy API operation for OpenSearch Service Serverless.
+//
+// Creates a data access policy for OpenSearch Serverless. Access policies limit
+// access to collections and the resources within them, and allow a user to
+// access that data irrespective of the access mechanism or network source.
+// For more information, see Data access control for Amazon OpenSearch Serverless
+// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation CreateAccessPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateAccessPolicy
+func (c *OpenSearchServerless) CreateAccessPolicy(input *CreateAccessPolicyInput) (*CreateAccessPolicyOutput, error) {
+ req, out := c.CreateAccessPolicyRequest(input)
+ return out, req.Send()
+}
+
+// CreateAccessPolicyWithContext is the same as CreateAccessPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateAccessPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) CreateAccessPolicyWithContext(ctx aws.Context, input *CreateAccessPolicyInput, opts ...request.Option) (*CreateAccessPolicyOutput, error) {
+ req, out := c.CreateAccessPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateCollection = "CreateCollection"
+
+// CreateCollectionRequest generates a "aws/request.Request" representing the
+// client's request for the CreateCollection operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateCollection for more information on using the CreateCollection
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateCollectionRequest method.
+// req, resp := client.CreateCollectionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateCollection
+func (c *OpenSearchServerless) CreateCollectionRequest(input *CreateCollectionInput) (req *request.Request, output *CreateCollectionOutput) {
+ op := &request.Operation{
+ Name: opCreateCollection,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &CreateCollectionInput{}
+ }
+
+ output = &CreateCollectionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateCollection API operation for OpenSearch Service Serverless.
+//
+// Creates a new OpenSearch Serverless collection. For more information, see
+// Creating and managing Amazon OpenSearch Serverless collections (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-manage.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation CreateCollection for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateCollection
+func (c *OpenSearchServerless) CreateCollection(input *CreateCollectionInput) (*CreateCollectionOutput, error) {
+ req, out := c.CreateCollectionRequest(input)
+ return out, req.Send()
+}
+
+// CreateCollectionWithContext is the same as CreateCollection with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateCollection for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) CreateCollectionWithContext(ctx aws.Context, input *CreateCollectionInput, opts ...request.Option) (*CreateCollectionOutput, error) {
+ req, out := c.CreateCollectionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateSecurityConfig = "CreateSecurityConfig"
+
+// CreateSecurityConfigRequest generates a "aws/request.Request" representing the
+// client's request for the CreateSecurityConfig operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateSecurityConfig for more information on using the CreateSecurityConfig
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateSecurityConfigRequest method.
+// req, resp := client.CreateSecurityConfigRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateSecurityConfig
+func (c *OpenSearchServerless) CreateSecurityConfigRequest(input *CreateSecurityConfigInput) (req *request.Request, output *CreateSecurityConfigOutput) {
+ op := &request.Operation{
+ Name: opCreateSecurityConfig,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &CreateSecurityConfigInput{}
+ }
+
+ output = &CreateSecurityConfigOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateSecurityConfig API operation for OpenSearch Service Serverless.
+//
+// Specifies a security configuration for OpenSearch Serverless. For more information,
+// see SAML authentication for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation CreateSecurityConfig for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateSecurityConfig
+func (c *OpenSearchServerless) CreateSecurityConfig(input *CreateSecurityConfigInput) (*CreateSecurityConfigOutput, error) {
+ req, out := c.CreateSecurityConfigRequest(input)
+ return out, req.Send()
+}
+
+// CreateSecurityConfigWithContext is the same as CreateSecurityConfig with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateSecurityConfig for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) CreateSecurityConfigWithContext(ctx aws.Context, input *CreateSecurityConfigInput, opts ...request.Option) (*CreateSecurityConfigOutput, error) {
+ req, out := c.CreateSecurityConfigRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateSecurityPolicy = "CreateSecurityPolicy"
+
+// CreateSecurityPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the CreateSecurityPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateSecurityPolicy for more information on using the CreateSecurityPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateSecurityPolicyRequest method.
+// req, resp := client.CreateSecurityPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateSecurityPolicy
+func (c *OpenSearchServerless) CreateSecurityPolicyRequest(input *CreateSecurityPolicyInput) (req *request.Request, output *CreateSecurityPolicyOutput) {
+ op := &request.Operation{
+ Name: opCreateSecurityPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &CreateSecurityPolicyInput{}
+ }
+
+ output = &CreateSecurityPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateSecurityPolicy API operation for OpenSearch Service Serverless.
+//
+// Creates a security policy to be used by one or more OpenSearch Serverless
+// collections. Security policies provide access to a collection and its OpenSearch
+// Dashboards endpoint from public networks or specific VPC endpoints. They
+// also allow you to secure a collection with a KMS encryption key. For more
+// information, see Network access for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-network.html)
+// and Encryption at rest for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-encryption.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation CreateSecurityPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateSecurityPolicy
+func (c *OpenSearchServerless) CreateSecurityPolicy(input *CreateSecurityPolicyInput) (*CreateSecurityPolicyOutput, error) {
+ req, out := c.CreateSecurityPolicyRequest(input)
+ return out, req.Send()
+}
+
+// CreateSecurityPolicyWithContext is the same as CreateSecurityPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateSecurityPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) CreateSecurityPolicyWithContext(ctx aws.Context, input *CreateSecurityPolicyInput, opts ...request.Option) (*CreateSecurityPolicyOutput, error) {
+ req, out := c.CreateSecurityPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateVpcEndpoint = "CreateVpcEndpoint"
+
+// CreateVpcEndpointRequest generates a "aws/request.Request" representing the
+// client's request for the CreateVpcEndpoint operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateVpcEndpoint for more information on using the CreateVpcEndpoint
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateVpcEndpointRequest method.
+// req, resp := client.CreateVpcEndpointRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateVpcEndpoint
+func (c *OpenSearchServerless) CreateVpcEndpointRequest(input *CreateVpcEndpointInput) (req *request.Request, output *CreateVpcEndpointOutput) {
+ op := &request.Operation{
+ Name: opCreateVpcEndpoint,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &CreateVpcEndpointInput{}
+ }
+
+ output = &CreateVpcEndpointOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateVpcEndpoint API operation for OpenSearch Service Serverless.
+//
+// Creates an OpenSearch Serverless-managed interface VPC endpoint. For more
+// information, see Access Amazon OpenSearch Serverless using an interface endpoint
+// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-vpc.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation CreateVpcEndpoint for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateVpcEndpoint
+func (c *OpenSearchServerless) CreateVpcEndpoint(input *CreateVpcEndpointInput) (*CreateVpcEndpointOutput, error) {
+ req, out := c.CreateVpcEndpointRequest(input)
+ return out, req.Send()
+}
+
+// CreateVpcEndpointWithContext is the same as CreateVpcEndpoint with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateVpcEndpoint for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) CreateVpcEndpointWithContext(ctx aws.Context, input *CreateVpcEndpointInput, opts ...request.Option) (*CreateVpcEndpointOutput, error) {
+ req, out := c.CreateVpcEndpointRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteAccessPolicy = "DeleteAccessPolicy"
+
+// DeleteAccessPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteAccessPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteAccessPolicy for more information on using the DeleteAccessPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteAccessPolicyRequest method.
+// req, resp := client.DeleteAccessPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteAccessPolicy
+func (c *OpenSearchServerless) DeleteAccessPolicyRequest(input *DeleteAccessPolicyInput) (req *request.Request, output *DeleteAccessPolicyOutput) {
+ op := &request.Operation{
+ Name: opDeleteAccessPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DeleteAccessPolicyInput{}
+ }
+
+ output = &DeleteAccessPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteAccessPolicy API operation for OpenSearch Service Serverless.
+//
+// Deletes an OpenSearch Serverless access policy. For more information, see
+// Data access control for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation DeleteAccessPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteAccessPolicy
+func (c *OpenSearchServerless) DeleteAccessPolicy(input *DeleteAccessPolicyInput) (*DeleteAccessPolicyOutput, error) {
+ req, out := c.DeleteAccessPolicyRequest(input)
+ return out, req.Send()
+}
+
+// DeleteAccessPolicyWithContext is the same as DeleteAccessPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteAccessPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) DeleteAccessPolicyWithContext(ctx aws.Context, input *DeleteAccessPolicyInput, opts ...request.Option) (*DeleteAccessPolicyOutput, error) {
+ req, out := c.DeleteAccessPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteCollection = "DeleteCollection"
+
+// DeleteCollectionRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteCollection operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteCollection for more information on using the DeleteCollection
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteCollectionRequest method.
+// req, resp := client.DeleteCollectionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteCollection
+func (c *OpenSearchServerless) DeleteCollectionRequest(input *DeleteCollectionInput) (req *request.Request, output *DeleteCollectionOutput) {
+ op := &request.Operation{
+ Name: opDeleteCollection,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DeleteCollectionInput{}
+ }
+
+ output = &DeleteCollectionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DeleteCollection API operation for OpenSearch Service Serverless.
+//
+// Deletes an OpenSearch Serverless collection. For more information, see Creating
+// and managing Amazon OpenSearch Serverless collections (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-manage.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation DeleteCollection for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteCollection
+func (c *OpenSearchServerless) DeleteCollection(input *DeleteCollectionInput) (*DeleteCollectionOutput, error) {
+ req, out := c.DeleteCollectionRequest(input)
+ return out, req.Send()
+}
+
+// DeleteCollectionWithContext is the same as DeleteCollection with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteCollection for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) DeleteCollectionWithContext(ctx aws.Context, input *DeleteCollectionInput, opts ...request.Option) (*DeleteCollectionOutput, error) {
+ req, out := c.DeleteCollectionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteSecurityConfig = "DeleteSecurityConfig"
+
+// DeleteSecurityConfigRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteSecurityConfig operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteSecurityConfig for more information on using the DeleteSecurityConfig
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteSecurityConfigRequest method.
+// req, resp := client.DeleteSecurityConfigRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteSecurityConfig
+func (c *OpenSearchServerless) DeleteSecurityConfigRequest(input *DeleteSecurityConfigInput) (req *request.Request, output *DeleteSecurityConfigOutput) {
+ op := &request.Operation{
+ Name: opDeleteSecurityConfig,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DeleteSecurityConfigInput{}
+ }
+
+ output = &DeleteSecurityConfigOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteSecurityConfig API operation for OpenSearch Service Serverless.
+//
+// Deletes a security configuration for OpenSearch Serverless. For more information,
+// see SAML authentication for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation DeleteSecurityConfig for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteSecurityConfig
+func (c *OpenSearchServerless) DeleteSecurityConfig(input *DeleteSecurityConfigInput) (*DeleteSecurityConfigOutput, error) {
+ req, out := c.DeleteSecurityConfigRequest(input)
+ return out, req.Send()
+}
+
+// DeleteSecurityConfigWithContext is the same as DeleteSecurityConfig with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteSecurityConfig for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) DeleteSecurityConfigWithContext(ctx aws.Context, input *DeleteSecurityConfigInput, opts ...request.Option) (*DeleteSecurityConfigOutput, error) {
+ req, out := c.DeleteSecurityConfigRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteSecurityPolicy = "DeleteSecurityPolicy"
+
+// DeleteSecurityPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteSecurityPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteSecurityPolicy for more information on using the DeleteSecurityPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteSecurityPolicyRequest method.
+// req, resp := client.DeleteSecurityPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteSecurityPolicy
+func (c *OpenSearchServerless) DeleteSecurityPolicyRequest(input *DeleteSecurityPolicyInput) (req *request.Request, output *DeleteSecurityPolicyOutput) {
+ op := &request.Operation{
+ Name: opDeleteSecurityPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DeleteSecurityPolicyInput{}
+ }
+
+ output = &DeleteSecurityPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteSecurityPolicy API operation for OpenSearch Service Serverless.
+//
+// Deletes an OpenSearch Serverless security policy.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation DeleteSecurityPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteSecurityPolicy
+func (c *OpenSearchServerless) DeleteSecurityPolicy(input *DeleteSecurityPolicyInput) (*DeleteSecurityPolicyOutput, error) {
+ req, out := c.DeleteSecurityPolicyRequest(input)
+ return out, req.Send()
+}
+
+// DeleteSecurityPolicyWithContext is the same as DeleteSecurityPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteSecurityPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) DeleteSecurityPolicyWithContext(ctx aws.Context, input *DeleteSecurityPolicyInput, opts ...request.Option) (*DeleteSecurityPolicyOutput, error) {
+ req, out := c.DeleteSecurityPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteVpcEndpoint = "DeleteVpcEndpoint"
+
+// DeleteVpcEndpointRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteVpcEndpoint operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteVpcEndpoint for more information on using the DeleteVpcEndpoint
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteVpcEndpointRequest method.
+// req, resp := client.DeleteVpcEndpointRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteVpcEndpoint
+func (c *OpenSearchServerless) DeleteVpcEndpointRequest(input *DeleteVpcEndpointInput) (req *request.Request, output *DeleteVpcEndpointOutput) {
+ op := &request.Operation{
+ Name: opDeleteVpcEndpoint,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DeleteVpcEndpointInput{}
+ }
+
+ output = &DeleteVpcEndpointOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DeleteVpcEndpoint API operation for OpenSearch Service Serverless.
+//
+// Deletes an OpenSearch Serverless-managed interface endpoint. For more information,
+// see Access Amazon OpenSearch Serverless using an interface endpoint (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-vpc.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation DeleteVpcEndpoint for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/DeleteVpcEndpoint
+func (c *OpenSearchServerless) DeleteVpcEndpoint(input *DeleteVpcEndpointInput) (*DeleteVpcEndpointOutput, error) {
+ req, out := c.DeleteVpcEndpointRequest(input)
+ return out, req.Send()
+}
+
+// DeleteVpcEndpointWithContext is the same as DeleteVpcEndpoint with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteVpcEndpoint for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) DeleteVpcEndpointWithContext(ctx aws.Context, input *DeleteVpcEndpointInput, opts ...request.Option) (*DeleteVpcEndpointOutput, error) {
+ req, out := c.DeleteVpcEndpointRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetAccessPolicy = "GetAccessPolicy"
+
+// GetAccessPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the GetAccessPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetAccessPolicy for more information on using the GetAccessPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetAccessPolicyRequest method.
+// req, resp := client.GetAccessPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetAccessPolicy
+func (c *OpenSearchServerless) GetAccessPolicyRequest(input *GetAccessPolicyInput) (req *request.Request, output *GetAccessPolicyOutput) {
+ op := &request.Operation{
+ Name: opGetAccessPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetAccessPolicyInput{}
+ }
+
+ output = &GetAccessPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetAccessPolicy API operation for OpenSearch Service Serverless.
+//
+// Returns an OpenSearch Serverless access policy. For more information, see
+// Data access control for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation GetAccessPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetAccessPolicy
+func (c *OpenSearchServerless) GetAccessPolicy(input *GetAccessPolicyInput) (*GetAccessPolicyOutput, error) {
+ req, out := c.GetAccessPolicyRequest(input)
+ return out, req.Send()
+}
+
+// GetAccessPolicyWithContext is the same as GetAccessPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetAccessPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) GetAccessPolicyWithContext(ctx aws.Context, input *GetAccessPolicyInput, opts ...request.Option) (*GetAccessPolicyOutput, error) {
+ req, out := c.GetAccessPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetAccountSettings = "GetAccountSettings"
+
+// GetAccountSettingsRequest generates a "aws/request.Request" representing the
+// client's request for the GetAccountSettings operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetAccountSettings for more information on using the GetAccountSettings
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetAccountSettingsRequest method.
+// req, resp := client.GetAccountSettingsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetAccountSettings
+func (c *OpenSearchServerless) GetAccountSettingsRequest(input *GetAccountSettingsInput) (req *request.Request, output *GetAccountSettingsOutput) {
+ op := &request.Operation{
+ Name: opGetAccountSettings,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetAccountSettingsInput{}
+ }
+
+ output = &GetAccountSettingsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetAccountSettings API operation for OpenSearch Service Serverless.
+//
+// Returns account-level settings related to OpenSearch Serverless.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation GetAccountSettings for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetAccountSettings
+func (c *OpenSearchServerless) GetAccountSettings(input *GetAccountSettingsInput) (*GetAccountSettingsOutput, error) {
+ req, out := c.GetAccountSettingsRequest(input)
+ return out, req.Send()
+}
+
+// GetAccountSettingsWithContext is the same as GetAccountSettings with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetAccountSettings for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) GetAccountSettingsWithContext(ctx aws.Context, input *GetAccountSettingsInput, opts ...request.Option) (*GetAccountSettingsOutput, error) {
+ req, out := c.GetAccountSettingsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetPoliciesStats = "GetPoliciesStats"
+
+// GetPoliciesStatsRequest generates a "aws/request.Request" representing the
+// client's request for the GetPoliciesStats operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetPoliciesStats for more information on using the GetPoliciesStats
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetPoliciesStatsRequest method.
+// req, resp := client.GetPoliciesStatsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetPoliciesStats
+func (c *OpenSearchServerless) GetPoliciesStatsRequest(input *GetPoliciesStatsInput) (req *request.Request, output *GetPoliciesStatsOutput) {
+ op := &request.Operation{
+ Name: opGetPoliciesStats,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetPoliciesStatsInput{}
+ }
+
+ output = &GetPoliciesStatsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetPoliciesStats API operation for OpenSearch Service Serverless.
+//
+// Returns statistical information about your OpenSearch Serverless access policies,
+// security configurations, and security policies.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation GetPoliciesStats for usage and error information.
+//
+// Returned Error Types:
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetPoliciesStats
+func (c *OpenSearchServerless) GetPoliciesStats(input *GetPoliciesStatsInput) (*GetPoliciesStatsOutput, error) {
+ req, out := c.GetPoliciesStatsRequest(input)
+ return out, req.Send()
+}
+
+// GetPoliciesStatsWithContext is the same as GetPoliciesStats with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetPoliciesStats for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) GetPoliciesStatsWithContext(ctx aws.Context, input *GetPoliciesStatsInput, opts ...request.Option) (*GetPoliciesStatsOutput, error) {
+ req, out := c.GetPoliciesStatsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetSecurityConfig = "GetSecurityConfig"
+
+// GetSecurityConfigRequest generates a "aws/request.Request" representing the
+// client's request for the GetSecurityConfig operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetSecurityConfig for more information on using the GetSecurityConfig
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetSecurityConfigRequest method.
+// req, resp := client.GetSecurityConfigRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetSecurityConfig
+func (c *OpenSearchServerless) GetSecurityConfigRequest(input *GetSecurityConfigInput) (req *request.Request, output *GetSecurityConfigOutput) {
+ op := &request.Operation{
+ Name: opGetSecurityConfig,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetSecurityConfigInput{}
+ }
+
+ output = &GetSecurityConfigOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetSecurityConfig API operation for OpenSearch Service Serverless.
+//
+// Returns information about an OpenSearch Serverless security configuration.
+// For more information, see SAML authentication for Amazon OpenSearch Serverless
+// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation GetSecurityConfig for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetSecurityConfig
+func (c *OpenSearchServerless) GetSecurityConfig(input *GetSecurityConfigInput) (*GetSecurityConfigOutput, error) {
+ req, out := c.GetSecurityConfigRequest(input)
+ return out, req.Send()
+}
+
+// GetSecurityConfigWithContext is the same as GetSecurityConfig with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetSecurityConfig for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) GetSecurityConfigWithContext(ctx aws.Context, input *GetSecurityConfigInput, opts ...request.Option) (*GetSecurityConfigOutput, error) {
+ req, out := c.GetSecurityConfigRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetSecurityPolicy = "GetSecurityPolicy"
+
+// GetSecurityPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the GetSecurityPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetSecurityPolicy for more information on using the GetSecurityPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetSecurityPolicyRequest method.
+// req, resp := client.GetSecurityPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetSecurityPolicy
+func (c *OpenSearchServerless) GetSecurityPolicyRequest(input *GetSecurityPolicyInput) (req *request.Request, output *GetSecurityPolicyOutput) {
+ op := &request.Operation{
+ Name: opGetSecurityPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetSecurityPolicyInput{}
+ }
+
+ output = &GetSecurityPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetSecurityPolicy API operation for OpenSearch Service Serverless.
+//
+// Returns information about a configured OpenSearch Serverless security policy.
+// For more information, see Network access for Amazon OpenSearch Serverless
+// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-network.html)
+// and Encryption at rest for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-encryption.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation GetSecurityPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/GetSecurityPolicy
+func (c *OpenSearchServerless) GetSecurityPolicy(input *GetSecurityPolicyInput) (*GetSecurityPolicyOutput, error) {
+ req, out := c.GetSecurityPolicyRequest(input)
+ return out, req.Send()
+}
+
+// GetSecurityPolicyWithContext is the same as GetSecurityPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetSecurityPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) GetSecurityPolicyWithContext(ctx aws.Context, input *GetSecurityPolicyInput, opts ...request.Option) (*GetSecurityPolicyOutput, error) {
+ req, out := c.GetSecurityPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opListAccessPolicies = "ListAccessPolicies"
+
+// ListAccessPoliciesRequest generates a "aws/request.Request" representing the
+// client's request for the ListAccessPolicies operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListAccessPolicies for more information on using the ListAccessPolicies
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListAccessPoliciesRequest method.
+// req, resp := client.ListAccessPoliciesRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListAccessPolicies
+func (c *OpenSearchServerless) ListAccessPoliciesRequest(input *ListAccessPoliciesInput) (req *request.Request, output *ListAccessPoliciesOutput) {
+ op := &request.Operation{
+ Name: opListAccessPolicies,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListAccessPoliciesInput{}
+ }
+
+ output = &ListAccessPoliciesOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListAccessPolicies API operation for OpenSearch Service Serverless.
+//
+// Returns information about a list of OpenSearch Serverless access policies.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation ListAccessPolicies for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListAccessPolicies
+func (c *OpenSearchServerless) ListAccessPolicies(input *ListAccessPoliciesInput) (*ListAccessPoliciesOutput, error) {
+ req, out := c.ListAccessPoliciesRequest(input)
+ return out, req.Send()
+}
+
+// ListAccessPoliciesWithContext is the same as ListAccessPolicies with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListAccessPolicies for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListAccessPoliciesWithContext(ctx aws.Context, input *ListAccessPoliciesInput, opts ...request.Option) (*ListAccessPoliciesOutput, error) {
+ req, out := c.ListAccessPoliciesRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListAccessPoliciesPages iterates over the pages of a ListAccessPolicies operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListAccessPolicies method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListAccessPolicies operation.
+// pageNum := 0
+// err := client.ListAccessPoliciesPages(params,
+// func(page *opensearchserverless.ListAccessPoliciesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *OpenSearchServerless) ListAccessPoliciesPages(input *ListAccessPoliciesInput, fn func(*ListAccessPoliciesOutput, bool) bool) error {
+ return c.ListAccessPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListAccessPoliciesPagesWithContext same as ListAccessPoliciesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListAccessPoliciesPagesWithContext(ctx aws.Context, input *ListAccessPoliciesInput, fn func(*ListAccessPoliciesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListAccessPoliciesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListAccessPoliciesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListAccessPoliciesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListCollections = "ListCollections"
+
+// ListCollectionsRequest generates a "aws/request.Request" representing the
+// client's request for the ListCollections operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListCollections for more information on using the ListCollections
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListCollectionsRequest method.
+// req, resp := client.ListCollectionsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListCollections
+func (c *OpenSearchServerless) ListCollectionsRequest(input *ListCollectionsInput) (req *request.Request, output *ListCollectionsOutput) {
+ op := &request.Operation{
+ Name: opListCollections,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListCollectionsInput{}
+ }
+
+ output = &ListCollectionsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListCollections API operation for OpenSearch Service Serverless.
+//
+// Lists all OpenSearch Serverless collections. For more information, see Creating
+// and managing Amazon OpenSearch Serverless collections (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-manage.html).
+//
+// Make sure to include an empty request body {} if you don't include any collection
+// filters in the request.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation ListCollections for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListCollections
+func (c *OpenSearchServerless) ListCollections(input *ListCollectionsInput) (*ListCollectionsOutput, error) {
+ req, out := c.ListCollectionsRequest(input)
+ return out, req.Send()
+}
+
+// ListCollectionsWithContext is the same as ListCollections with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListCollections for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListCollectionsWithContext(ctx aws.Context, input *ListCollectionsInput, opts ...request.Option) (*ListCollectionsOutput, error) {
+ req, out := c.ListCollectionsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListCollectionsPages iterates over the pages of a ListCollections operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListCollections method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListCollections operation.
+// pageNum := 0
+// err := client.ListCollectionsPages(params,
+// func(page *opensearchserverless.ListCollectionsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *OpenSearchServerless) ListCollectionsPages(input *ListCollectionsInput, fn func(*ListCollectionsOutput, bool) bool) error {
+ return c.ListCollectionsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListCollectionsPagesWithContext same as ListCollectionsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListCollectionsPagesWithContext(ctx aws.Context, input *ListCollectionsInput, fn func(*ListCollectionsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListCollectionsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListCollectionsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListCollectionsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListSecurityConfigs = "ListSecurityConfigs"
+
+// ListSecurityConfigsRequest generates a "aws/request.Request" representing the
+// client's request for the ListSecurityConfigs operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListSecurityConfigs for more information on using the ListSecurityConfigs
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListSecurityConfigsRequest method.
+// req, resp := client.ListSecurityConfigsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListSecurityConfigs
+func (c *OpenSearchServerless) ListSecurityConfigsRequest(input *ListSecurityConfigsInput) (req *request.Request, output *ListSecurityConfigsOutput) {
+ op := &request.Operation{
+ Name: opListSecurityConfigs,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListSecurityConfigsInput{}
+ }
+
+ output = &ListSecurityConfigsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListSecurityConfigs API operation for OpenSearch Service Serverless.
+//
+// Returns information about configured OpenSearch Serverless security configurations.
+// For more information, see SAML authentication for Amazon OpenSearch Serverless
+// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation ListSecurityConfigs for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListSecurityConfigs
+func (c *OpenSearchServerless) ListSecurityConfigs(input *ListSecurityConfigsInput) (*ListSecurityConfigsOutput, error) {
+ req, out := c.ListSecurityConfigsRequest(input)
+ return out, req.Send()
+}
+
+// ListSecurityConfigsWithContext is the same as ListSecurityConfigs with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListSecurityConfigs for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListSecurityConfigsWithContext(ctx aws.Context, input *ListSecurityConfigsInput, opts ...request.Option) (*ListSecurityConfigsOutput, error) {
+ req, out := c.ListSecurityConfigsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListSecurityConfigsPages iterates over the pages of a ListSecurityConfigs operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListSecurityConfigs method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListSecurityConfigs operation.
+// pageNum := 0
+// err := client.ListSecurityConfigsPages(params,
+// func(page *opensearchserverless.ListSecurityConfigsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *OpenSearchServerless) ListSecurityConfigsPages(input *ListSecurityConfigsInput, fn func(*ListSecurityConfigsOutput, bool) bool) error {
+ return c.ListSecurityConfigsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListSecurityConfigsPagesWithContext same as ListSecurityConfigsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListSecurityConfigsPagesWithContext(ctx aws.Context, input *ListSecurityConfigsInput, fn func(*ListSecurityConfigsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListSecurityConfigsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListSecurityConfigsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListSecurityConfigsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListSecurityPolicies = "ListSecurityPolicies"
+
+// ListSecurityPoliciesRequest generates a "aws/request.Request" representing the
+// client's request for the ListSecurityPolicies operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListSecurityPolicies for more information on using the ListSecurityPolicies
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListSecurityPoliciesRequest method.
+// req, resp := client.ListSecurityPoliciesRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListSecurityPolicies
+func (c *OpenSearchServerless) ListSecurityPoliciesRequest(input *ListSecurityPoliciesInput) (req *request.Request, output *ListSecurityPoliciesOutput) {
+ op := &request.Operation{
+ Name: opListSecurityPolicies,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListSecurityPoliciesInput{}
+ }
+
+ output = &ListSecurityPoliciesOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListSecurityPolicies API operation for OpenSearch Service Serverless.
+//
+// Returns information about configured OpenSearch Serverless security policies.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation ListSecurityPolicies for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListSecurityPolicies
+func (c *OpenSearchServerless) ListSecurityPolicies(input *ListSecurityPoliciesInput) (*ListSecurityPoliciesOutput, error) {
+ req, out := c.ListSecurityPoliciesRequest(input)
+ return out, req.Send()
+}
+
+// ListSecurityPoliciesWithContext is the same as ListSecurityPolicies with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListSecurityPolicies for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListSecurityPoliciesWithContext(ctx aws.Context, input *ListSecurityPoliciesInput, opts ...request.Option) (*ListSecurityPoliciesOutput, error) {
+ req, out := c.ListSecurityPoliciesRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListSecurityPoliciesPages iterates over the pages of a ListSecurityPolicies operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListSecurityPolicies method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListSecurityPolicies operation.
+// pageNum := 0
+// err := client.ListSecurityPoliciesPages(params,
+// func(page *opensearchserverless.ListSecurityPoliciesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *OpenSearchServerless) ListSecurityPoliciesPages(input *ListSecurityPoliciesInput, fn func(*ListSecurityPoliciesOutput, bool) bool) error {
+ return c.ListSecurityPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListSecurityPoliciesPagesWithContext same as ListSecurityPoliciesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListSecurityPoliciesPagesWithContext(ctx aws.Context, input *ListSecurityPoliciesInput, fn func(*ListSecurityPoliciesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListSecurityPoliciesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListSecurityPoliciesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListSecurityPoliciesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListTagsForResource = "ListTagsForResource"
+
+// ListTagsForResourceRequest generates a "aws/request.Request" representing the
+// client's request for the ListTagsForResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListTagsForResource for more information on using the ListTagsForResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListTagsForResourceRequest method.
+// req, resp := client.ListTagsForResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListTagsForResource
+func (c *OpenSearchServerless) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
+ op := &request.Operation{
+ Name: opListTagsForResource,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &ListTagsForResourceInput{}
+ }
+
+ output = &ListTagsForResourceOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListTagsForResource API operation for OpenSearch Service Serverless.
+//
+// Returns the tags for an OpenSearch Serverless resource. For more information,
+// see Tagging Amazon OpenSearch Serverless collections (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/tag-collection.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation ListTagsForResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListTagsForResource
+func (c *OpenSearchServerless) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
+ return out, req.Send()
+}
+
+// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListTagsForResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opListVpcEndpoints = "ListVpcEndpoints"
+
+// ListVpcEndpointsRequest generates a "aws/request.Request" representing the
+// client's request for the ListVpcEndpoints operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListVpcEndpoints for more information on using the ListVpcEndpoints
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListVpcEndpointsRequest method.
+// req, resp := client.ListVpcEndpointsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListVpcEndpoints
+func (c *OpenSearchServerless) ListVpcEndpointsRequest(input *ListVpcEndpointsInput) (req *request.Request, output *ListVpcEndpointsOutput) {
+ op := &request.Operation{
+ Name: opListVpcEndpoints,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListVpcEndpointsInput{}
+ }
+
+ output = &ListVpcEndpointsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListVpcEndpoints API operation for OpenSearch Service Serverless.
+//
+// Returns the OpenSearch Serverless-managed interface VPC endpoints associated
+// with the current account. For more information, see Access Amazon OpenSearch
+// Serverless using an interface endpoint (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-vpc.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation ListVpcEndpoints for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/ListVpcEndpoints
+func (c *OpenSearchServerless) ListVpcEndpoints(input *ListVpcEndpointsInput) (*ListVpcEndpointsOutput, error) {
+ req, out := c.ListVpcEndpointsRequest(input)
+ return out, req.Send()
+}
+
+// ListVpcEndpointsWithContext is the same as ListVpcEndpoints with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListVpcEndpoints for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListVpcEndpointsWithContext(ctx aws.Context, input *ListVpcEndpointsInput, opts ...request.Option) (*ListVpcEndpointsOutput, error) {
+ req, out := c.ListVpcEndpointsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListVpcEndpointsPages iterates over the pages of a ListVpcEndpoints operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListVpcEndpoints method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListVpcEndpoints operation.
+// pageNum := 0
+// err := client.ListVpcEndpointsPages(params,
+// func(page *opensearchserverless.ListVpcEndpointsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *OpenSearchServerless) ListVpcEndpointsPages(input *ListVpcEndpointsInput, fn func(*ListVpcEndpointsOutput, bool) bool) error {
+ return c.ListVpcEndpointsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListVpcEndpointsPagesWithContext same as ListVpcEndpointsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) ListVpcEndpointsPagesWithContext(ctx aws.Context, input *ListVpcEndpointsInput, fn func(*ListVpcEndpointsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListVpcEndpointsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListVpcEndpointsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListVpcEndpointsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opTagResource = "TagResource"
+
+// TagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the TagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagResource for more information on using the TagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the TagResourceRequest method.
+// req, resp := client.TagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/TagResource
+func (c *OpenSearchServerless) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
+ op := &request.Operation{
+ Name: opTagResource,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &TagResourceInput{}
+ }
+
+ output = &TagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// TagResource API operation for OpenSearch Service Serverless.
+//
+// Associates tags with an OpenSearch Serverless resource. For more information,
+// see Tagging Amazon OpenSearch Serverless collections (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/tag-collection.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation TagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/TagResource
+func (c *OpenSearchServerless) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ return out, req.Send()
+}
+
+// TagResourceWithContext is the same as TagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUntagResource = "UntagResource"
+
+// UntagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the UntagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagResource for more information on using the UntagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UntagResourceRequest method.
+// req, resp := client.UntagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UntagResource
+func (c *OpenSearchServerless) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
+ op := &request.Operation{
+ Name: opUntagResource,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UntagResourceInput{}
+ }
+
+ output = &UntagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UntagResource API operation for OpenSearch Service Serverless.
+//
+// Removes a tag or set of tags from an OpenSearch Serverless resource. For
+// more information, see Tagging Amazon OpenSearch Serverless collections (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/tag-collection.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation UntagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UntagResource
+func (c *OpenSearchServerless) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ return out, req.Send()
+}
+
+// UntagResourceWithContext is the same as UntagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateAccessPolicy = "UpdateAccessPolicy"
+
+// UpdateAccessPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateAccessPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateAccessPolicy for more information on using the UpdateAccessPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateAccessPolicyRequest method.
+// req, resp := client.UpdateAccessPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateAccessPolicy
+func (c *OpenSearchServerless) UpdateAccessPolicyRequest(input *UpdateAccessPolicyInput) (req *request.Request, output *UpdateAccessPolicyOutput) {
+ op := &request.Operation{
+ Name: opUpdateAccessPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UpdateAccessPolicyInput{}
+ }
+
+ output = &UpdateAccessPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateAccessPolicy API operation for OpenSearch Service Serverless.
+//
+// Updates an OpenSearch Serverless access policy. For more information, see
+// Data access control for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation UpdateAccessPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateAccessPolicy
+func (c *OpenSearchServerless) UpdateAccessPolicy(input *UpdateAccessPolicyInput) (*UpdateAccessPolicyOutput, error) {
+ req, out := c.UpdateAccessPolicyRequest(input)
+ return out, req.Send()
+}
+
+// UpdateAccessPolicyWithContext is the same as UpdateAccessPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateAccessPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) UpdateAccessPolicyWithContext(ctx aws.Context, input *UpdateAccessPolicyInput, opts ...request.Option) (*UpdateAccessPolicyOutput, error) {
+ req, out := c.UpdateAccessPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateAccountSettings = "UpdateAccountSettings"
+
+// UpdateAccountSettingsRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateAccountSettings operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateAccountSettings for more information on using the UpdateAccountSettings
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateAccountSettingsRequest method.
+// req, resp := client.UpdateAccountSettingsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateAccountSettings
+func (c *OpenSearchServerless) UpdateAccountSettingsRequest(input *UpdateAccountSettingsInput) (req *request.Request, output *UpdateAccountSettingsOutput) {
+ op := &request.Operation{
+ Name: opUpdateAccountSettings,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UpdateAccountSettingsInput{}
+ }
+
+ output = &UpdateAccountSettingsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateAccountSettings API operation for OpenSearch Service Serverless.
+//
+// Update the OpenSearch Serverless settings for the current Amazon Web Services
+// account. For more information, see Autoscaling (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-scaling).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation UpdateAccountSettings for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateAccountSettings
+func (c *OpenSearchServerless) UpdateAccountSettings(input *UpdateAccountSettingsInput) (*UpdateAccountSettingsOutput, error) {
+ req, out := c.UpdateAccountSettingsRequest(input)
+ return out, req.Send()
+}
+
+// UpdateAccountSettingsWithContext is the same as UpdateAccountSettings with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateAccountSettings for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) UpdateAccountSettingsWithContext(ctx aws.Context, input *UpdateAccountSettingsInput, opts ...request.Option) (*UpdateAccountSettingsOutput, error) {
+ req, out := c.UpdateAccountSettingsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateCollection = "UpdateCollection"
+
+// UpdateCollectionRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateCollection operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateCollection for more information on using the UpdateCollection
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateCollectionRequest method.
+// req, resp := client.UpdateCollectionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateCollection
+func (c *OpenSearchServerless) UpdateCollectionRequest(input *UpdateCollectionInput) (req *request.Request, output *UpdateCollectionOutput) {
+ op := &request.Operation{
+ Name: opUpdateCollection,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UpdateCollectionInput{}
+ }
+
+ output = &UpdateCollectionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateCollection API operation for OpenSearch Service Serverless.
+//
+// Updates an OpenSearch Serverless collection.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation UpdateCollection for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateCollection
+func (c *OpenSearchServerless) UpdateCollection(input *UpdateCollectionInput) (*UpdateCollectionOutput, error) {
+ req, out := c.UpdateCollectionRequest(input)
+ return out, req.Send()
+}
+
+// UpdateCollectionWithContext is the same as UpdateCollection with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateCollection for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) UpdateCollectionWithContext(ctx aws.Context, input *UpdateCollectionInput, opts ...request.Option) (*UpdateCollectionOutput, error) {
+ req, out := c.UpdateCollectionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateSecurityConfig = "UpdateSecurityConfig"
+
+// UpdateSecurityConfigRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateSecurityConfig operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateSecurityConfig for more information on using the UpdateSecurityConfig
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateSecurityConfigRequest method.
+// req, resp := client.UpdateSecurityConfigRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateSecurityConfig
+func (c *OpenSearchServerless) UpdateSecurityConfigRequest(input *UpdateSecurityConfigInput) (req *request.Request, output *UpdateSecurityConfigOutput) {
+ op := &request.Operation{
+ Name: opUpdateSecurityConfig,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UpdateSecurityConfigInput{}
+ }
+
+ output = &UpdateSecurityConfigOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateSecurityConfig API operation for OpenSearch Service Serverless.
+//
+// Updates a security configuration for OpenSearch Serverless. For more information,
+// see SAML authentication for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation UpdateSecurityConfig for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateSecurityConfig
+func (c *OpenSearchServerless) UpdateSecurityConfig(input *UpdateSecurityConfigInput) (*UpdateSecurityConfigOutput, error) {
+ req, out := c.UpdateSecurityConfigRequest(input)
+ return out, req.Send()
+}
+
+// UpdateSecurityConfigWithContext is the same as UpdateSecurityConfig with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateSecurityConfig for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) UpdateSecurityConfigWithContext(ctx aws.Context, input *UpdateSecurityConfigInput, opts ...request.Option) (*UpdateSecurityConfigOutput, error) {
+ req, out := c.UpdateSecurityConfigRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateSecurityPolicy = "UpdateSecurityPolicy"
+
+// UpdateSecurityPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateSecurityPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateSecurityPolicy for more information on using the UpdateSecurityPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateSecurityPolicyRequest method.
+// req, resp := client.UpdateSecurityPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateSecurityPolicy
+func (c *OpenSearchServerless) UpdateSecurityPolicyRequest(input *UpdateSecurityPolicyInput) (req *request.Request, output *UpdateSecurityPolicyOutput) {
+ op := &request.Operation{
+ Name: opUpdateSecurityPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UpdateSecurityPolicyInput{}
+ }
+
+ output = &UpdateSecurityPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateSecurityPolicy API operation for OpenSearch Service Serverless.
+//
+// Updates an OpenSearch Serverless security policy. For more information, see
+// Network access for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-network.html)
+// and Encryption at rest for Amazon OpenSearch Serverless (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-encryption.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation UpdateSecurityPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ResourceNotFoundException
+// Thrown when accessing or deleting a resource that does not exist.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateSecurityPolicy
+func (c *OpenSearchServerless) UpdateSecurityPolicy(input *UpdateSecurityPolicyInput) (*UpdateSecurityPolicyOutput, error) {
+ req, out := c.UpdateSecurityPolicyRequest(input)
+ return out, req.Send()
+}
+
+// UpdateSecurityPolicyWithContext is the same as UpdateSecurityPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateSecurityPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) UpdateSecurityPolicyWithContext(ctx aws.Context, input *UpdateSecurityPolicyInput, opts ...request.Option) (*UpdateSecurityPolicyOutput, error) {
+ req, out := c.UpdateSecurityPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateVpcEndpoint = "UpdateVpcEndpoint"
+
+// UpdateVpcEndpointRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateVpcEndpoint operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateVpcEndpoint for more information on using the UpdateVpcEndpoint
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateVpcEndpointRequest method.
+// req, resp := client.UpdateVpcEndpointRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateVpcEndpoint
+func (c *OpenSearchServerless) UpdateVpcEndpointRequest(input *UpdateVpcEndpointInput) (req *request.Request, output *UpdateVpcEndpointOutput) {
+ op := &request.Operation{
+ Name: opUpdateVpcEndpoint,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &UpdateVpcEndpointInput{}
+ }
+
+ output = &UpdateVpcEndpointOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateVpcEndpoint API operation for OpenSearch Service Serverless.
+//
+// Updates an OpenSearch Serverless-managed interface endpoint. For more information,
+// see Access Amazon OpenSearch Serverless using an interface endpoint (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-vpc.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for OpenSearch Service Serverless's
+// API operation UpdateVpcEndpoint for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Thrown when an error internal to the service occurs while processing a request.
+//
+// - ConflictException
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+//
+// - ValidationException
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/UpdateVpcEndpoint
+func (c *OpenSearchServerless) UpdateVpcEndpoint(input *UpdateVpcEndpointInput) (*UpdateVpcEndpointOutput, error) {
+ req, out := c.UpdateVpcEndpointRequest(input)
+ return out, req.Send()
+}
+
+// UpdateVpcEndpointWithContext is the same as UpdateVpcEndpoint with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateVpcEndpoint for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *OpenSearchServerless) UpdateVpcEndpointWithContext(ctx aws.Context, input *UpdateVpcEndpointInput, opts ...request.Option) (*UpdateVpcEndpointOutput, error) {
+ req, out := c.UpdateVpcEndpointRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// Details about an OpenSearch Serverless access policy.
+type AccessPolicyDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The date the policy was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The description of the policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The timestamp of when the policy was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the policy.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The version of the policy.
+ PolicyVersion *string `locationName:"policyVersion" min:"20" type:"string"`
+
+ // The type of access policy.
+ Type *string `locationName:"type" type:"string" enum:"AccessPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicyDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicyDetail) GoString() string {
+ return s.String()
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *AccessPolicyDetail) SetCreatedDate(v int64) *AccessPolicyDetail {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *AccessPolicyDetail) SetDescription(v string) *AccessPolicyDetail {
+ s.Description = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *AccessPolicyDetail) SetLastModifiedDate(v int64) *AccessPolicyDetail {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *AccessPolicyDetail) SetName(v string) *AccessPolicyDetail {
+ s.Name = &v
+ return s
+}
+
+// SetPolicyVersion sets the PolicyVersion field's value.
+func (s *AccessPolicyDetail) SetPolicyVersion(v string) *AccessPolicyDetail {
+ s.PolicyVersion = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *AccessPolicyDetail) SetType(v string) *AccessPolicyDetail {
+ s.Type = &v
+ return s
+}
+
+// Statistics for an OpenSearch Serverless access policy.
+type AccessPolicyStats struct {
+ _ struct{} `type:"structure"`
+
+ // The number of data access policies in the current account.
+ DataPolicyCount *int64 `type:"long"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicyStats) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicyStats) GoString() string {
+ return s.String()
+}
+
+// SetDataPolicyCount sets the DataPolicyCount field's value.
+func (s *AccessPolicyStats) SetDataPolicyCount(v int64) *AccessPolicyStats {
+ s.DataPolicyCount = &v
+ return s
+}
+
+// A summary of the data access policy.
+type AccessPolicySummary struct {
+ _ struct{} `type:"structure"`
+
+ // The Epoch time when the access policy was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The description of the access policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The date and time when the collection was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the access policy.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The version of the policy.
+ PolicyVersion *string `locationName:"policyVersion" min:"20" type:"string"`
+
+ // The type of access policy. Currently the only available type is data.
+ Type *string `locationName:"type" type:"string" enum:"AccessPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicySummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessPolicySummary) GoString() string {
+ return s.String()
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *AccessPolicySummary) SetCreatedDate(v int64) *AccessPolicySummary {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *AccessPolicySummary) SetDescription(v string) *AccessPolicySummary {
+ s.Description = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *AccessPolicySummary) SetLastModifiedDate(v int64) *AccessPolicySummary {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *AccessPolicySummary) SetName(v string) *AccessPolicySummary {
+ s.Name = &v
+ return s
+}
+
+// SetPolicyVersion sets the PolicyVersion field's value.
+func (s *AccessPolicySummary) SetPolicyVersion(v string) *AccessPolicySummary {
+ s.PolicyVersion = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *AccessPolicySummary) SetType(v string) *AccessPolicySummary {
+ s.Type = &v
+ return s
+}
+
+// OpenSearch Serverless-related information for the current account.
+type AccountSettingsDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The maximum capacity limits for all OpenSearch Serverless collections, in
+ // OpenSearch Compute Units (OCUs). These limits are used to scale your collections
+ // based on the current workload. For more information, see Autoscaling (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-scaling).
+ CapacityLimits *CapacityLimits `locationName:"capacityLimits" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountSettingsDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountSettingsDetail) GoString() string {
+ return s.String()
+}
+
+// SetCapacityLimits sets the CapacityLimits field's value.
+func (s *AccountSettingsDetail) SetCapacityLimits(v *CapacityLimits) *AccountSettingsDetail {
+ s.CapacityLimits = v
+ return s
+}
+
+type BatchGetCollectionInput struct {
+ _ struct{} `type:"structure"`
+
+ // A list of collection IDs. You can't provide names and IDs in the same request.
+ // The ID is part of the collection endpoint. You can also retrieve it using
+ // the ListCollections (https://docs.aws.amazon.com/opensearch-service/latest/ServerlessAPIReference/API_ListCollections.html)
+ // API.
+ Ids []*string `locationName:"ids" min:"1" type:"list"`
+
+ // A list of collection names. You can't provide names and IDs in the same request.
+ Names []*string `locationName:"names" min:"1" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetCollectionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetCollectionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *BatchGetCollectionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "BatchGetCollectionInput"}
+ if s.Ids != nil && len(s.Ids) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Ids", 1))
+ }
+ if s.Names != nil && len(s.Names) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Names", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetIds sets the Ids field's value.
+func (s *BatchGetCollectionInput) SetIds(v []*string) *BatchGetCollectionInput {
+ s.Ids = v
+ return s
+}
+
+// SetNames sets the Names field's value.
+func (s *BatchGetCollectionInput) SetNames(v []*string) *BatchGetCollectionInput {
+ s.Names = v
+ return s
+}
+
+type BatchGetCollectionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about each collection.
+ CollectionDetails []*CollectionDetail `locationName:"collectionDetails" type:"list"`
+
+ // Error information for the request.
+ CollectionErrorDetails []*CollectionErrorDetail `locationName:"collectionErrorDetails" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetCollectionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetCollectionOutput) GoString() string {
+ return s.String()
+}
+
+// SetCollectionDetails sets the CollectionDetails field's value.
+func (s *BatchGetCollectionOutput) SetCollectionDetails(v []*CollectionDetail) *BatchGetCollectionOutput {
+ s.CollectionDetails = v
+ return s
+}
+
+// SetCollectionErrorDetails sets the CollectionErrorDetails field's value.
+func (s *BatchGetCollectionOutput) SetCollectionErrorDetails(v []*CollectionErrorDetail) *BatchGetCollectionOutput {
+ s.CollectionErrorDetails = v
+ return s
+}
+
+type BatchGetVpcEndpointInput struct {
+ _ struct{} `type:"structure"`
+
+ // A list of VPC endpoint identifiers.
+ //
+ // Ids is a required field
+ Ids []*string `locationName:"ids" min:"1" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetVpcEndpointInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetVpcEndpointInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *BatchGetVpcEndpointInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "BatchGetVpcEndpointInput"}
+ if s.Ids == nil {
+ invalidParams.Add(request.NewErrParamRequired("Ids"))
+ }
+ if s.Ids != nil && len(s.Ids) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Ids", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetIds sets the Ids field's value.
+func (s *BatchGetVpcEndpointInput) SetIds(v []*string) *BatchGetVpcEndpointInput {
+ s.Ids = v
+ return s
+}
+
+type BatchGetVpcEndpointOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the specified VPC endpoint.
+ VpcEndpointDetails []*VpcEndpointDetail `locationName:"vpcEndpointDetails" type:"list"`
+
+ // Error information for a failed request.
+ VpcEndpointErrorDetails []*VpcEndpointErrorDetail `locationName:"vpcEndpointErrorDetails" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetVpcEndpointOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BatchGetVpcEndpointOutput) GoString() string {
+ return s.String()
+}
+
+// SetVpcEndpointDetails sets the VpcEndpointDetails field's value.
+func (s *BatchGetVpcEndpointOutput) SetVpcEndpointDetails(v []*VpcEndpointDetail) *BatchGetVpcEndpointOutput {
+ s.VpcEndpointDetails = v
+ return s
+}
+
+// SetVpcEndpointErrorDetails sets the VpcEndpointErrorDetails field's value.
+func (s *BatchGetVpcEndpointOutput) SetVpcEndpointErrorDetails(v []*VpcEndpointErrorDetail) *BatchGetVpcEndpointOutput {
+ s.VpcEndpointErrorDetails = v
+ return s
+}
+
+// The maximum capacity limits for all OpenSearch Serverless collections, in
+// OpenSearch Compute Units (OCUs). These limits are used to scale your collections
+// based on the current workload. For more information, see Autoscaling (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-scaling).
+type CapacityLimits struct {
+ _ struct{} `type:"structure"`
+
+ // The maximum indexing capacity for collections.
+ MaxIndexingCapacityInOCU *int64 `locationName:"maxIndexingCapacityInOCU" min:"2" type:"integer"`
+
+ // The maximum search capacity for collections.
+ MaxSearchCapacityInOCU *int64 `locationName:"maxSearchCapacityInOCU" min:"2" type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CapacityLimits) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CapacityLimits) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CapacityLimits) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CapacityLimits"}
+ if s.MaxIndexingCapacityInOCU != nil && *s.MaxIndexingCapacityInOCU < 2 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxIndexingCapacityInOCU", 2))
+ }
+ if s.MaxSearchCapacityInOCU != nil && *s.MaxSearchCapacityInOCU < 2 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxSearchCapacityInOCU", 2))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxIndexingCapacityInOCU sets the MaxIndexingCapacityInOCU field's value.
+func (s *CapacityLimits) SetMaxIndexingCapacityInOCU(v int64) *CapacityLimits {
+ s.MaxIndexingCapacityInOCU = &v
+ return s
+}
+
+// SetMaxSearchCapacityInOCU sets the MaxSearchCapacityInOCU field's value.
+func (s *CapacityLimits) SetMaxSearchCapacityInOCU(v int64) *CapacityLimits {
+ s.MaxSearchCapacityInOCU = &v
+ return s
+}
+
+// Details about each OpenSearch Serverless collection, including the collection
+// endpoint and the OpenSearch Dashboards endpoint.
+type CollectionDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the collection.
+ Arn *string `locationName:"arn" type:"string"`
+
+ // Collection-specific endpoint used to submit index, search, and data upload
+ // requests to an OpenSearch Serverless collection.
+ CollectionEndpoint *string `locationName:"collectionEndpoint" type:"string"`
+
+ // The Epoch time when the collection was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // Collection-specific endpoint used to access OpenSearch Dashboards.
+ DashboardEndpoint *string `locationName:"dashboardEndpoint" type:"string"`
+
+ // A description of the collection.
+ Description *string `locationName:"description" type:"string"`
+
+ // A unique identifier for the collection.
+ Id *string `locationName:"id" min:"3" type:"string"`
+
+ // The ARN of the Amazon Web Services KMS key used to encrypt the collection.
+ KmsKeyArn *string `locationName:"kmsKeyArn" type:"string"`
+
+ // The date and time when the collection was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the collection.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the collection.
+ Status *string `locationName:"status" type:"string" enum:"CollectionStatus"`
+
+ // The type of collection.
+ Type *string `locationName:"type" type:"string" enum:"CollectionType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionDetail) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *CollectionDetail) SetArn(v string) *CollectionDetail {
+ s.Arn = &v
+ return s
+}
+
+// SetCollectionEndpoint sets the CollectionEndpoint field's value.
+func (s *CollectionDetail) SetCollectionEndpoint(v string) *CollectionDetail {
+ s.CollectionEndpoint = &v
+ return s
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *CollectionDetail) SetCreatedDate(v int64) *CollectionDetail {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDashboardEndpoint sets the DashboardEndpoint field's value.
+func (s *CollectionDetail) SetDashboardEndpoint(v string) *CollectionDetail {
+ s.DashboardEndpoint = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CollectionDetail) SetDescription(v string) *CollectionDetail {
+ s.Description = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *CollectionDetail) SetId(v string) *CollectionDetail {
+ s.Id = &v
+ return s
+}
+
+// SetKmsKeyArn sets the KmsKeyArn field's value.
+func (s *CollectionDetail) SetKmsKeyArn(v string) *CollectionDetail {
+ s.KmsKeyArn = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *CollectionDetail) SetLastModifiedDate(v int64) *CollectionDetail {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CollectionDetail) SetName(v string) *CollectionDetail {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *CollectionDetail) SetStatus(v string) *CollectionDetail {
+ s.Status = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *CollectionDetail) SetType(v string) *CollectionDetail {
+ s.Type = &v
+ return s
+}
+
+// Error information for an OpenSearch Serverless request.
+type CollectionErrorDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The error code for the request. For example, NOT_FOUND.
+ ErrorCode *string `locationName:"errorCode" type:"string"`
+
+ // A description of the error. For example, The specified Collection is not
+ // found.
+ ErrorMessage *string `locationName:"errorMessage" type:"string"`
+
+ // If the request contains collection IDs, the response includes the IDs provided
+ // in the request.
+ Id *string `locationName:"id" min:"3" type:"string"`
+
+ // If the request contains collection names, the response includes the names
+ // provided in the request.
+ Name *string `locationName:"name" min:"3" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionErrorDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionErrorDetail) GoString() string {
+ return s.String()
+}
+
+// SetErrorCode sets the ErrorCode field's value.
+func (s *CollectionErrorDetail) SetErrorCode(v string) *CollectionErrorDetail {
+ s.ErrorCode = &v
+ return s
+}
+
+// SetErrorMessage sets the ErrorMessage field's value.
+func (s *CollectionErrorDetail) SetErrorMessage(v string) *CollectionErrorDetail {
+ s.ErrorMessage = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *CollectionErrorDetail) SetId(v string) *CollectionErrorDetail {
+ s.Id = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CollectionErrorDetail) SetName(v string) *CollectionErrorDetail {
+ s.Name = &v
+ return s
+}
+
+// List of filter keys that you can use for LIST, UPDATE, and DELETE requests
+// to OpenSearch Serverless collections.
+type CollectionFilters struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the collection.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the collection.
+ Status *string `locationName:"status" type:"string" enum:"CollectionStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionFilters) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionFilters) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CollectionFilters) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CollectionFilters"}
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetName sets the Name field's value.
+func (s *CollectionFilters) SetName(v string) *CollectionFilters {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *CollectionFilters) SetStatus(v string) *CollectionFilters {
+ s.Status = &v
+ return s
+}
+
+// Details about each OpenSearch Serverless collection.
+type CollectionSummary struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the collection.
+ Arn *string `locationName:"arn" type:"string"`
+
+ // The unique identifier of the collection.
+ Id *string `locationName:"id" min:"3" type:"string"`
+
+ // The name of the collection.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the collection.
+ Status *string `locationName:"status" type:"string" enum:"CollectionStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionSummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CollectionSummary) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *CollectionSummary) SetArn(v string) *CollectionSummary {
+ s.Arn = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *CollectionSummary) SetId(v string) *CollectionSummary {
+ s.Id = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CollectionSummary) SetName(v string) *CollectionSummary {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *CollectionSummary) SetStatus(v string) *CollectionSummary {
+ s.Status = &v
+ return s
+}
+
+// When creating a collection, thrown when a collection with the same name already
+// exists or is being created. When deleting a collection, thrown when the collection
+// is not in the ACTIVE or FAILED state.
+type ConflictException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) GoString() string {
+ return s.String()
+}
+
+func newErrorConflictException(v protocol.ResponseMetadata) error {
+ return &ConflictException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ConflictException) Code() string {
+ return "ConflictException"
+}
+
+// Message returns the exception's message.
+func (s *ConflictException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ConflictException) OrigErr() error {
+ return nil
+}
+
+func (s *ConflictException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ConflictException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ConflictException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type CreateAccessPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // A description of the policy. Typically used to store information about the
+ // permissions defined in the policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The name of the policy.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The JSON policy document to use as the content for the policy.
+ //
+ // Policy is a required field
+ Policy *string `locationName:"policy" min:"1" type:"string" required:"true"`
+
+ // The type of policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"AccessPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateAccessPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateAccessPolicyInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Description != nil && len(*s.Description) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Description", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Policy == nil {
+ invalidParams.Add(request.NewErrParamRequired("Policy"))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateAccessPolicyInput) SetClientToken(v string) *CreateAccessPolicyInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CreateAccessPolicyInput) SetDescription(v string) *CreateAccessPolicyInput {
+ s.Description = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateAccessPolicyInput) SetName(v string) *CreateAccessPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *CreateAccessPolicyInput) SetPolicy(v string) *CreateAccessPolicyInput {
+ s.Policy = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *CreateAccessPolicyInput) SetType(v string) *CreateAccessPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type CreateAccessPolicyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the created access policy.
+ AccessPolicyDetail *AccessPolicyDetail `locationName:"accessPolicyDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAccessPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessPolicyDetail sets the AccessPolicyDetail field's value.
+func (s *CreateAccessPolicyOutput) SetAccessPolicyDetail(v *AccessPolicyDetail) *CreateAccessPolicyOutput {
+ s.AccessPolicyDetail = v
+ return s
+}
+
+// Details about the created OpenSearch Serverless collection.
+type CreateCollectionDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the collection.
+ Arn *string `locationName:"arn" type:"string"`
+
+ // The Epoch time when the collection was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // A description of the collection.
+ Description *string `locationName:"description" type:"string"`
+
+ // The unique identifier of the collection.
+ Id *string `locationName:"id" min:"3" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the KMS key with which to encrypt the collection.
+ KmsKeyArn *string `locationName:"kmsKeyArn" type:"string"`
+
+ // The date and time when the collection was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the collection.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the collection.
+ Status *string `locationName:"status" type:"string" enum:"CollectionStatus"`
+
+ // The type of collection.
+ Type *string `locationName:"type" type:"string" enum:"CollectionType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCollectionDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCollectionDetail) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *CreateCollectionDetail) SetArn(v string) *CreateCollectionDetail {
+ s.Arn = &v
+ return s
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *CreateCollectionDetail) SetCreatedDate(v int64) *CreateCollectionDetail {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CreateCollectionDetail) SetDescription(v string) *CreateCollectionDetail {
+ s.Description = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *CreateCollectionDetail) SetId(v string) *CreateCollectionDetail {
+ s.Id = &v
+ return s
+}
+
+// SetKmsKeyArn sets the KmsKeyArn field's value.
+func (s *CreateCollectionDetail) SetKmsKeyArn(v string) *CreateCollectionDetail {
+ s.KmsKeyArn = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *CreateCollectionDetail) SetLastModifiedDate(v int64) *CreateCollectionDetail {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateCollectionDetail) SetName(v string) *CreateCollectionDetail {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *CreateCollectionDetail) SetStatus(v string) *CreateCollectionDetail {
+ s.Status = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *CreateCollectionDetail) SetType(v string) *CreateCollectionDetail {
+ s.Type = &v
+ return s
+}
+
+type CreateCollectionInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // Description of the collection.
+ Description *string `locationName:"description" type:"string"`
+
+ // Name of the collection.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // An arbitrary set of tags (key–value pairs) to associate with the OpenSearch
+ // Serverless collection.
+ Tags []*Tag `locationName:"tags" type:"list"`
+
+ // The type of collection.
+ Type *string `locationName:"type" type:"string" enum:"CollectionType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCollectionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCollectionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateCollectionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateCollectionInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateCollectionInput) SetClientToken(v string) *CreateCollectionInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CreateCollectionInput) SetDescription(v string) *CreateCollectionInput {
+ s.Description = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateCollectionInput) SetName(v string) *CreateCollectionInput {
+ s.Name = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *CreateCollectionInput) SetTags(v []*Tag) *CreateCollectionInput {
+ s.Tags = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *CreateCollectionInput) SetType(v string) *CreateCollectionInput {
+ s.Type = &v
+ return s
+}
+
+type CreateCollectionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the collection.
+ CreateCollectionDetail *CreateCollectionDetail `locationName:"createCollectionDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCollectionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCollectionOutput) GoString() string {
+ return s.String()
+}
+
+// SetCreateCollectionDetail sets the CreateCollectionDetail field's value.
+func (s *CreateCollectionOutput) SetCreateCollectionDetail(v *CreateCollectionDetail) *CreateCollectionOutput {
+ s.CreateCollectionDetail = v
+ return s
+}
+
+type CreateSecurityConfigInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // A description of the security configuration.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The name of the security configuration.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // Describes SAML options in in the form of a key-value map.
+ SamlOptions *SamlConfigOptions `locationName:"samlOptions" type:"structure"`
+
+ // The type of security configuration.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"SecurityConfigType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityConfigInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityConfigInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateSecurityConfigInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateSecurityConfigInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Description != nil && len(*s.Description) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Description", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+ if s.SamlOptions != nil {
+ if err := s.SamlOptions.Validate(); err != nil {
+ invalidParams.AddNested("SamlOptions", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateSecurityConfigInput) SetClientToken(v string) *CreateSecurityConfigInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CreateSecurityConfigInput) SetDescription(v string) *CreateSecurityConfigInput {
+ s.Description = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateSecurityConfigInput) SetName(v string) *CreateSecurityConfigInput {
+ s.Name = &v
+ return s
+}
+
+// SetSamlOptions sets the SamlOptions field's value.
+func (s *CreateSecurityConfigInput) SetSamlOptions(v *SamlConfigOptions) *CreateSecurityConfigInput {
+ s.SamlOptions = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *CreateSecurityConfigInput) SetType(v string) *CreateSecurityConfigInput {
+ s.Type = &v
+ return s
+}
+
+type CreateSecurityConfigOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the created security configuration.
+ SecurityConfigDetail *SecurityConfigDetail `locationName:"securityConfigDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityConfigOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityConfigOutput) GoString() string {
+ return s.String()
+}
+
+// SetSecurityConfigDetail sets the SecurityConfigDetail field's value.
+func (s *CreateSecurityConfigOutput) SetSecurityConfigDetail(v *SecurityConfigDetail) *CreateSecurityConfigOutput {
+ s.SecurityConfigDetail = v
+ return s
+}
+
+type CreateSecurityPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // A description of the policy. Typically used to store information about the
+ // permissions defined in the policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The name of the policy.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The JSON policy document to use as the content for the new policy.
+ //
+ // Policy is a required field
+ Policy *string `locationName:"policy" min:"1" type:"string" required:"true"`
+
+ // The type of security policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"SecurityPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateSecurityPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateSecurityPolicyInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Description != nil && len(*s.Description) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Description", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Policy == nil {
+ invalidParams.Add(request.NewErrParamRequired("Policy"))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateSecurityPolicyInput) SetClientToken(v string) *CreateSecurityPolicyInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *CreateSecurityPolicyInput) SetDescription(v string) *CreateSecurityPolicyInput {
+ s.Description = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateSecurityPolicyInput) SetName(v string) *CreateSecurityPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *CreateSecurityPolicyInput) SetPolicy(v string) *CreateSecurityPolicyInput {
+ s.Policy = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *CreateSecurityPolicyInput) SetType(v string) *CreateSecurityPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type CreateSecurityPolicyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the created security policy.
+ SecurityPolicyDetail *SecurityPolicyDetail `locationName:"securityPolicyDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSecurityPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// SetSecurityPolicyDetail sets the SecurityPolicyDetail field's value.
+func (s *CreateSecurityPolicyOutput) SetSecurityPolicyDetail(v *SecurityPolicyDetail) *CreateSecurityPolicyOutput {
+ s.SecurityPolicyDetail = v
+ return s
+}
+
+// Creation details for an OpenSearch Serverless-managed interface endpoint.
+// For more information, see Access Amazon OpenSearch Serverless using an interface
+// endpoint (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-vpc.html).
+type CreateVpcEndpointDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier of the endpoint.
+ Id *string `locationName:"id" min:"1" type:"string"`
+
+ // The name of the endpoint.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status in the endpoint creation process.
+ Status *string `locationName:"status" type:"string" enum:"VpcEndpointStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateVpcEndpointDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateVpcEndpointDetail) GoString() string {
+ return s.String()
+}
+
+// SetId sets the Id field's value.
+func (s *CreateVpcEndpointDetail) SetId(v string) *CreateVpcEndpointDetail {
+ s.Id = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateVpcEndpointDetail) SetName(v string) *CreateVpcEndpointDetail {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *CreateVpcEndpointDetail) SetStatus(v string) *CreateVpcEndpointDetail {
+ s.Status = &v
+ return s
+}
+
+type CreateVpcEndpointInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The name of the interface endpoint.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The unique identifiers of the security groups that define the ports, protocols,
+ // and sources for inbound traffic that you are authorizing into your endpoint.
+ SecurityGroupIds []*string `locationName:"securityGroupIds" min:"1" type:"list"`
+
+ // The ID of one or more subnets from which you'll access OpenSearch Serverless.
+ //
+ // SubnetIds is a required field
+ SubnetIds []*string `locationName:"subnetIds" min:"1" type:"list" required:"true"`
+
+ // The ID of the VPC from which you'll access OpenSearch Serverless.
+ //
+ // VpcId is a required field
+ VpcId *string `locationName:"vpcId" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateVpcEndpointInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateVpcEndpointInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateVpcEndpointInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateVpcEndpointInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.SecurityGroupIds != nil && len(s.SecurityGroupIds) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("SecurityGroupIds", 1))
+ }
+ if s.SubnetIds == nil {
+ invalidParams.Add(request.NewErrParamRequired("SubnetIds"))
+ }
+ if s.SubnetIds != nil && len(s.SubnetIds) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("SubnetIds", 1))
+ }
+ if s.VpcId == nil {
+ invalidParams.Add(request.NewErrParamRequired("VpcId"))
+ }
+ if s.VpcId != nil && len(*s.VpcId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("VpcId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateVpcEndpointInput) SetClientToken(v string) *CreateVpcEndpointInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateVpcEndpointInput) SetName(v string) *CreateVpcEndpointInput {
+ s.Name = &v
+ return s
+}
+
+// SetSecurityGroupIds sets the SecurityGroupIds field's value.
+func (s *CreateVpcEndpointInput) SetSecurityGroupIds(v []*string) *CreateVpcEndpointInput {
+ s.SecurityGroupIds = v
+ return s
+}
+
+// SetSubnetIds sets the SubnetIds field's value.
+func (s *CreateVpcEndpointInput) SetSubnetIds(v []*string) *CreateVpcEndpointInput {
+ s.SubnetIds = v
+ return s
+}
+
+// SetVpcId sets the VpcId field's value.
+func (s *CreateVpcEndpointInput) SetVpcId(v string) *CreateVpcEndpointInput {
+ s.VpcId = &v
+ return s
+}
+
+type CreateVpcEndpointOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the created interface VPC endpoint.
+ CreateVpcEndpointDetail *CreateVpcEndpointDetail `locationName:"createVpcEndpointDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateVpcEndpointOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateVpcEndpointOutput) GoString() string {
+ return s.String()
+}
+
+// SetCreateVpcEndpointDetail sets the CreateVpcEndpointDetail field's value.
+func (s *CreateVpcEndpointOutput) SetCreateVpcEndpointDetail(v *CreateVpcEndpointDetail) *CreateVpcEndpointOutput {
+ s.CreateVpcEndpointDetail = v
+ return s
+}
+
+type DeleteAccessPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The name of the policy to delete.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The type of policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"AccessPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteAccessPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteAccessPolicyInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *DeleteAccessPolicyInput) SetClientToken(v string) *DeleteAccessPolicyInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *DeleteAccessPolicyInput) SetName(v string) *DeleteAccessPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *DeleteAccessPolicyInput) SetType(v string) *DeleteAccessPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type DeleteAccessPolicyOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAccessPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// Details about a deleted OpenSearch Serverless collection.
+type DeleteCollectionDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier of the collection.
+ Id *string `locationName:"id" min:"3" type:"string"`
+
+ // The name of the collection.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the collection.
+ Status *string `locationName:"status" type:"string" enum:"CollectionStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCollectionDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCollectionDetail) GoString() string {
+ return s.String()
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteCollectionDetail) SetId(v string) *DeleteCollectionDetail {
+ s.Id = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *DeleteCollectionDetail) SetName(v string) *DeleteCollectionDetail {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *DeleteCollectionDetail) SetStatus(v string) *DeleteCollectionDetail {
+ s.Status = &v
+ return s
+}
+
+type DeleteCollectionInput struct {
+ _ struct{} `type:"structure"`
+
+ // A unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The unique identifier of the collection. For example, 1iu5usc406kd. The ID
+ // is part of the collection endpoint. You can also retrieve it using the ListCollections
+ // (https://docs.aws.amazon.com/opensearch-service/latest/ServerlessAPIReference/API_ListCollections.html)
+ // API.
+ //
+ // Id is a required field
+ Id *string `locationName:"id" min:"3" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCollectionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCollectionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteCollectionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteCollectionInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 3))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *DeleteCollectionInput) SetClientToken(v string) *DeleteCollectionInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteCollectionInput) SetId(v string) *DeleteCollectionInput {
+ s.Id = &v
+ return s
+}
+
+type DeleteCollectionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details of the deleted collection.
+ DeleteCollectionDetail *DeleteCollectionDetail `locationName:"deleteCollectionDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCollectionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCollectionOutput) GoString() string {
+ return s.String()
+}
+
+// SetDeleteCollectionDetail sets the DeleteCollectionDetail field's value.
+func (s *DeleteCollectionOutput) SetDeleteCollectionDetail(v *DeleteCollectionDetail) *DeleteCollectionOutput {
+ s.DeleteCollectionDetail = v
+ return s
+}
+
+type DeleteSecurityConfigInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The security configuration identifier. For SAML the ID will be saml//.
+ // For example, saml/123456789123/OKTADev.
+ //
+ // Id is a required field
+ Id *string `locationName:"id" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityConfigInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityConfigInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteSecurityConfigInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteSecurityConfigInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *DeleteSecurityConfigInput) SetClientToken(v string) *DeleteSecurityConfigInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteSecurityConfigInput) SetId(v string) *DeleteSecurityConfigInput {
+ s.Id = &v
+ return s
+}
+
+type DeleteSecurityConfigOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityConfigOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityConfigOutput) GoString() string {
+ return s.String()
+}
+
+type DeleteSecurityPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The name of the policy to delete.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The type of policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"SecurityPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteSecurityPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteSecurityPolicyInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *DeleteSecurityPolicyInput) SetClientToken(v string) *DeleteSecurityPolicyInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *DeleteSecurityPolicyInput) SetName(v string) *DeleteSecurityPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *DeleteSecurityPolicyInput) SetType(v string) *DeleteSecurityPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type DeleteSecurityPolicyOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSecurityPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// Deletion details for an OpenSearch Serverless-managed interface endpoint.
+type DeleteVpcEndpointDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier of the endpoint.
+ Id *string `locationName:"id" min:"1" type:"string"`
+
+ // The name of the endpoint.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the endpoint deletion process.
+ Status *string `locationName:"status" type:"string" enum:"VpcEndpointStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteVpcEndpointDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteVpcEndpointDetail) GoString() string {
+ return s.String()
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteVpcEndpointDetail) SetId(v string) *DeleteVpcEndpointDetail {
+ s.Id = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *DeleteVpcEndpointDetail) SetName(v string) *DeleteVpcEndpointDetail {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *DeleteVpcEndpointDetail) SetStatus(v string) *DeleteVpcEndpointDetail {
+ s.Status = &v
+ return s
+}
+
+type DeleteVpcEndpointInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The VPC endpoint identifier.
+ //
+ // Id is a required field
+ Id *string `locationName:"id" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteVpcEndpointInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteVpcEndpointInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteVpcEndpointInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteVpcEndpointInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *DeleteVpcEndpointInput) SetClientToken(v string) *DeleteVpcEndpointInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteVpcEndpointInput) SetId(v string) *DeleteVpcEndpointInput {
+ s.Id = &v
+ return s
+}
+
+type DeleteVpcEndpointOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the deleted endpoint.
+ DeleteVpcEndpointDetail *DeleteVpcEndpointDetail `locationName:"deleteVpcEndpointDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteVpcEndpointOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteVpcEndpointOutput) GoString() string {
+ return s.String()
+}
+
+// SetDeleteVpcEndpointDetail sets the DeleteVpcEndpointDetail field's value.
+func (s *DeleteVpcEndpointOutput) SetDeleteVpcEndpointDetail(v *DeleteVpcEndpointDetail) *DeleteVpcEndpointOutput {
+ s.DeleteVpcEndpointDetail = v
+ return s
+}
+
+type GetAccessPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the access policy.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // Tye type of policy. Currently the only supported value is data.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"AccessPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetAccessPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetAccessPolicyInput"}
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetName sets the Name field's value.
+func (s *GetAccessPolicyInput) SetName(v string) *GetAccessPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *GetAccessPolicyInput) SetType(v string) *GetAccessPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type GetAccessPolicyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the requested access policy.
+ AccessPolicyDetail *AccessPolicyDetail `locationName:"accessPolicyDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessPolicyDetail sets the AccessPolicyDetail field's value.
+func (s *GetAccessPolicyOutput) SetAccessPolicyDetail(v *AccessPolicyDetail) *GetAccessPolicyOutput {
+ s.AccessPolicyDetail = v
+ return s
+}
+
+type GetAccountSettingsInput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccountSettingsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccountSettingsInput) GoString() string {
+ return s.String()
+}
+
+type GetAccountSettingsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // OpenSearch Serverless-related details for the current account.
+ AccountSettingsDetail *AccountSettingsDetail `locationName:"accountSettingsDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccountSettingsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccountSettingsOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccountSettingsDetail sets the AccountSettingsDetail field's value.
+func (s *GetAccountSettingsOutput) SetAccountSettingsDetail(v *AccountSettingsDetail) *GetAccountSettingsOutput {
+ s.AccountSettingsDetail = v
+ return s
+}
+
+type GetPoliciesStatsInput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPoliciesStatsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPoliciesStatsInput) GoString() string {
+ return s.String()
+}
+
+type GetPoliciesStatsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Information about the data access policies in your account.
+ AccessPolicyStats *AccessPolicyStats `type:"structure"`
+
+ // Information about the security configurations in your account.
+ SecurityConfigStats *SecurityConfigStats `type:"structure"`
+
+ // Information about the security policies in your account.
+ SecurityPolicyStats *SecurityPolicyStats `type:"structure"`
+
+ // The total number of OpenSearch Serverless security policies and configurations
+ // in your account.
+ TotalPolicyCount *int64 `type:"long"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPoliciesStatsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPoliciesStatsOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessPolicyStats sets the AccessPolicyStats field's value.
+func (s *GetPoliciesStatsOutput) SetAccessPolicyStats(v *AccessPolicyStats) *GetPoliciesStatsOutput {
+ s.AccessPolicyStats = v
+ return s
+}
+
+// SetSecurityConfigStats sets the SecurityConfigStats field's value.
+func (s *GetPoliciesStatsOutput) SetSecurityConfigStats(v *SecurityConfigStats) *GetPoliciesStatsOutput {
+ s.SecurityConfigStats = v
+ return s
+}
+
+// SetSecurityPolicyStats sets the SecurityPolicyStats field's value.
+func (s *GetPoliciesStatsOutput) SetSecurityPolicyStats(v *SecurityPolicyStats) *GetPoliciesStatsOutput {
+ s.SecurityPolicyStats = v
+ return s
+}
+
+// SetTotalPolicyCount sets the TotalPolicyCount field's value.
+func (s *GetPoliciesStatsOutput) SetTotalPolicyCount(v int64) *GetPoliciesStatsOutput {
+ s.TotalPolicyCount = &v
+ return s
+}
+
+type GetSecurityConfigInput struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier of the security configuration.
+ //
+ // Id is a required field
+ Id *string `locationName:"id" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityConfigInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityConfigInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetSecurityConfigInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetSecurityConfigInput"}
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetId sets the Id field's value.
+func (s *GetSecurityConfigInput) SetId(v string) *GetSecurityConfigInput {
+ s.Id = &v
+ return s
+}
+
+type GetSecurityConfigOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details of the requested security configuration.
+ SecurityConfigDetail *SecurityConfigDetail `locationName:"securityConfigDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityConfigOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityConfigOutput) GoString() string {
+ return s.String()
+}
+
+// SetSecurityConfigDetail sets the SecurityConfigDetail field's value.
+func (s *GetSecurityConfigOutput) SetSecurityConfigDetail(v *SecurityConfigDetail) *GetSecurityConfigOutput {
+ s.SecurityConfigDetail = v
+ return s
+}
+
+type GetSecurityPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the security policy.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The type of security policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"SecurityPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetSecurityPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetSecurityPolicyInput"}
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetName sets the Name field's value.
+func (s *GetSecurityPolicyInput) SetName(v string) *GetSecurityPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *GetSecurityPolicyInput) SetType(v string) *GetSecurityPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type GetSecurityPolicyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the requested security policy.
+ SecurityPolicyDetail *SecurityPolicyDetail `locationName:"securityPolicyDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSecurityPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// SetSecurityPolicyDetail sets the SecurityPolicyDetail field's value.
+func (s *GetSecurityPolicyOutput) SetSecurityPolicyDetail(v *SecurityPolicyDetail) *GetSecurityPolicyOutput {
+ s.SecurityPolicyDetail = v
+ return s
+}
+
+// Thrown when an error internal to the service occurs while processing a request.
+type InternalServerException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) GoString() string {
+ return s.String()
+}
+
+func newErrorInternalServerException(v protocol.ResponseMetadata) error {
+ return &InternalServerException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InternalServerException) Code() string {
+ return "InternalServerException"
+}
+
+// Message returns the exception's message.
+func (s *InternalServerException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InternalServerException) OrigErr() error {
+ return nil
+}
+
+func (s *InternalServerException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InternalServerException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InternalServerException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type ListAccessPoliciesInput struct {
+ _ struct{} `type:"structure"`
+
+ // An optional parameter that specifies the maximum number of results to return.
+ // You can use nextToken to get the next page of results. The default is 20.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // If your initial ListAccessPolicies operation returns a nextToken, you can
+ // include the returned nextToken in subsequent ListAccessPolicies operations,
+ // which returns results in the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Resource filters (can be collection or indexes) that policies can apply to.
+ Resource []*string `locationName:"resource" min:"1" type:"list"`
+
+ // The type of access policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"AccessPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccessPoliciesInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccessPoliciesInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAccessPoliciesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAccessPoliciesInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.Resource != nil && len(s.Resource) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Resource", 1))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAccessPoliciesInput) SetMaxResults(v int64) *ListAccessPoliciesInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccessPoliciesInput) SetNextToken(v string) *ListAccessPoliciesInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetResource sets the Resource field's value.
+func (s *ListAccessPoliciesInput) SetResource(v []*string) *ListAccessPoliciesInput {
+ s.Resource = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *ListAccessPoliciesInput) SetType(v string) *ListAccessPoliciesInput {
+ s.Type = &v
+ return s
+}
+
+type ListAccessPoliciesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the requested access policies.
+ AccessPolicySummaries []*AccessPolicySummary `locationName:"accessPolicySummaries" type:"list"`
+
+ // When nextToken is returned, there are more results available. The value of
+ // nextToken is a unique pagination token for each page. Make the call again
+ // using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccessPoliciesOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccessPoliciesOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessPolicySummaries sets the AccessPolicySummaries field's value.
+func (s *ListAccessPoliciesOutput) SetAccessPolicySummaries(v []*AccessPolicySummary) *ListAccessPoliciesOutput {
+ s.AccessPolicySummaries = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccessPoliciesOutput) SetNextToken(v string) *ListAccessPoliciesOutput {
+ s.NextToken = &v
+ return s
+}
+
+type ListCollectionsInput struct {
+ _ struct{} `type:"structure"`
+
+ // List of filter names and values that you can use for requests.
+ CollectionFilters *CollectionFilters `locationName:"collectionFilters" type:"structure"`
+
+ // The maximum number of results to return. Default is 20. You can use nextToken
+ // to get the next page of results.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // If your initial ListCollections operation returns a nextToken, you can include
+ // the returned nextToken in subsequent ListCollections operations, which returns
+ // results in the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListCollectionsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListCollectionsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListCollectionsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListCollectionsInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.CollectionFilters != nil {
+ if err := s.CollectionFilters.Validate(); err != nil {
+ invalidParams.AddNested("CollectionFilters", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCollectionFilters sets the CollectionFilters field's value.
+func (s *ListCollectionsInput) SetCollectionFilters(v *CollectionFilters) *ListCollectionsInput {
+ s.CollectionFilters = v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListCollectionsInput) SetMaxResults(v int64) *ListCollectionsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListCollectionsInput) SetNextToken(v string) *ListCollectionsInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListCollectionsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about each collection.
+ CollectionSummaries []*CollectionSummary `locationName:"collectionSummaries" type:"list"`
+
+ // When nextToken is returned, there are more results available. The value of
+ // nextToken is a unique pagination token for each page. Make the call again
+ // using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListCollectionsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListCollectionsOutput) GoString() string {
+ return s.String()
+}
+
+// SetCollectionSummaries sets the CollectionSummaries field's value.
+func (s *ListCollectionsOutput) SetCollectionSummaries(v []*CollectionSummary) *ListCollectionsOutput {
+ s.CollectionSummaries = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListCollectionsOutput) SetNextToken(v string) *ListCollectionsOutput {
+ s.NextToken = &v
+ return s
+}
+
+type ListSecurityConfigsInput struct {
+ _ struct{} `type:"structure"`
+
+ // An optional parameter that specifies the maximum number of results to return.
+ // You can use nextToken to get the next page of results. The default is 20.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // If your initial ListSecurityConfigs operation returns a nextToken, you can
+ // include the returned nextToken in subsequent ListSecurityConfigs operations,
+ // which returns results in the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // The type of security configuration.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"SecurityConfigType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityConfigsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityConfigsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListSecurityConfigsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListSecurityConfigsInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListSecurityConfigsInput) SetMaxResults(v int64) *ListSecurityConfigsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSecurityConfigsInput) SetNextToken(v string) *ListSecurityConfigsInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *ListSecurityConfigsInput) SetType(v string) *ListSecurityConfigsInput {
+ s.Type = &v
+ return s
+}
+
+type ListSecurityConfigsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // When nextToken is returned, there are more results available. The value of
+ // nextToken is a unique pagination token for each page. Make the call again
+ // using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Details about the security configurations in your account.
+ SecurityConfigSummaries []*SecurityConfigSummary `locationName:"securityConfigSummaries" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityConfigsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityConfigsOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSecurityConfigsOutput) SetNextToken(v string) *ListSecurityConfigsOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetSecurityConfigSummaries sets the SecurityConfigSummaries field's value.
+func (s *ListSecurityConfigsOutput) SetSecurityConfigSummaries(v []*SecurityConfigSummary) *ListSecurityConfigsOutput {
+ s.SecurityConfigSummaries = v
+ return s
+}
+
+type ListSecurityPoliciesInput struct {
+ _ struct{} `type:"structure"`
+
+ // An optional parameter that specifies the maximum number of results to return.
+ // You can use nextToken to get the next page of results. The default is 20.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // If your initial ListSecurityPolicies operation returns a nextToken, you can
+ // include the returned nextToken in subsequent ListSecurityPolicies operations,
+ // which returns results in the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Resource filters (can be collection or indexes) that policies can apply to.
+ Resource []*string `locationName:"resource" min:"1" type:"list"`
+
+ // The type of policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"SecurityPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityPoliciesInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityPoliciesInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListSecurityPoliciesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListSecurityPoliciesInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.Resource != nil && len(s.Resource) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Resource", 1))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListSecurityPoliciesInput) SetMaxResults(v int64) *ListSecurityPoliciesInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSecurityPoliciesInput) SetNextToken(v string) *ListSecurityPoliciesInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetResource sets the Resource field's value.
+func (s *ListSecurityPoliciesInput) SetResource(v []*string) *ListSecurityPoliciesInput {
+ s.Resource = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *ListSecurityPoliciesInput) SetType(v string) *ListSecurityPoliciesInput {
+ s.Type = &v
+ return s
+}
+
+type ListSecurityPoliciesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // When nextToken is returned, there are more results available. The value of
+ // nextToken is a unique pagination token for each page. Make the call again
+ // using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Details about the security policies in your account.
+ SecurityPolicySummaries []*SecurityPolicySummary `locationName:"securityPolicySummaries" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityPoliciesOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSecurityPoliciesOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSecurityPoliciesOutput) SetNextToken(v string) *ListSecurityPoliciesOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetSecurityPolicySummaries sets the SecurityPolicySummaries field's value.
+func (s *ListSecurityPoliciesOutput) SetSecurityPolicySummaries(v []*SecurityPolicySummary) *ListSecurityPoliciesOutput {
+ s.SecurityPolicySummaries = v
+ return s
+}
+
+type ListTagsForResourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the resource. The resource must be active
+ // (not in the DELETING state), and must be owned by the account ID included
+ // in the request.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListTagsForResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+type ListTagsForResourceOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The tags associated with the resource.
+ Tags []*Tag `locationName:"tags" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceOutput) GoString() string {
+ return s.String()
+}
+
+// SetTags sets the Tags field's value.
+func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
+ s.Tags = v
+ return s
+}
+
+type ListVpcEndpointsInput struct {
+ _ struct{} `type:"structure"`
+
+ // An optional parameter that specifies the maximum number of results to return.
+ // You can use nextToken to get the next page of results. The default is 20.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // If your initial ListVpcEndpoints operation returns a nextToken, you can include
+ // the returned nextToken in subsequent ListVpcEndpoints operations, which returns
+ // results in the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Filter the results according to the current status of the VPC endpoint. Possible
+ // statuses are CREATING, DELETING, UPDATING, ACTIVE, and FAILED.
+ VpcEndpointFilters *VpcEndpointFilters `locationName:"vpcEndpointFilters" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListVpcEndpointsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListVpcEndpointsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListVpcEndpointsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListVpcEndpointsInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListVpcEndpointsInput) SetMaxResults(v int64) *ListVpcEndpointsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListVpcEndpointsInput) SetNextToken(v string) *ListVpcEndpointsInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetVpcEndpointFilters sets the VpcEndpointFilters field's value.
+func (s *ListVpcEndpointsInput) SetVpcEndpointFilters(v *VpcEndpointFilters) *ListVpcEndpointsInput {
+ s.VpcEndpointFilters = v
+ return s
+}
+
+type ListVpcEndpointsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // When nextToken is returned, there are more results available. The value of
+ // nextToken is a unique pagination token for each page. Make the call again
+ // using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Details about each VPC endpoint, including the name and current status.
+ VpcEndpointSummaries []*VpcEndpointSummary `locationName:"vpcEndpointSummaries" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListVpcEndpointsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListVpcEndpointsOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListVpcEndpointsOutput) SetNextToken(v string) *ListVpcEndpointsOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetVpcEndpointSummaries sets the VpcEndpointSummaries field's value.
+func (s *ListVpcEndpointsOutput) SetVpcEndpointSummaries(v []*VpcEndpointSummary) *ListVpcEndpointsOutput {
+ s.VpcEndpointSummaries = v
+ return s
+}
+
+// Thrown when accessing or deleting a resource that does not exist.
+type ResourceNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+ return &ResourceNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ResourceNotFoundException) Code() string {
+ return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *ResourceNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ResourceNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *ResourceNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ResourceNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ResourceNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Describes SAML options for an OpenSearch Serverless security configuration
+// in the form of a key-value map.
+type SamlConfigOptions struct {
+ _ struct{} `type:"structure"`
+
+ // The group attribute for this SAML integration.
+ GroupAttribute *string `locationName:"groupAttribute" min:"1" type:"string"`
+
+ // The XML IdP metadata file generated from your identity provider.
+ //
+ // Metadata is a required field
+ Metadata *string `locationName:"metadata" min:"1" type:"string" required:"true"`
+
+ // The session timeout, in minutes. Minimum is 15 minutes and maximum is 1440
+ // minutes (24 hours or 1 day). Default is 60 minutes.
+ SessionTimeout *int64 `locationName:"sessionTimeout" min:"5" type:"integer"`
+
+ // A user attribute for this SAML integration.
+ UserAttribute *string `locationName:"userAttribute" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SamlConfigOptions) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SamlConfigOptions) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *SamlConfigOptions) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "SamlConfigOptions"}
+ if s.GroupAttribute != nil && len(*s.GroupAttribute) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("GroupAttribute", 1))
+ }
+ if s.Metadata == nil {
+ invalidParams.Add(request.NewErrParamRequired("Metadata"))
+ }
+ if s.Metadata != nil && len(*s.Metadata) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Metadata", 1))
+ }
+ if s.SessionTimeout != nil && *s.SessionTimeout < 5 {
+ invalidParams.Add(request.NewErrParamMinValue("SessionTimeout", 5))
+ }
+ if s.UserAttribute != nil && len(*s.UserAttribute) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("UserAttribute", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetGroupAttribute sets the GroupAttribute field's value.
+func (s *SamlConfigOptions) SetGroupAttribute(v string) *SamlConfigOptions {
+ s.GroupAttribute = &v
+ return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *SamlConfigOptions) SetMetadata(v string) *SamlConfigOptions {
+ s.Metadata = &v
+ return s
+}
+
+// SetSessionTimeout sets the SessionTimeout field's value.
+func (s *SamlConfigOptions) SetSessionTimeout(v int64) *SamlConfigOptions {
+ s.SessionTimeout = &v
+ return s
+}
+
+// SetUserAttribute sets the UserAttribute field's value.
+func (s *SamlConfigOptions) SetUserAttribute(v string) *SamlConfigOptions {
+ s.UserAttribute = &v
+ return s
+}
+
+// Details about a security configuration for OpenSearch Serverless.
+type SecurityConfigDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The version of the security configuration.
+ ConfigVersion *string `locationName:"configVersion" min:"20" type:"string"`
+
+ // The date the configuration was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The description of the security configuration.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The unique identifier of the security configuration.
+ Id *string `locationName:"id" min:"1" type:"string"`
+
+ // The timestamp of when the configuration was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // SAML options for the security configuration in the form of a key-value map.
+ SamlOptions *SamlConfigOptions `locationName:"samlOptions" type:"structure"`
+
+ // The type of security configuration.
+ Type *string `locationName:"type" type:"string" enum:"SecurityConfigType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityConfigDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityConfigDetail) GoString() string {
+ return s.String()
+}
+
+// SetConfigVersion sets the ConfigVersion field's value.
+func (s *SecurityConfigDetail) SetConfigVersion(v string) *SecurityConfigDetail {
+ s.ConfigVersion = &v
+ return s
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *SecurityConfigDetail) SetCreatedDate(v int64) *SecurityConfigDetail {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *SecurityConfigDetail) SetDescription(v string) *SecurityConfigDetail {
+ s.Description = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *SecurityConfigDetail) SetId(v string) *SecurityConfigDetail {
+ s.Id = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *SecurityConfigDetail) SetLastModifiedDate(v int64) *SecurityConfigDetail {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetSamlOptions sets the SamlOptions field's value.
+func (s *SecurityConfigDetail) SetSamlOptions(v *SamlConfigOptions) *SecurityConfigDetail {
+ s.SamlOptions = v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *SecurityConfigDetail) SetType(v string) *SecurityConfigDetail {
+ s.Type = &v
+ return s
+}
+
+// Statistics for an OpenSearch Serverless security configuration.
+type SecurityConfigStats struct {
+ _ struct{} `type:"structure"`
+
+ // The number of security configurations in the current account.
+ SamlConfigCount *int64 `type:"long"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityConfigStats) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityConfigStats) GoString() string {
+ return s.String()
+}
+
+// SetSamlConfigCount sets the SamlConfigCount field's value.
+func (s *SecurityConfigStats) SetSamlConfigCount(v int64) *SecurityConfigStats {
+ s.SamlConfigCount = &v
+ return s
+}
+
+// A summary of a security configuration for OpenSearch Serverless.
+type SecurityConfigSummary struct {
+ _ struct{} `type:"structure"`
+
+ // The version of the security configuration.
+ ConfigVersion *string `locationName:"configVersion" min:"20" type:"string"`
+
+ // The Epoch time when the security configuration was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The description of the security configuration.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The unique identifier of the security configuration.
+ Id *string `locationName:"id" min:"1" type:"string"`
+
+ // The timestamp of when the configuration was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The type of security configuration.
+ Type *string `locationName:"type" type:"string" enum:"SecurityConfigType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityConfigSummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityConfigSummary) GoString() string {
+ return s.String()
+}
+
+// SetConfigVersion sets the ConfigVersion field's value.
+func (s *SecurityConfigSummary) SetConfigVersion(v string) *SecurityConfigSummary {
+ s.ConfigVersion = &v
+ return s
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *SecurityConfigSummary) SetCreatedDate(v int64) *SecurityConfigSummary {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *SecurityConfigSummary) SetDescription(v string) *SecurityConfigSummary {
+ s.Description = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *SecurityConfigSummary) SetId(v string) *SecurityConfigSummary {
+ s.Id = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *SecurityConfigSummary) SetLastModifiedDate(v int64) *SecurityConfigSummary {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *SecurityConfigSummary) SetType(v string) *SecurityConfigSummary {
+ s.Type = &v
+ return s
+}
+
+// Details about an OpenSearch Serverless security policy.
+type SecurityPolicyDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The date the policy was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The description of the security policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The timestamp of when the policy was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the policy.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The version of the policy.
+ PolicyVersion *string `locationName:"policyVersion" min:"20" type:"string"`
+
+ // The type of security policy.
+ Type *string `locationName:"type" type:"string" enum:"SecurityPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityPolicyDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityPolicyDetail) GoString() string {
+ return s.String()
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *SecurityPolicyDetail) SetCreatedDate(v int64) *SecurityPolicyDetail {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *SecurityPolicyDetail) SetDescription(v string) *SecurityPolicyDetail {
+ s.Description = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *SecurityPolicyDetail) SetLastModifiedDate(v int64) *SecurityPolicyDetail {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *SecurityPolicyDetail) SetName(v string) *SecurityPolicyDetail {
+ s.Name = &v
+ return s
+}
+
+// SetPolicyVersion sets the PolicyVersion field's value.
+func (s *SecurityPolicyDetail) SetPolicyVersion(v string) *SecurityPolicyDetail {
+ s.PolicyVersion = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *SecurityPolicyDetail) SetType(v string) *SecurityPolicyDetail {
+ s.Type = &v
+ return s
+}
+
+// Statistics for an OpenSearch Serverless security policy.
+type SecurityPolicyStats struct {
+ _ struct{} `type:"structure"`
+
+ // The number of encryption policies in the current account.
+ EncryptionPolicyCount *int64 `type:"long"`
+
+ // The number of network policies in the current account.
+ NetworkPolicyCount *int64 `type:"long"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityPolicyStats) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityPolicyStats) GoString() string {
+ return s.String()
+}
+
+// SetEncryptionPolicyCount sets the EncryptionPolicyCount field's value.
+func (s *SecurityPolicyStats) SetEncryptionPolicyCount(v int64) *SecurityPolicyStats {
+ s.EncryptionPolicyCount = &v
+ return s
+}
+
+// SetNetworkPolicyCount sets the NetworkPolicyCount field's value.
+func (s *SecurityPolicyStats) SetNetworkPolicyCount(v int64) *SecurityPolicyStats {
+ s.NetworkPolicyCount = &v
+ return s
+}
+
+// A summary of a security policy for OpenSearch Serverless.
+type SecurityPolicySummary struct {
+ _ struct{} `type:"structure"`
+
+ // The date the policy was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The description of the security policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The timestamp of when the policy was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the policy.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The version of the policy.
+ PolicyVersion *string `locationName:"policyVersion" min:"20" type:"string"`
+
+ // The type of security policy.
+ Type *string `locationName:"type" type:"string" enum:"SecurityPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityPolicySummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SecurityPolicySummary) GoString() string {
+ return s.String()
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *SecurityPolicySummary) SetCreatedDate(v int64) *SecurityPolicySummary {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *SecurityPolicySummary) SetDescription(v string) *SecurityPolicySummary {
+ s.Description = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *SecurityPolicySummary) SetLastModifiedDate(v int64) *SecurityPolicySummary {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *SecurityPolicySummary) SetName(v string) *SecurityPolicySummary {
+ s.Name = &v
+ return s
+}
+
+// SetPolicyVersion sets the PolicyVersion field's value.
+func (s *SecurityPolicySummary) SetPolicyVersion(v string) *SecurityPolicySummary {
+ s.PolicyVersion = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *SecurityPolicySummary) SetType(v string) *SecurityPolicySummary {
+ s.Type = &v
+ return s
+}
+
+// A map of key-value pairs associated to an OpenSearch Serverless resource.
+type Tag struct {
+ _ struct{} `type:"structure"`
+
+ // The key to use in the tag.
+ //
+ // Key is a required field
+ Key *string `locationName:"key" min:"1" type:"string" required:"true"`
+
+ // The value of the tag.
+ //
+ // Value is a required field
+ Value *string `locationName:"value" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "Tag"}
+ if s.Key == nil {
+ invalidParams.Add(request.NewErrParamRequired("Key"))
+ }
+ if s.Key != nil && len(*s.Key) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+ }
+ if s.Value == nil {
+ invalidParams.Add(request.NewErrParamRequired("Value"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+ s.Key = &v
+ return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+ s.Value = &v
+ return s
+}
+
+type TagResourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the resource. The resource must be active
+ // (not in the DELETING state), and must be owned by the account ID included
+ // in the request.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"`
+
+ // A list of tags (key-value pairs) to add to the resource. All tag keys in
+ // the request must be unique.
+ //
+ // Tags is a required field
+ Tags []*Tag `locationName:"tags" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TagResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+ if s.Tags == nil {
+ invalidParams.Add(request.NewErrParamRequired("Tags"))
+ }
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
+ s.Tags = v
+ return s
+}
+
+type TagResourceOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceOutput) GoString() string {
+ return s.String()
+}
+
+type UntagResourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the resource to remove tags from. The resource
+ // must be active (not in the DELETING state), and must be owned by the account
+ // ID included in the request.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"`
+
+ // The tag or set of tags to remove from the resource. All tag keys in the request
+ // must be unique.
+ //
+ // TagKeys is a required field
+ TagKeys []*string `locationName:"tagKeys" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UntagResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+ if s.TagKeys == nil {
+ invalidParams.Add(request.NewErrParamRequired("TagKeys"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetTagKeys sets the TagKeys field's value.
+func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
+ s.TagKeys = v
+ return s
+}
+
+type UntagResourceOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceOutput) GoString() string {
+ return s.String()
+}
+
+type UpdateAccessPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // A description of the policy. Typically used to store information about the
+ // permissions defined in the policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The name of the policy.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The JSON policy document to use as the content for the policy.
+ Policy *string `locationName:"policy" min:"1" type:"string"`
+
+ // The version of the policy being updated.
+ //
+ // PolicyVersion is a required field
+ PolicyVersion *string `locationName:"policyVersion" min:"20" type:"string" required:"true"`
+
+ // The type of policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"AccessPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateAccessPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateAccessPolicyInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Description != nil && len(*s.Description) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Description", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.PolicyVersion == nil {
+ invalidParams.Add(request.NewErrParamRequired("PolicyVersion"))
+ }
+ if s.PolicyVersion != nil && len(*s.PolicyVersion) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("PolicyVersion", 20))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *UpdateAccessPolicyInput) SetClientToken(v string) *UpdateAccessPolicyInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *UpdateAccessPolicyInput) SetDescription(v string) *UpdateAccessPolicyInput {
+ s.Description = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *UpdateAccessPolicyInput) SetName(v string) *UpdateAccessPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *UpdateAccessPolicyInput) SetPolicy(v string) *UpdateAccessPolicyInput {
+ s.Policy = &v
+ return s
+}
+
+// SetPolicyVersion sets the PolicyVersion field's value.
+func (s *UpdateAccessPolicyInput) SetPolicyVersion(v string) *UpdateAccessPolicyInput {
+ s.PolicyVersion = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *UpdateAccessPolicyInput) SetType(v string) *UpdateAccessPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type UpdateAccessPolicyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the updated access policy.
+ AccessPolicyDetail *AccessPolicyDetail `locationName:"accessPolicyDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccessPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessPolicyDetail sets the AccessPolicyDetail field's value.
+func (s *UpdateAccessPolicyOutput) SetAccessPolicyDetail(v *AccessPolicyDetail) *UpdateAccessPolicyOutput {
+ s.AccessPolicyDetail = v
+ return s
+}
+
+type UpdateAccountSettingsInput struct {
+ _ struct{} `type:"structure"`
+
+ // The maximum capacity limits for all OpenSearch Serverless collections, in
+ // OpenSearch Compute Units (OCUs). These limits are used to scale your collections
+ // based on the current workload. For more information, see Autoscaling (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-scaling).
+ CapacityLimits *CapacityLimits `locationName:"capacityLimits" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccountSettingsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccountSettingsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateAccountSettingsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateAccountSettingsInput"}
+ if s.CapacityLimits != nil {
+ if err := s.CapacityLimits.Validate(); err != nil {
+ invalidParams.AddNested("CapacityLimits", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCapacityLimits sets the CapacityLimits field's value.
+func (s *UpdateAccountSettingsInput) SetCapacityLimits(v *CapacityLimits) *UpdateAccountSettingsInput {
+ s.CapacityLimits = v
+ return s
+}
+
+type UpdateAccountSettingsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // OpenSearch Serverless-related settings for the current Amazon Web Services
+ // account.
+ AccountSettingsDetail *AccountSettingsDetail `locationName:"accountSettingsDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccountSettingsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateAccountSettingsOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccountSettingsDetail sets the AccountSettingsDetail field's value.
+func (s *UpdateAccountSettingsOutput) SetAccountSettingsDetail(v *AccountSettingsDetail) *UpdateAccountSettingsOutput {
+ s.AccountSettingsDetail = v
+ return s
+}
+
+// Details about an updated OpenSearch Serverless collection.
+type UpdateCollectionDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the collection.
+ Arn *string `locationName:"arn" type:"string"`
+
+ // The date and time when the collection was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The description of the collection.
+ Description *string `locationName:"description" type:"string"`
+
+ // The unique identifier of the collection.
+ Id *string `locationName:"id" min:"3" type:"string"`
+
+ // The date and time when the collection was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the collection.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the collection.
+ Status *string `locationName:"status" type:"string" enum:"CollectionStatus"`
+
+ // The collection type.
+ Type *string `locationName:"type" type:"string" enum:"CollectionType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateCollectionDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateCollectionDetail) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *UpdateCollectionDetail) SetArn(v string) *UpdateCollectionDetail {
+ s.Arn = &v
+ return s
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *UpdateCollectionDetail) SetCreatedDate(v int64) *UpdateCollectionDetail {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *UpdateCollectionDetail) SetDescription(v string) *UpdateCollectionDetail {
+ s.Description = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *UpdateCollectionDetail) SetId(v string) *UpdateCollectionDetail {
+ s.Id = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *UpdateCollectionDetail) SetLastModifiedDate(v int64) *UpdateCollectionDetail {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *UpdateCollectionDetail) SetName(v string) *UpdateCollectionDetail {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *UpdateCollectionDetail) SetStatus(v string) *UpdateCollectionDetail {
+ s.Status = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *UpdateCollectionDetail) SetType(v string) *UpdateCollectionDetail {
+ s.Type = &v
+ return s
+}
+
+type UpdateCollectionInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // A description of the collection.
+ Description *string `locationName:"description" type:"string"`
+
+ // The unique identifier of the collection.
+ //
+ // Id is a required field
+ Id *string `locationName:"id" min:"3" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateCollectionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateCollectionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateCollectionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateCollectionInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 3))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *UpdateCollectionInput) SetClientToken(v string) *UpdateCollectionInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *UpdateCollectionInput) SetDescription(v string) *UpdateCollectionInput {
+ s.Description = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *UpdateCollectionInput) SetId(v string) *UpdateCollectionInput {
+ s.Id = &v
+ return s
+}
+
+type UpdateCollectionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the updated collection.
+ UpdateCollectionDetail *UpdateCollectionDetail `locationName:"updateCollectionDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateCollectionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateCollectionOutput) GoString() string {
+ return s.String()
+}
+
+// SetUpdateCollectionDetail sets the UpdateCollectionDetail field's value.
+func (s *UpdateCollectionOutput) SetUpdateCollectionDetail(v *UpdateCollectionDetail) *UpdateCollectionOutput {
+ s.UpdateCollectionDetail = v
+ return s
+}
+
+type UpdateSecurityConfigInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The version of the security configuration to be updated. You can find the
+ // most recent version of a security configuration using the GetSecurityPolicy
+ // command.
+ //
+ // ConfigVersion is a required field
+ ConfigVersion *string `locationName:"configVersion" min:"20" type:"string" required:"true"`
+
+ // A description of the security configuration.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The security configuration identifier. For SAML the ID will be saml//.
+ // For example, saml/123456789123/OKTADev.
+ //
+ // Id is a required field
+ Id *string `locationName:"id" min:"1" type:"string" required:"true"`
+
+ // SAML options in in the form of a key-value map.
+ SamlOptions *SamlConfigOptions `locationName:"samlOptions" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityConfigInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityConfigInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateSecurityConfigInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityConfigInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.ConfigVersion == nil {
+ invalidParams.Add(request.NewErrParamRequired("ConfigVersion"))
+ }
+ if s.ConfigVersion != nil && len(*s.ConfigVersion) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("ConfigVersion", 20))
+ }
+ if s.Description != nil && len(*s.Description) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Description", 1))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+ if s.SamlOptions != nil {
+ if err := s.SamlOptions.Validate(); err != nil {
+ invalidParams.AddNested("SamlOptions", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *UpdateSecurityConfigInput) SetClientToken(v string) *UpdateSecurityConfigInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetConfigVersion sets the ConfigVersion field's value.
+func (s *UpdateSecurityConfigInput) SetConfigVersion(v string) *UpdateSecurityConfigInput {
+ s.ConfigVersion = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *UpdateSecurityConfigInput) SetDescription(v string) *UpdateSecurityConfigInput {
+ s.Description = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *UpdateSecurityConfigInput) SetId(v string) *UpdateSecurityConfigInput {
+ s.Id = &v
+ return s
+}
+
+// SetSamlOptions sets the SamlOptions field's value.
+func (s *UpdateSecurityConfigInput) SetSamlOptions(v *SamlConfigOptions) *UpdateSecurityConfigInput {
+ s.SamlOptions = v
+ return s
+}
+
+type UpdateSecurityConfigOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the updated security configuration.
+ SecurityConfigDetail *SecurityConfigDetail `locationName:"securityConfigDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityConfigOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityConfigOutput) GoString() string {
+ return s.String()
+}
+
+// SetSecurityConfigDetail sets the SecurityConfigDetail field's value.
+func (s *UpdateSecurityConfigOutput) SetSecurityConfigDetail(v *SecurityConfigDetail) *UpdateSecurityConfigOutput {
+ s.SecurityConfigDetail = v
+ return s
+}
+
+type UpdateSecurityPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // A description of the policy. Typically used to store information about the
+ // permissions defined in the policy.
+ Description *string `locationName:"description" min:"1" type:"string"`
+
+ // The name of the policy.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"3" type:"string" required:"true"`
+
+ // The JSON policy document to use as the content for the new policy.
+ Policy *string `locationName:"policy" min:"1" type:"string"`
+
+ // The version of the policy being updated.
+ //
+ // PolicyVersion is a required field
+ PolicyVersion *string `locationName:"policyVersion" min:"20" type:"string" required:"true"`
+
+ // The type of access policy.
+ //
+ // Type is a required field
+ Type *string `locationName:"type" type:"string" required:"true" enum:"SecurityPolicyType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateSecurityPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityPolicyInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Description != nil && len(*s.Description) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Description", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 3))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.PolicyVersion == nil {
+ invalidParams.Add(request.NewErrParamRequired("PolicyVersion"))
+ }
+ if s.PolicyVersion != nil && len(*s.PolicyVersion) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("PolicyVersion", 20))
+ }
+ if s.Type == nil {
+ invalidParams.Add(request.NewErrParamRequired("Type"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *UpdateSecurityPolicyInput) SetClientToken(v string) *UpdateSecurityPolicyInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *UpdateSecurityPolicyInput) SetDescription(v string) *UpdateSecurityPolicyInput {
+ s.Description = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *UpdateSecurityPolicyInput) SetName(v string) *UpdateSecurityPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *UpdateSecurityPolicyInput) SetPolicy(v string) *UpdateSecurityPolicyInput {
+ s.Policy = &v
+ return s
+}
+
+// SetPolicyVersion sets the PolicyVersion field's value.
+func (s *UpdateSecurityPolicyInput) SetPolicyVersion(v string) *UpdateSecurityPolicyInput {
+ s.PolicyVersion = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *UpdateSecurityPolicyInput) SetType(v string) *UpdateSecurityPolicyInput {
+ s.Type = &v
+ return s
+}
+
+type UpdateSecurityPolicyOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the updated security policy.
+ SecurityPolicyDetail *SecurityPolicyDetail `locationName:"securityPolicyDetail" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityPolicyOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSecurityPolicyOutput) GoString() string {
+ return s.String()
+}
+
+// SetSecurityPolicyDetail sets the SecurityPolicyDetail field's value.
+func (s *UpdateSecurityPolicyOutput) SetSecurityPolicyDetail(v *SecurityPolicyDetail) *UpdateSecurityPolicyOutput {
+ s.SecurityPolicyDetail = v
+ return s
+}
+
+// Update details for an OpenSearch Serverless-managed interface endpoint.
+type UpdateVpcEndpointDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier of the endpoint.
+ Id *string `locationName:"id" min:"1" type:"string"`
+
+ // The timestamp of when the endpoint was last modified.
+ LastModifiedDate *int64 `locationName:"lastModifiedDate" type:"long"`
+
+ // The name of the endpoint.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The unique identifiers of the security groups that define the ports, protocols,
+ // and sources for inbound traffic that you are authorizing into your endpoint.
+ SecurityGroupIds []*string `locationName:"securityGroupIds" min:"1" type:"list"`
+
+ // The current status of the endpoint update process.
+ Status *string `locationName:"status" type:"string" enum:"VpcEndpointStatus"`
+
+ // The ID of the subnets from which you access OpenSearch Serverless.
+ SubnetIds []*string `locationName:"subnetIds" min:"1" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateVpcEndpointDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateVpcEndpointDetail) GoString() string {
+ return s.String()
+}
+
+// SetId sets the Id field's value.
+func (s *UpdateVpcEndpointDetail) SetId(v string) *UpdateVpcEndpointDetail {
+ s.Id = &v
+ return s
+}
+
+// SetLastModifiedDate sets the LastModifiedDate field's value.
+func (s *UpdateVpcEndpointDetail) SetLastModifiedDate(v int64) *UpdateVpcEndpointDetail {
+ s.LastModifiedDate = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *UpdateVpcEndpointDetail) SetName(v string) *UpdateVpcEndpointDetail {
+ s.Name = &v
+ return s
+}
+
+// SetSecurityGroupIds sets the SecurityGroupIds field's value.
+func (s *UpdateVpcEndpointDetail) SetSecurityGroupIds(v []*string) *UpdateVpcEndpointDetail {
+ s.SecurityGroupIds = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *UpdateVpcEndpointDetail) SetStatus(v string) *UpdateVpcEndpointDetail {
+ s.Status = &v
+ return s
+}
+
+// SetSubnetIds sets the SubnetIds field's value.
+func (s *UpdateVpcEndpointDetail) SetSubnetIds(v []*string) *UpdateVpcEndpointDetail {
+ s.SubnetIds = v
+ return s
+}
+
+type UpdateVpcEndpointInput struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifiers of the security groups to add to the endpoint. Security
+ // groups define the ports, protocols, and sources for inbound traffic that
+ // you are authorizing into your endpoint.
+ AddSecurityGroupIds []*string `locationName:"addSecurityGroupIds" min:"1" type:"list"`
+
+ // The ID of one or more subnets to add to the endpoint.
+ AddSubnetIds []*string `locationName:"addSubnetIds" min:"1" type:"list"`
+
+ // Unique, case-sensitive identifier to ensure idempotency of the request.
+ ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`
+
+ // The unique identifier of the interface endpoint to update.
+ //
+ // Id is a required field
+ Id *string `locationName:"id" min:"1" type:"string" required:"true"`
+
+ // The unique identifiers of the security groups to remove from the endpoint.
+ RemoveSecurityGroupIds []*string `locationName:"removeSecurityGroupIds" min:"1" type:"list"`
+
+ // The unique identifiers of the subnets to remove from the endpoint.
+ RemoveSubnetIds []*string `locationName:"removeSubnetIds" min:"1" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateVpcEndpointInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateVpcEndpointInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateVpcEndpointInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateVpcEndpointInput"}
+ if s.AddSecurityGroupIds != nil && len(s.AddSecurityGroupIds) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("AddSecurityGroupIds", 1))
+ }
+ if s.AddSubnetIds != nil && len(s.AddSubnetIds) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("AddSubnetIds", 1))
+ }
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+ if s.RemoveSecurityGroupIds != nil && len(s.RemoveSecurityGroupIds) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("RemoveSecurityGroupIds", 1))
+ }
+ if s.RemoveSubnetIds != nil && len(s.RemoveSubnetIds) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("RemoveSubnetIds", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAddSecurityGroupIds sets the AddSecurityGroupIds field's value.
+func (s *UpdateVpcEndpointInput) SetAddSecurityGroupIds(v []*string) *UpdateVpcEndpointInput {
+ s.AddSecurityGroupIds = v
+ return s
+}
+
+// SetAddSubnetIds sets the AddSubnetIds field's value.
+func (s *UpdateVpcEndpointInput) SetAddSubnetIds(v []*string) *UpdateVpcEndpointInput {
+ s.AddSubnetIds = v
+ return s
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *UpdateVpcEndpointInput) SetClientToken(v string) *UpdateVpcEndpointInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *UpdateVpcEndpointInput) SetId(v string) *UpdateVpcEndpointInput {
+ s.Id = &v
+ return s
+}
+
+// SetRemoveSecurityGroupIds sets the RemoveSecurityGroupIds field's value.
+func (s *UpdateVpcEndpointInput) SetRemoveSecurityGroupIds(v []*string) *UpdateVpcEndpointInput {
+ s.RemoveSecurityGroupIds = v
+ return s
+}
+
+// SetRemoveSubnetIds sets the RemoveSubnetIds field's value.
+func (s *UpdateVpcEndpointInput) SetRemoveSubnetIds(v []*string) *UpdateVpcEndpointInput {
+ s.RemoveSubnetIds = v
+ return s
+}
+
+type UpdateVpcEndpointOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Details about the updated VPC endpoint.
+ UpdateVpcEndpointDetail *UpdateVpcEndpointDetail `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateVpcEndpointOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateVpcEndpointOutput) GoString() string {
+ return s.String()
+}
+
+// SetUpdateVpcEndpointDetail sets the UpdateVpcEndpointDetail field's value.
+func (s *UpdateVpcEndpointOutput) SetUpdateVpcEndpointDetail(v *UpdateVpcEndpointDetail) *UpdateVpcEndpointOutput {
+ s.UpdateVpcEndpointDetail = v
+ return s
+}
+
+// Thrown when the HTTP request contains invalid input or is missing required
+// input.
+type ValidationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) GoString() string {
+ return s.String()
+}
+
+func newErrorValidationException(v protocol.ResponseMetadata) error {
+ return &ValidationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ValidationException) Code() string {
+ return "ValidationException"
+}
+
+// Message returns the exception's message.
+func (s *ValidationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ValidationException) OrigErr() error {
+ return nil
+}
+
+func (s *ValidationException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ValidationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ValidationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Details about an OpenSearch Serverless-managed interface endpoint.
+type VpcEndpointDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The date the endpoint was created.
+ CreatedDate *int64 `locationName:"createdDate" type:"long"`
+
+ // The unique identifier of the endpoint.
+ Id *string `locationName:"id" min:"1" type:"string"`
+
+ // The name of the endpoint.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The unique identifiers of the security groups that define the ports, protocols,
+ // and sources for inbound traffic that you are authorizing into your endpoint.
+ SecurityGroupIds []*string `locationName:"securityGroupIds" min:"1" type:"list"`
+
+ // The current status of the endpoint.
+ Status *string `locationName:"status" type:"string" enum:"VpcEndpointStatus"`
+
+ // The ID of the subnets from which you access OpenSearch Serverless.
+ SubnetIds []*string `locationName:"subnetIds" min:"1" type:"list"`
+
+ // The ID of the VPC from which you access OpenSearch Serverless
+ VpcId *string `locationName:"vpcId" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointDetail) GoString() string {
+ return s.String()
+}
+
+// SetCreatedDate sets the CreatedDate field's value.
+func (s *VpcEndpointDetail) SetCreatedDate(v int64) *VpcEndpointDetail {
+ s.CreatedDate = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *VpcEndpointDetail) SetId(v string) *VpcEndpointDetail {
+ s.Id = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *VpcEndpointDetail) SetName(v string) *VpcEndpointDetail {
+ s.Name = &v
+ return s
+}
+
+// SetSecurityGroupIds sets the SecurityGroupIds field's value.
+func (s *VpcEndpointDetail) SetSecurityGroupIds(v []*string) *VpcEndpointDetail {
+ s.SecurityGroupIds = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *VpcEndpointDetail) SetStatus(v string) *VpcEndpointDetail {
+ s.Status = &v
+ return s
+}
+
+// SetSubnetIds sets the SubnetIds field's value.
+func (s *VpcEndpointDetail) SetSubnetIds(v []*string) *VpcEndpointDetail {
+ s.SubnetIds = v
+ return s
+}
+
+// SetVpcId sets the VpcId field's value.
+func (s *VpcEndpointDetail) SetVpcId(v string) *VpcEndpointDetail {
+ s.VpcId = &v
+ return s
+}
+
+// Error information for a failed BatchGetVpcEndpoint request.
+type VpcEndpointErrorDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The error code for the failed request.
+ ErrorCode *string `locationName:"errorCode" type:"string"`
+
+ // An error message describing the reason for the failure.
+ ErrorMessage *string `locationName:"errorMessage" type:"string"`
+
+ // The unique identifier of the VPC endpoint.
+ Id *string `locationName:"id" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointErrorDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointErrorDetail) GoString() string {
+ return s.String()
+}
+
+// SetErrorCode sets the ErrorCode field's value.
+func (s *VpcEndpointErrorDetail) SetErrorCode(v string) *VpcEndpointErrorDetail {
+ s.ErrorCode = &v
+ return s
+}
+
+// SetErrorMessage sets the ErrorMessage field's value.
+func (s *VpcEndpointErrorDetail) SetErrorMessage(v string) *VpcEndpointErrorDetail {
+ s.ErrorMessage = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *VpcEndpointErrorDetail) SetId(v string) *VpcEndpointErrorDetail {
+ s.Id = &v
+ return s
+}
+
+// Filter the results of a ListVpcEndpoints request.
+type VpcEndpointFilters struct {
+ _ struct{} `type:"structure"`
+
+ // The current status of the endpoint.
+ Status *string `locationName:"status" type:"string" enum:"VpcEndpointStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointFilters) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointFilters) GoString() string {
+ return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *VpcEndpointFilters) SetStatus(v string) *VpcEndpointFilters {
+ s.Status = &v
+ return s
+}
+
+// The VPC endpoint object.
+type VpcEndpointSummary struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier of the endpoint.
+ Id *string `locationName:"id" min:"1" type:"string"`
+
+ // The name of the endpoint.
+ Name *string `locationName:"name" min:"3" type:"string"`
+
+ // The current status of the endpoint.
+ Status *string `locationName:"status" type:"string" enum:"VpcEndpointStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointSummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VpcEndpointSummary) GoString() string {
+ return s.String()
+}
+
+// SetId sets the Id field's value.
+func (s *VpcEndpointSummary) SetId(v string) *VpcEndpointSummary {
+ s.Id = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *VpcEndpointSummary) SetName(v string) *VpcEndpointSummary {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *VpcEndpointSummary) SetStatus(v string) *VpcEndpointSummary {
+ s.Status = &v
+ return s
+}
+
+const (
+ // AccessPolicyTypeData is a AccessPolicyType enum value
+ AccessPolicyTypeData = "data"
+)
+
+// AccessPolicyType_Values returns all elements of the AccessPolicyType enum
+func AccessPolicyType_Values() []string {
+ return []string{
+ AccessPolicyTypeData,
+ }
+}
+
+const (
+ // CollectionStatusCreating is a CollectionStatus enum value
+ CollectionStatusCreating = "CREATING"
+
+ // CollectionStatusDeleting is a CollectionStatus enum value
+ CollectionStatusDeleting = "DELETING"
+
+ // CollectionStatusActive is a CollectionStatus enum value
+ CollectionStatusActive = "ACTIVE"
+
+ // CollectionStatusFailed is a CollectionStatus enum value
+ CollectionStatusFailed = "FAILED"
+)
+
+// CollectionStatus_Values returns all elements of the CollectionStatus enum
+func CollectionStatus_Values() []string {
+ return []string{
+ CollectionStatusCreating,
+ CollectionStatusDeleting,
+ CollectionStatusActive,
+ CollectionStatusFailed,
+ }
+}
+
+const (
+ // CollectionTypeSearch is a CollectionType enum value
+ CollectionTypeSearch = "SEARCH"
+
+ // CollectionTypeTimeseries is a CollectionType enum value
+ CollectionTypeTimeseries = "TIMESERIES"
+)
+
+// CollectionType_Values returns all elements of the CollectionType enum
+func CollectionType_Values() []string {
+ return []string{
+ CollectionTypeSearch,
+ CollectionTypeTimeseries,
+ }
+}
+
+const (
+ // SecurityConfigTypeSaml is a SecurityConfigType enum value
+ SecurityConfigTypeSaml = "saml"
+)
+
+// SecurityConfigType_Values returns all elements of the SecurityConfigType enum
+func SecurityConfigType_Values() []string {
+ return []string{
+ SecurityConfigTypeSaml,
+ }
+}
+
+const (
+ // SecurityPolicyTypeEncryption is a SecurityPolicyType enum value
+ SecurityPolicyTypeEncryption = "encryption"
+
+ // SecurityPolicyTypeNetwork is a SecurityPolicyType enum value
+ SecurityPolicyTypeNetwork = "network"
+)
+
+// SecurityPolicyType_Values returns all elements of the SecurityPolicyType enum
+func SecurityPolicyType_Values() []string {
+ return []string{
+ SecurityPolicyTypeEncryption,
+ SecurityPolicyTypeNetwork,
+ }
+}
+
+const (
+ // VpcEndpointStatusPending is a VpcEndpointStatus enum value
+ VpcEndpointStatusPending = "PENDING"
+
+ // VpcEndpointStatusDeleting is a VpcEndpointStatus enum value
+ VpcEndpointStatusDeleting = "DELETING"
+
+ // VpcEndpointStatusActive is a VpcEndpointStatus enum value
+ VpcEndpointStatusActive = "ACTIVE"
+
+ // VpcEndpointStatusFailed is a VpcEndpointStatus enum value
+ VpcEndpointStatusFailed = "FAILED"
+)
+
+// VpcEndpointStatus_Values returns all elements of the VpcEndpointStatus enum
+func VpcEndpointStatus_Values() []string {
+ return []string{
+ VpcEndpointStatusPending,
+ VpcEndpointStatusDeleting,
+ VpcEndpointStatusActive,
+ VpcEndpointStatusFailed,
+ }
+}
diff --git a/service/opensearchserverless/doc.go b/service/opensearchserverless/doc.go
new file mode 100644
index 0000000000..d01a984337
--- /dev/null
+++ b/service/opensearchserverless/doc.go
@@ -0,0 +1,38 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package opensearchserverless provides the client and types for making API
+// requests to OpenSearch Service Serverless.
+//
+// Use the Amazon OpenSearch Serverless API to create, configure, and manage
+// OpenSearch Serverless collections and security policies.
+//
+// OpenSearch Serverless is an on-demand, pre-provisioned serverless configuration
+// for Amazon OpenSearch Service. OpenSearch Serverless removes the operational
+// complexities of provisioning, configuring, and tuning your OpenSearch clusters.
+// It enables you to easily search and analyze petabytes of data without having
+// to worry about the underlying infrastructure and data management.
+//
+// To learn more about OpenSearch Serverless, see What is Amazon OpenSearch
+// Serverless? (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html)
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01 for more information on this service.
+//
+// See opensearchserverless package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/opensearchserverless/
+//
+// # Using the Client
+//
+// To contact OpenSearch Service Serverless with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the OpenSearch Service Serverless client OpenSearchServerless for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/opensearchserverless/#New
+package opensearchserverless
diff --git a/service/opensearchserverless/errors.go b/service/opensearchserverless/errors.go
new file mode 100644
index 0000000000..5afed277ce
--- /dev/null
+++ b/service/opensearchserverless/errors.go
@@ -0,0 +1,44 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package opensearchserverless
+
+import (
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+
+ // ErrCodeConflictException for service response error code
+ // "ConflictException".
+ //
+ // When creating a collection, thrown when a collection with the same name already
+ // exists or is being created. When deleting a collection, thrown when the collection
+ // is not in the ACTIVE or FAILED state.
+ ErrCodeConflictException = "ConflictException"
+
+ // ErrCodeInternalServerException for service response error code
+ // "InternalServerException".
+ //
+ // Thrown when an error internal to the service occurs while processing a request.
+ ErrCodeInternalServerException = "InternalServerException"
+
+ // ErrCodeResourceNotFoundException for service response error code
+ // "ResourceNotFoundException".
+ //
+ // Thrown when accessing or deleting a resource that does not exist.
+ ErrCodeResourceNotFoundException = "ResourceNotFoundException"
+
+ // ErrCodeValidationException for service response error code
+ // "ValidationException".
+ //
+ // Thrown when the HTTP request contains invalid input or is missing required
+ // input.
+ ErrCodeValidationException = "ValidationException"
+)
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+ "ConflictException": newErrorConflictException,
+ "InternalServerException": newErrorInternalServerException,
+ "ResourceNotFoundException": newErrorResourceNotFoundException,
+ "ValidationException": newErrorValidationException,
+}
diff --git a/service/opensearchserverless/opensearchserverlessiface/interface.go b/service/opensearchserverless/opensearchserverlessiface/interface.go
new file mode 100644
index 0000000000..ebd07cbd8d
--- /dev/null
+++ b/service/opensearchserverless/opensearchserverlessiface/interface.go
@@ -0,0 +1,203 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package opensearchserverlessiface provides an interface to enable mocking the OpenSearch Service Serverless service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package opensearchserverlessiface
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/service/opensearchserverless"
+)
+
+// OpenSearchServerlessAPI provides an interface to enable mocking the
+// opensearchserverless.OpenSearchServerless service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+// // myFunc uses an SDK service client to make a request to
+// // OpenSearch Service Serverless.
+// func myFunc(svc opensearchserverlessiface.OpenSearchServerlessAPI) bool {
+// // Make svc.BatchGetCollection request
+// }
+//
+// func main() {
+// sess := session.New()
+// svc := opensearchserverless.New(sess)
+//
+// myFunc(svc)
+// }
+//
+// In your _test.go file:
+//
+// // Define a mock struct to be used in your unit tests of myFunc.
+// type mockOpenSearchServerlessClient struct {
+// opensearchserverlessiface.OpenSearchServerlessAPI
+// }
+// func (m *mockOpenSearchServerlessClient) BatchGetCollection(input *opensearchserverless.BatchGetCollectionInput) (*opensearchserverless.BatchGetCollectionOutput, error) {
+// // mock response/functionality
+// }
+//
+// func TestMyFunc(t *testing.T) {
+// // Setup Test
+// mockSvc := &mockOpenSearchServerlessClient{}
+//
+// myfunc(mockSvc)
+//
+// // Verify myFunc's functionality
+// }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type OpenSearchServerlessAPI interface {
+ BatchGetCollection(*opensearchserverless.BatchGetCollectionInput) (*opensearchserverless.BatchGetCollectionOutput, error)
+ BatchGetCollectionWithContext(aws.Context, *opensearchserverless.BatchGetCollectionInput, ...request.Option) (*opensearchserverless.BatchGetCollectionOutput, error)
+ BatchGetCollectionRequest(*opensearchserverless.BatchGetCollectionInput) (*request.Request, *opensearchserverless.BatchGetCollectionOutput)
+
+ BatchGetVpcEndpoint(*opensearchserverless.BatchGetVpcEndpointInput) (*opensearchserverless.BatchGetVpcEndpointOutput, error)
+ BatchGetVpcEndpointWithContext(aws.Context, *opensearchserverless.BatchGetVpcEndpointInput, ...request.Option) (*opensearchserverless.BatchGetVpcEndpointOutput, error)
+ BatchGetVpcEndpointRequest(*opensearchserverless.BatchGetVpcEndpointInput) (*request.Request, *opensearchserverless.BatchGetVpcEndpointOutput)
+
+ CreateAccessPolicy(*opensearchserverless.CreateAccessPolicyInput) (*opensearchserverless.CreateAccessPolicyOutput, error)
+ CreateAccessPolicyWithContext(aws.Context, *opensearchserverless.CreateAccessPolicyInput, ...request.Option) (*opensearchserverless.CreateAccessPolicyOutput, error)
+ CreateAccessPolicyRequest(*opensearchserverless.CreateAccessPolicyInput) (*request.Request, *opensearchserverless.CreateAccessPolicyOutput)
+
+ CreateCollection(*opensearchserverless.CreateCollectionInput) (*opensearchserverless.CreateCollectionOutput, error)
+ CreateCollectionWithContext(aws.Context, *opensearchserverless.CreateCollectionInput, ...request.Option) (*opensearchserverless.CreateCollectionOutput, error)
+ CreateCollectionRequest(*opensearchserverless.CreateCollectionInput) (*request.Request, *opensearchserverless.CreateCollectionOutput)
+
+ CreateSecurityConfig(*opensearchserverless.CreateSecurityConfigInput) (*opensearchserverless.CreateSecurityConfigOutput, error)
+ CreateSecurityConfigWithContext(aws.Context, *opensearchserverless.CreateSecurityConfigInput, ...request.Option) (*opensearchserverless.CreateSecurityConfigOutput, error)
+ CreateSecurityConfigRequest(*opensearchserverless.CreateSecurityConfigInput) (*request.Request, *opensearchserverless.CreateSecurityConfigOutput)
+
+ CreateSecurityPolicy(*opensearchserverless.CreateSecurityPolicyInput) (*opensearchserverless.CreateSecurityPolicyOutput, error)
+ CreateSecurityPolicyWithContext(aws.Context, *opensearchserverless.CreateSecurityPolicyInput, ...request.Option) (*opensearchserverless.CreateSecurityPolicyOutput, error)
+ CreateSecurityPolicyRequest(*opensearchserverless.CreateSecurityPolicyInput) (*request.Request, *opensearchserverless.CreateSecurityPolicyOutput)
+
+ CreateVpcEndpoint(*opensearchserverless.CreateVpcEndpointInput) (*opensearchserverless.CreateVpcEndpointOutput, error)
+ CreateVpcEndpointWithContext(aws.Context, *opensearchserverless.CreateVpcEndpointInput, ...request.Option) (*opensearchserverless.CreateVpcEndpointOutput, error)
+ CreateVpcEndpointRequest(*opensearchserverless.CreateVpcEndpointInput) (*request.Request, *opensearchserverless.CreateVpcEndpointOutput)
+
+ DeleteAccessPolicy(*opensearchserverless.DeleteAccessPolicyInput) (*opensearchserverless.DeleteAccessPolicyOutput, error)
+ DeleteAccessPolicyWithContext(aws.Context, *opensearchserverless.DeleteAccessPolicyInput, ...request.Option) (*opensearchserverless.DeleteAccessPolicyOutput, error)
+ DeleteAccessPolicyRequest(*opensearchserverless.DeleteAccessPolicyInput) (*request.Request, *opensearchserverless.DeleteAccessPolicyOutput)
+
+ DeleteCollection(*opensearchserverless.DeleteCollectionInput) (*opensearchserverless.DeleteCollectionOutput, error)
+ DeleteCollectionWithContext(aws.Context, *opensearchserverless.DeleteCollectionInput, ...request.Option) (*opensearchserverless.DeleteCollectionOutput, error)
+ DeleteCollectionRequest(*opensearchserverless.DeleteCollectionInput) (*request.Request, *opensearchserverless.DeleteCollectionOutput)
+
+ DeleteSecurityConfig(*opensearchserverless.DeleteSecurityConfigInput) (*opensearchserverless.DeleteSecurityConfigOutput, error)
+ DeleteSecurityConfigWithContext(aws.Context, *opensearchserverless.DeleteSecurityConfigInput, ...request.Option) (*opensearchserverless.DeleteSecurityConfigOutput, error)
+ DeleteSecurityConfigRequest(*opensearchserverless.DeleteSecurityConfigInput) (*request.Request, *opensearchserverless.DeleteSecurityConfigOutput)
+
+ DeleteSecurityPolicy(*opensearchserverless.DeleteSecurityPolicyInput) (*opensearchserverless.DeleteSecurityPolicyOutput, error)
+ DeleteSecurityPolicyWithContext(aws.Context, *opensearchserverless.DeleteSecurityPolicyInput, ...request.Option) (*opensearchserverless.DeleteSecurityPolicyOutput, error)
+ DeleteSecurityPolicyRequest(*opensearchserverless.DeleteSecurityPolicyInput) (*request.Request, *opensearchserverless.DeleteSecurityPolicyOutput)
+
+ DeleteVpcEndpoint(*opensearchserverless.DeleteVpcEndpointInput) (*opensearchserverless.DeleteVpcEndpointOutput, error)
+ DeleteVpcEndpointWithContext(aws.Context, *opensearchserverless.DeleteVpcEndpointInput, ...request.Option) (*opensearchserverless.DeleteVpcEndpointOutput, error)
+ DeleteVpcEndpointRequest(*opensearchserverless.DeleteVpcEndpointInput) (*request.Request, *opensearchserverless.DeleteVpcEndpointOutput)
+
+ GetAccessPolicy(*opensearchserverless.GetAccessPolicyInput) (*opensearchserverless.GetAccessPolicyOutput, error)
+ GetAccessPolicyWithContext(aws.Context, *opensearchserverless.GetAccessPolicyInput, ...request.Option) (*opensearchserverless.GetAccessPolicyOutput, error)
+ GetAccessPolicyRequest(*opensearchserverless.GetAccessPolicyInput) (*request.Request, *opensearchserverless.GetAccessPolicyOutput)
+
+ GetAccountSettings(*opensearchserverless.GetAccountSettingsInput) (*opensearchserverless.GetAccountSettingsOutput, error)
+ GetAccountSettingsWithContext(aws.Context, *opensearchserverless.GetAccountSettingsInput, ...request.Option) (*opensearchserverless.GetAccountSettingsOutput, error)
+ GetAccountSettingsRequest(*opensearchserverless.GetAccountSettingsInput) (*request.Request, *opensearchserverless.GetAccountSettingsOutput)
+
+ GetPoliciesStats(*opensearchserverless.GetPoliciesStatsInput) (*opensearchserverless.GetPoliciesStatsOutput, error)
+ GetPoliciesStatsWithContext(aws.Context, *opensearchserverless.GetPoliciesStatsInput, ...request.Option) (*opensearchserverless.GetPoliciesStatsOutput, error)
+ GetPoliciesStatsRequest(*opensearchserverless.GetPoliciesStatsInput) (*request.Request, *opensearchserverless.GetPoliciesStatsOutput)
+
+ GetSecurityConfig(*opensearchserverless.GetSecurityConfigInput) (*opensearchserverless.GetSecurityConfigOutput, error)
+ GetSecurityConfigWithContext(aws.Context, *opensearchserverless.GetSecurityConfigInput, ...request.Option) (*opensearchserverless.GetSecurityConfigOutput, error)
+ GetSecurityConfigRequest(*opensearchserverless.GetSecurityConfigInput) (*request.Request, *opensearchserverless.GetSecurityConfigOutput)
+
+ GetSecurityPolicy(*opensearchserverless.GetSecurityPolicyInput) (*opensearchserverless.GetSecurityPolicyOutput, error)
+ GetSecurityPolicyWithContext(aws.Context, *opensearchserverless.GetSecurityPolicyInput, ...request.Option) (*opensearchserverless.GetSecurityPolicyOutput, error)
+ GetSecurityPolicyRequest(*opensearchserverless.GetSecurityPolicyInput) (*request.Request, *opensearchserverless.GetSecurityPolicyOutput)
+
+ ListAccessPolicies(*opensearchserverless.ListAccessPoliciesInput) (*opensearchserverless.ListAccessPoliciesOutput, error)
+ ListAccessPoliciesWithContext(aws.Context, *opensearchserverless.ListAccessPoliciesInput, ...request.Option) (*opensearchserverless.ListAccessPoliciesOutput, error)
+ ListAccessPoliciesRequest(*opensearchserverless.ListAccessPoliciesInput) (*request.Request, *opensearchserverless.ListAccessPoliciesOutput)
+
+ ListAccessPoliciesPages(*opensearchserverless.ListAccessPoliciesInput, func(*opensearchserverless.ListAccessPoliciesOutput, bool) bool) error
+ ListAccessPoliciesPagesWithContext(aws.Context, *opensearchserverless.ListAccessPoliciesInput, func(*opensearchserverless.ListAccessPoliciesOutput, bool) bool, ...request.Option) error
+
+ ListCollections(*opensearchserverless.ListCollectionsInput) (*opensearchserverless.ListCollectionsOutput, error)
+ ListCollectionsWithContext(aws.Context, *opensearchserverless.ListCollectionsInput, ...request.Option) (*opensearchserverless.ListCollectionsOutput, error)
+ ListCollectionsRequest(*opensearchserverless.ListCollectionsInput) (*request.Request, *opensearchserverless.ListCollectionsOutput)
+
+ ListCollectionsPages(*opensearchserverless.ListCollectionsInput, func(*opensearchserverless.ListCollectionsOutput, bool) bool) error
+ ListCollectionsPagesWithContext(aws.Context, *opensearchserverless.ListCollectionsInput, func(*opensearchserverless.ListCollectionsOutput, bool) bool, ...request.Option) error
+
+ ListSecurityConfigs(*opensearchserverless.ListSecurityConfigsInput) (*opensearchserverless.ListSecurityConfigsOutput, error)
+ ListSecurityConfigsWithContext(aws.Context, *opensearchserverless.ListSecurityConfigsInput, ...request.Option) (*opensearchserverless.ListSecurityConfigsOutput, error)
+ ListSecurityConfigsRequest(*opensearchserverless.ListSecurityConfigsInput) (*request.Request, *opensearchserverless.ListSecurityConfigsOutput)
+
+ ListSecurityConfigsPages(*opensearchserverless.ListSecurityConfigsInput, func(*opensearchserverless.ListSecurityConfigsOutput, bool) bool) error
+ ListSecurityConfigsPagesWithContext(aws.Context, *opensearchserverless.ListSecurityConfigsInput, func(*opensearchserverless.ListSecurityConfigsOutput, bool) bool, ...request.Option) error
+
+ ListSecurityPolicies(*opensearchserverless.ListSecurityPoliciesInput) (*opensearchserverless.ListSecurityPoliciesOutput, error)
+ ListSecurityPoliciesWithContext(aws.Context, *opensearchserverless.ListSecurityPoliciesInput, ...request.Option) (*opensearchserverless.ListSecurityPoliciesOutput, error)
+ ListSecurityPoliciesRequest(*opensearchserverless.ListSecurityPoliciesInput) (*request.Request, *opensearchserverless.ListSecurityPoliciesOutput)
+
+ ListSecurityPoliciesPages(*opensearchserverless.ListSecurityPoliciesInput, func(*opensearchserverless.ListSecurityPoliciesOutput, bool) bool) error
+ ListSecurityPoliciesPagesWithContext(aws.Context, *opensearchserverless.ListSecurityPoliciesInput, func(*opensearchserverless.ListSecurityPoliciesOutput, bool) bool, ...request.Option) error
+
+ ListTagsForResource(*opensearchserverless.ListTagsForResourceInput) (*opensearchserverless.ListTagsForResourceOutput, error)
+ ListTagsForResourceWithContext(aws.Context, *opensearchserverless.ListTagsForResourceInput, ...request.Option) (*opensearchserverless.ListTagsForResourceOutput, error)
+ ListTagsForResourceRequest(*opensearchserverless.ListTagsForResourceInput) (*request.Request, *opensearchserverless.ListTagsForResourceOutput)
+
+ ListVpcEndpoints(*opensearchserverless.ListVpcEndpointsInput) (*opensearchserverless.ListVpcEndpointsOutput, error)
+ ListVpcEndpointsWithContext(aws.Context, *opensearchserverless.ListVpcEndpointsInput, ...request.Option) (*opensearchserverless.ListVpcEndpointsOutput, error)
+ ListVpcEndpointsRequest(*opensearchserverless.ListVpcEndpointsInput) (*request.Request, *opensearchserverless.ListVpcEndpointsOutput)
+
+ ListVpcEndpointsPages(*opensearchserverless.ListVpcEndpointsInput, func(*opensearchserverless.ListVpcEndpointsOutput, bool) bool) error
+ ListVpcEndpointsPagesWithContext(aws.Context, *opensearchserverless.ListVpcEndpointsInput, func(*opensearchserverless.ListVpcEndpointsOutput, bool) bool, ...request.Option) error
+
+ TagResource(*opensearchserverless.TagResourceInput) (*opensearchserverless.TagResourceOutput, error)
+ TagResourceWithContext(aws.Context, *opensearchserverless.TagResourceInput, ...request.Option) (*opensearchserverless.TagResourceOutput, error)
+ TagResourceRequest(*opensearchserverless.TagResourceInput) (*request.Request, *opensearchserverless.TagResourceOutput)
+
+ UntagResource(*opensearchserverless.UntagResourceInput) (*opensearchserverless.UntagResourceOutput, error)
+ UntagResourceWithContext(aws.Context, *opensearchserverless.UntagResourceInput, ...request.Option) (*opensearchserverless.UntagResourceOutput, error)
+ UntagResourceRequest(*opensearchserverless.UntagResourceInput) (*request.Request, *opensearchserverless.UntagResourceOutput)
+
+ UpdateAccessPolicy(*opensearchserverless.UpdateAccessPolicyInput) (*opensearchserverless.UpdateAccessPolicyOutput, error)
+ UpdateAccessPolicyWithContext(aws.Context, *opensearchserverless.UpdateAccessPolicyInput, ...request.Option) (*opensearchserverless.UpdateAccessPolicyOutput, error)
+ UpdateAccessPolicyRequest(*opensearchserverless.UpdateAccessPolicyInput) (*request.Request, *opensearchserverless.UpdateAccessPolicyOutput)
+
+ UpdateAccountSettings(*opensearchserverless.UpdateAccountSettingsInput) (*opensearchserverless.UpdateAccountSettingsOutput, error)
+ UpdateAccountSettingsWithContext(aws.Context, *opensearchserverless.UpdateAccountSettingsInput, ...request.Option) (*opensearchserverless.UpdateAccountSettingsOutput, error)
+ UpdateAccountSettingsRequest(*opensearchserverless.UpdateAccountSettingsInput) (*request.Request, *opensearchserverless.UpdateAccountSettingsOutput)
+
+ UpdateCollection(*opensearchserverless.UpdateCollectionInput) (*opensearchserverless.UpdateCollectionOutput, error)
+ UpdateCollectionWithContext(aws.Context, *opensearchserverless.UpdateCollectionInput, ...request.Option) (*opensearchserverless.UpdateCollectionOutput, error)
+ UpdateCollectionRequest(*opensearchserverless.UpdateCollectionInput) (*request.Request, *opensearchserverless.UpdateCollectionOutput)
+
+ UpdateSecurityConfig(*opensearchserverless.UpdateSecurityConfigInput) (*opensearchserverless.UpdateSecurityConfigOutput, error)
+ UpdateSecurityConfigWithContext(aws.Context, *opensearchserverless.UpdateSecurityConfigInput, ...request.Option) (*opensearchserverless.UpdateSecurityConfigOutput, error)
+ UpdateSecurityConfigRequest(*opensearchserverless.UpdateSecurityConfigInput) (*request.Request, *opensearchserverless.UpdateSecurityConfigOutput)
+
+ UpdateSecurityPolicy(*opensearchserverless.UpdateSecurityPolicyInput) (*opensearchserverless.UpdateSecurityPolicyOutput, error)
+ UpdateSecurityPolicyWithContext(aws.Context, *opensearchserverless.UpdateSecurityPolicyInput, ...request.Option) (*opensearchserverless.UpdateSecurityPolicyOutput, error)
+ UpdateSecurityPolicyRequest(*opensearchserverless.UpdateSecurityPolicyInput) (*request.Request, *opensearchserverless.UpdateSecurityPolicyOutput)
+
+ UpdateVpcEndpoint(*opensearchserverless.UpdateVpcEndpointInput) (*opensearchserverless.UpdateVpcEndpointOutput, error)
+ UpdateVpcEndpointWithContext(aws.Context, *opensearchserverless.UpdateVpcEndpointInput, ...request.Option) (*opensearchserverless.UpdateVpcEndpointOutput, error)
+ UpdateVpcEndpointRequest(*opensearchserverless.UpdateVpcEndpointInput) (*request.Request, *opensearchserverless.UpdateVpcEndpointOutput)
+}
+
+var _ OpenSearchServerlessAPI = (*opensearchserverless.OpenSearchServerless)(nil)
diff --git a/service/opensearchserverless/service.go b/service/opensearchserverless/service.go
new file mode 100644
index 0000000000..b879af32ce
--- /dev/null
+++ b/service/opensearchserverless/service.go
@@ -0,0 +1,108 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package opensearchserverless
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
+)
+
+// OpenSearchServerless provides the API operation methods for making requests to
+// OpenSearch Service Serverless. See this package's package overview docs
+// for details on the service.
+//
+// OpenSearchServerless methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type OpenSearchServerless struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "OpenSearchServerless" // Name of service.
+ EndpointsID = "aoss" // ID to lookup a service endpoint with.
+ ServiceID = "OpenSearchServerless" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the OpenSearchServerless client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a OpenSearchServerless client from just a session.
+// svc := opensearchserverless.New(mySession)
+//
+// // Create a OpenSearchServerless client with additional configuration
+// svc := opensearchserverless.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *OpenSearchServerless {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = "aoss"
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *OpenSearchServerless {
+ svc := &OpenSearchServerless{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2021-11-01",
+ ResolvedRegion: resolvedRegion,
+ JSONVersion: "1.0",
+ TargetPrefix: "OpenSearchServerless",
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+ svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(
+ protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+ )
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a OpenSearchServerless operation and runs any
+// custom request initialization.
+func (c *OpenSearchServerless) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/service/securitylake/api.go b/service/securitylake/api.go
new file mode 100644
index 0000000000..6353fc60b4
--- /dev/null
+++ b/service/securitylake/api.go
@@ -0,0 +1,8391 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package securitylake
+
+import (
+ "fmt"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+const opCreateAwsLogSource = "CreateAwsLogSource"
+
+// CreateAwsLogSourceRequest generates a "aws/request.Request" representing the
+// client's request for the CreateAwsLogSource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateAwsLogSource for more information on using the CreateAwsLogSource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateAwsLogSourceRequest method.
+// req, resp := client.CreateAwsLogSourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateAwsLogSource
+func (c *SecurityLake) CreateAwsLogSourceRequest(input *CreateAwsLogSourceInput) (req *request.Request, output *CreateAwsLogSourceOutput) {
+ op := &request.Operation{
+ Name: opCreateAwsLogSource,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/logsources/aws",
+ }
+
+ if input == nil {
+ input = &CreateAwsLogSourceInput{}
+ }
+
+ output = &CreateAwsLogSourceOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateAwsLogSource API operation for Amazon Security Lake.
+//
+// Adds a natively-supported Amazon Web Services service as a Security Lake
+// source. Enables source types for member accounts in required Regions, based
+// on specified parameters. You can choose any source type in any Region for
+// accounts that are either part of a trusted organization or standalone accounts.
+// At least one of the three dimensions is a mandatory input to this API. However,
+// any combination of the three dimensions can be supplied to this API.
+//
+// By default, dimension refers to the entire set. When you don't provide a
+// dimension, Security Lake assumes that the missing dimension refers to the
+// entire set. This is overridden when you supply any one of the inputs. For
+// instance, when members is not specified, the API disables all Security Lake
+// member accounts for sources. Similarly, when Regions are not specified, Security
+// Lake is disabled for all the Regions where Security Lake is available as
+// a service.
+//
+// You can use this API only to enable a natively-supported Amazon Web Services
+// services as a source. Use CreateCustomLogSource to enable data collection
+// from a custom source.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateAwsLogSource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - S3Exception
+// Provides an extension of the AmazonServiceException for errors reported by
+// Amazon S3 while processing a request. In particular, this class provides
+// access to Amazon S3's extended request ID. This ID is required debugging
+// information in the case the user needs to contact Amazon about an issue where
+// Amazon S3 is incorrectly handling a request.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateAwsLogSource
+func (c *SecurityLake) CreateAwsLogSource(input *CreateAwsLogSourceInput) (*CreateAwsLogSourceOutput, error) {
+ req, out := c.CreateAwsLogSourceRequest(input)
+ return out, req.Send()
+}
+
+// CreateAwsLogSourceWithContext is the same as CreateAwsLogSource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateAwsLogSource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateAwsLogSourceWithContext(ctx aws.Context, input *CreateAwsLogSourceInput, opts ...request.Option) (*CreateAwsLogSourceOutput, error) {
+ req, out := c.CreateAwsLogSourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateCustomLogSource = "CreateCustomLogSource"
+
+// CreateCustomLogSourceRequest generates a "aws/request.Request" representing the
+// client's request for the CreateCustomLogSource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateCustomLogSource for more information on using the CreateCustomLogSource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateCustomLogSourceRequest method.
+// req, resp := client.CreateCustomLogSourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateCustomLogSource
+func (c *SecurityLake) CreateCustomLogSourceRequest(input *CreateCustomLogSourceInput) (req *request.Request, output *CreateCustomLogSourceOutput) {
+ op := &request.Operation{
+ Name: opCreateCustomLogSource,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/logsources/custom",
+ }
+
+ if input == nil {
+ input = &CreateCustomLogSourceInput{}
+ }
+
+ output = &CreateCustomLogSourceOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateCustomLogSource API operation for Amazon Security Lake.
+//
+// Adds a third-party custom source in Amazon Security Lake, from the Region
+// where you want to create a custom source. Security Lake can collect logs
+// and events from third-party custom sources. After creating the appropriate
+// API roles, use this API to add a custom source name in Security Lake. This
+// operation creates a partition in the Security Lake S3 bucket as the target
+// location for log files from the custom source, an associated Glue table,
+// and an Glue crawler.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateCustomLogSource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - ConflictSourceNamesException
+// There was a conflict when you attempted to modify a Security Lake source
+// name.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - BucketNotFoundException
+// Amazon Security Lake generally returns 404 errors if the requested object
+// is missing from the bucket.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateCustomLogSource
+func (c *SecurityLake) CreateCustomLogSource(input *CreateCustomLogSourceInput) (*CreateCustomLogSourceOutput, error) {
+ req, out := c.CreateCustomLogSourceRequest(input)
+ return out, req.Send()
+}
+
+// CreateCustomLogSourceWithContext is the same as CreateCustomLogSource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateCustomLogSource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateCustomLogSourceWithContext(ctx aws.Context, input *CreateCustomLogSourceInput, opts ...request.Option) (*CreateCustomLogSourceOutput, error) {
+ req, out := c.CreateCustomLogSourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateDatalake = "CreateDatalake"
+
+// CreateDatalakeRequest generates a "aws/request.Request" representing the
+// client's request for the CreateDatalake operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateDatalake for more information on using the CreateDatalake
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateDatalakeRequest method.
+// req, resp := client.CreateDatalakeRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalake
+func (c *SecurityLake) CreateDatalakeRequest(input *CreateDatalakeInput) (req *request.Request, output *CreateDatalakeOutput) {
+ op := &request.Operation{
+ Name: opCreateDatalake,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/datalake",
+ }
+
+ if input == nil {
+ input = &CreateDatalakeInput{}
+ }
+
+ output = &CreateDatalakeOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// CreateDatalake API operation for Amazon Security Lake.
+//
+// Initializes an Amazon Security Lake instance with the provided (or default)
+// configuration. You can enable Security Lake in Regions with customized settings
+// in advance before enabling log collection in Regions. You can either use
+// the enableAll parameter to specify all Regions or you can specify the Regions
+// you want to enable Security Lake using the Regions parameter and configure
+// these Regions using the configurations parameter. When the CreateDataLake
+// API is called multiple times, if that Region is already enabled, it will
+// update the Region if configuration for that Region is provided. If that Region
+// is a new Region, it will be set up with the customized configurations if
+// it is specified.
+//
+// When you enable Security Lake, it starts ingesting security data after the
+// CreateAwsLogSource call. This includes ingesting security data from sources,
+// storing data, and making data accessible to subscribers. Security Lake also
+// enables all the existing settings and resources that it stores or maintains
+// for your account in the current Region, including security log and event
+// data. For more information, see the Amazon Security Lake User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateDatalake for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServiceQuotaExceededException
+// You have exceeded your service quota. To perform the requested action, remove
+// some of the relevant resources, or use Service Quotas to request a service
+// quota increase.
+//
+// - ConflictException
+// Occurs when a conflict with a previous successful write is detected. This
+// generally occurs when the previous write did not have time to propagate to
+// the host serving the current request. A retry (with appropriate backoff logic)
+// is the recommended response to this exception.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalake
+func (c *SecurityLake) CreateDatalake(input *CreateDatalakeInput) (*CreateDatalakeOutput, error) {
+ req, out := c.CreateDatalakeRequest(input)
+ return out, req.Send()
+}
+
+// CreateDatalakeWithContext is the same as CreateDatalake with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateDatalake for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateDatalakeWithContext(ctx aws.Context, input *CreateDatalakeInput, opts ...request.Option) (*CreateDatalakeOutput, error) {
+ req, out := c.CreateDatalakeRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateDatalakeAutoEnable = "CreateDatalakeAutoEnable"
+
+// CreateDatalakeAutoEnableRequest generates a "aws/request.Request" representing the
+// client's request for the CreateDatalakeAutoEnable operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateDatalakeAutoEnable for more information on using the CreateDatalakeAutoEnable
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateDatalakeAutoEnableRequest method.
+// req, resp := client.CreateDatalakeAutoEnableRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeAutoEnable
+func (c *SecurityLake) CreateDatalakeAutoEnableRequest(input *CreateDatalakeAutoEnableInput) (req *request.Request, output *CreateDatalakeAutoEnableOutput) {
+ op := &request.Operation{
+ Name: opCreateDatalakeAutoEnable,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/datalake/autoenable",
+ }
+
+ if input == nil {
+ input = &CreateDatalakeAutoEnableInput{}
+ }
+
+ output = &CreateDatalakeAutoEnableOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// CreateDatalakeAutoEnable API operation for Amazon Security Lake.
+//
+// Automatically enable Security Lake in the specified Regions to begin ingesting
+// security data. When you choose to enable organization accounts automatically,
+// then Security Lake begins to enable new accounts as member accounts as they
+// are added to the organization. Security Lake does not enable existing organization
+// accounts that are not yet enabled.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateDatalakeAutoEnable for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeAutoEnable
+func (c *SecurityLake) CreateDatalakeAutoEnable(input *CreateDatalakeAutoEnableInput) (*CreateDatalakeAutoEnableOutput, error) {
+ req, out := c.CreateDatalakeAutoEnableRequest(input)
+ return out, req.Send()
+}
+
+// CreateDatalakeAutoEnableWithContext is the same as CreateDatalakeAutoEnable with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateDatalakeAutoEnable for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateDatalakeAutoEnableWithContext(ctx aws.Context, input *CreateDatalakeAutoEnableInput, opts ...request.Option) (*CreateDatalakeAutoEnableOutput, error) {
+ req, out := c.CreateDatalakeAutoEnableRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateDatalakeDelegatedAdmin = "CreateDatalakeDelegatedAdmin"
+
+// CreateDatalakeDelegatedAdminRequest generates a "aws/request.Request" representing the
+// client's request for the CreateDatalakeDelegatedAdmin operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateDatalakeDelegatedAdmin for more information on using the CreateDatalakeDelegatedAdmin
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateDatalakeDelegatedAdminRequest method.
+// req, resp := client.CreateDatalakeDelegatedAdminRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeDelegatedAdmin
+func (c *SecurityLake) CreateDatalakeDelegatedAdminRequest(input *CreateDatalakeDelegatedAdminInput) (req *request.Request, output *CreateDatalakeDelegatedAdminOutput) {
+ op := &request.Operation{
+ Name: opCreateDatalakeDelegatedAdmin,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/datalake/delegate",
+ }
+
+ if input == nil {
+ input = &CreateDatalakeDelegatedAdminInput{}
+ }
+
+ output = &CreateDatalakeDelegatedAdminOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// CreateDatalakeDelegatedAdmin API operation for Amazon Security Lake.
+//
+// Designates the Security Lake administrator account for the organization.
+// This API can only be called by the organization management account. The organization
+// management account cannot be the delegated administrator account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateDatalakeDelegatedAdmin for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeDelegatedAdmin
+func (c *SecurityLake) CreateDatalakeDelegatedAdmin(input *CreateDatalakeDelegatedAdminInput) (*CreateDatalakeDelegatedAdminOutput, error) {
+ req, out := c.CreateDatalakeDelegatedAdminRequest(input)
+ return out, req.Send()
+}
+
+// CreateDatalakeDelegatedAdminWithContext is the same as CreateDatalakeDelegatedAdmin with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateDatalakeDelegatedAdmin for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateDatalakeDelegatedAdminWithContext(ctx aws.Context, input *CreateDatalakeDelegatedAdminInput, opts ...request.Option) (*CreateDatalakeDelegatedAdminOutput, error) {
+ req, out := c.CreateDatalakeDelegatedAdminRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateDatalakeExceptionsSubscription = "CreateDatalakeExceptionsSubscription"
+
+// CreateDatalakeExceptionsSubscriptionRequest generates a "aws/request.Request" representing the
+// client's request for the CreateDatalakeExceptionsSubscription operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateDatalakeExceptionsSubscription for more information on using the CreateDatalakeExceptionsSubscription
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateDatalakeExceptionsSubscriptionRequest method.
+// req, resp := client.CreateDatalakeExceptionsSubscriptionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeExceptionsSubscription
+func (c *SecurityLake) CreateDatalakeExceptionsSubscriptionRequest(input *CreateDatalakeExceptionsSubscriptionInput) (req *request.Request, output *CreateDatalakeExceptionsSubscriptionOutput) {
+ op := &request.Operation{
+ Name: opCreateDatalakeExceptionsSubscription,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/datalake/exceptions/subscription",
+ }
+
+ if input == nil {
+ input = &CreateDatalakeExceptionsSubscriptionInput{}
+ }
+
+ output = &CreateDatalakeExceptionsSubscriptionOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// CreateDatalakeExceptionsSubscription API operation for Amazon Security Lake.
+//
+// Creates the specified notification subscription in Security Lake. Creates
+// the specified subscription notifications in the specified organization.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateDatalakeExceptionsSubscription for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeExceptionsSubscription
+func (c *SecurityLake) CreateDatalakeExceptionsSubscription(input *CreateDatalakeExceptionsSubscriptionInput) (*CreateDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.CreateDatalakeExceptionsSubscriptionRequest(input)
+ return out, req.Send()
+}
+
+// CreateDatalakeExceptionsSubscriptionWithContext is the same as CreateDatalakeExceptionsSubscription with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateDatalakeExceptionsSubscription for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateDatalakeExceptionsSubscriptionWithContext(ctx aws.Context, input *CreateDatalakeExceptionsSubscriptionInput, opts ...request.Option) (*CreateDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.CreateDatalakeExceptionsSubscriptionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateSubscriber = "CreateSubscriber"
+
+// CreateSubscriberRequest generates a "aws/request.Request" representing the
+// client's request for the CreateSubscriber operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateSubscriber for more information on using the CreateSubscriber
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateSubscriberRequest method.
+// req, resp := client.CreateSubscriberRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriber
+func (c *SecurityLake) CreateSubscriberRequest(input *CreateSubscriberInput) (req *request.Request, output *CreateSubscriberOutput) {
+ op := &request.Operation{
+ Name: opCreateSubscriber,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/subscribers",
+ }
+
+ if input == nil {
+ input = &CreateSubscriberInput{}
+ }
+
+ output = &CreateSubscriberOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateSubscriber API operation for Amazon Security Lake.
+//
+// Creates a subscription permission for accounts that are already enabled in
+// Security Lake.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateSubscriber for usage and error information.
+//
+// Returned Error Types:
+//
+// - ConflictSubscriptionException
+// A conflicting subscription exception operation is in progress.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - BucketNotFoundException
+// Amazon Security Lake generally returns 404 errors if the requested object
+// is missing from the bucket.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriber
+func (c *SecurityLake) CreateSubscriber(input *CreateSubscriberInput) (*CreateSubscriberOutput, error) {
+ req, out := c.CreateSubscriberRequest(input)
+ return out, req.Send()
+}
+
+// CreateSubscriberWithContext is the same as CreateSubscriber with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateSubscriber for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateSubscriberWithContext(ctx aws.Context, input *CreateSubscriberInput, opts ...request.Option) (*CreateSubscriberOutput, error) {
+ req, out := c.CreateSubscriberRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateSubscriptionNotificationConfiguration = "CreateSubscriptionNotificationConfiguration"
+
+// CreateSubscriptionNotificationConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the CreateSubscriptionNotificationConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateSubscriptionNotificationConfiguration for more information on using the CreateSubscriptionNotificationConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateSubscriptionNotificationConfigurationRequest method.
+// req, resp := client.CreateSubscriptionNotificationConfigurationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriptionNotificationConfiguration
+func (c *SecurityLake) CreateSubscriptionNotificationConfigurationRequest(input *CreateSubscriptionNotificationConfigurationInput) (req *request.Request, output *CreateSubscriptionNotificationConfigurationOutput) {
+ op := &request.Operation{
+ Name: opCreateSubscriptionNotificationConfiguration,
+ HTTPMethod: "POST",
+ HTTPPath: "/subscription-notifications/{subscriptionId}",
+ }
+
+ if input == nil {
+ input = &CreateSubscriptionNotificationConfigurationInput{}
+ }
+
+ output = &CreateSubscriptionNotificationConfigurationOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateSubscriptionNotificationConfiguration API operation for Amazon Security Lake.
+//
+// Creates the specified notification subscription in Security Lake. Creates
+// the specified subscription notifications from the specified organization.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation CreateSubscriptionNotificationConfiguration for usage and error information.
+//
+// Returned Error Types:
+//
+// - ConcurrentModificationException
+// More than one process tried to modify a resource at the same time.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriptionNotificationConfiguration
+func (c *SecurityLake) CreateSubscriptionNotificationConfiguration(input *CreateSubscriptionNotificationConfigurationInput) (*CreateSubscriptionNotificationConfigurationOutput, error) {
+ req, out := c.CreateSubscriptionNotificationConfigurationRequest(input)
+ return out, req.Send()
+}
+
+// CreateSubscriptionNotificationConfigurationWithContext is the same as CreateSubscriptionNotificationConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateSubscriptionNotificationConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) CreateSubscriptionNotificationConfigurationWithContext(ctx aws.Context, input *CreateSubscriptionNotificationConfigurationInput, opts ...request.Option) (*CreateSubscriptionNotificationConfigurationOutput, error) {
+ req, out := c.CreateSubscriptionNotificationConfigurationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteAwsLogSource = "DeleteAwsLogSource"
+
+// DeleteAwsLogSourceRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteAwsLogSource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteAwsLogSource for more information on using the DeleteAwsLogSource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteAwsLogSourceRequest method.
+// req, resp := client.DeleteAwsLogSourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteAwsLogSource
+func (c *SecurityLake) DeleteAwsLogSourceRequest(input *DeleteAwsLogSourceInput) (req *request.Request, output *DeleteAwsLogSourceOutput) {
+ op := &request.Operation{
+ Name: opDeleteAwsLogSource,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/logsources/aws/delete",
+ }
+
+ if input == nil {
+ input = &DeleteAwsLogSourceInput{}
+ }
+
+ output = &DeleteAwsLogSourceOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DeleteAwsLogSource API operation for Amazon Security Lake.
+//
+// Removes a natively-supported Amazon Web Services service as a Amazon Security
+// Lake source. When you remove the source, Security Lake stops collecting data
+// from that source, and subscribers can no longer consume new data from the
+// source. Subscribers can still consume data that Amazon Security Lake collected
+// from the source before disablement.
+//
+// You can choose any source type in any Region for accounts that are either
+// part of a trusted organization or standalone accounts. At least one of the
+// three dimensions is a mandatory input to this API. However, any combination
+// of the three dimensions can be supplied to this API.
+//
+// By default, dimension refers to the entire set. This is overridden when you
+// supply any one of the inputs. For instance, when members is not specified,
+// the API disables all Security Lake member accounts for sources. Similarly,
+// when Regions are not specified, Security Lake is disabled for all the Regions
+// where Security Lake is available as a service.
+//
+// You can use this API to remove a natively-supported Amazon Web Services service
+// as a source. Use DeregisterCustomData to remove a custom source.
+//
+// When you don't provide a dimension, Security Lake assumes that the missing
+// dimension refers to the entire set. For example, if you don't provide specific
+// accounts, the API applies to the entire set of accounts in your organization.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteAwsLogSource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteAwsLogSource
+func (c *SecurityLake) DeleteAwsLogSource(input *DeleteAwsLogSourceInput) (*DeleteAwsLogSourceOutput, error) {
+ req, out := c.DeleteAwsLogSourceRequest(input)
+ return out, req.Send()
+}
+
+// DeleteAwsLogSourceWithContext is the same as DeleteAwsLogSource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteAwsLogSource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteAwsLogSourceWithContext(ctx aws.Context, input *DeleteAwsLogSourceInput, opts ...request.Option) (*DeleteAwsLogSourceOutput, error) {
+ req, out := c.DeleteAwsLogSourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteCustomLogSource = "DeleteCustomLogSource"
+
+// DeleteCustomLogSourceRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteCustomLogSource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteCustomLogSource for more information on using the DeleteCustomLogSource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteCustomLogSourceRequest method.
+// req, resp := client.DeleteCustomLogSourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteCustomLogSource
+func (c *SecurityLake) DeleteCustomLogSourceRequest(input *DeleteCustomLogSourceInput) (req *request.Request, output *DeleteCustomLogSourceOutput) {
+ op := &request.Operation{
+ Name: opDeleteCustomLogSource,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/v1/logsources/custom",
+ }
+
+ if input == nil {
+ input = &DeleteCustomLogSourceInput{}
+ }
+
+ output = &DeleteCustomLogSourceOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DeleteCustomLogSource API operation for Amazon Security Lake.
+//
+// Removes a custom log source from Security Lake.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteCustomLogSource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - ConflictSourceNamesException
+// There was a conflict when you attempted to modify a Security Lake source
+// name.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - BucketNotFoundException
+// Amazon Security Lake generally returns 404 errors if the requested object
+// is missing from the bucket.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteCustomLogSource
+func (c *SecurityLake) DeleteCustomLogSource(input *DeleteCustomLogSourceInput) (*DeleteCustomLogSourceOutput, error) {
+ req, out := c.DeleteCustomLogSourceRequest(input)
+ return out, req.Send()
+}
+
+// DeleteCustomLogSourceWithContext is the same as DeleteCustomLogSource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteCustomLogSource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteCustomLogSourceWithContext(ctx aws.Context, input *DeleteCustomLogSourceInput, opts ...request.Option) (*DeleteCustomLogSourceOutput, error) {
+ req, out := c.DeleteCustomLogSourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteDatalake = "DeleteDatalake"
+
+// DeleteDatalakeRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteDatalake operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteDatalake for more information on using the DeleteDatalake
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteDatalakeRequest method.
+// req, resp := client.DeleteDatalakeRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalake
+func (c *SecurityLake) DeleteDatalakeRequest(input *DeleteDatalakeInput) (req *request.Request, output *DeleteDatalakeOutput) {
+ op := &request.Operation{
+ Name: opDeleteDatalake,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/v1/datalake",
+ }
+
+ if input == nil {
+ input = &DeleteDatalakeInput{}
+ }
+
+ output = &DeleteDatalakeOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteDatalake API operation for Amazon Security Lake.
+//
+// When you delete Amazon Security Lake from your account, Security Lake is
+// disabled in all Regions. Also, this API automatically performs the off-boarding
+// steps to off-board the account from Security Lake . This includes ingesting
+// security data from sources, storing data, and making data accessible to subscribers.
+// Security Lake also deletes all the existing settings and resources that it
+// stores or maintains for your account in the current Region, including security
+// log and event data. DeleteDatalake does not delete the S3 bucket which is
+// owned by the Amazon Web Services account. For more information, see the Amazon
+// Security Lake User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteDatalake for usage and error information.
+//
+// Returned Error Types:
+//
+// - ServiceQuotaExceededException
+// You have exceeded your service quota. To perform the requested action, remove
+// some of the relevant resources, or use Service Quotas to request a service
+// quota increase.
+//
+// - ConflictException
+// Occurs when a conflict with a previous successful write is detected. This
+// generally occurs when the previous write did not have time to propagate to
+// the host serving the current request. A retry (with appropriate backoff logic)
+// is the recommended response to this exception.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalake
+func (c *SecurityLake) DeleteDatalake(input *DeleteDatalakeInput) (*DeleteDatalakeOutput, error) {
+ req, out := c.DeleteDatalakeRequest(input)
+ return out, req.Send()
+}
+
+// DeleteDatalakeWithContext is the same as DeleteDatalake with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteDatalake for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteDatalakeWithContext(ctx aws.Context, input *DeleteDatalakeInput, opts ...request.Option) (*DeleteDatalakeOutput, error) {
+ req, out := c.DeleteDatalakeRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteDatalakeAutoEnable = "DeleteDatalakeAutoEnable"
+
+// DeleteDatalakeAutoEnableRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteDatalakeAutoEnable operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteDatalakeAutoEnable for more information on using the DeleteDatalakeAutoEnable
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteDatalakeAutoEnableRequest method.
+// req, resp := client.DeleteDatalakeAutoEnableRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeAutoEnable
+func (c *SecurityLake) DeleteDatalakeAutoEnableRequest(input *DeleteDatalakeAutoEnableInput) (req *request.Request, output *DeleteDatalakeAutoEnableOutput) {
+ op := &request.Operation{
+ Name: opDeleteDatalakeAutoEnable,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/datalake/autoenable/delete",
+ }
+
+ if input == nil {
+ input = &DeleteDatalakeAutoEnableInput{}
+ }
+
+ output = &DeleteDatalakeAutoEnableOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteDatalakeAutoEnable API operation for Amazon Security Lake.
+//
+// Automatically delete Security Lake in the specified Regions to stop ingesting
+// security data. When you delete Amazon Security Lake from your account, Security
+// Lake is disabled in all Regions. Also, this API automatically performs the
+// off-boarding steps to off-board the account from Security Lake . This includes
+// ingesting security data from sources, storing data, and making data accessible
+// to subscribers. Security Lake also deletes all the existing settings and
+// resources that it stores or maintains for your account in the current Region,
+// including security log and event data. For more information, see the Amazon
+// Security Lake User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteDatalakeAutoEnable for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeAutoEnable
+func (c *SecurityLake) DeleteDatalakeAutoEnable(input *DeleteDatalakeAutoEnableInput) (*DeleteDatalakeAutoEnableOutput, error) {
+ req, out := c.DeleteDatalakeAutoEnableRequest(input)
+ return out, req.Send()
+}
+
+// DeleteDatalakeAutoEnableWithContext is the same as DeleteDatalakeAutoEnable with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteDatalakeAutoEnable for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteDatalakeAutoEnableWithContext(ctx aws.Context, input *DeleteDatalakeAutoEnableInput, opts ...request.Option) (*DeleteDatalakeAutoEnableOutput, error) {
+ req, out := c.DeleteDatalakeAutoEnableRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteDatalakeDelegatedAdmin = "DeleteDatalakeDelegatedAdmin"
+
+// DeleteDatalakeDelegatedAdminRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteDatalakeDelegatedAdmin operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteDatalakeDelegatedAdmin for more information on using the DeleteDatalakeDelegatedAdmin
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteDatalakeDelegatedAdminRequest method.
+// req, resp := client.DeleteDatalakeDelegatedAdminRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeDelegatedAdmin
+func (c *SecurityLake) DeleteDatalakeDelegatedAdminRequest(input *DeleteDatalakeDelegatedAdminInput) (req *request.Request, output *DeleteDatalakeDelegatedAdminOutput) {
+ op := &request.Operation{
+ Name: opDeleteDatalakeDelegatedAdmin,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/v1/datalake/delegate/{account}",
+ }
+
+ if input == nil {
+ input = &DeleteDatalakeDelegatedAdminInput{}
+ }
+
+ output = &DeleteDatalakeDelegatedAdminOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteDatalakeDelegatedAdmin API operation for Amazon Security Lake.
+//
+// Deletes the Security Lake administrator account for the organization. This
+// API can only be called by the organization management account. The organization
+// management account cannot be the delegated administrator account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteDatalakeDelegatedAdmin for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeDelegatedAdmin
+func (c *SecurityLake) DeleteDatalakeDelegatedAdmin(input *DeleteDatalakeDelegatedAdminInput) (*DeleteDatalakeDelegatedAdminOutput, error) {
+ req, out := c.DeleteDatalakeDelegatedAdminRequest(input)
+ return out, req.Send()
+}
+
+// DeleteDatalakeDelegatedAdminWithContext is the same as DeleteDatalakeDelegatedAdmin with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteDatalakeDelegatedAdmin for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteDatalakeDelegatedAdminWithContext(ctx aws.Context, input *DeleteDatalakeDelegatedAdminInput, opts ...request.Option) (*DeleteDatalakeDelegatedAdminOutput, error) {
+ req, out := c.DeleteDatalakeDelegatedAdminRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteDatalakeExceptionsSubscription = "DeleteDatalakeExceptionsSubscription"
+
+// DeleteDatalakeExceptionsSubscriptionRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteDatalakeExceptionsSubscription operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteDatalakeExceptionsSubscription for more information on using the DeleteDatalakeExceptionsSubscription
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteDatalakeExceptionsSubscriptionRequest method.
+// req, resp := client.DeleteDatalakeExceptionsSubscriptionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeExceptionsSubscription
+func (c *SecurityLake) DeleteDatalakeExceptionsSubscriptionRequest(input *DeleteDatalakeExceptionsSubscriptionInput) (req *request.Request, output *DeleteDatalakeExceptionsSubscriptionOutput) {
+ op := &request.Operation{
+ Name: opDeleteDatalakeExceptionsSubscription,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/v1/datalake/exceptions/subscription",
+ }
+
+ if input == nil {
+ input = &DeleteDatalakeExceptionsSubscriptionInput{}
+ }
+
+ output = &DeleteDatalakeExceptionsSubscriptionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DeleteDatalakeExceptionsSubscription API operation for Amazon Security Lake.
+//
+// Deletes the specified notification subscription in Security Lake. Deletes
+// the specified subscription notifications in the specified organization.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteDatalakeExceptionsSubscription for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeExceptionsSubscription
+func (c *SecurityLake) DeleteDatalakeExceptionsSubscription(input *DeleteDatalakeExceptionsSubscriptionInput) (*DeleteDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.DeleteDatalakeExceptionsSubscriptionRequest(input)
+ return out, req.Send()
+}
+
+// DeleteDatalakeExceptionsSubscriptionWithContext is the same as DeleteDatalakeExceptionsSubscription with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteDatalakeExceptionsSubscription for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteDatalakeExceptionsSubscriptionWithContext(ctx aws.Context, input *DeleteDatalakeExceptionsSubscriptionInput, opts ...request.Option) (*DeleteDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.DeleteDatalakeExceptionsSubscriptionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteSubscriber = "DeleteSubscriber"
+
+// DeleteSubscriberRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteSubscriber operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteSubscriber for more information on using the DeleteSubscriber
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteSubscriberRequest method.
+// req, resp := client.DeleteSubscriberRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteSubscriber
+func (c *SecurityLake) DeleteSubscriberRequest(input *DeleteSubscriberInput) (req *request.Request, output *DeleteSubscriberOutput) {
+ op := &request.Operation{
+ Name: opDeleteSubscriber,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/v1/subscribers",
+ }
+
+ if input == nil {
+ input = &DeleteSubscriberInput{}
+ }
+
+ output = &DeleteSubscriberOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteSubscriber API operation for Amazon Security Lake.
+//
+// Deletes the specified subscription permissions to Security Lake. Deletes
+// the specified subscription permissions from the specified organization.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteSubscriber for usage and error information.
+//
+// Returned Error Types:
+//
+// - ConcurrentModificationException
+// More than one process tried to modify a resource at the same time.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - BucketNotFoundException
+// Amazon Security Lake generally returns 404 errors if the requested object
+// is missing from the bucket.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteSubscriber
+func (c *SecurityLake) DeleteSubscriber(input *DeleteSubscriberInput) (*DeleteSubscriberOutput, error) {
+ req, out := c.DeleteSubscriberRequest(input)
+ return out, req.Send()
+}
+
+// DeleteSubscriberWithContext is the same as DeleteSubscriber with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteSubscriber for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteSubscriberWithContext(ctx aws.Context, input *DeleteSubscriberInput, opts ...request.Option) (*DeleteSubscriberOutput, error) {
+ req, out := c.DeleteSubscriberRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteSubscriptionNotificationConfiguration = "DeleteSubscriptionNotificationConfiguration"
+
+// DeleteSubscriptionNotificationConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteSubscriptionNotificationConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteSubscriptionNotificationConfiguration for more information on using the DeleteSubscriptionNotificationConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteSubscriptionNotificationConfigurationRequest method.
+// req, resp := client.DeleteSubscriptionNotificationConfigurationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteSubscriptionNotificationConfiguration
+func (c *SecurityLake) DeleteSubscriptionNotificationConfigurationRequest(input *DeleteSubscriptionNotificationConfigurationInput) (req *request.Request, output *DeleteSubscriptionNotificationConfigurationOutput) {
+ op := &request.Operation{
+ Name: opDeleteSubscriptionNotificationConfiguration,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/subscription-notifications/{subscriptionId}",
+ }
+
+ if input == nil {
+ input = &DeleteSubscriptionNotificationConfigurationInput{}
+ }
+
+ output = &DeleteSubscriptionNotificationConfigurationOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteSubscriptionNotificationConfiguration API operation for Amazon Security Lake.
+//
+// Deletes the specified notification subscription in Security Lake. Deletes
+// the specified subscription notifications from the specified organization.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation DeleteSubscriptionNotificationConfiguration for usage and error information.
+//
+// Returned Error Types:
+//
+// - ConcurrentModificationException
+// More than one process tried to modify a resource at the same time.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteSubscriptionNotificationConfiguration
+func (c *SecurityLake) DeleteSubscriptionNotificationConfiguration(input *DeleteSubscriptionNotificationConfigurationInput) (*DeleteSubscriptionNotificationConfigurationOutput, error) {
+ req, out := c.DeleteSubscriptionNotificationConfigurationRequest(input)
+ return out, req.Send()
+}
+
+// DeleteSubscriptionNotificationConfigurationWithContext is the same as DeleteSubscriptionNotificationConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteSubscriptionNotificationConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) DeleteSubscriptionNotificationConfigurationWithContext(ctx aws.Context, input *DeleteSubscriptionNotificationConfigurationInput, opts ...request.Option) (*DeleteSubscriptionNotificationConfigurationOutput, error) {
+ req, out := c.DeleteSubscriptionNotificationConfigurationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetDatalake = "GetDatalake"
+
+// GetDatalakeRequest generates a "aws/request.Request" representing the
+// client's request for the GetDatalake operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetDatalake for more information on using the GetDatalake
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetDatalakeRequest method.
+// req, resp := client.GetDatalakeRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalake
+func (c *SecurityLake) GetDatalakeRequest(input *GetDatalakeInput) (req *request.Request, output *GetDatalakeOutput) {
+ op := &request.Operation{
+ Name: opGetDatalake,
+ HTTPMethod: "GET",
+ HTTPPath: "/v1/datalake",
+ }
+
+ if input == nil {
+ input = &GetDatalakeInput{}
+ }
+
+ output = &GetDatalakeOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetDatalake API operation for Amazon Security Lake.
+//
+// Retrieve the Security Lake configuration object for the specified account
+// ID. This API does not take input parameters.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation GetDatalake for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalake
+func (c *SecurityLake) GetDatalake(input *GetDatalakeInput) (*GetDatalakeOutput, error) {
+ req, out := c.GetDatalakeRequest(input)
+ return out, req.Send()
+}
+
+// GetDatalakeWithContext is the same as GetDatalake with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetDatalake for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) GetDatalakeWithContext(ctx aws.Context, input *GetDatalakeInput, opts ...request.Option) (*GetDatalakeOutput, error) {
+ req, out := c.GetDatalakeRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetDatalakeAutoEnable = "GetDatalakeAutoEnable"
+
+// GetDatalakeAutoEnableRequest generates a "aws/request.Request" representing the
+// client's request for the GetDatalakeAutoEnable operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetDatalakeAutoEnable for more information on using the GetDatalakeAutoEnable
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetDatalakeAutoEnableRequest method.
+// req, resp := client.GetDatalakeAutoEnableRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeAutoEnable
+func (c *SecurityLake) GetDatalakeAutoEnableRequest(input *GetDatalakeAutoEnableInput) (req *request.Request, output *GetDatalakeAutoEnableOutput) {
+ op := &request.Operation{
+ Name: opGetDatalakeAutoEnable,
+ HTTPMethod: "GET",
+ HTTPPath: "/v1/datalake/autoenable",
+ }
+
+ if input == nil {
+ input = &GetDatalakeAutoEnableInput{}
+ }
+
+ output = &GetDatalakeAutoEnableOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetDatalakeAutoEnable API operation for Amazon Security Lake.
+//
+// Retrieves the configuration that will be automatically set up for accounts
+// added to the organization after the organization has on boarded to Amazon
+// Security Lake. This API does not take input parameters.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation GetDatalakeAutoEnable for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeAutoEnable
+func (c *SecurityLake) GetDatalakeAutoEnable(input *GetDatalakeAutoEnableInput) (*GetDatalakeAutoEnableOutput, error) {
+ req, out := c.GetDatalakeAutoEnableRequest(input)
+ return out, req.Send()
+}
+
+// GetDatalakeAutoEnableWithContext is the same as GetDatalakeAutoEnable with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetDatalakeAutoEnable for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) GetDatalakeAutoEnableWithContext(ctx aws.Context, input *GetDatalakeAutoEnableInput, opts ...request.Option) (*GetDatalakeAutoEnableOutput, error) {
+ req, out := c.GetDatalakeAutoEnableRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetDatalakeExceptionsExpiry = "GetDatalakeExceptionsExpiry"
+
+// GetDatalakeExceptionsExpiryRequest generates a "aws/request.Request" representing the
+// client's request for the GetDatalakeExceptionsExpiry operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetDatalakeExceptionsExpiry for more information on using the GetDatalakeExceptionsExpiry
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetDatalakeExceptionsExpiryRequest method.
+// req, resp := client.GetDatalakeExceptionsExpiryRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeExceptionsExpiry
+func (c *SecurityLake) GetDatalakeExceptionsExpiryRequest(input *GetDatalakeExceptionsExpiryInput) (req *request.Request, output *GetDatalakeExceptionsExpiryOutput) {
+ op := &request.Operation{
+ Name: opGetDatalakeExceptionsExpiry,
+ HTTPMethod: "GET",
+ HTTPPath: "/v1/datalake/exceptions/expiry",
+ }
+
+ if input == nil {
+ input = &GetDatalakeExceptionsExpiryInput{}
+ }
+
+ output = &GetDatalakeExceptionsExpiryOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetDatalakeExceptionsExpiry API operation for Amazon Security Lake.
+//
+// Retrieves the expiration period and time-to-live (TTL) for which the exception
+// message will remain. Exceptions are stored by default, for a 2 week period
+// of time from when a record was created in Security Lake. This API does not
+// take input parameters. This API does not take input parameters.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation GetDatalakeExceptionsExpiry for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeExceptionsExpiry
+func (c *SecurityLake) GetDatalakeExceptionsExpiry(input *GetDatalakeExceptionsExpiryInput) (*GetDatalakeExceptionsExpiryOutput, error) {
+ req, out := c.GetDatalakeExceptionsExpiryRequest(input)
+ return out, req.Send()
+}
+
+// GetDatalakeExceptionsExpiryWithContext is the same as GetDatalakeExceptionsExpiry with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetDatalakeExceptionsExpiry for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) GetDatalakeExceptionsExpiryWithContext(ctx aws.Context, input *GetDatalakeExceptionsExpiryInput, opts ...request.Option) (*GetDatalakeExceptionsExpiryOutput, error) {
+ req, out := c.GetDatalakeExceptionsExpiryRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetDatalakeExceptionsSubscription = "GetDatalakeExceptionsSubscription"
+
+// GetDatalakeExceptionsSubscriptionRequest generates a "aws/request.Request" representing the
+// client's request for the GetDatalakeExceptionsSubscription operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetDatalakeExceptionsSubscription for more information on using the GetDatalakeExceptionsSubscription
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetDatalakeExceptionsSubscriptionRequest method.
+// req, resp := client.GetDatalakeExceptionsSubscriptionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeExceptionsSubscription
+func (c *SecurityLake) GetDatalakeExceptionsSubscriptionRequest(input *GetDatalakeExceptionsSubscriptionInput) (req *request.Request, output *GetDatalakeExceptionsSubscriptionOutput) {
+ op := &request.Operation{
+ Name: opGetDatalakeExceptionsSubscription,
+ HTTPMethod: "GET",
+ HTTPPath: "/v1/datalake/exceptions/subscription",
+ }
+
+ if input == nil {
+ input = &GetDatalakeExceptionsSubscriptionInput{}
+ }
+
+ output = &GetDatalakeExceptionsSubscriptionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetDatalakeExceptionsSubscription API operation for Amazon Security Lake.
+//
+// Retrieves the details of exception notifications for the account in Amazon
+// Security Lake.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation GetDatalakeExceptionsSubscription for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeExceptionsSubscription
+func (c *SecurityLake) GetDatalakeExceptionsSubscription(input *GetDatalakeExceptionsSubscriptionInput) (*GetDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.GetDatalakeExceptionsSubscriptionRequest(input)
+ return out, req.Send()
+}
+
+// GetDatalakeExceptionsSubscriptionWithContext is the same as GetDatalakeExceptionsSubscription with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetDatalakeExceptionsSubscription for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) GetDatalakeExceptionsSubscriptionWithContext(ctx aws.Context, input *GetDatalakeExceptionsSubscriptionInput, opts ...request.Option) (*GetDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.GetDatalakeExceptionsSubscriptionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetDatalakeStatus = "GetDatalakeStatus"
+
+// GetDatalakeStatusRequest generates a "aws/request.Request" representing the
+// client's request for the GetDatalakeStatus operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetDatalakeStatus for more information on using the GetDatalakeStatus
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetDatalakeStatusRequest method.
+// req, resp := client.GetDatalakeStatusRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeStatus
+func (c *SecurityLake) GetDatalakeStatusRequest(input *GetDatalakeStatusInput) (req *request.Request, output *GetDatalakeStatusOutput) {
+ op := &request.Operation{
+ Name: opGetDatalakeStatus,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/datalake/status",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxAccountResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &GetDatalakeStatusInput{}
+ }
+
+ output = &GetDatalakeStatusOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetDatalakeStatus API operation for Amazon Security Lake.
+//
+// Retrieve the Security Lake configuration object for the specified account
+// ID. This API does not take input parameters.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation GetDatalakeStatus for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeStatus
+func (c *SecurityLake) GetDatalakeStatus(input *GetDatalakeStatusInput) (*GetDatalakeStatusOutput, error) {
+ req, out := c.GetDatalakeStatusRequest(input)
+ return out, req.Send()
+}
+
+// GetDatalakeStatusWithContext is the same as GetDatalakeStatus with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetDatalakeStatus for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) GetDatalakeStatusWithContext(ctx aws.Context, input *GetDatalakeStatusInput, opts ...request.Option) (*GetDatalakeStatusOutput, error) {
+ req, out := c.GetDatalakeStatusRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// GetDatalakeStatusPages iterates over the pages of a GetDatalakeStatus operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See GetDatalakeStatus method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a GetDatalakeStatus operation.
+// pageNum := 0
+// err := client.GetDatalakeStatusPages(params,
+// func(page *securitylake.GetDatalakeStatusOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SecurityLake) GetDatalakeStatusPages(input *GetDatalakeStatusInput, fn func(*GetDatalakeStatusOutput, bool) bool) error {
+ return c.GetDatalakeStatusPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// GetDatalakeStatusPagesWithContext same as GetDatalakeStatusPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) GetDatalakeStatusPagesWithContext(ctx aws.Context, input *GetDatalakeStatusInput, fn func(*GetDatalakeStatusOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *GetDatalakeStatusInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.GetDatalakeStatusRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*GetDatalakeStatusOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opGetSubscriber = "GetSubscriber"
+
+// GetSubscriberRequest generates a "aws/request.Request" representing the
+// client's request for the GetSubscriber operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetSubscriber for more information on using the GetSubscriber
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetSubscriberRequest method.
+// req, resp := client.GetSubscriberRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetSubscriber
+func (c *SecurityLake) GetSubscriberRequest(input *GetSubscriberInput) (req *request.Request, output *GetSubscriberOutput) {
+ op := &request.Operation{
+ Name: opGetSubscriber,
+ HTTPMethod: "GET",
+ HTTPPath: "/v1/subscribers/{id}",
+ }
+
+ if input == nil {
+ input = &GetSubscriberInput{}
+ }
+
+ output = &GetSubscriberOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetSubscriber API operation for Amazon Security Lake.
+//
+// Retrieves subscription information for the specified subscription ID.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation GetSubscriber for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetSubscriber
+func (c *SecurityLake) GetSubscriber(input *GetSubscriberInput) (*GetSubscriberOutput, error) {
+ req, out := c.GetSubscriberRequest(input)
+ return out, req.Send()
+}
+
+// GetSubscriberWithContext is the same as GetSubscriber with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetSubscriber for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) GetSubscriberWithContext(ctx aws.Context, input *GetSubscriberInput, opts ...request.Option) (*GetSubscriberOutput, error) {
+ req, out := c.GetSubscriberRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opListDatalakeExceptions = "ListDatalakeExceptions"
+
+// ListDatalakeExceptionsRequest generates a "aws/request.Request" representing the
+// client's request for the ListDatalakeExceptions operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListDatalakeExceptions for more information on using the ListDatalakeExceptions
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListDatalakeExceptionsRequest method.
+// req, resp := client.ListDatalakeExceptionsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListDatalakeExceptions
+func (c *SecurityLake) ListDatalakeExceptionsRequest(input *ListDatalakeExceptionsInput) (req *request.Request, output *ListDatalakeExceptionsOutput) {
+ op := &request.Operation{
+ Name: opListDatalakeExceptions,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/datalake/exceptions",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxFailures",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListDatalakeExceptionsInput{}
+ }
+
+ output = &ListDatalakeExceptionsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListDatalakeExceptions API operation for Amazon Security Lake.
+//
+// List the Amazon Security Lake exceptions that you can use to find the source
+// of problems and fix them.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation ListDatalakeExceptions for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListDatalakeExceptions
+func (c *SecurityLake) ListDatalakeExceptions(input *ListDatalakeExceptionsInput) (*ListDatalakeExceptionsOutput, error) {
+ req, out := c.ListDatalakeExceptionsRequest(input)
+ return out, req.Send()
+}
+
+// ListDatalakeExceptionsWithContext is the same as ListDatalakeExceptions with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListDatalakeExceptions for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) ListDatalakeExceptionsWithContext(ctx aws.Context, input *ListDatalakeExceptionsInput, opts ...request.Option) (*ListDatalakeExceptionsOutput, error) {
+ req, out := c.ListDatalakeExceptionsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListDatalakeExceptionsPages iterates over the pages of a ListDatalakeExceptions operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListDatalakeExceptions method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListDatalakeExceptions operation.
+// pageNum := 0
+// err := client.ListDatalakeExceptionsPages(params,
+// func(page *securitylake.ListDatalakeExceptionsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SecurityLake) ListDatalakeExceptionsPages(input *ListDatalakeExceptionsInput, fn func(*ListDatalakeExceptionsOutput, bool) bool) error {
+ return c.ListDatalakeExceptionsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListDatalakeExceptionsPagesWithContext same as ListDatalakeExceptionsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) ListDatalakeExceptionsPagesWithContext(ctx aws.Context, input *ListDatalakeExceptionsInput, fn func(*ListDatalakeExceptionsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListDatalakeExceptionsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListDatalakeExceptionsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListDatalakeExceptionsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListLogSources = "ListLogSources"
+
+// ListLogSourcesRequest generates a "aws/request.Request" representing the
+// client's request for the ListLogSources operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListLogSources for more information on using the ListLogSources
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListLogSourcesRequest method.
+// req, resp := client.ListLogSourcesRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListLogSources
+func (c *SecurityLake) ListLogSourcesRequest(input *ListLogSourcesInput) (req *request.Request, output *ListLogSourcesOutput) {
+ op := &request.Operation{
+ Name: opListLogSources,
+ HTTPMethod: "POST",
+ HTTPPath: "/v1/logsources/list",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListLogSourcesInput{}
+ }
+
+ output = &ListLogSourcesOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListLogSources API operation for Amazon Security Lake.
+//
+// Lists the log sources in the current region.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation ListLogSources for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListLogSources
+func (c *SecurityLake) ListLogSources(input *ListLogSourcesInput) (*ListLogSourcesOutput, error) {
+ req, out := c.ListLogSourcesRequest(input)
+ return out, req.Send()
+}
+
+// ListLogSourcesWithContext is the same as ListLogSources with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListLogSources for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) ListLogSourcesWithContext(ctx aws.Context, input *ListLogSourcesInput, opts ...request.Option) (*ListLogSourcesOutput, error) {
+ req, out := c.ListLogSourcesRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListLogSourcesPages iterates over the pages of a ListLogSources operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListLogSources method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListLogSources operation.
+// pageNum := 0
+// err := client.ListLogSourcesPages(params,
+// func(page *securitylake.ListLogSourcesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SecurityLake) ListLogSourcesPages(input *ListLogSourcesInput, fn func(*ListLogSourcesOutput, bool) bool) error {
+ return c.ListLogSourcesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListLogSourcesPagesWithContext same as ListLogSourcesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) ListLogSourcesPagesWithContext(ctx aws.Context, input *ListLogSourcesInput, fn func(*ListLogSourcesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListLogSourcesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListLogSourcesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListLogSourcesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListSubscribers = "ListSubscribers"
+
+// ListSubscribersRequest generates a "aws/request.Request" representing the
+// client's request for the ListSubscribers operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListSubscribers for more information on using the ListSubscribers
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListSubscribersRequest method.
+// req, resp := client.ListSubscribersRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListSubscribers
+func (c *SecurityLake) ListSubscribersRequest(input *ListSubscribersInput) (req *request.Request, output *ListSubscribersOutput) {
+ op := &request.Operation{
+ Name: opListSubscribers,
+ HTTPMethod: "GET",
+ HTTPPath: "/v1/subscribers",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListSubscribersInput{}
+ }
+
+ output = &ListSubscribersOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListSubscribers API operation for Amazon Security Lake.
+//
+// List all subscribers for the specific Security Lake account ID.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation ListSubscribers for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListSubscribers
+func (c *SecurityLake) ListSubscribers(input *ListSubscribersInput) (*ListSubscribersOutput, error) {
+ req, out := c.ListSubscribersRequest(input)
+ return out, req.Send()
+}
+
+// ListSubscribersWithContext is the same as ListSubscribers with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListSubscribers for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) ListSubscribersWithContext(ctx aws.Context, input *ListSubscribersInput, opts ...request.Option) (*ListSubscribersOutput, error) {
+ req, out := c.ListSubscribersRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListSubscribersPages iterates over the pages of a ListSubscribers operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListSubscribers method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListSubscribers operation.
+// pageNum := 0
+// err := client.ListSubscribersPages(params,
+// func(page *securitylake.ListSubscribersOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SecurityLake) ListSubscribersPages(input *ListSubscribersInput, fn func(*ListSubscribersOutput, bool) bool) error {
+ return c.ListSubscribersPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListSubscribersPagesWithContext same as ListSubscribersPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) ListSubscribersPagesWithContext(ctx aws.Context, input *ListSubscribersInput, fn func(*ListSubscribersOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListSubscribersInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListSubscribersRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListSubscribersOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opUpdateDatalake = "UpdateDatalake"
+
+// UpdateDatalakeRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateDatalake operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateDatalake for more information on using the UpdateDatalake
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateDatalakeRequest method.
+// req, resp := client.UpdateDatalakeRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalake
+func (c *SecurityLake) UpdateDatalakeRequest(input *UpdateDatalakeInput) (req *request.Request, output *UpdateDatalakeOutput) {
+ op := &request.Operation{
+ Name: opUpdateDatalake,
+ HTTPMethod: "PUT",
+ HTTPPath: "/v1/datalake",
+ }
+
+ if input == nil {
+ input = &UpdateDatalakeInput{}
+ }
+
+ output = &UpdateDatalakeOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UpdateDatalake API operation for Amazon Security Lake.
+//
+// Amazon Security Lake allows you to specify where to store your security data
+// and for how long. You can specify a rollup Region to consolidate data from
+// multiple regions.
+//
+// You can update the properties of a Region or source. Input can either be
+// directly specified to the API.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation UpdateDatalake for usage and error information.
+//
+// Returned Error Types:
+//
+// - EventBridgeException
+// Represents an error interacting with the Amazon EventBridge service.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalake
+func (c *SecurityLake) UpdateDatalake(input *UpdateDatalakeInput) (*UpdateDatalakeOutput, error) {
+ req, out := c.UpdateDatalakeRequest(input)
+ return out, req.Send()
+}
+
+// UpdateDatalakeWithContext is the same as UpdateDatalake with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateDatalake for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) UpdateDatalakeWithContext(ctx aws.Context, input *UpdateDatalakeInput, opts ...request.Option) (*UpdateDatalakeOutput, error) {
+ req, out := c.UpdateDatalakeRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateDatalakeExceptionsExpiry = "UpdateDatalakeExceptionsExpiry"
+
+// UpdateDatalakeExceptionsExpiryRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateDatalakeExceptionsExpiry operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateDatalakeExceptionsExpiry for more information on using the UpdateDatalakeExceptionsExpiry
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateDatalakeExceptionsExpiryRequest method.
+// req, resp := client.UpdateDatalakeExceptionsExpiryRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalakeExceptionsExpiry
+func (c *SecurityLake) UpdateDatalakeExceptionsExpiryRequest(input *UpdateDatalakeExceptionsExpiryInput) (req *request.Request, output *UpdateDatalakeExceptionsExpiryOutput) {
+ op := &request.Operation{
+ Name: opUpdateDatalakeExceptionsExpiry,
+ HTTPMethod: "PUT",
+ HTTPPath: "/v1/datalake/exceptions/expiry",
+ }
+
+ if input == nil {
+ input = &UpdateDatalakeExceptionsExpiryInput{}
+ }
+
+ output = &UpdateDatalakeExceptionsExpiryOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UpdateDatalakeExceptionsExpiry API operation for Amazon Security Lake.
+//
+// Update the expiration period for the exception message to your preferred
+// time, and control the time-to-live (TTL) for the exception message to remain.
+// Exceptions are stored by default, for a 2 week period of time from when a
+// record was created in Security Lake.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation UpdateDatalakeExceptionsExpiry for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalakeExceptionsExpiry
+func (c *SecurityLake) UpdateDatalakeExceptionsExpiry(input *UpdateDatalakeExceptionsExpiryInput) (*UpdateDatalakeExceptionsExpiryOutput, error) {
+ req, out := c.UpdateDatalakeExceptionsExpiryRequest(input)
+ return out, req.Send()
+}
+
+// UpdateDatalakeExceptionsExpiryWithContext is the same as UpdateDatalakeExceptionsExpiry with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateDatalakeExceptionsExpiry for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) UpdateDatalakeExceptionsExpiryWithContext(ctx aws.Context, input *UpdateDatalakeExceptionsExpiryInput, opts ...request.Option) (*UpdateDatalakeExceptionsExpiryOutput, error) {
+ req, out := c.UpdateDatalakeExceptionsExpiryRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateDatalakeExceptionsSubscription = "UpdateDatalakeExceptionsSubscription"
+
+// UpdateDatalakeExceptionsSubscriptionRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateDatalakeExceptionsSubscription operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateDatalakeExceptionsSubscription for more information on using the UpdateDatalakeExceptionsSubscription
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateDatalakeExceptionsSubscriptionRequest method.
+// req, resp := client.UpdateDatalakeExceptionsSubscriptionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalakeExceptionsSubscription
+func (c *SecurityLake) UpdateDatalakeExceptionsSubscriptionRequest(input *UpdateDatalakeExceptionsSubscriptionInput) (req *request.Request, output *UpdateDatalakeExceptionsSubscriptionOutput) {
+ op := &request.Operation{
+ Name: opUpdateDatalakeExceptionsSubscription,
+ HTTPMethod: "PUT",
+ HTTPPath: "/v1/datalake/exceptions/subscription",
+ }
+
+ if input == nil {
+ input = &UpdateDatalakeExceptionsSubscriptionInput{}
+ }
+
+ output = &UpdateDatalakeExceptionsSubscriptionOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UpdateDatalakeExceptionsSubscription API operation for Amazon Security Lake.
+//
+// Update the subscription notification for exception notification.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation UpdateDatalakeExceptionsSubscription for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalakeExceptionsSubscription
+func (c *SecurityLake) UpdateDatalakeExceptionsSubscription(input *UpdateDatalakeExceptionsSubscriptionInput) (*UpdateDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.UpdateDatalakeExceptionsSubscriptionRequest(input)
+ return out, req.Send()
+}
+
+// UpdateDatalakeExceptionsSubscriptionWithContext is the same as UpdateDatalakeExceptionsSubscription with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateDatalakeExceptionsSubscription for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) UpdateDatalakeExceptionsSubscriptionWithContext(ctx aws.Context, input *UpdateDatalakeExceptionsSubscriptionInput, opts ...request.Option) (*UpdateDatalakeExceptionsSubscriptionOutput, error) {
+ req, out := c.UpdateDatalakeExceptionsSubscriptionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateSubscriber = "UpdateSubscriber"
+
+// UpdateSubscriberRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateSubscriber operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateSubscriber for more information on using the UpdateSubscriber
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateSubscriberRequest method.
+// req, resp := client.UpdateSubscriberRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateSubscriber
+func (c *SecurityLake) UpdateSubscriberRequest(input *UpdateSubscriberInput) (req *request.Request, output *UpdateSubscriberOutput) {
+ op := &request.Operation{
+ Name: opUpdateSubscriber,
+ HTTPMethod: "PUT",
+ HTTPPath: "/v1/subscribers/{id}",
+ }
+
+ if input == nil {
+ input = &UpdateSubscriberInput{}
+ }
+
+ output = &UpdateSubscriberOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateSubscriber API operation for Amazon Security Lake.
+//
+// Update the subscription permission for the given Security Lake account ID.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation UpdateSubscriber for usage and error information.
+//
+// Returned Error Types:
+//
+// - ConflictSubscriptionException
+// A conflicting subscription exception operation is in progress.
+//
+// - ConcurrentModificationException
+// More than one process tried to modify a resource at the same time.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateSubscriber
+func (c *SecurityLake) UpdateSubscriber(input *UpdateSubscriberInput) (*UpdateSubscriberOutput, error) {
+ req, out := c.UpdateSubscriberRequest(input)
+ return out, req.Send()
+}
+
+// UpdateSubscriberWithContext is the same as UpdateSubscriber with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateSubscriber for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) UpdateSubscriberWithContext(ctx aws.Context, input *UpdateSubscriberInput, opts ...request.Option) (*UpdateSubscriberOutput, error) {
+ req, out := c.UpdateSubscriberRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateSubscriptionNotificationConfiguration = "UpdateSubscriptionNotificationConfiguration"
+
+// UpdateSubscriptionNotificationConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateSubscriptionNotificationConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateSubscriptionNotificationConfiguration for more information on using the UpdateSubscriptionNotificationConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateSubscriptionNotificationConfigurationRequest method.
+// req, resp := client.UpdateSubscriptionNotificationConfigurationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateSubscriptionNotificationConfiguration
+func (c *SecurityLake) UpdateSubscriptionNotificationConfigurationRequest(input *UpdateSubscriptionNotificationConfigurationInput) (req *request.Request, output *UpdateSubscriptionNotificationConfigurationOutput) {
+ op := &request.Operation{
+ Name: opUpdateSubscriptionNotificationConfiguration,
+ HTTPMethod: "PUT",
+ HTTPPath: "/subscription-notifications/{subscriptionId}",
+ }
+
+ if input == nil {
+ input = &UpdateSubscriptionNotificationConfigurationInput{}
+ }
+
+ output = &UpdateSubscriptionNotificationConfigurationOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateSubscriptionNotificationConfiguration API operation for Amazon Security Lake.
+//
+// Create a new subscription notification or add the existing subscription notification
+// setting for the specified subscription ID.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Security Lake's
+// API operation UpdateSubscriptionNotificationConfiguration for usage and error information.
+//
+// Returned Error Types:
+//
+// - ConcurrentModificationException
+// More than one process tried to modify a resource at the same time.
+//
+// - InternalServerException
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+//
+// - ValidationException
+// Your signing certificate could not be validated.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+//
+// - ResourceNotFoundException
+// The resource could not be found.
+//
+// - AccountNotFoundException
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+//
+// - InvalidInputException
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateSubscriptionNotificationConfiguration
+func (c *SecurityLake) UpdateSubscriptionNotificationConfiguration(input *UpdateSubscriptionNotificationConfigurationInput) (*UpdateSubscriptionNotificationConfigurationOutput, error) {
+ req, out := c.UpdateSubscriptionNotificationConfigurationRequest(input)
+ return out, req.Send()
+}
+
+// UpdateSubscriptionNotificationConfigurationWithContext is the same as UpdateSubscriptionNotificationConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateSubscriptionNotificationConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SecurityLake) UpdateSubscriptionNotificationConfigurationWithContext(ctx aws.Context, input *UpdateSubscriptionNotificationConfigurationInput, opts ...request.Option) (*UpdateSubscriptionNotificationConfigurationOutput, error) {
+ req, out := c.UpdateSubscriptionNotificationConfigurationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// You do not have sufficient access to perform this action. Access denied errors
+// appear when Amazon Security Lake explicitly or implicitly denies an authorization
+// request. An explicit denial occurs when a policy contains a Deny statement
+// for the specific Amazon Web Services action. An implicit denial occurs when
+// there is no applicable Deny statement and also no applicable Allow statement.
+type AccessDeniedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) GoString() string {
+ return s.String()
+}
+
+func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
+ return &AccessDeniedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *AccessDeniedException) Code() string {
+ return "AccessDeniedException"
+}
+
+// Message returns the exception's message.
+func (s *AccessDeniedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *AccessDeniedException) OrigErr() error {
+ return nil
+}
+
+func (s *AccessDeniedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *AccessDeniedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *AccessDeniedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Amazon Security Lake can't find an Amazon Web Services account with the accountID
+// that you specified, or the account whose credentials you used to make this
+// request isn't a member of an organization.
+type AccountNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error {
+ return &AccountNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *AccountNotFoundException) Code() string {
+ return "AccountNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *AccountNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *AccountNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *AccountNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *AccountNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *AccountNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Security Lake can collect logs and events from supported Amazon Web Services
+// services and custom sources.
+type AccountSources struct {
+ _ struct{} `type:"structure"`
+
+ // Account ID of the Security Lake account for which logs are collected.
+ //
+ // Account is a required field
+ Account *string `locationName:"account" type:"string" required:"true"`
+
+ // Initializes a new instance of the Event class.
+ EventClass *string `locationName:"eventClass" type:"string" enum:"OcsfEventClass"`
+
+ // Log status for the Security Lake account.
+ LogsStatus []*LogsStatus `locationName:"logsStatus" type:"list"`
+
+ // The supported Amazon Web Services services from which logs and events are
+ // collected. Amazon Security Lake supports logs and events collection for natively-supported
+ // Amazon Web Services services. For more information, see the Amazon Security
+ // Lake User Guide.
+ //
+ // SourceType is a required field
+ SourceType *string `locationName:"sourceType" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountSources) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountSources) GoString() string {
+ return s.String()
+}
+
+// SetAccount sets the Account field's value.
+func (s *AccountSources) SetAccount(v string) *AccountSources {
+ s.Account = &v
+ return s
+}
+
+// SetEventClass sets the EventClass field's value.
+func (s *AccountSources) SetEventClass(v string) *AccountSources {
+ s.EventClass = &v
+ return s
+}
+
+// SetLogsStatus sets the LogsStatus field's value.
+func (s *AccountSources) SetLogsStatus(v []*LogsStatus) *AccountSources {
+ s.LogsStatus = v
+ return s
+}
+
+// SetSourceType sets the SourceType field's value.
+func (s *AccountSources) SetSourceType(v string) *AccountSources {
+ s.SourceType = &v
+ return s
+}
+
+// Automatically enable new organization accounts as member accounts from a
+// Security Lake administrator account.
+type AutoEnableNewRegionConfiguration struct {
+ _ struct{} `type:"structure"`
+
+ // The Regions where Security Lake is auto enabled
+ //
+ // Region is a required field
+ Region *string `locationName:"region" type:"string" required:"true" enum:"Region"`
+
+ // The Amazon Web Services sources which are auto enabled in Security Lake.
+ //
+ // Sources is a required field
+ Sources []*string `locationName:"sources" type:"list" required:"true" enum:"AwsLogSourceType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AutoEnableNewRegionConfiguration) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AutoEnableNewRegionConfiguration) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AutoEnableNewRegionConfiguration) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AutoEnableNewRegionConfiguration"}
+ if s.Region == nil {
+ invalidParams.Add(request.NewErrParamRequired("Region"))
+ }
+ if s.Sources == nil {
+ invalidParams.Add(request.NewErrParamRequired("Sources"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetRegion sets the Region field's value.
+func (s *AutoEnableNewRegionConfiguration) SetRegion(v string) *AutoEnableNewRegionConfiguration {
+ s.Region = &v
+ return s
+}
+
+// SetSources sets the Sources field's value.
+func (s *AutoEnableNewRegionConfiguration) SetSources(v []*string) *AutoEnableNewRegionConfiguration {
+ s.Sources = v
+ return s
+}
+
+// Amazon Security Lake generally returns 404 errors if the requested object
+// is missing from the bucket.
+type BucketNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BucketNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BucketNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorBucketNotFoundException(v protocol.ResponseMetadata) error {
+ return &BucketNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *BucketNotFoundException) Code() string {
+ return "BucketNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *BucketNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *BucketNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *BucketNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *BucketNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *BucketNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// More than one process tried to modify a resource at the same time.
+type ConcurrentModificationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConcurrentModificationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConcurrentModificationException) GoString() string {
+ return s.String()
+}
+
+func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error {
+ return &ConcurrentModificationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ConcurrentModificationException) Code() string {
+ return "ConcurrentModificationException"
+}
+
+// Message returns the exception's message.
+func (s *ConcurrentModificationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ConcurrentModificationException) OrigErr() error {
+ return nil
+}
+
+func (s *ConcurrentModificationException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ConcurrentModificationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ConcurrentModificationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Occurs when a conflict with a previous successful write is detected. This
+// generally occurs when the previous write did not have time to propagate to
+// the host serving the current request. A retry (with appropriate backoff logic)
+// is the recommended response to this exception.
+type ConflictException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+
+ // A conflict occurred when prompting for the Resource ID.
+ //
+ // ResourceId is a required field
+ ResourceId *string `locationName:"resourceId" type:"string" required:"true"`
+
+ // The resource type.
+ //
+ // ResourceType is a required field
+ ResourceType *string `locationName:"resourceType" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) GoString() string {
+ return s.String()
+}
+
+func newErrorConflictException(v protocol.ResponseMetadata) error {
+ return &ConflictException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ConflictException) Code() string {
+ return "ConflictException"
+}
+
+// Message returns the exception's message.
+func (s *ConflictException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ConflictException) OrigErr() error {
+ return nil
+}
+
+func (s *ConflictException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ConflictException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ConflictException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// There was a conflict when you attempted to modify a Security Lake source
+// name.
+type ConflictSourceNamesException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictSourceNamesException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictSourceNamesException) GoString() string {
+ return s.String()
+}
+
+func newErrorConflictSourceNamesException(v protocol.ResponseMetadata) error {
+ return &ConflictSourceNamesException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ConflictSourceNamesException) Code() string {
+ return "ConflictSourceNamesException"
+}
+
+// Message returns the exception's message.
+func (s *ConflictSourceNamesException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ConflictSourceNamesException) OrigErr() error {
+ return nil
+}
+
+func (s *ConflictSourceNamesException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ConflictSourceNamesException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ConflictSourceNamesException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// A conflicting subscription exception operation is in progress.
+type ConflictSubscriptionException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictSubscriptionException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictSubscriptionException) GoString() string {
+ return s.String()
+}
+
+func newErrorConflictSubscriptionException(v protocol.ResponseMetadata) error {
+ return &ConflictSubscriptionException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ConflictSubscriptionException) Code() string {
+ return "ConflictSubscriptionException"
+}
+
+// Message returns the exception's message.
+func (s *ConflictSubscriptionException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ConflictSubscriptionException) OrigErr() error {
+ return nil
+}
+
+func (s *ConflictSubscriptionException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ConflictSubscriptionException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ConflictSubscriptionException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type CreateAwsLogSourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // Enables specific sources in all Regions and source types.
+ EnableAllDimensions map[string]map[string][]*string `locationName:"enableAllDimensions" type:"map"`
+
+ // Enables all sources in specific accounts or Regions.
+ EnableSingleDimension []*string `locationName:"enableSingleDimension" type:"list"`
+
+ // Enables specific service sources in specific accounts or Regions.
+ EnableTwoDimensions map[string][]*string `locationName:"enableTwoDimensions" type:"map"`
+
+ // Specifies the input order to enable dimensions in Security Lake, namely region,
+ // source type, and member account.
+ //
+ // InputOrder is a required field
+ InputOrder []*string `locationName:"inputOrder" type:"list" required:"true" enum:"Dimension"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAwsLogSourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAwsLogSourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateAwsLogSourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateAwsLogSourceInput"}
+ if s.InputOrder == nil {
+ invalidParams.Add(request.NewErrParamRequired("InputOrder"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetEnableAllDimensions sets the EnableAllDimensions field's value.
+func (s *CreateAwsLogSourceInput) SetEnableAllDimensions(v map[string]map[string][]*string) *CreateAwsLogSourceInput {
+ s.EnableAllDimensions = v
+ return s
+}
+
+// SetEnableSingleDimension sets the EnableSingleDimension field's value.
+func (s *CreateAwsLogSourceInput) SetEnableSingleDimension(v []*string) *CreateAwsLogSourceInput {
+ s.EnableSingleDimension = v
+ return s
+}
+
+// SetEnableTwoDimensions sets the EnableTwoDimensions field's value.
+func (s *CreateAwsLogSourceInput) SetEnableTwoDimensions(v map[string][]*string) *CreateAwsLogSourceInput {
+ s.EnableTwoDimensions = v
+ return s
+}
+
+// SetInputOrder sets the InputOrder field's value.
+func (s *CreateAwsLogSourceInput) SetInputOrder(v []*string) *CreateAwsLogSourceInput {
+ s.InputOrder = v
+ return s
+}
+
+type CreateAwsLogSourceOutput struct {
+ _ struct{} `type:"structure"`
+
+ // List of all accounts in which enabling a natively-supported Amazon Web Services
+ // service as a Security Lake failed. The failure occurred as these accounts
+ // are not part of an organization.
+ Failed []*string `locationName:"failed" type:"list"`
+
+ // List of all accounts which are in the process of enabling a natively-supported
+ // Amazon Web Services service as a Security Lake.
+ Processing []*string `locationName:"processing" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAwsLogSourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateAwsLogSourceOutput) GoString() string {
+ return s.String()
+}
+
+// SetFailed sets the Failed field's value.
+func (s *CreateAwsLogSourceOutput) SetFailed(v []*string) *CreateAwsLogSourceOutput {
+ s.Failed = v
+ return s
+}
+
+// SetProcessing sets the Processing field's value.
+func (s *CreateAwsLogSourceOutput) SetProcessing(v []*string) *CreateAwsLogSourceOutput {
+ s.Processing = v
+ return s
+}
+
+type CreateCustomLogSourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // The custom source name for a third-party custom source.
+ //
+ // CustomSourceName is a required field
+ CustomSourceName *string `locationName:"customSourceName" type:"string" required:"true"`
+
+ // The Open Cybersecurity Schema Framework (OCSF) event class.
+ //
+ // EventClass is a required field
+ EventClass *string `locationName:"eventClass" type:"string" required:"true" enum:"OcsfEventClass"`
+
+ // The IAM Role ARN to be used by the Glue Crawler. The recommended IAM policies
+ // are:
+ //
+ // * The managed policy AWSGlueServiceRole
+ //
+ // * A custom policy granting access to your S3 Data Lake
+ //
+ // GlueInvocationRoleArn is a required field
+ GlueInvocationRoleArn *string `locationName:"glueInvocationRoleArn" type:"string" required:"true"`
+
+ // The Account ID that will assume the above Role to put logs into the Data
+ // Lake.
+ //
+ // LogProviderAccountId is a required field
+ LogProviderAccountId *string `locationName:"logProviderAccountId" min:"12" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCustomLogSourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCustomLogSourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateCustomLogSourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateCustomLogSourceInput"}
+ if s.CustomSourceName == nil {
+ invalidParams.Add(request.NewErrParamRequired("CustomSourceName"))
+ }
+ if s.EventClass == nil {
+ invalidParams.Add(request.NewErrParamRequired("EventClass"))
+ }
+ if s.GlueInvocationRoleArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("GlueInvocationRoleArn"))
+ }
+ if s.LogProviderAccountId == nil {
+ invalidParams.Add(request.NewErrParamRequired("LogProviderAccountId"))
+ }
+ if s.LogProviderAccountId != nil && len(*s.LogProviderAccountId) < 12 {
+ invalidParams.Add(request.NewErrParamMinLen("LogProviderAccountId", 12))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCustomSourceName sets the CustomSourceName field's value.
+func (s *CreateCustomLogSourceInput) SetCustomSourceName(v string) *CreateCustomLogSourceInput {
+ s.CustomSourceName = &v
+ return s
+}
+
+// SetEventClass sets the EventClass field's value.
+func (s *CreateCustomLogSourceInput) SetEventClass(v string) *CreateCustomLogSourceInput {
+ s.EventClass = &v
+ return s
+}
+
+// SetGlueInvocationRoleArn sets the GlueInvocationRoleArn field's value.
+func (s *CreateCustomLogSourceInput) SetGlueInvocationRoleArn(v string) *CreateCustomLogSourceInput {
+ s.GlueInvocationRoleArn = &v
+ return s
+}
+
+// SetLogProviderAccountId sets the LogProviderAccountId field's value.
+func (s *CreateCustomLogSourceInput) SetLogProviderAccountId(v string) *CreateCustomLogSourceInput {
+ s.LogProviderAccountId = &v
+ return s
+}
+
+type CreateCustomLogSourceOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The location of the partition in the Security Lake S3 bucket.
+ //
+ // CustomDataLocation is a required field
+ CustomDataLocation *string `locationName:"customDataLocation" type:"string" required:"true"`
+
+ // The name of the Glue crawler.
+ //
+ // GlueCrawlerName is a required field
+ GlueCrawlerName *string `locationName:"glueCrawlerName" type:"string" required:"true"`
+
+ // The Glue database where results are written, such as: arn:aws:daylight:us-east-1::database/sometable/*.
+ //
+ // GlueDatabaseName is a required field
+ GlueDatabaseName *string `locationName:"glueDatabaseName" type:"string" required:"true"`
+
+ // The table name of the Glue crawler.
+ //
+ // GlueTableName is a required field
+ GlueTableName *string `locationName:"glueTableName" type:"string" required:"true"`
+
+ // IAM Role ARN to be used by the entity putting logs into your Custom Source
+ // partition. Security Lake will apply the correct access policies to this Role,
+ // but this Role must have the trust policy created manually. This Role's name
+ // must start with the text 'Security Lake'. It must trust the logProviderAccountId
+ // to assume it.
+ //
+ // LogProviderAccessRoleArn is a required field
+ LogProviderAccessRoleArn *string `locationName:"logProviderAccessRoleArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCustomLogSourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateCustomLogSourceOutput) GoString() string {
+ return s.String()
+}
+
+// SetCustomDataLocation sets the CustomDataLocation field's value.
+func (s *CreateCustomLogSourceOutput) SetCustomDataLocation(v string) *CreateCustomLogSourceOutput {
+ s.CustomDataLocation = &v
+ return s
+}
+
+// SetGlueCrawlerName sets the GlueCrawlerName field's value.
+func (s *CreateCustomLogSourceOutput) SetGlueCrawlerName(v string) *CreateCustomLogSourceOutput {
+ s.GlueCrawlerName = &v
+ return s
+}
+
+// SetGlueDatabaseName sets the GlueDatabaseName field's value.
+func (s *CreateCustomLogSourceOutput) SetGlueDatabaseName(v string) *CreateCustomLogSourceOutput {
+ s.GlueDatabaseName = &v
+ return s
+}
+
+// SetGlueTableName sets the GlueTableName field's value.
+func (s *CreateCustomLogSourceOutput) SetGlueTableName(v string) *CreateCustomLogSourceOutput {
+ s.GlueTableName = &v
+ return s
+}
+
+// SetLogProviderAccessRoleArn sets the LogProviderAccessRoleArn field's value.
+func (s *CreateCustomLogSourceOutput) SetLogProviderAccessRoleArn(v string) *CreateCustomLogSourceOutput {
+ s.LogProviderAccessRoleArn = &v
+ return s
+}
+
+type CreateDatalakeAutoEnableInput struct {
+ _ struct{} `type:"structure"`
+
+ // Enable Amazon Security Lake with the specified configurations settings to
+ // begin ingesting security data for new accounts in Security Lake.
+ //
+ // ConfigurationForNewAccounts is a required field
+ ConfigurationForNewAccounts []*AutoEnableNewRegionConfiguration `locationName:"configurationForNewAccounts" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeAutoEnableInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeAutoEnableInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateDatalakeAutoEnableInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateDatalakeAutoEnableInput"}
+ if s.ConfigurationForNewAccounts == nil {
+ invalidParams.Add(request.NewErrParamRequired("ConfigurationForNewAccounts"))
+ }
+ if s.ConfigurationForNewAccounts != nil {
+ for i, v := range s.ConfigurationForNewAccounts {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ConfigurationForNewAccounts", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetConfigurationForNewAccounts sets the ConfigurationForNewAccounts field's value.
+func (s *CreateDatalakeAutoEnableInput) SetConfigurationForNewAccounts(v []*AutoEnableNewRegionConfiguration) *CreateDatalakeAutoEnableInput {
+ s.ConfigurationForNewAccounts = v
+ return s
+}
+
+type CreateDatalakeAutoEnableOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeAutoEnableOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeAutoEnableOutput) GoString() string {
+ return s.String()
+}
+
+type CreateDatalakeDelegatedAdminInput struct {
+ _ struct{} `type:"structure"`
+
+ // Account ID of the Security Lake delegated administrator.
+ //
+ // Account is a required field
+ Account *string `locationName:"account" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeDelegatedAdminInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeDelegatedAdminInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateDatalakeDelegatedAdminInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateDatalakeDelegatedAdminInput"}
+ if s.Account == nil {
+ invalidParams.Add(request.NewErrParamRequired("Account"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccount sets the Account field's value.
+func (s *CreateDatalakeDelegatedAdminInput) SetAccount(v string) *CreateDatalakeDelegatedAdminInput {
+ s.Account = &v
+ return s
+}
+
+type CreateDatalakeDelegatedAdminOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeDelegatedAdminOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeDelegatedAdminOutput) GoString() string {
+ return s.String()
+}
+
+type CreateDatalakeExceptionsSubscriptionInput struct {
+ _ struct{} `type:"structure"`
+
+ // The account in which the exception notifications subscription is created.
+ //
+ // NotificationEndpoint is a required field
+ NotificationEndpoint *string `locationName:"notificationEndpoint" type:"string" required:"true"`
+
+ // The subscription protocol to which exception messages are posted.
+ //
+ // SubscriptionProtocol is a required field
+ SubscriptionProtocol *string `locationName:"subscriptionProtocol" type:"string" required:"true" enum:"SubscriptionProtocolType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeExceptionsSubscriptionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeExceptionsSubscriptionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateDatalakeExceptionsSubscriptionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateDatalakeExceptionsSubscriptionInput"}
+ if s.NotificationEndpoint == nil {
+ invalidParams.Add(request.NewErrParamRequired("NotificationEndpoint"))
+ }
+ if s.SubscriptionProtocol == nil {
+ invalidParams.Add(request.NewErrParamRequired("SubscriptionProtocol"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetNotificationEndpoint sets the NotificationEndpoint field's value.
+func (s *CreateDatalakeExceptionsSubscriptionInput) SetNotificationEndpoint(v string) *CreateDatalakeExceptionsSubscriptionInput {
+ s.NotificationEndpoint = &v
+ return s
+}
+
+// SetSubscriptionProtocol sets the SubscriptionProtocol field's value.
+func (s *CreateDatalakeExceptionsSubscriptionInput) SetSubscriptionProtocol(v string) *CreateDatalakeExceptionsSubscriptionInput {
+ s.SubscriptionProtocol = &v
+ return s
+}
+
+type CreateDatalakeExceptionsSubscriptionOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeExceptionsSubscriptionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeExceptionsSubscriptionOutput) GoString() string {
+ return s.String()
+}
+
+type CreateDatalakeInput struct {
+ _ struct{} `type:"structure"`
+
+ // Enable Security Lake with the specified configurations settings to begin
+ // ingesting security data.
+ Configurations map[string]*LakeConfigurationRequest `locationName:"configurations" type:"map"`
+
+ // Enable Security Lake in all Regions to begin ingesting security data.
+ EnableAll *bool `locationName:"enableAll" type:"boolean"`
+
+ // The Role ARN used to create and update the Glue table with partitions generated
+ // by ingestion and normalization of Amazon Web Services log sources and custom
+ // sources.
+ MetaStoreManagerRoleArn *string `locationName:"metaStoreManagerRoleArn" type:"string"`
+
+ // Enable Security Lake in the specified Regions to begin ingesting security
+ // data. To enable Security Lake in specific Amazon Web Services Regions, such
+ // as us-east-1 or ap-northeast-3, provide the Region codes. For a list of Region
+ // codes, see Region codes (https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints)
+ // in the Amazon Web Services General Reference.
+ Regions []*string `locationName:"regions" type:"list" enum:"Region"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateDatalakeInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateDatalakeInput"}
+ if s.Configurations != nil {
+ for i, v := range s.Configurations {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Configurations", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetConfigurations sets the Configurations field's value.
+func (s *CreateDatalakeInput) SetConfigurations(v map[string]*LakeConfigurationRequest) *CreateDatalakeInput {
+ s.Configurations = v
+ return s
+}
+
+// SetEnableAll sets the EnableAll field's value.
+func (s *CreateDatalakeInput) SetEnableAll(v bool) *CreateDatalakeInput {
+ s.EnableAll = &v
+ return s
+}
+
+// SetMetaStoreManagerRoleArn sets the MetaStoreManagerRoleArn field's value.
+func (s *CreateDatalakeInput) SetMetaStoreManagerRoleArn(v string) *CreateDatalakeInput {
+ s.MetaStoreManagerRoleArn = &v
+ return s
+}
+
+// SetRegions sets the Regions field's value.
+func (s *CreateDatalakeInput) SetRegions(v []*string) *CreateDatalakeInput {
+ s.Regions = v
+ return s
+}
+
+type CreateDatalakeOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateDatalakeOutput) GoString() string {
+ return s.String()
+}
+
+type CreateSubscriberInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon S3 or Lake Formation access type.
+ AccessTypes []*string `locationName:"accessTypes" type:"list" enum:"AccessType"`
+
+ // The third party Amazon Web Services account ID used to access your data.
+ //
+ // AccountId is a required field
+ AccountId *string `locationName:"accountId" min:"12" type:"string" required:"true"`
+
+ // The external ID of the subscriber. External ID allows the user that is assuming
+ // the role to assert the circumstances in which they are operating. It also
+ // provides a way for the account owner to permit the role to be assumed only
+ // under specific circumstances.
+ //
+ // ExternalId is a required field
+ ExternalId *string `locationName:"externalId" type:"string" required:"true"`
+
+ // The supported Amazon Web Services services from which logs and events are
+ // collected. Amazon Security Lake supports logs and events collection for natively-supported
+ // Amazon Web Services services.
+ //
+ // SourceTypes is a required field
+ SourceTypes []*SourceType `locationName:"sourceTypes" type:"list" required:"true"`
+
+ // The subscriber descriptions for the subscriber account in Amazon Security
+ // Lake.
+ SubscriberDescription *string `locationName:"subscriberDescription" type:"string"`
+
+ // The name of your Amazon Security Lake subscriber account.
+ //
+ // SubscriberName is a required field
+ SubscriberName *string `locationName:"subscriberName" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriberInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriberInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateSubscriberInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateSubscriberInput"}
+ if s.AccountId == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccountId"))
+ }
+ if s.AccountId != nil && len(*s.AccountId) < 12 {
+ invalidParams.Add(request.NewErrParamMinLen("AccountId", 12))
+ }
+ if s.ExternalId == nil {
+ invalidParams.Add(request.NewErrParamRequired("ExternalId"))
+ }
+ if s.SourceTypes == nil {
+ invalidParams.Add(request.NewErrParamRequired("SourceTypes"))
+ }
+ if s.SubscriberName == nil {
+ invalidParams.Add(request.NewErrParamRequired("SubscriberName"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessTypes sets the AccessTypes field's value.
+func (s *CreateSubscriberInput) SetAccessTypes(v []*string) *CreateSubscriberInput {
+ s.AccessTypes = v
+ return s
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *CreateSubscriberInput) SetAccountId(v string) *CreateSubscriberInput {
+ s.AccountId = &v
+ return s
+}
+
+// SetExternalId sets the ExternalId field's value.
+func (s *CreateSubscriberInput) SetExternalId(v string) *CreateSubscriberInput {
+ s.ExternalId = &v
+ return s
+}
+
+// SetSourceTypes sets the SourceTypes field's value.
+func (s *CreateSubscriberInput) SetSourceTypes(v []*SourceType) *CreateSubscriberInput {
+ s.SourceTypes = v
+ return s
+}
+
+// SetSubscriberDescription sets the SubscriberDescription field's value.
+func (s *CreateSubscriberInput) SetSubscriberDescription(v string) *CreateSubscriberInput {
+ s.SubscriberDescription = &v
+ return s
+}
+
+// SetSubscriberName sets the SubscriberName field's value.
+func (s *CreateSubscriberInput) SetSubscriberName(v string) *CreateSubscriberInput {
+ s.SubscriberName = &v
+ return s
+}
+
+type CreateSubscriberOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) created by the user to provide to the subscriber.
+ // For more information about ARNs and how to use them in policies, see IAM
+ // identifiers in the IAM User Guide.
+ RoleArn *string `locationName:"roleArn" type:"string"`
+
+ // The Amazon Resource Name (ARN) for the Amazon S3 bucket.
+ S3BucketArn *string `locationName:"s3BucketArn" type:"string"`
+
+ // The Amazon Resource Name (ARN) for the Amazon Simple Notification Service.
+ SnsArn *string `locationName:"snsArn" type:"string"`
+
+ // The subscriptionId that was created by the CreateSubscriber API call.
+ //
+ // SubscriptionId is a required field
+ SubscriptionId *string `locationName:"subscriptionId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriberOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriberOutput) GoString() string {
+ return s.String()
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *CreateSubscriberOutput) SetRoleArn(v string) *CreateSubscriberOutput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetS3BucketArn sets the S3BucketArn field's value.
+func (s *CreateSubscriberOutput) SetS3BucketArn(v string) *CreateSubscriberOutput {
+ s.S3BucketArn = &v
+ return s
+}
+
+// SetSnsArn sets the SnsArn field's value.
+func (s *CreateSubscriberOutput) SetSnsArn(v string) *CreateSubscriberOutput {
+ s.SnsArn = &v
+ return s
+}
+
+// SetSubscriptionId sets the SubscriptionId field's value.
+func (s *CreateSubscriberOutput) SetSubscriptionId(v string) *CreateSubscriberOutput {
+ s.SubscriptionId = &v
+ return s
+}
+
+type CreateSubscriptionNotificationConfigurationInput struct {
+ _ struct{} `type:"structure"`
+
+ // Create a new subscription notification for the specified subscription ID
+ // in Security Lake.
+ CreateSqs *bool `locationName:"createSqs" type:"boolean"`
+
+ // The key name for the subscription notification.
+ HttpsApiKeyName *string `locationName:"httpsApiKeyName" type:"string"`
+
+ // The key value for the subscription notification.
+ HttpsApiKeyValue *string `locationName:"httpsApiKeyValue" type:"string"`
+
+ // The HTTPS method used for the subscription notification.
+ HttpsMethod *string `locationName:"httpsMethod" type:"string" enum:"HttpsMethod"`
+
+ // The Amazon Resource Name (ARN) specifying the role of the subscriber.
+ RoleArn *string `locationName:"roleArn" type:"string"`
+
+ // The subscription endpoint in Security Lake.
+ SubscriptionEndpoint *string `locationName:"subscriptionEndpoint" type:"string"`
+
+ // The subscription ID for which the subscription notification is specified.
+ //
+ // SubscriptionId is a required field
+ SubscriptionId *string `location:"uri" locationName:"subscriptionId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriptionNotificationConfigurationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriptionNotificationConfigurationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateSubscriptionNotificationConfigurationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateSubscriptionNotificationConfigurationInput"}
+ if s.SubscriptionId == nil {
+ invalidParams.Add(request.NewErrParamRequired("SubscriptionId"))
+ }
+ if s.SubscriptionId != nil && len(*s.SubscriptionId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("SubscriptionId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCreateSqs sets the CreateSqs field's value.
+func (s *CreateSubscriptionNotificationConfigurationInput) SetCreateSqs(v bool) *CreateSubscriptionNotificationConfigurationInput {
+ s.CreateSqs = &v
+ return s
+}
+
+// SetHttpsApiKeyName sets the HttpsApiKeyName field's value.
+func (s *CreateSubscriptionNotificationConfigurationInput) SetHttpsApiKeyName(v string) *CreateSubscriptionNotificationConfigurationInput {
+ s.HttpsApiKeyName = &v
+ return s
+}
+
+// SetHttpsApiKeyValue sets the HttpsApiKeyValue field's value.
+func (s *CreateSubscriptionNotificationConfigurationInput) SetHttpsApiKeyValue(v string) *CreateSubscriptionNotificationConfigurationInput {
+ s.HttpsApiKeyValue = &v
+ return s
+}
+
+// SetHttpsMethod sets the HttpsMethod field's value.
+func (s *CreateSubscriptionNotificationConfigurationInput) SetHttpsMethod(v string) *CreateSubscriptionNotificationConfigurationInput {
+ s.HttpsMethod = &v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *CreateSubscriptionNotificationConfigurationInput) SetRoleArn(v string) *CreateSubscriptionNotificationConfigurationInput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetSubscriptionEndpoint sets the SubscriptionEndpoint field's value.
+func (s *CreateSubscriptionNotificationConfigurationInput) SetSubscriptionEndpoint(v string) *CreateSubscriptionNotificationConfigurationInput {
+ s.SubscriptionEndpoint = &v
+ return s
+}
+
+// SetSubscriptionId sets the SubscriptionId field's value.
+func (s *CreateSubscriptionNotificationConfigurationInput) SetSubscriptionId(v string) *CreateSubscriptionNotificationConfigurationInput {
+ s.SubscriptionId = &v
+ return s
+}
+
+type CreateSubscriptionNotificationConfigurationOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Returns the Amazon resource name (ARN) of the queue.
+ QueueArn *string `locationName:"queueArn" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriptionNotificationConfigurationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateSubscriptionNotificationConfigurationOutput) GoString() string {
+ return s.String()
+}
+
+// SetQueueArn sets the QueueArn field's value.
+func (s *CreateSubscriptionNotificationConfigurationOutput) SetQueueArn(v string) *CreateSubscriptionNotificationConfigurationOutput {
+ s.QueueArn = &v
+ return s
+}
+
+type DeleteAwsLogSourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // Removes the specific Amazon Web Services sources from all Regions and source
+ // types.
+ DisableAllDimensions map[string]map[string][]*string `locationName:"disableAllDimensions" type:"map"`
+
+ // Removes all Amazon Web Services sources from specific accounts or Regions.
+ DisableSingleDimension []*string `locationName:"disableSingleDimension" type:"list"`
+
+ // Remove a specific Amazon Web Services source from specific accounts or Regions.
+ DisableTwoDimensions map[string][]*string `locationName:"disableTwoDimensions" type:"map"`
+
+ // This is a mandatory input. Specifies the input order to disable dimensions
+ // in Security Lake, namely Region, source type, and member.
+ //
+ // InputOrder is a required field
+ InputOrder []*string `locationName:"inputOrder" type:"list" required:"true" enum:"Dimension"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAwsLogSourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAwsLogSourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteAwsLogSourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteAwsLogSourceInput"}
+ if s.InputOrder == nil {
+ invalidParams.Add(request.NewErrParamRequired("InputOrder"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDisableAllDimensions sets the DisableAllDimensions field's value.
+func (s *DeleteAwsLogSourceInput) SetDisableAllDimensions(v map[string]map[string][]*string) *DeleteAwsLogSourceInput {
+ s.DisableAllDimensions = v
+ return s
+}
+
+// SetDisableSingleDimension sets the DisableSingleDimension field's value.
+func (s *DeleteAwsLogSourceInput) SetDisableSingleDimension(v []*string) *DeleteAwsLogSourceInput {
+ s.DisableSingleDimension = v
+ return s
+}
+
+// SetDisableTwoDimensions sets the DisableTwoDimensions field's value.
+func (s *DeleteAwsLogSourceInput) SetDisableTwoDimensions(v map[string][]*string) *DeleteAwsLogSourceInput {
+ s.DisableTwoDimensions = v
+ return s
+}
+
+// SetInputOrder sets the InputOrder field's value.
+func (s *DeleteAwsLogSourceInput) SetInputOrder(v []*string) *DeleteAwsLogSourceInput {
+ s.InputOrder = v
+ return s
+}
+
+type DeleteAwsLogSourceOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Deletion of the Amazon Web Services sources failed as the account is not
+ // a part of the organization.
+ Failed []*string `locationName:"failed" type:"list"`
+
+ // Deletion of the Amazon Web Services sources is in-progress.
+ Processing []*string `locationName:"processing" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAwsLogSourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAwsLogSourceOutput) GoString() string {
+ return s.String()
+}
+
+// SetFailed sets the Failed field's value.
+func (s *DeleteAwsLogSourceOutput) SetFailed(v []*string) *DeleteAwsLogSourceOutput {
+ s.Failed = v
+ return s
+}
+
+// SetProcessing sets the Processing field's value.
+func (s *DeleteAwsLogSourceOutput) SetProcessing(v []*string) *DeleteAwsLogSourceOutput {
+ s.Processing = v
+ return s
+}
+
+type DeleteCustomLogSourceInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The custom source name for the custome log source.
+ //
+ // CustomSourceName is a required field
+ CustomSourceName *string `location:"querystring" locationName:"customSourceName" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCustomLogSourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCustomLogSourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteCustomLogSourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteCustomLogSourceInput"}
+ if s.CustomSourceName == nil {
+ invalidParams.Add(request.NewErrParamRequired("CustomSourceName"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCustomSourceName sets the CustomSourceName field's value.
+func (s *DeleteCustomLogSourceInput) SetCustomSourceName(v string) *DeleteCustomLogSourceInput {
+ s.CustomSourceName = &v
+ return s
+}
+
+type DeleteCustomLogSourceOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The location of the partition in the Security Lake S3 bucket.
+ //
+ // CustomDataLocation is a required field
+ CustomDataLocation *string `locationName:"customDataLocation" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCustomLogSourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteCustomLogSourceOutput) GoString() string {
+ return s.String()
+}
+
+// SetCustomDataLocation sets the CustomDataLocation field's value.
+func (s *DeleteCustomLogSourceOutput) SetCustomDataLocation(v string) *DeleteCustomLogSourceOutput {
+ s.CustomDataLocation = &v
+ return s
+}
+
+type DeleteDatalakeAutoEnableInput struct {
+ _ struct{} `type:"structure"`
+
+ // Delete Amazon Security Lake with the specified configurations settings to
+ // stop ingesting security data for new accounts in Security Lake.
+ //
+ // RemoveFromConfigurationForNewAccounts is a required field
+ RemoveFromConfigurationForNewAccounts []*AutoEnableNewRegionConfiguration `locationName:"removeFromConfigurationForNewAccounts" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeAutoEnableInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeAutoEnableInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteDatalakeAutoEnableInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteDatalakeAutoEnableInput"}
+ if s.RemoveFromConfigurationForNewAccounts == nil {
+ invalidParams.Add(request.NewErrParamRequired("RemoveFromConfigurationForNewAccounts"))
+ }
+ if s.RemoveFromConfigurationForNewAccounts != nil {
+ for i, v := range s.RemoveFromConfigurationForNewAccounts {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RemoveFromConfigurationForNewAccounts", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetRemoveFromConfigurationForNewAccounts sets the RemoveFromConfigurationForNewAccounts field's value.
+func (s *DeleteDatalakeAutoEnableInput) SetRemoveFromConfigurationForNewAccounts(v []*AutoEnableNewRegionConfiguration) *DeleteDatalakeAutoEnableInput {
+ s.RemoveFromConfigurationForNewAccounts = v
+ return s
+}
+
+type DeleteDatalakeAutoEnableOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeAutoEnableOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeAutoEnableOutput) GoString() string {
+ return s.String()
+}
+
+type DeleteDatalakeDelegatedAdminInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // Account ID the Security Lake delegated administrator.
+ //
+ // Account is a required field
+ Account *string `location:"uri" locationName:"account" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeDelegatedAdminInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeDelegatedAdminInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteDatalakeDelegatedAdminInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteDatalakeDelegatedAdminInput"}
+ if s.Account == nil {
+ invalidParams.Add(request.NewErrParamRequired("Account"))
+ }
+ if s.Account != nil && len(*s.Account) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Account", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccount sets the Account field's value.
+func (s *DeleteDatalakeDelegatedAdminInput) SetAccount(v string) *DeleteDatalakeDelegatedAdminInput {
+ s.Account = &v
+ return s
+}
+
+type DeleteDatalakeDelegatedAdminOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeDelegatedAdminOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeDelegatedAdminOutput) GoString() string {
+ return s.String()
+}
+
+type DeleteDatalakeExceptionsSubscriptionInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeExceptionsSubscriptionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeExceptionsSubscriptionInput) GoString() string {
+ return s.String()
+}
+
+type DeleteDatalakeExceptionsSubscriptionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Retrieves the status of the delete Security Lake operation for an account.
+ //
+ // Status is a required field
+ Status *string `locationName:"status" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeExceptionsSubscriptionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeExceptionsSubscriptionOutput) GoString() string {
+ return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *DeleteDatalakeExceptionsSubscriptionOutput) SetStatus(v string) *DeleteDatalakeExceptionsSubscriptionOutput {
+ s.Status = &v
+ return s
+}
+
+type DeleteDatalakeInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeInput) GoString() string {
+ return s.String()
+}
+
+type DeleteDatalakeOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteDatalakeOutput) GoString() string {
+ return s.String()
+}
+
+type DeleteSubscriberInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // A value created by Security Lake that uniquely identifies your DeleteSubscriber
+ // API request.
+ //
+ // Id is a required field
+ Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriberInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriberInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteSubscriberInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteSubscriberInput"}
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteSubscriberInput) SetId(v string) *DeleteSubscriberInput {
+ s.Id = &v
+ return s
+}
+
+type DeleteSubscriberOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriberOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriberOutput) GoString() string {
+ return s.String()
+}
+
+type DeleteSubscriptionNotificationConfigurationInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The subscription ID of the Amazon Security Lake subscriber account.
+ //
+ // SubscriptionId is a required field
+ SubscriptionId *string `location:"uri" locationName:"subscriptionId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriptionNotificationConfigurationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriptionNotificationConfigurationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteSubscriptionNotificationConfigurationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteSubscriptionNotificationConfigurationInput"}
+ if s.SubscriptionId == nil {
+ invalidParams.Add(request.NewErrParamRequired("SubscriptionId"))
+ }
+ if s.SubscriptionId != nil && len(*s.SubscriptionId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("SubscriptionId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetSubscriptionId sets the SubscriptionId field's value.
+func (s *DeleteSubscriptionNotificationConfigurationInput) SetSubscriptionId(v string) *DeleteSubscriptionNotificationConfigurationInput {
+ s.SubscriptionId = &v
+ return s
+}
+
+type DeleteSubscriptionNotificationConfigurationOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriptionNotificationConfigurationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSubscriptionNotificationConfigurationOutput) GoString() string {
+ return s.String()
+}
+
+// Represents an error interacting with the Amazon EventBridge service.
+type EventBridgeException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EventBridgeException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EventBridgeException) GoString() string {
+ return s.String()
+}
+
+func newErrorEventBridgeException(v protocol.ResponseMetadata) error {
+ return &EventBridgeException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *EventBridgeException) Code() string {
+ return "EventBridgeException"
+}
+
+// Message returns the exception's message.
+func (s *EventBridgeException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *EventBridgeException) OrigErr() error {
+ return nil
+}
+
+func (s *EventBridgeException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *EventBridgeException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *EventBridgeException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// List of all failures.
+type Failures struct {
+ _ struct{} `type:"structure"`
+
+ // List of all exception messages.
+ //
+ // ExceptionMessage is a required field
+ ExceptionMessage *string `locationName:"exceptionMessage" type:"string" required:"true"`
+
+ // List of all remediation steps for failures.
+ //
+ // Remediation is a required field
+ Remediation *string `locationName:"remediation" type:"string" required:"true"`
+
+ // This error can occur if you configure the wrong timestamp format, or if the
+ // subset of entries used for validation had errors or missing values.
+ //
+ // Timestamp is a required field
+ Timestamp *time.Time `locationName:"timestamp" type:"timestamp" timestampFormat:"iso8601" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Failures) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Failures) GoString() string {
+ return s.String()
+}
+
+// SetExceptionMessage sets the ExceptionMessage field's value.
+func (s *Failures) SetExceptionMessage(v string) *Failures {
+ s.ExceptionMessage = &v
+ return s
+}
+
+// SetRemediation sets the Remediation field's value.
+func (s *Failures) SetRemediation(v string) *Failures {
+ s.Remediation = &v
+ return s
+}
+
+// SetTimestamp sets the Timestamp field's value.
+func (s *Failures) SetTimestamp(v time.Time) *Failures {
+ s.Timestamp = &v
+ return s
+}
+
+// Response element for actions which make changes namely create, update, or
+// delete actions.
+type FailuresResponse struct {
+ _ struct{} `type:"structure"`
+
+ // List of all failures.
+ Failures []*Failures `locationName:"failures" type:"list"`
+
+ // List of Regions where the failure occurred.
+ Region *string `locationName:"region" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FailuresResponse) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FailuresResponse) GoString() string {
+ return s.String()
+}
+
+// SetFailures sets the Failures field's value.
+func (s *FailuresResponse) SetFailures(v []*Failures) *FailuresResponse {
+ s.Failures = v
+ return s
+}
+
+// SetRegion sets the Region field's value.
+func (s *FailuresResponse) SetRegion(v string) *FailuresResponse {
+ s.Region = &v
+ return s
+}
+
+type GetDatalakeAutoEnableInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeAutoEnableInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeAutoEnableInput) GoString() string {
+ return s.String()
+}
+
+type GetDatalakeAutoEnableOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The configuration for new accounts.
+ //
+ // AutoEnableNewAccounts is a required field
+ AutoEnableNewAccounts []*AutoEnableNewRegionConfiguration `locationName:"autoEnableNewAccounts" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeAutoEnableOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeAutoEnableOutput) GoString() string {
+ return s.String()
+}
+
+// SetAutoEnableNewAccounts sets the AutoEnableNewAccounts field's value.
+func (s *GetDatalakeAutoEnableOutput) SetAutoEnableNewAccounts(v []*AutoEnableNewRegionConfiguration) *GetDatalakeAutoEnableOutput {
+ s.AutoEnableNewAccounts = v
+ return s
+}
+
+type GetDatalakeExceptionsExpiryInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsExpiryInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsExpiryInput) GoString() string {
+ return s.String()
+}
+
+type GetDatalakeExceptionsExpiryOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The expiration period and time-to-live (TTL).
+ //
+ // ExceptionMessageExpiry is a required field
+ ExceptionMessageExpiry *int64 `locationName:"exceptionMessageExpiry" type:"long" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsExpiryOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsExpiryOutput) GoString() string {
+ return s.String()
+}
+
+// SetExceptionMessageExpiry sets the ExceptionMessageExpiry field's value.
+func (s *GetDatalakeExceptionsExpiryOutput) SetExceptionMessageExpiry(v int64) *GetDatalakeExceptionsExpiryOutput {
+ s.ExceptionMessageExpiry = &v
+ return s
+}
+
+type GetDatalakeExceptionsSubscriptionInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsSubscriptionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsSubscriptionInput) GoString() string {
+ return s.String()
+}
+
+type GetDatalakeExceptionsSubscriptionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Retrieves the exception notification subscription information.
+ //
+ // ProtocolAndNotificationEndpoint is a required field
+ ProtocolAndNotificationEndpoint *ProtocolAndNotificationEndpoint `locationName:"protocolAndNotificationEndpoint" type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsSubscriptionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeExceptionsSubscriptionOutput) GoString() string {
+ return s.String()
+}
+
+// SetProtocolAndNotificationEndpoint sets the ProtocolAndNotificationEndpoint field's value.
+func (s *GetDatalakeExceptionsSubscriptionOutput) SetProtocolAndNotificationEndpoint(v *ProtocolAndNotificationEndpoint) *GetDatalakeExceptionsSubscriptionOutput {
+ s.ProtocolAndNotificationEndpoint = v
+ return s
+}
+
+type GetDatalakeInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeInput) GoString() string {
+ return s.String()
+}
+
+type GetDatalakeOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Retrieves the Security Lake configuration object.
+ //
+ // Configurations is a required field
+ Configurations map[string]*LakeConfigurationResponse `locationName:"configurations" type:"map" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeOutput) GoString() string {
+ return s.String()
+}
+
+// SetConfigurations sets the Configurations field's value.
+func (s *GetDatalakeOutput) SetConfigurations(v map[string]*LakeConfigurationResponse) *GetDatalakeOutput {
+ s.Configurations = v
+ return s
+}
+
+type GetDatalakeStatusInput struct {
+ _ struct{} `type:"structure"`
+
+ // The account IDs for which a static snapshot of the current Region, including
+ // enabled accounts and log sources is retrieved.
+ AccountSet []*string `locationName:"accountSet" type:"list"`
+
+ // The maximum limit of accounts for which the static snapshot of the current
+ // Region including enabled accounts and log sources is retrieved.
+ MaxAccountResults *int64 `locationName:"maxAccountResults" type:"integer"`
+
+ // If nextToken is returned, there are more results available. The value of
+ // nextToken is a unique pagination token for each page. Make the call again
+ // using the returned token to retrieve the next page. Keep all other arguments
+ // unchanged. Each pagination token expires after 24 hours. Using an expired
+ // pagination token will return an HTTP 400 InvalidToken error.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeStatusInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeStatusInput) GoString() string {
+ return s.String()
+}
+
+// SetAccountSet sets the AccountSet field's value.
+func (s *GetDatalakeStatusInput) SetAccountSet(v []*string) *GetDatalakeStatusInput {
+ s.AccountSet = v
+ return s
+}
+
+// SetMaxAccountResults sets the MaxAccountResults field's value.
+func (s *GetDatalakeStatusInput) SetMaxAccountResults(v int64) *GetDatalakeStatusInput {
+ s.MaxAccountResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *GetDatalakeStatusInput) SetNextToken(v string) *GetDatalakeStatusInput {
+ s.NextToken = &v
+ return s
+}
+
+type GetDatalakeStatusOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The list of enabled accounts and enabled sources.
+ //
+ // AccountSourcesList is a required field
+ AccountSourcesList []*AccountSources `locationName:"accountSourcesList" type:"list" required:"true"`
+
+ // If nextToken is returned, there are more results available. The value of
+ // nextToken is a unique pagination token for each page. Make the call again
+ // using the returned token to retrieve the next page. Keep all other arguments
+ // unchanged. Each pagination token expires after 24 hours. Using an expired
+ // pagination token will return an HTTP 400 InvalidToken error.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeStatusOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetDatalakeStatusOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccountSourcesList sets the AccountSourcesList field's value.
+func (s *GetDatalakeStatusOutput) SetAccountSourcesList(v []*AccountSources) *GetDatalakeStatusOutput {
+ s.AccountSourcesList = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *GetDatalakeStatusOutput) SetNextToken(v string) *GetDatalakeStatusOutput {
+ s.NextToken = &v
+ return s
+}
+
+type GetSubscriberInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // A value created by Security Lake that uniquely identifies your GetSubscriber
+ // API request.
+ //
+ // Id is a required field
+ Id *string `location:"uri" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSubscriberInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSubscriberInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetSubscriberInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetSubscriberInput"}
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetId sets the Id field's value.
+func (s *GetSubscriberInput) SetId(v string) *GetSubscriberInput {
+ s.Id = &v
+ return s
+}
+
+type GetSubscriberOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Subscription information for the specified subscription ID
+ Subscriber *SubscriberResource `locationName:"subscriber" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSubscriberOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSubscriberOutput) GoString() string {
+ return s.String()
+}
+
+// SetSubscriber sets the Subscriber field's value.
+func (s *GetSubscriberOutput) SetSubscriber(v *SubscriberResource) *GetSubscriberOutput {
+ s.Subscriber = v
+ return s
+}
+
+// Internal service exceptions are sometimes caused by transient issues. Before
+// you start troubleshooting, perform the operation again.
+type InternalServerException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+
+ // Retry the request after the specified time.
+ RetryAfterSeconds *int64 `location:"header" locationName:"Retry-After" type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) GoString() string {
+ return s.String()
+}
+
+func newErrorInternalServerException(v protocol.ResponseMetadata) error {
+ return &InternalServerException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InternalServerException) Code() string {
+ return "InternalServerException"
+}
+
+// Message returns the exception's message.
+func (s *InternalServerException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InternalServerException) OrigErr() error {
+ return nil
+}
+
+func (s *InternalServerException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InternalServerException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InternalServerException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request was rejected because an invalid or out-of-range value was supplied
+// for an input parameter.
+type InvalidInputException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidInputException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidInputException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidInputException(v protocol.ResponseMetadata) error {
+ return &InvalidInputException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidInputException) Code() string {
+ return "InvalidInputException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidInputException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidInputException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidInputException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidInputException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidInputException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Provides details of lake configuration object in Amazon Security Lake.
+type LakeConfigurationRequest struct {
+ _ struct{} `type:"structure"`
+
+ // The type of encryption key used by Security Lake to encrypt the lake configuration
+ // object.
+ EncryptionKey *string `locationName:"encryptionKey" type:"string"`
+
+ // Replication enables automatic, asynchronous copying of objects across Amazon
+ // S3 buckets. Amazon S3 buckets that are configured for object replication
+ // can be owned by the same Amazon Web Services account or by different accounts.
+ // You can replicate objects to a single destination bucket or to multiple destination
+ // buckets. The destination buckets can be in different Amazon Web Services
+ // Regions or within the same Region as the source bucket.
+ //
+ // Set up one or more rollup Regions by providing the Region or Regions that
+ // should contribute to the central rollup Region.
+ ReplicationDestinationRegions []*string `locationName:"replicationDestinationRegions" type:"list" enum:"Region"`
+
+ // Replication settings for the Amazon S3 buckets. This parameter uses the IAM
+ // role created by you that is managed by Security Lake, to ensure the replication
+ // setting is correct.
+ ReplicationRoleArn *string `locationName:"replicationRoleArn" type:"string"`
+
+ // Retention settings for the destination Amazon S3 buckets.
+ RetentionSettings []*RetentionSetting `locationName:"retentionSettings" type:"list"`
+
+ // A tag is a label that you assign to an Amazon Web Services resource. Each
+ // tag consists of a key and an optional value, both of which you define.
+ TagsMap map[string]*string `locationName:"tagsMap" type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LakeConfigurationRequest) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LakeConfigurationRequest) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LakeConfigurationRequest) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "LakeConfigurationRequest"}
+ if s.RetentionSettings != nil {
+ for i, v := range s.RetentionSettings {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RetentionSettings", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetEncryptionKey sets the EncryptionKey field's value.
+func (s *LakeConfigurationRequest) SetEncryptionKey(v string) *LakeConfigurationRequest {
+ s.EncryptionKey = &v
+ return s
+}
+
+// SetReplicationDestinationRegions sets the ReplicationDestinationRegions field's value.
+func (s *LakeConfigurationRequest) SetReplicationDestinationRegions(v []*string) *LakeConfigurationRequest {
+ s.ReplicationDestinationRegions = v
+ return s
+}
+
+// SetReplicationRoleArn sets the ReplicationRoleArn field's value.
+func (s *LakeConfigurationRequest) SetReplicationRoleArn(v string) *LakeConfigurationRequest {
+ s.ReplicationRoleArn = &v
+ return s
+}
+
+// SetRetentionSettings sets the RetentionSettings field's value.
+func (s *LakeConfigurationRequest) SetRetentionSettings(v []*RetentionSetting) *LakeConfigurationRequest {
+ s.RetentionSettings = v
+ return s
+}
+
+// SetTagsMap sets the TagsMap field's value.
+func (s *LakeConfigurationRequest) SetTagsMap(v map[string]*string) *LakeConfigurationRequest {
+ s.TagsMap = v
+ return s
+}
+
+// Provides details of lake configuration object in Amazon Security Lake.
+type LakeConfigurationResponse struct {
+ _ struct{} `type:"structure"`
+
+ // The type of encryption key used by Security Lake to encrypt the lake configuration
+ EncryptionKey *string `locationName:"encryptionKey" type:"string"`
+
+ // Replication enables automatic, asynchronous copying of objects across Amazon
+ // S3 buckets. Amazon S3 buckets that are configured for object replication
+ // can be owned by the same AWS account or by different accounts. You can replicate
+ // objects to a single destination bucket or to multiple destination buckets.
+ // The destination buckets can be in different Amazon Web Services Regions or
+ // within the same Region as the source bucket.
+ //
+ // Set up one or more rollup Regions by providing the Region or Regions that
+ // should contribute to the central rollup Region.
+ ReplicationDestinationRegions []*string `locationName:"replicationDestinationRegions" type:"list" enum:"Region"`
+
+ // Replication settings for the Amazon S3 buckets. This parameter uses the IAM
+ // role created by you that is managed by Security Lake, to ensure the replication
+ // setting is correct.
+ ReplicationRoleArn *string `locationName:"replicationRoleArn" type:"string"`
+
+ // Retention settings for the destination Amazon S3 buckets.
+ RetentionSettings []*RetentionSetting `locationName:"retentionSettings" type:"list"`
+
+ // Amazon Resource Names (ARNs) uniquely identify Amazon Web Services resources.
+ // Security Lake requires an ARN when you need to specify a resource unambiguously
+ // across all of Amazon Web Services, such as in IAM policies, Amazon Relational
+ // Database Service (Amazon RDS) tags, and API calls.
+ S3BucketArn *string `locationName:"s3BucketArn" type:"string"`
+
+ // Retrieves the status of the configuration operation for an account in Amazon
+ // Security Lake.
+ Status *string `locationName:"status" type:"string" enum:"SettingsStatus"`
+
+ // A tag is a label that you assign to an Amazon Web Services resource. Each
+ // tag consists of a key and an optional value, both of which you define.
+ TagsMap map[string]*string `locationName:"tagsMap" type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LakeConfigurationResponse) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LakeConfigurationResponse) GoString() string {
+ return s.String()
+}
+
+// SetEncryptionKey sets the EncryptionKey field's value.
+func (s *LakeConfigurationResponse) SetEncryptionKey(v string) *LakeConfigurationResponse {
+ s.EncryptionKey = &v
+ return s
+}
+
+// SetReplicationDestinationRegions sets the ReplicationDestinationRegions field's value.
+func (s *LakeConfigurationResponse) SetReplicationDestinationRegions(v []*string) *LakeConfigurationResponse {
+ s.ReplicationDestinationRegions = v
+ return s
+}
+
+// SetReplicationRoleArn sets the ReplicationRoleArn field's value.
+func (s *LakeConfigurationResponse) SetReplicationRoleArn(v string) *LakeConfigurationResponse {
+ s.ReplicationRoleArn = &v
+ return s
+}
+
+// SetRetentionSettings sets the RetentionSettings field's value.
+func (s *LakeConfigurationResponse) SetRetentionSettings(v []*RetentionSetting) *LakeConfigurationResponse {
+ s.RetentionSettings = v
+ return s
+}
+
+// SetS3BucketArn sets the S3BucketArn field's value.
+func (s *LakeConfigurationResponse) SetS3BucketArn(v string) *LakeConfigurationResponse {
+ s.S3BucketArn = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *LakeConfigurationResponse) SetStatus(v string) *LakeConfigurationResponse {
+ s.Status = &v
+ return s
+}
+
+// SetTagsMap sets the TagsMap field's value.
+func (s *LakeConfigurationResponse) SetTagsMap(v map[string]*string) *LakeConfigurationResponse {
+ s.TagsMap = v
+ return s
+}
+
+type ListDatalakeExceptionsInput struct {
+ _ struct{} `type:"structure"`
+
+ // List the maximum number of failures in Security Lake.
+ MaxFailures *int64 `locationName:"maxFailures" type:"integer"`
+
+ // List if there are more results available. if nextToken is returned, You can
+ // make the call again using the returned token to retrieve the next page
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // List the regions from which exceptions are retrieved.
+ RegionSet []*string `locationName:"regionSet" type:"list" enum:"Region"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListDatalakeExceptionsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListDatalakeExceptionsInput) GoString() string {
+ return s.String()
+}
+
+// SetMaxFailures sets the MaxFailures field's value.
+func (s *ListDatalakeExceptionsInput) SetMaxFailures(v int64) *ListDatalakeExceptionsInput {
+ s.MaxFailures = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListDatalakeExceptionsInput) SetNextToken(v string) *ListDatalakeExceptionsInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetRegionSet sets the RegionSet field's value.
+func (s *ListDatalakeExceptionsInput) SetRegionSet(v []*string) *ListDatalakeExceptionsInput {
+ s.RegionSet = v
+ return s
+}
+
+type ListDatalakeExceptionsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // List if there are more results available. if nextToken is returned, You can
+ // make the call again using the returned token to retrieve the next page
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Lists the non-retryable failures in the current region.
+ //
+ // NonRetryableFailures is a required field
+ NonRetryableFailures []*FailuresResponse `locationName:"nonRetryableFailures" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListDatalakeExceptionsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListDatalakeExceptionsOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListDatalakeExceptionsOutput) SetNextToken(v string) *ListDatalakeExceptionsOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetNonRetryableFailures sets the NonRetryableFailures field's value.
+func (s *ListDatalakeExceptionsOutput) SetNonRetryableFailures(v []*FailuresResponse) *ListDatalakeExceptionsOutput {
+ s.NonRetryableFailures = v
+ return s
+}
+
+type ListLogSourcesInput struct {
+ _ struct{} `type:"structure"`
+
+ // Lists the log sources in input order, namely Region, source type, and member
+ // account.
+ InputOrder []*string `locationName:"inputOrder" type:"list" enum:"Dimension"`
+
+ // List the view of log sources for enabled Security Lake accounts in all Regions
+ // and source types.
+ ListAllDimensions map[string]map[string][]*string `locationName:"listAllDimensions" type:"map"`
+
+ // List the view of log sources for enabled Security Lake accounts for the entire
+ // region.
+ ListSingleDimension []*string `locationName:"listSingleDimension" type:"list"`
+
+ // Lists the log sources for the specified source types in enabled Security
+ // Lake accounts for the entire Region, for selected member accounts.
+ ListTwoDimensions map[string][]*string `locationName:"listTwoDimensions" type:"map"`
+
+ // The maximum number of accounts for which the configuration is displayed.
+ MaxResults *int64 `locationName:"maxResults" type:"integer"`
+
+ // If nextToken is returned, there are more results available. You can make
+ // the call again using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListLogSourcesInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListLogSourcesInput) GoString() string {
+ return s.String()
+}
+
+// SetInputOrder sets the InputOrder field's value.
+func (s *ListLogSourcesInput) SetInputOrder(v []*string) *ListLogSourcesInput {
+ s.InputOrder = v
+ return s
+}
+
+// SetListAllDimensions sets the ListAllDimensions field's value.
+func (s *ListLogSourcesInput) SetListAllDimensions(v map[string]map[string][]*string) *ListLogSourcesInput {
+ s.ListAllDimensions = v
+ return s
+}
+
+// SetListSingleDimension sets the ListSingleDimension field's value.
+func (s *ListLogSourcesInput) SetListSingleDimension(v []*string) *ListLogSourcesInput {
+ s.ListSingleDimension = v
+ return s
+}
+
+// SetListTwoDimensions sets the ListTwoDimensions field's value.
+func (s *ListLogSourcesInput) SetListTwoDimensions(v map[string][]*string) *ListLogSourcesInput {
+ s.ListTwoDimensions = v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListLogSourcesInput) SetMaxResults(v int64) *ListLogSourcesInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListLogSourcesInput) SetNextToken(v string) *ListLogSourcesInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListLogSourcesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // If nextToken is returned, there are more results available. You can make
+ // the call again using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Lists the log sources in the Regions for enabled Security Lake accounts.
+ //
+ // RegionSourceTypesAccountsList is a required field
+ RegionSourceTypesAccountsList []map[string]map[string][]*string `locationName:"regionSourceTypesAccountsList" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListLogSourcesOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListLogSourcesOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListLogSourcesOutput) SetNextToken(v string) *ListLogSourcesOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetRegionSourceTypesAccountsList sets the RegionSourceTypesAccountsList field's value.
+func (s *ListLogSourcesOutput) SetRegionSourceTypesAccountsList(v []map[string]map[string][]*string) *ListLogSourcesOutput {
+ s.RegionSourceTypesAccountsList = v
+ return s
+}
+
+type ListSubscribersInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The maximum number of accounts for which the configuration is displayed.
+ MaxResults *int64 `location:"querystring" locationName:"maxResults" type:"integer"`
+
+ // If nextToken is returned, there are more results available. You can make
+ // the call again using the returned token to retrieve the next page.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSubscribersInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSubscribersInput) GoString() string {
+ return s.String()
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListSubscribersInput) SetMaxResults(v int64) *ListSubscribersInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSubscribersInput) SetNextToken(v string) *ListSubscribersInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListSubscribersOutput struct {
+ _ struct{} `type:"structure"`
+
+ // If nextToken is returned, there are more results available. You can make
+ // the call again using the returned token to retrieve the next page.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // The subscribers available in the specified Security Lake account ID.
+ //
+ // Subscribers is a required field
+ Subscribers []*SubscriberResource `locationName:"subscribers" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSubscribersOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSubscribersOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSubscribersOutput) SetNextToken(v string) *ListSubscribersOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetSubscribers sets the Subscribers field's value.
+func (s *ListSubscribersOutput) SetSubscribers(v []*SubscriberResource) *ListSubscribersOutput {
+ s.Subscribers = v
+ return s
+}
+
+// Log status for the Security Lake account.
+type LogsStatus struct {
+ _ struct{} `type:"structure"`
+
+ // Health status of services including error codes and patterns.
+ //
+ // HealthStatus is a required field
+ HealthStatus *string `locationName:"healthStatus" type:"string" required:"true" enum:"SourceStatus"`
+
+ // Defines path the stored logs are available which has information on your
+ // systems, applications, and services.
+ //
+ // PathToLogs is a required field
+ PathToLogs *string `locationName:"pathToLogs" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogsStatus) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogsStatus) GoString() string {
+ return s.String()
+}
+
+// SetHealthStatus sets the HealthStatus field's value.
+func (s *LogsStatus) SetHealthStatus(v string) *LogsStatus {
+ s.HealthStatus = &v
+ return s
+}
+
+// SetPathToLogs sets the PathToLogs field's value.
+func (s *LogsStatus) SetPathToLogs(v string) *LogsStatus {
+ s.PathToLogs = &v
+ return s
+}
+
+// Notifications in Security Lake which dictates how notifications are posted
+// at the endpoint.
+type ProtocolAndNotificationEndpoint struct {
+ _ struct{} `type:"structure"`
+
+ // The account which is subscribed to receive exception notifications.
+ Endpoint *string `locationName:"endpoint" type:"string"`
+
+ // The protocol to which notification messages are posted.
+ Protocol *string `locationName:"protocol" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProtocolAndNotificationEndpoint) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProtocolAndNotificationEndpoint) GoString() string {
+ return s.String()
+}
+
+// SetEndpoint sets the Endpoint field's value.
+func (s *ProtocolAndNotificationEndpoint) SetEndpoint(v string) *ProtocolAndNotificationEndpoint {
+ s.Endpoint = &v
+ return s
+}
+
+// SetProtocol sets the Protocol field's value.
+func (s *ProtocolAndNotificationEndpoint) SetProtocol(v string) *ProtocolAndNotificationEndpoint {
+ s.Protocol = &v
+ return s
+}
+
+// The resource could not be found.
+type ResourceNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+
+ // The ID of the resource for which the type of resource could not be found.
+ //
+ // ResourceId is a required field
+ ResourceId *string `locationName:"resourceId" type:"string" required:"true"`
+
+ // The type of the resource that could not be found.
+ //
+ // ResourceType is a required field
+ ResourceType *string `locationName:"resourceType" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+ return &ResourceNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ResourceNotFoundException) Code() string {
+ return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *ResourceNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ResourceNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *ResourceNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ResourceNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ResourceNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Retention settings for the destination Amazon S3 buckets in Security Lake.
+type RetentionSetting struct {
+ _ struct{} `type:"structure"`
+
+ // The retention period specifies a fixed period of time during which the Security
+ // Lake object remains locked. You can specify the retention period for one
+ // or more source in days.
+ RetentionPeriod *int64 `locationName:"retentionPeriod" min:"1" type:"integer"`
+
+ // The range of storage classes that you can choose from based on the data access,
+ // resiliency, and cost requirements of your workloads.
+ StorageClass *string `locationName:"storageClass" type:"string" enum:"StorageClass"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RetentionSetting) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RetentionSetting) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RetentionSetting) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "RetentionSetting"}
+ if s.RetentionPeriod != nil && *s.RetentionPeriod < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("RetentionPeriod", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetRetentionPeriod sets the RetentionPeriod field's value.
+func (s *RetentionSetting) SetRetentionPeriod(v int64) *RetentionSetting {
+ s.RetentionPeriod = &v
+ return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *RetentionSetting) SetStorageClass(v string) *RetentionSetting {
+ s.StorageClass = &v
+ return s
+}
+
+// Provides an extension of the AmazonServiceException for errors reported by
+// Amazon S3 while processing a request. In particular, this class provides
+// access to Amazon S3's extended request ID. This ID is required debugging
+// information in the case the user needs to contact Amazon about an issue where
+// Amazon S3 is incorrectly handling a request.
+type S3Exception struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s S3Exception) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s S3Exception) GoString() string {
+ return s.String()
+}
+
+func newErrorS3Exception(v protocol.ResponseMetadata) error {
+ return &S3Exception{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *S3Exception) Code() string {
+ return "S3Exception"
+}
+
+// Message returns the exception's message.
+func (s *S3Exception) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *S3Exception) OrigErr() error {
+ return nil
+}
+
+func (s *S3Exception) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *S3Exception) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *S3Exception) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// You have exceeded your service quota. To perform the requested action, remove
+// some of the relevant resources, or use Service Quotas to request a service
+// quota increase.
+type ServiceQuotaExceededException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+
+ // That the rate of requests to Security Lake is exceeding the request quotas
+ // for your Amazon Web Services account.
+ //
+ // QuotaCode is a required field
+ QuotaCode *string `locationName:"quotaCode" type:"string" required:"true"`
+
+ // The ID of the resource that exceeds the service quota.
+ //
+ // ResourceId is a required field
+ ResourceId *string `locationName:"resourceId" type:"string" required:"true"`
+
+ // The type of the resource that exceeds the service quota.
+ //
+ // ResourceType is a required field
+ ResourceType *string `locationName:"resourceType" type:"string" required:"true"`
+
+ // The code for the service in Service Quotas.
+ //
+ // ServiceCode is a required field
+ ServiceCode *string `locationName:"serviceCode" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceQuotaExceededException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceQuotaExceededException) GoString() string {
+ return s.String()
+}
+
+func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error {
+ return &ServiceQuotaExceededException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ServiceQuotaExceededException) Code() string {
+ return "ServiceQuotaExceededException"
+}
+
+// Message returns the exception's message.
+func (s *ServiceQuotaExceededException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ServiceQuotaExceededException) OrigErr() error {
+ return nil
+}
+
+func (s *ServiceQuotaExceededException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ServiceQuotaExceededException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ServiceQuotaExceededException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The supported source types from which logs and events are collected in Amazon
+// Security Lake.
+type SourceType struct {
+ _ struct{} `type:"structure"`
+
+ // Amazon Security Lake supports logs and events collection for natively-supported
+ // Amazon Web Services services. For more information, see the Amazon Security
+ // Lake User Guide.
+ AwsSourceType *string `locationName:"awsSourceType" type:"string" enum:"AwsLogSourceType"`
+
+ // Amazon Security Lake supports custom source types. For the detailed list,
+ // see the Amazon Security Lake User Guide.
+ CustomSourceType *string `locationName:"customSourceType" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SourceType) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SourceType) GoString() string {
+ return s.String()
+}
+
+// SetAwsSourceType sets the AwsSourceType field's value.
+func (s *SourceType) SetAwsSourceType(v string) *SourceType {
+ s.AwsSourceType = &v
+ return s
+}
+
+// SetCustomSourceType sets the CustomSourceType field's value.
+func (s *SourceType) SetCustomSourceType(v string) *SourceType {
+ s.CustomSourceType = &v
+ return s
+}
+
+// Provides details of the Amazon Security Lake account subscription. Subscribers
+// are notified of new objects for a source as the data is written to your Amazon
+// Security Lake S3 bucket.
+type SubscriberResource struct {
+ _ struct{} `type:"structure"`
+
+ // You can choose to notify subscribers of new objects with an Amazon Simple
+ // Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint
+ // provided by the subscriber.
+ //
+ // Subscribers can consume data by directly querying Lake Formation tables in
+ // your S3 bucket via services like Amazon Athena. This subscription type is
+ // defined as LAKEFORMATION.
+ AccessTypes []*string `locationName:"accessTypes" type:"list" enum:"AccessType"`
+
+ // The Amazon Web Services account ID of the account that you are using to create
+ // your Amazon Security Lake account.
+ //
+ // AccountId is a required field
+ AccountId *string `locationName:"accountId" min:"12" type:"string" required:"true"`
+
+ // The date and time when the subscription was created.
+ CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"`
+
+ // The external ID of the subscriber. External ID allows the user that is assuming
+ // the role to assert the circumstances in which they are operating. It also
+ // provides a way for the account owner to permit the role to be assumed only
+ // under specific circumstances.
+ ExternalId *string `locationName:"externalId" type:"string"`
+
+ // The Amazon Resource Name (ARN) specifying the role of the subscriber.
+ RoleArn *string `locationName:"roleArn" type:"string"`
+
+ // The Amazon Resource Name (ARN) for the Amazon S3 bucket.
+ S3BucketArn *string `locationName:"s3BucketArn" type:"string"`
+
+ // The Amazon Resource Name (ARN) for the Amazon Simple Notification Service.
+ SnsArn *string `locationName:"snsArn" type:"string"`
+
+ // Amazon Security Lake supports logs and events collection for the natively-supported
+ // Amazon Web Services services. For more information, see the Amazon Security
+ // Lake User Guide.
+ //
+ // SourceTypes is a required field
+ SourceTypes []*SourceType `locationName:"sourceTypes" type:"list" required:"true"`
+
+ // The subscriber descriptions for a subscriber account. The description for
+ // a subscriber includes subscriberName, accountID, externalID, and subscriptionId.
+ SubscriberDescription *string `locationName:"subscriberDescription" type:"string"`
+
+ // The name of your Amazon Security Lake subscriber account.
+ SubscriberName *string `locationName:"subscriberName" type:"string"`
+
+ // The subscription endpoint to which exception messages are posted.
+ SubscriptionEndpoint *string `locationName:"subscriptionEndpoint" type:"string"`
+
+ // The subscription ID of the Amazon Security Lake subscriber account.
+ //
+ // SubscriptionId is a required field
+ SubscriptionId *string `locationName:"subscriptionId" type:"string" required:"true"`
+
+ // The subscription protocol to which exception messages are posted.
+ SubscriptionProtocol *string `locationName:"subscriptionProtocol" type:"string" enum:"EndpointProtocol"`
+
+ // Subscription status of the Amazon Security Lake subscriber account.
+ SubscriptionStatus *string `locationName:"subscriptionStatus" type:"string" enum:"SubscriptionStatus"`
+
+ // The date and time when the subscription was created.
+ UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SubscriberResource) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SubscriberResource) GoString() string {
+ return s.String()
+}
+
+// SetAccessTypes sets the AccessTypes field's value.
+func (s *SubscriberResource) SetAccessTypes(v []*string) *SubscriberResource {
+ s.AccessTypes = v
+ return s
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *SubscriberResource) SetAccountId(v string) *SubscriberResource {
+ s.AccountId = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *SubscriberResource) SetCreatedAt(v time.Time) *SubscriberResource {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetExternalId sets the ExternalId field's value.
+func (s *SubscriberResource) SetExternalId(v string) *SubscriberResource {
+ s.ExternalId = &v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *SubscriberResource) SetRoleArn(v string) *SubscriberResource {
+ s.RoleArn = &v
+ return s
+}
+
+// SetS3BucketArn sets the S3BucketArn field's value.
+func (s *SubscriberResource) SetS3BucketArn(v string) *SubscriberResource {
+ s.S3BucketArn = &v
+ return s
+}
+
+// SetSnsArn sets the SnsArn field's value.
+func (s *SubscriberResource) SetSnsArn(v string) *SubscriberResource {
+ s.SnsArn = &v
+ return s
+}
+
+// SetSourceTypes sets the SourceTypes field's value.
+func (s *SubscriberResource) SetSourceTypes(v []*SourceType) *SubscriberResource {
+ s.SourceTypes = v
+ return s
+}
+
+// SetSubscriberDescription sets the SubscriberDescription field's value.
+func (s *SubscriberResource) SetSubscriberDescription(v string) *SubscriberResource {
+ s.SubscriberDescription = &v
+ return s
+}
+
+// SetSubscriberName sets the SubscriberName field's value.
+func (s *SubscriberResource) SetSubscriberName(v string) *SubscriberResource {
+ s.SubscriberName = &v
+ return s
+}
+
+// SetSubscriptionEndpoint sets the SubscriptionEndpoint field's value.
+func (s *SubscriberResource) SetSubscriptionEndpoint(v string) *SubscriberResource {
+ s.SubscriptionEndpoint = &v
+ return s
+}
+
+// SetSubscriptionId sets the SubscriptionId field's value.
+func (s *SubscriberResource) SetSubscriptionId(v string) *SubscriberResource {
+ s.SubscriptionId = &v
+ return s
+}
+
+// SetSubscriptionProtocol sets the SubscriptionProtocol field's value.
+func (s *SubscriberResource) SetSubscriptionProtocol(v string) *SubscriberResource {
+ s.SubscriptionProtocol = &v
+ return s
+}
+
+// SetSubscriptionStatus sets the SubscriptionStatus field's value.
+func (s *SubscriberResource) SetSubscriptionStatus(v string) *SubscriberResource {
+ s.SubscriptionStatus = &v
+ return s
+}
+
+// SetUpdatedAt sets the UpdatedAt field's value.
+func (s *SubscriberResource) SetUpdatedAt(v time.Time) *SubscriberResource {
+ s.UpdatedAt = &v
+ return s
+}
+
+// The limit on the number of requests per second was exceeded.
+type ThrottlingException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+
+ // That the rate of requests to Security Lake is exceeding the request quotas
+ // for your Amazon Web Services account.
+ QuotaCode *string `locationName:"quotaCode" type:"string"`
+
+ // Retry the request after the specified time.
+ RetryAfterSeconds *int64 `location:"header" locationName:"Retry-After" type:"integer"`
+
+ // The code for the service in Service Quotas.
+ ServiceCode *string `locationName:"serviceCode" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ThrottlingException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ThrottlingException) GoString() string {
+ return s.String()
+}
+
+func newErrorThrottlingException(v protocol.ResponseMetadata) error {
+ return &ThrottlingException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ThrottlingException) Code() string {
+ return "ThrottlingException"
+}
+
+// Message returns the exception's message.
+func (s *ThrottlingException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ThrottlingException) OrigErr() error {
+ return nil
+}
+
+func (s *ThrottlingException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ThrottlingException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ThrottlingException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type UpdateDatalakeExceptionsExpiryInput struct {
+ _ struct{} `type:"structure"`
+
+ // The time-to-live (TTL) for the exception message to remain.
+ //
+ // ExceptionMessageExpiry is a required field
+ ExceptionMessageExpiry *int64 `locationName:"exceptionMessageExpiry" min:"1" type:"long" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsExpiryInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsExpiryInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateDatalakeExceptionsExpiryInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateDatalakeExceptionsExpiryInput"}
+ if s.ExceptionMessageExpiry == nil {
+ invalidParams.Add(request.NewErrParamRequired("ExceptionMessageExpiry"))
+ }
+ if s.ExceptionMessageExpiry != nil && *s.ExceptionMessageExpiry < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("ExceptionMessageExpiry", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetExceptionMessageExpiry sets the ExceptionMessageExpiry field's value.
+func (s *UpdateDatalakeExceptionsExpiryInput) SetExceptionMessageExpiry(v int64) *UpdateDatalakeExceptionsExpiryInput {
+ s.ExceptionMessageExpiry = &v
+ return s
+}
+
+type UpdateDatalakeExceptionsExpiryOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsExpiryOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsExpiryOutput) GoString() string {
+ return s.String()
+}
+
+type UpdateDatalakeExceptionsSubscriptionInput struct {
+ _ struct{} `type:"structure"`
+
+ // The account which is subscribed to receive exception notifications.
+ //
+ // NotificationEndpoint is a required field
+ NotificationEndpoint *string `locationName:"notificationEndpoint" type:"string" required:"true"`
+
+ // The subscription protocol to which exception messages are posted.
+ //
+ // SubscriptionProtocol is a required field
+ SubscriptionProtocol *string `locationName:"subscriptionProtocol" type:"string" required:"true" enum:"SubscriptionProtocolType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsSubscriptionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsSubscriptionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateDatalakeExceptionsSubscriptionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateDatalakeExceptionsSubscriptionInput"}
+ if s.NotificationEndpoint == nil {
+ invalidParams.Add(request.NewErrParamRequired("NotificationEndpoint"))
+ }
+ if s.SubscriptionProtocol == nil {
+ invalidParams.Add(request.NewErrParamRequired("SubscriptionProtocol"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetNotificationEndpoint sets the NotificationEndpoint field's value.
+func (s *UpdateDatalakeExceptionsSubscriptionInput) SetNotificationEndpoint(v string) *UpdateDatalakeExceptionsSubscriptionInput {
+ s.NotificationEndpoint = &v
+ return s
+}
+
+// SetSubscriptionProtocol sets the SubscriptionProtocol field's value.
+func (s *UpdateDatalakeExceptionsSubscriptionInput) SetSubscriptionProtocol(v string) *UpdateDatalakeExceptionsSubscriptionInput {
+ s.SubscriptionProtocol = &v
+ return s
+}
+
+type UpdateDatalakeExceptionsSubscriptionOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsSubscriptionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeExceptionsSubscriptionOutput) GoString() string {
+ return s.String()
+}
+
+type UpdateDatalakeInput struct {
+ _ struct{} `type:"structure"`
+
+ // The configuration object
+ //
+ // Configurations is a required field
+ Configurations map[string]*LakeConfigurationRequest `locationName:"configurations" type:"map" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateDatalakeInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateDatalakeInput"}
+ if s.Configurations == nil {
+ invalidParams.Add(request.NewErrParamRequired("Configurations"))
+ }
+ if s.Configurations != nil {
+ for i, v := range s.Configurations {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Configurations", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetConfigurations sets the Configurations field's value.
+func (s *UpdateDatalakeInput) SetConfigurations(v map[string]*LakeConfigurationRequest) *UpdateDatalakeInput {
+ s.Configurations = v
+ return s
+}
+
+type UpdateDatalakeOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateDatalakeOutput) GoString() string {
+ return s.String()
+}
+
+type UpdateSubscriberInput struct {
+ _ struct{} `type:"structure"`
+
+ // External ID of the Security Lake account.
+ ExternalId *string `locationName:"externalId" type:"string"`
+
+ // A value created by Security Lake that uniquely identifies your UpdateSubscriber
+ // API request.
+ //
+ // Id is a required field
+ Id *string `location:"uri" locationName:"id" type:"string" required:"true"`
+
+ // The supported Amazon Web Services services from which logs and events are
+ // collected. Amazon Security Lake supports logs and events collection for the
+ // following natively-supported Amazon Web Services services. For more information,
+ // see the Amazon Security Lake User Guide.
+ SourceTypes []*SourceType `locationName:"sourceTypes" type:"list"`
+
+ // Description of the Security Lake account subscriber.
+ SubscriberDescription *string `locationName:"subscriberDescription" type:"string"`
+
+ // Name of the Security Lake account subscriber.
+ SubscriberName *string `locationName:"subscriberName" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriberInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriberInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateSubscriberInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateSubscriberInput"}
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetExternalId sets the ExternalId field's value.
+func (s *UpdateSubscriberInput) SetExternalId(v string) *UpdateSubscriberInput {
+ s.ExternalId = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *UpdateSubscriberInput) SetId(v string) *UpdateSubscriberInput {
+ s.Id = &v
+ return s
+}
+
+// SetSourceTypes sets the SourceTypes field's value.
+func (s *UpdateSubscriberInput) SetSourceTypes(v []*SourceType) *UpdateSubscriberInput {
+ s.SourceTypes = v
+ return s
+}
+
+// SetSubscriberDescription sets the SubscriberDescription field's value.
+func (s *UpdateSubscriberInput) SetSubscriberDescription(v string) *UpdateSubscriberInput {
+ s.SubscriberDescription = &v
+ return s
+}
+
+// SetSubscriberName sets the SubscriberName field's value.
+func (s *UpdateSubscriberInput) SetSubscriberName(v string) *UpdateSubscriberInput {
+ s.SubscriberName = &v
+ return s
+}
+
+type UpdateSubscriberOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The account subscriber in Amazon Security Lake.
+ Subscriber *SubscriberResource `locationName:"subscriber" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriberOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriberOutput) GoString() string {
+ return s.String()
+}
+
+// SetSubscriber sets the Subscriber field's value.
+func (s *UpdateSubscriberOutput) SetSubscriber(v *SubscriberResource) *UpdateSubscriberOutput {
+ s.Subscriber = v
+ return s
+}
+
+type UpdateSubscriptionNotificationConfigurationInput struct {
+ _ struct{} `type:"structure"`
+
+ // Create a new subscription notification for the specified subscription ID
+ // in Security Lake.
+ CreateSqs *bool `locationName:"createSqs" type:"boolean"`
+
+ // The key name for the subscription notification.
+ HttpsApiKeyName *string `locationName:"httpsApiKeyName" type:"string"`
+
+ // The key value for the subscription notification.
+ HttpsApiKeyValue *string `locationName:"httpsApiKeyValue" type:"string"`
+
+ // The HTTPS method used for the subscription notification.
+ HttpsMethod *string `locationName:"httpsMethod" type:"string" enum:"HttpsMethod"`
+
+ // The Amazon Resource Name (ARN) specifying the role of the subscriber.
+ RoleArn *string `locationName:"roleArn" type:"string"`
+
+ // The subscription endpoint in Security Lake.
+ SubscriptionEndpoint *string `locationName:"subscriptionEndpoint" type:"string"`
+
+ // The subscription ID for which the subscription notification is specified.
+ //
+ // SubscriptionId is a required field
+ SubscriptionId *string `location:"uri" locationName:"subscriptionId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriptionNotificationConfigurationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriptionNotificationConfigurationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateSubscriptionNotificationConfigurationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateSubscriptionNotificationConfigurationInput"}
+ if s.SubscriptionId == nil {
+ invalidParams.Add(request.NewErrParamRequired("SubscriptionId"))
+ }
+ if s.SubscriptionId != nil && len(*s.SubscriptionId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("SubscriptionId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCreateSqs sets the CreateSqs field's value.
+func (s *UpdateSubscriptionNotificationConfigurationInput) SetCreateSqs(v bool) *UpdateSubscriptionNotificationConfigurationInput {
+ s.CreateSqs = &v
+ return s
+}
+
+// SetHttpsApiKeyName sets the HttpsApiKeyName field's value.
+func (s *UpdateSubscriptionNotificationConfigurationInput) SetHttpsApiKeyName(v string) *UpdateSubscriptionNotificationConfigurationInput {
+ s.HttpsApiKeyName = &v
+ return s
+}
+
+// SetHttpsApiKeyValue sets the HttpsApiKeyValue field's value.
+func (s *UpdateSubscriptionNotificationConfigurationInput) SetHttpsApiKeyValue(v string) *UpdateSubscriptionNotificationConfigurationInput {
+ s.HttpsApiKeyValue = &v
+ return s
+}
+
+// SetHttpsMethod sets the HttpsMethod field's value.
+func (s *UpdateSubscriptionNotificationConfigurationInput) SetHttpsMethod(v string) *UpdateSubscriptionNotificationConfigurationInput {
+ s.HttpsMethod = &v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *UpdateSubscriptionNotificationConfigurationInput) SetRoleArn(v string) *UpdateSubscriptionNotificationConfigurationInput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetSubscriptionEndpoint sets the SubscriptionEndpoint field's value.
+func (s *UpdateSubscriptionNotificationConfigurationInput) SetSubscriptionEndpoint(v string) *UpdateSubscriptionNotificationConfigurationInput {
+ s.SubscriptionEndpoint = &v
+ return s
+}
+
+// SetSubscriptionId sets the SubscriptionId field's value.
+func (s *UpdateSubscriptionNotificationConfigurationInput) SetSubscriptionId(v string) *UpdateSubscriptionNotificationConfigurationInput {
+ s.SubscriptionId = &v
+ return s
+}
+
+type UpdateSubscriptionNotificationConfigurationOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Returns the Amazon resource name (ARN) of the queue.
+ QueueArn *string `locationName:"queueArn" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriptionNotificationConfigurationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateSubscriptionNotificationConfigurationOutput) GoString() string {
+ return s.String()
+}
+
+// SetQueueArn sets the QueueArn field's value.
+func (s *UpdateSubscriptionNotificationConfigurationOutput) SetQueueArn(v string) *UpdateSubscriptionNotificationConfigurationOutput {
+ s.QueueArn = &v
+ return s
+}
+
+// Your signing certificate could not be validated.
+type ValidationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // The list of parameters that failed to validate.
+ FieldList []*ValidationExceptionField `locationName:"fieldList" type:"list"`
+
+ Message_ *string `locationName:"message" type:"string"`
+
+ // The reason for the validation exception.
+ //
+ // Reason is a required field
+ Reason *string `locationName:"reason" type:"string" required:"true" enum:"ValidationExceptionReason"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) GoString() string {
+ return s.String()
+}
+
+func newErrorValidationException(v protocol.ResponseMetadata) error {
+ return &ValidationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ValidationException) Code() string {
+ return "ValidationException"
+}
+
+// Message returns the exception's message.
+func (s *ValidationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ValidationException) OrigErr() error {
+ return nil
+}
+
+func (s *ValidationException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ValidationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ValidationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The input fails to meet the constraints specified in Amazon Security Lake
+type ValidationExceptionField struct {
+ _ struct{} `type:"structure"`
+
+ // Describes the error encountered.
+ //
+ // Message is a required field
+ Message *string `locationName:"message" type:"string" required:"true"`
+
+ // Name of the validation exception.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationExceptionField) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationExceptionField) GoString() string {
+ return s.String()
+}
+
+// SetMessage sets the Message field's value.
+func (s *ValidationExceptionField) SetMessage(v string) *ValidationExceptionField {
+ s.Message = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *ValidationExceptionField) SetName(v string) *ValidationExceptionField {
+ s.Name = &v
+ return s
+}
+
+const (
+ // AccessTypeLakeformation is a AccessType enum value
+ AccessTypeLakeformation = "LAKEFORMATION"
+
+ // AccessTypeS3 is a AccessType enum value
+ AccessTypeS3 = "S3"
+)
+
+// AccessType_Values returns all elements of the AccessType enum
+func AccessType_Values() []string {
+ return []string{
+ AccessTypeLakeformation,
+ AccessTypeS3,
+ }
+}
+
+const (
+ // AwsLogSourceTypeRoute53 is a AwsLogSourceType enum value
+ AwsLogSourceTypeRoute53 = "ROUTE53"
+
+ // AwsLogSourceTypeVpcFlow is a AwsLogSourceType enum value
+ AwsLogSourceTypeVpcFlow = "VPC_FLOW"
+
+ // AwsLogSourceTypeCloudTrail is a AwsLogSourceType enum value
+ AwsLogSourceTypeCloudTrail = "CLOUD_TRAIL"
+
+ // AwsLogSourceTypeShFindings is a AwsLogSourceType enum value
+ AwsLogSourceTypeShFindings = "SH_FINDINGS"
+)
+
+// AwsLogSourceType_Values returns all elements of the AwsLogSourceType enum
+func AwsLogSourceType_Values() []string {
+ return []string{
+ AwsLogSourceTypeRoute53,
+ AwsLogSourceTypeVpcFlow,
+ AwsLogSourceTypeCloudTrail,
+ AwsLogSourceTypeShFindings,
+ }
+}
+
+const (
+ // DimensionRegion is a Dimension enum value
+ DimensionRegion = "REGION"
+
+ // DimensionSourceType is a Dimension enum value
+ DimensionSourceType = "SOURCE_TYPE"
+
+ // DimensionMember is a Dimension enum value
+ DimensionMember = "MEMBER"
+)
+
+// Dimension_Values returns all elements of the Dimension enum
+func Dimension_Values() []string {
+ return []string{
+ DimensionRegion,
+ DimensionSourceType,
+ DimensionMember,
+ }
+}
+
+const (
+ // EndpointProtocolHttps is a EndpointProtocol enum value
+ EndpointProtocolHttps = "HTTPS"
+
+ // EndpointProtocolSqs is a EndpointProtocol enum value
+ EndpointProtocolSqs = "SQS"
+)
+
+// EndpointProtocol_Values returns all elements of the EndpointProtocol enum
+func EndpointProtocol_Values() []string {
+ return []string{
+ EndpointProtocolHttps,
+ EndpointProtocolSqs,
+ }
+}
+
+const (
+ // HttpsMethodPost is a HttpsMethod enum value
+ HttpsMethodPost = "POST"
+
+ // HttpsMethodPut is a HttpsMethod enum value
+ HttpsMethodPut = "PUT"
+)
+
+// HttpsMethod_Values returns all elements of the HttpsMethod enum
+func HttpsMethod_Values() []string {
+ return []string{
+ HttpsMethodPost,
+ HttpsMethodPut,
+ }
+}
+
+const (
+ // OcsfEventClassAccessActivity is a OcsfEventClass enum value
+ OcsfEventClassAccessActivity = "ACCESS_ACTIVITY"
+
+ // OcsfEventClassFileActivity is a OcsfEventClass enum value
+ OcsfEventClassFileActivity = "FILE_ACTIVITY"
+
+ // OcsfEventClassKernelActivity is a OcsfEventClass enum value
+ OcsfEventClassKernelActivity = "KERNEL_ACTIVITY"
+
+ // OcsfEventClassKernelExtension is a OcsfEventClass enum value
+ OcsfEventClassKernelExtension = "KERNEL_EXTENSION"
+
+ // OcsfEventClassMemoryActivity is a OcsfEventClass enum value
+ OcsfEventClassMemoryActivity = "MEMORY_ACTIVITY"
+
+ // OcsfEventClassModuleActivity is a OcsfEventClass enum value
+ OcsfEventClassModuleActivity = "MODULE_ACTIVITY"
+
+ // OcsfEventClassProcessActivity is a OcsfEventClass enum value
+ OcsfEventClassProcessActivity = "PROCESS_ACTIVITY"
+
+ // OcsfEventClassRegistryKeyActivity is a OcsfEventClass enum value
+ OcsfEventClassRegistryKeyActivity = "REGISTRY_KEY_ACTIVITY"
+
+ // OcsfEventClassRegistryValueActivity is a OcsfEventClass enum value
+ OcsfEventClassRegistryValueActivity = "REGISTRY_VALUE_ACTIVITY"
+
+ // OcsfEventClassResourceActivity is a OcsfEventClass enum value
+ OcsfEventClassResourceActivity = "RESOURCE_ACTIVITY"
+
+ // OcsfEventClassScheduledJobActivity is a OcsfEventClass enum value
+ OcsfEventClassScheduledJobActivity = "SCHEDULED_JOB_ACTIVITY"
+
+ // OcsfEventClassSecurityFinding is a OcsfEventClass enum value
+ OcsfEventClassSecurityFinding = "SECURITY_FINDING"
+
+ // OcsfEventClassAccountChange is a OcsfEventClass enum value
+ OcsfEventClassAccountChange = "ACCOUNT_CHANGE"
+
+ // OcsfEventClassAuthentication is a OcsfEventClass enum value
+ OcsfEventClassAuthentication = "AUTHENTICATION"
+
+ // OcsfEventClassAuthorization is a OcsfEventClass enum value
+ OcsfEventClassAuthorization = "AUTHORIZATION"
+
+ // OcsfEventClassEntityManagementAudit is a OcsfEventClass enum value
+ OcsfEventClassEntityManagementAudit = "ENTITY_MANAGEMENT_AUDIT"
+
+ // OcsfEventClassDhcpActivity is a OcsfEventClass enum value
+ OcsfEventClassDhcpActivity = "DHCP_ACTIVITY"
+
+ // OcsfEventClassNetworkActivity is a OcsfEventClass enum value
+ OcsfEventClassNetworkActivity = "NETWORK_ACTIVITY"
+
+ // OcsfEventClassDnsActivity is a OcsfEventClass enum value
+ OcsfEventClassDnsActivity = "DNS_ACTIVITY"
+
+ // OcsfEventClassFtpActivity is a OcsfEventClass enum value
+ OcsfEventClassFtpActivity = "FTP_ACTIVITY"
+
+ // OcsfEventClassHttpActivity is a OcsfEventClass enum value
+ OcsfEventClassHttpActivity = "HTTP_ACTIVITY"
+
+ // OcsfEventClassRdpActivity is a OcsfEventClass enum value
+ OcsfEventClassRdpActivity = "RDP_ACTIVITY"
+
+ // OcsfEventClassSmbActivity is a OcsfEventClass enum value
+ OcsfEventClassSmbActivity = "SMB_ACTIVITY"
+
+ // OcsfEventClassSshActivity is a OcsfEventClass enum value
+ OcsfEventClassSshActivity = "SSH_ACTIVITY"
+
+ // OcsfEventClassCloudApi is a OcsfEventClass enum value
+ OcsfEventClassCloudApi = "CLOUD_API"
+
+ // OcsfEventClassContainerLifecycle is a OcsfEventClass enum value
+ OcsfEventClassContainerLifecycle = "CONTAINER_LIFECYCLE"
+
+ // OcsfEventClassDatabaseLifecycle is a OcsfEventClass enum value
+ OcsfEventClassDatabaseLifecycle = "DATABASE_LIFECYCLE"
+
+ // OcsfEventClassConfigState is a OcsfEventClass enum value
+ OcsfEventClassConfigState = "CONFIG_STATE"
+
+ // OcsfEventClassCloudStorage is a OcsfEventClass enum value
+ OcsfEventClassCloudStorage = "CLOUD_STORAGE"
+
+ // OcsfEventClassInventoryInfo is a OcsfEventClass enum value
+ OcsfEventClassInventoryInfo = "INVENTORY_INFO"
+
+ // OcsfEventClassRfbActivity is a OcsfEventClass enum value
+ OcsfEventClassRfbActivity = "RFB_ACTIVITY"
+
+ // OcsfEventClassSmtpActivity is a OcsfEventClass enum value
+ OcsfEventClassSmtpActivity = "SMTP_ACTIVITY"
+
+ // OcsfEventClassVirtualMachineActivity is a OcsfEventClass enum value
+ OcsfEventClassVirtualMachineActivity = "VIRTUAL_MACHINE_ACTIVITY"
+)
+
+// OcsfEventClass_Values returns all elements of the OcsfEventClass enum
+func OcsfEventClass_Values() []string {
+ return []string{
+ OcsfEventClassAccessActivity,
+ OcsfEventClassFileActivity,
+ OcsfEventClassKernelActivity,
+ OcsfEventClassKernelExtension,
+ OcsfEventClassMemoryActivity,
+ OcsfEventClassModuleActivity,
+ OcsfEventClassProcessActivity,
+ OcsfEventClassRegistryKeyActivity,
+ OcsfEventClassRegistryValueActivity,
+ OcsfEventClassResourceActivity,
+ OcsfEventClassScheduledJobActivity,
+ OcsfEventClassSecurityFinding,
+ OcsfEventClassAccountChange,
+ OcsfEventClassAuthentication,
+ OcsfEventClassAuthorization,
+ OcsfEventClassEntityManagementAudit,
+ OcsfEventClassDhcpActivity,
+ OcsfEventClassNetworkActivity,
+ OcsfEventClassDnsActivity,
+ OcsfEventClassFtpActivity,
+ OcsfEventClassHttpActivity,
+ OcsfEventClassRdpActivity,
+ OcsfEventClassSmbActivity,
+ OcsfEventClassSshActivity,
+ OcsfEventClassCloudApi,
+ OcsfEventClassContainerLifecycle,
+ OcsfEventClassDatabaseLifecycle,
+ OcsfEventClassConfigState,
+ OcsfEventClassCloudStorage,
+ OcsfEventClassInventoryInfo,
+ OcsfEventClassRfbActivity,
+ OcsfEventClassSmtpActivity,
+ OcsfEventClassVirtualMachineActivity,
+ }
+}
+
+const (
+ // RegionUsEast1 is a Region enum value
+ RegionUsEast1 = "us-east-1"
+
+ // RegionUsWest2 is a Region enum value
+ RegionUsWest2 = "us-west-2"
+
+ // RegionEuCentral1 is a Region enum value
+ RegionEuCentral1 = "eu-central-1"
+
+ // RegionUsEast2 is a Region enum value
+ RegionUsEast2 = "us-east-2"
+
+ // RegionEuWest1 is a Region enum value
+ RegionEuWest1 = "eu-west-1"
+
+ // RegionApNortheast1 is a Region enum value
+ RegionApNortheast1 = "ap-northeast-1"
+
+ // RegionApSoutheast2 is a Region enum value
+ RegionApSoutheast2 = "ap-southeast-2"
+)
+
+// Region_Values returns all elements of the Region enum
+func Region_Values() []string {
+ return []string{
+ RegionUsEast1,
+ RegionUsWest2,
+ RegionEuCentral1,
+ RegionUsEast2,
+ RegionEuWest1,
+ RegionApNortheast1,
+ RegionApSoutheast2,
+ }
+}
+
+const (
+ // SettingsStatusInitialized is a SettingsStatus enum value
+ SettingsStatusInitialized = "INITIALIZED"
+
+ // SettingsStatusPending is a SettingsStatus enum value
+ SettingsStatusPending = "PENDING"
+
+ // SettingsStatusCompleted is a SettingsStatus enum value
+ SettingsStatusCompleted = "COMPLETED"
+
+ // SettingsStatusFailed is a SettingsStatus enum value
+ SettingsStatusFailed = "FAILED"
+)
+
+// SettingsStatus_Values returns all elements of the SettingsStatus enum
+func SettingsStatus_Values() []string {
+ return []string{
+ SettingsStatusInitialized,
+ SettingsStatusPending,
+ SettingsStatusCompleted,
+ SettingsStatusFailed,
+ }
+}
+
+const (
+ // SourceStatusActive is a SourceStatus enum value
+ SourceStatusActive = "ACTIVE"
+
+ // SourceStatusDeactivated is a SourceStatus enum value
+ SourceStatusDeactivated = "DEACTIVATED"
+
+ // SourceStatusPending is a SourceStatus enum value
+ SourceStatusPending = "PENDING"
+)
+
+// SourceStatus_Values returns all elements of the SourceStatus enum
+func SourceStatus_Values() []string {
+ return []string{
+ SourceStatusActive,
+ SourceStatusDeactivated,
+ SourceStatusPending,
+ }
+}
+
+const (
+ // StorageClassStandardIa is a StorageClass enum value
+ StorageClassStandardIa = "STANDARD_IA"
+
+ // StorageClassOnezoneIa is a StorageClass enum value
+ StorageClassOnezoneIa = "ONEZONE_IA"
+
+ // StorageClassIntelligentTiering is a StorageClass enum value
+ StorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+ // StorageClassGlacierIr is a StorageClass enum value
+ StorageClassGlacierIr = "GLACIER_IR"
+
+ // StorageClassGlacier is a StorageClass enum value
+ StorageClassGlacier = "GLACIER"
+
+ // StorageClassDeepArchive is a StorageClass enum value
+ StorageClassDeepArchive = "DEEP_ARCHIVE"
+
+ // StorageClassExpire is a StorageClass enum value
+ StorageClassExpire = "EXPIRE"
+)
+
+// StorageClass_Values returns all elements of the StorageClass enum
+func StorageClass_Values() []string {
+ return []string{
+ StorageClassStandardIa,
+ StorageClassOnezoneIa,
+ StorageClassIntelligentTiering,
+ StorageClassGlacierIr,
+ StorageClassGlacier,
+ StorageClassDeepArchive,
+ StorageClassExpire,
+ }
+}
+
+const (
+ // SubscriptionProtocolTypeHttp is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeHttp = "HTTP"
+
+ // SubscriptionProtocolTypeHttps is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeHttps = "HTTPS"
+
+ // SubscriptionProtocolTypeEmail is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeEmail = "EMAIL"
+
+ // SubscriptionProtocolTypeEmailJson is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeEmailJson = "EMAIL_JSON"
+
+ // SubscriptionProtocolTypeSms is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeSms = "SMS"
+
+ // SubscriptionProtocolTypeSqs is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeSqs = "SQS"
+
+ // SubscriptionProtocolTypeLambda is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeLambda = "LAMBDA"
+
+ // SubscriptionProtocolTypeApp is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeApp = "APP"
+
+ // SubscriptionProtocolTypeFirehose is a SubscriptionProtocolType enum value
+ SubscriptionProtocolTypeFirehose = "FIREHOSE"
+)
+
+// SubscriptionProtocolType_Values returns all elements of the SubscriptionProtocolType enum
+func SubscriptionProtocolType_Values() []string {
+ return []string{
+ SubscriptionProtocolTypeHttp,
+ SubscriptionProtocolTypeHttps,
+ SubscriptionProtocolTypeEmail,
+ SubscriptionProtocolTypeEmailJson,
+ SubscriptionProtocolTypeSms,
+ SubscriptionProtocolTypeSqs,
+ SubscriptionProtocolTypeLambda,
+ SubscriptionProtocolTypeApp,
+ SubscriptionProtocolTypeFirehose,
+ }
+}
+
+const (
+ // SubscriptionStatusActive is a SubscriptionStatus enum value
+ SubscriptionStatusActive = "ACTIVE"
+
+ // SubscriptionStatusDeactivated is a SubscriptionStatus enum value
+ SubscriptionStatusDeactivated = "DEACTIVATED"
+
+ // SubscriptionStatusPending is a SubscriptionStatus enum value
+ SubscriptionStatusPending = "PENDING"
+
+ // SubscriptionStatusReady is a SubscriptionStatus enum value
+ SubscriptionStatusReady = "READY"
+)
+
+// SubscriptionStatus_Values returns all elements of the SubscriptionStatus enum
+func SubscriptionStatus_Values() []string {
+ return []string{
+ SubscriptionStatusActive,
+ SubscriptionStatusDeactivated,
+ SubscriptionStatusPending,
+ SubscriptionStatusReady,
+ }
+}
+
+const (
+ // ValidationExceptionReasonUnknownOperation is a ValidationExceptionReason enum value
+ ValidationExceptionReasonUnknownOperation = "unknownOperation"
+
+ // ValidationExceptionReasonCannotParse is a ValidationExceptionReason enum value
+ ValidationExceptionReasonCannotParse = "cannotParse"
+
+ // ValidationExceptionReasonFieldValidationFailed is a ValidationExceptionReason enum value
+ ValidationExceptionReasonFieldValidationFailed = "fieldValidationFailed"
+
+ // ValidationExceptionReasonOther is a ValidationExceptionReason enum value
+ ValidationExceptionReasonOther = "other"
+)
+
+// ValidationExceptionReason_Values returns all elements of the ValidationExceptionReason enum
+func ValidationExceptionReason_Values() []string {
+ return []string{
+ ValidationExceptionReasonUnknownOperation,
+ ValidationExceptionReasonCannotParse,
+ ValidationExceptionReasonFieldValidationFailed,
+ ValidationExceptionReasonOther,
+ }
+}
diff --git a/service/securitylake/doc.go b/service/securitylake/doc.go
new file mode 100644
index 0000000000..d4b115c616
--- /dev/null
+++ b/service/securitylake/doc.go
@@ -0,0 +1,50 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package securitylake provides the client and types for making API
+// requests to Amazon Security Lake.
+//
+// Amazon Security Lake is in preview release. Your use of the Amazon Security
+// Lake preview is subject to Section 2 of the Amazon Web Services Service Terms
+// (http://aws.amazon.com/service-terms/)("Betas and Previews").
+//
+// Amazon Security Lake is a fully-managed security data lake service. You can
+// use Security Lake to automatically centralize security data from cloud, on-premises,
+// and custom sources into a data lake that's stored in your account. Security
+// Lake helps you analyze security data, so you can get a more complete understanding
+// of your security posture across the entire organization and improve the protection
+// of your workloads, applications, and data.
+//
+// The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets,
+// and you retain ownership over your data.
+//
+// Security Lake automates the collection of security-related log and event
+// data from integrated Amazon Web Services. and third-party services and manages
+// the lifecycle of data with customizable retention and replication settings.
+// Security Lake also converts ingested data into Apache Parquet format and
+// a standard open-source schema called the Open Cybersecurity Schema Framework
+// (OCSF).
+//
+// Other Amazon Web Services and third-party services can subscribe to the data
+// that's stored in Security Lake for incident response and security data analytics.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10 for more information on this service.
+//
+// See securitylake package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/securitylake/
+//
+// # Using the Client
+//
+// To contact Amazon Security Lake with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Amazon Security Lake client SecurityLake for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/securitylake/#New
+package securitylake
diff --git a/service/securitylake/errors.go b/service/securitylake/errors.go
new file mode 100644
index 0000000000..1bdbd2804f
--- /dev/null
+++ b/service/securitylake/errors.go
@@ -0,0 +1,137 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package securitylake
+
+import (
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+
+ // ErrCodeAccessDeniedException for service response error code
+ // "AccessDeniedException".
+ //
+ // You do not have sufficient access to perform this action. Access denied errors
+ // appear when Amazon Security Lake explicitly or implicitly denies an authorization
+ // request. An explicit denial occurs when a policy contains a Deny statement
+ // for the specific Amazon Web Services action. An implicit denial occurs when
+ // there is no applicable Deny statement and also no applicable Allow statement.
+ ErrCodeAccessDeniedException = "AccessDeniedException"
+
+ // ErrCodeAccountNotFoundException for service response error code
+ // "AccountNotFoundException".
+ //
+ // Amazon Security Lake can't find an Amazon Web Services account with the accountID
+ // that you specified, or the account whose credentials you used to make this
+ // request isn't a member of an organization.
+ ErrCodeAccountNotFoundException = "AccountNotFoundException"
+
+ // ErrCodeBucketNotFoundException for service response error code
+ // "BucketNotFoundException".
+ //
+ // Amazon Security Lake generally returns 404 errors if the requested object
+ // is missing from the bucket.
+ ErrCodeBucketNotFoundException = "BucketNotFoundException"
+
+ // ErrCodeConcurrentModificationException for service response error code
+ // "ConcurrentModificationException".
+ //
+ // More than one process tried to modify a resource at the same time.
+ ErrCodeConcurrentModificationException = "ConcurrentModificationException"
+
+ // ErrCodeConflictException for service response error code
+ // "ConflictException".
+ //
+ // Occurs when a conflict with a previous successful write is detected. This
+ // generally occurs when the previous write did not have time to propagate to
+ // the host serving the current request. A retry (with appropriate backoff logic)
+ // is the recommended response to this exception.
+ ErrCodeConflictException = "ConflictException"
+
+ // ErrCodeConflictSourceNamesException for service response error code
+ // "ConflictSourceNamesException".
+ //
+ // There was a conflict when you attempted to modify a Security Lake source
+ // name.
+ ErrCodeConflictSourceNamesException = "ConflictSourceNamesException"
+
+ // ErrCodeConflictSubscriptionException for service response error code
+ // "ConflictSubscriptionException".
+ //
+ // A conflicting subscription exception operation is in progress.
+ ErrCodeConflictSubscriptionException = "ConflictSubscriptionException"
+
+ // ErrCodeEventBridgeException for service response error code
+ // "EventBridgeException".
+ //
+ // Represents an error interacting with the Amazon EventBridge service.
+ ErrCodeEventBridgeException = "EventBridgeException"
+
+ // ErrCodeInternalServerException for service response error code
+ // "InternalServerException".
+ //
+ // Internal service exceptions are sometimes caused by transient issues. Before
+ // you start troubleshooting, perform the operation again.
+ ErrCodeInternalServerException = "InternalServerException"
+
+ // ErrCodeInvalidInputException for service response error code
+ // "InvalidInputException".
+ //
+ // The request was rejected because an invalid or out-of-range value was supplied
+ // for an input parameter.
+ ErrCodeInvalidInputException = "InvalidInputException"
+
+ // ErrCodeResourceNotFoundException for service response error code
+ // "ResourceNotFoundException".
+ //
+ // The resource could not be found.
+ ErrCodeResourceNotFoundException = "ResourceNotFoundException"
+
+ // ErrCodeS3Exception for service response error code
+ // "S3Exception".
+ //
+ // Provides an extension of the AmazonServiceException for errors reported by
+ // Amazon S3 while processing a request. In particular, this class provides
+ // access to Amazon S3's extended request ID. This ID is required debugging
+ // information in the case the user needs to contact Amazon about an issue where
+ // Amazon S3 is incorrectly handling a request.
+ ErrCodeS3Exception = "S3Exception"
+
+ // ErrCodeServiceQuotaExceededException for service response error code
+ // "ServiceQuotaExceededException".
+ //
+ // You have exceeded your service quota. To perform the requested action, remove
+ // some of the relevant resources, or use Service Quotas to request a service
+ // quota increase.
+ ErrCodeServiceQuotaExceededException = "ServiceQuotaExceededException"
+
+ // ErrCodeThrottlingException for service response error code
+ // "ThrottlingException".
+ //
+ // The limit on the number of requests per second was exceeded.
+ ErrCodeThrottlingException = "ThrottlingException"
+
+ // ErrCodeValidationException for service response error code
+ // "ValidationException".
+ //
+ // Your signing certificate could not be validated.
+ ErrCodeValidationException = "ValidationException"
+)
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+ "AccessDeniedException": newErrorAccessDeniedException,
+ "AccountNotFoundException": newErrorAccountNotFoundException,
+ "BucketNotFoundException": newErrorBucketNotFoundException,
+ "ConcurrentModificationException": newErrorConcurrentModificationException,
+ "ConflictException": newErrorConflictException,
+ "ConflictSourceNamesException": newErrorConflictSourceNamesException,
+ "ConflictSubscriptionException": newErrorConflictSubscriptionException,
+ "EventBridgeException": newErrorEventBridgeException,
+ "InternalServerException": newErrorInternalServerException,
+ "InvalidInputException": newErrorInvalidInputException,
+ "ResourceNotFoundException": newErrorResourceNotFoundException,
+ "S3Exception": newErrorS3Exception,
+ "ServiceQuotaExceededException": newErrorServiceQuotaExceededException,
+ "ThrottlingException": newErrorThrottlingException,
+ "ValidationException": newErrorValidationException,
+}
diff --git a/service/securitylake/securitylakeiface/interface.go b/service/securitylake/securitylakeiface/interface.go
new file mode 100644
index 0000000000..ffebbda844
--- /dev/null
+++ b/service/securitylake/securitylakeiface/interface.go
@@ -0,0 +1,196 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package securitylakeiface provides an interface to enable mocking the Amazon Security Lake service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package securitylakeiface
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/service/securitylake"
+)
+
+// SecurityLakeAPI provides an interface to enable mocking the
+// securitylake.SecurityLake service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+// // myFunc uses an SDK service client to make a request to
+// // Amazon Security Lake.
+// func myFunc(svc securitylakeiface.SecurityLakeAPI) bool {
+// // Make svc.CreateAwsLogSource request
+// }
+//
+// func main() {
+// sess := session.New()
+// svc := securitylake.New(sess)
+//
+// myFunc(svc)
+// }
+//
+// In your _test.go file:
+//
+// // Define a mock struct to be used in your unit tests of myFunc.
+// type mockSecurityLakeClient struct {
+// securitylakeiface.SecurityLakeAPI
+// }
+// func (m *mockSecurityLakeClient) CreateAwsLogSource(input *securitylake.CreateAwsLogSourceInput) (*securitylake.CreateAwsLogSourceOutput, error) {
+// // mock response/functionality
+// }
+//
+// func TestMyFunc(t *testing.T) {
+// // Setup Test
+// mockSvc := &mockSecurityLakeClient{}
+//
+// myfunc(mockSvc)
+//
+// // Verify myFunc's functionality
+// }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type SecurityLakeAPI interface {
+ CreateAwsLogSource(*securitylake.CreateAwsLogSourceInput) (*securitylake.CreateAwsLogSourceOutput, error)
+ CreateAwsLogSourceWithContext(aws.Context, *securitylake.CreateAwsLogSourceInput, ...request.Option) (*securitylake.CreateAwsLogSourceOutput, error)
+ CreateAwsLogSourceRequest(*securitylake.CreateAwsLogSourceInput) (*request.Request, *securitylake.CreateAwsLogSourceOutput)
+
+ CreateCustomLogSource(*securitylake.CreateCustomLogSourceInput) (*securitylake.CreateCustomLogSourceOutput, error)
+ CreateCustomLogSourceWithContext(aws.Context, *securitylake.CreateCustomLogSourceInput, ...request.Option) (*securitylake.CreateCustomLogSourceOutput, error)
+ CreateCustomLogSourceRequest(*securitylake.CreateCustomLogSourceInput) (*request.Request, *securitylake.CreateCustomLogSourceOutput)
+
+ CreateDatalake(*securitylake.CreateDatalakeInput) (*securitylake.CreateDatalakeOutput, error)
+ CreateDatalakeWithContext(aws.Context, *securitylake.CreateDatalakeInput, ...request.Option) (*securitylake.CreateDatalakeOutput, error)
+ CreateDatalakeRequest(*securitylake.CreateDatalakeInput) (*request.Request, *securitylake.CreateDatalakeOutput)
+
+ CreateDatalakeAutoEnable(*securitylake.CreateDatalakeAutoEnableInput) (*securitylake.CreateDatalakeAutoEnableOutput, error)
+ CreateDatalakeAutoEnableWithContext(aws.Context, *securitylake.CreateDatalakeAutoEnableInput, ...request.Option) (*securitylake.CreateDatalakeAutoEnableOutput, error)
+ CreateDatalakeAutoEnableRequest(*securitylake.CreateDatalakeAutoEnableInput) (*request.Request, *securitylake.CreateDatalakeAutoEnableOutput)
+
+ CreateDatalakeDelegatedAdmin(*securitylake.CreateDatalakeDelegatedAdminInput) (*securitylake.CreateDatalakeDelegatedAdminOutput, error)
+ CreateDatalakeDelegatedAdminWithContext(aws.Context, *securitylake.CreateDatalakeDelegatedAdminInput, ...request.Option) (*securitylake.CreateDatalakeDelegatedAdminOutput, error)
+ CreateDatalakeDelegatedAdminRequest(*securitylake.CreateDatalakeDelegatedAdminInput) (*request.Request, *securitylake.CreateDatalakeDelegatedAdminOutput)
+
+ CreateDatalakeExceptionsSubscription(*securitylake.CreateDatalakeExceptionsSubscriptionInput) (*securitylake.CreateDatalakeExceptionsSubscriptionOutput, error)
+ CreateDatalakeExceptionsSubscriptionWithContext(aws.Context, *securitylake.CreateDatalakeExceptionsSubscriptionInput, ...request.Option) (*securitylake.CreateDatalakeExceptionsSubscriptionOutput, error)
+ CreateDatalakeExceptionsSubscriptionRequest(*securitylake.CreateDatalakeExceptionsSubscriptionInput) (*request.Request, *securitylake.CreateDatalakeExceptionsSubscriptionOutput)
+
+ CreateSubscriber(*securitylake.CreateSubscriberInput) (*securitylake.CreateSubscriberOutput, error)
+ CreateSubscriberWithContext(aws.Context, *securitylake.CreateSubscriberInput, ...request.Option) (*securitylake.CreateSubscriberOutput, error)
+ CreateSubscriberRequest(*securitylake.CreateSubscriberInput) (*request.Request, *securitylake.CreateSubscriberOutput)
+
+ CreateSubscriptionNotificationConfiguration(*securitylake.CreateSubscriptionNotificationConfigurationInput) (*securitylake.CreateSubscriptionNotificationConfigurationOutput, error)
+ CreateSubscriptionNotificationConfigurationWithContext(aws.Context, *securitylake.CreateSubscriptionNotificationConfigurationInput, ...request.Option) (*securitylake.CreateSubscriptionNotificationConfigurationOutput, error)
+ CreateSubscriptionNotificationConfigurationRequest(*securitylake.CreateSubscriptionNotificationConfigurationInput) (*request.Request, *securitylake.CreateSubscriptionNotificationConfigurationOutput)
+
+ DeleteAwsLogSource(*securitylake.DeleteAwsLogSourceInput) (*securitylake.DeleteAwsLogSourceOutput, error)
+ DeleteAwsLogSourceWithContext(aws.Context, *securitylake.DeleteAwsLogSourceInput, ...request.Option) (*securitylake.DeleteAwsLogSourceOutput, error)
+ DeleteAwsLogSourceRequest(*securitylake.DeleteAwsLogSourceInput) (*request.Request, *securitylake.DeleteAwsLogSourceOutput)
+
+ DeleteCustomLogSource(*securitylake.DeleteCustomLogSourceInput) (*securitylake.DeleteCustomLogSourceOutput, error)
+ DeleteCustomLogSourceWithContext(aws.Context, *securitylake.DeleteCustomLogSourceInput, ...request.Option) (*securitylake.DeleteCustomLogSourceOutput, error)
+ DeleteCustomLogSourceRequest(*securitylake.DeleteCustomLogSourceInput) (*request.Request, *securitylake.DeleteCustomLogSourceOutput)
+
+ DeleteDatalake(*securitylake.DeleteDatalakeInput) (*securitylake.DeleteDatalakeOutput, error)
+ DeleteDatalakeWithContext(aws.Context, *securitylake.DeleteDatalakeInput, ...request.Option) (*securitylake.DeleteDatalakeOutput, error)
+ DeleteDatalakeRequest(*securitylake.DeleteDatalakeInput) (*request.Request, *securitylake.DeleteDatalakeOutput)
+
+ DeleteDatalakeAutoEnable(*securitylake.DeleteDatalakeAutoEnableInput) (*securitylake.DeleteDatalakeAutoEnableOutput, error)
+ DeleteDatalakeAutoEnableWithContext(aws.Context, *securitylake.DeleteDatalakeAutoEnableInput, ...request.Option) (*securitylake.DeleteDatalakeAutoEnableOutput, error)
+ DeleteDatalakeAutoEnableRequest(*securitylake.DeleteDatalakeAutoEnableInput) (*request.Request, *securitylake.DeleteDatalakeAutoEnableOutput)
+
+ DeleteDatalakeDelegatedAdmin(*securitylake.DeleteDatalakeDelegatedAdminInput) (*securitylake.DeleteDatalakeDelegatedAdminOutput, error)
+ DeleteDatalakeDelegatedAdminWithContext(aws.Context, *securitylake.DeleteDatalakeDelegatedAdminInput, ...request.Option) (*securitylake.DeleteDatalakeDelegatedAdminOutput, error)
+ DeleteDatalakeDelegatedAdminRequest(*securitylake.DeleteDatalakeDelegatedAdminInput) (*request.Request, *securitylake.DeleteDatalakeDelegatedAdminOutput)
+
+ DeleteDatalakeExceptionsSubscription(*securitylake.DeleteDatalakeExceptionsSubscriptionInput) (*securitylake.DeleteDatalakeExceptionsSubscriptionOutput, error)
+ DeleteDatalakeExceptionsSubscriptionWithContext(aws.Context, *securitylake.DeleteDatalakeExceptionsSubscriptionInput, ...request.Option) (*securitylake.DeleteDatalakeExceptionsSubscriptionOutput, error)
+ DeleteDatalakeExceptionsSubscriptionRequest(*securitylake.DeleteDatalakeExceptionsSubscriptionInput) (*request.Request, *securitylake.DeleteDatalakeExceptionsSubscriptionOutput)
+
+ DeleteSubscriber(*securitylake.DeleteSubscriberInput) (*securitylake.DeleteSubscriberOutput, error)
+ DeleteSubscriberWithContext(aws.Context, *securitylake.DeleteSubscriberInput, ...request.Option) (*securitylake.DeleteSubscriberOutput, error)
+ DeleteSubscriberRequest(*securitylake.DeleteSubscriberInput) (*request.Request, *securitylake.DeleteSubscriberOutput)
+
+ DeleteSubscriptionNotificationConfiguration(*securitylake.DeleteSubscriptionNotificationConfigurationInput) (*securitylake.DeleteSubscriptionNotificationConfigurationOutput, error)
+ DeleteSubscriptionNotificationConfigurationWithContext(aws.Context, *securitylake.DeleteSubscriptionNotificationConfigurationInput, ...request.Option) (*securitylake.DeleteSubscriptionNotificationConfigurationOutput, error)
+ DeleteSubscriptionNotificationConfigurationRequest(*securitylake.DeleteSubscriptionNotificationConfigurationInput) (*request.Request, *securitylake.DeleteSubscriptionNotificationConfigurationOutput)
+
+ GetDatalake(*securitylake.GetDatalakeInput) (*securitylake.GetDatalakeOutput, error)
+ GetDatalakeWithContext(aws.Context, *securitylake.GetDatalakeInput, ...request.Option) (*securitylake.GetDatalakeOutput, error)
+ GetDatalakeRequest(*securitylake.GetDatalakeInput) (*request.Request, *securitylake.GetDatalakeOutput)
+
+ GetDatalakeAutoEnable(*securitylake.GetDatalakeAutoEnableInput) (*securitylake.GetDatalakeAutoEnableOutput, error)
+ GetDatalakeAutoEnableWithContext(aws.Context, *securitylake.GetDatalakeAutoEnableInput, ...request.Option) (*securitylake.GetDatalakeAutoEnableOutput, error)
+ GetDatalakeAutoEnableRequest(*securitylake.GetDatalakeAutoEnableInput) (*request.Request, *securitylake.GetDatalakeAutoEnableOutput)
+
+ GetDatalakeExceptionsExpiry(*securitylake.GetDatalakeExceptionsExpiryInput) (*securitylake.GetDatalakeExceptionsExpiryOutput, error)
+ GetDatalakeExceptionsExpiryWithContext(aws.Context, *securitylake.GetDatalakeExceptionsExpiryInput, ...request.Option) (*securitylake.GetDatalakeExceptionsExpiryOutput, error)
+ GetDatalakeExceptionsExpiryRequest(*securitylake.GetDatalakeExceptionsExpiryInput) (*request.Request, *securitylake.GetDatalakeExceptionsExpiryOutput)
+
+ GetDatalakeExceptionsSubscription(*securitylake.GetDatalakeExceptionsSubscriptionInput) (*securitylake.GetDatalakeExceptionsSubscriptionOutput, error)
+ GetDatalakeExceptionsSubscriptionWithContext(aws.Context, *securitylake.GetDatalakeExceptionsSubscriptionInput, ...request.Option) (*securitylake.GetDatalakeExceptionsSubscriptionOutput, error)
+ GetDatalakeExceptionsSubscriptionRequest(*securitylake.GetDatalakeExceptionsSubscriptionInput) (*request.Request, *securitylake.GetDatalakeExceptionsSubscriptionOutput)
+
+ GetDatalakeStatus(*securitylake.GetDatalakeStatusInput) (*securitylake.GetDatalakeStatusOutput, error)
+ GetDatalakeStatusWithContext(aws.Context, *securitylake.GetDatalakeStatusInput, ...request.Option) (*securitylake.GetDatalakeStatusOutput, error)
+ GetDatalakeStatusRequest(*securitylake.GetDatalakeStatusInput) (*request.Request, *securitylake.GetDatalakeStatusOutput)
+
+ GetDatalakeStatusPages(*securitylake.GetDatalakeStatusInput, func(*securitylake.GetDatalakeStatusOutput, bool) bool) error
+ GetDatalakeStatusPagesWithContext(aws.Context, *securitylake.GetDatalakeStatusInput, func(*securitylake.GetDatalakeStatusOutput, bool) bool, ...request.Option) error
+
+ GetSubscriber(*securitylake.GetSubscriberInput) (*securitylake.GetSubscriberOutput, error)
+ GetSubscriberWithContext(aws.Context, *securitylake.GetSubscriberInput, ...request.Option) (*securitylake.GetSubscriberOutput, error)
+ GetSubscriberRequest(*securitylake.GetSubscriberInput) (*request.Request, *securitylake.GetSubscriberOutput)
+
+ ListDatalakeExceptions(*securitylake.ListDatalakeExceptionsInput) (*securitylake.ListDatalakeExceptionsOutput, error)
+ ListDatalakeExceptionsWithContext(aws.Context, *securitylake.ListDatalakeExceptionsInput, ...request.Option) (*securitylake.ListDatalakeExceptionsOutput, error)
+ ListDatalakeExceptionsRequest(*securitylake.ListDatalakeExceptionsInput) (*request.Request, *securitylake.ListDatalakeExceptionsOutput)
+
+ ListDatalakeExceptionsPages(*securitylake.ListDatalakeExceptionsInput, func(*securitylake.ListDatalakeExceptionsOutput, bool) bool) error
+ ListDatalakeExceptionsPagesWithContext(aws.Context, *securitylake.ListDatalakeExceptionsInput, func(*securitylake.ListDatalakeExceptionsOutput, bool) bool, ...request.Option) error
+
+ ListLogSources(*securitylake.ListLogSourcesInput) (*securitylake.ListLogSourcesOutput, error)
+ ListLogSourcesWithContext(aws.Context, *securitylake.ListLogSourcesInput, ...request.Option) (*securitylake.ListLogSourcesOutput, error)
+ ListLogSourcesRequest(*securitylake.ListLogSourcesInput) (*request.Request, *securitylake.ListLogSourcesOutput)
+
+ ListLogSourcesPages(*securitylake.ListLogSourcesInput, func(*securitylake.ListLogSourcesOutput, bool) bool) error
+ ListLogSourcesPagesWithContext(aws.Context, *securitylake.ListLogSourcesInput, func(*securitylake.ListLogSourcesOutput, bool) bool, ...request.Option) error
+
+ ListSubscribers(*securitylake.ListSubscribersInput) (*securitylake.ListSubscribersOutput, error)
+ ListSubscribersWithContext(aws.Context, *securitylake.ListSubscribersInput, ...request.Option) (*securitylake.ListSubscribersOutput, error)
+ ListSubscribersRequest(*securitylake.ListSubscribersInput) (*request.Request, *securitylake.ListSubscribersOutput)
+
+ ListSubscribersPages(*securitylake.ListSubscribersInput, func(*securitylake.ListSubscribersOutput, bool) bool) error
+ ListSubscribersPagesWithContext(aws.Context, *securitylake.ListSubscribersInput, func(*securitylake.ListSubscribersOutput, bool) bool, ...request.Option) error
+
+ UpdateDatalake(*securitylake.UpdateDatalakeInput) (*securitylake.UpdateDatalakeOutput, error)
+ UpdateDatalakeWithContext(aws.Context, *securitylake.UpdateDatalakeInput, ...request.Option) (*securitylake.UpdateDatalakeOutput, error)
+ UpdateDatalakeRequest(*securitylake.UpdateDatalakeInput) (*request.Request, *securitylake.UpdateDatalakeOutput)
+
+ UpdateDatalakeExceptionsExpiry(*securitylake.UpdateDatalakeExceptionsExpiryInput) (*securitylake.UpdateDatalakeExceptionsExpiryOutput, error)
+ UpdateDatalakeExceptionsExpiryWithContext(aws.Context, *securitylake.UpdateDatalakeExceptionsExpiryInput, ...request.Option) (*securitylake.UpdateDatalakeExceptionsExpiryOutput, error)
+ UpdateDatalakeExceptionsExpiryRequest(*securitylake.UpdateDatalakeExceptionsExpiryInput) (*request.Request, *securitylake.UpdateDatalakeExceptionsExpiryOutput)
+
+ UpdateDatalakeExceptionsSubscription(*securitylake.UpdateDatalakeExceptionsSubscriptionInput) (*securitylake.UpdateDatalakeExceptionsSubscriptionOutput, error)
+ UpdateDatalakeExceptionsSubscriptionWithContext(aws.Context, *securitylake.UpdateDatalakeExceptionsSubscriptionInput, ...request.Option) (*securitylake.UpdateDatalakeExceptionsSubscriptionOutput, error)
+ UpdateDatalakeExceptionsSubscriptionRequest(*securitylake.UpdateDatalakeExceptionsSubscriptionInput) (*request.Request, *securitylake.UpdateDatalakeExceptionsSubscriptionOutput)
+
+ UpdateSubscriber(*securitylake.UpdateSubscriberInput) (*securitylake.UpdateSubscriberOutput, error)
+ UpdateSubscriberWithContext(aws.Context, *securitylake.UpdateSubscriberInput, ...request.Option) (*securitylake.UpdateSubscriberOutput, error)
+ UpdateSubscriberRequest(*securitylake.UpdateSubscriberInput) (*request.Request, *securitylake.UpdateSubscriberOutput)
+
+ UpdateSubscriptionNotificationConfiguration(*securitylake.UpdateSubscriptionNotificationConfigurationInput) (*securitylake.UpdateSubscriptionNotificationConfigurationOutput, error)
+ UpdateSubscriptionNotificationConfigurationWithContext(aws.Context, *securitylake.UpdateSubscriptionNotificationConfigurationInput, ...request.Option) (*securitylake.UpdateSubscriptionNotificationConfigurationOutput, error)
+ UpdateSubscriptionNotificationConfigurationRequest(*securitylake.UpdateSubscriptionNotificationConfigurationInput) (*request.Request, *securitylake.UpdateSubscriptionNotificationConfigurationOutput)
+}
+
+var _ SecurityLakeAPI = (*securitylake.SecurityLake)(nil)
diff --git a/service/securitylake/service.go b/service/securitylake/service.go
new file mode 100644
index 0000000000..188841a7d9
--- /dev/null
+++ b/service/securitylake/service.go
@@ -0,0 +1,106 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package securitylake
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+// SecurityLake provides the API operation methods for making requests to
+// Amazon Security Lake. See this package's package overview docs
+// for details on the service.
+//
+// SecurityLake methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type SecurityLake struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "SecurityLake" // Name of service.
+ EndpointsID = "securitylake" // ID to lookup a service endpoint with.
+ ServiceID = "SecurityLake" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the SecurityLake client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a SecurityLake client from just a session.
+// svc := securitylake.New(mySession)
+//
+// // Create a SecurityLake client with additional configuration
+// svc := securitylake.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *SecurityLake {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = "securitylake"
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SecurityLake {
+ svc := &SecurityLake{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2018-05-10",
+ ResolvedRegion: resolvedRegion,
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+ svc.Handlers.Build.PushBackNamed(restjson.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(
+ protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+ )
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a SecurityLake operation and runs any
+// custom request initialization.
+func (c *SecurityLake) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/service/simspaceweaver/api.go b/service/simspaceweaver/api.go
new file mode 100644
index 0000000000..c7c5b3a43a
--- /dev/null
+++ b/service/simspaceweaver/api.go
@@ -0,0 +1,4355 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package simspaceweaver
+
+import (
+ "fmt"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+const opDeleteApp = "DeleteApp"
+
+// DeleteAppRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteApp operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteApp for more information on using the DeleteApp
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteAppRequest method.
+// req, resp := client.DeleteAppRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DeleteApp
+func (c *SimSpaceWeaver) DeleteAppRequest(input *DeleteAppInput) (req *request.Request, output *DeleteAppOutput) {
+ op := &request.Operation{
+ Name: opDeleteApp,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/deleteapp",
+ }
+
+ if input == nil {
+ input = &DeleteAppInput{}
+ }
+
+ output = &DeleteAppOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteApp API operation for AWS SimSpace Weaver.
+//
+// Deletes the instance of the given custom app.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation DeleteApp for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DeleteApp
+func (c *SimSpaceWeaver) DeleteApp(input *DeleteAppInput) (*DeleteAppOutput, error) {
+ req, out := c.DeleteAppRequest(input)
+ return out, req.Send()
+}
+
+// DeleteAppWithContext is the same as DeleteApp with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteApp for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) DeleteAppWithContext(ctx aws.Context, input *DeleteAppInput, opts ...request.Option) (*DeleteAppOutput, error) {
+ req, out := c.DeleteAppRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteSimulation = "DeleteSimulation"
+
+// DeleteSimulationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteSimulation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteSimulation for more information on using the DeleteSimulation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteSimulationRequest method.
+// req, resp := client.DeleteSimulationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DeleteSimulation
+func (c *SimSpaceWeaver) DeleteSimulationRequest(input *DeleteSimulationInput) (req *request.Request, output *DeleteSimulationOutput) {
+ op := &request.Operation{
+ Name: opDeleteSimulation,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/deletesimulation",
+ }
+
+ if input == nil {
+ input = &DeleteSimulationInput{}
+ }
+
+ output = &DeleteSimulationOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteSimulation API operation for AWS SimSpace Weaver.
+//
+// Deletes all SimSpace Weaver resources assigned to the given simulation.
+//
+// Your simulation uses resources in other Amazon Web Services services. This
+// API operation doesn't delete resources in other Amazon Web Services services.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation DeleteSimulation for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DeleteSimulation
+func (c *SimSpaceWeaver) DeleteSimulation(input *DeleteSimulationInput) (*DeleteSimulationOutput, error) {
+ req, out := c.DeleteSimulationRequest(input)
+ return out, req.Send()
+}
+
+// DeleteSimulationWithContext is the same as DeleteSimulation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteSimulation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) DeleteSimulationWithContext(ctx aws.Context, input *DeleteSimulationInput, opts ...request.Option) (*DeleteSimulationOutput, error) {
+ req, out := c.DeleteSimulationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDescribeApp = "DescribeApp"
+
+// DescribeAppRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeApp operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeApp for more information on using the DescribeApp
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DescribeAppRequest method.
+// req, resp := client.DescribeAppRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DescribeApp
+func (c *SimSpaceWeaver) DescribeAppRequest(input *DescribeAppInput) (req *request.Request, output *DescribeAppOutput) {
+ op := &request.Operation{
+ Name: opDescribeApp,
+ HTTPMethod: "GET",
+ HTTPPath: "/describeapp",
+ }
+
+ if input == nil {
+ input = &DescribeAppInput{}
+ }
+
+ output = &DescribeAppOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DescribeApp API operation for AWS SimSpace Weaver.
+//
+// Returns the state of the given custom app.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation DescribeApp for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DescribeApp
+func (c *SimSpaceWeaver) DescribeApp(input *DescribeAppInput) (*DescribeAppOutput, error) {
+ req, out := c.DescribeAppRequest(input)
+ return out, req.Send()
+}
+
+// DescribeAppWithContext is the same as DescribeApp with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeApp for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) DescribeAppWithContext(ctx aws.Context, input *DescribeAppInput, opts ...request.Option) (*DescribeAppOutput, error) {
+ req, out := c.DescribeAppRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDescribeSimulation = "DescribeSimulation"
+
+// DescribeSimulationRequest generates a "aws/request.Request" representing the
+// client's request for the DescribeSimulation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DescribeSimulation for more information on using the DescribeSimulation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DescribeSimulationRequest method.
+// req, resp := client.DescribeSimulationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DescribeSimulation
+func (c *SimSpaceWeaver) DescribeSimulationRequest(input *DescribeSimulationInput) (req *request.Request, output *DescribeSimulationOutput) {
+ op := &request.Operation{
+ Name: opDescribeSimulation,
+ HTTPMethod: "GET",
+ HTTPPath: "/describesimulation",
+ }
+
+ if input == nil {
+ input = &DescribeSimulationInput{}
+ }
+
+ output = &DescribeSimulationOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DescribeSimulation API operation for AWS SimSpace Weaver.
+//
+// Returns the current state of the given simulation.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation DescribeSimulation for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/DescribeSimulation
+func (c *SimSpaceWeaver) DescribeSimulation(input *DescribeSimulationInput) (*DescribeSimulationOutput, error) {
+ req, out := c.DescribeSimulationRequest(input)
+ return out, req.Send()
+}
+
+// DescribeSimulationWithContext is the same as DescribeSimulation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DescribeSimulation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) DescribeSimulationWithContext(ctx aws.Context, input *DescribeSimulationInput, opts ...request.Option) (*DescribeSimulationOutput, error) {
+ req, out := c.DescribeSimulationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opListApps = "ListApps"
+
+// ListAppsRequest generates a "aws/request.Request" representing the
+// client's request for the ListApps operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListApps for more information on using the ListApps
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListAppsRequest method.
+// req, resp := client.ListAppsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/ListApps
+func (c *SimSpaceWeaver) ListAppsRequest(input *ListAppsInput) (req *request.Request, output *ListAppsOutput) {
+ op := &request.Operation{
+ Name: opListApps,
+ HTTPMethod: "GET",
+ HTTPPath: "/listapps",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"NextToken"},
+ OutputTokens: []string{"NextToken"},
+ LimitToken: "MaxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListAppsInput{}
+ }
+
+ output = &ListAppsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListApps API operation for AWS SimSpace Weaver.
+//
+// Lists all custom apps or service apps for the given simulation and domain.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation ListApps for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/ListApps
+func (c *SimSpaceWeaver) ListApps(input *ListAppsInput) (*ListAppsOutput, error) {
+ req, out := c.ListAppsRequest(input)
+ return out, req.Send()
+}
+
+// ListAppsWithContext is the same as ListApps with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListApps for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) ListAppsWithContext(ctx aws.Context, input *ListAppsInput, opts ...request.Option) (*ListAppsOutput, error) {
+ req, out := c.ListAppsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListAppsPages iterates over the pages of a ListApps operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListApps method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListApps operation.
+// pageNum := 0
+// err := client.ListAppsPages(params,
+// func(page *simspaceweaver.ListAppsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SimSpaceWeaver) ListAppsPages(input *ListAppsInput, fn func(*ListAppsOutput, bool) bool) error {
+ return c.ListAppsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListAppsPagesWithContext same as ListAppsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) ListAppsPagesWithContext(ctx aws.Context, input *ListAppsInput, fn func(*ListAppsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListAppsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListAppsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListAppsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListSimulations = "ListSimulations"
+
+// ListSimulationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListSimulations operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListSimulations for more information on using the ListSimulations
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListSimulationsRequest method.
+// req, resp := client.ListSimulationsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/ListSimulations
+func (c *SimSpaceWeaver) ListSimulationsRequest(input *ListSimulationsInput) (req *request.Request, output *ListSimulationsOutput) {
+ op := &request.Operation{
+ Name: opListSimulations,
+ HTTPMethod: "GET",
+ HTTPPath: "/listsimulations",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"NextToken"},
+ OutputTokens: []string{"NextToken"},
+ LimitToken: "MaxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListSimulationsInput{}
+ }
+
+ output = &ListSimulationsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListSimulations API operation for AWS SimSpace Weaver.
+//
+// Lists the SimSpace Weaver simulations in the Amazon Web Services account
+// used to make the API call.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation ListSimulations for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/ListSimulations
+func (c *SimSpaceWeaver) ListSimulations(input *ListSimulationsInput) (*ListSimulationsOutput, error) {
+ req, out := c.ListSimulationsRequest(input)
+ return out, req.Send()
+}
+
+// ListSimulationsWithContext is the same as ListSimulations with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListSimulations for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) ListSimulationsWithContext(ctx aws.Context, input *ListSimulationsInput, opts ...request.Option) (*ListSimulationsOutput, error) {
+ req, out := c.ListSimulationsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListSimulationsPages iterates over the pages of a ListSimulations operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListSimulations method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListSimulations operation.
+// pageNum := 0
+// err := client.ListSimulationsPages(params,
+// func(page *simspaceweaver.ListSimulationsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SimSpaceWeaver) ListSimulationsPages(input *ListSimulationsInput, fn func(*ListSimulationsOutput, bool) bool) error {
+ return c.ListSimulationsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListSimulationsPagesWithContext same as ListSimulationsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) ListSimulationsPagesWithContext(ctx aws.Context, input *ListSimulationsInput, fn func(*ListSimulationsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListSimulationsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListSimulationsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListSimulationsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListTagsForResource = "ListTagsForResource"
+
+// ListTagsForResourceRequest generates a "aws/request.Request" representing the
+// client's request for the ListTagsForResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListTagsForResource for more information on using the ListTagsForResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListTagsForResourceRequest method.
+// req, resp := client.ListTagsForResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/ListTagsForResource
+func (c *SimSpaceWeaver) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
+ op := &request.Operation{
+ Name: opListTagsForResource,
+ HTTPMethod: "GET",
+ HTTPPath: "/tags/{ResourceArn}",
+ }
+
+ if input == nil {
+ input = &ListTagsForResourceInput{}
+ }
+
+ output = &ListTagsForResourceOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListTagsForResource API operation for AWS SimSpace Weaver.
+//
+// Lists all tags on a SimSpace Weaver resource.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation ListTagsForResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - ValidationException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/ListTagsForResource
+func (c *SimSpaceWeaver) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
+ return out, req.Send()
+}
+
+// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListTagsForResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opStartApp = "StartApp"
+
+// StartAppRequest generates a "aws/request.Request" representing the
+// client's request for the StartApp operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StartApp for more information on using the StartApp
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the StartAppRequest method.
+// req, resp := client.StartAppRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StartApp
+func (c *SimSpaceWeaver) StartAppRequest(input *StartAppInput) (req *request.Request, output *StartAppOutput) {
+ op := &request.Operation{
+ Name: opStartApp,
+ HTTPMethod: "POST",
+ HTTPPath: "/startapp",
+ }
+
+ if input == nil {
+ input = &StartAppInput{}
+ }
+
+ output = &StartAppOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// StartApp API operation for AWS SimSpace Weaver.
+//
+// Starts a custom app with the configuration specified in the simulation schema.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation StartApp for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ServiceQuotaExceededException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StartApp
+func (c *SimSpaceWeaver) StartApp(input *StartAppInput) (*StartAppOutput, error) {
+ req, out := c.StartAppRequest(input)
+ return out, req.Send()
+}
+
+// StartAppWithContext is the same as StartApp with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StartApp for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) StartAppWithContext(ctx aws.Context, input *StartAppInput, opts ...request.Option) (*StartAppOutput, error) {
+ req, out := c.StartAppRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opStartClock = "StartClock"
+
+// StartClockRequest generates a "aws/request.Request" representing the
+// client's request for the StartClock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StartClock for more information on using the StartClock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the StartClockRequest method.
+// req, resp := client.StartClockRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StartClock
+func (c *SimSpaceWeaver) StartClockRequest(input *StartClockInput) (req *request.Request, output *StartClockOutput) {
+ op := &request.Operation{
+ Name: opStartClock,
+ HTTPMethod: "POST",
+ HTTPPath: "/startclock",
+ }
+
+ if input == nil {
+ input = &StartClockInput{}
+ }
+
+ output = &StartClockOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// StartClock API operation for AWS SimSpace Weaver.
+//
+// Starts the simulation clock.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation StartClock for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StartClock
+func (c *SimSpaceWeaver) StartClock(input *StartClockInput) (*StartClockOutput, error) {
+ req, out := c.StartClockRequest(input)
+ return out, req.Send()
+}
+
+// StartClockWithContext is the same as StartClock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StartClock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) StartClockWithContext(ctx aws.Context, input *StartClockInput, opts ...request.Option) (*StartClockOutput, error) {
+ req, out := c.StartClockRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opStartSimulation = "StartSimulation"
+
+// StartSimulationRequest generates a "aws/request.Request" representing the
+// client's request for the StartSimulation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StartSimulation for more information on using the StartSimulation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the StartSimulationRequest method.
+// req, resp := client.StartSimulationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StartSimulation
+func (c *SimSpaceWeaver) StartSimulationRequest(input *StartSimulationInput) (req *request.Request, output *StartSimulationOutput) {
+ op := &request.Operation{
+ Name: opStartSimulation,
+ HTTPMethod: "POST",
+ HTTPPath: "/startsimulation",
+ }
+
+ if input == nil {
+ input = &StartSimulationInput{}
+ }
+
+ output = &StartSimulationOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// StartSimulation API operation for AWS SimSpace Weaver.
+//
+// Starts a simulation with the given name and schema.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation StartSimulation for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ServiceQuotaExceededException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StartSimulation
+func (c *SimSpaceWeaver) StartSimulation(input *StartSimulationInput) (*StartSimulationOutput, error) {
+ req, out := c.StartSimulationRequest(input)
+ return out, req.Send()
+}
+
+// StartSimulationWithContext is the same as StartSimulation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StartSimulation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) StartSimulationWithContext(ctx aws.Context, input *StartSimulationInput, opts ...request.Option) (*StartSimulationOutput, error) {
+ req, out := c.StartSimulationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opStopApp = "StopApp"
+
+// StopAppRequest generates a "aws/request.Request" representing the
+// client's request for the StopApp operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StopApp for more information on using the StopApp
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the StopAppRequest method.
+// req, resp := client.StopAppRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StopApp
+func (c *SimSpaceWeaver) StopAppRequest(input *StopAppInput) (req *request.Request, output *StopAppOutput) {
+ op := &request.Operation{
+ Name: opStopApp,
+ HTTPMethod: "POST",
+ HTTPPath: "/stopapp",
+ }
+
+ if input == nil {
+ input = &StopAppInput{}
+ }
+
+ output = &StopAppOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// StopApp API operation for AWS SimSpace Weaver.
+//
+// Stops the given custom app and shuts down all of its allocated compute resources.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation StopApp for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StopApp
+func (c *SimSpaceWeaver) StopApp(input *StopAppInput) (*StopAppOutput, error) {
+ req, out := c.StopAppRequest(input)
+ return out, req.Send()
+}
+
+// StopAppWithContext is the same as StopApp with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StopApp for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) StopAppWithContext(ctx aws.Context, input *StopAppInput, opts ...request.Option) (*StopAppOutput, error) {
+ req, out := c.StopAppRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opStopClock = "StopClock"
+
+// StopClockRequest generates a "aws/request.Request" representing the
+// client's request for the StopClock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StopClock for more information on using the StopClock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the StopClockRequest method.
+// req, resp := client.StopClockRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StopClock
+func (c *SimSpaceWeaver) StopClockRequest(input *StopClockInput) (req *request.Request, output *StopClockOutput) {
+ op := &request.Operation{
+ Name: opStopClock,
+ HTTPMethod: "POST",
+ HTTPPath: "/stopclock",
+ }
+
+ if input == nil {
+ input = &StopClockInput{}
+ }
+
+ output = &StopClockOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// StopClock API operation for AWS SimSpace Weaver.
+//
+// Stops the simulation clock.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation StopClock for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StopClock
+func (c *SimSpaceWeaver) StopClock(input *StopClockInput) (*StopClockOutput, error) {
+ req, out := c.StopClockRequest(input)
+ return out, req.Send()
+}
+
+// StopClockWithContext is the same as StopClock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StopClock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) StopClockWithContext(ctx aws.Context, input *StopClockInput, opts ...request.Option) (*StopClockOutput, error) {
+ req, out := c.StopClockRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opStopSimulation = "StopSimulation"
+
+// StopSimulationRequest generates a "aws/request.Request" representing the
+// client's request for the StopSimulation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StopSimulation for more information on using the StopSimulation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the StopSimulationRequest method.
+// req, resp := client.StopSimulationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StopSimulation
+func (c *SimSpaceWeaver) StopSimulationRequest(input *StopSimulationInput) (req *request.Request, output *StopSimulationOutput) {
+ op := &request.Operation{
+ Name: opStopSimulation,
+ HTTPMethod: "POST",
+ HTTPPath: "/stopsimulation",
+ }
+
+ if input == nil {
+ input = &StopSimulationInput{}
+ }
+
+ output = &StopSimulationOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// StopSimulation API operation for AWS SimSpace Weaver.
+//
+// Stops the given simulation.
+//
+// You can't restart a simulation after you stop it. If you need to restart
+// a simulation, you must stop it, delete it, and start a new instance of it.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation StopSimulation for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - InternalServerException
+//
+// - AccessDeniedException
+//
+// - ValidationException
+//
+// - ConflictException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/StopSimulation
+func (c *SimSpaceWeaver) StopSimulation(input *StopSimulationInput) (*StopSimulationOutput, error) {
+ req, out := c.StopSimulationRequest(input)
+ return out, req.Send()
+}
+
+// StopSimulationWithContext is the same as StopSimulation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StopSimulation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) StopSimulationWithContext(ctx aws.Context, input *StopSimulationInput, opts ...request.Option) (*StopSimulationOutput, error) {
+ req, out := c.StopSimulationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opTagResource = "TagResource"
+
+// TagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the TagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagResource for more information on using the TagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the TagResourceRequest method.
+// req, resp := client.TagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/TagResource
+func (c *SimSpaceWeaver) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
+ op := &request.Operation{
+ Name: opTagResource,
+ HTTPMethod: "POST",
+ HTTPPath: "/tags/{ResourceArn}",
+ }
+
+ if input == nil {
+ input = &TagResourceInput{}
+ }
+
+ output = &TagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// TagResource API operation for AWS SimSpace Weaver.
+//
+// Adds tags to a SimSpace Weaver resource. For more information about tags,
+// see Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html)
+// in the Amazon Web Services General Reference.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation TagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - TooManyTagsException
+//
+// - ResourceNotFoundException
+//
+// - ValidationException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/TagResource
+func (c *SimSpaceWeaver) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ return out, req.Send()
+}
+
+// TagResourceWithContext is the same as TagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUntagResource = "UntagResource"
+
+// UntagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the UntagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagResource for more information on using the UntagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UntagResourceRequest method.
+// req, resp := client.UntagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/UntagResource
+func (c *SimSpaceWeaver) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
+ op := &request.Operation{
+ Name: opUntagResource,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/tags/{ResourceArn}",
+ }
+
+ if input == nil {
+ input = &UntagResourceInput{}
+ }
+
+ output = &UntagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UntagResource API operation for AWS SimSpace Weaver.
+//
+// Removes tags from a SimSpace Weaver resource. For more information about
+// tags, see Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html)
+// in the Amazon Web Services General Reference.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SimSpace Weaver's
+// API operation UntagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+//
+// - ValidationException
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28/UntagResource
+func (c *SimSpaceWeaver) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ return out, req.Send()
+}
+
+// UntagResourceWithContext is the same as UntagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SimSpaceWeaver) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+type AccessDeniedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) GoString() string {
+ return s.String()
+}
+
+func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
+ return &AccessDeniedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *AccessDeniedException) Code() string {
+ return "AccessDeniedException"
+}
+
+// Message returns the exception's message.
+func (s *AccessDeniedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *AccessDeniedException) OrigErr() error {
+ return nil
+}
+
+func (s *AccessDeniedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *AccessDeniedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *AccessDeniedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The Amazon CloudWatch Logs log group for the simulation. For more information
+// about log groups, see Working with log groups and log streams (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html)
+// in the Amazon CloudWatch Logs User Guide.
+type CloudWatchLogsLogGroup struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log group for
+ // the simulation. For more information about ARNs, see Amazon Resource Names
+ // (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference. For more information about
+ // log groups, see Working with log groups and log streams (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html)
+ // in the Amazon CloudWatch Logs User Guide.
+ LogGroupArn *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CloudWatchLogsLogGroup) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CloudWatchLogsLogGroup) GoString() string {
+ return s.String()
+}
+
+// SetLogGroupArn sets the LogGroupArn field's value.
+func (s *CloudWatchLogsLogGroup) SetLogGroupArn(v string) *CloudWatchLogsLogGroup {
+ s.LogGroupArn = &v
+ return s
+}
+
+type ConflictException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) GoString() string {
+ return s.String()
+}
+
+func newErrorConflictException(v protocol.ResponseMetadata) error {
+ return &ConflictException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ConflictException) Code() string {
+ return "ConflictException"
+}
+
+// Message returns the exception's message.
+func (s *ConflictException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ConflictException) OrigErr() error {
+ return nil
+}
+
+func (s *ConflictException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ConflictException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ConflictException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type DeleteAppInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of the app.
+ //
+ // App is a required field
+ App *string `location:"querystring" locationName:"app" min:"1" type:"string" required:"true"`
+
+ // The name of the domain of the app.
+ //
+ // Domain is a required field
+ Domain *string `location:"querystring" locationName:"domain" min:"1" type:"string" required:"true"`
+
+ // The name of the simulation of the app.
+ //
+ // Simulation is a required field
+ Simulation *string `location:"querystring" locationName:"simulation" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAppInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAppInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteAppInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteAppInput"}
+ if s.App == nil {
+ invalidParams.Add(request.NewErrParamRequired("App"))
+ }
+ if s.App != nil && len(*s.App) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("App", 1))
+ }
+ if s.Domain == nil {
+ invalidParams.Add(request.NewErrParamRequired("Domain"))
+ }
+ if s.Domain != nil && len(*s.Domain) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Domain", 1))
+ }
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetApp sets the App field's value.
+func (s *DeleteAppInput) SetApp(v string) *DeleteAppInput {
+ s.App = &v
+ return s
+}
+
+// SetDomain sets the Domain field's value.
+func (s *DeleteAppInput) SetDomain(v string) *DeleteAppInput {
+ s.Domain = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *DeleteAppInput) SetSimulation(v string) *DeleteAppInput {
+ s.Simulation = &v
+ return s
+}
+
+type DeleteAppOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAppOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteAppOutput) GoString() string {
+ return s.String()
+}
+
+type DeleteSimulationInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of the simulation.
+ //
+ // Simulation is a required field
+ Simulation *string `location:"querystring" locationName:"simulation" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSimulationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSimulationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteSimulationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteSimulationInput"}
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *DeleteSimulationInput) SetSimulation(v string) *DeleteSimulationInput {
+ s.Simulation = &v
+ return s
+}
+
+type DeleteSimulationOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSimulationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteSimulationOutput) GoString() string {
+ return s.String()
+}
+
+type DescribeAppInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of the app.
+ //
+ // App is a required field
+ App *string `location:"querystring" locationName:"app" min:"1" type:"string" required:"true"`
+
+ // The name of the domain of the app.
+ //
+ // Domain is a required field
+ Domain *string `location:"querystring" locationName:"domain" min:"1" type:"string" required:"true"`
+
+ // The name of the simulation of the app.
+ //
+ // Simulation is a required field
+ Simulation *string `location:"querystring" locationName:"simulation" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAppInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAppInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeAppInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DescribeAppInput"}
+ if s.App == nil {
+ invalidParams.Add(request.NewErrParamRequired("App"))
+ }
+ if s.App != nil && len(*s.App) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("App", 1))
+ }
+ if s.Domain == nil {
+ invalidParams.Add(request.NewErrParamRequired("Domain"))
+ }
+ if s.Domain != nil && len(*s.Domain) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Domain", 1))
+ }
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetApp sets the App field's value.
+func (s *DescribeAppInput) SetApp(v string) *DescribeAppInput {
+ s.App = &v
+ return s
+}
+
+// SetDomain sets the Domain field's value.
+func (s *DescribeAppInput) SetDomain(v string) *DescribeAppInput {
+ s.Domain = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *DescribeAppInput) SetSimulation(v string) *DescribeAppInput {
+ s.Simulation = &v
+ return s
+}
+
+type DescribeAppOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The description of the app.
+ Description *string `type:"string"`
+
+ // The name of the domain of the app.
+ Domain *string `min:"1" type:"string"`
+
+ // Information about the network endpoint for the custom app. You can use the
+ // endpoint to connect to the custom app.
+ EndpointInfo *SimulationAppEndpointInfo `type:"structure"`
+
+ // Options that apply when the app starts. These optiAons override default behavior.
+ LaunchOverrides *LaunchOverrides `type:"structure"`
+
+ // The name of the app.
+ Name *string `min:"1" type:"string"`
+
+ // The name of the simulation of the app.
+ Simulation *string `min:"1" type:"string"`
+
+ // The current lifecycle state of the custom app.
+ Status *string `type:"string" enum:"SimulationAppStatus"`
+
+ // The desired lifecycle state of the custom app.
+ TargetStatus *string `type:"string" enum:"SimulationAppTargetStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAppOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeAppOutput) GoString() string {
+ return s.String()
+}
+
+// SetDescription sets the Description field's value.
+func (s *DescribeAppOutput) SetDescription(v string) *DescribeAppOutput {
+ s.Description = &v
+ return s
+}
+
+// SetDomain sets the Domain field's value.
+func (s *DescribeAppOutput) SetDomain(v string) *DescribeAppOutput {
+ s.Domain = &v
+ return s
+}
+
+// SetEndpointInfo sets the EndpointInfo field's value.
+func (s *DescribeAppOutput) SetEndpointInfo(v *SimulationAppEndpointInfo) *DescribeAppOutput {
+ s.EndpointInfo = v
+ return s
+}
+
+// SetLaunchOverrides sets the LaunchOverrides field's value.
+func (s *DescribeAppOutput) SetLaunchOverrides(v *LaunchOverrides) *DescribeAppOutput {
+ s.LaunchOverrides = v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *DescribeAppOutput) SetName(v string) *DescribeAppOutput {
+ s.Name = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *DescribeAppOutput) SetSimulation(v string) *DescribeAppOutput {
+ s.Simulation = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *DescribeAppOutput) SetStatus(v string) *DescribeAppOutput {
+ s.Status = &v
+ return s
+}
+
+// SetTargetStatus sets the TargetStatus field's value.
+func (s *DescribeAppOutput) SetTargetStatus(v string) *DescribeAppOutput {
+ s.TargetStatus = &v
+ return s
+}
+
+type DescribeSimulationInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of the simulation.
+ //
+ // Simulation is a required field
+ Simulation *string `location:"querystring" locationName:"simulation" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeSimulationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeSimulationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DescribeSimulationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DescribeSimulationInput"}
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *DescribeSimulationInput) SetSimulation(v string) *DescribeSimulationInput {
+ s.Simulation = &v
+ return s
+}
+
+type DescribeSimulationOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the simulation. For more information about
+ // ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ Arn *string `type:"string"`
+
+ // The time when the simulation was created, expressed as the number of seconds
+ // and milliseconds in UTC since the Unix epoch (0:0:0.000, January 1, 1970).
+ CreationTime *time.Time `type:"timestamp"`
+
+ // The description of the simulation.
+ Description *string `type:"string"`
+
+ // A universally unique identifier (UUID) for this simulation.
+ ExecutionId *string `min:"36" type:"string"`
+
+ // A collection of additional state information, such as domain and clock configuration.
+ LiveSimulationState *LiveSimulationState `type:"structure"`
+
+ // Settings that control how SimSpace Weaver handles your simulation log data.
+ LoggingConfiguration *LoggingConfiguration `type:"structure"`
+
+ // The maximum running time of the simulation, specified as a number of months
+ // (m or M), hours (h or H), or days (d or D). The simulation stops when it
+ // reaches this limit.
+ MaximumDuration *string `min:"2" type:"string"`
+
+ // The name of the simulation.
+ Name *string `min:"1" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM)
+ // role that the simulation assumes to perform actions. For more information
+ // about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference. For more information about
+ // IAM roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
+ // in the Identity and Access Management User Guide.
+ RoleArn *string `type:"string"`
+
+ // An error message that SimSpace Weaver returns only if there is a problem
+ // with the simulation schema.
+ SchemaError *string `type:"string"`
+
+ // The location of the simulation schema in Amazon Simple Storage Service (Amazon
+ // S3). For more information about Amazon S3, see the Amazon Simple Storage
+ // Service User Guide (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html).
+ SchemaS3Location *S3Location `type:"structure"`
+
+ // The current lifecycle state of the simulation.
+ Status *string `type:"string" enum:"SimulationStatus"`
+
+ // The desired lifecycle state of the simulation.
+ TargetStatus *string `type:"string" enum:"SimulationTargetStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeSimulationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DescribeSimulationOutput) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *DescribeSimulationOutput) SetArn(v string) *DescribeSimulationOutput {
+ s.Arn = &v
+ return s
+}
+
+// SetCreationTime sets the CreationTime field's value.
+func (s *DescribeSimulationOutput) SetCreationTime(v time.Time) *DescribeSimulationOutput {
+ s.CreationTime = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *DescribeSimulationOutput) SetDescription(v string) *DescribeSimulationOutput {
+ s.Description = &v
+ return s
+}
+
+// SetExecutionId sets the ExecutionId field's value.
+func (s *DescribeSimulationOutput) SetExecutionId(v string) *DescribeSimulationOutput {
+ s.ExecutionId = &v
+ return s
+}
+
+// SetLiveSimulationState sets the LiveSimulationState field's value.
+func (s *DescribeSimulationOutput) SetLiveSimulationState(v *LiveSimulationState) *DescribeSimulationOutput {
+ s.LiveSimulationState = v
+ return s
+}
+
+// SetLoggingConfiguration sets the LoggingConfiguration field's value.
+func (s *DescribeSimulationOutput) SetLoggingConfiguration(v *LoggingConfiguration) *DescribeSimulationOutput {
+ s.LoggingConfiguration = v
+ return s
+}
+
+// SetMaximumDuration sets the MaximumDuration field's value.
+func (s *DescribeSimulationOutput) SetMaximumDuration(v string) *DescribeSimulationOutput {
+ s.MaximumDuration = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *DescribeSimulationOutput) SetName(v string) *DescribeSimulationOutput {
+ s.Name = &v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *DescribeSimulationOutput) SetRoleArn(v string) *DescribeSimulationOutput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetSchemaError sets the SchemaError field's value.
+func (s *DescribeSimulationOutput) SetSchemaError(v string) *DescribeSimulationOutput {
+ s.SchemaError = &v
+ return s
+}
+
+// SetSchemaS3Location sets the SchemaS3Location field's value.
+func (s *DescribeSimulationOutput) SetSchemaS3Location(v *S3Location) *DescribeSimulationOutput {
+ s.SchemaS3Location = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *DescribeSimulationOutput) SetStatus(v string) *DescribeSimulationOutput {
+ s.Status = &v
+ return s
+}
+
+// SetTargetStatus sets the TargetStatus field's value.
+func (s *DescribeSimulationOutput) SetTargetStatus(v string) *DescribeSimulationOutput {
+ s.TargetStatus = &v
+ return s
+}
+
+// A collection of app instances that run the same executable app code and have
+// the same launch options and commands.
+//
+// For more information about domains, see Key concepts (https://docs.aws.amazon.com/simspaceweaver/latest/userguide/what-is_key-concepts.html)
+// in the Amazon Web Services SimSpace Weaver User Guide.
+type Domain struct {
+ _ struct{} `type:"structure"`
+
+ // The type of lifecycle management for apps in the domain. This value indicates
+ // whether apps in this domain are managed (SimSpace Weaver starts and stops
+ // the apps) or unmanaged (you must start and stop the apps).
+ //
+ // Lifecycle types
+ //
+ // * PerWorker – Managed: SimSpace Weaver starts 1 app on each worker
+ //
+ // * BySpatialSubdivision – Managed: SimSpace Weaver starts 1 app for each
+ // spatial partition
+ //
+ // * ByRequest – Unmanaged: You use the StartApp API to start the apps
+ // and use the StopApp API to stop the apps.
+ //
+ // The lifecycle types will change when the service is released for general
+ // availability (GA).
+ Lifecycle *string `type:"string" enum:"LifecycleManagementStrategy"`
+
+ // The name of the domain.
+ Name *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Domain) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Domain) GoString() string {
+ return s.String()
+}
+
+// SetLifecycle sets the Lifecycle field's value.
+func (s *Domain) SetLifecycle(v string) *Domain {
+ s.Lifecycle = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *Domain) SetName(v string) *Domain {
+ s.Name = &v
+ return s
+}
+
+type InternalServerException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) GoString() string {
+ return s.String()
+}
+
+func newErrorInternalServerException(v protocol.ResponseMetadata) error {
+ return &InternalServerException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InternalServerException) Code() string {
+ return "InternalServerException"
+}
+
+// Message returns the exception's message.
+func (s *InternalServerException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InternalServerException) OrigErr() error {
+ return nil
+}
+
+func (s *InternalServerException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InternalServerException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InternalServerException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Options that apply when the app starts. These optiAons override default behavior.
+type LaunchOverrides struct {
+ _ struct{} `type:"structure"`
+
+ // App launch commands and command line parameters that override the launch
+ // command configured in the simulation schema.
+ LaunchCommands []*string `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LaunchOverrides) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LaunchOverrides) GoString() string {
+ return s.String()
+}
+
+// SetLaunchCommands sets the LaunchCommands field's value.
+func (s *LaunchOverrides) SetLaunchCommands(v []*string) *LaunchOverrides {
+ s.LaunchCommands = v
+ return s
+}
+
+type ListAppsInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The name of the domain that you want to list apps for.
+ Domain *string `location:"querystring" locationName:"domain" min:"1" type:"string"`
+
+ // The maximum number of apps to list.
+ MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
+
+ // If SimSpace Weaver returns nextToken, there are more results available. The
+ // value of nextToken is a unique pagination token for each page. To retrieve
+ // the next page, call the operation again using the returned token. Keep all
+ // other arguments unchanged. If no results remain, nextToken is set to null.
+ // Each pagination token expires after 24 hours. If you provide a token that
+ // isn't valid, you receive an HTTP 400 ValidationException error.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
+
+ // The name of the simulation that you want to list apps for.
+ //
+ // Simulation is a required field
+ Simulation *string `location:"querystring" locationName:"simulation" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAppsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAppsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAppsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAppsInput"}
+ if s.Domain != nil && len(*s.Domain) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Domain", 1))
+ }
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDomain sets the Domain field's value.
+func (s *ListAppsInput) SetDomain(v string) *ListAppsInput {
+ s.Domain = &v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAppsInput) SetMaxResults(v int64) *ListAppsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAppsInput) SetNextToken(v string) *ListAppsInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *ListAppsInput) SetSimulation(v string) *ListAppsInput {
+ s.Simulation = &v
+ return s
+}
+
+type ListAppsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The list of apps for the given simulation and domain.
+ Apps []*SimulationAppMetadata `type:"list"`
+
+ // If SimSpace Weaver returns nextToken, there are more results available. The
+ // value of nextToken is a unique pagination token for each page. To retrieve
+ // the next page, call the operation again using the returned token. Keep all
+ // other arguments unchanged. If no results remain, nextToken is set to null.
+ // Each pagination token expires after 24 hours. If you provide a token that
+ // isn't valid, you receive an HTTP 400 ValidationException error.
+ NextToken *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAppsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAppsOutput) GoString() string {
+ return s.String()
+}
+
+// SetApps sets the Apps field's value.
+func (s *ListAppsOutput) SetApps(v []*SimulationAppMetadata) *ListAppsOutput {
+ s.Apps = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAppsOutput) SetNextToken(v string) *ListAppsOutput {
+ s.NextToken = &v
+ return s
+}
+
+type ListSimulationsInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The maximum number of simulations to list.
+ MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
+
+ // If SimSpace Weaver returns nextToken, there are more results available. The
+ // value of nextToken is a unique pagination token for each page. To retrieve
+ // the next page, call the operation again using the returned token. Keep all
+ // other arguments unchanged. If no results remain, nextToken is set to null.
+ // Each pagination token expires after 24 hours. If you provide a token that
+ // isn't valid, you receive an HTTP 400 ValidationException error.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSimulationsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSimulationsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListSimulationsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListSimulationsInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListSimulationsInput) SetMaxResults(v int64) *ListSimulationsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSimulationsInput) SetNextToken(v string) *ListSimulationsInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListSimulationsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // If SimSpace Weaver returns nextToken, there are more results available. The
+ // value of nextToken is a unique pagination token for each page. To retrieve
+ // the next page, call the operation again using the returned token. Keep all
+ // other arguments unchanged. If no results remain, nextToken is set to null.
+ // Each pagination token expires after 24 hours. If you provide a token that
+ // isn't valid, you receive an HTTP 400 ValidationException error.
+ NextToken *string `type:"string"`
+
+ // The list of simulations.
+ Simulations []*SimulationMetadata `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSimulationsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListSimulationsOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListSimulationsOutput) SetNextToken(v string) *ListSimulationsOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetSimulations sets the Simulations field's value.
+func (s *ListSimulationsOutput) SetSimulations(v []*SimulationMetadata) *ListSimulationsOutput {
+ s.Simulations = v
+ return s
+}
+
+type ListTagsForResourceInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the resource. For more information about
+ // ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `location:"uri" locationName:"ResourceArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListTagsForResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+type ListTagsForResourceOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The list of tags for the resource.
+ Tags map[string]*string `min:"1" type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceOutput) GoString() string {
+ return s.String()
+}
+
+// SetTags sets the Tags field's value.
+func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForResourceOutput {
+ s.Tags = v
+ return s
+}
+
+// A collection of additional state information, such as domain and clock configuration.
+type LiveSimulationState struct {
+ _ struct{} `type:"structure"`
+
+ // A list of simulation clocks.
+ //
+ // At this time, a simulation has only one clock.
+ Clocks []*SimulationClock `type:"list"`
+
+ // A list of domains for the simulation. For more information about domains,
+ // see Key concepts (https://docs.aws.amazon.com/simspaceweaver/latest/userguide/what-is_key-concepts.html)
+ // in the Amazon Web Services SimSpace Weaver User Guide.
+ Domains []*Domain `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LiveSimulationState) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LiveSimulationState) GoString() string {
+ return s.String()
+}
+
+// SetClocks sets the Clocks field's value.
+func (s *LiveSimulationState) SetClocks(v []*SimulationClock) *LiveSimulationState {
+ s.Clocks = v
+ return s
+}
+
+// SetDomains sets the Domains field's value.
+func (s *LiveSimulationState) SetDomains(v []*Domain) *LiveSimulationState {
+ s.Domains = v
+ return s
+}
+
+// The location where SimSpace Weaver sends simulation log data.
+type LogDestination struct {
+ _ struct{} `type:"structure"`
+
+ // An Amazon CloudWatch Logs log group that stores simulation log data. For
+ // more information about log groups, see Working with log groups and log streams
+ // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html)
+ // in the Amazon CloudWatch Logs User Guide.
+ CloudWatchLogsLogGroup *CloudWatchLogsLogGroup `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogDestination) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogDestination) GoString() string {
+ return s.String()
+}
+
+// SetCloudWatchLogsLogGroup sets the CloudWatchLogsLogGroup field's value.
+func (s *LogDestination) SetCloudWatchLogsLogGroup(v *CloudWatchLogsLogGroup) *LogDestination {
+ s.CloudWatchLogsLogGroup = v
+ return s
+}
+
+// The logging configuration for a simulation.
+type LoggingConfiguration struct {
+ _ struct{} `type:"structure"`
+
+ // A list of the locations where SimSpace Weaver sends simulation log data.
+ Destinations []*LogDestination `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LoggingConfiguration) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LoggingConfiguration) GoString() string {
+ return s.String()
+}
+
+// SetDestinations sets the Destinations field's value.
+func (s *LoggingConfiguration) SetDestinations(v []*LogDestination) *LoggingConfiguration {
+ s.Destinations = v
+ return s
+}
+
+type ResourceNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+ return &ResourceNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ResourceNotFoundException) Code() string {
+ return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *ResourceNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ResourceNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *ResourceNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ResourceNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ResourceNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// A location in Amazon Simple Storage Service (Amazon S3) where SimSpace Weaver
+// stores simulation data, such as your app zip files and schema file. For more
+// information about Amazon S3, see the Amazon Simple Storage Service User Guide
+// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html).
+type S3Location struct {
+ _ struct{} `type:"structure"`
+
+ // The name of an Amazon S3 bucket. For more information about buckets, see
+ // Creating, configuring, and working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html)
+ // in the Amazon Simple Storage Service User Guide.
+ BucketName *string `min:"3" type:"string"`
+
+ // The key name of an object in Amazon S3. For more information about Amazon
+ // S3 objects and object keys, see Uploading, downloading, and working with
+ // objects in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/uploading-downloading-objects.html)
+ // in the Amazon Simple Storage Service User Guide.
+ ObjectKey *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s S3Location) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s S3Location) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *S3Location) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "S3Location"}
+ if s.BucketName != nil && len(*s.BucketName) < 3 {
+ invalidParams.Add(request.NewErrParamMinLen("BucketName", 3))
+ }
+ if s.ObjectKey != nil && len(*s.ObjectKey) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ObjectKey", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetBucketName sets the BucketName field's value.
+func (s *S3Location) SetBucketName(v string) *S3Location {
+ s.BucketName = &v
+ return s
+}
+
+// SetObjectKey sets the ObjectKey field's value.
+func (s *S3Location) SetObjectKey(v string) *S3Location {
+ s.ObjectKey = &v
+ return s
+}
+
+type ServiceQuotaExceededException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceQuotaExceededException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceQuotaExceededException) GoString() string {
+ return s.String()
+}
+
+func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error {
+ return &ServiceQuotaExceededException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ServiceQuotaExceededException) Code() string {
+ return "ServiceQuotaExceededException"
+}
+
+// Message returns the exception's message.
+func (s *ServiceQuotaExceededException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ServiceQuotaExceededException) OrigErr() error {
+ return nil
+}
+
+func (s *ServiceQuotaExceededException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ServiceQuotaExceededException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ServiceQuotaExceededException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Information about the network endpoint that you can use to connect to your
+// custom or service app.
+type SimulationAppEndpointInfo struct {
+ _ struct{} `type:"structure"`
+
+ // The IP address of the app. SimSpace Weaver dynamically assigns this IP address
+ // when the app starts.
+ Address *string `min:"1" type:"string"`
+
+ // The inbound TCP/UDP port numbers of the app. The combination of an IP address
+ // and a port number form a network endpoint.
+ IngressPortMappings []*SimulationAppPortMapping `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationAppEndpointInfo) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationAppEndpointInfo) GoString() string {
+ return s.String()
+}
+
+// SetAddress sets the Address field's value.
+func (s *SimulationAppEndpointInfo) SetAddress(v string) *SimulationAppEndpointInfo {
+ s.Address = &v
+ return s
+}
+
+// SetIngressPortMappings sets the IngressPortMappings field's value.
+func (s *SimulationAppEndpointInfo) SetIngressPortMappings(v []*SimulationAppPortMapping) *SimulationAppEndpointInfo {
+ s.IngressPortMappings = v
+ return s
+}
+
+// A collection of metadata about an app.
+type SimulationAppMetadata struct {
+ _ struct{} `type:"structure"`
+
+ // The domain of the app. For more information about domains, see Key concepts
+ // (https://docs.aws.amazon.com/simspaceweaver/latest/userguide/what-is_key-concepts.html)
+ // in the Amazon Web Services SimSpace Weaver User Guide.
+ Domain *string `min:"1" type:"string"`
+
+ // The name of the app.
+ Name *string `min:"1" type:"string"`
+
+ // The name of the simulation of the app.
+ Simulation *string `min:"1" type:"string"`
+
+ // The current status of the app.
+ Status *string `type:"string" enum:"SimulationAppStatus"`
+
+ // The desired status of the app.
+ TargetStatus *string `type:"string" enum:"SimulationAppTargetStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationAppMetadata) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationAppMetadata) GoString() string {
+ return s.String()
+}
+
+// SetDomain sets the Domain field's value.
+func (s *SimulationAppMetadata) SetDomain(v string) *SimulationAppMetadata {
+ s.Domain = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *SimulationAppMetadata) SetName(v string) *SimulationAppMetadata {
+ s.Name = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *SimulationAppMetadata) SetSimulation(v string) *SimulationAppMetadata {
+ s.Simulation = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *SimulationAppMetadata) SetStatus(v string) *SimulationAppMetadata {
+ s.Status = &v
+ return s
+}
+
+// SetTargetStatus sets the TargetStatus field's value.
+func (s *SimulationAppMetadata) SetTargetStatus(v string) *SimulationAppMetadata {
+ s.TargetStatus = &v
+ return s
+}
+
+// A collection of TCP/UDP ports for a custom or service app.
+type SimulationAppPortMapping struct {
+ _ struct{} `type:"structure"`
+
+ // The TCP/UDP port number of the running app. SimSpace Weaver dynamically assigns
+ // this port number when the app starts. SimSpace Weaver maps the Declared port
+ // to the Actual port. Clients connect to the app using the app's IP address
+ // and the Actual port number.
+ Actual *int64 `type:"integer"`
+
+ // The TCP/UDP port number of the app, declared in the simulation schema. SimSpace
+ // Weaver maps the Declared port to the Actual port. The source code for the
+ // app should bind to the Declared port.
+ Declared *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationAppPortMapping) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationAppPortMapping) GoString() string {
+ return s.String()
+}
+
+// SetActual sets the Actual field's value.
+func (s *SimulationAppPortMapping) SetActual(v int64) *SimulationAppPortMapping {
+ s.Actual = &v
+ return s
+}
+
+// SetDeclared sets the Declared field's value.
+func (s *SimulationAppPortMapping) SetDeclared(v int64) *SimulationAppPortMapping {
+ s.Declared = &v
+ return s
+}
+
+// Status information about the simulation clock.
+type SimulationClock struct {
+ _ struct{} `type:"structure"`
+
+ // The current status of the simulation clock.
+ Status *string `type:"string" enum:"ClockStatus"`
+
+ // The desired status of the simulation clock.
+ TargetStatus *string `type:"string" enum:"ClockTargetStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationClock) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationClock) GoString() string {
+ return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *SimulationClock) SetStatus(v string) *SimulationClock {
+ s.Status = &v
+ return s
+}
+
+// SetTargetStatus sets the TargetStatus field's value.
+func (s *SimulationClock) SetTargetStatus(v string) *SimulationClock {
+ s.TargetStatus = &v
+ return s
+}
+
+// A collection of data about the simulation.
+type SimulationMetadata struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the simulation. For more information about
+ // ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ Arn *string `type:"string"`
+
+ // The time when the simulation was created, expressed as the number of seconds
+ // and milliseconds in UTC since the Unix epoch (0:0:0.000, January 1, 1970).
+ CreationTime *time.Time `type:"timestamp"`
+
+ // The name of the simulation.
+ Name *string `min:"1" type:"string"`
+
+ // The current status of the simulation.
+ Status *string `type:"string" enum:"SimulationStatus"`
+
+ // The desired status of the simulation.
+ TargetStatus *string `type:"string" enum:"SimulationTargetStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationMetadata) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SimulationMetadata) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *SimulationMetadata) SetArn(v string) *SimulationMetadata {
+ s.Arn = &v
+ return s
+}
+
+// SetCreationTime sets the CreationTime field's value.
+func (s *SimulationMetadata) SetCreationTime(v time.Time) *SimulationMetadata {
+ s.CreationTime = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *SimulationMetadata) SetName(v string) *SimulationMetadata {
+ s.Name = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *SimulationMetadata) SetStatus(v string) *SimulationMetadata {
+ s.Status = &v
+ return s
+}
+
+// SetTargetStatus sets the TargetStatus field's value.
+func (s *SimulationMetadata) SetTargetStatus(v string) *SimulationMetadata {
+ s.TargetStatus = &v
+ return s
+}
+
+type StartAppInput struct {
+ _ struct{} `type:"structure"`
+
+ // A value that you provide to ensure that repeated calls to this API operation
+ // using the same parameters complete only once. A ClientToken is also known
+ // as an idempotency token. A ClientToken expires after 24 hours.
+ //
+ // ClientToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by StartAppInput's
+ // String and GoString methods.
+ ClientToken *string `min:"32" type:"string" idempotencyToken:"true" sensitive:"true"`
+
+ // The description of the app.
+ Description *string `type:"string"`
+
+ // The name of the domain of the app.
+ //
+ // Domain is a required field
+ Domain *string `min:"1" type:"string" required:"true"`
+
+ // Options that apply when the app starts. These optiAons override default behavior.
+ LaunchOverrides *LaunchOverrides `type:"structure"`
+
+ // The name of the app.
+ //
+ // Name is a required field
+ Name *string `min:"1" type:"string" required:"true"`
+
+ // The name of the simulation of the app.
+ //
+ // Simulation is a required field
+ Simulation *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartAppInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartAppInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StartAppInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "StartAppInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 32 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 32))
+ }
+ if s.Domain == nil {
+ invalidParams.Add(request.NewErrParamRequired("Domain"))
+ }
+ if s.Domain != nil && len(*s.Domain) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Domain", 1))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 1))
+ }
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *StartAppInput) SetClientToken(v string) *StartAppInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *StartAppInput) SetDescription(v string) *StartAppInput {
+ s.Description = &v
+ return s
+}
+
+// SetDomain sets the Domain field's value.
+func (s *StartAppInput) SetDomain(v string) *StartAppInput {
+ s.Domain = &v
+ return s
+}
+
+// SetLaunchOverrides sets the LaunchOverrides field's value.
+func (s *StartAppInput) SetLaunchOverrides(v *LaunchOverrides) *StartAppInput {
+ s.LaunchOverrides = v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *StartAppInput) SetName(v string) *StartAppInput {
+ s.Name = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *StartAppInput) SetSimulation(v string) *StartAppInput {
+ s.Simulation = &v
+ return s
+}
+
+type StartAppOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the domain of the app.
+ Domain *string `min:"1" type:"string"`
+
+ // The name of the app.
+ Name *string `min:"1" type:"string"`
+
+ // The name of the simulation of the app.
+ Simulation *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartAppOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartAppOutput) GoString() string {
+ return s.String()
+}
+
+// SetDomain sets the Domain field's value.
+func (s *StartAppOutput) SetDomain(v string) *StartAppOutput {
+ s.Domain = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *StartAppOutput) SetName(v string) *StartAppOutput {
+ s.Name = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *StartAppOutput) SetSimulation(v string) *StartAppOutput {
+ s.Simulation = &v
+ return s
+}
+
+type StartClockInput struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the simulation.
+ //
+ // Simulation is a required field
+ Simulation *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartClockInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartClockInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StartClockInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "StartClockInput"}
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *StartClockInput) SetSimulation(v string) *StartClockInput {
+ s.Simulation = &v
+ return s
+}
+
+type StartClockOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartClockOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartClockOutput) GoString() string {
+ return s.String()
+}
+
+type StartSimulationInput struct {
+ _ struct{} `type:"structure"`
+
+ // A value that you provide to ensure that repeated calls to this API operation
+ // using the same parameters complete only once. A ClientToken is also known
+ // as an idempotency token. A ClientToken expires after 24 hours.
+ //
+ // ClientToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by StartSimulationInput's
+ // String and GoString methods.
+ ClientToken *string `min:"32" type:"string" idempotencyToken:"true" sensitive:"true"`
+
+ // The description of the simulation.
+ Description *string `type:"string"`
+
+ // The maximum running time of the simulation, specified as a number of months
+ // (m or M), hours (h or H), or days (d or D). The simulation stops when it
+ // reaches this limit.
+ MaximumDuration *string `min:"2" type:"string"`
+
+ // The name of the simulation.
+ //
+ // Name is a required field
+ Name *string `min:"1" type:"string" required:"true"`
+
+ // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM)
+ // role that the simulation assumes to perform actions. For more information
+ // about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference. For more information about
+ // IAM roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
+ // in the Identity and Access Management User Guide.
+ //
+ // RoleArn is a required field
+ RoleArn *string `type:"string" required:"true"`
+
+ // The location of the simulation schema in Amazon Simple Storage Service (Amazon
+ // S3). For more information about Amazon S3, see the Amazon Simple Storage
+ // Service User Guide (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html).
+ //
+ // SchemaS3Location is a required field
+ SchemaS3Location *S3Location `type:"structure" required:"true"`
+
+ // A list of tags for the simulation. For more information about tags, see Tagging
+ // Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html)
+ // in the Amazon Web Services General Reference.
+ Tags map[string]*string `min:"1" type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartSimulationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartSimulationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StartSimulationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "StartSimulationInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 32 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 32))
+ }
+ if s.MaximumDuration != nil && len(*s.MaximumDuration) < 2 {
+ invalidParams.Add(request.NewErrParamMinLen("MaximumDuration", 2))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 1))
+ }
+ if s.RoleArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+ }
+ if s.SchemaS3Location == nil {
+ invalidParams.Add(request.NewErrParamRequired("SchemaS3Location"))
+ }
+ if s.Tags != nil && len(s.Tags) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+ }
+ if s.SchemaS3Location != nil {
+ if err := s.SchemaS3Location.Validate(); err != nil {
+ invalidParams.AddNested("SchemaS3Location", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *StartSimulationInput) SetClientToken(v string) *StartSimulationInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *StartSimulationInput) SetDescription(v string) *StartSimulationInput {
+ s.Description = &v
+ return s
+}
+
+// SetMaximumDuration sets the MaximumDuration field's value.
+func (s *StartSimulationInput) SetMaximumDuration(v string) *StartSimulationInput {
+ s.MaximumDuration = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *StartSimulationInput) SetName(v string) *StartSimulationInput {
+ s.Name = &v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *StartSimulationInput) SetRoleArn(v string) *StartSimulationInput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetSchemaS3Location sets the SchemaS3Location field's value.
+func (s *StartSimulationInput) SetSchemaS3Location(v *S3Location) *StartSimulationInput {
+ s.SchemaS3Location = v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *StartSimulationInput) SetTags(v map[string]*string) *StartSimulationInput {
+ s.Tags = v
+ return s
+}
+
+type StartSimulationOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the simulation. For more information about
+ // ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ Arn *string `type:"string"`
+
+ // The time when the simulation was created, expressed as the number of seconds
+ // and milliseconds in UTC since the Unix epoch (0:0:0.000, January 1, 1970).
+ CreationTime *time.Time `type:"timestamp"`
+
+ // A universally unique identifier (UUID) for this simulation.
+ ExecutionId *string `min:"36" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartSimulationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartSimulationOutput) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *StartSimulationOutput) SetArn(v string) *StartSimulationOutput {
+ s.Arn = &v
+ return s
+}
+
+// SetCreationTime sets the CreationTime field's value.
+func (s *StartSimulationOutput) SetCreationTime(v time.Time) *StartSimulationOutput {
+ s.CreationTime = &v
+ return s
+}
+
+// SetExecutionId sets the ExecutionId field's value.
+func (s *StartSimulationOutput) SetExecutionId(v string) *StartSimulationOutput {
+ s.ExecutionId = &v
+ return s
+}
+
+type StopAppInput struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the app.
+ //
+ // App is a required field
+ App *string `min:"1" type:"string" required:"true"`
+
+ // The name of the domain of the app.
+ //
+ // Domain is a required field
+ Domain *string `min:"1" type:"string" required:"true"`
+
+ // The name of the simulation of the app.
+ //
+ // Simulation is a required field
+ Simulation *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopAppInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopAppInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StopAppInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "StopAppInput"}
+ if s.App == nil {
+ invalidParams.Add(request.NewErrParamRequired("App"))
+ }
+ if s.App != nil && len(*s.App) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("App", 1))
+ }
+ if s.Domain == nil {
+ invalidParams.Add(request.NewErrParamRequired("Domain"))
+ }
+ if s.Domain != nil && len(*s.Domain) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Domain", 1))
+ }
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetApp sets the App field's value.
+func (s *StopAppInput) SetApp(v string) *StopAppInput {
+ s.App = &v
+ return s
+}
+
+// SetDomain sets the Domain field's value.
+func (s *StopAppInput) SetDomain(v string) *StopAppInput {
+ s.Domain = &v
+ return s
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *StopAppInput) SetSimulation(v string) *StopAppInput {
+ s.Simulation = &v
+ return s
+}
+
+type StopAppOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopAppOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopAppOutput) GoString() string {
+ return s.String()
+}
+
+type StopClockInput struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the simulation.
+ //
+ // Simulation is a required field
+ Simulation *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopClockInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopClockInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StopClockInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "StopClockInput"}
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *StopClockInput) SetSimulation(v string) *StopClockInput {
+ s.Simulation = &v
+ return s
+}
+
+type StopClockOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopClockOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopClockOutput) GoString() string {
+ return s.String()
+}
+
+type StopSimulationInput struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the simulation.
+ //
+ // Simulation is a required field
+ Simulation *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopSimulationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopSimulationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StopSimulationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "StopSimulationInput"}
+ if s.Simulation == nil {
+ invalidParams.Add(request.NewErrParamRequired("Simulation"))
+ }
+ if s.Simulation != nil && len(*s.Simulation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Simulation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetSimulation sets the Simulation field's value.
+func (s *StopSimulationInput) SetSimulation(v string) *StopSimulationInput {
+ s.Simulation = &v
+ return s
+}
+
+type StopSimulationOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopSimulationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StopSimulationOutput) GoString() string {
+ return s.String()
+}
+
+type TagResourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the resource that you want to add tags
+ // to. For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `location:"uri" locationName:"ResourceArn" type:"string" required:"true"`
+
+ // A list of tags to apply to the resource.
+ //
+ // Tags is a required field
+ Tags map[string]*string `min:"1" type:"map" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TagResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+ if s.Tags == nil {
+ invalidParams.Add(request.NewErrParamRequired("Tags"))
+ }
+ if s.Tags != nil && len(s.Tags) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *TagResourceInput) SetTags(v map[string]*string) *TagResourceInput {
+ s.Tags = v
+ return s
+}
+
+type TagResourceOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceOutput) GoString() string {
+ return s.String()
+}
+
+type TooManyTagsException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TooManyTagsException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TooManyTagsException) GoString() string {
+ return s.String()
+}
+
+func newErrorTooManyTagsException(v protocol.ResponseMetadata) error {
+ return &TooManyTagsException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *TooManyTagsException) Code() string {
+ return "TooManyTagsException"
+}
+
+// Message returns the exception's message.
+func (s *TooManyTagsException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *TooManyTagsException) OrigErr() error {
+ return nil
+}
+
+func (s *TooManyTagsException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *TooManyTagsException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *TooManyTagsException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type UntagResourceInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the resource that you want to remove tags
+ // from. For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `location:"uri" locationName:"ResourceArn" type:"string" required:"true"`
+
+ // A list of tag keys to remove from the resource.
+ //
+ // TagKeys is a required field
+ TagKeys []*string `location:"querystring" locationName:"tagKeys" min:"1" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UntagResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+ if s.TagKeys == nil {
+ invalidParams.Add(request.NewErrParamRequired("TagKeys"))
+ }
+ if s.TagKeys != nil && len(s.TagKeys) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("TagKeys", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetTagKeys sets the TagKeys field's value.
+func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
+ s.TagKeys = v
+ return s
+}
+
+type UntagResourceOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceOutput) GoString() string {
+ return s.String()
+}
+
+type ValidationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) GoString() string {
+ return s.String()
+}
+
+func newErrorValidationException(v protocol.ResponseMetadata) error {
+ return &ValidationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ValidationException) Code() string {
+ return "ValidationException"
+}
+
+// Message returns the exception's message.
+func (s *ValidationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ValidationException) OrigErr() error {
+ return nil
+}
+
+func (s *ValidationException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ValidationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ValidationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+const (
+ // ClockStatusUnknown is a ClockStatus enum value
+ ClockStatusUnknown = "UNKNOWN"
+
+ // ClockStatusStarting is a ClockStatus enum value
+ ClockStatusStarting = "STARTING"
+
+ // ClockStatusStarted is a ClockStatus enum value
+ ClockStatusStarted = "STARTED"
+
+ // ClockStatusStopping is a ClockStatus enum value
+ ClockStatusStopping = "STOPPING"
+
+ // ClockStatusStopped is a ClockStatus enum value
+ ClockStatusStopped = "STOPPED"
+)
+
+// ClockStatus_Values returns all elements of the ClockStatus enum
+func ClockStatus_Values() []string {
+ return []string{
+ ClockStatusUnknown,
+ ClockStatusStarting,
+ ClockStatusStarted,
+ ClockStatusStopping,
+ ClockStatusStopped,
+ }
+}
+
+const (
+ // ClockTargetStatusUnknown is a ClockTargetStatus enum value
+ ClockTargetStatusUnknown = "UNKNOWN"
+
+ // ClockTargetStatusStarted is a ClockTargetStatus enum value
+ ClockTargetStatusStarted = "STARTED"
+
+ // ClockTargetStatusStopped is a ClockTargetStatus enum value
+ ClockTargetStatusStopped = "STOPPED"
+)
+
+// ClockTargetStatus_Values returns all elements of the ClockTargetStatus enum
+func ClockTargetStatus_Values() []string {
+ return []string{
+ ClockTargetStatusUnknown,
+ ClockTargetStatusStarted,
+ ClockTargetStatusStopped,
+ }
+}
+
+const (
+ // LifecycleManagementStrategyUnknown is a LifecycleManagementStrategy enum value
+ LifecycleManagementStrategyUnknown = "Unknown"
+
+ // LifecycleManagementStrategyPerWorker is a LifecycleManagementStrategy enum value
+ LifecycleManagementStrategyPerWorker = "PerWorker"
+
+ // LifecycleManagementStrategyBySpatialSubdivision is a LifecycleManagementStrategy enum value
+ LifecycleManagementStrategyBySpatialSubdivision = "BySpatialSubdivision"
+
+ // LifecycleManagementStrategyByRequest is a LifecycleManagementStrategy enum value
+ LifecycleManagementStrategyByRequest = "ByRequest"
+)
+
+// LifecycleManagementStrategy_Values returns all elements of the LifecycleManagementStrategy enum
+func LifecycleManagementStrategy_Values() []string {
+ return []string{
+ LifecycleManagementStrategyUnknown,
+ LifecycleManagementStrategyPerWorker,
+ LifecycleManagementStrategyBySpatialSubdivision,
+ LifecycleManagementStrategyByRequest,
+ }
+}
+
+const (
+ // SimulationAppStatusStarting is a SimulationAppStatus enum value
+ SimulationAppStatusStarting = "STARTING"
+
+ // SimulationAppStatusStarted is a SimulationAppStatus enum value
+ SimulationAppStatusStarted = "STARTED"
+
+ // SimulationAppStatusStopping is a SimulationAppStatus enum value
+ SimulationAppStatusStopping = "STOPPING"
+
+ // SimulationAppStatusStopped is a SimulationAppStatus enum value
+ SimulationAppStatusStopped = "STOPPED"
+
+ // SimulationAppStatusError is a SimulationAppStatus enum value
+ SimulationAppStatusError = "ERROR"
+
+ // SimulationAppStatusUnknown is a SimulationAppStatus enum value
+ SimulationAppStatusUnknown = "UNKNOWN"
+)
+
+// SimulationAppStatus_Values returns all elements of the SimulationAppStatus enum
+func SimulationAppStatus_Values() []string {
+ return []string{
+ SimulationAppStatusStarting,
+ SimulationAppStatusStarted,
+ SimulationAppStatusStopping,
+ SimulationAppStatusStopped,
+ SimulationAppStatusError,
+ SimulationAppStatusUnknown,
+ }
+}
+
+const (
+ // SimulationAppTargetStatusUnknown is a SimulationAppTargetStatus enum value
+ SimulationAppTargetStatusUnknown = "UNKNOWN"
+
+ // SimulationAppTargetStatusStarted is a SimulationAppTargetStatus enum value
+ SimulationAppTargetStatusStarted = "STARTED"
+
+ // SimulationAppTargetStatusStopped is a SimulationAppTargetStatus enum value
+ SimulationAppTargetStatusStopped = "STOPPED"
+)
+
+// SimulationAppTargetStatus_Values returns all elements of the SimulationAppTargetStatus enum
+func SimulationAppTargetStatus_Values() []string {
+ return []string{
+ SimulationAppTargetStatusUnknown,
+ SimulationAppTargetStatusStarted,
+ SimulationAppTargetStatusStopped,
+ }
+}
+
+const (
+ // SimulationStatusUnknown is a SimulationStatus enum value
+ SimulationStatusUnknown = "UNKNOWN"
+
+ // SimulationStatusStarting is a SimulationStatus enum value
+ SimulationStatusStarting = "STARTING"
+
+ // SimulationStatusStarted is a SimulationStatus enum value
+ SimulationStatusStarted = "STARTED"
+
+ // SimulationStatusStopping is a SimulationStatus enum value
+ SimulationStatusStopping = "STOPPING"
+
+ // SimulationStatusStopped is a SimulationStatus enum value
+ SimulationStatusStopped = "STOPPED"
+
+ // SimulationStatusFailed is a SimulationStatus enum value
+ SimulationStatusFailed = "FAILED"
+
+ // SimulationStatusDeleting is a SimulationStatus enum value
+ SimulationStatusDeleting = "DELETING"
+
+ // SimulationStatusDeleted is a SimulationStatus enum value
+ SimulationStatusDeleted = "DELETED"
+)
+
+// SimulationStatus_Values returns all elements of the SimulationStatus enum
+func SimulationStatus_Values() []string {
+ return []string{
+ SimulationStatusUnknown,
+ SimulationStatusStarting,
+ SimulationStatusStarted,
+ SimulationStatusStopping,
+ SimulationStatusStopped,
+ SimulationStatusFailed,
+ SimulationStatusDeleting,
+ SimulationStatusDeleted,
+ }
+}
+
+const (
+ // SimulationTargetStatusUnknown is a SimulationTargetStatus enum value
+ SimulationTargetStatusUnknown = "UNKNOWN"
+
+ // SimulationTargetStatusStarted is a SimulationTargetStatus enum value
+ SimulationTargetStatusStarted = "STARTED"
+
+ // SimulationTargetStatusStopped is a SimulationTargetStatus enum value
+ SimulationTargetStatusStopped = "STOPPED"
+
+ // SimulationTargetStatusDeleted is a SimulationTargetStatus enum value
+ SimulationTargetStatusDeleted = "DELETED"
+)
+
+// SimulationTargetStatus_Values returns all elements of the SimulationTargetStatus enum
+func SimulationTargetStatus_Values() []string {
+ return []string{
+ SimulationTargetStatusUnknown,
+ SimulationTargetStatusStarted,
+ SimulationTargetStatusStopped,
+ SimulationTargetStatusDeleted,
+ }
+}
diff --git a/service/simspaceweaver/doc.go b/service/simspaceweaver/doc.go
new file mode 100644
index 0000000000..f602b4e6c7
--- /dev/null
+++ b/service/simspaceweaver/doc.go
@@ -0,0 +1,42 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package simspaceweaver provides the client and types for making API
+// requests to AWS SimSpace Weaver.
+//
+// Amazon Web Services SimSpace Weaver (SimSpace Weaver) is a managed service
+// that you can use to build and operate large-scale spatial simulations in
+// the Amazon Web Services Cloud. For example, you can create a digital twin
+// of a city, crowd simulations with millions of people and objects, and massilvely-multiplayer
+// games with hundreds of thousands of connected players. For more information
+// about SimSpace Weaver, see the Amazon Web Services SimSpace Weaver User Guide
+// (https://docs.aws.amazon.com/simspaceweaver/latest/userguide/) .
+//
+// This API reference describes the API operations and data types that you can
+// use to communicate directly with SimSpace Weaver.
+//
+// SimSpace Weaver also provides the SimSpace Weaver app SDK, which you use
+// for app development. The SimSpace Weaver app SDK API reference is included
+// in the SimSpace Weaver app SDK documentation, which is part of the SimSpace
+// Weaver app SDK distributable package.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/simspaceweaver-2022-10-28 for more information on this service.
+//
+// See simspaceweaver package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/simspaceweaver/
+//
+// # Using the Client
+//
+// To contact AWS SimSpace Weaver with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS SimSpace Weaver client SimSpaceWeaver for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/simspaceweaver/#New
+package simspaceweaver
diff --git a/service/simspaceweaver/errors.go b/service/simspaceweaver/errors.go
new file mode 100644
index 0000000000..8d17a1314a
--- /dev/null
+++ b/service/simspaceweaver/errors.go
@@ -0,0 +1,48 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package simspaceweaver
+
+import (
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+
+ // ErrCodeAccessDeniedException for service response error code
+ // "AccessDeniedException".
+ ErrCodeAccessDeniedException = "AccessDeniedException"
+
+ // ErrCodeConflictException for service response error code
+ // "ConflictException".
+ ErrCodeConflictException = "ConflictException"
+
+ // ErrCodeInternalServerException for service response error code
+ // "InternalServerException".
+ ErrCodeInternalServerException = "InternalServerException"
+
+ // ErrCodeResourceNotFoundException for service response error code
+ // "ResourceNotFoundException".
+ ErrCodeResourceNotFoundException = "ResourceNotFoundException"
+
+ // ErrCodeServiceQuotaExceededException for service response error code
+ // "ServiceQuotaExceededException".
+ ErrCodeServiceQuotaExceededException = "ServiceQuotaExceededException"
+
+ // ErrCodeTooManyTagsException for service response error code
+ // "TooManyTagsException".
+ ErrCodeTooManyTagsException = "TooManyTagsException"
+
+ // ErrCodeValidationException for service response error code
+ // "ValidationException".
+ ErrCodeValidationException = "ValidationException"
+)
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+ "AccessDeniedException": newErrorAccessDeniedException,
+ "ConflictException": newErrorConflictException,
+ "InternalServerException": newErrorInternalServerException,
+ "ResourceNotFoundException": newErrorResourceNotFoundException,
+ "ServiceQuotaExceededException": newErrorServiceQuotaExceededException,
+ "TooManyTagsException": newErrorTooManyTagsException,
+ "ValidationException": newErrorValidationException,
+}
diff --git a/service/simspaceweaver/service.go b/service/simspaceweaver/service.go
new file mode 100644
index 0000000000..31acef2e85
--- /dev/null
+++ b/service/simspaceweaver/service.go
@@ -0,0 +1,106 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package simspaceweaver
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+// SimSpaceWeaver provides the API operation methods for making requests to
+// AWS SimSpace Weaver. See this package's package overview docs
+// for details on the service.
+//
+// SimSpaceWeaver methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type SimSpaceWeaver struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "SimSpaceWeaver" // Name of service.
+ EndpointsID = "simspaceweaver" // ID to lookup a service endpoint with.
+ ServiceID = "SimSpaceWeaver" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the SimSpaceWeaver client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a SimSpaceWeaver client from just a session.
+// svc := simspaceweaver.New(mySession)
+//
+// // Create a SimSpaceWeaver client with additional configuration
+// svc := simspaceweaver.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *SimSpaceWeaver {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = "simspaceweaver"
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SimSpaceWeaver {
+ svc := &SimSpaceWeaver{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2022-10-28",
+ ResolvedRegion: resolvedRegion,
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+ svc.Handlers.Build.PushBackNamed(restjson.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(
+ protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+ )
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a SimSpaceWeaver operation and runs any
+// custom request initialization.
+func (c *SimSpaceWeaver) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/service/simspaceweaver/simspaceweaveriface/interface.go b/service/simspaceweaver/simspaceweaveriface/interface.go
new file mode 100644
index 0000000000..85d55a302e
--- /dev/null
+++ b/service/simspaceweaver/simspaceweaveriface/interface.go
@@ -0,0 +1,130 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package simspaceweaveriface provides an interface to enable mocking the AWS SimSpace Weaver service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package simspaceweaveriface
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/service/simspaceweaver"
+)
+
+// SimSpaceWeaverAPI provides an interface to enable mocking the
+// simspaceweaver.SimSpaceWeaver service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+// // myFunc uses an SDK service client to make a request to
+// // AWS SimSpace Weaver.
+// func myFunc(svc simspaceweaveriface.SimSpaceWeaverAPI) bool {
+// // Make svc.DeleteApp request
+// }
+//
+// func main() {
+// sess := session.New()
+// svc := simspaceweaver.New(sess)
+//
+// myFunc(svc)
+// }
+//
+// In your _test.go file:
+//
+// // Define a mock struct to be used in your unit tests of myFunc.
+// type mockSimSpaceWeaverClient struct {
+// simspaceweaveriface.SimSpaceWeaverAPI
+// }
+// func (m *mockSimSpaceWeaverClient) DeleteApp(input *simspaceweaver.DeleteAppInput) (*simspaceweaver.DeleteAppOutput, error) {
+// // mock response/functionality
+// }
+//
+// func TestMyFunc(t *testing.T) {
+// // Setup Test
+// mockSvc := &mockSimSpaceWeaverClient{}
+//
+// myfunc(mockSvc)
+//
+// // Verify myFunc's functionality
+// }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type SimSpaceWeaverAPI interface {
+ DeleteApp(*simspaceweaver.DeleteAppInput) (*simspaceweaver.DeleteAppOutput, error)
+ DeleteAppWithContext(aws.Context, *simspaceweaver.DeleteAppInput, ...request.Option) (*simspaceweaver.DeleteAppOutput, error)
+ DeleteAppRequest(*simspaceweaver.DeleteAppInput) (*request.Request, *simspaceweaver.DeleteAppOutput)
+
+ DeleteSimulation(*simspaceweaver.DeleteSimulationInput) (*simspaceweaver.DeleteSimulationOutput, error)
+ DeleteSimulationWithContext(aws.Context, *simspaceweaver.DeleteSimulationInput, ...request.Option) (*simspaceweaver.DeleteSimulationOutput, error)
+ DeleteSimulationRequest(*simspaceweaver.DeleteSimulationInput) (*request.Request, *simspaceweaver.DeleteSimulationOutput)
+
+ DescribeApp(*simspaceweaver.DescribeAppInput) (*simspaceweaver.DescribeAppOutput, error)
+ DescribeAppWithContext(aws.Context, *simspaceweaver.DescribeAppInput, ...request.Option) (*simspaceweaver.DescribeAppOutput, error)
+ DescribeAppRequest(*simspaceweaver.DescribeAppInput) (*request.Request, *simspaceweaver.DescribeAppOutput)
+
+ DescribeSimulation(*simspaceweaver.DescribeSimulationInput) (*simspaceweaver.DescribeSimulationOutput, error)
+ DescribeSimulationWithContext(aws.Context, *simspaceweaver.DescribeSimulationInput, ...request.Option) (*simspaceweaver.DescribeSimulationOutput, error)
+ DescribeSimulationRequest(*simspaceweaver.DescribeSimulationInput) (*request.Request, *simspaceweaver.DescribeSimulationOutput)
+
+ ListApps(*simspaceweaver.ListAppsInput) (*simspaceweaver.ListAppsOutput, error)
+ ListAppsWithContext(aws.Context, *simspaceweaver.ListAppsInput, ...request.Option) (*simspaceweaver.ListAppsOutput, error)
+ ListAppsRequest(*simspaceweaver.ListAppsInput) (*request.Request, *simspaceweaver.ListAppsOutput)
+
+ ListAppsPages(*simspaceweaver.ListAppsInput, func(*simspaceweaver.ListAppsOutput, bool) bool) error
+ ListAppsPagesWithContext(aws.Context, *simspaceweaver.ListAppsInput, func(*simspaceweaver.ListAppsOutput, bool) bool, ...request.Option) error
+
+ ListSimulations(*simspaceweaver.ListSimulationsInput) (*simspaceweaver.ListSimulationsOutput, error)
+ ListSimulationsWithContext(aws.Context, *simspaceweaver.ListSimulationsInput, ...request.Option) (*simspaceweaver.ListSimulationsOutput, error)
+ ListSimulationsRequest(*simspaceweaver.ListSimulationsInput) (*request.Request, *simspaceweaver.ListSimulationsOutput)
+
+ ListSimulationsPages(*simspaceweaver.ListSimulationsInput, func(*simspaceweaver.ListSimulationsOutput, bool) bool) error
+ ListSimulationsPagesWithContext(aws.Context, *simspaceweaver.ListSimulationsInput, func(*simspaceweaver.ListSimulationsOutput, bool) bool, ...request.Option) error
+
+ ListTagsForResource(*simspaceweaver.ListTagsForResourceInput) (*simspaceweaver.ListTagsForResourceOutput, error)
+ ListTagsForResourceWithContext(aws.Context, *simspaceweaver.ListTagsForResourceInput, ...request.Option) (*simspaceweaver.ListTagsForResourceOutput, error)
+ ListTagsForResourceRequest(*simspaceweaver.ListTagsForResourceInput) (*request.Request, *simspaceweaver.ListTagsForResourceOutput)
+
+ StartApp(*simspaceweaver.StartAppInput) (*simspaceweaver.StartAppOutput, error)
+ StartAppWithContext(aws.Context, *simspaceweaver.StartAppInput, ...request.Option) (*simspaceweaver.StartAppOutput, error)
+ StartAppRequest(*simspaceweaver.StartAppInput) (*request.Request, *simspaceweaver.StartAppOutput)
+
+ StartClock(*simspaceweaver.StartClockInput) (*simspaceweaver.StartClockOutput, error)
+ StartClockWithContext(aws.Context, *simspaceweaver.StartClockInput, ...request.Option) (*simspaceweaver.StartClockOutput, error)
+ StartClockRequest(*simspaceweaver.StartClockInput) (*request.Request, *simspaceweaver.StartClockOutput)
+
+ StartSimulation(*simspaceweaver.StartSimulationInput) (*simspaceweaver.StartSimulationOutput, error)
+ StartSimulationWithContext(aws.Context, *simspaceweaver.StartSimulationInput, ...request.Option) (*simspaceweaver.StartSimulationOutput, error)
+ StartSimulationRequest(*simspaceweaver.StartSimulationInput) (*request.Request, *simspaceweaver.StartSimulationOutput)
+
+ StopApp(*simspaceweaver.StopAppInput) (*simspaceweaver.StopAppOutput, error)
+ StopAppWithContext(aws.Context, *simspaceweaver.StopAppInput, ...request.Option) (*simspaceweaver.StopAppOutput, error)
+ StopAppRequest(*simspaceweaver.StopAppInput) (*request.Request, *simspaceweaver.StopAppOutput)
+
+ StopClock(*simspaceweaver.StopClockInput) (*simspaceweaver.StopClockOutput, error)
+ StopClockWithContext(aws.Context, *simspaceweaver.StopClockInput, ...request.Option) (*simspaceweaver.StopClockOutput, error)
+ StopClockRequest(*simspaceweaver.StopClockInput) (*request.Request, *simspaceweaver.StopClockOutput)
+
+ StopSimulation(*simspaceweaver.StopSimulationInput) (*simspaceweaver.StopSimulationOutput, error)
+ StopSimulationWithContext(aws.Context, *simspaceweaver.StopSimulationInput, ...request.Option) (*simspaceweaver.StopSimulationOutput, error)
+ StopSimulationRequest(*simspaceweaver.StopSimulationInput) (*request.Request, *simspaceweaver.StopSimulationOutput)
+
+ TagResource(*simspaceweaver.TagResourceInput) (*simspaceweaver.TagResourceOutput, error)
+ TagResourceWithContext(aws.Context, *simspaceweaver.TagResourceInput, ...request.Option) (*simspaceweaver.TagResourceOutput, error)
+ TagResourceRequest(*simspaceweaver.TagResourceInput) (*request.Request, *simspaceweaver.TagResourceOutput)
+
+ UntagResource(*simspaceweaver.UntagResourceInput) (*simspaceweaver.UntagResourceOutput, error)
+ UntagResourceWithContext(aws.Context, *simspaceweaver.UntagResourceInput, ...request.Option) (*simspaceweaver.UntagResourceOutput, error)
+ UntagResourceRequest(*simspaceweaver.UntagResourceInput) (*request.Request, *simspaceweaver.UntagResourceOutput)
+}
+
+var _ SimSpaceWeaverAPI = (*simspaceweaver.SimSpaceWeaver)(nil)
diff --git a/service/transcribestreamingservice/api.go b/service/transcribestreamingservice/api.go
index 2b00a2285d..50c2d08fd7 100644
--- a/service/transcribestreamingservice/api.go
+++ b/service/transcribestreamingservice/api.go
@@ -280,8 +280,8 @@ func (es *StartCallAnalyticsStreamTranscriptionEventStream) closeInputPipe() err
//
// These events are:
//
-// - AudioEvent
-// - ConfigurationEvent
+// * AudioEvent
+// * ConfigurationEvent
func (es *StartCallAnalyticsStreamTranscriptionEventStream) Send(ctx aws.Context, event AudioStreamEvent) error {
return es.Writer.Send(ctx, event)
}
@@ -325,9 +325,9 @@ func (es *StartCallAnalyticsStreamTranscriptionEventStream) runInputStream(r *re
//
// These events are:
//
-// - CategoryEvent
-// - UtteranceEvent
-// - CallAnalyticsTranscriptResultStreamUnknownEvent
+// * CategoryEvent
+// * UtteranceEvent
+// * CallAnalyticsTranscriptResultStreamUnknownEvent
func (es *StartCallAnalyticsStreamTranscriptionEventStream) Events() <-chan CallAnalyticsTranscriptResultStreamEvent {
return es.Reader.Events()
}
@@ -672,8 +672,8 @@ func (es *StartMedicalStreamTranscriptionEventStream) closeInputPipe() error {
//
// These events are:
//
-// - AudioEvent
-// - ConfigurationEvent
+// * AudioEvent
+// * ConfigurationEvent
func (es *StartMedicalStreamTranscriptionEventStream) Send(ctx aws.Context, event AudioStreamEvent) error {
return es.Writer.Send(ctx, event)
}
@@ -717,8 +717,8 @@ func (es *StartMedicalStreamTranscriptionEventStream) runInputStream(r *request.
//
// These events are:
//
-// - MedicalTranscriptEvent
-// - MedicalTranscriptResultStreamUnknownEvent
+// * MedicalTranscriptEvent
+// * MedicalTranscriptResultStreamUnknownEvent
func (es *StartMedicalStreamTranscriptionEventStream) Events() <-chan MedicalTranscriptResultStreamEvent {
return es.Reader.Events()
}
@@ -1062,8 +1062,8 @@ func (es *StartStreamTranscriptionEventStream) closeInputPipe() error {
//
// These events are:
//
-// - AudioEvent
-// - ConfigurationEvent
+// * AudioEvent
+// * ConfigurationEvent
func (es *StartStreamTranscriptionEventStream) Send(ctx aws.Context, event AudioStreamEvent) error {
return es.Writer.Send(ctx, event)
}
@@ -1107,8 +1107,8 @@ func (es *StartStreamTranscriptionEventStream) runInputStream(r *request.Request
//
// These events are:
//
-// - TranscriptEvent
-// - TranscriptResultStreamUnknownEvent
+// * TranscriptEvent
+// * TranscriptResultStreamUnknownEvent
func (es *StartStreamTranscriptionEventStream) Events() <-chan TranscriptResultStreamEvent {
return es.Reader.Events()
}