Merge branch 'release-1.20.61'

* release-1.20.61:
  Bumping version to 1.20.61
  Update to latest models
  Rename README.rst to README.md
  Handle two character pluralized acronyms (eg. IDs)

.changes/1.20.61.json

@@ -0,0 +1,22 @@
+[
+  {
+    "category": "``macie2``", 
+    "description": "The Amazon Macie API now provides S3 bucket metadata that indicates whether a bucket policy requires server-side encryption of objects when objects are uploaded to the bucket.", 
+    "type": "api-change"
+  }, 
+  {
+    "category": "``organizations``", 
+    "description": "Minor text updates for AWS Organizations API Reference", 
+    "type": "api-change"
+  }, 
+  {
+    "category": "``ecs``", 
+    "description": "Add support for EphemeralStorage on TaskDefinition and TaskOverride", 
+    "type": "api-change"
+  }, 
+  {
+    "category": "``chime``", 
+    "description": "Increase AppInstanceUserId length to 64 characters", 
+    "type": "api-change"
+  }
+]

CHANGELOG.rst

@@ -2,6 +2,15 @@
 CHANGELOG
 =========
 
+1.20.61
+=======
+
+* api-change:``macie2``: The Amazon Macie API now provides S3 bucket metadata that indicates whether a bucket policy requires server-side encryption of objects when objects are uploaded to the bucket.
+* api-change:``organizations``: Minor text updates for AWS Organizations API Reference
+* api-change:``ecs``: Add support for EphemeralStorage on TaskDefinition and TaskOverride
+* api-change:``chime``: Increase AppInstanceUserId length to 64 characters
+
+
 1.20.60
 =======
 

botocore/__init__.py

@@ -16,7 +16,7 @@
 import re
 import logging
 
-__version__ = '1.20.60'
+__version__ = '1.20.61'
 
 
 class NullHandler(logging.Handler):
@@ -30,9 +30,9 @@ def emit(self, record):
 
 _first_cap_regex = re.compile('(.)([A-Z][a-z]+)')
 _end_cap_regex = re.compile('([a-z0-9])([A-Z])')
-# The regex below handles the special case where some acryonym
+# The regex below handles the special case where some acronym
 # name is pluralized, e.g GatewayARNs, ListWebACLs, SomeCNAMEs.
-_special_case_transform = re.compile('[A-Z]{3,}s$')
+_special_case_transform = re.compile('[A-Z]{2,}s$')
 # Prepopulate the cache with special cases that don't match
 # our regular transformation.
 _xform_cache = {

botocore/data/chime/2018-05-01/service-2.json

@@ -11393,9 +11393,9 @@
     },
     "UserId":{
       "type":"string",
-      "max":50,
+      "max":64,
       "min":1,
-      "pattern":"[A-Za-z0-9][A-Za-z0-9\\:\\-\\_\\.\\@]{3,50}[A-Za-z0-9]",
+      "pattern":"[A-Za-z0-9]([A-Za-z0-9\\:\\-\\_\\.\\@]{0,62}[A-Za-z0-9])?",
       "sensitive":true
     },
     "UserIdList":{

botocore/data/macie2/2020-01-01/service-2.json

@@ -2566,6 +2566,14 @@
         "DISABLING_IN_PROGRESS"
       ]
     },
+    "AllowsUnencryptedObjectUploads": {
+      "type": "string",
+      "enum": [
+        "TRUE",
+        "FALSE",
+        "UNKNOWN"
+      ]
+    },
     "ApiCallDetails": {
       "type": "structure",
       "members": {
@@ -2769,20 +2777,25 @@
         "kmsManaged": {
           "shape": "__long",
           "locationName": "kmsManaged",
-          "documentation": " <p>The total number of buckets that use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt new objects by default. These buckets use AWS managed AWS KMS encryption (AWS-KMS) or customer managed AWS KMS encryption (SSE-KMS).</p>"
+          "documentation": " <p>The total number of buckets that use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt new objects by default. These buckets use AWS managed AWS KMS encryption (AWS-KMS) or customer managed AWS KMS encryption (SSE-KMS) by default.</p>"
         },
         "s3Managed": {
           "shape": "__long",
           "locationName": "s3Managed",
-          "documentation": "<p>The total number of buckets that use an Amazon S3 managed key to encrypt new objects by default. These buckets use Amazon S3 managed encryption (SSE-S3).</p>"
+          "documentation": "<p>The total number of buckets that use an Amazon S3 managed key to encrypt new objects by default. These buckets use Amazon S3 managed encryption (SSE-S3) by default.</p>"
         },
         "unencrypted": {
           "shape": "__long",
           "locationName": "unencrypted",
           "documentation": "<p>The total number of buckets that don't encrypt new objects by default. Default encryption is disabled for these buckets.</p>"
+        },
+        "unknown": {
+          "shape": "__long",
+          "locationName": "unknown",
+          "documentation": "<p>The total number of buckets that Amazon Macie doesn't have current encryption metadata for. Macie can't provide current data about the default encryption settings for these buckets.</p>"
         }
       },
-      "documentation": "<p>Provides information about the number of S3 buckets that use certain types of server-side encryption by default or don't encrypt new objects by default.</p>"
+      "documentation": "<p>Provides information about the number of S3 buckets that use certain types of server-side encryption by default or don't encrypt new objects by default. For detailed information about these settings, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html\">Setting default server-side encryption behavior for Amazon S3 buckets</a> in the <i>Amazon Simple Storage Service User Guide</i>.</p>"
     },
     "BucketCountBySharedAccessType": {
       "type": "structure",
@@ -2808,7 +2821,28 @@
           "documentation": "<p>The total number of buckets that Amazon Macie wasn't able to evaluate shared access settings for. Macie can't determine whether these buckets are shared with other AWS accounts.</p>"
         }
       },
-      "documentation": "<p>Provides information about the number of S3 buckets that are shared with other AWS accounts.</p>"
+      "documentation": "<p>Provides information about the number of S3 buckets that are and aren't shared with other AWS accounts.</p>"
+    },
+    "BucketCountPolicyAllowsUnencryptedObjectUploads": {
+      "type": "structure",
+      "members": {
+        "allowsUnencryptedObjectUploads": {
+          "shape": "__long",
+          "locationName": "allowsUnencryptedObjectUploads",
+          "documentation": "<p>The total number of buckets that don't have a bucket policy or have a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, the policy doesn't require PutObject requests to include the x-amz-server-side-encryption header and it doesn't require the value for that header to be AES256 or aws:kms.</p>"
+        },
+        "deniesUnencryptedObjectUploads": {
+          "shape": "__long",
+          "locationName": "deniesUnencryptedObjectUploads",
+          "documentation": "<p>The total number of buckets whose bucket policies require server-side encryption of new objects. PutObject requests for these buckets must include the x-amz-server-side-encryption header and the value for that header must be AES256 or aws:kms.</p>"
+        },
+        "unknown": {
+          "shape": "__long",
+          "locationName": "unknown",
+          "documentation": "<p>The total number of buckets that Amazon Macie wasn't able to evaluate server-side encryption requirements for. Macie can't determine whether the bucket policies for these buckets require server-side encryption of new objects.</p>"
+        }
+      },
+      "documentation": "<p>Provides information about the number of S3 buckets whose bucket policies do and don't require server-side encryption of objects when objects are uploaded to the buckets.</p>"
     },
     "BucketCriteria": {
       "type": "map",
@@ -2890,6 +2924,11 @@
           "locationName": "accountId",
           "documentation": "<p>The unique identifier for the AWS account that owns the bucket.</p>"
         },
+        "allowsUnencryptedObjectUploads": {
+          "shape": "AllowsUnencryptedObjectUploads",
+          "locationName": "allowsUnencryptedObjectUploads",
+          "documentation": "<p>Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are uploaded to the bucket. Possible values are:</p> <ul><li><p>FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include the x-amz-server-side-encryption header and the value for that header must be AES256 or aws:kms.</p></li> <li><p>TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include the x-amz-server-side-encryption header and it doesn't require the value for that header to be AES256 or aws:kms.</p></li> <li><p>UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of new objects.</p></li></ul>"
+        },
         "bucketArn": {
           "shape": "__string",
           "locationName": "bucketArn",
@@ -3023,7 +3062,7 @@
           "documentation": "<p>Specifies whether the bucket policy allows the general public to have write access to the bucket.</p>"
         }
       },
-      "documentation": "<p>Provides information about the permissions settings of a bucket policy for an S3 bucket.</p>"
+      "documentation": "<p>Provides information about the permissions settings of the bucket policy for an S3 bucket.</p>"
     },
     "BucketPublicAccess": {
       "type": "structure",
@@ -3036,7 +3075,7 @@
         "permissionConfiguration": {
           "shape": "BucketPermissionConfiguration",
           "locationName": "permissionConfiguration",
-          "documentation": "<p>The account-level and bucket-level permissions for the bucket.</p>"
+          "documentation": "<p>The account-level and bucket-level permissions settings for the bucket.</p>"
         }
       },
       "documentation": "<p>Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.</p>"
@@ -3309,7 +3348,7 @@
         "keywords": {
           "shape": "__listOf__string",
           "locationName": "keywords",
-          "documentation": "<p>An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.</p>"
+          "documentation": "<p>An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3 - 90 characters. Keywords aren't case sensitive.</p>"
         },
         "maximumMatchDistance": {
           "shape": "__integer",
@@ -4399,12 +4438,17 @@
         "bucketCountByEncryptionType": {
           "shape": "BucketCountByEncryptionType",
           "locationName": "bucketCountByEncryptionType",
-          "documentation": "<p>The total number of buckets, grouped by default server-side encryption type. This object also reports the total number of buckets that don't encrypt new objects by default.</p>"
+          "documentation": "<p>The total number of buckets that use certain types of server-side encryption to encrypt new objects by default. This object also reports the total number of buckets that don't encrypt new objects by default.</p>"
+        },
+        "bucketCountByObjectEncryptionRequirement": {
+          "shape": "BucketCountPolicyAllowsUnencryptedObjectUploads",
+          "locationName": "bucketCountByObjectEncryptionRequirement",
+          "documentation": "<p>The total number of buckets whose bucket policies do and don't require server-side encryption of objects when objects are uploaded to the buckets.</p>"
         },
         "bucketCountBySharedAccessType": {
           "shape": "BucketCountBySharedAccessType",
           "locationName": "bucketCountBySharedAccessType",
-          "documentation": "<p>The total number of buckets that are shared with another AWS account.</p>"
+          "documentation": "<p>The total number of buckets that are and aren't shared with another AWS account.</p>"
         },
         "classifiableObjectCount": {
           "shape": "__long",
@@ -5719,6 +5763,11 @@
           "shape": "__long",
           "locationName": "unencrypted",
           "documentation": "<p>The total number of objects that aren't encrypted or use client-side encryption.</p>"
+        },
+        "unknown": {
+          "shape": "__long",
+          "locationName": "unknown",
+          "documentation": "<p>The total number of objects that Amazon Macie doesn't have current encryption metadata for. Macie can't provide current data about the encryption settings for these objects.</p>"
         }
       },
       "documentation": "<p>Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.</p>"
@@ -5991,6 +6040,11 @@
     "S3Bucket": {
       "type": "structure",
       "members": {
+        "allowsUnencryptedObjectUploads": {
+          "shape": "AllowsUnencryptedObjectUploads",
+          "locationName": "allowsUnencryptedObjectUploads",
+          "documentation": "<p>Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are uploaded to the bucket. Possible values are:</p> <ul><li><p>FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include the x-amz-server-side-encryption header and the value for that header must be AES256 or aws:kms.</p></li> <li><p>TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include the x-amz-server-side-encryption header and it doesn't require the value for that header to be AES256 or aws:kms.</p></li> <li><p>UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of objects.</p></li></ul>"
+        },
         "arn": {
           "shape": "__string",
           "locationName": "arn",
@@ -6014,7 +6068,7 @@
         "owner": {
           "shape": "S3BucketOwner",
           "locationName": "owner",
-          "documentation": "<p>The display name and account identifier for the user who owns the bucket.</p>"
+          "documentation": "<p>The display name and AWS account ID for the user who owns the bucket.</p>"
         },
         "publicAccess": {
           "shape": "BucketPublicAccess",
@@ -6567,7 +6621,7 @@
         "keywords": {
           "shape": "__listOf__string",
           "locationName": "keywords",
-          "documentation": "<p>An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.</p>"
+          "documentation": "<p>An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3 - 90 characters. Keywords aren't case sensitive.</p>"
         },
         "maximumMatchDistance": {
           "shape": "__integer",
@@ -7245,4 +7299,4 @@
     }
   },
   "documentation": "<p>Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automates the discovery of sensitive data, such as PII and intellectual property, to provide you with insight into the data that your organization stores in AWS. Macie also provides an inventory of your Amazon S3 buckets, which it continually monitors for you. If Macie detects sensitive data or potential data access issues, it generates detailed findings for you to review and act upon as necessary.</p>"
-}
+}