Merge branch 'release-1.25.3'

* release-1.25.3:
  Bumping version to 1.25.3
  Update to latest models

.changes/1.25.3.json

@@ -0,0 +1,32 @@
+[
+  {
+    "category": "``auditmanager``",
+    "description": "This release adds documentation updates for Audit Manager. We provided examples of how to use the Custom_ prefix for the keywordValue attribute. We also provided more details about the DeleteAssessmentReport operation.",
+    "type": "api-change"
+  },
+  {
+    "category": "``network-firewall``",
+    "description": "AWS Network Firewall adds support for stateful threat signature AWS managed rule groups.",
+    "type": "api-change"
+  },
+  {
+    "category": "``ec2``",
+    "description": "This release adds support to query the public key and creation date of EC2 Key Pairs. Additionally, the format (pem or ppk) of a key pair can be specified when creating a new key pair.",
+    "type": "api-change"
+  },
+  {
+    "category": "``braket``",
+    "description": "This release enables Braket Hybrid Jobs with Embedded Simulators to have multiple instances.",
+    "type": "api-change"
+  },
+  {
+    "category": "``guardduty``",
+    "description": "Documentation update for API description.",
+    "type": "api-change"
+  },
+  {
+    "category": "``connect``",
+    "description": "This release introduces an API for changing the current agent status of a user in Connect.",
+    "type": "api-change"
+  }
+]

CHANGELOG.rst

@@ -2,6 +2,17 @@
 CHANGELOG
 =========
 
+1.25.3
+======
+
+* api-change:``auditmanager``: This release adds documentation updates for Audit Manager. We provided examples of how to use the Custom_ prefix for the keywordValue attribute. We also provided more details about the DeleteAssessmentReport operation.
+* api-change:``network-firewall``: AWS Network Firewall adds support for stateful threat signature AWS managed rule groups.
+* api-change:``ec2``: This release adds support to query the public key and creation date of EC2 Key Pairs. Additionally, the format (pem or ppk) of a key pair can be specified when creating a new key pair.
+* api-change:``braket``: This release enables Braket Hybrid Jobs with Embedded Simulators to have multiple instances.
+* api-change:``guardduty``: Documentation update for API description.
+* api-change:``connect``: This release introduces an API for changing the current agent status of a user in Connect.
+
+
 1.25.2
 ======
 

botocore/__init__.py

@@ -16,7 +16,7 @@
 import os
 import re
 
-__version__ = '1.25.2'
+__version__ = '1.25.3'
 
 
 class NullHandler(logging.Handler):

botocore/data/auditmanager/2017-07-25/service-2.json

@@ -234,7 +234,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p> Deletes an assessment report from an assessment in Audit Manager. </p>"
+      "documentation":"<p>Deletes an assessment report in Audit Manager. </p> <p>When you run the <code>DeleteAssessmentReport</code> operation, Audit Manager attempts to delete the following data:</p> <ol> <li> <p>The specified assessment report that’s stored in your S3 bucket</p> </li> <li> <p>The associated metadata that’s stored in Audit Manager</p> </li> </ol> <p>If Audit Manager can’t access the assessment report in your S3 bucket, the report isn’t deleted. In this event, the <code>DeleteAssessmentReport</code> operation doesn’t fail. Instead, it proceeds to delete the associated metadata only. You must then delete the assessment report from the S3 bucket yourself. </p> <p>This scenario happens when Audit Manager receives a <code>403 (Forbidden)</code> or <code>404 (Not Found)</code> error from Amazon S3. To avoid this, make sure that your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that you can use, see <a href=\"https://docs.aws.amazon.com/audit-manager/latest/userguide/security_iam_id-based-policy-examples.html#full-administrator-access-assessment-report-destination\">Assessment report destination permissions</a> in the <i>Audit Manager User Guide</i>. For information about the issues that could cause a <code>403 (Forbidden)</code> or <code>404 (Not Found</code>) error from Amazon S3, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList\">List of Error Codes</a> in the <i>Amazon Simple Storage Service API Reference</i>. </p>"
     },
     "DeleteControl":{
       "name":"DeleteControl",
@@ -4468,11 +4468,11 @@
       "members":{
         "keywordInputType":{
           "shape":"KeywordInputType",
-          "documentation":"<p> The method of input for the keyword. </p>"
+          "documentation":"<p> The input method for the keyword. </p>"
         },
         "keywordValue":{
           "shape":"KeywordValue",
-          "documentation":"<p> The value of the keyword that's used to search CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names when mapping a control data source. </p>"
+          "documentation":"<p> The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. </p> <p>If you’re mapping a data source to a rule in Config, the <code>keywordValue</code> that you specify depends on the type of rule:</p> <ul> <li> <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html\">managed rules</a>, you can use the rule identifier as the <code>keywordValue</code>. You can find the rule identifier from the <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html\">list of Config managed rules</a>.</p> <ul> <li> <p>Managed rule name: <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html\">s3-bucket-acl-prohibited</a> </p> <p> <code>keywordValue</code>: <code>S3_BUCKET_ACL_PROHIBITED</code> </p> </li> </ul> </li> <li> <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html\">custom rules</a>, you form the <code>keywordValue</code> by adding the <code>Custom_</code> prefix to the rule name. This prefix distinguishes the rule from a managed rule.</p> <ul> <li> <p>Custom rule name: my-custom-config-rule</p> <p> <code>keywordValue</code>: <code>Custom_my-custom-config-rule</code> </p> </li> </ul> </li> <li> <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html\">service-linked rules</a>, you form the <code>keywordValue</code> by adding the <code>Custom_</code> prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.</p> <ul> <li> <p>Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w</p> <p> <code>keywordValue</code>: <code>Custom_CustomRuleForAccount-conformance-pack</code> </p> </li> <li> <p>Service-linked rule name: securityhub-api-gw-cache-encrypted-101104e1</p> <p> <code>keywordValue</code>: <code>Custom_securityhub-api-gw-cache-encrypted</code> </p> </li> <li> <p>Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba</p> <p> <code>keywordValue</code>: <code>Custom_OrgConfigRule-s3-bucket-versioning-enabled</code> </p> </li> </ul> </li> </ul>"
         }
       },
       "documentation":"<p> The keyword to search for in CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names. </p>"

botocore/data/braket/2019-09-01/service-2.json

@@ -108,7 +108,7 @@
         {"shape":"InternalServiceException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Retrieves the devices available in Amazon Braket.</p>"
+      "documentation":"<p>Retrieves the devices available in Amazon Braket.</p> <note> <p>For backwards compatibility with older versions of BraketSchemas, OpenQASM information is omitted from GetDevice API calls. To get this information the user-agent needs to present a recent version of the BraketSchemas (1.8.0 or later). The Braket SDK automatically reports this for you. If you do not see OpenQASM results in the GetDevice response when using a Braket SDK, you may need to set AWS_EXECUTION_ENV environment variable to configure user-agent. See the code examples provided below for how to do this for the AWS CLI, Boto3, and the Go, Java, and JavaScript/TypeScript SDKs.</p> </note>"
     },
     "GetJob":{
       "name":"GetJob",
@@ -933,6 +933,10 @@
         "volumeSizeInGb"
       ],
       "members":{
+        "instanceCount":{
+          "shape":"InstanceConfigInstanceCountInteger",
+          "documentation":"<p>Configures the number of resource instances to use while running an Amazon Braket job on Amazon Braket. The default value is 1.</p>"
+        },
         "instanceType":{
           "shape":"InstanceType",
           "documentation":"<p>Configures the type resource instances to use while running an Amazon Braket hybrid job.</p>"
@@ -944,6 +948,11 @@
       },
       "documentation":"<p>Configures the resource instances to use while running the Amazon Braket hybrid job on Amazon Braket.</p>"
     },
+    "InstanceConfigInstanceCountInteger":{
+      "type":"integer",
+      "box":true,
+      "min":1
+    },
     "InstanceConfigVolumeSizeInGbInteger":{
       "type":"integer",
       "box":true,
@@ -1694,5 +1703,5 @@
       "exception":true
     }
   },
-  "documentation":"<p>The Amazon Braket API Reference provides information about the operations and structures supported in Amazon Braket.</p>"
+  "documentation":"<p>The Amazon Braket API Reference provides information about the operations and structures supported in Amazon Braket.</p> <p>Additional Resources:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/braket/latest/developerguide/what-is-braket.html\">Amazon Braket Developer Guide</a> </p> </li> </ul>"
 }

botocore/data/connect/2017-08-08/service-2.json

@@ -1636,6 +1636,24 @@
       ],
       "documentation":"<p>Provides summary information about the users for the specified Amazon Connect instance.</p>"
     },
+    "PutUserStatus":{
+      "name":"PutUserStatus",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/users/{InstanceId}/{UserId}/status"
+      },
+      "input":{"shape":"PutUserStatusRequest"},
+      "output":{"shape":"PutUserStatusResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Changes the current status of a user or agent in Amazon Connect. If the agent is currently handling a contact, this sets the agent's next status.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/metrics-agent-status.html\">Agent status</a> and <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/set-next-status.html\">Set your next status</a> in the <i>Amazon Connect Administrator Guide</i>.</p>"
+    },
     "ReleasePhoneNumber":{
       "name":"ReleasePhoneNumber",
       "http":{
@@ -8144,6 +8162,37 @@
       "type":"list",
       "member":{"shape":"PromptSummary"}
     },
+    "PutUserStatusRequest":{
+      "type":"structure",
+      "required":[
+        "UserId",
+        "InstanceId",
+        "AgentStatusId"
+      ],
+      "members":{
+        "UserId":{
+          "shape":"UserId",
+          "documentation":"<p>The identifier of the user.</p>",
+          "location":"uri",
+          "locationName":"UserId"
+        },
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "AgentStatusId":{
+          "shape":"AgentStatusId",
+          "documentation":"<p>The identifier of the agent status.</p>"
+        }
+      }
+    },
+    "PutUserStatusResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "Queue":{
       "type":"structure",
       "members":{

botocore/data/ec2/2016-11-15/service-2.json

@@ -686,7 +686,7 @@
       },
       "input":{"shape":"CreateKeyPairRequest"},
       "output":{"shape":"KeyPair"},
-      "documentation":"<p>Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If a key with the specified name already exists, Amazon EC2 returns an error.</p> <p>The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using <a>ImportKeyPair</a>.</p> <p>You can have up to 5,000 key pairs per Amazon Web Services Region.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html\">Amazon EC2 key pairs</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+      "documentation":"<p>Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.</p> <p>The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using <a>ImportKeyPair</a>.</p> <p>You can have up to 5,000 key pairs per Amazon Web Services Region.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html\">Amazon EC2 key pairs</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
     },
     "CreateLaunchTemplate":{
       "name":"CreateLaunchTemplate",
@@ -11325,6 +11325,10 @@
           "shape":"TagSpecificationList",
           "documentation":"<p>The tags to apply to the new key pair.</p>",
           "locationName":"TagSpecification"
+        },
+        "KeyFormat":{
+          "shape":"KeyFormat",
+          "documentation":"<p>The format of the key pair.</p> <p>Default: <code>pem</code> </p>"
         }
       }
     },
@@ -18081,6 +18085,10 @@
           "shape":"Boolean",
           "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>",
           "locationName":"dryRun"
+        },
+        "IncludePublicKey":{
+          "shape":"Boolean",
+          "documentation":"<p>If <code>true</code>, the public key material is included in the response.</p> <p>Default: <code>false</code> </p>"
         }
       }
     },
@@ -32408,6 +32416,13 @@
       ]
     },
     "KernelId":{"type":"string"},
+    "KeyFormat":{
+      "type":"string",
+      "enum":[
+        "pem",
+        "ppk"
+      ]
+    },
     "KeyNameStringList":{
       "type":"list",
       "member":{
@@ -32481,6 +32496,16 @@
           "shape":"TagList",
           "documentation":"<p>Any tags applied to the key pair.</p>",
           "locationName":"tagSet"
+        },
+        "PublicKey":{
+          "shape":"String",
+          "documentation":"<p>The public key material.</p>",
+          "locationName":"publicKey"
+        },
+        "CreateTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>If you used Amazon EC2 to create the key pair, this is the date and time when the key was created, in <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\">ISO 8601 date-time format</a>, in the UTC time zone.</p> <p>If you imported an existing key pair to Amazon EC2, this is the date and time the key was imported, in <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\">ISO 8601 date-time format</a>, in the UTC time zone.</p>",
+          "locationName":"createTime"
         }
       },
       "documentation":"<p>Describes a key pair.</p>"