Updates SDK to v2.1040.0

.changes/2.1040.0.json

@@ -0,0 +1,82 @@
+[
+    {
+        "type": "feature",
+        "category": "AccessAnalyzer",
+        "description": "AWS IAM Access Analyzer now supports policy validation for resource policies attached to S3 buckets and access points. You can run additional policy checks by specifying the S3 resource type you want to attach to your resource policy."
+    },
+    {
+        "type": "feature",
+        "category": "BackupGateway",
+        "description": "Initial release of AWS Backup gateway which enables you to centralize and automate protection of on-premises VMware and VMware Cloud on AWS workloads using AWS Backup."
+    },
+    {
+        "type": "feature",
+        "category": "EC2",
+        "description": "This release adds support for Is4gen and Im4gn instances. This release also adds a new subnet attribute, enableLniAtDeviceIndex, to support local network interfaces, which are logical networking components that connect an EC2 instance to your on-premises network."
+    },
+    {
+        "type": "feature",
+        "category": "FSx",
+        "description": "This release adds support for the FSx for OpenZFS file system type, FSx for Lustre file systems with the Persistent_2 deployment type, and FSx for Lustre file systems with Amazon S3 data repository associations and automatic export policies."
+    },
+    {
+        "type": "feature",
+        "category": "Glue",
+        "description": "Support for DataLake transactions"
+    },
+    {
+        "type": "feature",
+        "category": "IoTTwinMaker",
+        "description": "AWS IoT TwinMaker makes it faster and easier to create, visualize and monitor digital twins of real-world systems like buildings, factories and industrial equipment to optimize operations. Learn more: https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html (New Service) (Preview)"
+    },
+    {
+        "type": "feature",
+        "category": "Iot",
+        "description": "Added the ability to enable/disable IoT Fleet Indexing for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs."
+    },
+    {
+        "type": "feature",
+        "category": "Kafka",
+        "description": "This release adds three new V2 APIs. CreateClusterV2 for creating both provisioned and serverless clusters. DescribeClusterV2 for getting information about provisioned and serverless clusters and ListClustersV2 for listing all clusters (both provisioned and serverless) in your account."
+    },
+    {
+        "type": "feature",
+        "category": "Kinesis",
+        "description": "Updates API to latest version."
+    },
+    {
+        "type": "feature",
+        "category": "LakeFormation",
+        "description": "This release adds support for row and cell-based access control in Lake Formation. It also adds support for Lake Formation Governed Tables, which support ACID transactions and automatic storage optimizations."
+    },
+    {
+        "type": "feature",
+        "category": "Outposts",
+        "description": "This release adds the SupportedHardwareType parameter to CreateOutpost."
+    },
+    {
+        "type": "feature",
+        "category": "RedshiftData",
+        "description": "Data API now supports serverless queries."
+    },
+    {
+        "type": "feature",
+        "category": "S3",
+        "description": "Introduce Amazon S3 Glacier Instant Retrieval storage class and a new setting in S3 Object Ownership to disable ACLs for bucket and the objects in it."
+    },
+    {
+        "type": "feature",
+        "category": "Snowball",
+        "description": "Tapeball is to integrate tape gateway onto snowball, it enables customer to transfer local data on the tape to snowball,and then ingest the data into tape gateway on the cloud."
+    },
+    {
+        "type": "feature",
+        "category": "StorageGateway",
+        "description": "Added gateway type VTL_SNOW. Added new SNOWBALL HostEnvironment for gateways running on a Snowball device. Added new field HostEnvironmentId to serve as an identifier for the HostEnvironment on which the gateway is running."
+    },
+    {
+        "type": "feature",
+        "category": "WorkSpacesWeb",
+        "description": "This is the initial SDK release for Amazon WorkSpaces Web. Amazon WorkSpaces Web is a low-cost, fully managed WorkSpace built to deliver secure web-based workloads and software-as-a-service (SaaS) application access to users within existing web browsers."
+    }
+]

CHANGELOG.md

@@ -1,7 +1,25 @@
 # Changelog for AWS SDK for JavaScript
-<!--LATEST=2.1039.0-->
+<!--LATEST=2.1040.0-->
 <!--ENTRYINSERT-->
 
+## 2.1040.0
+* feature: AccessAnalyzer: AWS IAM Access Analyzer now supports policy validation for resource policies attached to S3 buckets and access points. You can run additional policy checks by specifying the S3 resource type you want to attach to your resource policy.
+* feature: BackupGateway: Initial release of AWS Backup gateway which enables you to centralize and automate protection of on-premises VMware and VMware Cloud on AWS workloads using AWS Backup.
+* feature: EC2: This release adds support for Is4gen and Im4gn instances. This release also adds a new subnet attribute, enableLniAtDeviceIndex, to support local network interfaces, which are logical networking components that connect an EC2 instance to your on-premises network.
+* feature: FSx: This release adds support for the FSx for OpenZFS file system type, FSx for Lustre file systems with the Persistent_2 deployment type, and FSx for Lustre file systems with Amazon S3 data repository associations and automatic export policies.
+* feature: Glue: Support for DataLake transactions
+* feature: IoTTwinMaker: AWS IoT TwinMaker makes it faster and easier to create, visualize and monitor digital twins of real-world systems like buildings, factories and industrial equipment to optimize operations. Learn more: https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html (New Service) (Preview)
+* feature: Iot: Added the ability to enable/disable IoT Fleet Indexing for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
+* feature: Kafka: This release adds three new V2 APIs. CreateClusterV2 for creating both provisioned and serverless clusters. DescribeClusterV2 for getting information about provisioned and serverless clusters and ListClustersV2 for listing all clusters (both provisioned and serverless) in your account.
+* feature: Kinesis: Updates API to latest version.
+* feature: LakeFormation: This release adds support for row and cell-based access control in Lake Formation. It also adds support for Lake Formation Governed Tables, which support ACID transactions and automatic storage optimizations.
+* feature: Outposts: This release adds the SupportedHardwareType parameter to CreateOutpost.
+* feature: RedshiftData: Data API now supports serverless queries.
+* feature: S3: Introduce Amazon S3 Glacier Instant Retrieval storage class and a new setting in S3 Object Ownership to disable ACLs for bucket and the objects in it.
+* feature: Snowball: Tapeball is to integrate tape gateway onto snowball, it enables customer to transfer local data on the tape to snowball,and then ingest the data into tape gateway on the cloud.
+* feature: StorageGateway: Added gateway type VTL_SNOW. Added new SNOWBALL HostEnvironment for gateways running on a Snowball device. Added new field HostEnvironmentId to serve as an identifier for the HostEnvironment on which the gateway is running.
+* feature: WorkSpacesWeb: This is the initial SDK release for Amazon WorkSpaces Web. Amazon WorkSpaces Web is a low-cost, fully managed WorkSpace built to deliver secure web-based workloads and software-as-a-service (SaaS) application access to users within existing web browsers.
+
 ## 2.1039.0
 * feature: ComputeOptimizer: Adds support for the enhanced infrastructure metrics paid feature. Also adds support for two new sets of resource efficiency metrics, including savings opportunity metrics and performance improvement opportunity metrics.
 * feature: DataExchange: This release enables providers and subscribers to use Data Set, Job, and Asset operations to work with API assets from Amazon API Gateway. In addition, this release enables subscribers to use the SendApiAsset operation to invoke a provider's Amazon API Gateway API that they are entitled to.

README.md

@@ -29,7 +29,7 @@ For release notes, see the [CHANGELOG](https://github.com/aws/aws-sdk-js/blob/ma
 To use the SDK in the browser, simply add the following script tag to your
 HTML pages:
 
-    <script src="https://sdk.amazonaws.com/js/aws-sdk-2.1039.0.min.js"></script>
+    <script src="https://sdk.amazonaws.com/js/aws-sdk-2.1040.0.min.js"></script>
 
 You can also build a custom browser SDK with your specified set of AWS services.
 This can allow you to reduce the SDK's size, specify different API versions of

apis/accessanalyzer-2019-11-01.min.json

@@ -1283,7 +1283,8 @@
             "locationName": "nextToken"
           },
           "policyDocument": {},
-          "policyType": {}
+          "policyType": {},
+          "validatePolicyResourceType": {}
         }
       },
       "output": {
@@ -1354,10 +1355,10 @@
                         ],
                         "members": {
                           "end": {
-                            "shape": "S54"
+                            "shape": "S55"
                           },
                           "start": {
-                            "shape": "S54"
+                            "shape": "S55"
                           }
                         }
                       }
@@ -1660,7 +1661,7 @@
       "type": "list",
       "member": {}
     },
-    "S54": {
+    "S55": {
       "type": "structure",
       "required": [
         "column",

apis/accessanalyzer-2019-11-01.normal.json

@@ -3052,14 +3052,14 @@
       "members": {
         "kmsKeyId": {
           "shape": "SecretsManagerSecretKmsId",
-          "documentation": "<p>The proposed ARN, key ID, or alias of the KMS customer master key (CMK).</p>"
+          "documentation": "<p>The proposed ARN, key ID, or alias of the KMS key.</p>"
         },
         "secretPolicy": {
           "shape": "SecretsManagerSecretPolicy",
           "documentation": "<p>The proposed resource policy defining who can access or manage the secret.</p>"
         }
       },
-      "documentation": "<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p> <p>You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the default CMK of the Amazon Web Services account. If you specify an empty string for the KMS key ID, the access preview uses the default CMK of the Amazon Web Services account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for Secrets Manager.</a>.</p>"
+      "documentation": "<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p> <p>You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for Secrets Manager.</a>.</p>"
     },
     "SecretsManagerSecretKmsId": {
       "type": "string"
@@ -3479,9 +3479,22 @@
         "policyType": {
           "shape": "PolicyType",
           "documentation": "<p>The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. They also include service-control policies (SCPs) that are attached to an Amazon Web Services organization, organizational unit (OU), or an account.</p> <p>Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy. </p>"
+        },
+        "validatePolicyResourceType": {
+          "shape": "ValidatePolicyResourceType",
+          "documentation": "<p>The type of resource to attach to your resource policy. Specify a value for the policy validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose <code>AWS::S3::Bucket</code> for the policy validation resource type.</p> <p>For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.</p>"
         }
       }
     },
+    "ValidatePolicyResourceType": {
+      "type": "string",
+      "enum": [
+        "AWS::S3::Bucket",
+        "AWS::S3::AccessPoint",
+        "AWS::S3::MultiRegionAccessPoint",
+        "AWS::S3ObjectLambda::AccessPoint"
+      ]
+    },
     "ValidatePolicyResponse": {
       "type": "structure",
       "required": [

apis/backup-gateway-2021-01-01.examples.json

@@ -0,0 +1,5 @@
+{
+  "version": "1.0",
+  "examples": {
+  }
+}